AU2012257871B2 - Device for controlling access, access control system and method for controlling access - Google Patents

Device for controlling access, access control system and method for controlling access Download PDF

Info

Publication number
AU2012257871B2
AU2012257871B2 AU2012257871A AU2012257871A AU2012257871B2 AU 2012257871 B2 AU2012257871 B2 AU 2012257871B2 AU 2012257871 A AU2012257871 A AU 2012257871A AU 2012257871 A AU2012257871 A AU 2012257871A AU 2012257871 B2 AU2012257871 B2 AU 2012257871B2
Authority
AU
Australia
Prior art keywords
people
receiving space
token
group
reader
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
AU2012257871A
Other versions
AU2012257871A1 (en
Inventor
Klaus Herrmann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bundesdruckerei GmbH
Original Assignee
Bundesdruckerei GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bundesdruckerei GmbH filed Critical Bundesdruckerei GmbH
Publication of AU2012257871A1 publication Critical patent/AU2012257871A1/en
Application granted granted Critical
Publication of AU2012257871B2 publication Critical patent/AU2012257871B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/10Movable barriers with registering means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Lock And Its Accessories (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)

Abstract

The invention relates to a device for controlling the access of a group of persons (182, 184), comprising locking means (106, 102, 188) for locking and unlocking a receiving room (100) for a group of persons, sensor means (108) for detecting the number of persons in the group of persons received in the receiving room, at least one first reader (110) for signaling successful authentication of a person of a group of persons in the receiving room with respect to an ID token associated with said person, control means (146) for unlocking the locking means under the condition that the detected number of persons is the same as the number of the signaled authentications.

