It is provided a method for compensating for gravity affecting an accelerometer (18) used for determining an operational state of a door (15). The method is performed by a gravity compensator (1). The method comprises: obtaining (40) a plurality of acceleration measurements by the accelerometer for a measurement period; calculating (42) a gravity component in the acceleration measurement by averaging the acceleration measurements; obtaining (44) an operational acceleration measurement; compensating (46) the operational acceleration measurement based on the gravity component, yielding a gravity compensated acceleration measurement; and providing (48) the compensated acceleration measurement for determining the operational state of the door.
Methods and systems are provided for performing asymmetric public key pinning authentication without a pre-shared secret. The methods and systems store, by a first device, a second identifier of a second device and a second public key of the second device and generate, by the first device, a first ephemeral keypair comprising a first ephemeral public key and a first ephemeral private key. The methods and systems transmit, by the first device to the second device, a first identifier of the first device and the first ephemeral public key and receive, by the first device from the second device, a second ephemeral public key of a second ephemeral keypair that has been generated by the second device. The methods and systems compute, by the first device, a symmetric secret key based on the first and second ephemeral keypairs.
Various methods and implementations of a multi-entity authentication protocol, enabling an anonymous lookup of a symmetric keyset, are described. An example method performed by an initiator entity includes: transmitting an authentication request to a responder entity; receiving an authentication response from the responder entity, the authentication response including an identifier associated with an authentication keyset (e.g., a symmetric keyset shared by the initiator entity and the responder entity), where the identifier is provided for one-time use in an authentication between the initiator entity and the responder entity; retrieving the authentication keyset at the initiator entity, based on the identifier, where the identifier is associated with the authentication keyset at the initiator entity prior to the one-time use in the authentication (e.g., based on a previous authentication procedure); and validating the authentication between the responder entity and the initiator entity based on the authentication keyset.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
It is provided a method for mitigating a resource use attack by a transmitter device (1) against a receiver device (2) over a wireless interface (4). The method is performed by a receiver device (2). The method comprises: receiving (40) a header transmission from a transmitter device (1), the header (21) forming part of a radio frame (20), the header (21) comprising an indicator of size of a subsequent transmission of a payload (22) in the radio frame (20), wherein the receiving includes performing a header measurement, being a measurement of received signal strength of the header transmission; performing (42) a payload measurement, being a measurement of received signal strength measurement when the payload (22) of the radio frame (20) is expected to be received; determining (44) that the payload measurement is lower than a threshold; and releasing (46) resources used for receiving the payload.
It is provided a method for enabling temporary access to a physical space (16) secured by an electronic lock (12). The method being performed by an access right generator (1). The method comprises: obtaining (40) a user identifier of a user (5), and a time data item defining a validity time; obtaining (42) a cryptographic key; generating (44) an access object (21) based on the user identifier, the time data item and the cryptographic key, to enable an electronic lock to cryptographically verify the user identifier based on the access object (21); and providing (46) the access object (21) to the user.
Methods and systems for communicating with an access control system are provided. The methods and systems, prior to establishing a secure channel between a first device and a second device, establish, between the first device and the second device, a first static privacy key. The methods and systems access, by the first device, a first random nonce that has been generated by the second device and compute, by the first and second devices, a first session key based on the first static privacy key and the first random nonce. The methods and systems generate, by the first device, a first one-time authorization code based on the first session key and a current counter value, the current counter value representing a quantity of requests sent by the first device and transmit, by the first device to the second device, a first request that is combined with the first one-time authorization code.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Methods and systems for selectively retrieving additional data associated with a credential are provided. The methods and systems establish, between a first device and a second device, a communication session and transmit, from the first device to the second device, a credential that is associated with a subset of additional data. The methods and systems receive, by the first device from the second device, a request for a first portion of the additional data and provide, to the second device, binding information for the first portion of the additional data, the binding information securely linking the first portion of the additional data to the credential. The methods and systems enable the second device to authenticate the first portion of the additional data using the binding information.
It is provided a method comprising: obtaining (40) a calibration door angle; obtaining (42) a calibration image comprising a representation of a door (15) for the calibration door angle; repeating (44) the obtaining (40) a calibration the door angle and obtaining (42) the calibration image for a plurality of values of the calibration door angles; generating (46) a data structure comprising a plurality of angle values, respectively associated with door masks; obtaining (48) a detection door angle from the door angle sensor (18), indicating an angle of opening of the door (15); obtaining (50) a detection image from the image sensor (11); obtaining (52), from the data structure, based on the detection door angle, a detection door mask; applying (54) the detection door mask to the detection image, to obtain a masked image; and performing (56) people detection based on the masked image.
G06V 20/52 - Surveillance or monitoring of activities, e.g. for recognising suspicious objects
G06V 10/22 - Image preprocessing by selection of a specific region containing or referencing a patternLocating or processing of specific regions to guide the detection or recognition
G06V 10/80 - Fusion, i.e. combining data from various sources at the sensor level, preprocessing level, feature extraction level or classification level
G06V 40/10 - Human or animal bodies, e.g. vehicle occupants or pedestriansBody parts, e.g. hands
G06V 10/25 - Determination of region of interest [ROI] or a volume of interest [VOI]
Various methods and implementations of encoding a timestamp, and decoding time and date information from the encoded time stamp, are described. An example method for encoding a timestamp includes: identifying date and time information to be encoded, based on: a calculated year value that represents a calendar year value as an offset from a reference calendar year; a month value; a day value; and a time value (that includes, for example, an hour value, a minutes value, and a seconds value); generating 4 bytes of encoded data from the date and time information, with a sequence of bits that represents: the calculated year value; the month value; the day value; and the time value; and outputting the 4-byte encoded timestamp data. A corresponding method of obtaining date and time information from the encoded timestamp data, by parsing the 4-byte encoded timestamp data, is also described.
H03M 7/30 - CompressionExpansionSuppression of unnecessary data, e.g. redundancy reduction
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Systems and techniques may be used for creating an object (e.g., a data structure) on a device. A technique may include using a single structured access command constructed with an object tag number to perform one or more write operations. For example, a write operation may include writing an object type to a properties memory portion of memory of the device, writing at least one access right value to an access rights memory portion of the memory, or writing at least one configuration to a configuration memory portion of the memory including a current status flag of the object. An example technique may include reading a data memory portion of the memory using the object tag number based on a request that complies with the at least one access right value and the current status flag.
An RFID reader (10) is mounted to a device including at least one metal part, such as a fuel dispensing nozzle (12) of a fuel management system (100). Due to the mounting to the device, an inductance of an RFID antenna (20) of the RFID reader (10) decreases, resulting in an increase in the capacitance of a variable capacitance element (22) that is adjusted by a controller (24) of the RFID reader (10) to tune the circuit of the RFID reader (10). When the RFID reader (10) is removed from the device, this results in a decrease of the capacitance of the variable capacitance element (22). This decrease can be determined, and a message indicating that the RFID reader (10) has been tampered with can be generated.
G06K 7/10 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation
B67D 7/34 - Means for preventing unauthorised delivery of liquid
An initiator device of an access control system includes physical layer circuitry and processing circuitry operatively coupled to the physical layer circuitry. The processing circuitry is configured to initiate transmission of a command to a responder device, determine a first time measurement of a time duration from an end of sending the command to the responder device to a start of receiving a response to the command from the responder device, receive a response from the responder device that includes a second time measurement of a responder execution time of the command by the responder device, and generate an indication when the first time measurement and second time measurement indicate a relay attack.
A laser engraving system may include a transport mechanism (100) to position an engraving target relative to a laser source (118). The transport mechanism may include a belt (104) to move the engraving target, a drive roller (106) to drive the belt, and a safe zone configured to protect at least a portion of the belt from the beam of laser energy. The safe zone may include a protection member configured to be positioned below the laser source such that at least a portion of the protection member is located between the laser source and the belt. Additionally, or alternatively, a portion of the engraving target (e.g., a transparent area of the engraving target) may be cantilevered over an edge of the transport mechanism and energy from the laser source may be directed to the portion of the engraving target over the edge of the transport mechanism.
