`US007706778B2
`
`c12) United States Patent
`Lowe
`
`(IO) Patent No.:
`(45) Date of Patent:
`
`US 7, 706, 778 B2
`Apr. 27, 2010
`
`(54) SYSTEM AND METHOD FOR REMOTELY
`ASSIGNING AND REVOKING ACCESS
`CREDENTIALS USING A NEAR FIELD
`COMMUNICATION EQUIPPED MOBILE
`PHONE
`
`(75)
`
`Inventor: Peter R. Lowe, Peyton, CO (US)
`
`(73) Assignee: Assa Abloy AB, Stockholm (SE)
`
`( *) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 600 days.
`
`(21) Appl. No.: 11/397,542
`
`(22) Filed:
`
`Apr. 3, 2006
`
`(65)
`
`Prior Publication Data
`
`US 2006/0224901 Al
`
`Oct. 5, 2006
`
`Related U.S. Application Data
`
`(60) Provisional application No. 60/668,828, filed on Apr.
`5, 2005.
`
`(51)
`
`Int. Cl.
`H04M 1166
`(2006.01)
`H04L 29106
`(2006.01)
`(52) U.S. Cl. ........................ 455/411; 713/200; 713/158
`( 58) Field of Classification Search . ... ... ... ... .. .. 713/200,
`713/201, 158; 455/403, 461, 414, 412, 411;
`705/1
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`6,374,356 Bl
`6,577,229 Bl
`6,668,322 Bl
`6,719,200 Bl
`6,766,450 B2
`6,859,650 Bl
`6,895,234 Bl *
`2003/0023874 Al*
`2004/0059590 Al*
`200410177270 Al *
`2004/0180646 Al*
`2008/0163361 Al
`
`412002
`6/2003
`12/2003
`412004
`7/2004
`212005
`512005
`1/2003
`3/2004
`912004
`912004
`712008
`
`Daigneault et al.
`Bonneau et al.
`Wood et al.
`Wiebe
`Micali
`Ritter
`Laursen et al. .............. 455/403
`Prokupets et al ............ 713/201
`Mercredi et al. ............... 705/1
`Little et al . ................. 713/200
`Donley et al. ............... 455/411
`Davis et al.
`
`FOREIGN PATENT DOCUMENTS
`
`WO
`WO
`
`WO 2004/025545
`WO 2005/024549
`
`3/2004
`3/2005
`
`OTHER PUBLICATIONS
`
`Phillips Semiconductoers-"Near Field Communication PN511-
`Transmision module." (Feb. 2004) (18 pages).
`Nokia-"Use Cases" http://www.nokia.com (Copyright 2005) (2
`pages).
`
`(Continued)
`
`Primary Examiner-Charles N Appiah
`Assistant Examiner-Kiet Doan
`(74) Attorney, Agent, or Firm-Sheridan Ross P.C.
`
`(57)
`
`ABSTRACT
`
`The present invention is generally directed toward a mobile
`device that can be used in a secure access system. More
`specifically, the mobile device can have credential data
`loaded thereon remotely updated, enabled, disabled, revoked,
`or otherwise altered with a message sent from, for example, a
`control panel and/or controller in the system.
`
`5,903,845 A *
`
`5/1999 Buhrmann et al.
`
`.......... 455/461
`
`42 Claims, 5 Drawing Sheets
`
`Communication
`Network
`
`136
`
`Mobile
`Device
`
`120
`
`Reader
`
`Mobile
`Device
`
`130
`
`J
`
`100
`
`Page 1 of 15
`
`SPECTRUM EX. 1001
`Spectrum Brands v. Assa Abloy
`US Patent No. 7,706,778
`
`
`
`US 7,706,778 B2
`Page 2
`
`OTHER PUBLICATIONS
`
`Esato-"Nokia Launches NFC Shell for Mobile Payments" http://
`www.esato.com/news/article.php/id=B6 (Feb. 25, 2005) (3 pages).
`NFC Forum-"About Near Field Communication" http://www.nfc(cid:173)
`forum.org/aboutnfc/ (Copyright 2005) (3 pages).