Description

Device for controlling access, access control system, and method for controlling access
Description
The invention relates to a device for controlling the access of a group of people, to an access control system, and also to a method for controlling the access of a group of people with the aid of ID tokens. A method for securing access to a protected area is known from DE 101 464 59 A1 in which each individual person does not necessarily have to be checked. To this end, a number of people located in a checking area is determined and a number of authorization passes present in the area is checked in order to ascertain whether the number of people matches the number of authorization passes.
By contrast, the object of the invention is to create an improved device for controlling access, an access control system, and a method for controlling the access of a group of people.
The object forming the basis of the invention is achieved by the features of each of the independent patent claims. Embodiments of the invention are specified in the dependent patent claims.
According to embodiments of the invention, a device for controlling the access of a group of people is created and is used for example to control the access to a protected area or a border control, or for other sovereign or non-sovereign applications.
The device for controlling access includes locking means for locking and unlocking a space for receiving a group of people. Here, the locking means may comprise a suitable locking device, such as a controllable lock, an airlock door or the like. In particular, the receiving space can be formed as an access airlock with an entry door and an exit door, wherein the locking and unlocking, that is to say for example the controlling of the entry and exit doors in order to open and close the access airlock, may be designed so as to be controllable by control means of the device.
The device further has sensor means for detecting the number of people in the group of people received in the receiving space. The sensor means can be designed such that the thermal radiation of the people, in particular the face temperature thereof, the weight thereof and/or another parameter, is detected in order to ascertain the number of people that have entered the receiving space. In particular, this may occur optically in that the receiving space is monitored with the aid of a camera, which has a CCD sensor, and the number of people is determined with the aid of image processing software.
At least one first reader belongs to the device in order to signal a successful authentication of a person within the group of people in the receiving space to an ID token assigned to said person.
The ID token may be a portable electronic piece of equipment, such as what is known as a USB stick, or may be a document, in particular a value or security document.
In particular, the ID token may be a paper-based and/or plastic-based document, such as an identification document, in particular a passport, personal identification document, visa, driver’s license, company identification document, health insurance card, bank card, or also a vehicle registration document, consignment note or other proof of authority. In particular, the ID token can be formed as a chip card with contact-based and/or contactless interface, or as an RFID token. In particular, it may also be contained in a payment means, in particular a bank note, a bank card or a credit card. The ID token may have a data memory for storing at least one attribute of a person to whom the ID token is assigned, and in particular for storing reference data and image data, in particular a digital passport photo. The ID token further has means for authentication of the person to the ID token so that the person in question can prove that they are actually assigned to the ID token.
For authentication of the person to the ID token, authentication methods known perse from the prior art can be used, in particular authentication by input of a secret code, that is to say what is known as a personnel identification number (PIN), and/or biometric authentication methods. In this case, protocols which are likewise known perse from the prior art can be used, such as the Basis Access Control (BAC) protocol, Extended Access Control (EAC) protocol, and the Password Authenticated Connection Establishment (PACE) protocol; in this regard see Technical Guideline TR-03110 “Advanced Security Mechanism for Machine-Readable Travel Documents”, version 2.05, of the Federal Office for Information Security and also EP 1 891 607 B1.
For example, the first reader is what is known as a class 2 reader or class 3 reader with a keypad. Once the person has brought his ID token into the detection range of the first reader, he inputs his PIN via the keypad of the first reader in order to authenticate himself to the ID token. The PIN is transmitted from the first reader to the ID token, where the input PIN is compared with stored reference data. If the input PIN matches the stored reference data, the person is authenticated to the ID token and the ID token outputs a corresponding authentication signal to the first reader. Alternatively or additionally to a keypad, the first reader may have other input or detection means or may be connected to such means, such as a biometric sensor for detecting a biometric feature of the person, such as fingerprints, an iris scan, facial biometry data, or the like.
The device further has control means for unlocking the locking device on the condition that the detected number of people equals the number of signaled authentications. The control means are thus coupled to the sensor means and the at least first reader, such that the control means can compare the detected number of people with the number of authentications made to the first reader or readers in order to ascertain whether these numbers match. If both numbers match, the control means unlock the receiving space, such that the group of people can leave the receiving space, for example in order to enter a protected building area or to pass a national border. The control means may have an individual computer or a computer network. The control means, the locking means, the sensor means and the at least one first reader may likewise communicate via a network, in particular an Ethernet.
The “locking means” may be a controllable door latch for example, into which an access door of the receiving space may fall. The door latch is released by a corresponding signal of the control means, such that the door of the receiving space can be opened.
Alternatively or additionally, a turnstile for example is located at the point of access to the receiving space and can be locked, that is to say blocked, and unlocked, that is to say released, by a corresponding signal of the control means.
Alternatively or additionally, the locking means may have a door that can be driven by an electric motor, wherein the electric motor can be controlled by the control means so as to open and close the door and also so as to hold the door in the closed locked position.
According to embodiments of the invention, the receiving space has an individual access door for the group of people. Alternatively, the receiving space is formed as an access airlock with at least one entry door and one exit door. If the exit door is locked, then the entry door is unlocked, such that the group of people can enter the receiving space. The entry door is then also locked. When the precondition for unlocking has been met, the control means control the exit door in order to unlock it or to open it so that the group of people can leave the receiving space through the exit door.
According to an embodiment of the invention, a plurality of the first readers are distributed in the receiving space. The plurality of first readers can be operated in parallel, such that a number of people can be authenticated simultaneously. The sensor means have first sensors for each of the first readers in order to detect the presence of a person within the group of people at a location of the respective first reader. The execution of the authentications of the people to the ID token via the first readers is then only released by the control means once the presence of a person at one of the readers has been detected by the first sensors.
