阅读说明：本技术 门禁控制 (Access control ) 是由 丹尼尔·安德松 英厄马尔·拉松 于 2021-05-18 设计创作，主要内容包括：本发明涉及门禁控制,以用于在门处出示凭证(108)时控制门(102)的解锁。凭证中继单元(112)和锁控制器(114)安装在门的附近。凭证中继单元将接收到的凭证传输到预先配置的第一网络地址,并且另外将唤醒信号(122)传输到锁控制器,锁控制器在接收到唤醒信号时,将对指令的请求(126)传输到预先配置的第二网络地址。响应于该请求,锁控制器接收解锁指令或无动作指令(128a,128b),并且在接收到解锁指令的情况下,锁控制器传输解锁信号(132)。(The invention relates to a door access control for controlling the unlocking of a door (102) when a credential (108) is presented at the door. A credential relay unit (112) and lock controller (114) are mounted in proximity to the door. The credential relay unit transmits the received credential to a pre-configured first network address and additionally transmits a wake-up signal (122) to the lock controller, which upon receiving the wake-up signal transmits a request (126) for instructions to a pre-configured second network address. In response to the request, the lock controller receives an unlock command or no action command (128a, 128b), and in the event that an unlock command is received, the lock controller transmits an unlock signal (132).)

1. An access control system for controlling unlocking of a door upon presentation of a credential at the door, the access control system comprising a credential relay unit and a lock controller mounted in the vicinity of the door,

wherein the credential relay unit comprises an input interface and a first network interface,

wherein the credential relay unit is configured to receive credentials via the input interface and to transmit credentials via the first network interface to a pre-configured first remote network address in response to receiving credentials via the input interface,

wherein the credential relay unit and the lock controller have a local communication interface and the credential relay unit is configured to transmit a wake-up signal to the lock controller via the local communication interface in response to receiving a credential via the input interface, and wherein the credential relay unit is configured not to transmit a credential or an unlocking instruction to the lock controller,

wherein the lock controller comprises a second network interface and is configured to transmit a request for instructions to a pre-configured second remote network address via the second network interface and to receive an unlock instruction or a no action instruction via the second network interface in response to receiving the wake-up signal,

wherein the lock controller comprises a lock control interface and is configured to transmit a signal to unlock the door via the lock control interface in response to receiving an unlock instruction via the second network interface,

wherein the system further comprises a remote authorization server, and wherein the preconfigured first network address and the preconfigured second network address point to the remote authorization server.

2. The access control system of claim 1, wherein the credential relay unit is configured to wait for receipt of a reply to the credential sent via the first network interface prior to transmitting the wake-up signal.

3. The access control system of claim 1, wherein the local communication interface is a low power, low bandwidth interface.

4. The access control system of claim 1, wherein the lock controller is configured to power up upon receiving the wake-up signal and to power down after transmitting the signal to unlock the door.

5. The access control system of claim 4, wherein the lock controller is configured to power up the second network interface upon receiving the wake-up signal and to power down the second network interface after receiving the unlock instruction or the no-action instruction.

6. The access control system of claim 1, wherein at least one of the lock controller and the credential relay unit is powered by one or more of: solar cells, battery packs and energy harvesting units.

7. The access control system of claim 1, wherein the remote authorization server is configured to compare the received credential to a set of access rights associated with the credential and determine whether the received credential is associated with an access right to unlock the door.

8. The access control system of claim 1, wherein the credential relay unit is connected to a credential reader via the credential input interface.

9. The access control system of claim 8, wherein the credential reader comprises at least one of: proximity readers, smart card readers, bar code readers, magnetic readers, biometric readers, and keypads.

10. A method of controlling unlocking of a door upon presentation of a credential at the door, the method comprising:

a credential relay unit receives the credential and transmits the credential to a preconfigured first network address,

the credential relay unit transmits a wake-up signal to the lock controller without transmitting a credential or an unlock instruction to the lock controller,

the lock controller transmitting a request for instructions to a pre-configured second network address and receiving an unlock instruction or no action instruction from the second network address in response to the wake-up signal,

when receiving an unlocking instruction, the lock controller transmits a signal for unlocking the door,

wherein the preconfigured first network address and the preconfigured second network address point to a remote authorization server.

11. The method of claim 10, further comprising: the credential relay unit waits for receipt of a reply to the credential sent to the preconfigured first network address before transmitting the wake-up signal.

12. The method of claim 10, further comprising:

said lock controller being powered on upon receipt of said wake-up signal, an

Powering down after transmitting the signal to unlock the door.

13. The method of claim 10, further comprising: comparing, by the remote authorization server, the transmitted credential to a set of access rights associated with the credential and determining whether the credential is associated with an access right to unlock the door.