`Indala-"Product Families" www.indala.com/products/index.html
`(Copyright 2004) (2 pages).
`
`International Search Report for International (PCT) Patent Applica(cid:173)
`tion No. PCT/US06/15304, mailed Jun. 11, 2008.
`Written Opinion for International (PCT) Patent Application No.
`PCT/US06/15304, mailed Jun. 11, 2008.
`
`* cited by examiner
`
`Page 2 of 15
`
`
`
`Communication
`Network
`
`136
`
`1081
`
`102
`
`Controller
`
`Hub
`
`1..
`
`..1 Reader
`
`... ... ... ... ...
`
`', ...
`
`.......... ___ ) ___ _
`
`1..
`
`..1 Reader
`
`Database
`
`129
`
`124
`
`J
`
`100
`
`130
`
`Fig. 1
`
`1082
`
`• •
`•
`
`Reader
`
`108N
`
`)
`
`120
`
`1121
`
`Mobile
`Device
`
`Mobile
`Device
`
`1122
`
`• •
`•
`
`Mobile
`Device
`
`112 K
`
`~
`00
`•
`~
`~
`~
`
`~ = ~
`
`>
`'e :-:
`
`N
`~-....J
`N
`
`0 ....
`
`0
`
`('D
`('D
`
`1J1 =(cid:173)
`.....
`....
`0 .....
`Ul
`
`d
`rJl
`-....l
`
`~
`-....l
`
`~ = 0--,
`00 = N
`
`Page 3 of 15
`
`
`
`204----._.
`
`30-
`2
`
`I""--.
`["\
`
`RF Mod/Demod
`Unit
`
`-
`
`36,
`-
`
`. /
`
`i
`
`+
`
`Antenna
`
`234
`L./
`
`Processor
`
`,a
`
`(212
`
`I
`
`Memory
`
`200
`
`226
`
`208--.........
`
`RF Mod/Demod
`Unit
`
`RF Antenna
`
`Power
`Source
`
`224
`
`Fig. 2
`
`\
`\.
`216
`-----------------,
`RF Rectifier
`·---- ----- - - -
`
`I
`I
`I
`I
`I
`I
`
`I
`I
`I
`I
`
`1
`
`220
`
`112
`
`~
`00
`•
`~
`~
`~
`
`~ = ~
`
`12 0
`- / -
`
`-
`
`~
`
`>
`'e :-:
`
`N
`~-....J
`N
`
`0 ....
`
`0
`
`('D
`('D
`
`1J1 =(cid:173)
`.....
`N
`0 .....
`Ul
`
`d
`rJl
`-....l
`
`~
`-....l
`
`~ = 0--,
`00 = N
`
`Page 4 of 15
`
`
`
`U.S. Patent
`
`Apr. 27, 2010
`
`Sheet 3 of 5
`
`US 7, 706, 778 B2
`
`Start
`
`300
`
`Credential Information
`Changed at
`Control Panel
`
`304
`
`Update Credential
`Information at
`Database
`
`Determine Mobile
`Device Associated
`With Changed
`Credential Information
`
`308
`
`312
`
`Send Message
`to Determined
`Mobile Device
`
`Update Memory
`of Mobile
`Device
`
`316
`
`~-320
`
`Fig. 3
`
`Page 5 of 15
`
`
`
`U.S. Patent
`
`Apr. 27, 2010
`
`Sheet 4 of 5
`
`US 7, 706, 778 B2
`
`Start
`
`Determine Time
`Interval Between
`Credential Updates
`
`404
`
`Determine New
`Credential Information
`
`408
`
`Send New
`Credential Information
`to Readers
`
`_,.---.......,
`
`412
`
`Send New
`~----i Credential Information
`to Mobile Devices
`
`416
`
`420
`
`Determine Time
`Elapsed Since Last
`Credential Update
`
`Time Elapsed > =
`Update Interval?
