U.S. patent application number 14/072565 was filed with the patent office on 2014-03-06 for electronic locking system with wireless update and cascade lock control.
This patent application is currently assigned to Synaptic Wireless, LLC. The applicant listed for this patent is Synaptic Wireless, LLC. Invention is credited to Mark Bowen, Rick Bowen.
Application Number | 20140062656 14/072565 |
Document ID | / |
Family ID | 44307557 |
Filed Date | 2014-03-06 |
United States Patent
Application |
20140062656 |
Kind Code |
A1 |
Bowen; Rick ; et
al. |
March 6, 2014 |
Electronic Locking System with Wireless Update and Cascade Lock
Control
Abstract
A wireless access control system comprising a central access
control system connected through a wireless network to a remote
access control system comprised of a plurality of localized remote
access controllers (locking mechanisms). The plurality of remote
access controllers will generally be used to lock parts of a
facility, whether physical facilities, parts thereof or mobile
components within the facilities, and will allow for a supervisory
function to determine which users of the system are allowed to
access which resources within a facility. Also disclosed herein is
an interlinked cascade lock system coupled to a central access
control system that is comprised of at least two levels of
security.
Inventors: |
Bowen; Rick; (O'Fallon,
MO) ; Bowen; Mark; (Fayetteville, GA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Synaptic Wireless, LLC |
O'Fallon |
MO |
US |
|
|
Assignee: |
Synaptic Wireless, LLC
O'Fallon
MO
|
Family ID: |
44307557 |
Appl. No.: |
14/072565 |
Filed: |
November 5, 2013 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
13009635 |
Jan 19, 2011 |
8604903 |
|
|
14072565 |
|
|
|
|
61296422 |
Jan 19, 2010 |
|
|
|
Current U.S.
Class: |
340/5.61 |
Current CPC
Class: |
G07C 2209/08 20130101;
H04W 12/0802 20190101; G07C 9/27 20200101; G07C 9/00309 20130101;
G07C 2209/14 20130101; G07C 9/37 20200101 |
Class at
Publication: |
340/5.61 |
International
Class: |
G07C 9/00 20060101
G07C009/00 |
Claims
1. A wireless access control method for controlling access to a
plurality of remote access controllers in a wireless access control
system comprising a central access control system comprising a
central server and a central wireless communicator coupled by a
wireless network to a remote access control system comprising a
plurality of remote access controllers, the method comprising:
storing a localized access database at each remote access
controller wherein said localized access database is indicative of
authorized users; receiving a credential at a remote access
receiving device of a single remote access controller; checking for
a flag in the wireless access control system, the flag representing
a removal of at least one flagged credential from the localized
access database; removing the flagged credential from the localized
access database; comparing the credential to the localized access
database; authorizing access at the remote access controller if the
comparing step is indicative of an authorized user; activating a
remote wireless communicator in the remote access controller to
initiate a wireless communication between the remote wireless
communicator and the central wireless communicator over the
wireless network when the comparing step is not indicative of an
authorized user; sending a signal to the central server; comparing
the signal to a central access database; sending a signal from the
central server to the remote access controller across the wireless
network authorizing access at the remote access controller if the
comparing the signal step is indicative of an authorized user; and
sending a signal from the central server to the remote access
controller across the wireless network denying access at the remote
access controller if the comparing the signal step is not
indicative of an authorized user.
2. The wireless access control method of claim 1, wherein the
remote access controller is comprised of: a remote wireless
communicator; an access request receiving device; a remote
processor; a remote storage device; a control circuit; a locking
mechanism; and a local communications device.
3. The wireless access control method of claim 1, further
comprising the step of: activating a remote wireless communicator
in the remote access controller to initiate a wireless
communication between the remote wireless communicator and the
central wireless communicator over the wireless network at periodic
intervals for a routine database upgrade.
4. The wireless access control method of claim 1, further
comprising the step of: activating a remote wireless communicator
in the remote access controller to initiate a wireless
communication between the remote wireless communicator and the
central wireless communicator over the wireless network when
command input for an update is entered into the remote wireless
communicator.
5. The wireless access control method of claim 1, further
comprising the step of: activating a remote wireless communicator
in the remote access controller to initiate a wireless
communication between the remote wireless communicator and the
central wireless communicator over the wireless network when a wake
up sensor is activated.
6. The wireless access control method of claim 1, wherein when the
wireless access control system is not transmitting or receiving
information the wireless access control system is in a standby
power conserving mode.
7. The wireless access control method of claim 1, wherein the
remote access controllers provide for monitoring and verification
of a variety of safety parameters.
8. The wireless access control method of claim 1, wherein the
signal is encrypted.
9. The wireless access control method of claim 1, wherein the
signal is comprised of: a validation code that describes the
localized database; and an identifier of the credential.
10. A wireless access control system for controlling access to a
plurality of remote access controllers, the system comprising: a
means for storing a localized access database at each remote access
controller wherein the localized access database is indicative of
authorized users; a means for receiving a credential at a single
remote access controller; a means for comparing the credential to
the localized access database; a means for authorizing access at
the remote access controller if comparing the credential to the
localized access database is indicative of an authorized user; a
means for sending a first signal to a central access control system
over a wireless network from the remote access controller when said
comparing step is not indicative of an authorized user; a means for
comparing the first signal to a central access database; a means
for sending a second signal from the central access control system
to the remote access controller across the wireless network
authorizing access at the remote access controller if the comparing
the first signal is indicative of an authorized user; and a means
for sending a second signal from the central access control system
to the remote access controller across the wireless network denying
access at the remote access controller if the comparing the first
signal is not indicative of an authorized user.
Description
CROSS REFERENCE TO RELATED APPLICATION(S)
[0001] This application is a Divisional of United States Utility
patent application Ser. No. 13/009,635, filed Jan. 19, 2011, which
in turn claims the benefit of U.S. Provisional Patent Application
Ser. No. 61/296,422, filed Jan. 19, 2010. The entire disclosure of
all the above documents is herein incorporated by reference.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] This disclosure relates to the field of electronic locks. In
particular, to wireless access control systems and methods which
permit wireless communications between a plurality of
self-authenticating remote access controllers and a central access
system in real-time. Further, the disclosure relates to wireless
access control systems that have the ability to control an
interlinked lock cascade (secondary locks residing on the same
structure).
[0004] 2. Description of Related Art
[0005] The need to have secured access to certain parts of
facilities, such as, but not limited to, hospitals, has resulted in
a long narrative history of access control devices and systems. In
the beginning, simple mechanical locks (lock and key holes) were
used to limit access to restricted areas. In the mechanical lock
system, tangible keys were provided to authorized users. If locks
were changed, new keys were provided to all authorized users. This
approach was both costly and confusing. Without a way to identify
the individual lock (an identifying mark or embossed code) it was
challenging to identify the appropriate key for a specific lock.
Since many authorized users would carry large numbers of mechanical
keys, the process of finding the correct key for a specific lock
could be a cumbersome one. The process was also subject to fraud
since mechanical keys could easily be duplicated without detection.