Here, it is particularly advantageous that the throughput can be heavily increased due to the parallel operation of a number of the first readers. On the other hand, the sensor-based detection of the number of people is facilitated in that the presence of a person is not detected just anywhere in the receiving space, but at the respective locations of the readers. Due to the first sensors at the location of each of the first readers, the people within the receiving space are specifically inevitably separated, which heavily facilitates the sensor-based detection of the number of people and makes this detection process particularly reliable.
For example, a camera may be arranged on each of the readers in order to detect the presence of a person at the location of the respective reader, for example an infrared camera and/or a camera that operates in the visible range. Alternatively or additionally, a weight sensor may be provided at each location of the first readers. A person wishing to perform the authentication at one of the first readers then has to move into the detection range of the respective weight sensor of the selected first reader, such that the presence of the person at the location of the selected reader can be detected via the weight of the person. For example, a stool on which a person has to sit so that the authentication to the selected first reader can be carried out may be fixedly placed in front of each of the readers. A sensor is located in each of the stools in order to sense the loading of the stool by the weight of a person.
Possible misuse or manipulation attempts are counteracted since, when the number of people matches the number of first readers, the authentication of the people to their ID token via the respective selected first readers is only released by the control means once the presence of a person has been detected by each of the first sensors in each case assigned to a respective one of the readers. If the number of people is smaller than the number of first readers, the absence of a person is thus detected at a number of first readers. It can thus be ensured that a number of people are not waiting at the same first reader.
According to a further embodiment of the invention, the sensor means comprise at least one second sensor, more specifically for detecting people who are not waiting at the location of one of the first readers in the receiving space. Here, it is thus additionally checked whether a person wishing to exit the access control in this way is located in the receiving space in a position distanced from the first readers. To this end, the receiving space outside the locations of the first readers is monitored by a suitable sensor, such as an infrared camera, a CCD camera or the like. Here, it is particularly advantageous that the waiting of somebody or nobody at the locations of the readers and also the absence of people in the receiving space outside the locations of the readers can be sensed in a technically reliable and cost-effective manner.
According to an embodiment of the invention, the ID tokens of the people are designed for authentication to a second reader. In particular, this may include what is known as chip authentication of the electronic chip of the ID token to the second reader and optionally also an authentication of the second reader to the ID token, that is to say what is known as terminal authentication. The second reader is arranged outside the receiving space, for example in a waiting area.
In the ID token belonging to one of the people, biometric reference data belonging to this person are stored, such as fingerprint data, facial biometry data, iris scan data and/or other biometric data. Furthermore, the ID token has an identifier, which identifies the ID token unambiguously. The identifier can be read from the ID token, for example optically or via an electronic interface. In particular, what is known as the machine readable zone (MRZ) of an ID token, which is designed as a machine-readable travel document, can be used to detect the identifier, a serial number of the chip of the ID token, which for example can be read out via RFID, or the personal details of the person, which can be optically read from the ID token for example and likewise identify the ID token without ambiguity.
The second reader is designed to detect this identifier from the ID token and also to carry out at least one-way authentication of the ID token to said second reader, for example by the BAC and/or EAC protocol. After successful authentication, the second reader reads out the biometric reference data stored in the ID token and stores this with the identifier as an access key in a memory, for example of the control means.
The first readers located in the receiving space are in this embodiment likewise designed to detect the identifier previously already detected by the second readers outside the receiving space. The first readers are further designed to detect the biometric feature for which biometric reference data are stored in the ID token.
To authenticate the people in the receiving space, an approach is adopted here such that the identifiers are detected again with the aid of the first readers in the receiving space and the respective biometric reference data are then read out from the memory with the aid of the identifiers in order to be compared with the respective biometric features detected by the first readers. Unlocking then occurs on the further condition that the detected biometric features of the people sufficiently match the respective biometric reference data.
This embodiment has the specific advantage that the security against manipulations with high throughput is further increased. This is made possible since the period during which the people outside the receiving space are waiting is used to securely read out the biometric reference data from the ID token under consideration of data protection requirements, and therefore this process does not have to take place within the receiving space. The residence time of the group of people in the receiving space can thus be kept very short, even with biometric checking.
According to an embodiment of the invention, the biometric reference data read from the ID token and buffered in the memory are deleted once authentication has been performed, for example immediately before or after the unlocking. It is thus ensured that the biometric reference data cannot be collected and stored at central locations.
According to a further embodiment of the invention, the device has entry restriction means for restricting the number of people in the group of people, wherein the number of people to which entry into the receiving space is restricted is limited to the number of people for which the at least one second reader has stored the biometric reference data in the memory.
In other words, the number of people authenticating themselves to the second reader outside the receiving space in the waiting area and of which the biometric reference data are read and buffered whilst the receiving space is still locked is counted. The number of people who have entered the receiving space after unlocking is then confined to the number of people for which the biometric reference data have already been read. This is intended to prevent people from entering the receiving space for whom no biometric reference data are yet stored in the memory, since this would lead to a delay in the process. The intake capacity of the waiting area, in which the people have access to the second reader or readers, can be selected for example such that it is equal to the intake capacity of the receiving space.
According to an embodiment of the invention, the entry restriction means have at least one turnstile in order to limit the number of people that can enter the receiving space. An additional turnstile may be arranged at the entry of the waiting area in order to restrict the number of people in the waiting area to the maximum intake capacity of the receiving space. Instead of a turnstile, the entry restriction means may also be formed by one or more automatic doors.
Embodiments of the invention are particularly advantageous for applications in which groups of people are present who simultaneously desire access a protected area, such as a border crossing, in particular at airports, access to security zones of specially protected facilities, access to company buildings, bank vaults, or lounges, for example in football stadiums.
