GB2446912A - Access control having antipassback - Google Patents

Access control having antipassback Download PDF

Info

Publication number
GB2446912A
GB2446912A GB0724946A GB0724946A GB2446912A GB 2446912 A GB2446912 A GB 2446912A GB 0724946 A GB0724946 A GB 0724946A GB 0724946 A GB0724946 A GB 0724946A GB 2446912 A GB2446912 A GB 2446912A
Authority
GB
United Kingdom
Prior art keywords
antipassback
reader
read
write
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0724946A
Other versions
GB0724946D0 (en
GB2446912B (en
Inventor
Christopher Ian Blake
Karthik Sivaram
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BQT Solutions Australia Pty Ltd
Original Assignee
BQT Solutions Australia Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2004901016A external-priority patent/AU2004901016A0/en
Application filed by BQT Solutions Australia Pty Ltd filed Critical BQT Solutions Australia Pty Ltd
Priority to GB0724946A priority Critical patent/GB2446912B/en
Priority claimed from GB0619074A external-priority patent/GB2427495B/en
Publication of GB0724946D0 publication Critical patent/GB0724946D0/en
Publication of GB2446912A publication Critical patent/GB2446912A/en
Application granted granted Critical
Publication of GB2446912B publication Critical patent/GB2446912B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C1/00Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
    • G07C1/10Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
    • G07C9/00007
    • G07C9/00031
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Abstract

An access control system (1400) implements antipassback (APB) to prevent system abuse. The system (1400) is characterised in that antipassback information is stored and updated by a reader/writer on a read/write smartcard. A user wishing to gain access via the system (1400) presents their smartcard to a reader/writer. The reader/writer reads antipassback information (1430) from the smartcard and determines whether permissions are fulfilled and/or the antipassback information passes an integrity check (1440) e.g. based on entry/exit patterns. If so, access is allowed (1470); if not, access is denied (1450). The reader/writer updates the smartcard by writing antipassback information to the smartcard (1460). Antipassback may be disabled (1420) or normalised so as to enable a violated smartcard to be used. The system (1400) may comprise a database of reader/writer information updatable with an antipassback flag. The smartcard may store biometric information and the reader/writer may comprise a biometric reader. The antipassback information may comprise a flag being a composite bit field of the current entry status levels.