`
`Yes
`
`424
`
`Fig. 4
`
`Page 6 of 15
`
`
`
`U.S. Patent
`
`Apr. 27, 2010
`
`Sheet 5 of 5
`
`US 7, 706, 778 B2
`
`Start
`
`Activity Detected
`at a Reader
`
`504
`
`Determine
`Information Related
`to the Activity
`
`508
`
`Relay Information
`to a Mobile Device ?
`
`No
`
`Yes
`
`Determine Mobile
`Device to Relay
`Information to
`
`Send Determined
`Mobile Device the
`Information
`
`512
`
`516
`
`520
`
`524
`
`End
`
`Fig. 5
`
`Page 7 of 15
`
`
`
`US 7,706,778 B2
`
`1
`SYSTEM AND METHOD FOR REMOTELY
`ASSIGNING AND REVOKING ACCESS
`CREDENTIALS USING A NEAR FIELD
`COMMUNICATION EQUIPPED MOBILE
`PHONE
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`The present application claims the benefit, under 35 U.S.C.
`§ 119( e ), of U.S. Provisional Application Ser. No. 60/668,828
`filed Apr. 5, 2005, which is incorporated herein by this refer(cid:173)
`ence.
`
`FIELD OF THE INVENTION
`
`The invention is directed generally to using mobile devices
`in an access control system. Specifically, a mobile device
`utilizing near field communications protocol (NFC) may be
`used for controlling access to assets, places, or things by
`having access credentials remotely assigned and revoked.
`
`BACKGROUND OF THE INVENTION
`
`Radio frequency IDs (RFIDs ), like contactless smart cards,
`store credential information that can be used later to gain
`access to an asset. When presented to a reader/interrogator the
`smart card transmits the stored credential information for
`verification by the reader/interrogator. The reader/interroga(cid:173)
`tor processes the credential information and determines if the
`smart card being presented is a valid smart card. If the reader/
`interrogator determines that the credential information on the
`smart card is valid then the reader/interrogator sends the
`initiates any number of actions allowing the holder of the
`smart card access to a particular asset.
`NFC is a communication method that is showing great
`promise for communication between devices at short range.
`NFC may be regarded as the same protocol that is used by
`contactless smart cards working at 13.56 MHz. Several com(cid:173)
`panies are in the process of announcing mobile phones that
`incorporate an NFC chip. The communication protocol of a
`typical NFC chip can be seen for instance in Short Form
`Specification of the PN5ll-Transmission module, February
`2004 from Philips Semiconductors, which is herein incorpo(cid:173)
`rated by reference in its entirety.
`The protocol used in NFC can vary depending on the mode
`that the chip and reader/interrogator are in. For example, if an
`active NFC mode is used, both a reader/interrogator and
`target are using their own radio frequency (RF) field to enable
`communication between each other. A reader/interrogator is
`powered to generate an RF filed of a particular frequency, for
`instance at 13.56 MHz. The target has its own power supply
`for digital processing and communications. When the target
`receives a communication from a reader/interrogator, the tar(cid:173)
`get uses its own power supply to generate another RF field to
`answer the reader/interrogator. Communications can occur
`back and forth between the reader/interrogator and target.
`Alternatively, if a passive NFC mode is implemented, the
`target answers to a reader/interrogator command in a load
`modulation scheme. The target is not powered to generate its
`own RF field. Rather, the target uses energy from the RF
`created by the reader/interrogator to create its RF field and
`reply to be sent back to the reader/interrogator.
`If the NFC chip is coupled with a micro-processor, the chip
`may act like smart cards or the like where communication
`between a reader and card are performed to gain access to an
`asset. Typically a mobile phone includes a battery and the
`
`2
`NFC chip can be powered by that battery. If the chip derives
`power from the mobile phone battery, the NFC chip may
`communicate with an reader/interrogator according to the
`active protocol described above. Alternatively, the NFC chip
`can communicate with a reader/interrogator in a passive
`mode. This will eliminate the need for the chip to be powered
`by the battery of a mobile phone, which may increase the life
`of the battery.