Here, embodiments of the invention are of particular advantage such that access of such groups of people can be controlled efficiently, more specifically without compromising security.
Embodiments of the invention are also of particular advantage for controlling the access of people who cannot operate the readers independently, such as children or people with disabilities. Since, in accordance with the invention, the people are not separated or are only separated within the same receiving space, such people within the receiving space can be assisted by other people within the group of people.
To this end, it may be advantageous to arrange the first readers closely to one another in order to facilitate such assistance. For example, the first readers may for this purpose form a structural unit, in particular the antenna regions for supporting the ID tokens when these are RFID tokens, wherein the antenna regions can be formed side by side, for example as elongate support areas with a plurality of PIN input keypads, or for example are constructed similarly to a handrail, in which antenna, display and operating fields are integrated.
In a further aspect, the invention relates to an access control system comprising an embodiment of a device according to the invention and a plurality of ID tokens. The receiving space may also belong to the access control system, wherein the receiving space can be formed for example as an access airlock.
In a further aspect, the invention relates to a method for controlling the access of a group of people with the aid of a device according to the invention and/or an access control system according to the invention, said method comprising the following steps: locking the receiving space once the group of people has been received, detecting the number of people in the group of people received in the receiving space, authenticating each of the people in the group of people received in the receiving space to a respective assigned ID token within the receiving space and signaling successful authentications by means of the at least one first reader, and unlocking the receiving space on the condition that the number of detected people matches the number of signaled authentications.
Embodiments of the invention will be explained in greater detail hereinafter with reference to the drawings, in which:
Figure 1 shows a block diagram of a first embodiment of a device according to the invention,
Figure 2 shows a flow diagram of a first embodiment of a method according to the invention,
Figure 3 shows a block diagram of a second embodiment of a device according to the invention,
Figure 4 shows a flow diagram of a second embodiment of a method according to the invention,
Figure 5 shows a block diagram of a third embodiment of a device according to the invention, and
Figure 6 shows a flow diagram of a third embodiment of a method according to the invention.
Elements in the following embodiments that correspond to one another or are the same are denoted by like reference signs.
Figure 1 shows a receiving space 100 for receiving a group of people having a maximum number N of people. The receiving space has an automatic door 102, which for example can be operated by an electric motor, in order to open and to close an entry and exit 104 of the receiving space 100. To this end, a controllable bolt 106, such as a door latch, may be provided.
The receiving space 100 is monitored by at least one sensor 108. The sensor 108 is used to detect the number of people located in the receiving space 100. The sensor 108 may be a camera or an infrared sensor, for example.
At least one reader 110, which is interoperable with the ID tokens 112, 114, 116, 118, ... of a group of people, such as the people 120, 122, 124, 126, ..., is located in the receiving space 100. Here, each of the ID tokens is assigned to exactly one of these people, for example the ID token 112 is assigned to the person 120, the ID token 114 is assigned to the person 122, etc.
The ID tokens 114, 116, 118, ... are in principle constructed identically to the ID token 112 illustrated in greater detail in Figure 1.
The ID token 112 has an interface 128 to a corresponding interface 130 of the reader 110. The interfaces 128, 130 can be formed in a contact-based or contactless manner, in particular as RFID interfaces.
The ID token 112 further has a processor 132 for executing program instructions 134 and also an electronic memory 136 for storing reference data 138. For example, the reference data 138 may be a secret code, such as a PIN, which is to be known only to the person assigned the ID token 112, that is to say in this case only the person 120. Alternatively or additionally, the reference data 138 may include biometric reference data concerning the respective person. The electronic memory 136 is a protected memory, which can only be accessed internally by the processor 132 of the ID token 112. Direct access via the interface 128 to the memory 136 and in particular the reference data 138 stored therein is either not possible or is only possible after release by the processor 132, depending on the embodiment.
The reader 110 has a processor 140 for executing program instructions 142 and also an interface 144 for communication with a controller 146, which for example is formed as a computer and has a corresponding interface 148. The interfaces 144 and 148 may be network interfaces for example, in particular Ethernet interfaces.
The reader 110 further has input or detection means, such as a keypad 150 and/or a sensor 152.
The keypad 150 can be designed to input the PIN into the reader 110, and the sensor 152 may be a biometry sensor for detecting a biometric feature of the respective person.
The controller 146 has a processor 154 for executing program instructions 156. By executing the program instructions 156, the controller 146 can generate, for example, a signal 158 in order to control the bolt 106 and/or the door 102 or the elec-tric-motor-based drive thereof so as to thus lock or unlock the door 102.
Furthermore, the controller may sense the locked or unlocked state of the door 102, for example via the line 160. The controller 146 is further connected to the sensor 108 via a line 162, via which the controller 146 receives a signal 164. The signal 164 may be a sensor signal of the sensor 104, which is then evaluated by the controller 146 by execution of the program instructions 156 in order to determine the number of people in the receiving space. Alternatively, the sensor signal may already be processed by a digital signal processing of the sensor 108 itself, such that the signal 164 already indicates the detected number of people. Mixed forms are also possible, in accordance with which the detected sensor signal is pre-processed by the evaluation electronics of the sensor 108, such that the further evaluation by the controller 146 is reduced accordingly.
The interfaces 144 and 148 can be coupled to one another via further separate lines 166. The controller 146 receives a signal 168 from the reader 110, said signal signaling that a person has been authenticated.
The lines 160, 162 and 166 can be replaced wholly or partially by a network, for example an Ethernet, via which the various components, that is to say the controller on the one hand and the bolt/the door 102, the sensor 108 and the reader 110 on the other hand, can communicate with one another.
The following approach for example is adopted in order to control access:
Firstly, a group of M people, wherein 0 < Μ < N, enters the receiving space 100.
For example, the group of people contains M = 4 people 120, 122, 124 and 126, as shown in Figure 1. The people in this group of people each carry with them their ID token, as is likewise shown in Figure 1.
Once the group of people has entered the receiving space 110, the door 102 is closed and locked. This can occur automatically or manually. The number M of people is then determined with the aid of the sensor 108.