Methods and systems for temporarily enabling Internet Protocol (IP) connections for an access control system are provided. The methods and systems perform operations including receiving, by a server, a request to update configuration of an access control reader; transmitting, by the server to the access control reader over a wired link, a first instruction to temporarily switch from communicating with the server using a first communication mode to an IP communication mode; sending, from the server to the access control reader, IP packets comprising configuration information to update the configuration of the access control reader; and after the configuration of the access control reader has been updated, transmitting, by the server to the access control reader, a second instruction to switch from communicating using the IP communication mode back to communicating using the first communication mode.
H04L 67/00 - Network arrangements or protocols for supporting network services or applications
H04L 69/18 - Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
15.
RFID SENSOR DEVICE AND METHOD OF MANUFACTURING THE SAME
An RFID sensor device (10) includes an RFID chip having a sensing circuitry for sensing a physical quantity such as temperature and strain. A spacer (18) is provided on a surface (S1) of a substrate (12) on which the RFID chip is mounted, and includes an opening (20) inside of which the RFID chip 14 is arranged. The thickness of the spacer (18) is selected such that, when the RFID sensor device (10) is attached to a surface to be monitored, the RFID chip is in close proximity to the surface to be able to reliably sense the desired physical quantity.
G06K 19/04 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the shape
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
It is provided a method for determining a state of a door (15). The method is performed in a status determiner (1) based on accelerometer data of an accelerometer (18) that is fixed to the door (15). The method comprises: determining (40) that the door has transitioned from an open state (20) to a closing (21) state, based on a magnitude of a velocity of the door (15) in a first direction being greater than a closing velocity threshold (30); and determining (42) that the door has transitioned from a closing state (21) to an opening (23) state, based on a magnitude of a velocity of the door (15) in a second direction being greater than an opening velocity threshold (32), wherein the second direction is opposite from the first direction, wherein the opening velocity threshold (32) is based on an indication of position (29) of the door (15).
Systems and techniques may be used for selective engagement with a secure reader, for example in a multi-reader environment. An example technique may include detecting one or more secure access readers of a secure access system that are proximate to a mobile device, and identifying a list of predetermined secure access readers. The detected one or more secure access readers proximate to the mobile device may be compared to the list of predetermined secure access readers to identify a listed proximate secure access reader. The example technique may include, in response to identifying the listed proximate secure access reader, engaging, via the mobile device, with the listed proximate secure access reader.
It is provided an energy converter (10) for converting mechanical energy to electrically stored energy. The energy converter (10) comprises: a generator (9) comprising at least one winding (3); an energy storage device (7); a rectifier (27) provided between the generator and the energy storage device (7); a voltage boost circuit (4, 6) that is selectively activated; a control circuit (8) that is configured to: detect that a voltage that is energised by the generator (9) is below a threshold voltage; and activate the voltage boost circuit (4, 6) of the door closer to increase the voltage supplied to the energy storage device (7). A corresponding door closer is also provided.
H02M 7/00 - Conversion of AC power input into DC power outputConversion of DC power input into AC power output
H02M 7/02 - Conversion of AC power input into DC power output without possibility of reversal
H02M 7/12 - Conversion of AC power input into DC power output without possibility of reversal by static converters using discharge tubes with control electrode or semiconductor devices with control electrode
H02M 7/66 - Conversion of AC power input into DC power outputConversion of DC power input into AC power output with possibility of reversal
H02M 7/72 - Conversion of AC power input into DC power outputConversion of DC power input into AC power output with possibility of reversal by static converters using discharge tubes with control electrode or semiconductor devices with control electrode
19.
ASSIGNING AN INSTALLATION LOCATION FOR EACH ONE OF A PLURALITY OF ELECTRONIC LOCKS
It is provided method for assigning an installation location for each one of a plurality of electronic locks (12a-g), the method being performed in a position determiner (1), the method comprising: obtaining (42) a distance and a direction between a pair of electronic locks, based on the radio transceivers of the pair of electronic locks; storing (45) an identifier of each electronic lock (12a-g) of the pair, the distance and the direction; determining (48) a derived map (4) of the electronic locks (12a-g) of the pairs; obtaining (50) a reference map (5) comprising installation locations (13a-g), the reference map (5) covering an area in which the electronic locks (12a-g) are installed; and assigning (52), based on the derived map (4) and the reference map (5), the identifier of each one of the electronic locks (12a-g) to one of the installation locations (13a-g) in the reference map (5).
A padlock (10) comprising a body (12); a shackle (14); a blocking mechanism (22) arranged to adopt a blocked state (24) and a unblocked state (26) for blocking and unblocking, respectively, the shackle in a locked shackle position; a locking element (28) rotatable for controlling the blocking mechanism; an actuator (38) configured to adopt a locked state (40) for locking the locking element, and an unlocked state (42); an actuating element (48) operatively connected to the locking element and arranged to be manually manipulated to move the locking element when the actuator adopts the unlocked state; an electronic control system (56) arranged to control the actuator; and at least one energy harvesting device (58), each energy harvesting device being arranged to be actuated by a movement of the shackle, the locking element or the actuating element to generate electric energy to the control system (56).
An RFID device (10) is provided. The RFID device (10) includes a first loop antenna (14) embedded in a device body (12), and a second loop antenna (16) embedded in the device body (12). The first loop antenna (14) and the second loop antenna (16) partially overlap each other by a set distance (d). This results in a suppression of a cross-coupling between the first loop antenna (14) and the second loop antenna (16), and allows for an optimum use of the space that is available for the antennas on the device body (12). In this manner, a reliable operation of the two antennas within desired communication ranges can be obtained.
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 7/10 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation
The present disclosure refers to a battery module (10), a main module (20) and a modular RFID reader (30). The battery module (10) is configured to be releasably connected to the main module (20) such that when connected the battery module (10) and the main module (20) together form an RFID reader (30) attachable to a fuel dispensing nozzle (50). The battery module (10) comprises a first antenna (12), a battery control circuitry (13), a battery cell (11), a first electrical connector (70) and a battery case (15). The main module comprises a second antenna (22), a main control circuitry (23), a second electrical connector (71) and a main case (25). The modular RFID reader (30) comprises multiple battery modules (10), a main module (20) and a connecting means such as bolts (6) configured to connect one of the multiple battery modules (10) with the main module (20). Each of the multiple battery modules (10) is individually connectable to the main module (20) to form an RFID reader (30).
G07F 13/02 - Coin-freed apparatus for controlling dispensing of fluids, semiliquids or granular material from reservoirs by volume
G06F 3/08 - Digital input from, or digital output to, record carriers from or to individual record carriers, e.g. punched card
B67D 7/14 - Arrangements of devices for controlling, indicating, metering or registering quantity or price of liquid transferred responsive to input of recorded programmed information, e.g. on punched cards
B67D 7/34 - Means for preventing unauthorised delivery of liquid
23.
CONTROLLING A SLIDING DOOR COMPRISING A FIRST DOOR LEAF AND A SECOND DOOR LEAF
It is provided a method for controlling a sliding door comprising a first door leaf and a second door leaf. The method is performed by a door controller. The method comprises: determining a position of a person approaching sliding door, in relation to the sliding door; predicting an entry position, where the person is expected to enter through the sliding door, based on the position; determining a near door leaf, being the door leaf, of the first door leaf and the second door leaf, whose centre point, in a horizontal plane, is closer to the predicted entry position, and a far door leaf being the other door leaf, of the first door leaf and the second door leaf; and opening the sliding door asymmetrically, such that a near door leaf opens more than the far door leaf.
A verifier device for an access control system includes physical layer circuitry configured to transmit and receive radio frequency (RF) electrical signals; processing circuitry operatively coupled to the physical layer circuitry and including at least one hardware processor; and a memory. The memory stores instructions that cause the at least one hardware processor to perform operations including: decoding credential information included in a received RF signal; determining an RF fingerprint of the received RF signal, wherein the RF fingerprint includes one or more RF signal parameters determined for the received RF signal; authenticating the credential information and the RF fingerprint; and initiating access to a physical access portal in response to authentication of the credential information and the RF fingerprint.
A method and system for adaptive power saving for a multiple technology credential reader may provide improved credential reader power management. The multiple technology credential reader may poll for a first credential type using a first credential radio within the plurality of credential radios. The multiple technology credential reader may discover a first device associated with the first credential type within a radio frequency range of the first credential radio and may cause, responsive to discovering the first device, a second credential radio associated with a second credential type to enter a low power mode. The multiple technology credential reader may determine the first device is positioned within a close proximity threshold range of the multiple technology credential reader, and may authorize a credential access (e.g., physical access, logical access) for the first device responsive to determining the first device is positioned within the close proximity threshold range.
