1. Field of the Invention
The field of the invention relates to access control systems generally, and more particularly to certain new and useful advances in offline smart-card readers and their integration with a networked physical access control system (“PACS”) via one or more smartcards, of which the following is a specification, reference being had to the drawings accompanying and forming a part of the same.
2. Discussion of Prior Art
Traditionally, a PACS has been either online or offline. An online, or networked, PACS stores an individual's access privileges in a database on single or multiple controllers, which are connected to credential reading devices (e.g., “reader” or “reader/writer”) that control access to entry/exit points, such as doors. An online PACS is typically deployed in situations where access control privileges change often with time, and in situations where access control of a facility needs to be as strong and secure as possible.
FIG. 1 illustrates the conventional interaction of two conventional PACS—an online (or networked) PACS 116 and an offline PACS 118. The online PACS 116 includes a computer (or server) 102 that hosts a master database 103 containing one or more smartcard identifiers 211 and access privilege information associated with each of the smartcard identifiers 211. Any of the one or more smartcard identifiers 211 and the access privilege information associated therewith can be added, deleted, and/or modified by a user of the computer 102. A host-controller (e.g., first) communication path 122 couples the computer 102 with a controller 104, which hosts a replicated master database 105. Smartcard readers 108 are coupled to the controller 104 by online reader-controller (e.g., second) communication paths 124, and are coupled with doors 112 by online reader-door (e.g., third) communication paths 126. Smartcard holders use the same smartcard 200 in the online access control portion 116 and the offline access control portion 118; but the smartcard 200 contains only a smartcard identifier 211 and does not contain any access privilege information associated with the smartcard identifier 211. Instead the access privilege information remains stored in the master database 103, in the replicated master database 105 on the controller 104, and in another copy 107 of the replicated master database 105 (or is a part of the master database 103) that is stored on an offline reader 106, which is coupled to an offline door 114 via an offline reader-door (e.g., fourth) communications path 130. A path 128 that the smartcard 200 follows as it moves between an online reader 108 in the online access control portion 116 and the offline reader 106 in the offline access control portion 118 is indicated by a dashed line. Arrow 120 indicates a directional flow of access control information, instructions, and computer programs.
FIG. 2 illustrates conventional types of data 210 typically stored on the conventional smartcard 200. These conventional types of data 210 include the smartcard identifier 211, other data 213, and smartcard programs, bytecode, and executable files 215, e.g., “executables” or “binaries”. “Bytecode” refers to various forms of instruction sets designed for execution by a software interpreter, which can be further compiled into machine code. Bytecode can be executed directly on a virtual machine, e.g., interpreter, or further compiled into machine code for better performance. More compact than source code, bytecode allows better performance than interpreting source code directly. Most implementations of computer languages execute a program first by compiling the source code in bytecode, and by subsequently passing the bytecode to a virtual machine. In contrast to files that contain only data, “executable files” cause a computer to perform various tasks per encoded instructions. In operation the online PACS 116 pushes the access privilege information and decision-making capabilities to the one or more central controllers 104, each of which can be easily updated to incorporate changes made to the access control information stored on the computer 102. That said the controllers 104 are sometimes overloaded and therefore periodically unavailable for updating access control information.
The offline PACS 118 also pushes the access privilege information and decision-making capabilities to the offline reader 106, which is capable of reading the smartcard identifier 211 from a smartcard 200 when the smartcard 200 is presented. In the offline PACS 118, a copy of the replicated master database 105 containing each smartcard identifier 211 and its associated access privileges is stored at every entry/exit point, i.e., on each offline reader 106. Unlike the online readers 108 in the online PACS 116, each offline reader 106 is not connected to a central point or amongst each other. Consequently, updating access privilege information is difficult, since the requisite database (or firmware) modifications must be done manually for each and every offline reader 106.