Technical Field

The present invention relates to the field of access control. In particular, the present application relates to controlling unlocking of a door when a credential is presented at the door.

Background

An access control system that controls unlocking of a door is applied to many different locations such as offices, educational facilities, and warehouses. There are many different variations on how credentials can be presented at a door, how the validity of such credentials is checked, and how the door lock is controlled to open when the presented credentials are determined to be valid.

Some available solutions rely on a local door controller that maintains a list of valid credentials for unlocking the door. Such a door controller is mounted in the vicinity of the door to be controlled and is connected to one or more doors and a card reader. When the access card is presented to the card reader, the card reader sends the relevant information of the access card to the door controller, and the door controller checks whether the access card voucher is effective for opening the door. If the credential is listed as valid in the door controller, the door controller controls unlocking of the door.

In addition, the local door controller may be connected to the access control server, or may be reached directly via a software program over a network connection, in order to allow the security operator to keep up-to-date lists of valid credentials. Examples of such units are the AXIS A1001 and AXIS A1601 net door controllers offered by AXIS Communications AB (AXIS Communications AB) corporation.

Although this existing solution works well, there is still room for improvement.

Disclosure of Invention

It is an object of the present invention to provide an improved access control system which enables remote checking of credentials, allowing the use of less complex units closer to the door. Furthermore, it would be advantageous to provide an access control system which separates to a higher degree the receipt of credentials from the checking of the validity of these credentials in order to further improve tamper resistance and security.

According to a first aspect, these and other objects are achieved, in whole or in part, by an access control system for controlling unlocking of a door upon presentation of a credential at the door, the access control system comprising a credential relay unit and a lock controller mounted in proximity to the door,

wherein the credential relay unit comprises an input interface and a first network interface,

wherein the credential relay unit is configured to receive the credential via the input interface and to transmit the credential to the preconfigured first remote network address via the first network interface in response to receiving the credential via the input interface,

wherein the credential relay unit and the lock controller have a local communication interface and the credential relay unit is configured to transmit a wake-up signal to the lock controller via the local communication interface in response to receiving the credential via the input interface,

wherein the lock controller comprises a second network interface and is configured to transmit a request for instructions to a pre-configured second remote network address via the second network interface and to receive an unlock instruction or a no action instruction via the second network interface in response to receiving the wake-up signal,

wherein the lock controller comprises a lock control interface and is configured to transmit a signal to unlock the door via the lock control interface in response to receiving an unlocking instruction via the second network interface.

By isolating the lock control function in a unit with limited capabilities, a better tamper resistance can be established and the access control system becomes safer. The ability of the lock controller is limited because the communication with the other units is trigger-based, meaning that the communication from the lock controller is only initiated when the lock controller receives a wake-up signal, or in other words, triggered by a signal issuing a request for instructions. Furthermore, the fact that the communication is limited to be performed using the pre-configured second network address further improves the security. The lock controller does not have an open input communication interface that can be accessed to tamper with the door lock. More importantly, the lock controller does not make any decision to control the lock alone, but only takes action in accordance with the access control command (unlock/no action) received via the second network interface in response to the request for instructions.

In other words, by moving the checking of the validity of the voucher away from the edge, i.e. from the vicinity of the door, and by separating the reception of the voucher on the one hand and the reception of the request and the instruction to unlock on the other hand in different units, i.e. the voucher relay unit and the lock controller, a better tamper resistance is established and the system becomes more secure. Avoiding the local saving of data on access privileges and credentials at the credential relay unit or lock controller also improves the security of the access control system.

Furthermore, since the two units (lock controller and credential relay unit) that are part of the access control system require only limited functionality, they can also be made inexpensive and energy efficient. The cells also have similar functions, giving them a similar, if not identical, structure. In fact, the two units may have the same structure, but are configured for their respective tasks during installation. The preconfigured first network address and the preconfigured second network address also make the system easy to install and increase security by ensuring that there are no open IP ports on the lock controller or credential relay unit through which tampering may be attempted.

The credential relay unit may be configured to wait for receipt of a reply to the credential sent via the first network interface before transmitting the wake-up signal. In this way there will be no unnecessary wake-up signal sent from the credential relay unit to the lock controller, which in turn means that there will be fewer or unnecessary requests for instructions sent from the lock controller. This is advantageous as it may save power in the lock controller, e.g. by avoiding activation of the second network interface when not needed.

The local communication interface may be a low power, low bandwidth interface. This saves power in the credential relay unit and the lock controller, which is particularly advantageous in cases where one or both of the credential relay unit and the lock controller are powered by a battery or other type of limited power source.