G06K 7/10 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation
An arrangement (12) for controlling movements of an access member (16) relative to a frame (14), the arrangement (12) comprising an input element (26) arranged to perform a closing input movement (44) for causing a closing movement (38) of the access member (16); an electromagnetic generator (48) drivingly connected to the input element (26) for generating electric energy by the closing input movement (44); and a brake device (64) arranged to mechanically brake the generator (48) to hold the generator (48) stationary. An access member system (10) comprising the arrangement (12), the access member (16) and the frame (14), is also provided.
An arrangement (12; 12b-12e) for controlling movements of an access member (16) relative to a frame (14), the arrangement comprising an input element (26) arranged to perform a closing input movement (44) for causing a closing movement (38) of the access member; an output element (76a-76c) drivingly connected to the input element; a brake device (64a; 64b) arranged to adopt an active state (33) where the brake device mechanically brakes the output element and holds the brake device stationary, and an inactive state (27) where the brake device does not brake the output element; and a state transmission (11; 11a-11c) arranged to transmit a load (45) acting on the input element to a switching of the brake device from the active state to the inactive state. An access member system (10) comprising the arrangement is also provided.
An arrangement (12) for controlling movements of an access member (16) relative to a frame (14), the arrangement (12) comprising an input element (26); a mechanical closing force device (52) arranged to force the input element (26) to perform an closing input movement (44) to a closed input position (28) for causing a closing movement (38) of the access member (16) to a closed position (20); a mechanical opening force device (64) arranged to assist the input element (26) to perform an opening input movement (40), opposite to the closing input movement (44); and an opening motor (66) arranged to preload the opening force device (64) while the input element (26) is in the closed input position (28). An access member system (10) comprising an arrangement (12), an access member (16) and a frame (14) is also provided.
It is provided a method for managing a door closer (1) for closing a door (15). The door closer (1) comprises a generator (6) and an energy storage device (7). The method is performed by the door closer (1). The method comprises: obtaining (40) a target parameter for the door closer; obtaining (44) at least one measurement when a door closing operation of the door closer is in progress; and adjusting (46), based on the at least one parameter, braking of the door closer to approach the target parameter. Corresponding door closer, computer program and computer program product are also provided.
In an embodiment, an initiating device and a responding device exchange ephemeral public keys. The initiating device generates a signature that includes a first value and both ephemeral public keys, and that is signed with an initiating-device static secret key. The initiating device calculates a shared secret from the responding-device ephemeral public key and the initiating-device ephemeral secret key, and then generates a symmetric key based on (i) the shared secret and (ii) context-binding identifiers of both ephemeral public keys. The initiating device generates an encryption package that includes the signature and a public-key certificate that includes an initiating-device static public key and a cryptographic signature of a trusted authority, and that is encrypted with the generated symmetric key. The initiating device transmits the encryption package to the responding device. The responding device performs similar complementary operations, and a secure mutual authentication flow is achieved.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
31.
SYSTEMS AND METHODS FOR DETERMINISTIC AND HANDSFREE ENGAGEMENT FOR DATA TRANSFER OF MOBILE IDENTIFICATION AND OTHER DATA
Disclosed herein are systems and methods for deterministic and handsfree engagement for data transfer of mobile identification and other data. In an embodiment, a computer system presents disambiguation data via a user interface, and also broadcasts one or more advertising packets containing the disambiguation data. The computer system establishes a wireless connection with a mobile device. This includes receiving, from the mobile device, at least one message that contains shared-secret data that is based on the disambiguation data. The computer system receives, from the mobile device via the established wireless connection, a mobile driver' s license (mDL) of a user of the mobile device.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
H04W 4/40 - Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
32.
METHOD AND MOBILE DEVICE FOR PROVIDING A TIME READING
It is provided a method for providing a time reading. The method is performed by a mobile device (2) comprising a secure element (1) comprising a real-time clock (7). The method comprises: synchronising (40), by the secure element, the real-time clock (7) with a time server (3); letting (42) the real-time clock (7) run in the secure element (1); receiving (44), by the secure element (1), a current time request (30) from a time reader (6), via a mobile device (2); generating (46), by the secure element (1), a response, the response comprising a current time reading from the real-time clock (7), and cryptographic verification data; and sending (48), by the secure element (1), the response (32), via the mobile device (2), to the time reader (6).
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A first computing device maintains multiple resource-specific asymmetric keypairs that are each uniquely associated with a different protected resource on the first device, including a first resource-specific asymmetric keypair that is uniquely associated with a first protected resource. The first device engages with a second device in an authentication flow based on the first resource-specific asymmetric keypair. The first device receives, from the second device, a public-key certificate that contains target-binding data that indicates a specified asymmetric keypair. The first device checks whether the specified asymmetric keypair matches the first resource-specific asymmetric keypair. If so, and assuming any other authentication conditions are also met, the first device authenticates the second device to the first resource-specific asymmetric keypair, and grants the second device access to the first protected resource.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
34.
PEOPLE DETECTOR FOR DETECTING WHEN PEOPLE PASS THROUGH A DOORWAY
It is provided a people detector (1) for detecting when people pass through a doorway. The people detector (1) comprises: a first image source (11); a second image source (12); a processor (60); and a memory (64) storing instructions (67) that, when executed by the processor, cause the people detector (1) to: receive a first stream of images from the first image source (11); determine, based on the first stream of images, a confidence indicator that a single person passes through the doorway; when the confidence indicator indicates confidence, determine that a single person has passed through the doorway; and when the confidence indicator indicates non-confidence, receive a second stream of images from the second image source (12), and determine, based on the second stream of images, how many people has passed through the doorway.
G06V 10/75 - Organisation of the matching processes, e.g. simultaneous or sequential comparisons of image or video featuresCoarse-fine approaches, e.g. multi-scale approachesImage or video pattern matchingProximity measures in feature spaces using context analysisSelection of dictionaries
G06V 10/80 - Fusion, i.e. combining data from various sources at the sensor level, preprocessing level, feature extraction level or classification level
G06V 20/52 - Surveillance or monitoring of activities, e.g. for recognising suspicious objects
G06V 40/10 - Human or animal bodies, e.g. vehicle occupants or pedestriansBody parts, e.g. hands
G06V 40/20 - Movements or behaviour, e.g. gesture recognition
G07C 9/00 - Individual registration on entry or exit
A computing device implemented method of provisioning credential information includes activating a credentialing application stored in an authenticator device; receiving, by the credentialing application, user information entered into the authenticator device; establishing a secure channel between the authenticator device and an authentication server; sending the user information to the authentication server via the secure channel; generating a challenge by the authentication server in response to the user information and presenting the challenge to the user; sending a response to the challenge from the authenticator device to the authentication server via the secure channel; receiving a command from the authentication server to generate the credential information including a key pair; and registering a key of the key pair with the authentication server.
A handle assembly (12a, 12b) comprising a base structure (26a, 26b) for fixation to an access member (18a, 18b); a handing element (38a, 38b); a spring (40a, 40b); and a handle (28a, 28b); wherein the handing element is rotatable relative to the base structure about a rotation axis (30) together with the spring and the handle between a first handing position (54a) and a second handing position (54b); wherein the handle is rotatable relative to the handing element about the rotation axis against a deformation of the spring when the handing element is in the first handing position and in the second handing position; and wherein the base structure comprises a first stop (48a) arranged to be engaged by the handing element to define the first handing position and a second stop (48b) arranged to be engaged by the handing element to define the second handing position.
A lock device (12) comprising a bolt (28) movable between an extended bolt position (44) and a retracted bolt position (82), the bolt having a bolt structure (60); an auxiliary member (30) movable between an extended auxiliary position (46) and a retracted auxiliary position (84), the auxiliary member having an auxiliary structure (66); a sensor (48); and a trigger member (50) movable between a deactivated position (52) where the trigger member does not cause activation of the sensor, and an activated position (86) where the trigger member causes activation of the sensor, the trigger member being forced towards the activated position; wherein the bolt structure and the auxiliary structure are arranged to allow the trigger member to move from the deactivated position to the activated position when the bolt adopts the extended bolt position and the auxiliary member adopts the retracted auxiliary position.