Thus, when a key was lost or misplaced, individual locks would
often have to be replaced with new locks and new keys would have to
be distributed to authorized users. This reconfiguration of locks
and distribution of new keys was also generally undertaken whenever
a user's access was revoked (e.g., because they had ceased
employment and were no longer authorized to access the facilities).
In any area where large numbers of authorized users were present
and there was a frequent turn-over in authorized users (i.e.,
authorized users were added or cancelled every day), the simple
mechanical lock system had significant deficiencies (e.g., high
cost, high administrative burden) and, in many respects, was
necessarily insecure due to the complexities of updating the
system.
[0006] The access control system field advanced with the advent of
credential cards or "tokens" that utilized new microelectronic
technology. These advances made the cumbersome processes of the
distribution of new keys and the reconfiguration of lock cylinders
less expensive, as each lock no longer required a specific key.
Instead, with these new technologies, locks could be programmed to
accept certain credential cards or tokens, but not others. In
effect, instead of having to distribute different physical keys for
each lock (creating a "janitor's key chain" for authorized users),
each individual had a universal credential which was accepted by
all locking mechanisms in the facility they were authorized to
open.
[0007] Despite the improvements of this system over the traditional
mechanical lock system (such as the elimination of the need for a
single user to carry multiple keys), it still had problems, one
being the requirement that credential codes had to be adjusted
locally at each lock in the system when the access of a particular
key had to be changed. Because of the natural turnover in users
(i.e., adding and removing users from the system), this system
still required frequent updating and intensive manpower to
maintain. The maintenance and updating process for this system was
labor and cost intensive. Changes in the access database required
credential changes at the specific lock location since each lock
was independent (none of the devices were attached to a central
access database). This required personnel to move from lock-to-lock
to reprogram each lock or have the locks brought to a central
location which rendered them unavailable for others to use while
they were being updated.
[0008] The next development in the access control system field
involved wiring all of the individual locking mechanisms in the
system to a central access controller to create a locking mechanism
network. This networked system allowed a security operator to
reprogram each locking location from a central command/control
station. While these systems solved the problem in previously
utilized systems regarding the localized changing of access codes
for each locking mechanism, these wired network systems were
expensive to deploy and complex to install. For example, each
individual locking mechanism had to be hard wired. Further,
retrofitting into preexisting structures often proved to be very
expensive. In addition, these wired networks were unusable on
mobile devices such as drug carts, mobile computer stations, and
related objects that were not rigidly attached to the
structure.
[0009] The next advance in the field of access control systems was
an elimination of the need to hard wire each of the individual
locking mechanisms to the network by coupling a wireless
communications device to each individual lock mechanism. In the
operation of these systems, once a credential was presented to a
locking mechanism, a signal associated with that credential would
be wirelessly transmitted from the locking mechanism to the central
access controller to determine whether or not the credential
represented an authorized user. Once it was determined whether or
not the credential represented an authorized user by the central
access controller, a control signal either granting or denying
access would be sent from the central access controller to the
locking mechanism. Gonzales, et al. (U.S. Pat. No. 5,936,544)
provides an example of such a prior art system.
[0010] While these systems eliminated some of the problems
associated with wire-based access systems, they still had
drawbacks. One drawback was the failure of these systems to have an
onboard database at each individual locking mechanism that stored
the current access information. This required each individual
locking mechanism to communicate with the central control database
on every entry attempt. This consistent back-and-forth
communication resulted in a significant consumption of power.
Further, the delay inherent in this communication could be
problematic in emergency or normal operations where time is of the
essence and the authorized user must quickly enter or exit the
authorized area controlled by the locking mechanism. For example,
if multiple requests were made to the central control unit
simultaneously, or if the wireless communication was interrupted by
external factors (such as cell phone signals, radiation usage in a
hospital, etc.), an authorized user could experience significant
delays in achieving access due to the central access controller
having to handle increased traffic or not receiving the necessary
requests. Further, if the central access controller experienced
failure, none of the individual locking mechanisms would be
functional and access to all of the areas controlled by the network
would generally be completely denied.
[0011] Improvement of the centralized wireless access system
occurred with the entrance into the market of access systems such
as those described in Rodenbeck, et al. (U.S. Pat. No. 6,720,861).
These systems marked an improvement over the original centralized
wireless remote access system by their "decentralization" of the
locking/unlocking process. Instead of only having a centralized
database, these systems placed a decision making apparatus and
associated database at each localized locking mechanism.
[0012] While these decentralized wireless systems solved the delay
problem that was associated with the original centralized wireless
systems (and overcame some of the power usage issues), they still
had some inherent problems. In these systems, changes to authorized
user access (e.g., the addition or deletion of authorized users)
were made at the level of the centralized database; these changes
were not made at the localized database at each individual locking
mechanism. Accordingly, updates for the localized databases at each
of the individual locking mechanisms had to be periodically
obtained from the centralized server. Thus, the localized locking
mechanisms of these systems would periodically request an update
from the centralized database for their localized database. These
systems would not transmit a signal for each event that occurred at
the localized locking mechanism, but instead would periodically
request an update for the internal database.
[0013] This periodic signal updating methodology was associated
with two main problems. First, this methodology could still result
in significant delays; access of an authorized user at an
individual locking mechanism could be delayed as the system updated
by propagation of signals through the system. Second, this
methodology could allow a former authorized user whose access
rights had been revoked to access the facility for a certain period
of time until the update could propagate through the system and
update the localized databases of the various locking mechanisms.
Thus, this system carried with it a security loophole. Individuals
who no longer had access to the facility could access areas in
which they were no longer permitted until the time at which the
localized database was updated. In addition, individuals who had
just been granted access would not be able to access areas which
they were authorized to access until the local database had been
updated.
[0014] Carrieri (U.S. Pat. No. 7,701,452) continued the road of
advancement in the access system field by providing enhancements to
decentralized wireless access control systems. In the system
disclosed in Carrieri, the complete database of access control data
is transmitted from the centralized database to the individual
locking mechanisms upon any of the following events: 1) an invalid
access request signal at the individual locking mechanism; 2) a
communication command input at the individual locking mechanism; 3)
the expiration of a timer coupled to the individual locking
mechanism; or 4) the activation of a transducer that is coupled to
the individual locking mechanism by a transducer stimulator located
remotely from the transducer. Upon any one of these events, a
wireless signal is sent from the localized locking mechanism to the
central database instructing it to send an updated database to the
localized locking mechanism. If the update was brought about by an
invalid access request, after the update the presented credential
is compared to the newly updated localized database to determine
whether or not the credential represents an authorized user in a
"re-comparing" step.
[0015] As with the art before it, while Carrieri represents
advancement in the field, this approach also has its own flaws.
