Bluetooth device authentication over Bluetooth advertisements

What is claimed is: 1. A method of authenticating a mobile device over Bluetooth advertisements, the method comprising: establishing a Bluetooth protocol connection between the mobile device and the access control device, wherein establishing the Bluetooth protocol connection between the mobile device and the access control device comprises establishing a secure Bluetooth pairing between the mobile device and the access control device; exchanging data for secure authentication between the mobile device and the access control device over the Bluetooth protocol connection; disconnecting the Bluetooth protocol connection between the mobile device and the access control device in response to exchanging the data for secure authentication between the mobile device and the access control device; broadcasting, by an access control device while not paired with the mobile device and subsequent to exchanging the data for secure authentication, a first Bluetooth advertisement including a challenge message generated by the access control device; receiving, by the mobile device while not paired with the access control device, the first Bluetooth advertisement including the challenge message; broadcasting, by the mobile device while not paired with the access control device and subsequent to exchanging the data for secure authentication, a second Bluetooth advertisement including a challenge response message generated by the mobile device based on the challenge message; receiving, by the access control device while not paired with the mobile device, the second Bluetooth advertisement including the challenge response message; and determining, by the access control device while not paired with the mobile device, whether the mobile device is authorized to perform an action with respect to the access control device by verifying the challenge response message. 2. The method of claim 1 , further comprising generating, by the mobile device, the challenge response message by cryptographically signing the challenge message with a private key of the mobile device. 3. The method of claim 2 , wherein the challenge response message comprises a unique identifier of the mobile device. 4. The method of claim 3 , wherein verifying the challenge response message comprises verifying the signed challenge message using a public key of the mobile device stored on the access control device. 5. The method of claim 4 , wherein exchanging the data for secure authentication between the mobile device and the access control device comprises transmitting the unique identifier of the mobile device and the public key of the mobile device to the access control device. 6. The method of claim 5 , wherein verifying the signed challenge message comprises identifying the public key of the mobile device stored on the access control device based on the unique identifier of the mobile device extracted from the challenge response message. 7. The method of claim 1 , further comprising unlocking a lock mechanism associated with the access control device in response to verifying the challenge response message. 8. The method of claim 1 , wherein the first Bluetooth advertisement comprises a Bluetooth extended advertisement. 9. An access control system, comprising: a mobile device; and an access control device configure to (i) establish a secure Bluetooth pairing with the mobile device, (ii) exchange data for secure authentication with the mobile device over the secure Bluetooth pairing, (iii) disconnect the secure Bluetooth pairing with the mobile device in response to exchanging the data for secure authentication with the mobile device, and (iv) broadcast a first Bluetooth advertisement including a challenge message generated by the access control device while not paired with the mobile device and subsequent to exchanging the data for secure authentication with the mobile device; wherein the mobile device, while not paired with the access control device, is configured to (i) receive the first Bluetooth advertisement including the challenge message and (ii) broadcast, subsequent to exchanging the data for secure authentication, a second Bluetooth advertisement including a challenge response message generated by the mobile device based on the challenge message; and wherein the access control device, while not paired with the mobile device, is further configured to (i) receive the second Bluetooth advertisement including the challenge response message and (ii) verify the challenge response message to determine whether the mobile device is authorized to perform an action with respect to the access control device. 10. The access control system of claim 9 , wherein the mobile device is configured to generate the challenge response message by cryptographically signing the challenge message with a private key of the mobile device. 11. The access control system of claim 10 , wherein the challenge response message comprises a unique identifier of the mobile device. 12. The access control system of claim 11 , wherein to verify the challenge response message comprises to verify the signed challenge message using a public key of the mobile device stored on the access control device. 13. The access control system of claim 12 , wherein to exchange the data for secure authentication of the mobile device comprises to receive the unique identifier of the mobile device and the public key of the mobile device. 14. The access control system of claim 13 , wherein to verify the signed challenge message comprises to identify the public key of the mobile device stored on the access control device based on the unique identifier of the mobile device extracted from the challenge response message. 15. The access control system of claim 9 , further comprising a lock mechanism associated with the access control device; and wherein the access control device is configured to unlock the lock mechanism in response to verification of the challenge response message. 16. An access control device, comprising: at least one processor; and at least one memory comprising a plurality of instructions stored thereon that, in response to execution by the at least one processor, causes the access control device to: establish a secure Bluetooth pairing with a mobile device; exchange data for secure authentication with the mobile device over the secure Bluetooth pairing; disconnect the secure Bluetooth pairing with the mobile device in response to exchanging the data for secure authentication; broadcast a first Bluetooth advertisement including a challenge message while not paired with the mobile device and subsequent to exchanging the data for secure authentication; receive a second Bluetooth advertisement broadcasted by the mobile device in response to broadcasting the first Bluetooth advertisement while not paired with the mobile device and subsequent to exchanging the data for secure authentication, wherein the second Bluetooth advertisement includes a challenge response message generated by the mobile device based on the challenge message; and verify, while not paired with the mobile device, the challenge response message to determine whether the mobile device is authorized to perform an action with respect to the access control device. 17. The access control device of claim 16 , wherein the challenge response message includes (i) a unique identifier of the mobile device and (ii) the challenge message cryptographically signed with a private key of the mobile device. 18. The access control device of claim 17 , wherein to verify the challenge re