The people in this group of people also authenticate themselves to their ID token with the aid of the reader 110. To this end, the person 120 for example brings his ID token 112 into the detection range of the interface 130. The person 120 then inputs his PIN into the reader via the keypad 150 of the reader 110. The PIN is transferred via the interface 130 to the ID token 112 by execution of the program instructions 142 and is evaluated there by execution of the program instructions 134 in that the processor 132 accesses the reference data 138 and this data is compared with the PIN received via the interface 128. If the received PIN matches the reference data 138, the processor 132 generates a corresponding signal, which is transmitted via the interface 128 to the interface 130 of the reader 110 and is forwarded as a signal 168 via the interface 144 to the controller 146 by execution of the program instructions 142.
The detected number of people M and also the number of signals 168 each signaling a successful authentication of a person to an ID token are processed by the controller 146 by execution of the program instructions 156 in that the number M of detected people is compared with the number of signals 168. If the two numbers match one another, this means that all people in the admitted group of people have authenticated themselves to their ID token. The processor 154 then generates the signal 158 to unlock the door 102. The group of people can then leave the receiving space 100, for example in order to pass a border or to enter a protected building area.
In the case of biometric authentication, a biometric feature for example of the person 120 is detected by the sensor 152 instead of the PIN via the keypad 150 and is transmitted via the interface 130 to the ID token 112, such that the received biometric data can be checked there for a sufficient match with the reference data 138, for example by what is known as a Match on Card method. Alternatively, the reference data 138 are read out from the ID token 112 by the reader 110 or the controller 146 in order to check a sufficient match of the detected biometric features with the reference data 138 by the reader 110 or by the controller 146. To this end, both the biometric reference data read out from the ID token 112 and the biometric features detected in a sensor-based manner from the person 120 are transmitted from the reader 110 to the controller 146 in order to be evaluated there.
Figure 2 shows a corresponding flow diagram. In step 200, a number of M people are admitted into a receiving space of a device for access control according to the invention. Upon entry or subsequently thereto, the number M of people in the receiving space is detected by sensor (step 202). In step 204, the M people in the group of people within the receiving space each authenticate themselves to their ID token, wherein each of the successful authentications is signaled to a control unit. The control unit then compares, in step 206, the number of authentications carried out with the detected number M. If both numbers match one another, a release signal is generated by the controller in step 208 in order to signal that the group of people can pass; the receiving space is unlocked by the release signal, such that the M people can then leave said receiving space again. By contrast, a message is generated in step 210 and is directed for example to a border official so that he can intervene.
Figure 3 shows a further embodiment of a device according to the invention. In this embodiment, a number of N readers 110.1 to 110.N are distributed in the receiving space 110. For each of the N readers, it is monitored by sensor whether one of the people in the group of people or whether nobody is located at the location of the respective reader. To this end, the readers can be monitored by means of a camera for example. To this end, a separate sensor, for example a camera, a heat sensor and/or a weight sensor, is preferably located on each of the readers in order to detect the presence of a person at a location of the respective reader. In addition, a traffic zone of the receiving space can be monitored by a further sensor 170 in order to ensure that no further people are waiting in the receiving space other than at the readers. Separation of the people in the group of people within the receiving space is thus achieved since they each have to take to one of the readers. This simplifies the sensor-based detection of the number of people M considerably and also makes this more secure and more reliable.
The readers 110.1 - 110.N are formed in the embodiment considered here such that an authentication of a person to the respective ID token is then only made possible once the respective reader has received a release signal 172 from the controller 146. It is not possible to input the PIN via the keypad 150 or to detect the biometric feature via the sensor 152 (see Figure 1) beforehand.
To control access, an approach is adopted in the embodiment considered here, additionally to the embodiment according to Figure 1, such that the signals 164 of the sensors 108.1 - 108.N are evaluated by the controller 146 in order to ascertain whether these signals indicate the presence either of precisely one person or nobody at the location of the respective reader. Furthermore, a signal 174 of the sensor 170 is checked by the controller 146 in order to ascertain whether no further people are waiting in the receiving space 110.
When the people 120, 122, 124 and 126 then take to the readers 110.1, 110.2, 110.3 and 110.4, as illustrated in Figure 3, this is thus detected by the corresponding sensors 108.1, 108.2, 108.3 and 108.4 and is signaled to the controller 146. If, in addition, a further person 176 is located in the receiving space 100 and potentially does not have an ID token or has an invalid ID token 178, this is thus detected by the sensor 170. The processor 154 of the controller 146 generates the release signals 172 by execution of the program instructions 156 only on the condition that all of the sensors 108 signal the presence of precisely one person or nobody at one of the readers 110 and that the sensor 170 further signals the presence of no further people in the receiving space 100. The person 176 in the case considered here must therefore first leave the receiving space 100 before the authentications can take place.
Once the M people, that is to say in the application considered here M = 4 people 120 - 126, have taken to the readers 110.1 - 110.4 and have thus been separated within the receiving space 100, and once the person 176 has also left the receiving space 100, the controller 146 then generates the release signals 172 for the readers 110.1 - 110.4, such that the people 120 to 126 can then be authenticated to the respective assigned ID token 112 to 118. Here, the door 102 is thus then unlocked on the condition that successful authentication has occurred at each of the readers 110.1 to 110.4 at which the presence of a person had been detected.
Figure 4 shows a corresponding flow diagram.
In the step 300, M people are admitted. The number M is detected in step 302 by a number of N sensors (see the readers 110.1 - 110.N in Figure 3). It is also checked in step 304 whether any other person is located in the receiving space who has not taken to one of the readers. If this is the case, a message is generated in step 306 such that a border official can intervene for example. If this is not the case, execution of the authentications of the M people to the respective readers at which said people are located is released in step 308. For a reader for which the presence of a person has not been detected, no authentication is released, and therefore the authentications can be carried out only at those readers at which a person in the receiving space is actually located. If the number of signaled authentications is M, that is to say equal to the number of people detected by sensor in the receiving space, unlocking thus occurs in the step 314, otherwise a message is again generated in step 312.
For the time between the release of the authentication in step 308 and the check in step 310, a predefined maximum time can be defined, within which all of the authentications must have taken place. If this time is exceeded, the process branches to the message 312.
The embodiment according to Figure 5 has been developed compared to the embodiment according to Figure 3 in that a waiting area 180 is located before the receiving space 100 and is used to receive a further group of people, provided a group of people is still located in the receiving space 100. For example, the group of people 182 includes the people 120, 122, 124 and 126, whereas the further group of people 184 in the waiting area 180 includes the people 120‘, 122‘, 1241 and 126‘, wherein it is assumed here, without loss of generality, that N = M = 4 for each of the groups of people 182 and 184.