First, this system still allows access to a user whose credentials
have been revoked in the loophole from the time at which his or her
credentials are revoked to the time at which the localized database
automatically updates (e.g., when the timing mechanism expires). If
a user's credentials are recognized in the localized database
(which they would be if the localized database had not been updated
since the time at which the user's credentials had been revoked at
the centralized database), the user will be granted access.
[0016] Second, the system of Carrieri also unnecessarily consumes
energy, resources and power. For example, an entire database update
is sent from the centralized database to the localized database
everytime an unrecognized credential is presented to a localized
locking mechanism. Thus, a full database upgrade (and the loss of
bandwidth and power consumption associated with such an upgrade)
occurs even when, in the end, the credential is invalid and there
have been no changes to the central database.
[0017] Third, in large scale applications (where the number of
localized locking mechanisms and the number of individual codes in
the database is large) the amount of data being transmitted over
the network with multiple database upgrades in the Carrieri system
could potentially be enormous, causing a huge burden/drain in terms
of power consumption. This unnecessary updating of a database
which, possibly, has not changed since the last automatic update
reduces the usefulness of the network by occupying unnecessary
bandwidth and increasing the number of server access calls.
[0018] While the above show a clear progression toward improved
access control systems and ease of updating, as noted, all of these
systems have flaws. In the above systems, there is generally
unnecessary energy consumption and use of network bandwidth (as in
the system of Carrieri) when a complete database upgrade is sent to
an individual locking mechanism every time an unrecognized
credential is presented. Further, each of above systems has a
security loophole present in which there is a period of time in
which a previously authorized user whose credentials have been
revoked has access rights in the system until the next regularly
scheduled update from the centralized database.
[0019] Another problem with the above systems is that they do not
provide for a system that ensures that a cascade access is made
correctly by an authorized user. A cascade access requires a user
to present security credentials to access a first level of
security, then once past the first level the user must present
further credentials to access a further, deeper level of security.
One example of a common application for a cascaded security lock is
a hospital's anesthesia cart. A number of hospital personnel may be
allowed to access the cart to obtain anesthesia paraphernalia and
drugs (the first level of security). However, certain controlled
substances (such as narcotics) may be stored on the same cart, but
will only be accessible to those with a heightened level of
security access (the second level of security). In most present
systems, the second level of security requires the presence of a
credential to open the first level of security, and an unrelated
credential to open the second. However, in the presently utilized
cascade systems there is generally no indication that the
credential used to gain access to the first level of security
corresponds to the credential used to gain access to the second
level of security. There is no connection between the security
credentials for the first level of access and the second level of
access. Accordingly, these unconnected systems could potentially be
accessed insecurely by use of multiple different security
credentials.
SUMMARY OF THE INVENTION
[0020] Due to these and other problems in the art, disclosed
herein, among other things, is an interlinked cascade wireless
access control system, the interlinked cascade wireless access
control system comprising: a central wireless access system; a
remote wireless access system, the remote wireless access system
being comprised of a plurality of remote access controllers located
at access points; and a wireless network connecting the central
wireless access system to the remote wireless access system;
wherein an individual access point contains a first remote access
controller representing a first level of security and at least one
additional remote access controller representing a second level of
security; wherein the first remote access controller must be
disengaged by a first credential before the at least one additional
remote access controller can be disengaged; and wherein the at
least one additional remote access controller will not be
disengaged unless a second credential presented to the at least one
additional remote access controller belongs to an identical user as
the first credential.
[0021] In one embodiment of the interlinked cascade wireless access
control system, the second level of security is physically located
within an area whose access is controlled by the first remote
access controller.
[0022] In another embodiment, the interlinked cascade wireless
access control system is utilized in a hospital setting. When
utilized in a hospital setting, in one embodiment, it is
contemplated that the interlinked cascade wireless access control
system the access point is a controlled substances cart.
[0023] Other contemplated embodiments of the interlinked cascade
wireless access control system include embodiments where the first
remote access controller and the at least one additional remote
access controller are disengaged either sequentially or
simultaneously.
[0024] In some embodiments of the interlinked cascade wireless
access control system, the first credential will be a physical
credential and the second credential will be an access code.
[0025] In yet another embodiment of the interlinked cascade
wireless access control system, the first access controller will
send a signal representative of the first credential to the central
wireless access system after the first access controller is
disengaged; the at least one additional remote access controller
will send a signal to the central access controller after the
second credential is presented; the central access controller will
determine whether the second credential belongs to the identical
user as the first credential; the central access server will send a
signal to the at least one additional remote access controller
instructing it to disengage if the second credential is valid and
belongs to an identical user as the first credential; and the
central access server will send a signal to the at least one
additional remote access controller instructing it to remain locked
if the second credential is invalid or if the second credential
does not belong to an identical user as the first credential.
[0026] It is also contemplated that the interlinked cascade
wireless access control system can be further comprised of: a
timing mechanism preset for a determined period of time; wherein
the disengagement of the first remote access controller starts the
timing mechanism; and wherein the system will lock-up if the at
least one additional remote access controller is not disengaged
prior to the expiration of the timing mechanism.
[0027] In other embodiments it is also contemplated that the system
may be further comprised of a plurality of deeper levels of
security.
[0028] Also disclosed herein is a wireless access control method
for controlling access to a plurality of remote access controllers
in a wireless access control system comprising a central access
control system comprising a central server and a central wireless
communicator coupled by a wireless network to a remote access
control system comprising a plurality of remote access controllers,
the method comprising: storing a localized access database at each
remote access controller wherein said localized access database is
indicative of authorized users; receiving a credential at a remote
access receiving device of a single remote access controller;
checking for a flag in the wireless access control system, the flag
representing a removal of at least one flagged credential from the
localized access database; removing the flagged credential from the
localized access database; comparing the credential to the
localized access database; authorizing access at the remote access
controller if the comparing step is indicative of an authorized
user; activating a remote wireless communicator in the remote
access controller to initiate a wireless communication between the
remote wireless communicator and the central wireless communicator
over the wireless network when the comparing step is not indicative
of an authorized user; sending a signal to the central server;
comparing the signal to a central access database; sending a signal
from the central server to the remote access controller across the
wireless network authorizing access at the remote access controller
if the comparing the signal step is indicative of an authorized
user; and sending a signal from the central server to the remote
access controller across the wireless network denying access at the
remote access controller if the comparing the signal step is not
indicative of an authorized user.
[0029] In one embodiment of the wireless access control method, the
remote access controller will be comprised of: a remote wireless
communicator; an access request receiving device; a remote
processor; a remote storage device; a control circuit; a locking
mechanism; and a local communications device.
[0030] In another embodiment, it is contemplated that the wireless
access control method will also comprise the further step of:
activating a remote wireless communicator in the remote access
controller to initiate a wireless communication between the remote
wireless communicator and the central wireless communicator over
the wireless network at periodic intervals for a routine database
upgrade.
[0031] In another embodiment, it is contemplated that the wireless
access control method will also comprise the further step of:
activating a remote wireless communicator in the remote access
controller to initiate a wireless communication between the remote
wireless communicator and the central wireless communicator over
the wireless network when command input for an update is entered
into the remote wireless communicator.
