System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

US 7,706,778 B2
Filed: 04/03/2006
Issued: 04/27/2010
Est. Priority Date: 04/05/2005
Status: Active Grant

- Alert
- Pin

Associated Case

Associated Defendants

First Claim

Patent Images

1. A method of remotely maintaining a secure access system, comprising:

receiving, at a secure access system controller, a credential update for at least one user of the secure access system;

in response to receiving the credential update, said controller automatically initiating a system update process, the system update process comprising;

generating a message comprising information representing the credential update;

determining at least one target for said message, wherein said at least one target comprises at least one mobile device associated with the at least one user; and

transmitting said message to said at least one target; and

wherein said at least one mobile device has a first set of credential data stored thereon, wherein upon receiving said message from said controller, said first set of credential data is changed to a second different set of credential data, wherein said message is transmitted to said at least one mobile device without receiving a request for said message from said at least one user, wherein said at least one mobile device is a smart mobile device, wherein said first set of credential data comprises self-authenticating data, wherein said second set of credential data comprises different self-authenticating data, and wherein said self-authenticating data enables said at least one mobile device to make a determination of its own access rights with respect to an asset.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

2 Petitions

Accused Products

Abstract

The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system.

139 Citations

42 Claims

1. A method of remotely maintaining a secure access system, comprising:
- receiving, at a secure access system controller, a credential update for at least one user of the secure access system;
  
  in response to receiving the credential update, said controller automatically initiating a system update process, the system update process comprising;
  
  generating a message comprising information representing the credential update;
  
  determining at least one target for said message, wherein said at least one target comprises at least one mobile device associated with the at least one user; and
  
  transmitting said message to said at least one target; and
  
  wherein said at least one mobile device has a first set of credential data stored thereon, wherein upon receiving said message from said controller, said first set of credential data is changed to a second different set of credential data, wherein said message is transmitted to said at least one mobile device without receiving a request for said message from said at least one user, wherein said at least one mobile device is a smart mobile device, wherein said first set of credential data comprises self-authenticating data, wherein said second set of credential data comprises different self-authenticating data, and wherein said self-authenticating data enables said at least one mobile device to make a determination of its own access rights with respect to an asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the system update process further comprises transmitting said message to at least one of a reader and a database.
  - 3. The method of claim 1, wherein said first set of credential data has at least one of a key, password, unique ID, encryption scheme, and transmission protocol that is different in said second set of credential data.
  - 4. The method of claim 1, further comprising, in the event that said at least one mobile device does not receive said message and is subsequently presented to a reader, determining, by said reader, that said at least one mobile device is invalid.
  - 5. The method of claim 1, wherein said credential updates are received at the controller on a periodic basis.
  - 6. The method of claim 1, further comprising:
    - receiving said message at said at least one mobile device; and
      
      modifying at least a portion of memory of said at least one mobile device according to said updated credential information.
  - 7. The method of claim 6, wherein said modifying comprises at least one of disabling and revoking at least a portion of said memory.
  - 8. The method of claim 6, further comprising:
    - disabling at least a portion of said memory unless an enabling message is received.
  - 9. The method of claim 1, further comprising de-enrolling a user of at least one mobile device from an access list, wherein said credential update is generated in response to de-enrolling said user from said access list.
  - 10. The method of claim 1, wherein said message is transmitted over a cellular communication network.
  - 11. The method of claim 1, wherein said message is transmitted by at least one of a radio frequency signal and a near field communication signal.
  - 12. The method of claim 1, further comprising:
    - presenting said at least one mobile device to a reader;
      
      generating a second message comprising information related to said at least one mobile device being presented to said reader; and
      
      sending said second message to at least one of a database, controller, and another mobile device.
  - 13. The method of claim 12, wherein said second message is sent via a short message service (SMS) message.
  - 14. The method of claim 1, wherein said credential update is pushed toward said at least one mobile device without any solicitation by said at least one mobile device or a user of said at least one mobile device.
  - 15. The method of claim 1, further comprising:
    - determining, by said at least one mobile device, that said at least one mobile device is not allowed access to the asset; and
      
      in response to determining that said at least one mobile device is not allowed access to the asset, performing one of the following substeps;
      
      (i) sending a signal back to a reader; and
      
      (ii) doing nothing.

16. A secure access system, comprising:
- at least one mobile device comprising memory, wherein said memory comprises credential information;
  
  a controller that is operable to receive a credential update for at least one user of the secure access system and in response to receiving the credential update automatically initiate a system update process, wherein during the system update process the controller is operable to automatically cause a message to be generated that comprises said updated credential, and cause said message to be transmitted to said at least one mobile device associated with said at least one user, wherein credential information on said memory is altered in response to receiving said message, wherein said credential update is initiated by an entity other than said at least one user, wherein said at least one mobile device is a smart mobile device, wherein said credential information comprises self-authenticating data, wherein said self-authenticating data is altered, and wherein said self-authenticating data enables said at least one mobile device to make a determination of its own access rights with respect to an asset.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 17. The system of claim 16, further comprising:
    - at least one reader for determining an authenticity of said at least one mobile device; and
      