An arrangement (12a; 12b) comprising a drive element (26a; 26b) movable between a closed drive position (28) and an open drive position (44); a mechanical force device (56a; 56b) arranged to force the drive element in a closing drive movement (46); a force device transmission (62a; 62b) arranged to transmit movements of the drive element to movements of the mechanical force device; and an electric machine (58) drivingly connected to the drive element; wherein the mechanical force device and the force device transmission are configured to act more forcefully on the drive element during a latching drive movement (50) than during a closing initial drive movement (48); and wherein the arrangement further comprises an electronic control system (70a; 70b) configured to control the electric machine to operate as an electric generator during the closing initial drive movement, and to control the electric machine to operate as an electric motor during the latching drive movement.
E05F 3/10 - Closers or openers with braking devices, e.g. checksConstruction of pneumatic or liquid braking devices with liquid piston brakes with a spring, other than a torsion spring, and a piston, the axes of which are the same or lie in the same direction
E05F 3/22 - Additional arrangements for closers, e.g. for holding the wing in opened or other position
E05F 15/63 - Power-operated mechanisms for wings using electrical actuators using rotary electromotors for swinging wings operated by swinging arms
39.
SYSTEMS AND METHODS FOR USING A WEB BLUETOOTH API FOR MOBILE ACCESS CONTROL
Disclosed herein are systems and methods for using a web/Bluetooth API for mobile access control. In an embodiment, a computing system receives an endpoint identifier associated with a visitor. The system generates a URL associated with the endpoint identifier, and transmits the URL to an endpoint associated with the endpoint identifier. The system receives, from a mobile device associated with the visitor, a request for a web/Bluetooth Low Energy (BLE) webpage corresponding to the URL. The system generates the requested webpage, and transmits the webpage to the mobile device. The webpage contains a valid credential for access to a secured resource, and also contains executable code for calling at least one function of a web/BLE API. The system transmits the webpage to the mobile device, and thereafter receives the credential from the mobile device via a BLE communication, verifies the credential, and accordingly grants access to the secured resource.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Methods and systems are provided for performing operations comprising: storing a plurality of credentials on a client device; establishing, locally on the client device, a dependency relationship between a first credential of the plurality7 of credentials and a second credential of the plurality of credentials; determining, by the client device, that the first credential has been used to access a secure resource; and in response to determining that the first credential has been used to access the secure resource, triggering an access condition associated with the second credential based on the dependency relationship established between the first and second credentials
It is provided a method for adapting an intent model (20), being a machine learning, ML, model for determining intent of a person to pass through a door (15). The method is performed by an intent determiner (1). The method comprises: determining (40) that a physical environment outside a door has changed; increasing (42) a rate of training of the intent model (20), wherein the training is based on input features based on image data from an image capturing device (11) covering an area near the door (15); and applying (44) the intent model (20) for inferring when a person exhibits intent to pass through the door, based on image data from the image capturing device (11).
G06V 20/52 - Surveillance or monitoring of activities, e.g. for recognising suspicious objects
G06V 10/82 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using neural networks
G06V 10/764 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using classification, e.g. of video objects
G06V 40/20 - Movements or behaviour, e.g. gesture recognition
A wi-fi sensing systems and techniques using receiving devices with two radio chains are described herein. The receiving devices may utilize the first radio chain to receive messages from a transmitter in a first wireless communication network and may generate environment characterization information based on those received messages. The receiving devices may utilize the second radio chain to transmit the environment characterization information to a host device using a second wireless communication network.
H04B 1/00 - Details of transmission systems, not covered by a single one of groups Details of transmission systems not characterised by the medium used for transmission
H04B 1/38 - Transceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving
H04B 17/309 - Measuring or estimating channel quality parameters
H04W 88/06 - Terminal devices adapted for operation in multiple networks, e.g. multi-mode terminals
G01S 13/74 - Systems using reradiation of radio waves, e.g. secondary radar systemsAnalogous systems
Methods and systems are provided for performing operations comprising: establishing a secure channel between an authenticator device and a client device; generating, by the authenticator device, a one-time passcode (OTP) based on a token received from the client device; storing the OTP in a memory of the authenticator device; transmitting the OTP to the client device over the secure channel; receiving the OTP from the client device over an unsecure channel; and enabling access to a secure resource in response to determining that the OTP received from the client device matches the OTP stored in the memory of the authenticator device.
A secure RFID device (10) is provided. The RFID device (10) includes one or more switch modules (26) that can be actuated by a user to selectively couple an integrated circuit (42) provided in a switch module (26) to a main RFID antenna (14) of the RFID device (10). It is therefore not necessary to provide a separate integrated circuit (42) coupled to the main RFID antenna (14). The integrated circuit (42) provided in each switch module (26) can be electrically or inductively coupled to the main RFID antenna (14) when a user actuates an actuation portion (36) of the corresponding switch module (26).
G06K 19/073 - Special arrangements for circuits, e.g. for protecting identification code in memory
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
An arrangement (12) for a lock system (10) comprising a latch spindle (42) for engaging a follower (52) and comprising a handing structure (48); an outer spindle (44) comprising an outer engaging structure (74) configured to engage the handing structure; and an inner spindle (46) comprising an inner engaging structure (68) configured to engage the handing structure independently of the outer engaging structure; wherein the handing structure, the inner engaging structure and the outer engaging structure are configured to cooperate such that a first handing (20a) can be set by a first latch position (82) of the latch spindle, and a second handing (20b) can be set by a second latch position (92) of the latch spindle; and wherein the handing structure comprises an angular clearance (60) such that the inner spindle can drive the latch spindle relative to the outer spindle by engagement between the inner engaging structure and the handing structure.
A method of operating a real-time location services (RTLS) system includes obtaining, by a processing device of the RTLS system, location information identifying an object or person and a building-area location of the object or person; obtaining, by the processing device, access-event information of a access of a physical access portal associated with the building-area location; and matching the location information of the identified object or person and the access-event information and generating an indication of the building-area location of the object or person using the processing device in response to the matching.
G01S 5/00 - Position-fixing by co-ordinating two or more direction or position-line determinationsPosition-fixing by co-ordinating two or more distance determinations
G01S 5/02 - Position-fixing by co-ordinating two or more direction or position-line determinationsPosition-fixing by co-ordinating two or more distance determinations using radio waves
47.
CHANGING THE COMMUNICATION MODE OF AN ACCESS CONTROL PROTOCOL
A method of operating an access control system includes sending, by an access reader of the access control system, a message to a user device to activate an access application or access applet of the user device, wherein the access reader is an Initiator device and the user device is a Responder device for a communication transaction; authenticating the user device; sending, by the access reader, a command to change the user device to the Initiator device for the communication transaction and the access reader to the Responder device; initiating, by the user device, an action of the access control system including sending a message to the access reader; and performing, by the access reader, at least a portion of the action in response to the message sent by the user device.
Disclosed herein are systems and methods for homomorphic-encryption-supported provisioning of secure devices. In an embodiment, a provisioning server (e.g., a cloud-based provisioning server) receives a request, associated with (e.g., from) a secure device (e.g., a keycard), for a homomorphically encrypted diversified key that is based on (e.g., derived from) a master key of an encryption system. The secure device stores a copy of a homomorphic-encryption key. The provisioning server derives a homomorphically encrypted diversified key from a homomorphically encrypted master key, which is the master key previously encrypted with the homomorphic-encryption key. The provisioning server transmits the homomorphically encrypted diversified key to the secure device. The secure device may then be operable to access at least one resource using a diversified master key, which is the homomorphically encrypted diversified key after having been decrypted on the secure device using its stored copy of the homomorphic-encryption key.
A deadbolt (22) comprising a base body (28), a first ridge (40) and a second ridge (42) for frictionally sliding against a first, respectively a second, lock device opening side, the ridges (40, 42) being parallel with an actuating direction (26) of the deadbolt; furthermore, at least a first and a second inclined section (44a, 44b, 46a, 46b) for frictionally sliding against a first (58), respectively a second (60), strike opening side are provided, the inclined sections protrude from a first, respectively a second, base side of the deadbolt, are formed separately from the ridges, and are inclined towards an end (34) of the deadbolt; Furthermore, a lock device with such a deadbolt and a system with such a lock device are claimed. Invention aims at providing low friction locking components with a simple structure.