At least one reader 110’ with an interface 130’ that in principle can be constructed similarly to the interface 130 of the readers 110 in the receiving space 100 is located outside the receiving space 100. The reader 110’ has a processor 140’ for execution of program instructions 142’ and also an interface 144’ for communication with the corresponding interface 148’ of the controller 146. Furthermore, the reader 110’ has an optical sensor 186, for example for carrying out what is known as a BAG, specifically in order to visually detect from one of the ID tokens a piece of information printed on the ID token, such as what is known as the MRZ. Here, the ID tokens 112 to 118 or 112’ to 118’ may particularly preferably be machine-readable travel documents, in particular electronic passports or electronic personal identification documents, in particular in accordance with a standard defined by the Federal Office for Information Security (BSI) and/or the International Civil Aviation Organization (ICAO).
The waiting area 180 may be defined for example by a turnstile 188 and a turnstile 190. The turnstiles 188 and 190 are connected via lines 192 and 194 respectively to the controller 146, which blocks and releases the turnstiles. Due to the turnstile 188, the door 102 can be omitted or the door 102 is designed such that the various people can only pass in succession so as to restrict the access to the receiving space 100 to the maximum number of people.
The receiving space 100 is preferably formed here as an access airlock, that is to say the door 102 is used here merely to enter the receiving space 100, and a further door 102’ with a corresponding bolt 106’ is used exclusively to leave the receiving space 100.
The controller 146 is designed here such that it has an electronic memory 196, which is used to store a database 198.
To control the access of the group of people 184, the following approach is adopted here:
Whilst the group of people 182 is still located in the locked receiving space 100, the further group of people 184 is admitted into the waiting area 180, for example by releasing the turnstile 190 by means of the controller 146. The people 120’ to 126’ in this further group of people 184 each in succession bring their ID token into the detection range of the reader 110’, for example in order to perform a BAC and subsequent EAC for one-way or two-way authentication of the respective ID token and of the reader 110’. After this authentication, the reader 110’ obtains the read rights to reference data 138 stored in the respective memory 136 of one of the ID tokens, wherein this reference data is biometric reference data in the embodiment considered here. In a supplementary or additional manner, unprotected data may also be read out from the memory 136, such as a facial image. Furthermore, an identifier of the ID token is detected from the respective ID token, for example with the aid of the optical sensor 186 or via the interface 130’.
The reference data 138 read out from one of the ID tokens is then transmitted together with the respective identifier from the reader 110’ to the controller 146 and is stored in the database 198, wherein the identifier is used as a database key for subsequent database access to the reference data. Instead of one reader 110’, a plurality of readers may also be arranged in the waiting area 180, such as a number of N readers 110’, in order to parallelize this process.
Once the group of people 182 in the receiving space 100 has been successfully checked, the controller 146 generates an unlocking signal for the bolt 106’, such that this group of people 182 leaves the receiving space. The door 102’ is then closed again, and the door 102 is opened. The controller 146 then allows the group of people 184 to pass through the turnstile 188, such that this group of people enters the receiving space 100. The number of people that may pass through the turnstile 188 may be further limited here, besides N, in that the number of people for which the reference data have been stored in the database 198 beforehand within the waiting area 180 are allowed through at most. People from the waiting area 180 not previously present at the reader 110’ are thus also prevented from entering the receiving space 100.
The group of people 184 is separated in the receiving space 100 in that the people 120’ to 126’ take to the various readers 110.1 - 110.4. With the aid of the readers, merely the respective identifier of the ID token is then detected again as well as the biometric feature of the person.
The identifier together with the respective biometric feature detected is transmitted from the reader to the controller 146. The controller accesses the database 198 by means of the identifier received from the reader as a key in order to read out the corresponding reference data from the database and to compare this with the detected biometric data received by the respective reader. If all M people in the group of people 184 are thus successfully authenticated, the controller 146 controls the bolt 106’ in order to open the door 102’.
The approach can be adopted similarly and continuously for successive groups of people, such that the throughput is optimized without compromising security.
Figure 6 shows a corresponding flow diagram.
In step 400, a number of M people are admitted into the waiting area. There, one or more of the second readers (see reader 110’ in Figure 5) is/are located and is/are used to authenticate the ID tokens of the people admitted into the waiting area to the second reader or readers and also to read an identifier and reference data from the ID token. In step 404, the reference data are stored with the identifier as an access key in a database (see database 198 in Figure 5).
In step 406, the M people from the waiting area then admitted into the receiving space. The number M is then detected in the receiving space in the step 408 by N sensors, wherein a sensor may be located on each one of the readers (in this regard see the embodiment in Figure 5).
If it is determined in step 410 that a further person is located in the receiving space besides at the readers, a corresponding message is thus generated in step 412. If this is not the case, the use of the first readers in the receiving space is released in step 414 in order to enable authentication of the people. To this end, the identifier from the ID token is initially detected in step 416, and the biometric features of each of the people are detected by sensor in step 148. In step 420, the database is accessed by means of the identifier detected in step 416 in order to read out the respective stored reference data and to compare this in step 422 with the respective biometric features. Each person in the group of people is thus authenticated, specifically when the features of one of the people detected by sensor in step 414 sufficiently match the reference data stored for this person.
In step 424, it is then checked whether the number of successful authentications is equal to the number M of people, as has been detected in step 408. If this is not the case, a corresponding message is thus generated in step 426, and in the opposite case the exit door of the receiving space is unlocked in step 428.
The database 198 is then deleted so that there is no central collection of the reference data.
Parallel to the steps 408 to 428, the steps 400 to 404 can be carried out for a subsequent further group of people in the sense of pipelined processing.
List of reference signs 100 receiving space 102 door 102‘ door 104 entry/exit 106 bolt 108 sensor 110 reader 110‘ reader 112-118 ID token 120- 126 person 128 interface 130 interface 132 processor 134 program instructions 136 electronic memory 138 reference data 140 processor 142 program instructions 144 interface 146 controller 148 interface 150 keypad 152 sensor 154 processor 156 program instructions 158 signal 160 line 162 line 164 signal 166 line 168 signal 170 sensor 172 release signal 174 signal 176 person 178 ID token 180 waiting area 182 group of people 184 group of people 186 sensor 188 turnstile 190 turnstile 192 lines 194 lines 196 memory 198 database

