A handle assembly (12a, 12b) comprising a base structure (26a, 26b) for fixation to an access member (18a, 18b); a handing element (38a, 38b); a spring (40a, 40b); and a handle (28a, 28b); wherein the handing element is rotatable relative to the base structure about a rotation axis (30) together with the spring and the handle between a first handing position (54a) and a second handing position (54b); wherein the handle is rotatable relative to the handing element about the rotation axis against a deformation of the spring when the handing element is in the first handing position and in the second handing position; and wherein the base structure comprises a first stop (48a) arranged to be engaged by the handing element to define the first handing position and a second stop (48b) arranged to be engaged by the handing element to define the second handing position.
A computing device implemented method of provisioning credential information includes activating a credentialing application stored in an authenticator device; receiving, by the credentialing application, user information entered into the authenticator device; establishing a secure channel between the authenticator device and an authentication server; sending the user information to the authentication server via the secure channel; generating a challenge by the authentication server in response to the user information and presenting the challenge to the user; sending a response to the challenge from the authenticator device to the authentication server via the secure channel; receiving a command from the authentication server to generate the credential information including a key pair; and registering a key of the key pair with the authentication server.
A lock device (12) comprising a bolt (28) movable between an extended bolt position (44) and a retracted bolt position (82), the bolt having a bolt structure (60); an auxiliary member (30) movable between an extended auxiliary position (46) and a retracted auxiliary position (84), the auxiliary member having an auxiliary structure (66); a sensor (48); and a trigger member (50) movable between a deactivated position (52) where the trigger member does not cause activation of the sensor, and an activated position (86) where the trigger member causes activation of the sensor, the trigger member being forced towards the activated position; wherein the bolt structure and the auxiliary structure are arranged to allow the trigger member to move from the deactivated position to the activated position when the bolt adopts the extended bolt position and the auxiliary member adopts the retracted auxiliary position.
An arrangement (12a; 12b) comprising a drive element (26a; 26b) movable between a closed drive position (28) and an open drive position (44); a mechanical force device (56a; 56b) arranged to force the drive element in a closing drive movement (46); a force device transmission (62a; 62b) arranged to transmit movements of the drive element to movements of the mechanical force device; and an electric machine (58) drivingly connected to the drive element; wherein the mechanical force device and the force device transmission are configured to act more forcefully on the drive element during a latching drive movement (50) than during a closing initial drive movement (48); and wherein the arrangement further comprises an electronic control system (70a; 70b) configured to control the electric machine to operate as an electric generator during the closing initial drive movement, and to control the electric machine to operate as an electric motor during the latching drive movement.
E05F 3/10 - Closers or openers with braking devices, e.g. checks; Construction of pneumatic or liquid braking devices with liquid piston brakes with a spring, other than a torsion spring, and a piston, the axes of which are the same or lie in the same direction
E05F 3/22 - Additional arrangements for closers, e.g. for holding the wing in opened or other position
E05F 15/63 - Power-operated mechanisms for wings using electrical actuators using rotary electromotors for swinging wings operated by swinging arms
5.
SYSTEMS AND METHODS FOR USING A WEB BLUETOOTH API FOR MOBILE ACCESS CONTROL
Disclosed herein are systems and methods for using a web/Bluetooth API for mobile access control. In an embodiment, a computing system receives an endpoint identifier associated with a visitor. The system generates a URL associated with the endpoint identifier, and transmits the URL to an endpoint associated with the endpoint identifier. The system receives, from a mobile device associated with the visitor, a request for a web/Bluetooth Low Energy (BLE) webpage corresponding to the URL. The system generates the requested webpage, and transmits the webpage to the mobile device. The webpage contains a valid credential for access to a secured resource, and also contains executable code for calling at least one function of a web/BLE API. The system transmits the webpage to the mobile device, and thereafter receives the credential from the mobile device via a BLE communication, verifies the credential, and accordingly grants access to the secured resource.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Methods and systems are provided for performing operations comprising: storing a plurality of credentials on a client device; establishing, locally on the client device, a dependency relationship between a first credential of the plurality7 of credentials and a second credential of the plurality of credentials; determining, by the client device, that the first credential has been used to access a secure resource; and in response to determining that the first credential has been used to access the secure resource, triggering an access condition associated with the second credential based on the dependency relationship established between the first and second credentials
It is provided a method for adapting an intent model (20), being a machine learning, ML, model for determining intent of a person to pass through a door (15). The method is performed by an intent determiner (1). The method comprises: determining (40) that a physical environment outside a door has changed; increasing (42) a rate of training of the intent model (20), wherein the training is based on input features based on image data from an image capturing device (11) covering an area near the door (15); and applying (44) the intent model (20) for inferring when a person exhibits intent to pass through the door, based on image data from the image capturing device (11).
G06V 20/52 - Surveillance or monitoring of activities, e.g. for recognising suspicious objects
G06V 10/82 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using neural networks
G06V 10/764 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using classification, e.g. of video objects
G06V 40/20 - Movements or behaviour, e.g. gesture recognition
A wi-fi sensing systems and techniques using receiving devices with two radio chains are described herein. The receiving devices may utilize the first radio chain to receive messages from a transmitter in a first wireless communication network and may generate environment characterization information based on those received messages. The receiving devices may utilize the second radio chain to transmit the environment characterization information to a host device using a second wireless communication network.
H04B 1/00 - TRANSMISSION - Details of transmission systems not characterised by the medium used for transmission
H04B 1/38 - Transceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving
H04B 17/309 - Measuring or estimating channel quality parameters
H04W 88/06 - Terminal devices adapted for operation in multiple networks, e.g. multi-mode terminals
G01S 13/74 - Systems using reradiation of radio waves, e.g. secondary radar systems; Analogous systems
Methods and systems are provided for performing operations comprising: establishing a secure channel between an authenticator device and a client device; generating, by the authenticator device, a one-time passcode (OTP) based on a token received from the client device; storing the OTP in a memory of the authenticator device; transmitting the OTP to the client device over the secure channel; receiving the OTP from the client device over an unsecure channel; and enabling access to a secure resource in response to determining that the OTP received from the client device matches the OTP stored in the memory of the authenticator device.
A secure RFID device (10) is provided. The RFID device (10) includes one or more switch modules (26) that can be actuated by a user to selectively couple an integrated circuit (42) provided in a switch module (26) to a main RFID antenna (14) of the RFID device (10). It is therefore not necessary to provide a separate integrated circuit (42) coupled to the main RFID antenna (14). The integrated circuit (42) provided in each switch module (26) can be electrically or inductively coupled to the main RFID antenna (14) when a user actuates an actuation portion (36) of the corresponding switch module (26).
G06K 19/073 - Special arrangements for circuits, e.g. for protecting identification code in memory
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
An arrangement (12) for a lock system (10) comprising a latch spindle (42) for engaging a follower (52) and comprising a handing structure (48); an outer spindle (44) comprising an outer engaging structure (74) configured to engage the handing structure; and an inner spindle (46) comprising an inner engaging structure (68) configured to engage the handing structure independently of the outer engaging structure; wherein the handing structure, the inner engaging structure and the outer engaging structure are configured to cooperate such that a first handing (20a) can be set by a first latch position (82) of the latch spindle, and a second handing (20b) can be set by a second latch position (92) of the latch spindle; and wherein the handing structure comprises an angular clearance (60) such that the inner spindle can drive the latch spindle relative to the outer spindle by engagement between the inner engaging structure and the handing structure.
A method of operating a real-time location services (RTLS) system includes obtaining, by a processing device of the RTLS system, location information identifying an object or person and a building-area location of the object or person; obtaining, by the processing device, access-event information of a access of a physical access portal associated with the building-area location; and matching the location information of the identified object or person and the access-event information and generating an indication of the building-area location of the object or person using the processing device in response to the matching.