Description

AN ACCESS CONTROL SYSTEM
PIELD0F flEE INVENTION The present inventiOn relates generally to secunty systems and in particular to access control systems.
BACKGROUND
Existing controlled access systems utilize a controller in a secure arel that is connected toe relay coupled to a door lock that is also in the secure area. Nonuafly, the relay is on the controller. The controller is coupled to a reader, where the reader is in an unsecured area. Another configuration involves a reader with a relay in the same unit, where the relay is in the unsecured area. Figs. 7A and 7B arc block diagrams of each of these systems, respectively Fig. 7A illustrates a controller 740 with a relay on board in the secure area 720. The reader 730 is located inthe unsecured area 7.10 and communicates with the controller 740, for example, using Wiegand communications. The controller 740 with the relay is in turn coupled to a door latch 750 in the secure area 720; In operation1 the reader 730 scuds an access number to the óonlroiler 740, which looks up the number in a database and detemLines the access level that is appropriate. If access is granted, the controller 740 enables the relay to activate the door latch 750.
Fig 7B illusttates a reader 760 with the database and the relay on board the reader in the unsecured area 710, while the door latch 780 is in the secure area 720. If the reader 760 detenninci that access Isto be granted, the reader 760 enables the relay on board the reader 760 to activate the door latch 780.
Both of these systems have diiadvantages. The system of Pig. 7A involves use of controllers that makes the security systems expensive and the use of Wiegand communications, where Wiegand is a known format and therefore a weak link.
Wiegand lines are a "weak link" in the sense that Wiogand formats are normally known formats, such as 26 bits. A code generator Is able to simulate sàiding codes to a controller If the reader is removed from the wall, for example, and Wiegand format -2-.
signals ma)' be sent down the Wiegand lines to defeat the system. The system of H. 7B involves a relay on board the reader. Thus, a SV power supply fbr example may be used to activate the door relay from the unsecured area.
Fig. 8 is a block diagram of a general antipassback system 800 comprising a read only tag 810, a read only device 820, a conirol panel 830 and server software 840. Antipassback is a feature of access control systems that ensures that cardholders/tag holders are required to properly enter and exit areas by using their card/tag. The cardholder must flash their card at the entry and the exit If the person falls to flash their.card upon exit (e.g. by mistake or by tailgating), the person is denied eniry on the next occasion for having violated rules by exiting without flashing the card. Fig. 91s a flow diagram of the anlipasaback process 900 perfonned by the system 800 of Fig. 8. In step 910, a user flashes the read-only tag 810 to the read-only device 820 coupled to the control panel 830. In step 920, the control panel 840 contacts a server having server software 840 coupled to the control panel 830. In step 13 930, the antipassback state is checked (on the serverf control panel). In step 940, the antipasaback state is updated.
SUMMARY
In accordance with an aspect of the hwcntion, there is provided a relay module for connection to a door latch in a secure area. The relay module comprises a micro-controller decrypting encrypted conununications from a reader in an unsecured area and comparing the decrypted communications to an expected code, and a relay coupled to the micro-controller switching power to actuate the door latcb if the comparison of the decrypted communications and the expected code Indicates a *25 correct match.
The relay module and the door latch may be a single module.
The micro-controller may ànable the relay If the comparison indicates a correct matcb. If the relay is enabled, power runs through the door latch to unlock a door, The relay module may further comprise at least one buffer coupled to the micro-controller for receiving the encrypted communications from the reader. The buffet protects the micro-controller from being damaged if a spike occurs in the * communications between the reader and the relay module. The buffer may recti1' any voltage level drop between the reader and the relay module.
In accordance with another aspect of the invention, there is provided a method of switching a door latch In secure area, The method comprises the steps of * decrypting encrypted communications from a reader in an unsecured area end comparing the decrypted communications to an expeeted code, and switching power to actuate the door latch if the comparison of the decrypted communications and the expected code indicates a correct match.
A micro-controller may implement the decrypting and comparing steps. A relay coupled to the micro-controller may implement the switching step. The relay module and the door latch may be a single module. The micro-controller enables the relay if the comparison indicates a correct match. If the relay is enabled, power runs through the door latch to unlock a door.
The method may further comprtse the step of receiving the encrypted communications from the reader. At least one buffer coupled to the micro-controller may implement the receiving step. The buffer protects the micro-controller from * being damaged If a spike occurs In the communications between the reader and the relay module. The bifror may rectify any voltage level drop between the reader and the relay module.