Claims (19)

  1. Patent claims
    1. A device for controlling the access of a group of people (182, 184), comprising locking means (106, 102, 188) for locking and unlocking a receiving space (100) for a group of people, sensor means (108) for detecting the number of people in the group of people received in the receiving space, at least one first reader (110) for signaling a successful authentication of a person in the group of people in the receiving space to an ID token assigned to this person, and control means (146) for unlocking the locking means on the condition that the detected number of people is equal to the number of signaled authentications.
  2. 2. The device according to Claim 1, wherein a number of the first readers is arranged in the receiving space, wherein the sensor means comprise first sensors (108.1 - 108.N) for each of the first readers in order to detect the presence of a person in the group of people in the receiving space at the location of the respective first reader, wherein the authentication of the people to the ID tokens via the first readers is only released by the control means once each of the first sensors has detected the presence of somebody or nobody.
  3. 3. The device according to Claim 2, wherein the sensor means comprises a second sensor (170) for detecting people who are waiting in the receiving space not at the location of one of the first readers, wherein the control means are designed such that the authentication is only released on the condition that nobody is detected by the second sensor when the first sensors simultaneously signal the presence of precisely one person or nobody.
  4. 4. The device according to Claim 1, 2 or 3, wherein the ID token is designed for authentication to a second reader (110‘), and biometric reference data belonging to the person to whom the ID token is assigned are stored in the ID token, and wherein an identifier of the ID token and/or the person to whom the ID token is assigned is also readable from the ID token by the second reader, wherein at least one second reader is arranged outside the receiving space in order to read out the biometric reference data from the ID token after authentication of the ID token to the second reader and to store this data together with the identifier as a key in a memory (196), which can be accessed by the control means or which forms part of the control means, wherein the first readers in the receiving space are designed to read the identifier and comprise means (152) for detecting the biometric features of the people in the receiving space, wherein the control means are designed to receive the identifiers from the first readers, to read out from the memory the biometric reference data belonging to the people with the aid of the identifiers, and to unlock the locking device under the further provision that the detected biometric features belonging to the people match the respective biometric reference data.
  5. 5. The device according to Claim 4, wherein the control means are designed such that, once the match between the biometric reference data and the detected biometric features has been checked, the detected biometric features and the identifiers are deleted from the memory.
  6. 6. The device according to one of the preceding claims, comprising entry restriction means (188) for restricting the number of people in the group of people, wherein the number of people to which entry into the receiving space is restricted is restricted to the number of people for which the at least one second reader has stored the biometric reference data in the memory.
  7. 7. The device according to Claim 6, wherein the entry restriction means are locked by the control means once a maximum number of people, which is restricted to the number of people for which the at least one second reader has stored the biometric reference data in the memory, have entered the receiving space.
  8. 8. The device according to one of the preceding claims, wherein the ID token and the second reader are designed to execute a BAC protocol and/or an EAC protocol and/or a PACE protocol for execution of a one-way or two-way authentication.
  9. 9. The device according to one of the preceding claims, wherein the identifier is formed from an MRZ of the ID token or an identifier of a chip of the ID token.
  10. 10. An access control system comprising a device according to one of the preceding claims and a plurality of the ID tokens.
  11. 11. The access control system according to Claim 10, comprising the receiving space, wherein the receiving space is preferably formed as an access airlock.
  12. 12. A method for controlling the access of a group of people with the aid of a device according to one of preceding Claims 1 to 10, said method comprising the following steps: locking the receiving space (100) once the group of people has been received, detecting the number (M) of people in the group of people received in the receiving space, authenticating each of the people in the group of people received in the receiving space to a respective assigned ID token within the receiving space and signaling the successful authentications by means of the at least one first reader, unlocking the receiving space under the provision that the number of detected people matches the number of signaled authentications.
  13. 13. The method according to Claim 12, wherein it is checked that each person in the group of people within the receiving space is located at one of the first readers once said space has been locked, and the execution of authentications of the people to the ID token is then only enabled when this is the case.
  14. 14. The method according to Claim 12 or 13, wherein the biometric reference data are read out from the ID token of the group of people with the aid of one or more second readers (110’) and are stored in the memory before the group of people is received in the receiving space, and wherein the biometric features of the people in the group of people are detected within the receiving space once said space has been locked, and the detected biometric features are compared with the biometric reference data stored in the memory, wherein the receiving space is then only unlocked when the detected biometric features sufficiently match the biometric reference data stored in the memory.
  15. 15. The method according to Claim 12, 13 or 14, wherein the sensor means are designed to detect the height, weight and/or temperature, in particular the face temperature, of the people.
  16. 16. A device according to any of claims 1 to 9 wherein the ID token comprises at least one of a passport, personal identification document, visa, driver’s license, company identification document, health insurance card, bank card, a vehicle registration document, or a consignment note.
  17. 17. A device according to any of claims 1 to 9 wherein the ID token is formed as a chip card or an RFID token, having a contact-based and/or contactless interface.
  18. 18. A device according to any of claims 1 to 9 wherein the RFID token is contained within a payment means.
  19. 19. A device according to any of claims 1 to 9 wherein the ID token comprises a data memory for storing at least one attribute of a person to whom the ID token is assigned.
AU2012257871A 2011-05-17 2012-05-09 Device for controlling access, access control system and method for controlling access Active AU2012257871B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102011076004.0 2011-05-17
DE102011076004A DE102011076004A1 (en) 2011-05-17 2011-05-17 Access control device, access control system and access control method
PCT/EP2012/058487 WO2012156238A1 (en) 2011-05-17 2012-05-09 Device for controlling access, access control system and method for controlling access

