Search

EP-4742104-A2 - PHYSICAL ACCESS CONTROL SYSTEM WITH LOCALIZATION-BASED INTENT DETECTION

EP4742104A2EP 4742104 A2EP4742104 A2EP 4742104A2EP-4742104-A2

Abstract

Systems and techniques for a physical access control systems with localization-based intent detection are described herein. In an example, an access control system may regulate access to an asset. The access control system is adapted to establish a first connection with a key-device. The access control system may be further adapted to receive a credential for a user over the first connection. The access control system may be further adapted to establish a second connection with the key-device. The access control system may be further adapted to determine an intent of the user to access the asset. The access control system may use location data derived from the second connection to determine the intent of the user. The access control system may be further adapted to provide the credential to an access controller, based on identifying an intent of the user to access the asset.

Inventors

  • PIRCH, HANS-JUERGEN
  • EINBERG, FREDRIK CARL STEFAN
  • JONSSON, TOMAS LARS
  • PREVOST, Sylvain Jacques
  • STEFFL, Jan
  • FRANK, Hans Gunnar

Assignees

  • ASSA ABLOY AB

Dates

Publication Date
20260513
Application Date
20200324

Claims (14)

  1. A method of regulating access to an asset in an access control system, the method comprising: establishing (502), by a reader (110; 210) of the access control system, a first wireless connection with a key-device (230; 240) using a low power communication protocol; receiving (504), at the reader (110; 210), a credential for a user of the key device (230, 240) over the first wireless connection; establishing (506), by the reader (110; 210), a second wireless connection with the key-device (230; 240) using Ultra-Wideband (UWB); determining the user intends to access the asset based on the second wireless connection, wherein determining the user intends to access the asset comprises: determining a set of location points of the key-device (230; 240) using the second wireless connection; calculating a probability the user will access the asset using the set of location points; and determining the probability exceeds a predetermined threshold; providing (508), by the reader (110; 210), the credential to an authorization service for validation in response to determining the user intends to access the asset; and receiving a validation indication from the authorization service and permitting access to the asset.
  2. A method of regulating access to an asset in an access control system, the method comprising: establishing (502), by a reader (110; 210) of the access control system, a first wireless connection with a key-device (230; 240) using a low power communication protocol; receiving (504), at the reader (110; 210), a credential for a user of the key device (230, 240) over the first wireless connection; providing, by the reader (110; 210), the credential to an authorization service of the access control system for validation; establishing, by the reader (110; 210), a second wireless connection with the key-device (230; 240) using Ultra-Wideband (UWB) in response to receiving a validation indication from the authorization service; determining the user intends to access the asset based on the second wireless connection, wherein determining the user intends to access the asset comprises: determining a set of location points of the key-device (230; 240) using the second wireless connection; calculating a probability the user will access the asset using the set of location points; and determining the probability exceeds a predetermined threshold; and permitting access to the asset in response to determining the user intends to access the asset.
  3. The method of claim 1 or 2, wherein the first connection is Bluetooth Low Energy.
  4. The method of any one of the preceding claims, wherein the asset is a physical location.
  5. The method of any one of claim 1 to 3, wherein the asset is an electronic device.
  6. The method of any one of the preceding claims, further comprising monitoring a location of the key-device (230; 240) using the second wireless connection.
  7. The method of claim 1, wherein determining the probability exceeds a predetermined threshold comprises determining the probability meets a first intent threshold, and wherein permitting access to the asset comprises determining the user meets a second intent threshold.
  8. The method of claim 7, wherein the first intent threshold is lower than the second intent threshold.
  9. The method of any one of the preceding claims, wherein: the key-device (230; 240) is a physical card with an integrated circuit; or the key-device (230; 240) is a mobile device.
  10. The method of any one of the preceding claims, further comprising storing the credential in cache memory (220), and optionally, wherein providing the credential to the authorization service comprises transferring (508) the credential from the cache memory (220).
  11. The method of claim 10, further comprising removing the credential from the cache memory (220), and optionally, wherein removing the credential from the cache memory (220) is based on: losing the second connection with the key-device (230; 240); and/or an elapsing of a predetermined time.
  12. The method of any one of the preceding claims, wherein determining the user intends to access the asset is based in part on sensor data collected from a sensor of the key-device (230; 240).
  13. The method of any one of the preceding claims, wherein the authorization service is local to the reader.
  14. The method of any one of the preceding claims, wherein the authorization service is networked with the reader.