The lock controller may be configured to power up upon receipt of the wake-up signal and to power down after transmission of the signal to unlock the door in order to reduce power consumption in the lock controller.

In particular, the lock controller may be configured to power up the second network interface upon receiving the wake-up signal and to power down the second network interface after receiving the unlock instruction or the no-action instruction. This is a convenient and easy to implement way of reducing power consumption in the lock controller.

At least one of the lock controller and the credential relay unit may be powered by one or more of: solar cells, battery packs and energy harvesting units. This simplifies the installation of the access control system, since no power outlets need to be provided when a power supply independent of the power grid is used.

The preconfigured first network address and the preconfigured second network address may be directed to a remote authorization server. The remote authorization server may be configured to compare the received credential to a set of access rights associated with the credential and determine whether the received credential is associated with an access right to unlock the door. This means that it is no longer necessary to provide this functionality in the credential relay unit or lock controller, thereby reducing the functional requirements of these units.

The credential relay unit may be connected to the credential reader via a credential input interface. The credential relay unit and the credential reader may be provided as separate physical units or they may be built into one and the same physical unit.

The credential reader may comprise at least one of: proximity readers, smart card readers, bar code readers, magnetic readers, biometric readers, and keypads.

According to a second aspect, the above discussed and other objects are achieved, in whole or at least in part, by a method of controlling unlocking of a door upon presentation of a credential at the door, comprising:

the credential relay unit receives the credential and transmits the credential to the preconfigured first network address,

the credential relay unit transmits a wake-up signal to the lock controller,

the lock controller transmits a request for instructions to the preconfigured second network address and receives an unlock instruction or no action instruction from the preconfigured second network address in response to the wake-up signal,

when receiving the unlocking instruction, the lock controller transmits a signal for unlocking the door.

The embodiments discussed above and the advantages discussed in connection with the first aspect also apply to the second aspect.

Further scope of applicability of the present invention will become apparent from the detailed description given hereinafter. It should be understood, however, that the detailed description and the specific examples, while indicating preferred embodiments of the invention, are given by way of illustration only, since various changes and modifications within the scope of the invention will become apparent to those skilled in the art from this detailed description.

Thus, it is to be understood that this invention is not limited to the particular components of the described systems or steps of the described methods, as the systems and methods may vary. It is also to be understood that the terminology used herein is for the purpose of describing particular embodiments only, and is not intended to be limiting. It must be noted that, as used in the specification and the appended claims, the articles "a," "an," "the," and "said" are intended to mean that there are one or more of the elements, unless the context clearly dictates otherwise. Thus, for example, reference to "a unit" or "the unit" may include several units, and the like. Furthermore, the word "comprising" does not exclude other elements or steps.

Drawings

The invention will now be described in more detail, by way of example, and with reference to the accompanying schematic drawings, in which:

fig. 1 illustrates an access control system configured to control unlocking of a door.

Fig. 2 illustrates a credential relay unit.

Fig. 3 illustrates a lock controller.

Fig. 4 is a flowchart illustrating an entrance guard control method.

Detailed Description

Fig. 1 illustrates an access control system 100 mounted near a door 102 and configured to control unlocking of a lock 104 at the door 102. The credential reader 106 is mounted beside the door. The credential reader 106 reads the credential 108 presented to it. The credentials 108 may be read from, for example, an access card 110, but many different alternatives exist.

In short, the credential reader can be any type of reader capable of receiving an input credential in a selected format. The credential reader may also support a combination of different credential input options. A common variant of such a combination would be a card reader with a keypad for entering a number code. The credential reader may comprise a proximity reader, such as in the form of an RFID reader, and the credential may be presented via a card or some type of mobile device having an RFID, NFC, or any other type of proximity-based chip. The credential reader may also be a smart card reader and the credentials may be presented via a smart card. The credential reader may be a magnetic reader and the credential may be presented via a magnetic stripe card. The credential reader may also be a barcode reader configured to read one or more types of barcodes, including QR codes. The barcode may be presented on a card, paper, or a display of the mobile device, for example. The credential reader may also comprise some sort of biometric reader, which may be in the form of a fingerprint reader, an eye scanner, an iris scanner or a retina scanner, which may include a microphone or camera with voice or speech recognition capabilities, for example. The camera may comprise or be connected to another unit with analysis software or hardware for performing facial recognition, gait recognition or recognition of any other biometric data that can be used as a credential. When using a biometric reader, the credentials are typically in the form of one or more characteristics of the person presenting themselves to the credential reader.