In accordance with a further aspect of the invention, there is provided an access control system, comprisIng a reader located in an unsecured area for determining access rights In response to presentation ole card and generating encrypted communications; a relay module located in a secure area for receiving the encrypted communications from the reader, decrypting the encrypted communications, and comparing the decrypted communications to an expected code; a door latch coupled t the relay module, the door latch actuated by the relay module * switching power if the comparison of the dectypted communications and the expected code Indicates a correct match.
The generated encrypted communications comprises an access command for the relay module.
The door latch may be directly connected to the relay module, The relay module and the door latch may be a siogic module.
The reader may comprise Logic fun(t1ons and a database residing in the reader.
Th. database may hold infonnaion including access times, users, hot-listing, holidays, and the likó. The reader may be autouomous if communications are cut or a master computer is brought down.
The reader may be a smartoard reader and the card may be a smartcard. The sniarteard may implement an anti-passback feature.
The reader may be a biometric reader.
The relay module may be a storage relay module.
The relay module may comprise: a micro-controller for decrypting enciypted communications from a reader in an unsecured area and fbr comparing the decrypted communications to an expected code; and a relay coupled tothe micro-controller for switching power to actuate the door latch if the comparison of the decrypted communications and the expected code indicst.es a oouect match.
The relay module may further comprise at least one buffer coupled to the mièro-controller for.receiving the encrypted communications from the reader.
The communications may be encrypted using 128-bit AES, 3DBS, DES, or skipjack.
In accordance with still a further aspect of the invention, there is provided a method of controlling access to a secure area. The method comprises the steps of determining access rights using a reader located In an unsecured area in response to presentation of a card end generating encrypted communications; receiving the encrypted communications from the reader using a relay module located in a secure area for, decrypting the encrypted cornnnmicationn, and comparing the decrypted communications to an expected code; actuating a door Latch coupled to the relay module using the relay module by switching power if the comparison of the decrypted communications and the expected code Indicates a correct match.
The generated encrypted communications may comprise an access command for the relay module.
The door latch may be directly connected to the relay module. The relay module and the door latch may be a single module.
The reader may comprise logic fdnctions and a database residing in the reader.
The database may hold information includin8 access times, users, hot-listing, holIdays, and the like. The reader may be autonomous if communications are cut or a master computer is brought down. The reader may be a smartcard reader, and the card may be a smaricard. The smartcard may implement an anti-pasaback feature.
The reader may be a biometric reader.
The relay module may be a storage relay module.
The relay module may comprise: a micro-controller for decrypting encrypted communications from a reader in an unsecured area and for comparing the decrypted communications to an expected code; and a relay coupled to the micro-controller for switching power to actuate the door latch if the comparison of the decrypted * communications and the expected code indicates a correct match.
The relay module may further comprise at least one buffer coupled to the rnicro-controUer fbr receiving the encrypted communications from the rcadcr * The communications may be encrypted using 128-bit AES, 31)ES, DES, or skipjack In accordance with yet anether aspect of the invention, there is provided a method of providing antipassback in an access control system. The method comprises * * the steps of reading intipassbaok informati on from a read/write smartcard presented to a read/write reader; checking permissions using the road/write reader,and updating the read/write sniarteard with updated antipassback Information using the reader.
In accordance with still another aspect of the ipvention, there is provided a method of providing antipassbaok in an access control system. The method comprises *the steps ol reading anilpasaback information from a read/write smarteard presented to read/write reader; determining if the antipassback information passes an integrity check based on an entry/exit pattern; and if the antipassback i.nforination passes. the Integrity check, writing updated antipassback information to the read/write smartoard and granting acoees. * -6-
* The method may further compdse the step of, if the antipaesback information fails to satisfy the jntegrity check; denying access.
The antipassbaok may able to be disabled.
The antlpassback may be normalized so that a cardholder may proceed through an antipassback area without violatin8 antipasaback rules.