      a database for maintaining information related to said system, wherein said controller is further operable to cause a second message to be generated that comprises said updated credential and cause said second message to be transmitted to at least one of said reader and said database.
  - 18. The system of claim 17, wherein, in the event that said at least one mobile device does not receive said message, credentials of said at least one mobile device become obsolete.
  - 19. The system of claim 18, wherein, upon presentation of said at least one mobile device to said at least one reader, the authenticity of said at least one mobile device is determined to be invalid.
  - 20. The system of claim 16, wherein said credential information altered on said memory comprises at least one of a key, password, unique ID, encryption scheme, and transmission protocol.
  - 21. The system of claim 16, wherein credential updates are received at said controller on a periodic basis.
  - 22. The system of claim 16, wherein credential information on said memory is at least one of disabled and revoked in response to receiving said message.
  - 23. The system of claim 16, wherein said mobile device comprises a timing-out mechanism, wherein said timing-out mechanism is operable to disable said memory unless an enabling message is received from said controller.
  - 24. The system of claim 16, wherein said controller causes said message to be transmitted to said mobile device via at least one of a global system for mobile communications, a digital cellular system, and a personal communications system.
  - 25. The system of claim 16, wherein said at least one mobile device is at least one of a cellular phone, and personal digital assistant.
  - 26. The system of claim 16, wherein said credential update is initiated in response to de-enrolling at least one user from a list of authorized users.
  - 27. The system of claim 16, wherein said at least one mobile device comprises a plurality of mobile devices, and wherein credential information in each one of the plurality of mobile devices is altered.
  - 28. The system of claim 16, wherein said at least one mobile device comprises a plurality of mobile devices, and wherein credential information in less than all of the plurality of mobile devices is altered.
  - 29. The system of claim 16, wherein said message is transmitted via at least one of a radio frequency and near field communication signal.
  - 30. The system of claim 16, wherein said message is transmitted via a cellular communications network.
  - 31. The system of claim 16, wherein said credential update is pushed toward said at least one mobile device without any solicitation by said at least one mobile device or a user of said at least one mobile device.
  - 32. The system of claim 16, wherein said at least one mobile device is adapted to make a self-determination that it is not allowed access to the asset and, in response to determining that it is not allowed access to the asset, either (i) send a signal indicating the self-determination or (ii) do nothing.

33. A mobile device for use by a user in a secure access system, comprising:
- a memory, wherein said memory comprises credential information; and
  
  an interface operable to communicate with a reader and further operable to receive messages relating to updated-credential information, wherein, upon receipt of a first message, said credential information for the user is automatically changed from a first state to a second state, wherein said messages relating to updated-credential information are received without said at least one user transmitting a request for said messages, wherein said credential information comprises self-authenticating data, wherein said self-authenticating data is different between said first state and said second state, and wherein said self-authenticating data enables said mobile device to make a determination of its own access rights with respect to an asset.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 34. The device of claim 33, wherein, in the event that said first message is not received, said credential information is maintained in said first state and as a result becomes obsolete.
  - 35. The device of claim 34, wherein said reader is operable to determine an authenticity of said mobile device based at least in part upon said credential information, and upon presentation of said mobile device to said reader, the authenticity of said mobile device is determined to be invalid.
  - 36. The device of claim 33, wherein said reader is associated with a controller and the controller is operable to determine an authenticity of said mobile device based at least in part upon said credential information.
  - 37. The device of claim 36, wherein said reader is operable to determine an authenticity of said mobile device based at least in part upon said credential information.
  - 38. The device of claim 33, wherein said credential information comprises at least one of a key, password, unique ID, encryption scheme, and transmission protocol.
  - 39. The device of claim 33, wherein said at least one of a key, password, unique ID, encryption scheme, and transmission protocol is different in said first state than in said second state.
  - 40. The device of claim 33, further comprising a timing-out mechanism, wherein said timing-out mechanism is operable to disable said memory unless an enabling message is received.
  - 41. The device of claim 33, wherein a near field communications protocol is used by said first interface to communicate with said reader.
  - 42. The device of claim 33, wherein said mobile device is adapted to make a self-determination that it is not allowed access to the asset and, in response to determining that it is not allowed access to the asset, either (i) send a signal indicating the self-determination or (ii) do nothing.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Lowe, Peter R.
Primary Examiner(s)
Appiah; Charles N
Assistant Examiner(s)
DOAN, KIET M

Application Number

US11/397,542
Publication Number

US 20060224901A1
Time in Patent Office

1,485 Days
Field of Search

713/200, 713/201, 713/158, 455/403, 455/461, 455/414, 455/412, 455/411, 705/1
US Class Current

455/411
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G07C 9/20   involving the use of a pass

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 4/023   using mutual or relative lo...

H04W 4/80   Services using short range ...

H04W 48/04   based on user or terminal l...

H04W 88/02   Terminal devices

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

1 Assignment

Litigations

2 Petitions

Accused Products

Abstract

139 Citations

42 Claims

Specification

Use Cases

Quick Links

Others

System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

139 Citations

42 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others