G01S 5/00 - Position-fixing by co-ordinating two or more direction or position-line determinations; Position-fixing by co-ordinating two or more distance determinations
G01S 5/02 - Position-fixing by co-ordinating two or more direction or position-line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
13.
CHANGING THE COMMUNICATION MODE OF AN ACCESS CONTROL PROTOCOL
A method of operating an access control system includes sending, by an access reader of the access control system, a message to a user device to activate an access application or access applet of the user device, wherein the access reader is an Initiator device and the user device is a Responder device for a communication transaction; authenticating the user device; sending, by the access reader, a command to change the user device to the Initiator device for the communication transaction and the access reader to the Responder device; initiating, by the user device, an action of the access control system including sending a message to the access reader; and performing, by the access reader, at least a portion of the action in response to the message sent by the user device.
Disclosed herein are systems and methods for homomorphic-encryption-supported provisioning of secure devices. In an embodiment, a provisioning server (e.g., a cloud-based provisioning server) receives a request, associated with (e.g., from) a secure device (e.g., a keycard), for a homomorphically encrypted diversified key that is based on (e.g., derived from) a master key of an encryption system. The secure device stores a copy of a homomorphic-encryption key. The provisioning server derives a homomorphically encrypted diversified key from a homomorphically encrypted master key, which is the master key previously encrypted with the homomorphic-encryption key. The provisioning server transmits the homomorphically encrypted diversified key to the secure device. The secure device may then be operable to access at least one resource using a diversified master key, which is the homomorphically encrypted diversified key after having been decrypted on the secure device using its stored copy of the homomorphic-encryption key.
A deadbolt (22) comprising a base body (28), a first ridge (40) and a second ridge (42) for frictionally sliding against a first, respectively a second, lock device opening side, the ridges (40, 42) being parallel with an actuating direction (26) of the deadbolt; furthermore, at least a first and a second inclined section (44a, 44b, 46a, 46b) for frictionally sliding against a first (58), respectively a second (60), strike opening side are provided, the inclined sections protrude from a first, respectively a second, base side of the deadbolt, are formed separately from the ridges, and are inclined towards an end (34) of the deadbolt; Furthermore, a lock device with such a deadbolt and a system with such a lock device are claimed. Invention aims at providing low friction locking components with a simple structure.
E05B 63/20 - Locks with special structural characteristics with arrangements independent of the locking mechanism for retaining the bolt in the retracted position released automatically when the wing is closed
E05B 47/00 - Operating or controlling locks or other fastening devices by electric or magnetic means
E05B 15/00 - Other details of locks; Parts for engagement by bolts of fastening devices
A blocker (10) for a lock device (52), the blocker (10) comprising a blocking member (12) rotatable about a blocker axis (18) between a blocking position (44) and an unblocking position (48); a resilient device (14) movable between a blocking forcing state (46) where the resilient device (14) forces the blocking member (12) towards the blocking position (44), and an unblocking forcing state (50) in which the resilient device (14) forces the blocking member (12) towards the unblocking position (48); and an actuator (16) arranged to move the resilient device (14) between the blocking forcing state (46) and the unblocking forcing state (50). An arrangement (54) and a lock device (52) are also provided.
It is provided an electronic lock (12) comprising: a first power bus (20); a battery holder (23) configured to hold at least one battery (19) to thereby supply power of a first voltage to the first power bus (20); a boost converter (24) configured to selectively increase a voltage of the first power bus (20) from the first voltage to a second voltage; a first processor (60) connected to the boost converter (24); a first memory (64) storing instructions (67) that, when executed by the first processor (60), cause the electronic lock (12) to: determine a need for increased voltage; and trigger the boost converter (24) to activate to thereby increase a voltage on the first power bus (20). It is also provided a corresponding method, computer program (67) and computer program product (67).
A switch (28) comprising a printed circuit board assembly, PCBA, (74) including a printed circuit board, PCB, (75) and a stationary contact (72); a cap (30) in contact with the PCB (75) such that the cap (30) and the PCB (75) define a switch chamber (68) for the stationary contact (72), the cap (30) carrying a movable contact (70), the cap (30) being arranged to be deformed from a disconnected state (36) where the movable contact (70) is separated from the stationary contact (72) to a connected state (92) where the movable contact (70) contacts the stationary contact (72), and the cap (30) being forced towards the disconnected state (36); an actuator (32) movable relative to the stationary contact (72) between an activated position (90) where the actuator (32) pushes the cap (30) to the connected state (92), and a deactivated position (34) allowing the cap (30) to be forced to the disconnected state (36); and a potting compound (76) enclosing the PCB (75) and the cap (30). A lock device (10) comprising a switch (28) is also provided.
H01H 13/18 - Operating parts, e.g. push-button adapted for actuation at a limit or other predetermined position in the path of a body, the relative movement of switch and body being primarily for a purpose other than the actuation of the switch, e.g. door switch, limit switch, floor-levelling swi
H01H 13/16 - Operating parts, e.g. push-button adapted for operation by a part of the human body other than the hand, e.g. by foot
H01H 13/52 - Switches having rectilinearly-movable operating part or parts adapted for pushing or pulling in one direction only, e.g. push-button switch having a single operating member the contact returning to its original state immediately upon removal of operating force, e.g. bell push switch
A lock device (22) for installation in an access member (12), the lock device comprising a lock case (28); a forend (30); an adjustment screw (40, 42) passing through the forend and threadingly engaging the lock case, the adjustment screw being manipulatable between an adjustment position (66) where the forend is allowed to move relative to the lock case and where the adjustment screw prevents removal of the forend from the lock case, and a secured position (48) where the forend is secured to the lock case by the adjustment screw; and at least one locking element (44a, 44b, 46a, 46b) allowing the adjustment screw to be adjusted between the adjustment position and the secured position, and preventing the adjustment screw from being removed from the lock case. A system (10) comprising a lock device (22) and an access member (12) is also provided.
Method for determining when to provide assistance to open a door (15), the method being performed by an assistance determiner (1). The method comprises: converting (40) mechanical energy from when the door is opened without assistance to electrical energy and storing the electrical energy in an energy storage device (25); determining (42) to provide assistance in opening the door (15) for a person; and providing (44) assistance to open the door (15), when it is determined to provide assistance, by causing a motor to convert electrical energy from the energy storage device (25) to mechanical energy for providing assistance to open the door (15).
E05F 15/74 - Power-operated mechanisms for wings with automatic actuation responsive to movement or presence of persons or objects using photoelectric cells
E05F 15/76 - Power-operated mechanisms for wings with automatic actuation responsive to movement or presence of persons or objects responsive to devices carried by persons or objects, e.g. magnets or reflectors
21.
AUTHENTICATION WITH AUTHORIZATION CREDENTIAL EXCHANGE
Systems and methods may he used for authenticating and validating a credential for performing an action. A method may include using an access control device to exchange public keys with a user device. The method may include sending, to the user device, a first authentication cryptogram including a first signature, a public key certificate, and a Credential Trust Information (CTI), and receiving, from the user device, a second authentication cryptogram including a second signature, a public key of the user device, and a credential. The access control device may authenticate the user device based on the credential and the second signature The access control device may determine whether the credential received in the second authentication cryptogram is signed by a trusted credential issuer to validate the user device. The method may include causing the action to be performed.
An RFID tag (1) for tamper proof attachment to an object (100) such as a license plate, comprising a lower housing (10), an upper housing (20) and an antenna unit (30). The lower housing (10) is configured to be attached to the object (100). The upper housing (20) is placed on the lower housing (10) and comprises a peripheral portion (22). The peripheral portion (22) laterally surrounds the lower housing (10) and is configured to be attached to the object (100). The antenna unit (30) is positioned between the lower housing (10) and the upper housing (20). At least one first portion of the antenna unit (35) is attached to the lower housing (20) and at least one second portion of the antenna unit (36) is attached to the upper housing (10). When the distance (D) between the upper housing (20) and the lower housing (10) changes in case someone attempts to remove the RFID tag from the object, the at least one first portion of the antenna unit (35) remains attached to the lower housing (10) and the at least one second portion of the antenna unit (36) remains attached to the upper housing (20). Due to this specific arrangement the antenna unit (30) is being damaged in case of detachment of the RFID tag as disclosed herein.
