Methods and system for device authentication
US-9332432-B2 · May 3, 2016 · US
Presence-based credential updating
US10050948B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10050948-B2 |
| Application number | US-201314416323-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 26, 2013 |
| Priority date | Jul 27, 2012 |
| Publication date | Aug 14, 2018 |
| Grant date | Aug 14, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and devices for updating access permissions of users in an access control system are described. The access permissions are capable of being updated based on rules and thresholds that include as at least one variable presence or contextual information associated with a user. The presence or contextual information associated with a user may be analyzed to trigger a credential update process for that user or other users within the access control system.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: delivering at least one credential to at least one device associated with a first user, the at least one credential being unusable with one or more physical access control readers until activation, wherein the at least one credential is delivered to the at least one device at a first time, wherein the at least one device associated with the first user comprises a smart phone, and wherein the at least one credential is capable of being transmitted to the one or more physical access control readers prior to activation but is incapable of being verified by the one or more physical access control readers prior to activation; receiving contextual information regarding the first user, the contextual information including information describing one or more network devices with which the at least one device is in communication or has been in communication, wherein the contextual information is received at a second time that follows the first time, and wherein the one or more network devices comprise a network access point; based on the received contextual information, determining a credential update to perform in connection with the at least one device and the at least one credential delivered to the at least one device, the credential update corresponding to at least one action to take in connection with activating the at least one credential; generating a first message that contains at least one instruction to activate the at least one credential; transmitting the first message to the at least one device associated with the first user; generating a second credential activation message; and transmitting the second credential activation message to the one or more physical access control readers. 2. The method of claim 1 , wherein the at least one device comprises a user device configured to exchange messages via a communication network. 3. The method of claim 2 , wherein the first message is transmitted to the at least one device via the communication network in at least one of an SMS message, an email, and an HTTP request. 4. The method of claim 1 , wherein the user device further comprises a secure element that stores the at least one credential as sensitive data in an encrypted format. 5. The method of claim 4 , wherein the secure element corresponds to at least one of a SIM card, microSD card, removeable IC, and embedded IC. 6. The method of claim 1 , wherein the network access point is located in physical proximity to the one or more physical access control readers. 7. The method of claim 1 , wherein the at least one credential comprises multiple credentials. 8. The method of claim 1 , wherein the contextual information regarding the first user further comprises presence information. 9. The method of claim 1 , wherein the contextual information regarding the first user further comprises location information and an identifier of the one or more network devices. 10. The method of claim 1 , wherein the contextual information regarding the first user further comprises information regarding the first user's usage of a particular application on the at least one device. 11. The method of claim 1 , further comprising: based on the received contextual information, determining a credential update to perform in connection with at least one device associated with a second user, the second user being different than the first user; generating a third message that contains at least one instruction to activate at least one credential for the second user; and transmitting the third message to the at least one device associated with the second user. 12. A non-transitory computer-readable medium comprising processor-executable instructions that are executable by a processor, the instructions comprising: instructions that deliver at least one credential to at least one device associated with a first user, the at least one credential being unusable with one or more physical access control readers until activation, wherein the at least one credential is delivered to the at least one device at a first time, wherein the at least one device associated with the first user comprises a smart phone, and wherein the at least one credential is capable of being transmitted to the one or more physical access control readers prior to activation but is incapable of being verified by the one or more physical access control readers prior to activation; instructions that receive contextual information regarding the first user, the contextual information including information describing one or more network devices with which the at least one device is in communication or has been in communication, wherein the contextual information is received at a second time that follows the first time, and wherein the one or more network devices comprise a network access point; instructions that determine, based on the received contextual information, a credential update to perform in connection with the at least one device and the at least one credential delivered to the at least one device, the credential update corresponding to at least one action to take in connection with activating the at least one credential; instructions that generate a first message that contains at least one instruction to activate the at least one credential; instructions that transmit the first message to the at least one device associated with the first user instructions that generate a second credential activation message; and instructions that transmit the second credential activation message to the one or more physical access control readers. 13. A physical access control system, comprising: memory that stores processor-executable instructions; and a processor that executes the processor-executable instructions thereby enabling the processor to: deliver at least one credential to at least one device associated with a first user, the at least one credential being unusable with one or more physical access control readers until activation, wherein the at least one credential is delivered to the at least one device at a first time, and wherein the at least one credential is capable of being transmitted to the one or more physical access control readers prior to activation but is incapable of being verified by the one or more physical access control readers prior to activation; receive at least one of presence information and contextual information associated with the user, the contextual information including information describing one or more network devices with which the at least one device is in communication or has been in communication, wherein the contextual information is received at a second time that follows the first time, and wherein the one or more network devices comprise a network access point; determine that a credential update process is to be performed for the at least one device associated with the first user, the credential update corresponding to at least one action to take in connection with activating the at least one credential; and invoke the credential update process upon determining that the first user has crossed at least one of a physical and logical threshold based on the received at least one of presence information and contextual information, wherein the at least one device associated with the first user comprises a smart phone, and wherein the credential update process includes transmitting a first credential activation message to the one or more physical access control readers as well as transmitting a second credential activation message to the at least one device associated with the first user. 14. The system of cla
Assignees
Inventors
Classifications
Key management, e.g. using generic bootstrapping architecture [GBA] · CPC title
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
- H04L63/0492Primary
by using a location-limited connection, e.g. near-field communication or limited proximity of entities · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10050948B2 cover?
- Methods, systems, and devices for updating access permissions of users in an access control system are described. The access permissions are capable of being updated based on rules and thresholds that include as at least one variable presence or contextual information associated with a user. The presence or contextual information associated with a user may be analyzed to trigger a credential up…
- Who is the assignee on this patent?
- Assa Abloy Ab
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0492. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 14 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).