`In most global system for mobile communication (GSM)
`10 devices, e.g., mobile phones, there is a Subscriber Identifica(cid:173)
`tion Module (SIM) that is a secure memory containing all of
`the owner's account information, as well as space available
`for additional applications such as an electronic purse for
`e-commerce. This memory is accessible from outside of the
`15 mobile device, i.e., remotely. Mobile devices carry a secure
`memory much like smart cards or the like and the new appli(cid:173)
`cations in NFC protocols enable the mobile device to perform
`functions like smart cards. The ability to have a mobile device
`also operate as a smart card creates a variety of new applica-
`20 tions for the device.
`Typical smart cards are a small, usually credit card shaped,
`device that contains at least a memory device for storing
`information and a transceiver to communicate with a reader/
`interrogator. The reader/interrogator communicates through
`25 the transceiver on the smart card to access the stored infor(cid:173)
`mation. The reader/interrogator may simply read the infor(cid:173)
`mation, load the information into the memory device or
`modify existing data in the memory device. For example, if
`the owner of a smart card uses a smart card containing finan-
`30 cial information to make a purchase, the reader/interrogator
`can read the information including the owner's identity and
`the availability of funds. The reader/interrogator can also
`deduct the purchase amount from the available funds if it has
`writing capabilities. Further, the reader/interrogator can store
`35 transaction data on the smart card including the time and
`location of the transaction in addition to the identity of the
`reader/interrogator.
`Smart cards have a variety of uses and can be utilized in any
`transaction that involves the exchange of data or information
`40 between individuals and an institution. For example, smart
`cards can be used to store information including medical
`records, financial information, vehicle maintenance informa(cid:173)
`tion, pet information, and a virtually limitless variety of other
`information traditionally printed on paper or plastic or stored
`45 on cards having a magnetic stripe or an optical bar code.
`Smart card technology has been particularly useful in bank(cid:173)
`ing systems and other financial transaction systems. Further(cid:173)
`more, smart cards have been widely used in access control
`systems. For example, an reader/interrogator may control
`50 doors that provide access to particular assets. The reader/
`interrogator only allows qualified individuals carrying smart
`cards, with proper credentials loaded thereon, access through
`control doors.
`In a conventional access control system, the door reader/
`55 interrogators positioned at ingress/egress points are con(cid:173)
`nected to a control panel. This control panel is kept up to date
`with the authorized codes corresponding to persons with
`authorized access to the location. When activity occurs, the
`control panel is updated with the activity information. For
`60 example, if the activity related to access gained through a
`particular door, the door and potentially the person who
`gained access are stored in the control panel log. Also, ifthe
`activity related to a financial transaction, the information
`relating to the transaction including amount and who per-
`65 formed the transaction are sent and stored at the control panel.
`There are, however, circumstances in which control panels
`associated with remote locations that are not regularly
`
`Page 8 of 15
`
`
`
`US 7,706,778 B2
`
`3
`updated. If a person's status changes from authorized to unau(cid:173)
`thorized, it might take a relatively long time for the control
`panel associated with a remote door to get the message and
`bar the credential associated with this person from access.
`Furthermore, typical access control systems are limited in
`that control panels, either localized or central, are the only
`source that tracks, logs, and monitors the activity associated
`with a given access point. When entries take place in these
`conventional access control systems, the information is sent
`to the control panel where it stays. If someone would like to be
`aware of activity associated with the access control system
`they are usually required to physically go to the control panel
`itself.
`
`SUMMARY OF THE INVENTION
`
`It is thus one aspect of the present invention to provide a
`system and method that automatically updates credentials on
`a mobile device immediately after authorization changes
`have been made. In one embodiment, the system and method
`provides a controller (e.g., a control panel, number of control
`panels, host computer, number of host computers, server, and
`the like), a plurality of readers, and a plurality of mobile
`devices. Each of the plurality of mo bile devices has a memory
`associated with them that stores credential information. The 25
`readers are typically associated with a particular asset (e.g., a
`door permitting access to a secure room, a computer permit(cid:173)
`ting access to secure information, a lock permitting access to
`a safe, etc.). The readers communicate with the mobile
`devices to determine if the credential information stored on 30
`the memory of the mobile device permits the person using the
`mobile device to access a particular asset. Credential infor(cid:173)
`mation is verified at the reader then transmitted to the con(cid:173)
`troller in order to notify security personnel or the like about
`the activity that has just taken place at the reader. When
`credential information is changed at the controller (e.g.,
`access rights for a particular user of a mobile device have been
`partially or fully revoked, updated, enabled, augmented,
`added, etc.), that changed information is relayed to the mobile
`device via a communication network. The memory of the 40
`mobile device is then updated to reflect the change that was
`logged at the controller.