It is provided a method for determining when to perform maintenance of a door (15). The method is performed by a maintenance determiner (1). The method comprises: obtaining (40), from a first sensor (6), sensor data indicating kinetic performance of the door; defining (42) a start time of the sensor data based on a first event detected by a second sensor (7), to enable synchronisation of the sensor data; dividing (46) the sensor data in a plurality of time periods (24a-e); evaluating (48) the sensor data in each one of the plurality of time periods by comparing to reference data respectively associated with each one of the plurality of time periods; and determining (50) to perform maintenance, based on the evaluation of the sensor data.
Disclosed herein are systems and methods for threshold cryptography for cloud-based software-implemented hardware security modules. In an embodiment, an encryption system collects at least a decryption-threshold number of private-key shares from a secure store, where the private-key shares correspond to a public key generated in a first secure enclave as part of a secret key set, which also includes a first plural quantity of the private-key shares. The encryption system obtains an ephemeral-hardware-security-module-(eHSM)-encryption key by decrypting the collected private-key shares. The encryption system initializes, in a second secure enclave, a second instance of a first eHSM. The initialized second instance of the first eHSM is encrypted with the obtained eHSM-encryption key.
H04L 9/14 - Arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
It is provided a method for determining intent to open a door. The method is performed by an intent determiner. The method comprises: obtaining an image of a physical space near the door; determining a position and orientation of a person in the image by providing the image to an image machine learning model, wherein the image machine learning model is configured to determine position and orientation of a person in the image, wherein the image machine learning model is configured to determine a stick figure of the person based on the image; adding a data item, comprising an indicator of the position and an indicator of the orientation, to a data structure; determining based on the data structure, whether there is intent of the person to open the door; and repeating the method until an exit condition is true.
An access control system, processor-implemented method, and computer readable medium optionally includes an electronic memory and a processor. The processor and computer readable medium are configured to receive a command from a user to access the secure asset, determine access rights by the user to the secure asset, based on the access rights of the user, determine general authentication for the user to access the secure asset, and grant access to the user conditional on the general authentication determined for the user.
It is provided a method for communicating a media stream between a guest device (1) and an approval device (2) for evaluating whether to unlock an electronic lock (12). The method comprises: obtaining (40) a pointer to the coordination server (3) for establishing contact with the approval device (2); connecting (41 ) to the coordination server (3); establishing (42) a peer-to-peer connection between the guest device (1) and the approval device (2); providing (43) a media stream to the approval device (2) over the peer-to-peer connection; receiving (53) the media stream from the guest device (1) over the peer-to-peer connection; presenting (44) the media stream to an approval user (6); receiving (45) user input indicating to unlock the electronic lock (12); providing (46) a first unlock signal to unlock the electronic lock; and transmitting (47) the first unlock signal to unlock the electronic lock (12).
11F)) to a magnitude of the actuation force by decreasing its input impedance when the magnitude of the actuation force increases, and by increasing its input impedance when the magnitude of the actuation force decreases. A corresponding power converter assembly and an electronic lock (148) including the energy harvesting system are also provided.
H02J 7/32 - Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries for charging batteries from a charging set comprising a non-electric prime mover
H02J 7/34 - Parallel operation in networks using both storage and other dc sources, e.g. providing buffering
E05B 47/00 - Operating or controlling locks or other fastening devices by electric or magnetic means
29.
METHOD AND GUIDANCE DEVICE FOR PROVIDING NON-VISUAL GUIDANCE
It is provided a method for providing non-visual guidance for passing through a door (15). The method being performed by a guidance device (1). The method comprises: determining (40) that a person (5) is near the door (15) and that non-visual guidance is to be provided to the person (5); determining (42) an indication of location of the person (5) in relation to the guidance device (1) or the door (15); and providing (44) non-visual guidance to the person for passing through the door (15), wherein the non- visual guidance is based on the indication of location.
It is provided a method for alerting difference in user (5) sentiment of a user using a door (15). The method is performed in a user analysis device (1). The method comprises: receiving (40) sensor data from at least two sensors (7a-c) of different sensor types, the sensor data comprising data relating to a user (5) in the vicinity of a door (15); determining (42), based on the sensor data, a first user sentiment prior to using the door (15); determining (44), based on the sensor data, a second user sentiment after using the door (15); deriving (46) a difference in user sentiment between the first user sentiment and the second user sentiment; detecting (48) that the difference in user sentiment is greater than a threshold; and generating (50) an alert signal, indicating that the difference in user sentiment is greater than the threshold.
It is provided a lock assembly (20) for controlling its power state, the lock assembly being configured to control access to a restricted physical space (16) secured by a door (15). The lock assembly (20) comprises: an access control module (23), configured to selectively control the lock assembly (20) to be in an unlocked state or a locked state, wherein the access control module (23) comprises a processor (60) and a magnetically controllable switch (25), configured to control an operative state of the processor (60) based on an applied magnetic field; and a rotary member (24) configured to rotate when a connected door handle (13) rotates. The rotary member (24) comprises a magnet (26) for controlling the state of the magnetically controllable switch (25).
Systems and methods may be used for providing wireless power from a mobile device to a digital lock. The mobile device may include a proximity communication antenna to receive an authentication request from the digital lock. The proximity communication antenna may facilitate the mobile device providing wireless power to the digital lock via a wireless power protocol. The proximity communication antenna may send an authorization to the digital lock to cause the digital lock to open.
Systems and methods may be used for controlling physical access using a cloud transaction. A method may include receiving an authentication attempt for a user from a mobile device, and authenticating the user for access to a physical space based on the authentication attempt. The method may include receiving identification information corresponding to the user from an access control device, and sending authorization to the access control device to permit the user to access the physical space based on the authenticating the user.
CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE (France)
Inventor
Ayala, Stéphane
Destouches, Nathalie
Hébert, Mathieu
Dalloz, Nicolas
Abstract
A method of generating a multiplexed image (18) for printing that can be observed in a plurality of modes includes determining a finite shape (22) of a multiplexed palette (10) in a combined color space. The contrast of the multiplexed image (18) in each mode can be optimized by determining a maximum volume hyperrectangle (20) enclosed in the finite shape (22). Gamut mapping to this maximum volume hyperrectangle (20) allows for generation of a multiplexed image (18) that has a maximum contrast and is free from artifacts caused by an interdependency between the colors in each mode. Performing a dimensionality reduction using PCA allows for reducing the complexity of the optimization problem.
A lock device (12a; 12b) comprising an input member (18) rotatable about an input axis (46); an output member (20) rotatable about an output axis (48); an electromechanical coupling device (22a; 22b) configured to adopt an uncoupled state (68), where rotation of the input member about the input axis is not transmitted to a rotation of the output member about the output axis, and a coupled state (98), where rotation of the input member about the input axis can be transmitted to a rotation of the output member about the output axis; an electric control system (24) configured to control the coupling device to switch between the uncoupled state and the coupled state; and a sensor (90) in signal communication with the control system, the sensor being configured to generate a position signal (92) indicative of a position of the output member about the output axis. A lock system (10) comprising a lock device is also provided.
An arrangement (22a; 22b) for closing an access member (14) rotatable relative to a frame (16) about a hinge axis (18), the arrangement comprising a primary element (24) for fixation to either the frame or the access member; a secondary element (32) for fixation to the other of the frame and the access member; a connection device (34) arranged between the primary element and the secondary element and engaging the secondary element; and a force device (40) comprising a drive element (42) rotatable about a pivot axis (36) and engaging the connection device, the force device being arranged to force rotation of the connection device relative to the primary element about the pivot axis, wherein a position of the force device relative to the primary element is adjustable after fixation of the primary element and the secondary element to adjust a distance (38) between the pivot axis and the hinge axis. An access member system (10) and a method are also provided.
