Search

US-20260127927-A1 - SYSTEMS AND METHODS FOR VERIFIABLE CREDENTIALS FOR PHYSICAL ACCESS CONTROL

US20260127927A1US 20260127927 A1US20260127927 A1US 20260127927A1US-20260127927-A1

Abstract

A system and method for decentralized physical access control improves security and resilience over conventional centralized systems. The system includes a user device storing a verifiable credential (VC) cryptographically signed by an issuer. To request access, the user device generates a verifiable presentation (VP) containing the VC and a new, single-use proof-of-possession signature. A door access control device receives the VP and performs a local verification of both the issuer's signature on the VC and the user's proof-of-possession signature on the VP. This verification is performed without requiring a real-time connection to a central server. Upon successful local verification, the door access control device actuates an electronic lock to grant access. This decentralized process enables secure offline operation and prevents the use of copied credentials, overcoming the single-point-of-failure and connectivity limitations of prior art.

Inventors

  • Gaurav Shashikumar KHOT
  • Chad Samuel SPENSKY

Assignees

  • Allthenticate, Inc.

Dates

Publication Date
20260507
Application Date
20251107

Claims (19)

  1. 1 . A physical access control system, comprising: a user device having a first processor, a first memory, and a first wireless transceiver, the first memory storing a verifiable credential (VC), wherein the VC is digitally signed by an issuer from a control center and contains one or more assertions related to physical access; a door access control device having a second processor, a second memory, a second wireless transceiver, and an electronically controlled lock mechanism; wherein the first processor of the user device is configured to: generate a verifiable presentation (VP) comprising the VC and a proof-of-possession signature, the proof-of-possession signature being generated by the user device in response to an access request; and transmit the VP via the first wireless transceiver wherein the second processor of the door access control device is configured to: receive the VP from the user device via the second wireless transceiver; locally verify both the issuer's digital signature on the VC and the user device's proof-of-possession signature on the VP, wherein the local verification is executed, outside of the control center, using data stored in the second memory and data received in the VP; and actuate the electronically controlled lock mechanism to grant access based on a successful local verification of both signatures.
  2. 2 . The system of claim 1 , wherein the door access control device is further configured to transmit a challenge string to the user device, and wherein the user device is configured to include the challenge string in the generation of the proof-of-possession signature.
  3. 3 . The system of claim 1 , wherein the local verification performed by the second processor further comprises verifying at least one business logic attribute contained within the one or more assertions of the VC, the at least one business logic attribute selected from a group consisting of a time-based access rule, an issuer provenance, and a specific resource identifier.
  4. 4 . The system of claim 1 , further comprising a registry communicably coupled to the door access control device via a network, the registry configured to store a revocation list, and wherein the second processor is further configured to query the registry to confirm the VC is not on the revocation list as part of the verification.
  5. 5 . The system of claim 1 , wherein the VP further comprises a proof of non-revocation, and wherein the local verification performed by the second processor further comprises verifying the proof of non-revocation to confirm the VC has not been revoked, enabling secure verification in an offline mode where the door access control device is disconnected from any network.
  6. 6 . The system of claim 1 , wherein the user device is paired with the issuer via a cryptographic challenge-response protocol prior to the issuer provisioning the VC to the user device.
  7. 7 . The system of claim 1 , wherein the user device is configured selectively disclose VP to minimize data transmission over a low-energy wireless protocol.
  8. 8 . A method for decentralized physical access control, the method comprising the steps of: receiving, by a processor of a door access control device from a user device, a verifiable presentation (VP), the VP comprising: a verifiable credential (VC) digitally signed by an issuer from a control center and containing one or more assertions; a proof-of-possession signature generated by the user device; locally verifying outside of the control center, by the processor of the door access control device, the integrity and authenticity of the VP, wherein locally verifying includes: validating the issuer's digital signature on the VC; and validating the user device's proof-of-possession signature on the VP; and actuating, by the door access control device, a physical lock mechanism to an unlocked state in response to the successful validation of both the issuer's digital signature and the proof-of-possession signature.
  9. 9 . The method of claim 8 , further comprising the following steps: prior to receiving the VP, transmitting, by the door access control device, a cryptographically random challenge string to the user device; and wherein validating the proof-of-possession signature comprises confirming the signature was generated using the challenge string.
  10. 10 . The method of claim 8 , wherein locally verifying further comprises validating a proof of non-revocation included in the VP, thereby confirming the VC's validity while the door access control device is operating in a disconnected state.
  11. 11 . The method of claim 8 , further comprising: prior to actuating the physical lock mechanism, querying, by the door access control device, a remote registry over a local network to determine if the VC is present on a revocation list.
  12. 12 . The method of claim 8 , further comprising establishing, prior to the issuance of the VC, a trusted pairing between the user device and the issuer by executing a challenge-response protocol.
  13. 13 . The method of claim 8 , wherein the VP is received over a Bluetooth Low-Energy (BLE) connection and contains only a subset of assertions from the VC necessary for the access request.
  14. 14 . A door access control device for a decentralized physical access control system, comprising: a processor; a wireless transceiver; an electronically controlled lock mechanism; and a memory storing instructions that, when executed by the processor, cause the door access control device to: receive, via the wireless transceiver from a user device, a verifiable presentation (VP), the VP including a verifiable credential (VC) signed by an issuer from a control center and a proof-of-possession signature generated by the user device; locally verify, without communication to the control center, both the issuer's digital signature on the VC and the user device's proof-of-possession signature on the VP; and actuate the electronically controlled lock mechanism to grant access based on a successful local verification of both signatures.
  15. 15 . The door access control device of claim 14 , wherein the instructions further cause the processor to transmit a challenge string to the user device via the wireless transceiver prior to receiving the VP.
  16. 16 . The door access control device of claim 14 , wherein the instructions further cause the processor to verify a proof of non-revocation contained within the VP, thereby enabling secure operation in an offline mode.
  17. 17 . The door access control device of claim 14 , wherein the instructions further cause the processor to query a revocation list stored on a registry via a network connection to confirm the VC has not been revoked.
  18. 18 . The door access control device of claim 14 , wherein the local verification performed by the processor further comprises verifying at least one business logic attribute contained within the one or more assertions of the VC, the at least one business logic attribute selected from a group consisting of a time-based access rule, an issuer provenance, and a specific resource identifier.
  19. 19 . The door access control device of claim 14 , wherein the instructions further cause the processor to: maintain a connection with the user device via the wireless transceiver subsequent to the successful local verification; and maintain the electronically controlled lock mechanism in an unlocked state based on a proximity of the user device, the proximity determined using signal strength metrics from the maintained connection.