A database of readers may be updated with an antlpassback flag.
BRIEF DESCRIPTLPN OF TaB DA WINOS A number of embodiments of the invention are described hereinafter with reference to the drawings, in which: Fig. 1 is a block diagram of an access control system in accordance with an embodiment of the invention; Fig. 2 is a block diagram of an access control system in accordance with * another embodiment ot' the invention; Fig. 31s a block diagram illustrating operation of the embodiments ofFigs. I and2; Fig. 4 is a block diagram illustrating the details of the relay module of Fig. 1; Fig. 5 is a block diagram illustrating the configuration of an access control system with several readers; Pig. 6 is a block diagram illustrating the configuration of an access control system with several readers using an R.S485 hub; Figs. 7A and lB arc block diagrams illustrating operation of a controller with a relay on board and a reader with a relay on board, respectively; Fig. 8 Is a block diagram of a general antipasaback system; Fig. 915 a flow diagram of the antipassback process performed by the system * of Fig.8; Pig. lOis a block diagram of an access control system with a relay module; Fig. 11 is a block diagram of an access controL system with a storage relay module; Fig. 12 is a flow diagram the antipassback fature implemented in the access control system; Fig. 13 is a detailed flow diagram of nornial operation of the antipassback feawre; Fig. 14 is a detailed flow diagram of disabled operation of the antipassback feature; V Fig. ISis a detailed flow diagram of normalized operation of the anripassback feature as implemented in a reader, and * Fig: 16 is a detailed flow diagram of normalized operation of the antipassback feature as implemented In a seiver; and V
V DETAILED DESCRJPTL V
The embodiments of the invention provide an access control system and V software pachge. The access control system inchdes the following functionality: remote reader updating, eucrypted comnuznlcations, a relay module, and the ability to V biometrics on a smartoard. Any of a number of readers may be practiced, such as the BQT Solutions BT8J 6, BT843, and B10 readers.
The enthodiments of the invention havó a number of advantageousfeatures, including encrypted communications. The embodiments of the invention enable V V doors to be pbyalca11yseoured using a memoi' system that resides on a reader. In particular, the logic fuflctions and the database reside on the reader. The database is * containedwithin the reader and holds access times, users, hot-listing, holidays, etc. V V V 20 The reader is autonomous if communications arc cut or the master computer is : brought down. The resulting relay module increases security as the relay module enables encrypted conintunications. V * Fig1i is a block diagram of an access control system 100 in accordance with an embodiment of the Invention comprising a smartcard reader 110, a relay module 120, and a door latch 130. In this embodiment, the door latch 130 and the relay module i20areinthesecurearca,whilcthereaderl10iintheunseCUredarea. .A smaxtcard may be used with the reader 110 to gain access to the secure area. If the sinartcard is authorized for access, the relay module 120 actuates the door latch.
Importantly, communications 112 between the reader 110 and the relay module 120 are encrypted. Any of a number of encryption techniques hereinaer may be V practiced. V V * Pig. 10 is a block diagram of an access control system 1000 with a relay module 1030. A read/write card 1010 can be presented to a read/write device 1020, which is coupled to server software 1040 aiid the relay module 1030.
Fig. 41s a block diagram of a relay moduLe 400, with which the embodiment of Fig. I may be practiced. The rel4y module 400 comprises buffers 440, a micro-controller 442, and a relay 444. The relay module 400 receives communications 420 from the reader, hich are input to the buffers 440, which in turn are coupled to the micro-controller 442. The micro-controller 442 operates the relay 444 in a conventional maimer. The relay 444 baa an output to actuate the door latch 430.
The relay module 410 is the equivaleat of a switch. if the relay module 410 receives the, correct code t1om the reader, the relay module 410 throws the relay 444 that unlocks the door.' The buffers 440 ensure that if a spike occurs in communications between the reader and the relay module 410, the micro-controller 442 is not damaged. The buffers 440 also ensure that any voltage level lost between the reader and the relay module 410 is recovered.
The micro-controller 442 deciypts the encrypted cmmimlcations from the reader and compares the decrypted oomnmnications to the code expected. If this is correct, the micro-controller 442 enables the relay 444. The relay 444 switches power to actuate the door latch 430. if enabled, power runs through the door latcb430, unlocking the door, Fig. 3 illustrates operation of the access control system 300. The reader 310 has a database on board and is located on the unsecured side. The reader 310 communicates with the relay module 320 using encrypted conromnications. If a user attempts to access the secure area using the reader 310, the reader 310 locks up the user data in the database and determines the access level. It'the user is permitted access,thereadcr3l0sends an occesscommandtotherelay module 32Oviathe encrypted communications. In turn, the relay module 320 on the secure side antivates the door latch 330.