E05F 1/10 - Closers or openers for wings, not otherwise provided for in this subclass spring-actuated for swinging wings
E05F 3/10 - Closers or openers with braking devices, e.g. checks; Construction of pneumatic or liquid braking devices with liquid piston brakes with a spring, other than a torsion spring, and a piston, the axes of which are the same or lie in the same direction
E05F 3/22 - Additional arrangements for closers, e.g. for holding the wing in opened or other position
It is provided a method for routing data in a communication network (8). The method being performed by a routing node (3). The method comprises: receiving (40) an uplink message from an end node (2) over a multicast wireless transmission; forwarding (42) the uplink message towards a destination node over a unicast transmission; receiving (44) a downlink message over a unicast transmission; determining (46) that a recipient of the downlink message is the end node (2); and transmitting (48) the downlink message over multicast to the end node (2). Corresponding routing node, gateway, computer programs and computer program products are also provided.
H04W 4/06 - Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
It is provided a receptacle holder (1, 1a-b) for selectively allowing a receptacle (4, 4a-b) to be removed. The receptacle holder (1, 1a-b) comprises: an attachment member (10) being configured to engage with a receptacle (4, 4a-b) to selectively keep the receptacle (4, 4a-b) in a locked engagement with the receptacle holder (1, 1a-b); a processor (60); and a memory (64) storing instructions (67) that, when executed by the processor, cause the receptacle holder (1, 1a-b) to: determine to unlock the attachment member (10); and unlock the receptable (4, 4a-b) from the attachment member (10). A corresponding receptacle holder, computer program and computer program product are also provided.
A47G 29/14 - Deposit receptacles for food, e.g. breakfast, milk; Similar receptacles for large parcels with appliances for preventing unauthorised removal of the deposited articles
G06Q 10/08 - Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
G06Q 50/28 - Logistics, e.g. warehousing, loading, distribution or shipping
39.
APPLYING A SERVER PARTIAL SECRET KEY CONDITIONAL ON BLOCKED STATUS
It is provided a method for applying a server partial secret key conditional on blocked status, wherein the server partial secret key (10b) and a user partial secret key (10a) form part of a threshold cryptography scheme (11), the method comprises: receiving (40) a request to apply a server partial secret key (10b) for a requested cryptographic operation for a user device (2); determining (42) that the server partial secret key (10b) can validly be applied by determining that the server partial secret key (10b) is not blocked from being applied; and interacting (44) with the user device (2) to perform the requested cryptographic operation, such that the user device (2) applies the user partial secret key (10a) and the validation server applies the server partial secret key (10b).
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
It is provided a method for recovering access to a user account, the method being performed by a recovery control device (1). The method comprises: triggering (40) generation of a plurality of partial secret keys (10a-g) by respective recovery devices (4a- g), the plurality of partial secret keys forming part of a threshold cryptography scheme (11) associated with a public key (12), wherein the threshold cryptography scheme (11) is associated with the user account; providing (42) the public key (12) to an access verification device (2, 3); and triggering (44) an access recovery, whereby access recovery messages are transmitted to the recovery devices (4a-g), wherein a threshold number of the plurality of partial secret keys (10a-g) are required to be applied in the threshold cryptography scheme (11) for recovering access to the user account.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
41.
IDENTIFYING POSITION AND DETERMINING INTENT BASED ON UWB TEMPORAL SIGNATURES
Methods and program code for determining the position and/or intent of a user (or device) holding, carrying, wearing, or mounted with a UWB-enabled device. Example computer readable medium for determining the position and/or intent of a user comprises program code that when executed by one or more processors, causes the one or more processors to determine a current temporal signature for a first device moving within an environment; compare the current temporal signature with at least a portion of a stored reference temporal signature corresponding to a secure asset within the environment; and base an access control decision corresponding to the secure asset on whether it is determined that the current temporal signature corresponds to the at least a portion of the stored reference temporal signature.
It is provided a method for performing an action by an electronic device (2), based on a first partial secret key (10a) and a corresponding second partial secret key (10b), wherein the first partial secret key (10a) and the second partial secret key (10b) form part of a threshold cryptography scheme (11) associated with a public key (12). The method comprises: transmitting (40), upon the device initialising, a request for a first partial secret key (10a) to a key server (3); receiving (42) the first partial secret key (10a) from the key server (3); storing (44) the first partial secret key (10a) only in volatile memory (70); retrieving (46) a second partial secret key (10b) from non-volatile memory (71); and performing (48) an action based on applying both the first partial secret key (10a) and the second partial secret key (10b).
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
43.
HARDWARE INTEGRITY CONTROL OF AN ELECTRONIC DEVICE
It is provided a method for providing hardware integrity control of an electronic device (2). The method comprising: triggering (40) each one of a plurality of components (4a- d) of the electronic device to generate of respective partial secret keys (10a-d) forming part of a threshold cryptography scheme (11) associated with a public key (12), wherein a threshold number of the plurality of partial secret keys (10a-d) are required to be applied in the threshold cryptography scheme (11) for verification against the public key (12); and providing (42) the public key (12) to a hardware verification device (3). A corresponding hardware integrity device (1), computer program (67, 91) and computer program product (64, 90) are also provided.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
It is provided a method for enabling detecting suspicious activity by an electronic lock (2). The method comprises: obtaining (40) communication data being metadata of communication to and/or from the electronic lock (2); obtaining (42) internal state data being metadata of an internal state of the electronic lock; obtaining (44) event data indicating at least one event and a time of for the event, wherein the event has occurred for the electronic lock; and transmitting (46) the communication data, the internal state data and the event data to a monitoring server (3). Corresponding electronic lock (2), monitoring server (3), computer programs (67, 167, 91) and computer program products (64, 164, 90) are also provided.
An energy harvesting arrangement (14a-14e) for an access member device (12a-12e), the energy harvesting arrangement (14a-14e) comprising a movable input member (16, 22b) arranged to provide an input torque (84); an electromagnetic generator (40a; 40b) having a stator (86) and a rotor (46) rotatable relative to the stator (86) to generate electric energy; a transmission (42a-42e) configured to transmit a movement of the input member (16, 22b) to a rotation of the rotor (46); and a torque limiter (44a-44g; 110a, 110b) configured to limit the input torque (84). An access member device (12a-12e) and an access member system (10a; 10b) are also provided.
A method and system for in-field encoding of credentials to a credential device. An example method comprises receiving a request to at least one of add or update credentials to a credential device; providing an invitation code for an in-field device, the in-field device being separate from the credential device; receiving, from the in-field device, the invitation code along with information from the credential device for establishing a secure communication channel with the credential device; establishing a secure communication channel with the credential device using the in-field device as an intermediate; generating one or more commands for encoding credentials to the credential device based on the request; and sending the one or more commands, via the secure communication channel using the in-field device as an intermediate, to the credential device.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
G07C 9/00 - Individual registration on entry or exit
47.
DETERMINING WHEN TO ESTABLISH A COMMUNICATION CHANNEL FOR ACCESS CONTROL
It is provided a method for determining when to establish a communication channel using an electronic lock (12) controlling access to a restricted physical space (16). The method is performed by a portable key device (2). The method comprises: obtaining (40) a first time-indicator indicating when the portable key device (2) detects a stop in motion of the portable key device (2); receiving (42) a broadcast message from the electronic lock (12); deriving (44) a second time-indicator based on the received broadcast message, the second time-indicator indicating when the electronic lock (12) determines a stop in motion; determining (46) that a difference between the first time- indicator and the second time-indicator is less than a threshold; and establishing (48) a communication channel between the portable key device and the electronic lock when it is determined that the difference between the first time-indicator and the second time- indicator is less than the threshold.