E05B 63/20 - Locks with special structural characteristics with arrangements independent of the locking mechanism for retaining the bolt in the retracted position released automatically when the wing is closed
E05B 47/00 - Operating or controlling locks or other fastening devices by electric or magnetic means
E05B 15/00 - Other details of locksParts for engagement by bolts of fastening devices
A blocker (10) for a lock device (52), the blocker (10) comprising a blocking member (12) rotatable about a blocker axis (18) between a blocking position (44) and an unblocking position (48); a resilient device (14) movable between a blocking forcing state (46) where the resilient device (14) forces the blocking member (12) towards the blocking position (44), and an unblocking forcing state (50) in which the resilient device (14) forces the blocking member (12) towards the unblocking position (48); and an actuator (16) arranged to move the resilient device (14) between the blocking forcing state (46) and the unblocking forcing state (50). An arrangement (54) and a lock device (52) are also provided.
It is provided an electronic lock (12) comprising: a first power bus (20); a battery holder (23) configured to hold at least one battery (19) to thereby supply power of a first voltage to the first power bus (20); a boost converter (24) configured to selectively increase a voltage of the first power bus (20) from the first voltage to a second voltage; a first processor (60) connected to the boost converter (24); a first memory (64) storing instructions (67) that, when executed by the first processor (60), cause the electronic lock (12) to: determine a need for increased voltage; and trigger the boost converter (24) to activate to thereby increase a voltage on the first power bus (20). It is also provided a corresponding method, computer program (67) and computer program product (67).
A switch (28) comprising a printed circuit board assembly, PCBA, (74) including a printed circuit board, PCB, (75) and a stationary contact (72); a cap (30) in contact with the PCB (75) such that the cap (30) and the PCB (75) define a switch chamber (68) for the stationary contact (72), the cap (30) carrying a movable contact (70), the cap (30) being arranged to be deformed from a disconnected state (36) where the movable contact (70) is separated from the stationary contact (72) to a connected state (92) where the movable contact (70) contacts the stationary contact (72), and the cap (30) being forced towards the disconnected state (36); an actuator (32) movable relative to the stationary contact (72) between an activated position (90) where the actuator (32) pushes the cap (30) to the connected state (92), and a deactivated position (34) allowing the cap (30) to be forced to the disconnected state (36); and a potting compound (76) enclosing the PCB (75) and the cap (30). A lock device (10) comprising a switch (28) is also provided.
H01H 13/18 - Operating parts, e.g. push-button adapted for actuation at a limit or other predetermined position in the path of a body, the relative movement of switch and body being primarily for a purpose other than the actuation of the switch, e.g. door switch, limit switch, floor-levelling switch of a lift
H01H 13/16 - Operating parts, e.g. push-button adapted for operation by a part of the human body other than the hand, e.g. by foot
H01H 13/52 - Switches having rectilinearly-movable operating part or parts adapted for pushing or pulling in one direction only, e.g. push-button switch having a single operating member the contact returning to its original state immediately upon removal of operating force, e.g. bell push switch
A lock device (22) for installation in an access member (12), the lock device comprising a lock case (28); a forend (30); an adjustment screw (40, 42) passing through the forend and threadingly engaging the lock case, the adjustment screw being manipulatable between an adjustment position (66) where the forend is allowed to move relative to the lock case and where the adjustment screw prevents removal of the forend from the lock case, and a secured position (48) where the forend is secured to the lock case by the adjustment screw; and at least one locking element (44a, 44b, 46a, 46b) allowing the adjustment screw to be adjusted between the adjustment position and the secured position, and preventing the adjustment screw from being removed from the lock case. A system (10) comprising a lock device (22) and an access member (12) is also provided.
Method for determining when to provide assistance to open a door (15), the method being performed by an assistance determiner (1). The method comprises: converting (40) mechanical energy from when the door is opened without assistance to electrical energy and storing the electrical energy in an energy storage device (25); determining (42) to provide assistance in opening the door (15) for a person; and providing (44) assistance to open the door (15), when it is determined to provide assistance, by causing a motor to convert electrical energy from the energy storage device (25) to mechanical energy for providing assistance to open the door (15).
E05F 15/74 - Power-operated mechanisms for wings with automatic actuation responsive to movement or presence of persons or objects using photoelectric cells
E05F 15/76 - Power-operated mechanisms for wings with automatic actuation responsive to movement or presence of persons or objects responsive to devices carried by persons or objects, e.g. magnets or reflectors
55.
AUTHENTICATION WITH AUTHORIZATION CREDENTIAL EXCHANGE
Systems and methods may he used for authenticating and validating a credential for performing an action. A method may include using an access control device to exchange public keys with a user device. The method may include sending, to the user device, a first authentication cryptogram including a first signature, a public key certificate, and a Credential Trust Information (CTI), and receiving, from the user device, a second authentication cryptogram including a second signature, a public key of the user device, and a credential. The access control device may authenticate the user device based on the credential and the second signature The access control device may determine whether the credential received in the second authentication cryptogram is signed by a trusted credential issuer to validate the user device. The method may include causing the action to be performed.
An RFID tag (1) for tamper proof attachment to an object (100) such as a license plate, comprising a lower housing (10), an upper housing (20) and an antenna unit (30). The lower housing (10) is configured to be attached to the object (100). The upper housing (20) is placed on the lower housing (10) and comprises a peripheral portion (22). The peripheral portion (22) laterally surrounds the lower housing (10) and is configured to be attached to the object (100). The antenna unit (30) is positioned between the lower housing (10) and the upper housing (20). At least one first portion of the antenna unit (35) is attached to the lower housing (20) and at least one second portion of the antenna unit (36) is attached to the upper housing (10). When the distance (D) between the upper housing (20) and the lower housing (10) changes in case someone attempts to remove the RFID tag from the object, the at least one first portion of the antenna unit (35) remains attached to the lower housing (10) and the at least one second portion of the antenna unit (36) remains attached to the upper housing (20). Due to this specific arrangement the antenna unit (30) is being damaged in case of detachment of the RFID tag as disclosed herein.
It is provided a method for determining when to perform maintenance of a door (15). The method is performed by a maintenance determiner (1). The method comprises: obtaining (40), from a first sensor (6), sensor data indicating kinetic performance of the door; defining (42) a start time of the sensor data based on a first event detected by a second sensor (7), to enable synchronisation of the sensor data; dividing (46) the sensor data in a plurality of time periods (24a-e); evaluating (48) the sensor data in each one of the plurality of time periods by comparing to reference data respectively associated with each one of the plurality of time periods; and determining (50) to perform maintenance, based on the evaluation of the sensor data.
Disclosed herein are systems and methods for threshold cryptography for cloud-based software-implemented hardware security modules. In an embodiment, an encryption system collects at least a decryption-threshold number of private-key shares from a secure store, where the private-key shares correspond to a public key generated in a first secure enclave as part of a secret key set, which also includes a first plural quantity of the private-key shares. The encryption system obtains an ephemeral-hardware-security-module-(eHSM)-encryption key by decrypting the collected private-key shares. The encryption system initializes, in a second secure enclave, a second instance of a first eHSM. The initialized second instance of the first eHSM is encrypted with the obtained eHSM-encryption key.
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
It is provided a method for determining intent to open a door. The method is performed by an intent determiner. The method comprises: obtaining an image of a physical space near the door; determining a position and orientation of a person in the image by providing the image to an image machine learning model, wherein the image machine learning model is configured to determine position and orientation of a person in the image, wherein the image machine learning model is configured to determine a stick figure of the person based on the image; adding a data item, comprising an indicator of the position and an indicator of the orientation, to a data structure; determining based on the data structure, whether there is intent of the person to open the door; and repeating the method until an exit condition is true.
An access control system, processor-implemented method, and computer readable medium optionally includes an electronic memory and a processor. The processor and computer readable medium are configured to receive a command from a user to access the secure asset, determine access rights by the user to the secure asset, based on the access rights of the user, determine general authentication for the user to access the secure asset, and grant access to the user conditional on the general authentication determined for the user.