Anti-Pajscç The embodiments of the invention provide anti-passback by placing an indicator or flag on a smartcar once a user has passed through an entiy door This ensures that the same smartoard cannot be used on the same entry reader 110 until the sinartoard has been presented to the exit reader. The flag is a composite bit field of the current entry status at different levels (Le., different sets of entry and exit doors).
Thus, the conesponding flag bit (if unset) is.sct if entering a set of entry I exit doors and is unset, if leaving the flag bit (if set). Any violation of this principle is an anti-passback violation.
Normally, the anti-passback function is implemented on a controller, but in the embodiments of the invention is implemented partly on the reader 110 and partly on the smartoard. For software ease of use, the software has options to reset the anti-passback status of the card (ignore and set) and to disable anti-pasaback for.a particular cardholder. Both of these optioná are downloaded to the reader with the use of various status bits in a cardlioldex's permission record.
Pig. 12 is a flow diagram the antipassback (APB) feature 1200 implemented in the access c olsystenL In step 1210, tIre user flashes the tag. In stop 1220, the reader reads the APB data from the card. In step 1230, the reader checks permissions based on the read APB data. In step 1240, the reader updates the tag with updated information.
Fig. 13 is a more detailed flow diagram of normal operation 1300 of the antipassback feature. In step 1310, the user flashes the tag to a reader. In step 1320, the reader reads the APE information from the tag. In step 1330, a check is made to detennine if the APB information passes an integrity check based onentry/èxlt patterns. If step 1330 returns false (14o), access is denied in step 1340. Otherwise, if decision step 1330 returns true (Yes), processing continues at step 1350. in step 1350, the reader updates APB information and write the information back to the tag/card. In step 1360, access is processed normally.
Pig. 14 is a more detailed flow diagram of disabled operation 1400 of the andpassback feature. In step 1410, the user flashes the tag to a reader. In decision step 1420, a check Is made to determine if the APE feature is disable for the cardholder In the local database. If step 1420 returnS true (Yes), processing continues at step 1470 and access is processed normally. Otherwise, if decision step 1420 returns false (No), processing continues at stcp 1430. In step 1430, the reader reads the APE information from the tag. In decision step 1440, a check is made to determine if the APB infonnation passes an integrity check based on entry/exit patterns. If step 1440 returns lhlse (No), access is denied in step 1450. Otherwise, if decision step 1440 returns true (Yes), processing continues at step. 1460. In step 1460, the reader updates the APB information and wntes the information back to the tag/card. Processing tb.en continues at step 1470, in which access is processed normally. Thus, the disable operation 14.00. of APE allows the A?B feature to be disabled for the cardholder on all readers.
Fig. 15 is a more detailed flow diagram of normalized operation 1500 of the antipassback feature in a reader. In step 1510; the user flashes the tag to the reader.
* In step 1520, the reader reads the APB information from the tag. In decision step 1530, a check is made to determine if the APB normalize flag is set for the cardholder in a local database. If step 1530 returns true (Yes), processing continues at step 1560.
In step 1560, the reader updates the antipassback Information ad writes the updated information back to the card/tag. In step 1570, access is processed normally.
Otherwise, If decision step 1530 returns Thlse (No), processing continues at decision step 1540. In step 1540, a chock is made to determine if the APB information passes an Integrity check based on entry/exit patterns. If step 1540 returns false (No), processing continues at step 1550 and access is denied.. Otherwise, if step 1540 returns true (Yes), processing continues at step 1560. The correspqnding process on the server is described hereinafter. . FIg. 16 is a detailed flow diagram of normalized operation 1600 of the antipasaback feature as implemented in,the server. In step 1610, a user violates the antipassback feature (e.g., by tailgating another user). This results in the user not being granted access elsewhere, so in step 1620 the user notifies the system administrator about this circumstance. In stop 1630,' the administrator activates the normalize APE feature for the user. For example, this may be done using a graphical interface requiring the administrator to click a software option. In step 1640, the software updates the database of all readers with the normalize APB flag for the user.
Thus, the normalize APB feature allows a user to proceed through any antipassbaek areas without violating the APB rules for a specified number of times e.g. one lime only. This can be used to allow a cardholder who has violated AL'S rules to continue using the readers until the user normalizes the user's APB status.