Description

CROSS REFERENCE TO RELATED APPLICATION This application claims priority to and the benefit of U.S. Provisional Patent Application No. 63/717,451, filed on Nov. 7, 2024. The foregoing provisional application is incorporated by reference herein in its entirety. GENERAL DESCRIPTION Conventional physical access control systems have historically relied on centralized architectures, which present significant limitations. In these models, access decisions are managed by a central server that communicates with peripheral devices like card readers or electronic locks. This dependency creates a single point of failure; if the central server or the network connecting to it becomes unavailable, the entire system can cease to function, potentially locking individuals in or out of secure areas. Furthermore, these systems require constant connectivity, making them unsuitable for remote locations or environments with unreliable network infrastructure. The management of physical tokens such as key cards or fobs also introduces substantial administrative overhead and security risks. Issuing, tracking, and revoking these tokens is a manually intensive process, and lost or stolen credentials pose a significant security threat until they are deactivated in the central database. To address these challenges, verifiable credentials (VCs) are utilized to make decentralized decisions independent of a central control center, representing a significant technological improvement. In some implementations, credentials are built and distributed by issuers and are composed of several key components. These include identifiers for issuers, holders, and subjects, which are used to retrieve cryptographic information linked to the entities they identify. While the holder and Subject are the same entity in many cases, they may be distinct; for instance, the subject of an assertion could be a dog, while the holder of the VC is the dog's owner. The credential also contains assertions made by the issuer that communicate the information it has about the subject. Furthermore, cryptographic signatures are employed to verify that the identified entity has created the assertions and to bind the holder to the credential using key material. By embedding verifiable, cryptographically secure claims into a digital credential, this approach eliminates the vulnerabilities of physical tokens and the reliance on a constantly online central server. Holders of VCs present the credential to a verifier to receive services based on the presented data. This model allows for offline verification, as the access control device itself can cryptographically validate the credential without needing to query a central database. For example, a university acting as an issuer may issue a graduate degree in the form of a VC to a student, who is both the holder and the subject. The student can then present this VC to a potential employer, the verifier, to prove their educational qualifications for a job. The employer may then provide the service of employment based on the successful verification of the data within the graduate degree VC, among other factors. Similarly, in a physical access scenario, an employee's mobile device (holder) can present a VC to a smart lock (verifier), which grants access based on its intrinsic ability to verify the credential, thereby providing a more resilient, secure, and efficient solution than prior art. SUMMARY The embodiments disclosed herein relate to systems and methods that improve the security and resilience of physical access control. Embodiments include an issuing authority (e.g., an Identity and Access Management control center) configured to generate a primary digital credential (e.g., a verifiable credential) and embed a plurality of secondary contextual data tracks (e.g., cryptographically signed assertions of access rights or employment status) for one or more users, referred to as holders. The system generates a distinct, portable digital credential, which is managed within a decentralized trust framework using a novel cryptographic binding structure between the issuer, the holder's device, and the credential itself. This structure provides a technical advantage by significantly improving the resilience of the system by enabling offline verification, thus removing the single point of failure and constant connectivity requirements inherent in traditional, centralized access control databases. The system associates each issued credential with the correct holder and executes a secure verification protocol when the credential is presented to a verifier (e.g., an electronic door lock). The system provides the results of this verification, such as an access grant or denial, to the user via the access control device. The system is also capable of managing access for designated holders to a variety of physical resources, thereby improving the functioning of the computer itself by enabling more secure, efficient, and resilient management of ph