G07C 9/00 - Individual registration on entry or exit
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
It is provided an electronic lock for controlling access to a restricted physical space. The electronic lock comprises: a first credential interface for accepting a credential from a user for evaluating whether access for the user should be granted; and a second credential interface for accepting a credential from a user for evaluating whether access for the user should be granted. The first credential interface is configured to be activated when the user causes an interaction with the first credential interface, without activating any other credential interfaces. The second credential interface is configured to be activated when a user causes an interaction with the second credential interface, without activating any other credential interfaces.
Methods and program code for determining a location of a device within an environment and for calibrating the environment. Example computer readable medium for determining a location of a device within an environment comprises program code that when executed by one or more processors, causes the one or more processors to determine a current path signature for a device moving within an environment, compare the current path signature with a stored reference path signature corresponding to a location of interest (LOI) within the environment, and if it is determined that the current path signature corresponds to the stored reference path signature, determine the location of the device to be the same as a location of the LOI within the environment.
G01C 21/20 - Instruments for performing navigational calculations
G01C 21/16 - Navigation; Navigational instruments not provided for in groups by using measurement of speed or acceleration executed aboard the object being navigated; Dead reckoning by integrating acceleration or speed, i.e. inertial navigation
50.
CONTROL ARRANGEMENT FOR ACCESS MEMBER, AND ACCESS MEMBER SYSTEM
A control arrangement (20) for controlling movements of an access member (14), the control arrangement comprising a base structure (22); a drive member (32) rotatable about a rotation axis (28); an input member (38) arranged to be driven along an actuation axis (40) by rotation of the drive member, and arranged to move in a lateral direction (74, 76); an output member (50) arranged to be driven by the input member along the actuation axis; an electromagnetic generator (58) arranged to be driven by movement of the output member along the actuation axis to generate electric energy; and a force transmitting arrangement (42, 52; 116) arranged to transmit a relative movement between the input member and the output member along the actuation axis to a movement of the input member in the lateral direction towards the base structure for frictional braking between the input member and the base structure.
A method for offline delegation of authorization to access a secure asset. The method comprises receiving an offline delegation request from a delegating device at a receiving device while the receiving device is not in communication with a server of an authorization management system, the offline delegation request indicating a delegation of authorization from the delegating device to the receiving device for access to a secure asset; after establishing communication with the server, transmitting the offline delegation request from the receiving device to the server; and receiving, at the receiving device, authorization data from the server in exchange for the offline delegation request, the authorization data permitting access to the secure asset by the receiving device; wherein the offline delegation request comprises an identity of the receiving device or user of the receiving device and is digitally signed by the delegating device.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
A method for creating a secure channel between devices for secure communication therebetween. The method comprises transmitting a first nonce from an initiator device to a responder device; receiving, at the initiator device, a second nonce and an identity of the responder device; transmitting an identity of the initiator device and a first set of one or more encrypted data objects from the initiator device to the responder device; receiving, at the initiator device, a second set of one or more encrypted data objects from the responder device; and generating, at the initiator device, a session key for secure communication between the initiator and responder devices.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
It is provided it is provided a keypad comprising: a voltage bus configured to distribute power in the keypad; and a plurality of keys; a plurality of row key connections; and a plurality of column key connections; A wake-up signal causes a microcontroller to transition from a low-power state to an active state such that the microcontroller can detect which one of the plurality of keys was actuated. Each key is connected to a single row key connection and a single column key connection. Each row key connection and/or each column key connection is provided with a respective port circuit that is configured to connect the key connection with keys of the keypad when the wake-up signal is activated. Each port circuit comprises a respective port switch that is turned off in the low-power state to disconnect the column key connections/row key connections from the keys of the keypad.
An arrangement 20a-20c) for closing an access member (14) rotatable relative to a frame (12), the arrangement comprising a frame part (30) for fixation to the frame; an access member part (32) for fixation to the access member, the access member part being rotatable relative to the frame part about a hinge axis (16) between a closed position (18) and an open position (24); a mechanical force device (40, 92) configured to store mechanical energy from an opening movement (26) of the access member part from the closed position to the open position, and configured to release the stored mechanical energy to a closing movement (28) of the access member part from the open position to the closed position; an electromagnetic generator (48) arranged to be driven by the closing movement to generate electric energy; and a freewheel (58) arranged to disengage during the opening movement and to engage during the closing movement to drive the generator.
An arrangement (18) for closing an access member (14) rotatable relative to a frame (12), the arrangement comprising a frame part (20) for fixation to the frame; an access member part (22) for fixation to the access member, the access member part being movable relative to the frame part between a closed position (26) and an open position (34); a movable element (24) movable between a first position (28) and a second position (36) relative to the frame part; a forcing device (52) arranged to force the movable element from the second position to the first position; and a cam transmission (42) comprising a cam profile (44) and a cam follower (46) arranged to follow the cam profile, the cam transmission being configured to transmit a movement of the movable element from the second position to the first position to a movement of the access member part from the open position to the closed position.
Disclosed herein are systems and methods for dynamic, power-efficiency -based cryptographic-protocol negotiation with Internet of Things (loT) devices. In an embodiment, a computer system (e.g., an identity-management system) receives, from an loT device, a device-side authentication-initiation message containing a unique device identifier of the loT device. The computer system uses the unique device identifier of the loT device to identity, from a stored power-efficiency reference table, a suitable cryptographic security protocol for the loT device. The computer system transmits, to the loT device, a server-side authentication-initiation message containing an indication of the identified protocol, and the computer system authenticates the loT device according to the identified protocol.
H04L 67/12 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
57.
PROVIDING A CREDENTIAL FOR USE WITH AN ELECTRONIC LOCK
It is provided a method for providing a credential for use with an electronic lock (7) to access to restricted physical space (16). The method comprises: receiving (40) a credential that unlocks the electronic lock (7); generating (42) a credential identifier associated with the credential; sending (44) the credential identifier to an EAC (5); receiving (46), from an electronic wallet provider (6), a request for the credential, wherein the request comprises the credential identifier; packaging (48) the credential, resulting in packaged credential, wherein the packaging complies with a format, selected from a plurality of formats for different electronic wallet providers, corresponding to the electronic wallet provider from which the request is received, enabling the credential to be provided to an electronic wallet in a user device (2) for unlocking the electronic lock (7); and sending (50) the packaged credential to the electronic wallet provider (6).
The present disclosure refers to an RFID device (1) and a method of manufacturing a main antenna (10) of an RFID device (1). The RFID devices (1) comprises a substrate (5), a main antenna (10) embedded in the substrate (5), and a chip module (15) including an integrated circuit (16) and a chip antenna (20) electrically connected to the integrated circuit (16). The main antenna (10) is inductively coupled to the chip antenna (20) and formed by multiple single-strand wires (25) extending adjacent to each other.
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
D06H 1/04 - Marking textile materials; Marking in combination with metering or inspecting by attaching threads, tags, or the like
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
H01Q 1/22 - Supports; Mounting means by structural association with other equipment or articles
G08B 13/24 - Electrical actuation by interference with electromagnetic field distribution
59.
PERSONALIZABLE SECURITY DOCUMENT AND METHOD OF MANUFACTURING THE SAME
A personalizable security document (10) includes a security feature (3b) including a combination of a plurality of different features. In particular, the security feature (3b) may include a laser-engraved image in a first layer (16), and one or more fluorescent inks (7a, 7b) in further layers (27a, 27b), which are disposed below the first layer. Optionally, a watermark (8) may also be provided in a lower layer (18). A laser-engraving of the image is performed from a first side (SI) of the substrate (1) such that patterns formed by the inks (7 a, 7b) are not affected. Under white light, the laser-engraved image can be viewed from the first side of the substrate, whereas multi-color fluorescence of the patterns can be observed from the second side (S2) under UV light.