`As used herein, a "credential" or "credential information"
`is any data, set of data, encryption scheme, key, and/or trans(cid:173)
`mission protocol used by a particular mobile device to verify 45
`its authenticity with a reader/interrogator.
`In another embodiment of the present invention, a system
`and method for periodically updating and/or enabling the
`credentials of a mobile device and/or reader is provided.
`Specifically, the controller updates the credential information 50
`of a mobile device on a predetermined periodic basis. Every
`predetermined period (e.g., every second, minute, hour, day,
`etc.) the credentials associated with one or a population of
`mobile devices is updated. At the same time, in one embodi(cid:173)
`ment of the invention, the information relating to the updated 55
`credentials is relayed to the readers so that when a valid
`mobile device is presented to a reader, the reader is aware of
`the updated credentials and can assess the validity of the
`mobile device appropriately. Alternatively, or in addition to
`updating the mobile device credentials, the mobile devices 60
`may require a periodic enablement of their credentials in
`order to maintain their validity. For example, the credential
`information associated with a particular mobile device may
`not change, but the information will be erased, expire, or the
`mobile device may not be allowed to transmit its credential 65
`information if it does not receive the periodic enablement
`messages from the controller. Therefore, when a user is no
`
`4
`longer permitted access to a particular asset, the automatic
`enablement messages are not sent to his/her mobile device. If
`a user has had their credentials revoked or changed for what(cid:173)
`ever reason, they may attempt to shield their mobile device
`from receiving any authorization disabling messages. By
`changing the logic of the mobile device such that the creden(cid:173)
`tials periodically time out unless an enabling message is
`received from the control panel, attempts to maintain or pro(cid:173)
`long authorized credentials by shielding mobile devices from
`10 a disabling message are thwarted.
`In yet another embodiment of the present invention, a
`system and method for relaying information associated with
`activities detected at a reader or set of readers to a mobile
`device is provided. Rather than keeping a log of the activity
`15 information only at the controller, selected mobile devices
`can receive the activity information from the controller. In a
`residential lock situation, the system can send a Short Mes(cid:173)
`sage Service (SMS) message/signal or the like to the mobile
`device of the homeowner. A homeowner at work may want to
`20 know when a child, housekeeper, or other person enters and
`exits their house. The selected mobile device could retrieve
`the message employing a number of other methods. For
`example, records of activities at a particular reader can be
`logged at that reader. A mobile device authorized to recover
`the activity log could be presented to the reader and the log file
`could be transferred to and displayed on the mobile device.
`Likewise, the reader (or the mobile device) could send the log
`file to a computer via email using various types of text mes(cid:173)
`saging protocols.
`These and other advantages will be apparent from the
`disclosure of the invention(s) contained herein. The above(cid:173)
`described embodiments and configurations are neither com(cid:173)
`plete nor exhaustive. As will be appreciated, other embodi(cid:173)
`ments of the invention are possible using, alone or in
`35 combination, one or more of the features set forth above or
`described in detail below.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a diagram depicting an exemplary system for
`authenticating mobile devices and remotely updating creden(cid:173)
`tials associated with the mobile devices in accordance with
`embodiments of the present invention;
`FIG. 2 is a block diagram depicting a mobile device in
`accordance with embodiments of the present invention;
`FIG. 3 is a flow chart depicting a method of remotely
`updating credentials associated with a mobile device in accor(cid:173)
`dance with embodiments of the present invention;
`FIG. 4 is a flow chart depicting a method of periodically
`updating credentials associated with a mobile device in accor(cid:173)
`dance with embodiments of the present invention; and
`FIG. 5 is a flow chart depicting a method of relaying access
`activity in an exemplary system to a mobile device in accor(cid:173)
`dance with embodiments of the present invention.
