In many real estate settings common areas may be shared among several different entities. These common areas must be crossed to gain access to the entities' private areas. For example in an office tower several large tenants share the lobby, parking areas and elevators. During off hours these common areas are restricted to authorized individuals. Each entity may wish access for thousands of individuals to these public areas in order to access their private space. As an example consider a high rise office tower housing several corporations each with thousands of employees. It is common practice for each entity to equip their personnel with electronically readable credentials (coded indicia) which serve as a key to access the entities' private areas. These credentials when used in conjunction with electrically controlled locks on the portals and computer databases are known as card access systems. The advantages of card access systems as taught by U.S. Pat. No. 2,714,201 Identification Selector at Column 1 lines 33-52 are well known to the owners and managers of these properties.
As these systems have proliferated it has become common for each entity within the building to purchase their own proprietary access control systems. The owners and managers of these properties desire to accommodate each entity's desire to grant access to authorized individuals yet deny access to all others. The property managers could either issue their own credentials to all authorized people, allow each entity to mount their own credential reader and controls on the building portals, have each entity periodically share a list of authorized credentials, or require the entities to expose their credential databases on a common network. Each of these techniques has significant disadvantages as described below.
Issuing everyone their own building management credential has several disadvantages. First, it requires the purchase and distribution of credentials for everyone authorized to use the common spaces afterhours. Typically the common area credentials are incompatible with the entity's proprietary standards for credentials. Therefore, this technique often requires the individuals to carry multiple credentials. Additionally, the building management must be kept abreast of each entity's personnel changes. The typical implementation is a manual system of faxed or emailed paper work. A common problem with a manual system is the building's database becoming “stale” with outdated information. The result can be terminated individuals still having access to the building and newly hired individuals being denied access because the system which transmits the changes from the tenant to the building management has broken down. The results can range from inconvenience for the new hires to a potentially dangerous situation where an aggressive terminated employee has afterhours access to the common areas.
Allowing each entity to mount their own credential reader and control system on the building portals results in an aesthetically disagreeable and confusing collage of credential readers at each of the building portals. Additionally if one of the controlling systems should fail often the buildings doors are either locked or unlocked at the wrong times and the resultant afterhours service requires both coordination of multiple vendors and extensive diagnostics on the part of the common area's management to determine which panel has failed. Even knowing which tenant's panel has failed then requires common area's management to know which vendor to call as some entities frequently change access control vendors.
If the tenant and the management can agree upon a specific credential technology then building management can update their database of valid access credentials based on a database extraction of the tenant's system. The issue of choosing a specific credential technology has been eased by the introduction of credential readers capable of reading multiple technologies. An example of a multi-technology credential reader is taught by U.S. Patent Application Publication No. 2007/0057057 Synchronization Techniques In Multi-Technology/Multi-Frequency RFID Reader Arrays Page 1 Paragraph [0011] and embodied by the HID Model RP40 multiCLASS Reader 6125. http://www.hidglobal.com/documents/rp15_rp40_rpk40_ds_en.pdf
An example implementation of this technique was demonstrated by George Mallard's article “Future of access control tied to integration” in Access Control Magazine Volume 34, Number 10 Sep. 1991, page one. This solution works well and addresses the aesthetic and service problems of multiple credential readers at the building portals. This solution partially addresses the “stale” database problems because the download and processing cycles are typically a batch process it can take some time for the credential issued by the tenant to become active in the building's system. Additionally, the maintenance of the database transfer can be problematic and requires customization of both the entity's and the building management's access control systems software to accommodate the extraction and importing of each entity's authorized credential list. Finally, many companies have become reluctant to share a list of their credential holders with outside entities.
The Federal Government has addressed this same problem of authentication of credentials where several agencies need access to a shared portal. Their method of cross agency authentication is documented by the Backend Authentication Work Group prepared for the Federal Smart Card Interagency Advisory Board (IAB), “Framework for Interagency Authentication of Federal Personal Identity Verification (PIV) Cards”, August 2006, http://www.smart.gov/iab/documents/FrameworkInteragencyAuthenticationFederalPIV.pdf. This method defines a protocol where one agency can query another agency's security database over a network. Where this method addresses the problem of multiple entity authentications, it does require each entity to expose their security database on a common network and all entities to conform to a standard protocol. On page seven of the report the authors note that “A secure means of transporting these messages must be devised”. Further on page 12 the authors state “The most important aspect of this security (since the message payload will be encrypted) is that a gateway can trust that the message was sent by another trusted gateway”. The Federal Government has the resources to implement the security required by this technique. However, in a commercial environment costs are a factor. Therefore, as is known to those skilled in the art, the cohabitation of databases on a common network is both expensive to implement and maintain and opens the possibility of unauthorized access to sensitive information. The standard protocol for exchange of information may not be supported by all entities and therefore require expensive modifications to their access control systems. These factors make the common protocol choice unattractive for commercial users.
The reader communicates the alphanumeric code read from the individual's credentials to the control panel utilizing serial data, clock plus data, or the Weigand interface well known to those skilled in the art. Serial data is sent using an interface standard such as defined by the RS485, RS232, RS422 or other standard. The Weigand interface was defined by Sensor Engineering in the early 1980's and is documented in the HID application note AN004.DOC prepared by Eric Sprik Sep. 21, 1998 page 9 www.hidqlobal.com/documents/0004 an en.pdf also the 2005 HID document “Understanding Card Data Formats” http://www.hidqlobal.com/documents/understandCardDataFormats_wp_en.pdf documents the Weigand message structure.