Encrypted Communications The. system 100 oan ensure that communications between a master computer and the readers are encrypted. The type of encrypted communication can be I 28-bit AES, 3DES, DES, or skipjack. Other enoyplion techniclues may be practiced as welL The server may also provide interface management. The readers can nm offline. The reader operates even if the scrver is down.. The reader may store up to 20,000 transactions however, other numbers of transactions may be stored without departing from the scope Snd spirit of the invention. For example, if a larger capacity memory is used in the readers, larger numbers of transactions may be stored.
Communications Relay The relay module 120,410 communicates using encryption (e.g.. 128-bit ASS, 3DES, DES or skipjack) with a corresponding reader 110. Upon receiving an activation code) the relay module 120,410 activates the door strike 130,430. This ensures that even with access to the power and communication wires at the back of the reader 110, access cannot be forced.
Biometdca on Card Other embodiments of the invention can be practiced using biometrics. Fig. 2' illustrates an access control system 200 in accordance with a further embodiment of the invention. The access contml system 200 comprises a biometric reader 210, a storage relay module (SRM) 220, and a door latch 230. Through the use of the storage relay module 220, the reader 210 can be integrated into tbe. access control system 200. One snmxtcard can stoic all information needed for the access control system 200, as well as a biometric fingerprint template. If BanqueTec BT9IO readers are used throughout a facility, a biometric verification can be enforced before access is granted. The database and intcrthcing to the master computer is done via the Storage Relay Module (SRM) 220. The SRM 220 comprises an RS485 interface, memory for a database, and standard relay module functions. The SRM 220 has been designed to minimise changes to the BQT Solutions BT9IO. The SRM is based on the BT816 reader, without Mifare. The BT91O sends an encrypted access code and the SR.M searches its database and, if a match is found, powers the door latch through its relay. The SRM also communicates with software through an RS485 link All database updates, functions, anti passback etc., are kept on the SRM.. The BT9 10 does not hold the database. The SP.M allows any reader that does not have a database, to be used in the embodiments of the invention. The BT91O does not contain these ftmctions and so is complemented by the SRM 220 to be able to work on the access control. system.
Pig. 11 is a bLock diagram of an access control system 1100. A read/write card 1110 is presented or flashed to a read/write device 1120, which is coupled to a storage -relay module 1130. In turn the SRIA 1130 is coupled to fl41) Acess Control Systems Pig. 5 shows one conIlgurafion of an access control system 500 in accordance with the embodiments of the invention. The details of the relay modules and the door lock arc not depicted to sbnpliuj the drawing. A number of readers 520 can be coupled together using RS 485 with a terminating resistor 510 at one end. At tlio other end, a converter 530 may be used to convert P.S 485 to USB/SeriaI communications, and vice versa. The converter 530 is coupled to the master computer or server 540 using RS 232 or USB communications. The computer 540 has access conboi soitware installed in the computer 540 to interface with the readers 520, A converter is uscd to enable communications from the computer via a serial interface (e.g., R.S232 0rUSB) to readers on the network (e.g., P.2485). Readers may be connected in parallel across an P.8485 network, and a tenninathig resistor may be used on the end of each line to ensure good RS485 communications.
Pig. 6 shows another configuration of an access control system 600 like that of Fig. 5, but using an R8485 hub 630. Ia this embodiment, the hub 630 has 8 spokes but other numbers of spokes may be practiced. Each spoke has up to 30 readers 620 coupled to it and there is a terminating resistor 610 at the end of each sequence of readers 620. The hub 630 is in turn coupled to a converter 640, which is coupled to the computer or server 650. While up to 30 readers arc described with reference to the drawings, the number of readers may be much higher than 30: An installer may be able to iitall more than 30 readers. It will be appreciated by those skilled in the art that other numbers of spokes and readers may be practiced without departing from the spirit and scope of the invention.
By having a reader contain both smarteard reading capabilities and database abilities, the use of a controller is álimlnatcd. Further, by using encrypted cUmmunications, the limitations of Wiegand communications is eliminated as a possible communication weak Jink.. This allows small to medium sized companies to save while still obtaining an improved security system.
A relay module for connection to. a door latch in a secure area, a method of switching a door latch in a secure area, an access control system, a method of controlling access to a secure area and a method of providing antipassback in an access controlsystem have been disolosed. While a number of specific embodiments iS have been described, it will be apparent to those skilled in the art w the view of the disclosure herein that modifications and substitutions may be made without departing from the scope and spirit of the invention.

