Secure short-distance-based communication and access control system

What is claimed is: 1. A secure short-distance-based communication and access control system to control access to a restricted area, the system comprising: a plurality of electronically-controlled movable physical barriers, wherein each electronically-controlled movable physical barrier is located in a different sub-location of a plurality of sub-locations of an access control area associated with the restricted area; at least one beacon for each sub-location, wherein each beacon broadcasts a beacon ID, including one or more unique identifiers, in its sub-location; and a zone computer associated with a different sub-location of the plurality of sub-locations, wherein the zone computer comprises: an actuator driver circuit to control actuation of the physical barrier for the sub-location of the zone computer; a short-distance communication interface to communicate with a mobile device if the mobile device is in the sub-location of the zone computer; and a processor to: receive a mobile device identifier from the mobile device via the short-distance communication interface, wherein the mobile device identifier is based on the beacon identifier included in the broadcasted signal; determine a proximity of the mobile device to a sub-location of the plurality of sub-locations; determine whether the mobile device is in the sub-location of the zone computer based on the determined proximity of the mobile device to the sub-location in response to a determination that the mobile device is in the sub-location of the zone computer, determine whether a user associated with the mobile device is validated to access the restricted area, and in response to determining the user is validated, send a signal to the actuator driver circuit to invoke opening or closing of the physical barrier for the sub-location of the zone computer. 2. The secure short-distance-based communication and access control system of claim 1 , wherein the received mobile device identifier is unique to a current location of the mobile device when the mobile device transmits the mobile device identifier to the zone computer of the sub-location where the mobile device is located. 3. The secure short-distance-based communication and access control system of claim 1 , wherein the processor uses one or more encryption keys to securely transmit messages to the mobile device in response to determining the mobile device is in the sub-location of the zone computer. 4. The secure short-distance-based communication and access control system of claim 3 , wherein the securely transmitted messages authenticate the mobile device and the zone computer. 5. The secure short-distance-based communication and access control system of claim 4 , wherein if the mobile device is authenticated, the securely transmitted messages include messages for validating the mobile device. 6. The secure short-distance-based communication and access control system of claim 3 , wherein to securely transmit the messages to the mobile device, the processor encrypts the messages with the one or more encryption keys. 7. The secure short-distance-based communication and access control system of claim 1 , wherein a fare associated with accessing the restricted area is paid from a user account to validate the user. 8. The secure short-distance-based communication and access control system of claim 7 , wherein the zone computer comprises a network interface, and the zone computer communicates with a backend server via the network interface to validate the user. 9. The secure short-distance-based communication and access control system of claim 1 , wherein a range of the short distance communication interface includes the sub-location of the zone computer and an adjacent sub-location. 10. The secure short-distance-based communication and access control system of claim 1 , wherein the system controls entry or exit to the restricted area at each sub-location, and the control is independent for each sub-location. 11. A mobile device comprising: at least one short-distance communication interface to receive a beacon identifier (ID) from at least one beacon; a data storage storing an operating system and an access control application; a processor executing the operating system, wherein the operating system determines whether the received beacon ID is a registered beacon identifier, and in response to determining the received beacon ID is registered, launches the access control application; the access control application, in response to being launched, is executed by the processor, the access control application to: determine whether the mobile device is at a sub-location of an access control area associated with a restricted area, wherein the access control area includes a plurality of sub-locations, in response to a determination that the mobile device is at the sub-location, calculate a mobile device identifier (ID) for the mobile device based on the beacon ID, wherein the mobile device ID is valid for the sub-location where the mobile device is currently located, and is not valid for any sub-location where the mobile device is not currently located, engage in secure communication with a zone computer for the sub-location using one or more keys via the at least one short-distance communication interface, wherein to engage in secure communications with the zone computer, the access control application causes the processor to: send the calculated mobile device identifier to the zone computer; validate a user associated with the mobile device; and allow access to the restricted area through the sub-location if the user is validated. 12. The mobile device of claim 11 , wherein the mobile device ID is calculated based on at least one of a signal strength of a received signal from the at least one beacon, a major ID of the beacon ID, and a minor ID of the beacon ID. 13. The mobile device of claim 11 , wherein the zone computer engages in the communication with the mobile device if the zone computer determines the mobile device is currently located in a sub-location associated with the mobile device. 14. The mobile device of claim 11 , wherein the mobile device includes an input/output (I/O) device, and the access control application receives a message from the zone computer indicating whether the user is validated, and generates an indication of whether the user is validated through the I/O device. 15. The mobile device of claim 11 , wherein to determine whether the mobile device is at the sub-location, the access control application executes tap-based detection by receiving a signal from one or more beacons associated with the sub-location and determining from the received signal whether the mobile device is in the sub-location. 16. The mobile device of claim 11 , wherein to determine whether the mobile device is at the sub-location, the access control application executing triangulation-based detection by receiving signals from at least two beacons associated with the sub-location and determining from the received signals whether the mobile device is in the sub-location. 17. A mobile device activation and validation method comprising: receiving a signal via at least one short-distance communication interface of a mobile device; determining, by an operating system running on the mobile device, whether the signal is from a registered beacon; in response to determining the signal is from a registered beacon, launching an access control application stored on the mobile device; determining whether the mobile device is at a sub-location of an access control ar