Description

TECHNICAL FIELD Embodiments described herein generally relate to physical access control systems and more specifically to physical access control systems having credential location detection capabilities. BACKGROUND Physical access to an area, such as through a doorway, may be controlled by an electronic physical access control system (PACS). A person may have a keycard or mobile device to provide their credentials to the PACS. The environment for the PACS may vary with the number of people that may be provided access and the number of entry points. For example, a building for a company may have a single point of entry which provides entry access for all employees. Within that building, there may be multiple offices and private meeting rooms which provide entry access for select employees. Another example may be a hotel which has many entry points for each room, but each room may only be accessed by a select individual. BRIEF DESCRIPTION OF THE DRAWINGS In the drawings, which are not necessarily drawn to scale, like numerals may describe similar components in different views. Like numerals having different letter suffixes may represent different instances of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document. FIG. 1 illustrates an example of a user interacting with a PACS, in accordance with some embodiments.FIGS. 2A-2D illustrate an example for key devices interacting with the PACS, in accordance with some embodiments.FIG. 3 illustrates an example of a person directly approaching three doorways, in accordance with some embodiments.FIG. 4 illustrates an example of a person approaching three doorways, in accordance with some embodiments.FIG. 5 illustrates a flowchart showing a technique for regulating access to an asset, in accordance with some embodiments.FIG. 6 illustrates a flowchart showing a technique for regulating access to an asset using a key-device, in accordance with some embodiments.FIG. 7 illustrates a flowchart showing a technique for regulating access to an asset, in accordance with some embodiments.FIG. 8 illustrates a flowchart showing a technique for regulating access to an asset, in accordance with some embodiments.FIG. 9 illustrates a flowchart showing a technique for regulating access to an asset, in accordance with some embodiments.FIG. 10 illustrates a flowchart showing a technique for regulating access to an asset, in accordance with some embodiments.FIG. 11 is a block diagram illustrating an example of a machine upon which one or more embodiments may be implemented. DETAILED DESCRIPTION When attempting to enter a secured area, a person may become frustrated by a delayed response between their approach to the entry point and the unlocking of the secure entry mechanism (e.g., an electronically controlled door lock). For example, an employee may pass through an entry point for a secure area multiple times a day. Additionally, in some conventional PACS, users may be required to physically present their credential (e.g., card/badge, or mobile device) to a reader located on the wall, which in some circumstances can inconvenience users or cause further unwanted delays, such as if the user's hands are full. As such, a PACS that is able to more easily and seamlessly identify the user (e.g., authenticate a user's permissions to end the secured area) can yield a more user-friendly and preferred experience. Further, users of an entry with a PACS may find benefit in a PACS that determines the intent of a user such that the PACS may perform preemptive credential verification such that the secure entry mechanism may be unlocked as the user approaches the entry point. In some cases, the systems and methods described herein can permit a seamless experience by obtaining or receiving a credential from the user without requiring the user to actively present the device containing the credential (e.g., card or mobile device). That is, in some cases, the systems and methods described herein can include the credential being automatically sent (e.g., without active input from the user) to the reader when the user approaches the reader. In some cases, the systems and methods described herein can implement various approaches to detect intent of the user such that the entry point will open not only when the user with a proper credential is in a defined vicinity of the entry point, but also once it is adequately determined that the authenticated user intend to cross through the entry point. A challenge with performing preemptive credential verification may be identifying false positives which would result in releasing the secure entry mechanism when it should not be unlocked (e.g., false intent detection). This is potentially problematic as an unauthorized person may gain access to the entry. For example, an authorized person may be walking down a hallway and pass by a secure entry point. If the PACS were t