It is provided a method for communicating a media stream between a guest device (1) and an approval device (2) for evaluating whether to unlock an electronic lock (12). The method comprises: obtaining (40) a pointer to the coordination server (3) for establishing contact with the approval device (2); connecting (41 ) to the coordination server (3); establishing (42) a peer-to-peer connection between the guest device (1) and the approval device (2); providing (43) a media stream to the approval device (2) over the peer-to-peer connection; receiving (53) the media stream from the guest device (1) over the peer-to-peer connection; presenting (44) the media stream to an approval user (6); receiving (45) user input indicating to unlock the electronic lock (12); providing (46) a first unlock signal to unlock the electronic lock; and transmitting (47) the first unlock signal to unlock the electronic lock (12).
11F)) to a magnitude of the actuation force by decreasing its input impedance when the magnitude of the actuation force increases, and by increasing its input impedance when the magnitude of the actuation force decreases. A corresponding power converter assembly and an electronic lock (148) including the energy harvesting system are also provided.
H02J 7/32 - Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries for charging batteries from a charging set comprising a non-electric prime mover
H02J 7/34 - Parallel operation in networks using both storage and other DC sources, e.g. providing buffering
E05B 47/00 - Operating or controlling locks or other fastening devices by electric or magnetic means
63.
METHOD AND GUIDANCE DEVICE FOR PROVIDING NON-VISUAL GUIDANCE
It is provided a method for providing non-visual guidance for passing through a door (15). The method being performed by a guidance device (1). The method comprises: determining (40) that a person (5) is near the door (15) and that non-visual guidance is to be provided to the person (5); determining (42) an indication of location of the person (5) in relation to the guidance device (1) or the door (15); and providing (44) non-visual guidance to the person for passing through the door (15), wherein the non- visual guidance is based on the indication of location.
It is provided a method for alerting difference in user (5) sentiment of a user using a door (15). The method is performed in a user analysis device (1). The method comprises: receiving (40) sensor data from at least two sensors (7a-c) of different sensor types, the sensor data comprising data relating to a user (5) in the vicinity of a door (15); determining (42), based on the sensor data, a first user sentiment prior to using the door (15); determining (44), based on the sensor data, a second user sentiment after using the door (15); deriving (46) a difference in user sentiment between the first user sentiment and the second user sentiment; detecting (48) that the difference in user sentiment is greater than a threshold; and generating (50) an alert signal, indicating that the difference in user sentiment is greater than the threshold.
It is provided a lock assembly (20) for controlling its power state, the lock assembly being configured to control access to a restricted physical space (16) secured by a door (15). The lock assembly (20) comprises: an access control module (23), configured to selectively control the lock assembly (20) to be in an unlocked state or a locked state, wherein the access control module (23) comprises a processor (60) and a magnetically controllable switch (25), configured to control an operative state of the processor (60) based on an applied magnetic field; and a rotary member (24) configured to rotate when a connected door handle (13) rotates. The rotary member (24) comprises a magnet (26) for controlling the state of the magnetically controllable switch (25).
Systems and methods may be used for providing wireless power from a mobile device to a digital lock. The mobile device may include a proximity communication antenna to receive an authentication request from the digital lock. The proximity communication antenna may facilitate the mobile device providing wireless power to the digital lock via a wireless power protocol. The proximity communication antenna may send an authorization to the digital lock to cause the digital lock to open.
Systems and methods may be used for controlling physical access using a cloud transaction. A method may include receiving an authentication attempt for a user from a mobile device, and authenticating the user for access to a physical space based on the authentication attempt. The method may include receiving identification information corresponding to the user from an access control device, and sending authorization to the access control device to permit the user to access the physical space based on the authenticating the user.
CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE (France)
Inventor
Ayala, Stéphane
Destouches, Nathalie
Hébert, Mathieu
Dalloz, Nicolas
Abstract
A method of generating a multiplexed image (18) for printing that can be observed in a plurality of modes includes determining a finite shape (22) of a multiplexed palette (10) in a combined color space. The contrast of the multiplexed image (18) in each mode can be optimized by determining a maximum volume hyperrectangle (20) enclosed in the finite shape (22). Gamut mapping to this maximum volume hyperrectangle (20) allows for generation of a multiplexed image (18) that has a maximum contrast and is free from artifacts caused by an interdependency between the colors in each mode. Performing a dimensionality reduction using PCA allows for reducing the complexity of the optimization problem.
A lock device (12a; 12b) comprising an input member (18) rotatable about an input axis (46); an output member (20) rotatable about an output axis (48); an electromechanical coupling device (22a; 22b) configured to adopt an uncoupled state (68), where rotation of the input member about the input axis is not transmitted to a rotation of the output member about the output axis, and a coupled state (98), where rotation of the input member about the input axis can be transmitted to a rotation of the output member about the output axis; an electric control system (24) configured to control the coupling device to switch between the uncoupled state and the coupled state; and a sensor (90) in signal communication with the control system, the sensor being configured to generate a position signal (92) indicative of a position of the output member about the output axis. A lock system (10) comprising a lock device is also provided.
An arrangement (22a; 22b) for closing an access member (14) rotatable relative to a frame (16) about a hinge axis (18), the arrangement comprising a primary element (24) for fixation to either the frame or the access member; a secondary element (32) for fixation to the other of the frame and the access member; a connection device (34) arranged between the primary element and the secondary element and engaging the secondary element; and a force device (40) comprising a drive element (42) rotatable about a pivot axis (36) and engaging the connection device, the force device being arranged to force rotation of the connection device relative to the primary element about the pivot axis, wherein a position of the force device relative to the primary element is adjustable after fixation of the primary element and the secondary element to adjust a distance (38) between the pivot axis and the hinge axis. An access member system (10) and a method are also provided.
E05F 1/10 - Closers or openers for wings, not otherwise provided for in this subclass spring-actuated for swinging wings
E05F 3/10 - Closers or openers with braking devices, e.g. checksConstruction of pneumatic or liquid braking devices with liquid piston brakes with a spring, other than a torsion spring, and a piston, the axes of which are the same or lie in the same direction
E05F 3/22 - Additional arrangements for closers, e.g. for holding the wing in opened or other position
It is provided a method for routing data in a communication network (8). The method being performed by a routing node (3). The method comprises: receiving (40) an uplink message from an end node (2) over a multicast wireless transmission; forwarding (42) the uplink message towards a destination node over a unicast transmission; receiving (44) a downlink message over a unicast transmission; determining (46) that a recipient of the downlink message is the end node (2); and transmitting (48) the downlink message over multicast to the end node (2). Corresponding routing node, gateway, computer programs and computer program products are also provided.
H04W 4/06 - Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]Services to user groupsOne-way selective calling services
It is provided a receptacle holder (1, 1a-b) for selectively allowing a receptacle (4, 4a-b) to be removed. The receptacle holder (1, 1a-b) comprises: an attachment member (10) being configured to engage with a receptacle (4, 4a-b) to selectively keep the receptacle (4, 4a-b) in a locked engagement with the receptacle holder (1, 1a-b); a processor (60); and a memory (64) storing instructions (67) that, when executed by the processor, cause the receptacle holder (1, 1a-b) to: determine to unlock the attachment member (10); and unlock the receptable (4, 4a-b) from the attachment member (10). A corresponding receptacle holder, computer program and computer program product are also provided.
A47G 29/14 - Deposit receptacles for food, e.g. breakfast, milkSimilar receptacles for large parcels with appliances for preventing unauthorised removal of the deposited articles
G06Q 10/08 - Logistics, e.g. warehousing, loading or distributionInventory or stock management
G06Q 50/28 - Logistics, e.g. warehousing, loading, distribution or shipping
73.
IDENTIFYING POSITION AND DETERMINING INTENT BASED ON UWB TEMPORAL SIGNATURES
Methods and program code for determining the position and/or intent of a user (or device) holding, carrying, wearing, or mounted with a UWB-enabled device. Example computer readable medium for determining the position and/or intent of a user comprises program code that when executed by one or more processors, causes the one or more processors to determine a current temporal signature for a first device moving within an environment; compare the current temporal signature with at least a portion of a stored reference temporal signature corresponding to a secure asset within the environment; and base an access control decision corresponding to the secure asset on whether it is determined that the current temporal signature corresponds to the at least a portion of the stored reference temporal signature.
It is provided a method for applying a server partial secret key conditional on blocked status, wherein the server partial secret key (10b) and a user partial secret key (10a) form part of a threshold cryptography scheme (11), the method comprises: receiving (40) a request to apply a server partial secret key (10b) for a requested cryptographic operation for a user device (2); determining (42) that the server partial secret key (10b) can validly be applied by determining that the server partial secret key (10b) is not blocked from being applied; and interacting (44) with the user device (2) to perform the requested cryptographic operation, such that the user device (2) applies the user partial secret key (10a) and the validation server applies the server partial secret key (10b).