Publications (2)

Publication Number Publication Date
AU2012257871A1 AU2012257871A1 (en) 2013-11-21
AU2012257871B2 true AU2012257871B2 (en) 2016-06-30

Family

ID=46046211

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2012257871A Active AU2012257871B2 (en) 2011-05-17 2012-05-09 Device for controlling access, access control system and method for controlling access

Country Status (6)

Country Link
EP (1) EP2710561B1 (en)
CN (1) CN103534734B (en)
AU (1) AU2012257871B2 (en)
DE (1) DE102011076004A1 (en)
PT (1) PT2710561T (en)
WO (1) WO2012156238A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106256744B (en) 2015-06-19 2019-12-10 奥的斯电梯公司 Elevator riding user management method and system
CN105374096A (en) * 2015-12-07 2016-03-02 天津博威动力设备有限公司 Entrance guard system with multiple detection means
CN105827639A (en) * 2016-05-13 2016-08-03 上海迅饶自动化科技有限公司 X2bacnet protocol conversion gateway software
US10370877B2 (en) * 2016-09-22 2019-08-06 Lenovo (Singapore) Pte. Ltd. Destination criteria for unlocking a vehicle door
US11024105B1 (en) * 2017-10-16 2021-06-01 Cybra Corporation Safety and security methods and systems
CN108921979A (en) * 2018-04-10 2018-11-30 浙江易云物联科技有限公司 A kind of system for managing pedestrian passage and its method
DE102018119767A1 (en) * 2018-08-14 2020-02-20 Bundesdruckerei Gmbh Device for providing a plurality of biometric features of a plurality of people in a group of people
CN109559409B (en) * 2018-10-11 2020-06-02 江苏农林职业技术学院 Cloud control access control system for self-service fruit and vegetable picking greenhouse and image recognition method thereof
CN109407601B (en) * 2018-10-29 2021-04-30 北京东华合创科技有限公司 Intelligent laboratory monitoring alarm system based on data analysis
CN111554028B (en) * 2020-05-19 2022-03-25 青岛聚好联科技有限公司 Bluetooth access control system and interaction method thereof

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6801640B1 (en) * 1999-06-03 2004-10-05 Omron Corporation Gate control device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10146459B4 (en) 2001-09-20 2005-03-03 Deutsche Post Ag Access control method, access control device and elevator car
CN1696982A (en) * 2005-04-11 2005-11-16 中华人民共和国珠海出入境边防检查总站 Automatic examination method for border control
DE102005025806B4 (en) 2005-06-02 2008-04-17 Bundesdruckerei Gmbh Method for access from a terminal to an electronic device
JP2009509887A (en) * 2005-09-30 2009-03-12 インベンテイオ・アクテイエンゲゼルシヤフト Elevator equipment for transporting elevator users in the building area
DE602007010523D1 (en) * 2006-02-15 2010-12-30 Toshiba Kk Apparatus and method for personal identification
DE102006036108A1 (en) * 2006-05-19 2007-11-22 Siemens Ag Controlling device for persons, has primary investigation unit for executing multiple investigation process to determine identity of person, secondary investigation unit for determining identity of objects and evaluating processor unit
JP4751442B2 (en) * 2008-12-24 2011-08-17 株式会社東芝 Video surveillance system
CN101706976A (en) * 2009-08-26 2010-05-12 深圳市飞瑞斯科技有限公司 Anti-trailing system and device based on number of video viewers
CN101774501B (en) * 2009-10-19 2013-07-24 秦皇岛开发区前景电子科技有限公司 Management method and system of household elevator with security protection function

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6801640B1 (en) * 1999-06-03 2004-10-05 Omron Corporation Gate control device

Also Published As

Publication number Publication date
EP2710561B1 (en) 2017-01-04
WO2012156238A1 (en) 2012-11-22
DE102011076004A1 (en) 2012-11-22
PT2710561T (en) 2017-02-21
EP2710561A1 (en) 2014-03-26
CN103534734B (en) 2016-11-23
AU2012257871A1 (en) 2013-11-21
CN103534734A (en) 2014-01-22

Similar Documents

Publication Publication Date Title
AU2012257871B2 (en) Device for controlling access, access control system and method for controlling access
AU2014230867B2 (en) Access control for areas with multiple doors
KR101654784B1 (en) Access authentication system using a mobile terminal
JP5748003B2 (en) Entrance / exit management system
JP5302581B2 (en) Security system and program thereof
JP2007262695A (en) Entrance management equipment with enhanced security function, and entrance management method
JP2007070899A (en) Cabinet system and storage method
JP4460265B2 (en) Entrance / exit management device
KR20090041619A (en) Entrance and exit control system
JP4493521B2 (en) Access control device
JP2004211538A (en) Entrance-leaving control system
JP2001040923A (en) Access management system
JP2000315291A (en) Complex security system for building
JP2000145219A (en) Lock management system
JP3743234B2 (en) Gate management system
GB2459327A (en) Anti-tailgating system for a restricted access entrance
JP2006107308A (en) Method, managing apparatus, and system for exit management, and information reader
JP5929225B2 (en) Entrance / exit management system
CN115100771A (en) Visitor management system and visitor management method
JP2006070653A (en) Security passing controller
JP2014105437A (en) Room access control system, and program therefor
JP2006132195A (en) Entry control system
JP2006144384A (en) Security enhanced room entry management system
JP4279037B2 (en) Entrance / exit management system
JP4154013B2 (en) Management system

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)