Utilizing caveats for wireless credential access

What is claimed is: 1. A method for utilizing caveats for wireless credential access, the method comprising: receiving, by an access control device, a credential token from a mobile device, wherein the credential token includes an access credential and a caveat that instructs the access control device to perform an associated action; determining, by the access control device, a credential type associated with the access credential based on the credential token; determining, by the access control device, a set of caveat rules associated with the credential type, wherein the set of caveat rules identifies one or more actions authorized for an access credential of the credential type; validating, by the access control device, the caveat using an integrity-validating function based on data included in the credential token; and performing, by the access control device, the associated action identified by the caveat in response to a determination that the associated action is an action authorized by the set of caveat rules associated with the credential type, and wherein the associated action identified by the caveat is performed in addition to a standard action associated with the credential type. 2. The method of claim 1 , wherein the integrity-validating function comprises a hash function. 3. The method of claim 1 , wherein the integrity-validating function comprises a digital signature. 4. The method of claim 1 , wherein the credential token further includes a user code; and wherein determining the credential type comprises determining the credential type associated with the access credential based on the user code. 5. The method of claim 4 , wherein the access credential is determined to be of a first credential type if the user code is a first user code and of a second credential type if the user code is a second user code. 6. The method of claim 1 , further comprising ignoring, by the access control device, the caveat in response to a determination that the associated action is an action not authorized by the set of caveat rules associated with the credential type. 7. An access control device for utilizing caveats for wireless credential access, the access control device comprising: a processor; and a memory comprising an access control database and a plurality of instructions stored thereon that, in response to execution by the processor, causes the access control device to: receive a credential token from a mobile device, wherein the credential token includes an access credential and a caveat that instructs the access control device to perform an associated action; determine a credential type associated with the access credential based on the credential token; determine a set of caveat rules associated with the credential type, wherein the set of caveat rules identifies one or more actions authorized for an access credential of the credential type; validate the caveat using an integrity-validating function based on data included in the credential token; and perform the associated action identified by the caveat in response to a determination that the associated action is an action authorized by the set of caveat rules associated with the credential type, and wherein the associated action identified by the caveat is performed in addition to a standard action associated with the credential type. 8. The access control device of claim 7 , wherein the integrity-validating function comprises a hash function. 9. The access control device of claim 7 , wherein the integrity-validating function comprises a digital signature. 10. The access control device of claim 7 , wherein the plurality of instructions further causes the access control device to ignore the caveat in response to a determination that the associated action is an action not authorized by the set of caveat rules associated with the credential type. 11. An access control system, comprising: a mobile device; a host server configured to receive an access credential from a credential server and transmit the access credential to the mobile device; and an access control device comprising a memory having an access control database stored thereon, wherein the access control device is configured to: update the access control database based on access control data received from the host server, wherein the access control data identifies the access credential; receive a credential token from the mobile device, wherein the credential token includes the access credential and a caveat that instructs the access control device to perform an associated action; determine a credential type associated with the access credential based on the credential token; determine a set of caveat rules associated with the credential type, wherein the set of caveat rules identifies one or more actions authorized for an access credential of the credential type; validate the caveat using an integrity-validating function based on data included in the credential token; and perform the associated action identified by the caveat in response to a determination that the associated action is an action authorized by the set of caveat rules associated with the credential type, and wherein the associated action identified by the caveat is performed in addition to a standard action associated with the credential type. 12. The access control system of claim 11 , wherein the mobile device is offline when interacting with the access control device. 13. The access control system of claim 11 , wherein the integrity-validating function comprises a hash function. 14. The access control system of claim 11 , wherein the integrity-validating function comprises a digital signature. 15. The access control system of claim 11 , wherein the associated action identified by the caveat is performed in addition to the standard action associated with the credential type. 16. The access control system of claim 11 , wherein the associated action identified by the caveat is performed in the alternative to the standard action associated with the credential type. 17. The method of claim 1 , wherein the set of caveat rules associated with a one-time use credential type identifies an add user action, a remove user action, and a modify permissions action as authorized actions. 18. The method of claim 1 , wherein the set of caveat rules associated with a pass-through credential type identifies one or more of an add user action, a remove user action, a modify permissions action, a wireless call-in action, a calibrate sensors action, a lockdown action, a toggle action, and a run diagnostics action as authorized actions. 19. The method of claim 1 , wherein the set of caveat rules associated with the caveat type identifies one or more of an add user action, a remove user action, a modify permissions action, a wireless call-in action, a calibrate sensors action, a lockdown action, a toggle action, and a run diagnostics action as authorized actions.