The present disclosure relates generally to access control systems, and more particularly, to a system and a method for establishing trust relationships and initializing a mobile device to operate in a mobile credentialing system.
An access control system is typically operated by encoding data on a physical key card that indicates access rights. Some access control systems are online where the reader can use some means to communicate with the access control system. In online systems the access rights are usually a reference identifier. Other access control systems are offline and the access rights are encoded as data that can be decoded and interpreted by the offline lock to retrieve the access rights. An example is a hotel locking system where a front desk encodes a guest card and an offline, battery powered lock on a guest room door has the means to decode the card and permit or deny access based on the encoded access rights. Some methods of encoding access rights include sequencing where subsequent access rights have a sequence number that is greater than the prior access rights.
When a user downloads or loads a restricted use application, such as is used for access control in a mobile credentialing system, on a mobile device, the user is typically required to enter account information, for example, an authorization code, which is essentially a software key, installation key, or the like. The account information enables the use of an application through various methods of authenticating the account information and the authorization code encapsulates account information by using encryption and is entered by the user of the mobile device into the application. In addition to the authorization code, the user must typically also enter or select a Host Name for the desired service.
A mobile credential service, for example, can be hosted at different locations reachable by the application on the mobile device and the entered Host Name information would determine which location to use. Further, the separate locations could be for geographic distribution, for load balancing, for disaster recovery if a primary service down, etc. Entering account information or an authorization code, which can be typically 30 numeric digits long, and a Host Name may be cumbersome to perform on a mobile device. In addition, the user may first enter a hotel loyalty account information and it is cumbersome to also be required to enter an authorization code and Host name for the mobile credential service that is utilized by the hotel loyalty application to open access controls, for example, locks to exercise their access rights.