[0032] In yet another embodiment, it is contemplated that the
wireless access control method will also comprise the further step
of: activating a remote wireless communicator in the remote access
controller to initiate a wireless communication between the remote
wireless communicator and the central wireless communicator over
the wireless network when a wake up sensor is activated.
[0033] In one embodiment of the wireless access control method,
when the wireless access control system is not transmitting or
receiving information the wireless access control system will be in
a standby power conserving mode.
[0034] It is also contemplated that in some embodiments, of the
wireless access control method, the remote access controllers will
also provide for monitoring and verification of a variety of safety
parameters.
[0035] In one embodiment of the wireless access control method, the
signal will be encrypted.
[0036] In yet another embodiment of the wireless access control
method, the signal will be comprised of: a validation code that
describes the localized database; and an identifier of the
credential.
[0037] Also disclosed herein is a wireless access control system
for controlling access to a plurality of remote access controllers,
the system comprising: a means for storing a localized access
database at each remote access controller wherein the localized
access database is indicative of authorized users; a means for
receiving a credential at a single remote access controller; a
means for comparing the credential to the localized access
database; a means for authorizing access at the remote access
controller if comparing the credential to the localized access
database is indicative of an authorized user; a means for sending a
first signal to a central access control system over a wireless
network from the remote access controller when said comparing step
is not indicative of an authorized user; a means for comparing the
first signal to a central access database; a means for sending a
second signal from the central access control system to the remote
access controller across the wireless network authorizing access at
the remote access controller if the comparing the first signal is
indicative of an authorized user; and a means for sending a second
signal from the central access control system to the remote access
controller across the wireless network denying access at the remote
access controller if the comparing the first signal is not
indicative of an authorized user.
BRIEF DESCRIPTION OF THE DRAWINGS
[0038] FIG. 1 provides a diagrammatic representation of an
embodiment of a wireless access control system of the present
invention.
[0039] FIG. 1A is a detail view of an embodiment of the remote
access controller of FIG. 1.
[0040] FIG. 2 provides a block diagram of an embodiment of a remote
processor with attached components usable in an embodiment of the
present invention.
[0041] FIGS. 3A, 3B, and 3C show an embodiment of a flowchart of
the authentication procedure to be carried out by an embodiment of
the present wireless access control system.
[0042] FIG. 4 shows a flowchart of an embodiment of a maintenance
routine carried out by an embodiment of the present wireless access
control system.
[0043] FIG. 5 shows a flowchart of an embodiment of an update
routine carried out by an embodiment of the present wireless access
control system.
DESCRIPTION OF THE PREFERRED EMBODIMENT(S)
[0044] Generally, the wireless access control system discussed
herein comprises a central access control system connected through
a wireless network to a remote access control system comprised of a
plurality of localized remote access controllers (locking
mechanisms). The plurality of remote access controllers will
generally be used to lock parts of a facility, whether physical
facilities, parts thereof or mobile components within the
facilities, and will allow for a supervisory function to determine
which users of the system are allowed to access which resources
within a facility. While the system disclosed herein will, at
times, be described with a single remote access controller for
illustrative purposes, it should be recognized that, in most
commercial applications of the system, the central access control
system will be coupled to a plurality of remote access
controllers.
[0045] In an embodiment, the system comprises a wireless access
control system for use in a business, hospital, or similar facility
where certain users only have access to certain portions of the
facility. Thus, locks will generally be positioned to grant or deny
access to a user seeking to access certain secure areas of the
facility (e.g. maternity wards), carts, controlled substance
storage devices, cabinets, drawers, containers, server enclosures,
electronic racks, and individual servers. While, in some parts,
this application will focus on the use of the wireless access
control system described herein in a hospital setting, it should be
noted that description of the system in this setting is only
illustrative. Any setting or application which requires an access
system to secure different areas and/or objects within a facility
is contemplated as a possible setting and application for the
access control system disclosed herein.
[0046] FIG. 1 provides a diagrammatic representation of an
embodiment of the wireless access control system of the present
invention. In the depicted embodiment, the system generally
comprises a central access control system (101) coupled to a remote
access control system (102) via a wireless network (103).
[0047] The central access control system (101) is generally
comprised of a central access server (104) and at least one central
wireless communicator (105). The central access server (104)
generally comprises a software system known to those of skill in
the art which has the capability to control, operate and manipulate
the information stored on the central access server (104), in
addition to operating the central wireless communicator (105). The
central access server (104) can be an individual server or a
plurality of servers linked together.
[0048] In some embodiments of the central access server (104), in
order to assist with the storage of access information, the central
access sever (104) will be coupled to one or more central databases
(106) or other data storage mechanisms such as, but not limited to,
a hard drive or non-volatile chip memory. Generally, the access
information stored on the central access server (104) and/or the
central database (106) includes, but is not limited to, a data set
of permissible users, log-in information, and other user control
data related to the access control system. Thus, among other
functions, the central access server (104) can be used to store
access control data and provide access control data to, or receive
access control data from, the remote access control system
(102).
[0049] The central wireless communicator (105) generally comprises
any device known to those of skill in the art for the communication
of data between two devices without the use of wires. Contemplated
modes of wireless communication include, but are not limited to,
radio frequency using a single or multi-frequency method, radio
frequency spread spectrum, digital spectrum spread, infrared,
audio, ultrasonic, etc. Future wireless technologies as would be
known to one of ordinary skill in the art are also contemplated
modes of wireless communication.
[0050] It should be understood that the individual components of
the central access control system (101) (e.g., the central access
server (104), the central wireless communicator (105) and the
central database (106)) are interlinked in such a way, as known to
one of ordinary skill in the art, to allow for the transportation
of information and data there-between. Examples of possible
connection modalities include, but are not limited to, wires,
cables, control circuits, and/or wireless technology.
[0051] The remote access control system (102) is generally
comprised of a plurality of localized remote access controllers
(locks) (107). Generally, these localized remote access controllers
(107) will be mounted to a door, ingress/egress, waypoint, fixture,
object, piece of equipment or other object or space where access to
that object or space must be controlled or limited to certain
authorized users. A single remote access controller (107) can be
fastened to a fixture or wall at a point of ingress and egress to a
secure space with a through-hole for cabling to connect to a wired
power supply. Alternatively, in other embodiments, the remote
access controller (107) will be powered by an unconnected power
supply (such as a battery) and can be placed on the exterior of the
object or fixture or wall of the secure space, with the remaining
components of the controller located within a generally enclosed
casing, generally inaccessible without gaining access to the
interior area of the resource. The remote access controllers (107)
are generally configured to control the locking and unlocking of
respective doors, carts, cabinets, etc. to the objects or spaces to
which they are associated, allowing only users who have valid
credentials access to the space or the contents within the
object.