Claims (16)

  1. The claims defining the invention are as follows:- 1. A method of
    providing antipassback in an access control system, said method comprising the steps of: reading antipassback information from a read/write smartcard presented to a read/write reader; checking permissions using said read/write reader; and updating said read/write smartcard with updated antipassback information using said read/write reader.
  2. 2. A method of providing antipassback in an access control system, said method comprising the steps of: reading antipassback information from a read/write smartcard presented to a read/write reader; determining if said antipassback information passes an integrity check based on an entry/exit pattern; and if the antipassback information passes the integrity check, writing updated antipassback information to said read/write smartcard and granting access.
  3. 3. The method according to claim 2, further comprising the step of denying access if the antipassback information fails to satisf' the integrity check.
  4. 4. The method according to any one of claims 1 to 3, wherein said antipassback is able to be disabled.
  5. 5. The method according to any one of claims I to 4, wherein said antipassback is able to be normalized so that a cardholder may proceed through an antipassback area without violating antipassback rules.
  6. 6. The method according to claim 5, wherein a database of read/write readers is updated with an antipassback flag.
  7. 7. The method according to any one of claims 1 (06, wherein said read/write smartcard stores biometric data and said read/write reader is a biometric reader.
  8. 8. The method according to any one of claims 1 to 7, wherein said antipassback information comprises a flag, said flag being a composite bit field of the current entry status at different levels.
  9. 9. An access control system for providing antipassback, said system comprising: a read/write smartcard storing antipassback information; and a read/write reader for reading said antipassback information from said read/write smartcard presented to said read/write reader, said read/write reader comprising a database of cardholders, said read/write reader checking permissions, and updating said read/write smartcard with updated antipassback information.
  10. 10. An access control system for providing antipassback, said system comprising: a read/write smartcard storing antipassback information; and a read/write reader for reading said antipassback information from said read/write smartcard presented to a read/write reader, said read/write reader detennining if said antipassback information passes an integrity check based on an entry/exit pattern, and said read/write reader writing updated antipassback information to said read/write smartcard and granting access if the antipassback information passes the integrity check.
  11. 11. The system according to claim 10, wherein said read/write reader denying access if the antipassback information fails to satisfy the integrity check.
  12. 12. The system according to any one of claims 9 to 11, wherein said antipassback is able to be disabled.
  13. 13. The system according to any one of claims 9 to 12, wherein said antipassback is able to be normalized so that a cardholder may proceed through an antipassback area without violating antipassback rules.
  14. 14. The system according to claim 13, wherein said database of said read/write reader is updated with an antipassback flag.
  15. 15. The system according to any one of claims 9 to 14, wherein said read/write smartcard stores biometric data and said read/write reader is a biometric reader.
  16. 16. The system according to any one of claims 9 to 15, wherein said antipassback information comprises a flag, said flag being a composite bit field of the current entry status at different levels.
GB0724946A 2004-02-27 2005-02-28 An access control system Expired - Fee Related GB2446912B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0724946A GB2446912B (en) 2004-02-27 2005-02-28 An access control system