The access control system 100 includes a credential relay unit 112 and a lock controller 114, the credential relay unit 112 and the lock controller 114 being illustrated in more detail in fig. 2 and 3, respectively. As shown in fig. 2, the credential relay unit 112 has an input interface 116 (e.g., in the form of a standard Wiegand connection) where the credentials 108 are received, and a first network interface 118 (e.g., in the form of a wired or wireless LAN connection or a cellular network connection) where the received credentials 108 are sent to a preconfigured first remote network address.

In addition, the credential relay unit 112 has a local communication interface 120 that connects the credential relay unit 112 to the lock controller 114. The wake-up signal 122 may be sent from the credential relay unit 112 to the lock controller 114 via the local communication interface 120. The wake-up signal 122 may also be represented as a trigger signal or simply a trigger.

The local communication interface 120 is typically a low power, low bandwidth interface, and typically chooses to use some type of interface employed in the mesh network (e.g., Zigbee or Z-wave). However, any type of connection, whether wired or wireless, suitable for the purpose of transmitting the wake-up signal 122 may be used. Some examples include communication via bluetooth, BLE (bluetooth low energy), IR (infrared light), VLC (visible light communication), audio/sound or ultrasound communication or electrical impulses transmitted via a wired interface. The credential relay unit 112 and the lock controller 114 may also be mounted within the same unit or housing. Typically, in this case, a wired interface based on electrical impulses may be used.

The lock controller 114 has a second network interface 124 (e.g., in the form of a wired or wireless LAN connection or to a cellular network) where the request 126 for instructions is sent to a preconfigured second remote network address and where the unlock instruction 128a or no action instruction 128b is received. In addition, the lock controller 114 has a lock control interface 130 (typically a wire) in which an unlock signal 132 is transmitted to unlock the lock 104 at the door 102.

The credential relay unit 112 or the lock controller 114 or both are typically co-powered by some power source independent of the power grid in order to simplify their installation. A battery pack, solar cell, or some type of energy harvesting unit are examples of power sources that may be used to power one or both of the credential relay unit 112 and the lock controller 114. Alternatively, one or both of the units may be connected to a conventional power outlet or may also be powered by power over ethernet (PoE), if deemed appropriate in a particular installation. If PoE is used, the first network connection and the second network connection may also be ethernet connections powered via PoE.

In many cases, at least the lock controller 114, and possibly the credential relay unit 112, will be configured to be in a sleep mode when no input is received. The sleep mode may also be denoted as an idle mode or a power down mode. The term state may be used in place of mode. The lock controller 114 will typically be configured to wake up from the sleep mode upon receiving the wake-up signal 122. The credential relay unit 112 may be configured to wake up upon receiving the credential 108. The use of a sleep mode will save power and extend the life of any limited power source. The sleep mode may, for example, indicate that the first network connection or the second network connection is powered down, such as powering down a radio module used to provide wireless network connectivity for the first network interface or the second network interface, respectively, by, for example, suspending any activity related to wireless operation. Other power conservation and shutdown schemes may also be considered as long as power is conserved while still allowing for the receipt of the wake-up signal at the lock controller and receipt of the credential at the credential relay unit.

Returning to fig. 1, a typical case in which an access control system is used will now be explained. First, credentials 108 are presented to the credential reader 106, for example, in the form of an access card 110. This first step is indicated in fig. 1 by the symbol with the circled number 1. The credentials 108 are then transmitted to the credential relay unit 112 via the input interface 116, as shown at numeral 2 in fig. 1.

In response to receiving the credentials 108, the credential relay unit 112 transmits the credentials 108 via the first network interface 118 to a preconfigured first remote network address that is somehow directed to the remote authorization server 134. This step is indicated at numeral 3 in fig. 1. The connection to the remote authorization server 134 may be set up, for example, via some kind of gateway, for example, using the O3C protocol. The remote authorization server 134 may be, for example, a cloud-based server.

The remote authorization server 134 contains a group or list of access rights to different doors or groups of doors associated with various credentials, or in other words, a database or table 136 that connects the access rights to the credentials. The remote authorization server 134 optionally acknowledges receipt by transmitting an acknowledgement message to the credential relay unit 112 in response to receiving the credential 108.

In addition, in response to receiving the credentials 108, the credential relay unit 112 transmits a wake-up signal 122 to the lock controller 114 via the local communication interface 120. This step is indicated by the numeral 4 in fig. 1. An optional reply message or some other information from remote authorization server 134 may additionally be awaited before sending wake-up signal 122 to lock controller 114. In the case where a reply message is implemented, the credential relay unit 112 will typically attempt to resend the credential 108 after a certain time has elapsed without a reply message from the remote authorization server 134.