[0052] The remote access control system (102) generally
communicates with the central access control system (101) for the
transmission of information and data between the central access
control system (101) and the remote access control system (102)
(creating a bi-lateral highway of communication and information
transfer). The information communicated between these two systems
includes, but is not limited to, periodic updates of access
information, historical information concerning access attempts, the
number of times drawers or doors associated with the remote access
control database have been opened/closed and any data that is
collected by the remote access controller (107) including, but not
limited to, battery voltage, temperature of the container,
humidity, and presence of selected gases.
[0053] Accordingly, the localized remote access controllers (107)
generally provide for remote monitoring and verification of a
variety of safety parameters at the controllers (107) in addition
to access control. Thus, if a controller (107) is placed in an area
where a certain environment is necessary, for example, the
controller (107) need not only restrict access to the area but can
also provide information regarding and monitoring of the
environment back to the central access control system (101) as
well. While monitoring is not used in all embodiments of the system
disclosed herein, it can provide for increased functionality in
some situations. In one embodiment, all the remote access
controllers (107) will contain the same software code and generally
be considered interchangeable other than the type of locking
mechanism (113) they are designed to engage and disengage and,
thus, the type of resource they are designed to secure.
[0054] In one embodiment, each remote access controller (107) will
be generally comprised of a remote wireless communicator (108), an
access request receiving device (109), a remote processor (110), a
remote storage device (111), a control circuit (112) and a locking
mechanism (113).
[0055] It is contemplated that the access request receiving device
(109) can be comprised of any technology in the art for receiving a
user's credentials. Contemplated access request receiving devices
(109) include, but are not limited to, card readers, wireless
receivers and biometric readers. As used herein, it should be
understood that the term "credentials" can refer to a physical
credential known to one of ordinary skill in the art such as a
keycard or token, in addition to biometric parameters, codes and
other access request modalities known to those of ordinary skill in
the art. The access request receiving device (109), in some
embodiments, can also be a plug-in communication port, a wireless
receiver, a keypad, or any other device known to one of ordinary
skill in the art for a user to enter credentials in the form of
command communication input.
[0056] In certain embodiments, the remote receiving device (109) is
capable of reading and writing data to the remote storage device
(111) when credentials are presented to the remote receiving device
(109). The remote storage device (111) is generally a localized
database or other localized data storing module for the storage of
data sets or other information received either from the central
access control system (101) via the wireless network (103) or
received locally at the site of a remote access controller (107).
Any database, hard drive, non-volatile chip memory or other data
storage technology known to those of skill in the art is
contemplated as a possible remote storage device (111). Examples of
information that will be stored on the remote storage device (111)
includes, but is not limited to, a localized access database, entry
statistics, program code and other data or information related to
the access control system.
[0057] The remote wireless communicator (108) generally functions
to receive and transmit wireless information to and from the
central server (104) via the central wireless communicator (105)
according to the wireless methodologies discussed herein, creating
the wireless network (103). It should be noted that the wireless
network (103) can comprise wireless communication between a single
central wireless communicator (105) and a single remote wireless
communicator (108) and/or a plurality of central wireless
communicators (105) and a plurality of remote wireless
communicators (108). In some embodiments, the wireless network
(103) can be further comprised of intermediate wireless
communicators or nodes between the central wireless communicator(s)
(105) and the remote wireless communicator(s) (108) in the wireless
network (103). These intermediate wireless communicators or nodes
can act as access points, bridging relays or serve another function
known to those of skill in the art to assist in the smooth and
efficient functioning of the transfer of information and data
between the central access system (101) and the remote access
system (102) via the wireless network (103).
[0058] Contemplated information for transmission between the
central and remote wireless communicators (105) (108) includes, but
is not limited to, access database information, access event
information and remote access controller (107) information (e.g.,
environment, status, etc.). The information communicated between
the remote wireless communicator (108) and the central wireless
communicator (105) may or may not be encrypted and may or may not
be in the form of packet data.
[0059] The locking mechanism (113) is any electromechanical
fastening device known to those of ordinary skill in the art.
Contemplated locking mechanisms (113) include, but are not limited
to, electric strike, electromechanical strike, electro-optical
strike, keycard, magnetic, biometric and radio frequency.
[0060] The access request receiving device (109), the remote
storage device (111), the remote wireless communicator (108) and
the remote locking mechanism (113) (along with any other component
of the remote access controller (107)) are all generally connected
to and controlled by the remote processor (110) via the control
circuit (112). The control circuit (112), in some embodiments, also
serves to interconnect the various components of the remote access
controller (107) for communication and data transfer between each
of the components. Generally, any circuit mechanism known to those
of ordinary skill in the art for the transfer of data or
information is contemplated as a modality for the command circuit
of this application. In addition to determining whether or not a
certain credential represents an authorized user (by comparing the
credential to the stored localized access database), the processor
(110) has the capability to record that an access event occurred,
along with other information about the access event and the
environment of the remote access controller (107). Generally, any
processor technology or means known to those of skill in the art is
contemplated as the processor (110) of the remote access control
system (102). An exemplary embodiment of the organization of a
remote processor (110) is provided in FIG. 2.
[0061] In another embodiment, the remote controller (107) will
further comprise a local communications device (114) to provide a
means for entering command communications into a remote access
controller (107) in case of a need to manually update the remote
storage device (111), upload a new software program or other
upgrades, programming or communication which may be required. This
local communications device (114) can be a plug-in communications
port (e.g., a serial, TTL, USB), a wireless receiver (e.g., a
Bluetooth receiver), a keypad or any other means known to those of
skill in the art for a system programmer to provide command data
locally to the remote access control system (102) at each
individual remote access controller (107).
[0062] Other contemplated components of the remote access
controllers (107) or the remote access system (102) include, but
are not limited to, a power supply (such as a battery or AC/DC), a
power supply back-up (such as a battery), a battery sensor, a
timing mechanism, a buzzer and a lighting mechanism (such as an
LED).
[0063] Generally the access control system disclosed herein, and
all of the components thereof, will, typically, be placed in a mode
to conserve power and resources. For example, in one embodiment the
central wireless communicator(s) (105) and the remote wireless
communicator(s) (108) can have different modes to more efficiently
utilize power consumption. Possible modes include, but are not
limited to, a standby/sleep mode (a mode in which no
information/data is transmitted or received), a transmission mode
(a mode in which information/data can be transmitted or received),
and a receiving mode (a mode in which information/data can be
received but not transmitted). Contemplated power sources for the
access control system disclosed herein include AC/DC, battery and
solar, amongst other power sources known to those of ordinary skill
in the art.
[0064] While the access system disclosed herein has generally been
described as having a single remote controller (107) at each access
point in the access control system, in the healthcare field, as
well as in other fields where increased security may be necessary
for certain aspects of the facility, there may be a need to have
two or more linked remote controllers (107) at a single access
point. For example, federal regulations specify that controlled
substances stored on control substance carts be controlled by at
least two separate locking mechanisms controlled by two separate
access codes. The access control system described herein has the
capability to function with single remote controllers (107) at
access points or two or more interlinked, or "cascaded," remote
controllers (107) at access points.