As gleamed from Tech Tip #5 within Mr. Sprik's AN004.DOC page 11, the structure of a common indicia coding are shown in FIG. 3A and FIG. 3B. A credential with an indicium facility code of 159 and a personal identification number of 2199 are illustrated in both Figures. This coding has 26 binary digits or bits formed from the two parity bits (301, 304), the eight facility code bits (302), and the sixteen personal identification number bits (303).
First refer to FIG. 3A to understand the error checking. The first parity bit (301) is set so that the count of bits with a value of 1 in the combined set of the parity bit (301) and the first twelve significant bits (307) is an even number, in this case six. This scheme is known as “even parity”.
The second parity bit (304) is set so that the count of bits with a value of 1 in the combined set of the parity (304) and the last twelve significant bits (306) is an odd number, in this case seven. This scheme is known as “odd parity”. Parity is used to insure the coding was correctly read from the credential.
Now refer to FIG. 3B to understand the structure of the indicia coding. The eight bits used for the facility code (302) defines a set of two hundred and fifty six unique facility codes. In FIG. 3B (302) the facility code shown is 159. The sixteen bits of the personal identification number (303) defines a set of sixty five thousand, five hundred and thirty six unique personal identification numbers. In FIG. 3B (303) the personal identification number is 2199.
An entity will be assigned a facility code so that their credentials will be distinct from every other entity's credentials. Consider telephone numbers, a person in Houston could have the same seven digit phone number as someone in New York. But the area codes make the phone number unique. In the same manner a twenty six bit credential from entity A may have the same personal identification number as someone from entity B. The facility codes make the credentials unique. Since this twenty six bit coding scheme was devised by Sensor Engineering in the late 1970's the success of access control equipment has outdated the twenty six bit coding scheme.
Newer schemes with many more bits both for the facility codes and the personal identification number have been devised which allows the manufacturer to enter into agreements that allow the entities to “own” their facility codes. This practice is documented in the 2005 HID white paper “Understanding the Corporate 1000” page 1 http://www.hidqlobal.com/documents/understandingCorp1000_wp_en.pdf. It should also be noted that some of these newer schemes have more parity bits and/or error checking and correction bits known to those skilled in the art. Essentially any of the techniques used for error checking and/or correction in serial data transmission, for example Cyclic Redundancy Checking can be employed for the credential indicia.
As taught by U.S. Pat. No. 4,839,640 Access control system having centralized/distributed control at Column 9 lines 31-39 the basic architecture of electronic access control equipment is well known to those skilled in the art.
Referring to FIG. 2, the individual 200 approaches portal (209) and presents his credentials to reader (201). The electrically encoded identification is transmitted to control panel (202) via connection (206). The panel (202) then formats this identification into a message and transmits it to the monitoring computer (204) via communication line (203). This message is received by the computer (204). The computer (204) processes the message, typically by consulting a database of authorized users, and then returns a message that either authorizes or denies access to the portal (209). The panel (202) receives the message from communication line (203) and, if authorized, the individual is granted access to the portal (209) by the closure of an electrical contact within panel (202) releasing electrical locking device (208) via connection (205).
Only the access control panel (202) release circuitry is shown for the locking device (208a). Other circuitry required to provide life safety functionality and operate the lock have been omitted for clarity. Some examples omitted circuitry include the lock power supply, request to exit device, fire alarm interface, an exit button with time delay, and alarming functions to alert monitoring personnel that the lock has malfunctioned or has been propped open.
It should be noted that U.S. Pat. No. 4,644,484 Stand-alone access control system clock control at Column 2 lines 38-41 teaches that the cardholder database can be incorporated within the control panel (202).
The Laredo interface as produced by KMS Systems, Inc. which was demonstrated to the public at TechSec in Dallas February 2007 incorporated certain features used in the present invention. However, the Laredo system neither received broadcasts of the individual's credential request nor tested portions of the credential coding against a predefined list before transmitting the credential coding to the entity's legacy access control panel. Nor did the Laredo demonstrated transmit messages indicating a Deny, Time Expired, Handicap, or Invalid Facility Code.
A method to extend credential reader signals point to point over a network is illustrated by the Cypress Computer Systems, Inc. single reader extender model SIO-7200. http://cypressworld.net/index.htm?p=spec&cat=SIO-7200 and the dual reader version DPX-7200 http://www.cypressworld.com/CD/PDF/cutsheet/DPXCutSheet.pdf. As described on page one of the Cypress Computer System user manual, http://www.cypressworld.com/CD/PDF/Duprex/DPX-7200.pdf the 7200 series is a paired central and remote point to point network devices. The Nov. 18, 2004 setup document http://cypressworld.com/271101/CD/Duprex/Ethernet/AN-SY-DPX-7200-1_v100.pdf further illustrates this with the central device's IP address requiring the remote device's IP to be entered in the setup, page 8. Similarly the remote device's IP is required when setting up the central device. In contrast to a point to point system, the present invention described herein is a multipoint network system.
It should be noted that while the present invention incorporates some of the elements of a distributed database system as taught for example by U.S. Pat. No. 5,721,909 Distributed Database Architecture and Distributed Database Management System for Open Evolution at Column 1 lines 32-40, the present invention lacks points 3 (“true database not a collection of files that are stored at each node”) and 4 (“the full functionality of a database management system”). In the present system, as each entity manages their own list of credentials (files) so that present the invention is not a true database. In the present system, by design, there is no mechanism or administrator feature that would allow a single entity to manage all the access control system's databases.