`
`DETAILED DESCRIPTION
`
`The present invention is generally directed toward a system
`and method for using mobile communication devices as per(cid:173)
`sonal credential verification devices. Specifically, the present
`invention utilizes communication techniques and protocols to
`automatically and remotely update credential information
`associated with one or a set of mobile devices.
`FIG. 1 depicts an access network 100 used to verify the
`identity of at least one mobile device. In one embodiment of
`the present invention, the system 100 comprises a controller
`102, a hub 104, a plurality ofreaders 108 1_m anda plurality of
`
`Page 9 of 15
`
`
`
`US 7,706,778 B2
`
`5
`mobile devices 1121 _k such that n and k are integers wherein
`n and k are greater than or equal to one, and typically k is
`greater than n. The plurality of readers 108 1_n may include
`readers 108 of the same type, as well as readers of different
`types. For example, a subset of the plurality ofreaders 1081 _n
`may be legacy readers (e.g. readers using older transmission
`protocols). Whereas another subset of the plurality of readers
`1081 _n may be newer readers utilizing improved and/or more
`secure protocols.
`In the depicted embodiment, the readers 108 are coupled to 10
`the controller 102 via the interconnecting hub 104 through
`interfaces 124and128. In an alternate embodiment, the read-
`ers 108 may be directly coupled to the respective inputs/
`outputs of the controller 102 via interface 129. Interfaces 124
`and 128 between the readers 108, the hub 104, and the con- 15
`trailer 102 and interface 129 are generally bi-directional
`interfaces, which may selectively be implemented in a form
`of wired, wireless, fiber-optic communication links, or com(cid:173)
`binations thereof. Even though the interfaces 124, 128, and
`129 are depicted as bi-directional interfaces, one of skill in art 20
`can appreciate that the interfaces 124, 128, and 129 may be
`implemented as unidirectional interfaces that use a unidirec(cid:173)
`tional communication protocol, for example, the Wiegand
`protocol.
`As can be appreciated by one of skill in the art, the inter- 25
`faces 124, 128, and 129 may be implemented utilizing buses
`or other types of connections. For example, the I/O ports may
`be one or more of a USB port, parallel port, serial port, Small
`Computer Systems Interface (SCSI) port, modem, Ethernet,
`and/or an RF interface. The protocols used to communicate 30
`between the controller 102 and the readers 108 may include
`one or more of the TCP/IP protocol, RS 232, RS 485, Current
`Loop, Power of Ethernet (POE), Bluetooth, ZigBee, GSM,
`WiFi, and other communication methods and protocols
`known in the art.
`Bi-directional RF interfaces 120 between a reader 108 and
`a mobile device 112 are automatically established when the
`mobile device 112 is placed within an active zone (not shown)
`of the interrogating reader 108. The active zone of the reader
`108 is defined as a three dimensional space where the inten(cid:173)
`sity of RF signals emitted by the reader exceeds a threshold of
`sensitivity of the mobile device 112 and the intensity of RF
`signals emitted by the mobile device 112 exceeds a threshold
`of sensitivity of the reader 108. The interface 120 shown can
`be between one or a number of readers 108 and one or a 45
`number of mobile devices 11. Furthermore, the interface 120
`may utilize known methods and protocols including NFC
`protocol, Infra Red communication methods, Bluetooth, Zig(cid:173)
`Bee, GSM, WiFi, and/or other protocols known to those of
`skill in the art.