[0065] At access points where two or more remote access controllers
(107) are present, in one embodiment, a user will be able to open
both of the interlinked remote access controllers (107) with the
same credential if the credential is associated with access to both
the first controller (107) (the first level of security) and the
second controller (107) (the second level of security) in the
access database.
[0066] Alternatively, in another embodiment, the access control
system can have a cascade lock system that requires unique
credentials for each controller (107) in the cascade--a separate
credential is required for the first and second level of security.
In this configuration, each controller (107) in the cascade is
opened separately, the controller (107) in the first level of
security being disengaged when presented with a proper credential
and the controller (107) in the second level of security being
disengaged when presented with a proper credential (the second
credential being different from the first credential) and only
being disengaged until after the first controller is already
open.
[0067] In one embodiment of the cascade lock system where unique
credentials are required for each controller (107), in order to
provide for a more effective cascade lock, the separate credentials
required to access the first and second level of security will be
interlinked and assigned to the same user. In this interlinked two
credential system, once a user has opened the first controller
(107) (e.g., general access to an anesthesia cart) the only
credential that will grant access to the second level of security
and open the second controller (107) is a second credential that is
assigned to the same user. The first and second credential required
to access the full cascade of controllers are interlinked because
they are both associated with the same user.
[0068] This interlinked cascade lock and access system closes a
security loophole that was present in previously utilized cascade
lock systems. Specifically, it prevents another user from gaining
access to the second level of security by inputting a valid
credential for the second level of security, but not one associated
with the current user of the anesthesia cart. Without interlinking
the locks of the cascade, it is possible for a user having only
authorized rights to the first level of security to access the
second level of security by simply acquiring from another
individual a valid credential for the second level of
security--there is no requirement for a correlation between the
separate credentials required to access the first level of security
and the second level of security. The interlinked cascade system
only grants access to one individual at a time until the current
user has reengaged all of the controllers (107) in the access
control system.
[0069] The interlinking of the credentials required to access
different levels of security for a particular access point, in some
embodiments, may be accomplished by having the second controller
(the second level of security) (107) query the central server (104)
to determine whether the access first controller (the first level
of security) (107) was accessed by a credential associated with the
same user to whom the second credential presented to the second
controller (107) is associated. Thus, a user may obtain access to
the first controller (the first level of security) (107) in the
cascade by presented a valid credential. Once the first controller
is open (the first level of security is accessed), it can send a
signal to the central server (104) regarding the credential that
was presented to open the locking mechanism (113). Upon a
credential being presented to the second controller, the second
controller (the second level of security) (107) will communicate to
either the first controller (107) or the central server (104) via
the wireless network (103) to determine the user who is associated
in the access database with the credential used to open the first
controller (107). The second controller (107) will only open if the
credential presented to it is valid and is linked to the same
individual whose credential opened the first controller (107).
[0070] This interlinked cascade system presents a higher level of
security. For example, in this system, if an individual were to
view a typed password a different user entered into a second
controller (107) to gain access to the second level of security,
the individual would not be able to open the first controller (107)
with their credentials and then use the stolen credentials to
access the second controller (107) because the two credentials are
not interlinked to the same user. Instead, the individual would
have to obtain credentials to the first and the second controller
(107) from the one user who had access to both levels of security
to open both controllers (107).
[0071] In a cascade system, such as those utilized in the
healthcare industry, the interlinked cascade system may be
particularly powerful because opening the first controller (107)
might require a physical credential, while opening the second
controller (107) might require an entered access code. In the
interlinked cascade system, the individual opening the second
controller (107) using their PIN would have to have also presented
a physical credential associated with him to open the first
controller (107). As the loss of a physical credential is more
easily detected than an individual stealing or figuring out a PIN,
the system gains heightened security. The interlinked cascade
system makes it harder for the second level of security to be
accessed by someone not authorized to do so.
[0072] Accordingly, it is contemplated that the interlinked cascade
lock system may be entirely disengaged by a single physical
credential or the presentation of multiple physical credentials or
passwords all associated with the same user to open the complete
cascade of locks. In this way, a user can either unlock both locks
in succession (if they are authorized to do so) or can simply open
the first controller (107) (should that be the extent of their
desired access) in a single action. Should a user elect to only
open the first level of security, the second level of security will
be completely locked out (i.e., it will accept no other authorized
users including the user who opened the first controller) until the
outer lock is reengaged and the locks are simultaneously opened by
a single user with credentials to access both levels of
security.
[0073] It should be understood that while the interlinked cascade
locking system described herein generally referred to only a first
and a second level of security, any number of cascaded security
levels is contemplated in interlinked cascade locking system of
this application. The first and second level of security was simply
used for illustrative purposes to describe the functioning of the
cascade lock system.
[0074] In operation, the access control system generally utilizes
decentralized localized authentication of users at the level of the
remote access controller (107) with wireless updates to the remote
access controller (107). In part, to conserve the energy and
resources of the system, a wireless update for an individual remote
access controller (107) will occur upon one of the following
events: 1) when querying for an unknown credential; 2) when
performing routine database checks and upgrades; 3) when a command
input for an update is entered into the local communications device
(114); and 4) activation of a "wake up" sensor linked to the remote
processor (110) such that when the sensor is presented with a
specific event an immediate signal is sent to the remote processor
(110) which, in turn, instantly forwards the sensor information to
the central database (106).
[0075] One of the times at which access information will be
exchanged between the central access system (101) and the remote
access system (102) across the wireless network (103) is the
periodically scheduled routine database check and upgrade. In these
periodically scheduled update periods, the central access control
system (101) will send access database upgrades to the remote
controllers (107) of the remote access control system (102) to
update the localized access database located at each remote
controller (107). In addition, in these periodically scheduled
update periods, the remote controllers (107) of the remote access
control system (102) can send information to the central access
control system (101) regarding access attempts at the remote
controller (107). Such information includes, but is not limited to,
historical information regarding access attempts, the number of
times a door or drawer has been opened or closed and any remote
sensor data that is collected by the controller (107) including but
not limited to battery voltage, temperature of the container,
humidity and the presence of selected gases. So as to prevent
overloading network traffic at any one time, in one embodiment it
is contemplated that the individual remote access controllers (107)
will be randomly assigned different intervals for automatic
database updates. Further, it is also contemplated that the
individual remote access controllers (107) can be programmed to
update at night or other times when the system is not in heavy use,
thus preventing overloading the communication structure and slowing
down the wireless access control system.
[0076] Another time at which access information will be exchanged
between the central access system (101) and the remote access
system (102) is when the wireless access control system is
presented with an unknown credential. When a remote access
controller (107) is presented with an invalid access credential (a
code that is not identified on its localized database as allowed to
disengage the specific lock) the remote controller (107)
immediately initiates a call to the central access system
(101).
