US2023353551A1PendingUtilityA1

Access control system

Assignee: BIOCONNECT INCPriority: Sep 18, 2019Filed: Jul 5, 2023Published: Nov 2, 2023
Est. expirySep 18, 2039(~13.2 yrs left)· nominal 20-yr term from priority
H04L 63/0807H04L 63/10H04L 63/0853H04W 12/47H04W 12/069
61
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A device is described that includes a first microprocessor configured for interfacing with a digital access control backend, and a second microprocessor configured for dedicated communications with an access control manager device backend. The first microprocessor is a master device that controls the operation of the second microprocessor as a secondary device. The proposed device is configured for operation of the first microprocessor and the second microprocessor at low clock speeds and to maintain a hash segregation between locally received data sets and data sets transmitted to an external authentication system.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A device for controlling access to one or more protected resources, the device comprising:
 a secondary microprocessor coupled to a physical access control device, the secondary microprocessor configured for receiving and decoding authentication electrical pulses from a user credential reader as when a user credential interacts with the user credential reader to generate corresponding user identifier data values, and the secondary microprocessor configured for transmitting electrical pulse signals to an access control management device that provisions access to the one or more protected resources;   a master microprocessor coupled to an external authentication server and the secondary microprocessor, the master microprocessor configured to:
 receive the corresponding user identifier data values; 
 transform the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server; 
 receive an access provisioning signal from the external authentication server; and 
 transmit an instruction signal to the secondary microprocessor to control the secondary microprocessor to provision access to the one or more protected resources; 
   wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader; and   wherein said user credential is associated with an entity, and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader.   
     
     
         2 . The device of  claim 1 , wherein the user credential is a local credential that is not provided to or accessible directly by the external authentication server. 
     
     
         3 . The device of  claim 2 , wherein the cryptographic function used to transform the local credential is a private symmetric key. 
     
     
         4 . The device of  claim 2 , wherein the cryptographic function used to transform the local credential is an asymmetric key. 
     
     
         5 . The device of  claim 2 , wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets. 
     
     
         6 . The device of  claim 1 , wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation. 
     
     
         7 . The device of  claim 6 , wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time. 
     
     
         8 . The device of  claim 6 , wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information. 
     
     
         9 . The device of  claim 6 , wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential. 
     
     
         10 . The device of  claim 1 , wherein the one or more protected resources include one or more access-controlled cabinets that are connected to at least one of the master microprocessor and the secondary microprocessor. 
     
     
         11 . A method for controlling access to one or more protected resources, the method comprising:
 receiving and decoding, at a secondary microprocessor coupled to a physical access control device, authentication electrical pulses from a user credential reader generated when a user credential interacts with the user credential reader to generate corresponding user identifier data values, the secondary microprocessor configured for transmitting electrical pulse signals to an access control management method that provisions access to the one or more protected resources;   receiving the corresponding user identifier data values at a master microprocessor coupled to an external authentication server and the secondary microprocessor;   transforming the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server;   receiving an access provisioning signal from the external authentication server; and   transmitting an instruction signal to the secondary microprocessor to control the secondary microprocessor to provision access to the one or more protected resources;   wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling uni-directional communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader; and   wherein said user credential is associated with an entity, and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader.   
     
     
         12 . The method of  claim 11 , wherein the user credential is a local credential that is not provided to or accessible directly by the external authentication server. 
     
     
         13 . The method of  claim 12 , wherein the cryptographic function used to transform the local credential is a private symmetric key. 
     
     
         14 . The method of  claim 12 , wherein the cryptographic function used to transform the local credential is an asymmetric key. 
     
     
         15 . The method of  claim 13 , wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets. 
     
     
         16 . The method of  claim 11 , wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation. 
     
     
         17 . The method of  claim 16 , wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time. 
     
     
         18 . The method of  claim 16 , wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information. 
     
     
         19 . The method of  claim 16 , wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential. 
     
     
         20 . A non-transitory computer readable medium, storing machine interpretable instructions which when executed, cause a processor to perform a method for controlling access to one or more protected resources, the method comprising:
 receiving and decoding, at a secondary microprocessor coupled to a physical access control device, authentication electrical pulses from a user credential reader generated when a user credential interacts with the user credential reader to generate corresponding user identifier data values, the secondary microprocessor configured for transmitting electrical pulse signals to an access control management method that provisions access to the one or more protected resources;   receiving the corresponding user identifier data values at a master microprocessor coupled to an external authentication server and the secondary microprocessor, transforming the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server;   receiving an access provisioning signal from the external authentication server; and   transmitting an instruction signal to the secondary microprocessor to control the secondary microprocessor to provision access to the one or more protected resources;   wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling uni-directional communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader; and   wherein said user credential is associated with an entity, and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader.

Join the waitlist — get patent alerts

Track US2023353551A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.