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
AU2004901016A AU2004901016A0 (en) 2004-02-27 An Access Control System
GB0619074A GB2427495B (en) 2004-02-27 2005-02-28 An access control system
GB0724946A GB2446912B (en) 2004-02-27 2005-02-28 An access control system

Publications (3)

Publication Number Publication Date
GB0724946D0 GB0724946D0 (en) 2008-01-30
GB2446912A true GB2446912A (en) 2008-08-27
GB2446912B GB2446912B (en) 2008-10-01

Family

ID=39653689

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0724946A Expired - Fee Related GB2446912B (en) 2004-02-27 2005-02-28 An access control system

Country Status (1)

Country Link
GB (1) GB2446912B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140049360A1 (en) * 2007-08-24 2014-02-20 Assa Abloy Ab Data collection using a credential
US9548973B2 (en) 2007-08-24 2017-01-17 Assa Abloy Ab Detecting and responding to an atypical behavior
EP3471066A4 (en) * 2016-06-14 2019-07-24 Hangzhou Hikvision Digital Technology Co., Ltd. Anti-passback method, apparatus and system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115019427A (en) * 2022-06-30 2022-09-06 杭州海康威视数字技术股份有限公司 Anti-dive-back processing method, device and equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH01222399A (en) * 1988-03-01 1989-09-05 Mitsubishi Electric Corp Passing control device
JP2000276622A (en) * 1999-03-24 2000-10-06 Hitachi Information Technology Co Ltd Anti-pass back through system
US20020150283A1 (en) * 2000-05-31 2002-10-17 Masahiro Mimura Living body authtentication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH01222399A (en) * 1988-03-01 1989-09-05 Mitsubishi Electric Corp Passing control device
JP2000276622A (en) * 1999-03-24 2000-10-06 Hitachi Information Technology Co Ltd Anti-pass back through system
US20020150283A1 (en) * 2000-05-31 2002-10-17 Masahiro Mimura Living body authtentication system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140049360A1 (en) * 2007-08-24 2014-02-20 Assa Abloy Ab Data collection using a credential
US9548973B2 (en) 2007-08-24 2017-01-17 Assa Abloy Ab Detecting and responding to an atypical behavior
EP3471066A4 (en) * 2016-06-14 2019-07-24 Hangzhou Hikvision Digital Technology Co., Ltd. Anti-passback method, apparatus and system
US11113910B2 (en) 2016-06-14 2021-09-07 Hangzhou Hikvision Digital Technology Anti-passback method, apparatus and system

Also Published As

Publication number Publication date
GB0724946D0 (en) 2008-01-30
GB2446912B (en) 2008-10-01

Similar Documents

Publication Publication Date Title
US20080246583A1 (en) Access Control System
US6643783B2 (en) Multi-level secure computer with token-based access control
US5513261A (en) Key management scheme for use with electronic cards
US5768379A (en) System for the checking of limited access to authorized time slots renewable by means of a portable storage device
US7475812B1 (en) Security system for access control using smart cards
US6957338B1 (en) Individual authentication system performing authentication in multiple steps
JP2004528655A (en) Frequency method
US5267315A (en) Secret identification number checking system
US20020017558A1 (en) Smart card technology
JPH06501324A (en) Smart card validation device and method
KR100654857B1 (en) Authentication smart card system and controlling method thereof using multi - biometric informations
WO2001020463A1 (en) Security arrangement
GB2446912A (en) Access control having antipassback
JP4744326B2 (en) Security system using IC card
US20030014642A1 (en) Security arrangement
JPH10154131A (en) File access management system
AU2005217663A1 (en) An access control system
KR100653033B1 (en) Method of controling enter and leave using the wireless commuincation terminal
JP2917670B2 (en) Electric lock control device
EP1128342B1 (en) System for providing access to secured data
JPH096855A (en) Passage management system and method therefor
KR200188799Y1 (en) Apparatus for controlling entrance
JPH1069435A (en) Ic card
JP2871042B2 (en) Access control device
JPH05314138A (en) Going in-and-out managing device

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20090228