In prior art access control systems, for example as shown in FIG. 1, typically credentials 120 (or other equivalent tokens) are used to authenticate a user to a system. These systems often employ cryptographic protocols, such as ISO 9798-2, to effect mutual authentication between the system and the card. Access is granted when the system recognizes the user, finds the privileges for the user in a database, and makes the decision based on the user's privileges outlined in the database. In all these prior art systems the credential 120 is primarily an information carrier; little use is made of processing power inherent in the credential 120.
In many prior art systems, the database is centralized. FIG. 1 depicts a centralized access control system 100 with a centralized database 104. The benefit of a centralized database in access control is the ease of data management, speed, and consistency with which data updates are shared in the access control system 100. However, such prior art systems suffer from high installation costs. If the access control decision is made centrally, then the locks and/or access points 108 are networked (either wired or wirelessly) to a central server or control panel 112. This is expensive. In the case of wired networks, there are costs associated with materials and labor because the wiring must be physically installed between all system components. In the case of wireless networks, there are increased costs associated with ensuring reliable and secure communication between all network nodes.
Another drawback of these prior art systems is their reliance on a physically or wirelessly connected network 116. Such reliance can cause service interruptions when the network is not available. Prior art systems typically do not store policy information (i.e., information used to grant or deny access to a credential 120) at access points such as a door. Instead the system operates in reduced-mode when communication is lost. Storing policy information at the door is possible in prior art systems, but at a higher cost due to both equipment and maintenance.
Other prior art systems, such as those found in WO04025545 and U.S. Pat. No. 6,719,200 make authentication checks based on biometric information using a networked connection and a credential 120 or other processor device. In these types of prior art systems, a biometric template is stored on the credential 120 and a second biometric template is created from a biometric scan taken in response to an access request. The second biometric template is stored in a database 104 on the network 116 and sent to the credential 120 upon presentation of the credential 120 to an access reader. These systems use biometrics for authentication that can later lead to a control decision after user rights are checked, but the credential's processor does not make the access control decision. Rather, the credential's processor verifies that the biometric data received from the network database matches biometric data stored on the credential 120 before any further communications are initiated by the credential with a reader for purposes of gaining access. In these systems the reader still makes the ultimate access control decision.
In other prior art systems, policy information from the database 104 is distributed among non-networked locks. In these prior-art systems, the management of the policy information is problematic. Updating the databases may be accomplished by special reprogramming visits by security personnel, but this is expensive in time, especially in a large system having numerous non-networked locks. Alternatively, the lock database is updated via a pseudo-network created on the user cards, such as the one discussed in WO05024549A2. In these systems, datagram networking techniques pass database records from central system to non-networked locks by additional messaging between user card and lock, see for example U.S. Pat. No. 6,766,450. Typically, systems based on this model involve passing a large amount of data between the user card and the lock, which slows the access control process and makes the experience unpleasant for the user, and consumes energy. This can be a serious detriment in the case of battery-powered locks where power consumption is at a premium.
In yet other prior art systems, such as those described in U.S. Pat. No. 6,374,356, the database of policy information for each user is carried on the card itself. For example, if a user is privileged to open a certain subset of doors in the system, then the card holds information to that effect. In these prior art systems, the lock reads the database record from the card, then the lock determines if the user privileges include opening the lock. In large systems, the access control database record may contain a relatively large amount of data that must be passed to the lock. This transfer of data again slows the access control process and consumes energy.
Database management and transmitted policy information described in the prior art are both processes that can consume significant amounts of time and energy. Energy use is an important consideration for applications where the local door device is battery operated.