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
It is provided a method for recovering access to a user account, the method being performed by a recovery control device (1). The method comprises: triggering (40) generation of a plurality of partial secret keys (10a-g) by respective recovery devices (4a- g), the plurality of partial secret keys forming part of a threshold cryptography scheme (11) associated with a public key (12), wherein the threshold cryptography scheme (11) is associated with the user account; providing (42) the public key (12) to an access verification device (2, 3); and triggering (44) an access recovery, whereby access recovery messages are transmitted to the recovery devices (4a-g), wherein a threshold number of the plurality of partial secret keys (10a-g) are required to be applied in the threshold cryptography scheme (11) for recovering access to the user account.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
It is provided a method for performing an action by an electronic device (2), based on a first partial secret key (10a) and a corresponding second partial secret key (10b), wherein the first partial secret key (10a) and the second partial secret key (10b) form part of a threshold cryptography scheme (11) associated with a public key (12). The method comprises: transmitting (40), upon the device initialising, a request for a first partial secret key (10a) to a key server (3); receiving (42) the first partial secret key (10a) from the key server (3); storing (44) the first partial secret key (10a) only in volatile memory (70); retrieving (46) a second partial secret key (10b) from non-volatile memory (71); and performing (48) an action based on applying both the first partial secret key (10a) and the second partial secret key (10b).
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
77.
HARDWARE INTEGRITY CONTROL OF AN ELECTRONIC DEVICE
It is provided a method for providing hardware integrity control of an electronic device (2). The method comprising: triggering (40) each one of a plurality of components (4a- d) of the electronic device to generate of respective partial secret keys (10a-d) forming part of a threshold cryptography scheme (11) associated with a public key (12), wherein a threshold number of the plurality of partial secret keys (10a-d) are required to be applied in the threshold cryptography scheme (11) for verification against the public key (12); and providing (42) the public key (12) to a hardware verification device (3). A corresponding hardware integrity device (1), computer program (67, 91) and computer program product (64, 90) are also provided.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
It is provided a method for enabling detecting suspicious activity by an electronic lock (2). The method comprises: obtaining (40) communication data being metadata of communication to and/or from the electronic lock (2); obtaining (42) internal state data being metadata of an internal state of the electronic lock; obtaining (44) event data indicating at least one event and a time of for the event, wherein the event has occurred for the electronic lock; and transmitting (46) the communication data, the internal state data and the event data to a monitoring server (3). Corresponding electronic lock (2), monitoring server (3), computer programs (67, 167, 91) and computer program products (64, 164, 90) are also provided.
An energy harvesting arrangement (14a-14e) for an access member device (12a-12e), the energy harvesting arrangement (14a-14e) comprising a movable input member (16, 22b) arranged to provide an input torque (84); an electromagnetic generator (40a; 40b) having a stator (86) and a rotor (46) rotatable relative to the stator (86) to generate electric energy; a transmission (42a-42e) configured to transmit a movement of the input member (16, 22b) to a rotation of the rotor (46); and a torque limiter (44a-44g; 110a, 110b) configured to limit the input torque (84). An access member device (12a-12e) and an access member system (10a; 10b) are also provided.
A method and system for in-field encoding of credentials to a credential device. An example method comprises receiving a request to at least one of add or update credentials to a credential device; providing an invitation code for an in-field device, the in-field device being separate from the credential device; receiving, from the in-field device, the invitation code along with information from the credential device for establishing a secure communication channel with the credential device; establishing a secure communication channel with the credential device using the in-field device as an intermediate; generating one or more commands for encoding credentials to the credential device based on the request; and sending the one or more commands, via the secure communication channel using the in-field device as an intermediate, to the credential device.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
G07C 9/00 - Individual registration on entry or exit
81.
DETERMINING WHEN TO ESTABLISH A COMMUNICATION CHANNEL FOR ACCESS CONTROL
It is provided a method for determining when to establish a communication channel using an electronic lock (12) controlling access to a restricted physical space (16). The method is performed by a portable key device (2). The method comprises: obtaining (40) a first time-indicator indicating when the portable key device (2) detects a stop in motion of the portable key device (2); receiving (42) a broadcast message from the electronic lock (12); deriving (44) a second time-indicator based on the received broadcast message, the second time-indicator indicating when the electronic lock (12) determines a stop in motion; determining (46) that a difference between the first time- indicator and the second time-indicator is less than a threshold; and establishing (48) a communication channel between the portable key device and the electronic lock when it is determined that the difference between the first time-indicator and the second time- indicator is less than the threshold.
G07C 9/00 - Individual registration on entry or exit
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
It is provided an electronic lock for controlling access to a restricted physical space. The electronic lock comprises: a first credential interface for accepting a credential from a user for evaluating whether access for the user should be granted; and a second credential interface for accepting a credential from a user for evaluating whether access for the user should be granted. The first credential interface is configured to be activated when the user causes an interaction with the first credential interface, without activating any other credential interfaces. The second credential interface is configured to be activated when a user causes an interaction with the second credential interface, without activating any other credential interfaces.
Methods and program code for determining a location of a device within an environment and for calibrating the environment. Example computer readable medium for determining a location of a device within an environment comprises program code that when executed by one or more processors, causes the one or more processors to determine a current path signature for a device moving within an environment, compare the current path signature with a stored reference path signature corresponding to a location of interest (LOI) within the environment, and if it is determined that the current path signature corresponds to the stored reference path signature, determine the location of the device to be the same as a location of the LOI within the environment.
G01C 21/20 - Instruments for performing navigational calculations
G01C 21/16 - NavigationNavigational instruments not provided for in groups by using measurement of speed or acceleration executed aboard the object being navigatedDead reckoning by integrating acceleration or speed, i.e. inertial navigation
84.
CONTROL ARRANGEMENT FOR ACCESS MEMBER, AND ACCESS MEMBER SYSTEM
A control arrangement (20) for controlling movements of an access member (14), the control arrangement comprising a base structure (22); a drive member (32) rotatable about a rotation axis (28); an input member (38) arranged to be driven along an actuation axis (40) by rotation of the drive member, and arranged to move in a lateral direction (74, 76); an output member (50) arranged to be driven by the input member along the actuation axis; an electromagnetic generator (58) arranged to be driven by movement of the output member along the actuation axis to generate electric energy; and a force transmitting arrangement (42, 52; 116) arranged to transmit a relative movement between the input member and the output member along the actuation axis to a movement of the input member in the lateral direction towards the base structure for frictional braking between the input member and the base structure.
A method for offline delegation of authorization to access a secure asset. The method comprises receiving an offline delegation request from a delegating device at a receiving device while the receiving device is not in communication with a server of an authorization management system, the offline delegation request indicating a delegation of authorization from the delegating device to the receiving device for access to a secure asset; after establishing communication with the server, transmitting the offline delegation request from the receiving device to the server; and receiving, at the receiving device, authorization data from the server in exchange for the offline delegation request, the authorization data permitting access to the secure asset by the receiving device; wherein the offline delegation request comprises an identity of the receiving device or user of the receiving device and is digitally signed by the delegating device.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A method for creating a secure channel between devices for secure communication therebetween. The method comprises transmitting a first nonce from an initiator device to a responder device; receiving, at the initiator device, a second nonce and an identity of the responder device; transmitting an identity of the initiator device and a first set of one or more encrypted data objects from the initiator device to the responder device; receiving, at the initiator device, a second set of one or more encrypted data objects from the responder device; and generating, at the initiator device, a session key for secure communication between the initiator and responder devices.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
It is provided it is provided a keypad comprising: a voltage bus configured to distribute power in the keypad; and a plurality of keys; a plurality of row key connections; and a plurality of column key connections; A wake-up signal causes a microcontroller to transition from a low-power state to an active state such that the microcontroller can detect which one of the plurality of keys was actuated. Each key is connected to a single row key connection and a single column key connection. Each row key connection and/or each column key connection is provided with a respective port circuit that is configured to connect the key connection with keys of the keypad when the wake-up signal is activated. Each port circuit comprises a respective port switch that is turned off in the low-power state to disconnect the column key connections/row key connections from the keys of the keypad.