It is provided an electronic lock (12) for controlling access to a restricted physical space (16). The electronic lock (12) comprises: electronically-controllable lock hardware (68); a system-on-chip, SoC, (61) comprising a processor (60) and memory (64). The SoC (61) comprises: a trusted environment (67a) comprising a secure data storage (22) and a lock-core software module (20) comprising instructions that, when executed by the processor, cause the electronic lock (12) to: evaluate access for a user (6) based on data stored in the secure data storage (22) and control the lock hardware (68) based on the evaluation; and an untrusted environment (67b) comprising untrusted software (25, 26) that is prevented from bypassing the lock-core software module (20) to control the electronically-controllable lock hardware (68).
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/87 - Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
G06F 21/74 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
G07C 9/00 - Individual registration on entry or exit
An actuating device (12a, 12b, 12c) for a lock device (10) comprising a stationary structure (90) having a credential receiver (40) for receiving a credential input (42) from a user; an actuating element (16) rotatable about an actuation axis (18) relative to the stationary structure by direct manipulation by the user, where the stationary structure is arranged at least partly inside the actuating element; a locking member (24) movable between a locked position (106) and an unlocked position (no); and an electromechanical transfer device (y2a-y2c) arranged, based on the credential input, to adopt a disabled state (104), in which the locking member cannot be moved from the locked position to the unlocked position by rotation of the actuating element, and an enabled state (108) in which the locking member can be moved from the locked position to the unlocked position by rotation of the actuating element; wherein the credential receiver is at least partly arranged radially inside the actuating element with respect to the actuation axis.
A method of integrating a logical access control system with a physical access control system is disclosed. A soft token is received at a hardware accessory from a client device of a user. The soft token includes a payload. The payload includes information about the user that is stored in a user profile of the logical access control system. Based on a verifying of the soft token using a certificate extracted from a trust store of the hardware accessory, the information about the user that is included in the payload is parsed. Based on the information about the user satisfying one or more access criteria of a reader associated with a physical access control system, the reader is triggered. The triggering includes emulating a transaction associated with the physical access control system.
It is provided a method for finding faults in firmware for a lock device. The method is performed by a test device. The method comprises the steps of: receiving data indicating an event that results in operation of the firmware in a test lock device, the test lock device being capable of performing at least some of the functions of the lock device; sampling a plurality of measurements that are indicative of power use by the test lock device over time, wherein the measurements are captured to cover at least part of the operation of the firmware by the test lock device based on the event; and determining that a potential fault occurs in the firmware for the event when the sampled measurements fail to correspond to the event, based on previously recorded data for the same type of event.
Systems and methods may be used for preconditioning a model, such as for face recognition. The preconditioning may include obtaining a set of facial images, generating, from a plurality of facial images of the set, a plurality of sets of cropped images, each cropped image in the plurality of sets of cropped images including a portion of a face of an image representing a respective set, and preconditioning a machine learning model using the plurality of sets of cropped images. The machine learning model may be refined, such as using a labeled set of captured images of real faces, in an example.
It is provided a method for providing a privacy-enhanced delegated access right to unlock a physical lock. The method comprises: obtaining a derivation scalar; receiving a cryptographically signed delegation from the delegator device, the delegation being a data object comprising a public key of the delegator device, a public key of the physical lock, and a derived public key for the delegatee device, and wherein the delegation is cryptographically signed using a secret key that is paired with the public key of the delegator device; obtaining a source secret key for the delegatee device, the source secret key being paired with the source public key; calculating a derived secret key for the delegatee device using the source secret key for the delegatee device and the derivation scalar; providing the delegation to the physical lock; and authenticating the delegatee device with the physical lock using the derived secret key.
It is provided a method for handling access rights for access to a physical space (16a-g), comprising: communicating (40) with a credential (2) of a user (5), based on short-range wireless communication; determining (42) that the credential (2) does not currently have access rights to access the physical space (16a-g); finding (44) a communication address to a superior (6) to the user (5); generating (46) an increased-access request message, comprising a link that, when activated, adds a first access role to the user (5); sending (48) the increased-access request message to the address of the superior (6); receiving (50) an indication that the superior has activated the link, adding the first access role to the user (5); and granting (52) access for the user (5) to the physical space (16a-g).
It is provided a people detector for detecting when people pass through a doorway of a door by which the people detector is installed. The people detector comprises: a people sensor; a processor; and a memory storing instructions that, when executed by the processor, cause the people detector to: receive a door status signal indicating opening status of the door; determine when a person passes through the doorway based on the people sensor and the door status signal.
A brake device (12a, 12b) comprising a hard magnet (20); a soft magnet (22) configured to switch polarity between a first polarity and a second polarity when being subjected to a magnetic field and configured to maintain the polarity when the magnetic field is removed; an electric coil (24) located around the soft magnet; an electric control system (16) configured to apply a current pulse to the electric coil to generate the magnetic field for changing the polarization of the soft magnet; and a brake element (18) comprising a magnetic target section (28), the brake element being arranged to move to a released position (40) when the soft magnet adopts the first polarity, and arranged to move to a braking position (64) due to a magnetic field generated by the hard magnet and the soft magnet in combination and acting on the magnetic target section when the soft magnet adopts the second polarity.
It is provided a method for enabling training of a machine learning, ML, model, for monitoring a person based on a data feed capable of depicting a person. The method is performed by a training data provider (i). The method comprises: obtaining (40) a data feed capable of depicting the person; selecting (42) a level of anonymisation, from a plurality of levels of anonymisation; anonymising (44) the data feed according to the selected level of anonymisation, resulting in a processed data feed; and transmitting (47) the processed data feed as training data for training a central ML model in a central node. Different levels of anonymisation are available and a change in level can be requested by the central node.
G08B 21/04 - Alarms for ensuring the safety of persons responsive to non-activity, e.g. of elderly persons
G08B 29/24 - Self-calibration, e.g. compensating for environmental drift or ageing of components
G06V 10/70 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning
G08B 13/196 - Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems using television cameras
G08B 29/18 - Prevention or correction of operating errors
A method of provisioning an authentication device of an authentication system comprises sending an authentication application from an authentication system backend server to a backend network of a cellular network operator; verifying, by the backend network of the cellular operator, the authentication application and including the authentication application in an operator profile; sending the authentication application with the operator profile from the backend network of the cellular network operator to a local profile assistant (LPA) of the authentication device; and installing the authentication application in a secure zone of the authentication device using the LPA.
A method of encoding a credential device of an authentication system comprises sending credential device information to a backend server of the authentication system using a mobile device, verifying ownership of the credential device and the mobile device using the backend server, generating, using the backend server, a quick response (QR) code that includes encoding information for the credential device, generating using the backend server a quick response (QR) code that includes encoding information for the credential device, decoding the QR code to retrieve the encoding information, and encoding the credential device with the encoding information.
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
A method of operating an access control system comprises detecting one or more physical access portals using an application of a mobile device; displaying notifications for the one or more physical access portals on a display screen of the mobile device; receiving a selection of a physical access portal using a user interface of the mobile device; establishing a secure communication channel with a secure relay device associated with the selected physical access portal; sending an encrypted access token stored in the mobile device to the secure relay device; and granting access by the secure relay device to the selected physical access portal according to the encrypted access token.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
A method of operating an access control system comprises receiving, by a mobile device, an identification of a physical access portal; verifying access credential information stored in the mobile device using a verification application of the mobile device; establishing a secure communication channel with a secure relay device associated with the physical access portal; sending an encrypted access token stored in the mobile device to the secure relay device; and granting access by the secure relay device to the physical access portal according to the encrypted access token.
A system, computer readable medium, and method are configured to control access to a secure asset. A scanning system includes a lens system configured to sense light rays and a sensor board configured to capture image data. An electronic memory is configured to store a credential of a subject and a gesture key sequence. A processor is configured to acquire images over time of a biometric presentation of the subject, identify at least one of the images as corresponding to the subject, access the gesture key sequence from the electronic memory, identify gestures performed over time by the subject in the images, compare the gestures as identified to the gesture key sequence, and grant access to the secure asset to the subject based on the gestures as identified matching the gesture key sequence and the subject being identified in at least one of the images.