[0077] The remote call sends two pieces of information. The first
piece of information is a validation code or cryptogenic hash that
describes the structure, size and content of the current localized
database stored at the remote access controller (107). This code or
hash is not a transmission of the full localized database, but
rather a smaller, summarized "version" of the database that is
presently stored at the remote access controller (107). The second
piece of information sent in the remote call is an identifier of
the invalid credential that was utilized for the access
attempt.
[0078] If the validation code matches the central access database,
then the central access database has not been updated or modified
since the localized access database was last modified (the
localized database is the same as the central database) and a
message is returned to the remote access controller (107) from
which the signal originated that the credential is not valid and
access should be denied. If the validation code is different than
the central access database (which implies that the central
database has been updated since the last update to the localized
database), the central access server (104) looks to the central
access database to determine if the supplied credential (the second
piece of information sent in the signal) is authorized to disengage
the lock to which the credential has been presented. If the
credential is not found in the central access database (indicating
that the user is not authorized to access that specific lock) then
a message is returned to the remote access controller (107) from
which the signal originated that the credential is not valid and
access should be denied. If the credential correlates to a valid
access credential in the central access database, then a message is
returned to the remote access controller (107) from which the
signal originated that the credential is valid and access should be
granted.
[0079] It should be noted that in the information transfer that
occurs when an invalid credential is presented to a remote access
controller (107), the localized access database at the remote
access controller (107) is not updated when the remote call is
sent. Instead, the localized access database is only upgraded in
accordance to the regularly programmed update schedule (or a
sensory initiated or command control initiated upgrade). This is
one of the points of differentiation of the present access control
system from real time decentralized access control systems of the
prior art, such as Carrieri. In those systems, a complete database
update was sent to the remote access controller (107) each time an
invalid credential was presented, even if no changes had been made
to the central access database since the last time the remote
access database was updated.
[0080] The advantages of this system are its ability to save
resources and increase the efficiency of the system as a whole. In
the event that a user is denied access under either of the first
two scenarios, there is no need to update the localized access
database at the remote access controller (107), as either no update
is required (the localized access database and the centralized
access database are the same) or the credential is invalid.
Therefore, until an alternative, unrecognized, valid credential is
presented, the onboard information is still accurate and power,
bandwidth and other resources do not need to be used for an entire
database upgrade. Further, even if the centralized access database
has been changed since the last periodic update and the access is
valid, the lock has already been instructed to disengage and the
need to update is not immediately necessary. In this way, remote
access controllers (107) will generally always operate on current
database versions until the assigned periodic update time. As the
assigned times can be purposefully chosen to be at night or at
other times when the resources in use are reduced, this can prevent
overloading the communication infrastructure and slowing down the
system.
[0081] While the ability to update the wireless access control
system to include new authorized users is important, it is in many
respects even more important that when security access is revoked
from a user, such change propagates as quickly, if not more
quickly, than when a new authorized access credential is added. In
some situations, access need not be immediately revoked. For
example, if the user with revoked credentials is otherwise
inhibited from having access to their revoked credentials or the
remote units (e.g., they are physically prevented from entering the
premises). In this case, the revocation can occur using only the
standard random update methodology discussed previously.
[0082] However, when a specific access code needs to be removed
immediately, without waiting for a routine random update (e.g.,
because a valid credential was lost or otherwise may have become
compromised), an administrator will indicate at the central control
server (104) that the removed credential is a priority removal.
This will trigger a software feature, in some embodiments called
"ER" (emergency removal), to be activated. Through ER, the central
access server (104) places a variable or "flag" on each
interconnect node or remote access controller (107) located
throughout the wireless access control system for a set-time period
or until the next periodic update of the localized access databases
of the remote access controllers (107). Each flag will include the
credential(s) to be removed or rendered inactive. Each time a
remote access controller (107) is activated by any attempted
access, the remote access controller (107) may be instructed to
check the closest interconnect node or its own remote processor
(110) and/or remote storage device (111) to determine if an
emergency removal notice flag is active. While it is generally
preferred that a controller (107) perform the ER check with every
access attempt, this is not strictly required and it may,
alternatively, perform the check after a certain number of access
requests, or only according to a predefined schedule.
[0083] If the emergency removal notice flag is indicated, the
remote access controller (107) will query its localized access
database and remove the flagged credential, if it is present in the
localized access database. After this removal step, the
standardized comparison access process is performed by the remote
processor (110) with the updated localized access database. Thus,
should the presented credential have been a credential belonging to
an individual whose access has been revoked, the credential has
been removed from the localized access database. If the presented
code is not the removed code, the onboard database has been updated
anyway with the removal of the revoked credential and the
credential, therefore, will be recognized as "invalid" in the
future. Thus, it is possible to very quickly propagate a necessary
change through the system, as the change can occur at each remote
access controller (107) with the next access attempt (by any party)
at the remote access controller (107). After all of the remote
access controllers (107) in the wireless access control system are
updated, the emergency removal notice flag is returned to a null
value.
[0084] When a remote access controller (107) is initially populated
with data, the user of the application determines the number of
periodic updates that a remote access controller (107) will perform
in a twenty-four hour period along with the time at which they will
occur. In addition, how often an "ER" lockup will occur can be
programmed into the remote processor (110). The application,
through a randomization algorithm that specifies the timing of
routine onboard access database updates and downloads, will store
specific timing intervals both centrally and in the remote access
controllers (107).
[0085] Yet another time period during which access information will
be exchanged between the central access system (101) and the remote
access system (102) is when a command input for an update is
entered into the local communications device (114). This is
generally a forced update maintenance routine. A flowchart showing
an embodiment of a forced update maintenance routine is provided in
FIG. 4. In the embodiment provided in FIG. 4, a command input is
entered into the local communications device (114) and the remote
processor (110) inquires as to whether a proper maintenance code
was entered (401). If the maintenance code is incorrect, the remote
access controller (107) will return to a sleep mode (402). If the
maintenance code is correct, the processor (110) will send a signal
to the central access system (101) for updates and perform
maintenance of the localized database, a systems check and other
needed procedures (403). After the maintenance is completed, the
remote access controller (107) will return to a sleep mode
(404).
[0086] In some embodiments, it is contemplated that the access
control system is a self-forming and self-healing network.
"Self-forming" means that the wireless network (103) of the access
control system establishes itself and each remote access controller
(107) automatically integrates itself into the network (103). For
example, once installed at the secure area, a remote access
controller (107) can configure itself into the access control
system. Thus, each remote access controller (107), when initially
installed, notifies the central access control system (101) via the
wireless network (103) of its availability for inclusion in the
access control system. This allows an individual to upgrade to the
full wireless system without physically touching the installed
components of the system. This "self-forming" property allows for
individual locks to be added and removed from the system
simply.