An arrangement 20a-20c) for closing an access member (14) rotatable relative to a frame (12), the arrangement comprising a frame part (30) for fixation to the frame; an access member part (32) for fixation to the access member, the access member part being rotatable relative to the frame part about a hinge axis (16) between a closed position (18) and an open position (24); a mechanical force device (40, 92) configured to store mechanical energy from an opening movement (26) of the access member part from the closed position to the open position, and configured to release the stored mechanical energy to a closing movement (28) of the access member part from the open position to the closed position; an electromagnetic generator (48) arranged to be driven by the closing movement to generate electric energy; and a freewheel (58) arranged to disengage during the opening movement and to engage during the closing movement to drive the generator.
An arrangement (18) for closing an access member (14) rotatable relative to a frame (12), the arrangement comprising a frame part (20) for fixation to the frame; an access member part (22) for fixation to the access member, the access member part being movable relative to the frame part between a closed position (26) and an open position (34); a movable element (24) movable between a first position (28) and a second position (36) relative to the frame part; a forcing device (52) arranged to force the movable element from the second position to the first position; and a cam transmission (42) comprising a cam profile (44) and a cam follower (46) arranged to follow the cam profile, the cam transmission being configured to transmit a movement of the movable element from the second position to the first position to a movement of the access member part from the open position to the closed position.
Disclosed herein are systems and methods for dynamic, power-efficiency -based cryptographic-protocol negotiation with Internet of Things (loT) devices. In an embodiment, a computer system (e.g., an identity-management system) receives, from an loT device, a device-side authentication-initiation message containing a unique device identifier of the loT device. The computer system uses the unique device identifier of the loT device to identity, from a stored power-efficiency reference table, a suitable cryptographic security protocol for the loT device. The computer system transmits, to the loT device, a server-side authentication-initiation message containing an indication of the identified protocol, and the computer system authenticates the loT device according to the identified protocol.
H04L 67/12 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
91.
PROVIDING A CREDENTIAL FOR USE WITH AN ELECTRONIC LOCK
It is provided a method for providing a credential for use with an electronic lock (7) to access to restricted physical space (16). The method comprises: receiving (40) a credential that unlocks the electronic lock (7); generating (42) a credential identifier associated with the credential; sending (44) the credential identifier to an EAC (5); receiving (46), from an electronic wallet provider (6), a request for the credential, wherein the request comprises the credential identifier; packaging (48) the credential, resulting in packaged credential, wherein the packaging complies with a format, selected from a plurality of formats for different electronic wallet providers, corresponding to the electronic wallet provider from which the request is received, enabling the credential to be provided to an electronic wallet in a user device (2) for unlocking the electronic lock (7); and sending (50) the packaged credential to the electronic wallet provider (6).
The present disclosure refers to an RFID device (1) and a method of manufacturing a main antenna (10) of an RFID device (1). The RFID devices (1) comprises a substrate (5), a main antenna (10) embedded in the substrate (5), and a chip module (15) including an integrated circuit (16) and a chip antenna (20) electrically connected to the integrated circuit (16). The main antenna (10) is inductively coupled to the chip antenna (20) and formed by multiple single-strand wires (25) extending adjacent to each other.
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
D06H 1/04 - Marking textile materialsMarking in combination with metering or inspecting by attaching threads, tags, or the like
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
H01Q 1/22 - SupportsMounting means by structural association with other equipment or articles
G08B 13/24 - Electrical actuation by interference with electromagnetic field distribution
93.
PERSONALIZABLE SECURITY DOCUMENT AND METHOD OF MANUFACTURING THE SAME
A personalizable security document (10) includes a security feature (3b) including a combination of a plurality of different features. In particular, the security feature (3b) may include a laser-engraved image in a first layer (16), and one or more fluorescent inks (7a, 7b) in further layers (27a, 27b), which are disposed below the first layer. Optionally, a watermark (8) may also be provided in a lower layer (18). A laser-engraving of the image is performed from a first side (SI) of the substrate (1) such that patterns formed by the inks (7 a, 7b) are not affected. Under white light, the laser-engraved image can be viewed from the first side of the substrate, whereas multi-color fluorescence of the patterns can be observed from the second side (S2) under UV light.
It is provided an electronic lock (12) for controlling access to a restricted physical space (16). The electronic lock (12) comprises: electronically-controllable lock hardware (68); a system-on-chip, SoC, (61) comprising a processor (60) and memory (64). The SoC (61) comprises: a trusted environment (67a) comprising a secure data storage (22) and a lock-core software module (20) comprising instructions that, when executed by the processor, cause the electronic lock (12) to: evaluate access for a user (6) based on data stored in the secure data storage (22) and control the lock hardware (68) based on the evaluation; and an untrusted environment (67b) comprising untrusted software (25, 26) that is prevented from bypassing the lock-core software module (20) to control the electronically-controllable lock hardware (68).
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/87 - Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
G06F 21/74 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
G07C 9/00 - Individual registration on entry or exit
An actuating device (12a, 12b, 12c) for a lock device (10) comprising a stationary structure (90) having a credential receiver (40) for receiving a credential input (42) from a user; an actuating element (16) rotatable about an actuation axis (18) relative to the stationary structure by direct manipulation by the user, where the stationary structure is arranged at least partly inside the actuating element; a locking member (24) movable between a locked position (106) and an unlocked position (no); and an electromechanical transfer device (y2a-y2c) arranged, based on the credential input, to adopt a disabled state (104), in which the locking member cannot be moved from the locked position to the unlocked position by rotation of the actuating element, and an enabled state (108) in which the locking member can be moved from the locked position to the unlocked position by rotation of the actuating element; wherein the credential receiver is at least partly arranged radially inside the actuating element with respect to the actuation axis.
A method of integrating a logical access control system with a physical access control system is disclosed. A soft token is received at a hardware accessory from a client device of a user. The soft token includes a payload. The payload includes information about the user that is stored in a user profile of the logical access control system. Based on a verifying of the soft token using a certificate extracted from a trust store of the hardware accessory, the information about the user that is included in the payload is parsed. Based on the information about the user satisfying one or more access criteria of a reader associated with a physical access control system, the reader is triggered. The triggering includes emulating a transaction associated with the physical access control system.
It is provided a method for finding faults in firmware for a lock device. The method is performed by a test device. The method comprises the steps of: receiving data indicating an event that results in operation of the firmware in a test lock device, the test lock device being capable of performing at least some of the functions of the lock device; sampling a plurality of measurements that are indicative of power use by the test lock device over time, wherein the measurements are captured to cover at least part of the operation of the firmware by the test lock device based on the event; and determining that a potential fault occurs in the firmware for the event when the sampled measurements fail to correspond to the event, based on previously recorded data for the same type of event.
Systems and methods may be used for preconditioning a model, such as for face recognition. The preconditioning may include obtaining a set of facial images, generating, from a plurality of facial images of the set, a plurality of sets of cropped images, each cropped image in the plurality of sets of cropped images including a portion of a face of an image representing a respective set, and preconditioning a machine learning model using the plurality of sets of cropped images. The machine learning model may be refined, such as using a labeled set of captured images of real faces, in an example.
It is provided a method for providing a privacy-enhanced delegated access right to unlock a physical lock. The method comprises: obtaining a derivation scalar; receiving a cryptographically signed delegation from the delegator device, the delegation being a data object comprising a public key of the delegator device, a public key of the physical lock, and a derived public key for the delegatee device, and wherein the delegation is cryptographically signed using a secret key that is paired with the public key of the delegator device; obtaining a source secret key for the delegatee device, the source secret key being paired with the source public key; calculating a derived secret key for the delegatee device using the source secret key for the delegatee device and the derivation scalar; providing the delegation to the physical lock; and authenticating the delegatee device with the physical lock using the derived secret key.
It is provided a method for handling access rights for access to a physical space (16a-g), comprising: communicating (40) with a credential (2) of a user (5), based on short-range wireless communication; determining (42) that the credential (2) does not currently have access rights to access the physical space (16a-g); finding (44) a communication address to a superior (6) to the user (5); generating (46) an increased-access request message, comprising a link that, when activated, adds a first access role to the user (5); sending (48) the increased-access request message to the address of the superior (6); receiving (50) an indication that the superior has activated the link, adding the first access role to the user (5); and granting (52) access for the user (5) to the physical space (16a-g).
patents