It is provided a method for enabling access, using a temporary passcode (25. 25a-f), to a physical space (16) secured by an electronic lock (12). The method is performed in a passcode provider (1). The method comprises: synchronising (40) with the electronic lock (12) to align times for temporary passcode generation; receiving (42) a signal to provide a temporary passcode for unlocking the electronic lock; determining (44) a temporary passcode, the temporary passcode being valid only until an end time at the electronic lock (12); and providing (46) the temporary passcode for forwarding to a temporary passcode recipient.
It is provided a method a method for identifying a health emergency of a user. The method is performed in a behaviour determiner. The method comprises: obtaining, from an access control system, access data of the user, the access data indicating when the user has accessed an electronic lock in the access control system to gain access to a physical space secured by the electronic lock; determining that the access data indicates a health emergency; and transmitting an alert message, indicating the health emergency for the user.
Methods and systems (100) for trajectory prediction are provided. The methods and systems (100) include operations comprising: receiving (501) a plurality of observed speed points; processing (502) the plurality of observed speed points corresponding to the observed trajectory by a machine learning technique to generate a plurality of predicted speed points, the machine learning technique being trained to establish a relationship between a plurality of training observed speed points and training predicted speed points; determining (503) a future trajectory based on the plurality of predicted speed points, each of the plurality of predicted speed points corresponding to a different slice of a plurality of slices of the future trajectory; determining (504) that a target access control device is within a threshold range of the future trajectory; and performing (505) an operation associated with the target access control device (110).
It is provided a method for enabling training of a hidden Markov model, HMM, for monitoring a person based on a data feed capable of depicting a person. The method is performed by a local training device (1) and comprises: receiving (40) a central HMM from a central node (9); obtaining (42) a data feed capable of depicting the person; training (44) the received HMM based on the data feed, resulting in a locally trained HMM; transmitting (46) the locally trained HMM to the central node (9) for aggregation with other locally trained HMMs; receiving (48) an updated HMM from the central node (9); and assigning (50) each state in the updated HMM to one state of a set of monitoring states, wherein each monitoring state indicates a state of the person.
A coupling arrangement (12) for a lock device (10), the coupling arrangement comprising an input and an output element (14, 18) rotatable about a rotation axis (16); an engaging member (34) movable between a first and second position (80, 88); an electric motor (36) arranged to affect movement of the engaging member between the first and second position; a coupling member (38) rotationally locked to the input element and axially movable relative to the input element between a decoupled position (82), where a rotation of the input element is not transmitted by the coupling member to a rotation of the output element, and a coupled position (90), where a rotation of the input element is transmitted by the coupling member to a rotation of the output element; and a transmission mechanism (56) arranged to transmit a rotation of the coupling member to a movement of the coupling member from the decoupled position to the coupled position when the engaging member adopts the second position.
An actuator (10a-10d) comprising a primary core member (12) having a first and second primary section (44, 46) and a primary coil section (48), the primary core member being arranged to adopt a first and second primary polarity; a primary electric coil (30) wound around the primary coil section and arranged to provide the first and/or second primary polarity in the primary core member; a secondary core member (14) having a first and second secondary section (50, 52), the secondary core member being arranged to adopt a first and second secondary polarity; and a movable member (16) comprising at least one magnet (20, 84, 86) and being movable between a first position (18), in which the at least one magnet is magnetically forced towards the first primary section and towards the first secondary section, and a second position (40), in which the at least one magnet is magnetically forced towards the second primary section and towards the second secondary section.
H02K 33/12 - Motors with reciprocating, oscillating or vibrating magnet, armature or coil system with armatures moving in alternate directions by alternate energisation of two coil systems
H01F 7/122 - Guiding or setting position of armatures, e.g. retaining armatures in their end position by permanent magnet
Methods and systems for trajectory and intent prediction are provided. The methods and systems include operations comprising: receiving an observed trajectory of a user and user behavior information; processing the observed trajectory by a machine learning technique to generate a plurality of predicted trajectories, the machine learning technique being trained to establish a relationship between a plurality of training observed trajectories and training predicted trajectories; adjusting the plurality of predicted trajectories based on the user behavior information to determine user intent to operate a target access control device; determining that the target access control device within a threshold range of a given one of the plurality of predicted trajectories; and in response to determining that the target access control device is within the threshold range of the given one of the plurality of predicted trajectories, performing an operation associated with the target access control device.
Techniques for detecting tapering of a physical access control device or a barrier secured by the physical access control device are provided. In an example, an apparatus to control physical access to a secure area via an opening can include multiple tamper sensors. The controller can generate a tamper signal based on a discrepancy between signals received form the multiple tamper sensors and one or more profile signals.
It is provided a method for providing training data for a machine learning model for monitoring a person based on video data. The method is performed by a training data provider (1). The method comprises: obtaining (40) a data feed of the person, wherein the data feed comprises a series of images that preserves a privacy of the person; generating (42) fake video data of a fictive person, such that a face of the fake video data is a computer-generated face; combining (44) the data feed with the fake video data, resulting in training data; and providing (46) the training data for training the machine learning model.
It is provided a method for configuring access rights for an electronic key (2) forming part of an access control system (10) comprising a plurality of electronic locks (12a-c, 13a-c, 14a-c) for securing access to respective physical spaces. The method is performed in a configuration device (1) and comprising: setting (40) a baseline configuration of access rights for the electronic key (2); receiving (42) access data, indicating at least one instance of the electronic key (2) being granted access by one of the plurality of electronic locks (12a-c, 13a-c, 14a-c); and adjusting (44) the configuration of access rights for the electronic key to restrict access compared to the baseline configuration, based on the access data.
A method of device authentication comprises transmitting a data stream from a first endpoint device to a second endpoint device. The data stream includes a first data stream portion including unencrypted data that includes an ephemeral public key of an ephemeral key pair, and an encryption algorithm identifier; a second data stream portion including encrypted data that includes a first counter value and an identity of the first endpoint device; and a third data stream portion including encrypted data that includes a second counter value and an identity of the second endpoint device. The method of device authentication further comprises the second endpoint device authenticating the first endpoint device using the first, second, and third data stream portions.
It is provided a method for enabling training a machine-learning, ML, model for trigger-word detection, the method being performed in a training data provider (1). The method comprises: receiving (40) sound-based data, the sound-based data being based on sounds captured in a space to be monitored; determining (42) that the sound-based data corresponds to a trigger word, and labelling this sound-based data to correspond to the trigger word; and providing (44) the labelled sound-based data to train the ML model.
G10L 25/24 - Speech or voice analysis techniques not restricted to a single one of groups characterised by the type of extracted parameters the extracted parameters being the cepstrum
87.
CONTROLLING ACCESS BASED ON A MACHINE-LEARNING MODEL
It is provided a method for controlling access to a physical space secured by an electronic lock. The method is performed in an access evaluator and comprises: obtaining one or more input parameters relating to a user requesting access to the restricted physical space; evaluating a first access condition based on a credential presented by the user; evaluating a second access condition using a machine-learning model, based on the one or more input parameters; and unlocking the electronic lock when both the first access condition and the second access condition are evaluated to be true.
G06F 21/32 - User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
G07C 9/25 - Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
88.
SECURE ELEMENT ARRAYS IN INTERNET-OF-THINGS SYSTEMS
Systems and methods for providing secure execution of functions for edge devices include a plurality of edge devices, a controller, and an array of secure elements. The edge devices are each configured to obtain data for an application of the system. The controller is connected to communicate with the edge devices to receive the data from each of the edge devices. The array of secure elements is connected to the controller, and each secure element executes functions using the data received from the edge devices. The controller associates an identified secure element of the array of secure elements with a respective edge device to execute the functions for data received from the respective edge device, and the controller is connected to communicate a result of the executed functions to the respective edge device.
