This application relates to controlled access systems, and particularly to innovations in renewing access privileges for a user of the system.
In some controlled access systems, various users are given privileges to access the system on a limited basis. For example, the privileges may be time-limited and set to expire after a given time, such as upon a certain time and/or date, after expiration of a predetermined period following grant of the privileges, etc. Privileges may also be limited in other ways, such as by the occurrence of an event, e.g., exceeding a predetermined number of uses or attempted uses.
Limiting the privileges of users has certain benefits. Limited privileges can improve overall system security because user involvement can be required, e.g., to confirm the user's identity, to confirm the user is an active user, to confirm the user still agrees to comply with the system's rules and policies, etc. The automatic expiration of privileges can reduce the system's exposure to a security breach from a rogue user, because the breach will be limited in time by the next normal expiration of privileges. Limited privileges can allow the system administration to exercise greater control in making changes to the system.
One class of controlled access systems concerns restricting access to physical assets, i.e., access to places or things. If the assets are at different locations, such a system may include centralized administration for efficiency and convenience. In a system with centralized administration, renewal of access privileges generally occurs at a central location or at locations linked to the centralized administration, but not at “in the field” locations, such as near the assets a user might be attempting to access.
The renewal process typically involves some form of check on the user's status to hold access privileges. In some systems, the user may need to verify or authenticate his identity before renewal can take place. If the check reveals that the user is no longer entitled to access privileges, renewal is denied. If the user is in good standing, or addresses the outstanding requirements, renewal takes place and the user is reauthorized for the next privileges period.
One type of controlled access system is used primarily to facilitate the showing of real estate properties to prospective buyers. The system uses electronic lockboxes having a locked compartment that holds a physical key to a dwelling or other site of interest on the property. Access to the lockbox, and thus to the physical key stored in the lockbox, is granted if the user presents an appropriate credential, which can be, e.g., an access code. Such a code can be entered directly on the lockbox, e.g., on a keypad attached to the lockbox, or the user can communicate the code to the lock box. The user can be issued an electronic device, referred to as a “key,” that is capable of communicating the access code to the lock box. The access code can be communicated by direct electrical connection (e.g., establishing electrical contact between a portion of the electronic key and corresponding structure associated with the lock box) or any type of wireless communication from the key to the lockbox (e.g., radio, RF, Bluetooth, IR, IrDa, optoelectronic communication, acoustic coupling, etc.).
In conventional systems, the user's key can be a personal digital assistant (e.g., a Palm device, a Pocket PC device, or other device), cellular telephone or other personal general purpose microprocessor-based device capable of being programmed to function as an electronic key. In other conventional systems, the key is a microprocessor-based dedicated electronic key with a user interface (e.g., a keypad) and, optionally, a display. In still other conventional systems, the key is a card having a memory for electronic data, such as a magnetic strip card, an optical memory card, or a smart card with an embedded microchip.
Renewal of access privileges while “out in the field” is not supported in some conventional real estate controlled access systems. Rather, a user seeking to renew his privileges must establish communication with the central administrator from a linked location. Typically, such linked locations would include the user's home or office, and the link could be established via a desktop PC. There may also be a location provided at the real estate board administrator's offices.
In other real estate controlled access systems, access privileges can be renewed remotely, but validation of such remotely renewed privileges is limited. In one scenario, an authorized user requests renewal via a telephone link with a system administration, and receives a code which is then entered via the user's key. Once the code is entered into the key, the key is reauthorized for a predetermined period. Typically, no additional validation takes place. For example, the lock or locks to which the key holder addresses his requests do not separately validate the key holder's identity, etc.
There is a need to make remote renewal of access privileges more feasible, more flexible and more secure in a variety of secure access systems.