In access systems, it is common to segregate their use and application to so-called physical access systems and logical access systems. Physical access systems typically are employed to gain access to a physical location in a campus or complex, into a building, particular floor, or office, or to access laboratories, computer rooms, parking lots or the like. By contrast, logical access refers to systems that are usually computer systems, accessed for data and information or for data processing services. Both types of systems have evolved over time from locks and keys, to ID badges and electronic cards in physical systems to login/password credentials commonly employed in computer systems and also to electronic smart cards for higher security logical access. The subject of this invention is to disclose an improved system to provide access in both of these environments. By way of simplicity and not by way of limitation; the invention will be further described for use in a physical access control system.
In a physical access control system, it is common to have a reader of some type (e.g., smart card, Wiegand, magnetic stripe, punch code, barium ferrite, or bar code) at a door location or entry point (e.g., gate, turnstile, or vestibule). Each person who is authorized to enter the premises carries an access card (similar to a credit card) that is presented to the reader. The reader matches the particular card type, and in turn reads a message from the card based on the card's insertion, swiping, scanning, or waving in front of the reader. The reader is programmed to strip the overhead structure of the message, and reformat the message in a standardized data stream which the reader sends to a control panel.
Wiegand code is commonly used as the standardized format, although other codes and communication methods (e.g., serial, Ethernet, TCP/IP, and the like) are also used. The control panel may or may not recognize the card as belonging to the population of authorized entrants. If the card is recognized as authorized then the panel takes appropriate action which in a physical access system, generally involves turning on a relay which sends current to open the door which is equipped with a device such as a magnetic lock or strike.
Increasingly, the access cards are electronic cards, employing RFID (Radio Frequency IDentification) technology. The cards contain an RFID chip or ASIC which has a code number in its data structure. The code number may be simple or complex, including multiple fields and the use of encoding and encryption. The fields may, for example, correspond to a serial number and a facility code to designate the building or series of buildings, all encoded with a hash or cryptographic key. The chip within the card is connected to an antenna and the card is able to communicate to the reader using an inductive coupling method and protocols (e.g., RFID). The reader typically sends out an interrogating signal at 125 KHz to 134 KHz which is known as Low Frequency (LF). Other frequencies are also used; for example, another common frequency band known as High Frequency (HF) operates at the singular frequency of 13.56 Mhz. Others utilize higher frequencies in the Ultra High Frequency (UHF) and higher bands.
There are many advantages to electronic RFID cards which include higher security protocols, increased resistance to vandalism, minimal to no wear through contact or use, increased reliability, and the general convenience of a user not having to insert or swipe the card into a reader. However, the readers are complex and costly and must typically be installed, wired, powered, and operate in sometimes a harsh, external environment. Also, one reader is usually required at every portal or access point.
Generally, the reader does not usually make the final decision as to whether a card is valid or not. But, if the card is of the correct format, the reader sends the data stream (typically decoded) via a simple message to a control panel. The control panel may be connected to a number of readers. In simple, less secure systems, this data stream is typically of the Wiegand protocol type—a self clocking, three-wire protocol well known in the industry and used in most access control systems. More sophisticated systems employ more robust communication protocols, which may include serial or network communication with mutual authentication and/or encryption. The control panel has a database consisting of a list of authorized card numbers as well as other information as to this cardholder's access rights: particular doors, days of the week, time of days, and the like, that this individual has access. When the panel sees a card that is authorized, the panel operates a relay which is connected to one or more electromechanical devices on the door such as a magnetic strike and the door will be allowed to open.
The reader is typically equipped with an LED and/or a sounding device used by the system to visually or audibly indicate to the user if the code has been accepted. These devices may be programmed to behave in different ways depending on the system's ultimate action.
FIG. 1 is a block diagram of a system for providing identity and authentication services in a typical access system employing an access card, access reader, and access control system. The system includes an Access Control Reader 102 connected to an Access Control Panel 105 by means of Wiegand signal 103 and with a card 100 presented to be read using an RFID signal 101. When card 100 is presented and read, the data encoded on the card is transmitted to the Access Control Panel 105 by the reader utilizing Wiegand signal 103. The panel authenticates the encoded data as being part of this system and uses it to determine the cardholder's access rights. If rights match the programmed criteria, the Access Control Panel 105 enables a control signal to unlock the portal or Door 104, through Door Strike 107. It also controls LED indicators and sounders on the Access Control Reader 102 to give feedback to the user. A Computer Server 106 with a database is usually employed in larger systems to manage and administrate cardholder changes, adds, deletes, and so on.
It is desirable, but not presently possible, to perform physical or other portal access at a location without a reader being located at each of the access points. It is the object of this disclosure to describe a system and method which achieves these beneficial objectives through the use of an RFID tag and a mobile device and to additionally achieve the objectives in a secure manner.