H04L 1/18 - Automatic repetition systems, e.g. Van Duuren systems
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G07C 9/00 - Individual registration on entry or exit
89.
ACCESS CONTROL WITH FACE RECOGNITION AND HETEROGENEOUS INFORMATION
The use of multimodal face attributes in facial recognition systems is described. In addition, use of one or more auxiliary attributes, such as a temporal attribute, can be used in combination with visual information to improve the face identification performance of a facial recognition system. In some examples, the use of multimodal face attributes in facial recognition systems can be combined with the use of one or more auxiliary attributes, such as a temporal attribute. Each of these techniques can improve the verification performance of the facial recognition system.
It is provided a method for providing data for training a machine learning model. The method is performed in a training data provider (l) and comprises the steps of: obtaining (40) a data structure comprising a chain of delegations, the chain of delegations covering a delegation path from a media capturing device (3) to the training data provider (1) such that, in the chain of delegations, each delegation is a delegation from a delegator to a receiver; sending (42) a key request to a delegation verifier (2), the key request comprising the data structure; receiving (44) a decryption key from the delegation verifier (2); obtaining (46) encrypted media data captured by the media capturing device (3); decrypting (48) the encrypted media data, resulting in decrypted media data; and providing (50) the decrypted media data for training the machine learning model.
G08B 21/02 - Alarms for ensuring the safety of persons
G16H 50/20 - ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for computer-aided diagnosis, e.g. based on medical expert systems
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
A verifier device of an authentication system comprises physical layer circuitry and processing circuitry coupled to the physical layer circuitry. The processing circuitry is configured to encode an authentication command for sending to a credential device; decode a response communication received from the credential device, wherein the response communication includes a first random number; encrypt the first random number, a second random number, and verifier keying material for sending to the credential device; decrypt encrypted information received from the credential device, wherein the encrypted information includes the first random number, the second random number, and receiver keying material; and calculate a session encryption key using the verifier keying material and the receiver keying material.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
92.
ARRANGEMENT FOR LOCK DEVICE, LOCK DEVICE COMPRISING ARRANGEMENT, AND METHOD
An arrangement (10, 82) for locking and unlocking a lock device (58, 74), the arrangement (10, 82) comprising a transfer element (12) movable between a protruded position (42) and a retracted position (56); a core member (14) of soft magnetic material, the core member (14) comprising a coil section (20); an electric coil (16) wound around the coil section (20); and a blocking member (48) comprising a magnet (18), the blocking member (48) being movable between a blocking position (50), in which the magnet (18) establishes a magnetic circuit through the coil section (20) and the blocking member (48) blocks movement of the transfer element (12) to the retracted position (56), and an unblocking position (54), in which the magnet (18) establishes a magnetic circuit through the coil section (20) and the blocking member (48) unblocks movement of the transfer element (12) to the retracted position (56). A lock device (58, 74) comprising an arrangement (10, 82), and a method of controlling a lock device (58, 74), are also provided.
An arrangement (10) for a lock device (88a, 88b), the arrangement (10) comprising an input member (12, 106); a coupling member (26) movable between an uncoupled position (34) and a coupled position (80); an electromechanical actuator (28) comprising an actuating member (42) linearly movable between an uncoupling actuating position (44) and a coupling actuating position (78); and a torsion spring (30) having a first leg (62) and a second leg (64) movable away from each other against a deformation of the torsion spring (30), wherein the actuating member (42) is arranged to engage the first leg (62) and the second leg (64) is arranged to engage the coupling member (26) when the coupling member (26) is in the uncoupled position (34) and the actuating member (42) moves from the uncoupling actuating position (44) to the coupling actuating position (78). A lock device (88a, 88b) comprising an arrangement (10) is also provided.
It is provided a system comprising a lock device and a key device for use in access control to a physical space. The key device comprises: an electronic key module configured to communicate with an electronic lock module of the lock device for access control; and a permanent magnet configured to close a magnetically controllable switch of the lock device to thereby power an electronic lock module of the lock device. The lock device comprises: the electronic lock module configured to communicate with the electronic key module to evaluate whether to grant access; a power source; and the magnetically controllable switch provided between the power source and the electronic lock module such that the magnetically controllable switch is closable by the permanent magnet of the key device to power the electronic lock module.
A reader device of an access control system comprises physical layer circuitry and processing circuitry. The processing circuitry is operatively coupled to the physical layer circuitry and is configured to initiate transmission of a command to a credential device; determine a time duration from sending the command to the credential device to receiving a response to the command from the credential device; and generate an indication when the time duration exceeds a relay attack detection threshold time duration.
An actuating device (12) comprising a stationary structure (20); an actuating element (22) rotatable relative to the stationary structure (20); an electric power source (24, 82); a spindle (26) arranged to be rotated by rotation of the actuating element (22); a locking member (28) movable between a locked position (66) and an unlocked position (86); an electromechanical transfer device (30, 84) arranged in the spindle (26), the transfer device (30, 84) being configured to adopt a locked state (68) and an unlocked state (78); a receiver device (34) fixed with respect to the spindle (26), the receiver device (34) being electrically connected to the transfer device (30, 84); and a transmitter device (32) fixed with respect to the stationary structure (20) and arranged to be electrically powered by the power source (24, 82), the transmitter device (32) being configured to wirelessly transmit power to the receiver device (34).
A computing machine accesses conventional image data comprising a photograph of a first person. The computing machine converts, using a conventional image neural network adapter engine, the conventional image data into a model data format representing the first person, wherein the model data format is a format that is standardized for both conventional image data and stereo pair image data. The computing machine generates, using a biometric task neural network engine and based on the model data format data representing the first person, a task output representing the first person. The computing machine transmits a representation of the task output representing the first person.
An arrangement (16) for controlling movements of an access member (12) relative to a frame (14), the arrangement (16) comprising a base section (18) for connection to either the access member (12) or the frame (14); a fixation part (20) for connection to the other of the access member (12) and the frame (14); a flexible elongated element (22) configured to be tensioned to thereby force the base section (18) and the fixation part (20) to move towards each other in a relative closing movement (86); and a braking device (82) arranged to brake a speed of the relative closing movement (86).
E05F 1/02 - Closers or openers for wings, not otherwise provided for in this subclass gravity-actuated
E05F 1/10 - Closers or openers for wings, not otherwise provided for in this subclass spring-actuated for swinging wings
E05F 3/16 - Closers or openers with braking devices, e.g. checks; Construction of pneumatic or liquid braking devices with friction brakes
E05F 15/627 - Power-operated mechanisms for wings using electrical actuators using rotary electromotors for swinging wings operated by flexible elongated pulling elements, e.g. belts, chains or cables
99.
ARRANGEMENT FOR CONTROLLING MOVEMENTS OF ACCESS MEMBER, ACCESS MEMBER, FRAME, AND ACCESS MEMBER SYSTEM
An arrangement (16) for controlling movements of an access member (12) relative to a frame (14), the arrangement (16) comprising a base section (18) for connection to either the access member (12) or the frame (14); a fixation part (20) for connection to the other of the access member (12) and the frame (14); a connection device (22, 64) arranged between the base section (18) and the fixation part (20), and connected to the base section (18) and the fixation part (20); a closing force device (44) configured to exert a force on the connection device (22, 64) to thereby force the base section (18) and the fixation part (20) to move towards each other in a relative closing movement (60); and a magnet (50) arranged to force the base section (18) and the fixation part (20) towards each other by means of magnetic force.
It is provided a method for determining when a portable key device is located on a front side or on a back side in relation to a barrier secured by an electronic lock. The method is performed in a location determiner and comprises the steps of: obtaining a channel impulse response, CIR, based on an impulse signal transmitted from the portable key device, the CIR being based on a plurality of samples of the impulse signal as received by an antenna being fixedly mounted in relation to the electronic lock; and determining, based on the CIR, whether the portable key device is located on the front side or on the back side.
patents