[0087] It is contemplated that, in some embodiments of the access
control system, the remote access controller(s) (107) can be used
as individual units, separate from the central control system
(101). This embodiment would generally be utilized in situations in
which individuals want each remote access controller (107) to
operate as a standalone module (i.e., they are not connected to the
central access server (104)). In the event that an individual wants
to upgrade from standalone remote access controllers (107) to a
full wireless access system, the individual would be able to
upgrade without physical manipulation of the previously installed
remote access controller (107) components as the access control
system can "self-form;" i.e., the system can automatically
configure itself when the central server (104) is set-up and
brought online.
[0088] While a self-forming network is contemplated in some
embodiments of the access control system, it is also contemplated
that individual remote access controllers (107) can also be added
to the wireless access system via any manual upgrade method known
to one of ordinary skill in the art. One example of a contemplated
manual upgrade method is the "card upgrade" method. A flow chart of
an embodiment of the card upgrade method is provided in FIG. 5.
[0089] In the "card upgrade" method, the upgrade is instigated by
an upgrade card. The upgrade card can be read by the access request
receiving device (109) (501). Embedded within the upgrade card,
under a security code, are the total number of remote access
controllers (107) that can be upgraded. Once the upgrade card is
read by the access request receiving device (109), the processor
(110) asks whether there are any upgrades left on the upgrade card
(502). If there are no upgrades left, the remote access controller
(107) will generally return to a sleep mode (503). If there are
upgrades left on the upgrade card, the remote processor (110)
downloads the multi-bit code onto the remote storage device (111)
(504). The remote processor (110) then changes the value stored to
the remote storage device (111) into a specific value, and the
remote processor (110) writes to the upgrade card the MAC address
of the controller (107) and the time and date the process occurred
(505). The number of updates remaining on the upgrade card will be
decremented by one to reflect the number of upgrades remaining
(505).
[0090] If someone tries to update a remote controller (107) that
has already been updated, the software on the remote access
controller (107) will generally allow the update but will not
decrement the number of updates remaining on the upgrade card and
the date and time of the update may or may not be amended. Once the
multi-bit code has changed, the remote processor (110) will
generally reboot. The upgraded code (already stored on the remote
processor (110) or remote storage device (111)) is activated once
the remote processor (110) reads the multi-bit code after a reboot
and will indicate to the remote controller (107) how to integrate
itself into the access control system.
[0091] "Self-healing," as that term is used in this application,
means that if an intermediate node in the wireless network (103)
fails for any reason, other nodes of the wireless network (103)
will automatically route signals around the failed node, thus
keeping the wireless network (103) intact.
[0092] The operability of an embodiment of the wireless access
control system disclosed herein when a remote access controller
(107) is presented with a credential can be best understood in
conjunction with the flow charts of FIGS. 3A-3C. As an overview,
the wireless access control system generally utilizes decentralized
authentication at each remote access controller (107) and the
wireless network (103) often operates in a "sleep" mode to conserve
the resources and power of the system.
[0093] Referring to FIGS. 3A, 3B and 3C, the operability of the
wireless access control system with an interlocking cascade locking
mechanism is shown when a credential is presented to the access
request receiving device (109) at a first remote access controller
(107) in the system. The presentation of a credential to the access
request receiving device (109) "wakes" the first remote access
controller (107) out of its "sleep" mode (301). At this time, the
remote access controller (107) checks to see if a flag is present
either in the remote wireless communicator (108), a node in the
wireless network, the remote processor (110) or the remote storage
device (111) (302).
[0094] If a flag is present (303), the remote access controller
(107) sends a signal to the central server (104) for the date, time
and access credentials for the individual(s) that have recently
been removed from the central access database (304). Once the
remote access controller (107) receives the flagged credential(s),
it checks to see if the flagged credentials are present in its
localized database (305). If the flagged credential(s) are present
in the localized access database, they are deleted (306).
[0095] Once the ER check is complete, if a physical credential is
being used, the remote processor (110) determines whether the
physical credential is a credential card or a manual update card
(307). If the card is a manual update card, the remote access
processor (110) will go into an update routine (311). If the card
is a credential card, then the remote processor (110) will enter
into a comparing step to determine whether the presented credential
is in the localized access database (308).
[0096] Once the ER check is complete, if a command input is being
used, the processor (110) determines whether the command input is
an access credential code or a maintenance update code (309). If
the code is a maintenance update code, then the remote access
processor (110) will go into a maintenance routine (310). If the
card is a credential card, then the remote processor (110) will
enter into a comparing step to determine whether the presented
credential is in the localized access database (308).
[0097] In the comparing step (308), if the credential is found in
the localized access database (312), then a command will be sent to
open the locking mechanism (113) associated with the first remote
access controller (107) (313). When a input command is entered into
the second remote access controller (107), the second remote access
controller (107) will determine whether the input command entered
is interlinked to the same user as the credential that was
presented to open the first remote access controller (107) (315).
If the input command entered belongs to the same user, then the
locking mechanism (113) associated with the second remote access
controller (107) is opened (316).
[0098] In the comparing step (308), if the credential is not found
in the localized access database (317), then a remote call is sent
to the central access system (101) to determine if the localized
database is current and if the credential is located in the central
access database (318). If it is determined either that the central
database has not been changed since the last periodic update to the
localized database and/or that the credential presented is not a
new addition to the centralized access database, then a signal will
be sent to the remote access controller (107) to deny access (319).
If it is determined that the credential represents a newly added
credential to the central access database, then a command will be
send to open the locking mechanism (113) associated with the first
remote access controller (107) (321). When an input command is
entered into the second remote access controller (107), the second
remote access controller (107) will determine whether the input
command entered is interlinked to the same user as the credential
that was presented to open the first remote access controller (107)
(315). If the input command entered belongs to the same user, then
the locking mechanism (113) associated with the second remote
access controller (107) is opened (316).
[0099] In each of the steps associated with an unlocking of a
locking mechanism, a lockout timer can be engaged which will
disable access to the secured area associated with the remote
access controller (107) after a defined period of time. It is also
contemplated that the in each of the steps associated with the
unlocking of a locking mechanism (113), there can be a limit to the
number of attempted tries an individual has before the system
locks-out. Once a locking mechanism (113) is closed, a lockout
timer runs out, or a system lock-out is initiated by the input if
too many incorrect codes, the remote access controller (107) will
return to sleep mode.
[0100] Through the use of wireless radio frequency technology, the
present wireless access system can also perform user data updates,
audit trail histories, and remote sensing of various sensors,
including but not limited to micro-switches, contact switches,
temperature sensors, humidity, light, smoke/obscuration monitors,
and gas sensors (i.e., carbon monoxide). In this way the remote
access controller (107) need not only restrict access to the area,
but may also monitor the area for any potentially damaging changes
in environmental or other factors and can provide additional
information related to securing the area such as records of what
credentials were used for access and when such access occurred.
[0101] While the invention has been disclosed in connection with
certain preferred embodiments, this should not be taken as a
limitation to all of the provided details. Modifications and
variations of the described embodiments may be made without
departing from the spirit and scope of the invention, and other
embodiments should be understood to be encompassed in the present
disclosure as would be understood by those of ordinary skill in the
art.
* * * * *