Upon receiving the wake-up signal 122, the lock controller 114 will send a request 126 for instructions to a pre-configured second remote network address via the second network interface 124. The preconfigured second remote network address is also directed to the remote authorization server 134 in the same manner as the first remote network address. The first remote network address and the second remote network address may be the same, for example. This step is indicated by numeral 5 in fig. 1.

The remote authorization server 134 will check through the access control table 136 whether the credential 108 previously received from the credential relay unit 112 is valid to unlock the door 102. This check may also have been performed when the credential 108 was received from the credential relay unit 112.

As will be apparent to those skilled in the art, some other checks may be implemented, such as checking that the credential 108 is received from the same door as the door for which the lock controller 114 requested the instruction. Some type of metadata may be used to tag the credential 108 with information about which credential reader 106 to receive the credential from (i.e., which door 102 the holder of the credential 108 requests access to). The indicia may be implemented generally in the credential reader 106 or the credential relay unit 112. Various timers may also be implemented to ensure that there is a significant time span between receipt of the credentials 108 and the request for instructions 126 at the remote authorization server 134 and without undue delay. An excessively short time span or an excessively long delay may indicate that the last received credential 108 is not relevant to the current request 126 for instructions, e.g., due to some network error or tampering attempt.

In the event that the credential 108 is deemed valid, an instruction 128a for unlocking the lock 104 on the door 103 is sent back to the lock controller 114 via the second network interface 124, as indicated by numeral 6 in FIG. 1. If the credential 108 is not deemed valid, the no action instruction 128b is sent instead. It may be noted that if no unlock instruction is received, the lock controller will not unlock the door regardless of whether no action instruction has been received. Thus, the lock controller will not unlock the lock 104 on the door 103 unless an active unlock decision is made and the lock controller 114 receives instructions in this regard.

When the lock controller 114 receives the unlock command 128a, it will continue to control the lock 104 to unlock. To do so, an unlock signal 132 is sent to the lock 104 via the lock control interface 130. This will cause the lock 104 to unlock and the door 102 can now be opened. Upon receiving the no action command 128b, no further action is typically generated and the lock controller 114 may power down to enter the sleep mode, for example, after a set time.

As will be appreciated by those skilled in the art, additional information flow involving the access control system may also be implemented, for example, to allow the credential reader 106 to receive information that the lock 104 is unlocked or that a valid credential has not yet been presented, so that this information may be presented on the credential reader 106 to provide notification to a person waiting for entry. There are a number of ways to accomplish this information provision, such as directly from the door lock 104 to the credential reader 106 via the lock controller 114 and credential relay unit 112 or even including the remote authorization server 134. Since the provision of this information is not relevant to the present invention, further details will be omitted.

In fig. 4, a flow chart illustrating a method 400 including the access control system 100 is shown. At step 402, credentials are received at a credential relay unit. At step 404, the credentials are transmitted to a preconfigured first network address. At step 406, a wake-up signal is sent from the credential relay unit to the lock controller, and at step 408, the lock controller transmits a request for instructions to the pre-configured second network address. In the next step, the lock controller receives an unlock command in step 410b, or a no action command in step 410 b. In the case where an unlock instruction is received, the next step 412 is for the lock controller to transmit an unlock signal. If the no-action command is received, no unlock signal or other signal is sent. In the case where the lock controller is set to the sleep mode, this mode may be initiated upon receipt of such a no-action command. The process from receiving the credentials at the credential relay unit to receiving the unlock instruction or no action instruction at the lock controller takes up to 3-5 seconds, typically less.

In summary, the present application is directed to access control for controlling unlocking of a door when a credential is presented at a doorway. The credential relay unit and the lock controller are mounted in the vicinity of the door. The credential relay unit transmits the received credential to a pre-configured first network address and additionally transmits a wake-up signal to the lock controller, which upon receiving the wake-up signal transmits a request for instructions to a pre-configured second network address. In response to the request, the lock controller receives an unlock or no action command and, in the event that an unlock command is received, the lock controller transmits an unlock signal.

The person skilled in the art realizes that the present invention by no means is limited to the preferred embodiments described above. On the contrary, many modifications and variations are possible within the scope of the appended claims. For example, the reply message or signal may be implemented at various nodes in the access control system and its connected units, according to principles known in the art. Further, the access control system may also be configured to have a backup process when the connection to the authorization server is lost. At this point, the credential relay unit may be configured to send the credential to the lock controller, and then the lock controller may make an independent unlocking decision, e.g., based on the credential being recently deemed valid by the server and thus likely still valid. This backup solution also requires the lock controller to maintain a list of valid credentials that have been recently used.

Reference numerals