`The controller 102 may be a general-purpose computer
`adapted for multi-task data processing and suitable for use in
`various settings including, but not being limited to, business,
`commercial, residential, and industrial settings. Examples of
`suitable types of controllers 102 include, but are not limited
`to, a control panel, a number of control panels, a host com(cid:173)
`puter, a processor, a server, combinations thereof, and other
`controllers known to those of skill in the art. A memory of the
`controller 102 comprises software program(s) containing a
`database ofrecords for the access system 100. Alternatively, 60
`a database 130 may be separated from the controller 102 as
`depicted in FIG. 1. The database 130, whether integral to the
`controller 102, separate from the controller 102, or both,
`maintains records associated with the readers 108, mobile
`devices 112 and their respective holders or users, algorithm(s) 65
`for acquiring, decoding, verifying, and modifying data con(cid:173)
`tained in the mobile device, algorithm(s) for testing authen-
`
`6
`ti city and validity of the mobile devices 112, and algorithm(s)
`for implementing the results of these tests. Specific configu(cid:173)
`rations of the controller 102 are determined based on and
`compliant with computing and interfacing capabilities of the
`readers 108 and/or the hub 104. As used herein, in reference
`to an individual or an object associated with a mobile device
`112, the terms a "holder" and a "user" are used interchange(cid:173)
`ably.
`Each reader 108 is adapted for exchanging information
`with the controller 102 and for requesting data from the
`mobile device 112 to verify the authenticity of the mobile
`device. Typically, a reader 108 is associated with a particular
`asset (e.g., a door protecting access to a secure room, a com(cid:173)
`puter lock protecting sensitive information or computer files,
`a lock on a safe, and the like). In one embodiment, upon
`verification of credential information stored on the mobile
`device 112, the reader 108 generates signals facilitating
`execution of the results of interrogating the mobile device
`(e.g., engages/disengages a locking mechanism, allows/dis(cid:173)
`allows movement of a monitored article, temporarily disables
`itself, activates an alarm system, provides access to a com-
`puter system, provides access to a particular document, and
`the like). Alternatively, the controller 102 may generate such
`signals.
`In addition to being proximity readers (e.g. readers that
`verify authenticity of smart cards, mobile devices and the
`like) the readers 108 may also have additional functionality.
`The readers 108 may include a keypad or other user input
`devices for receipt of additional user known passwords, con(cid:173)
`tact card identification devices, and biometric authentication
`devices including voice recognition, retina scanners, finger
`print analyzers, facial feature analyzers, and the like.
`In accordance with embodiments of the present invention,
`a stand-alone reader 108 may be utilized to perform the func-
`35 tionality of both the reader 108 and the controller 102. This
`stand-alone reader 108 may include, or have access to, the
`database 130 that contains data used to determine the authen(cid:173)
`ticity of a mobile device 112 and/or algorithm(s) used to make
`the determination of authenticity of the mobile device 112. A
`40 determination of authenticity for a mobile device 112 is made
`at the receiving point rather than having to transmit data
`across a network from the reader 108 to a controller 102 in
`order to make a determination of authenticity. The stand-
`alone reader is further operable to execute instructions based
`upon the analysis of the mobile device 112.
`A user typically carries the mobile devices 112 in order to
`verify his/her identity to a reader 108. Acceptable mobile
`devices 112 include, mobile cellular phones, personal digital
`assistants (PDAs), Blackberrys™, or any other mobile com-
`50 munication device that can be enabled for use in the access
`system 100 described. Essentially, the mobile device 112 can
`perform functions associated with typical mobile devices and
`can also act like a smart card, RFID, or other type of identi(cid:173)
`fication device. Typical identification devices utilize various
`55 protocols to communicate their credential information to a
`reader in order to gain access to a particular asset. The mobile
`devices 112, in accordance with embodiments of the present
`invention, are enabled to communicate with readers 108 in a
`similar fashion to that of smart cards and the like.
`In accordance with embodiments of the present invention,
`the controller 102 is able to communicate with at least one of
`the plurality of the mobile devices 112 using a communica(cid:173)
`tion network 116. The communication network 116 utilized
`may be a conventional mobile radio network, for example, a
`GSM network, a Digital Cellular System (DCS), or Personal
`Communications Systems (PCS). The interface 132 may be a
`wired or wireless interface allowing the controller 102 to
`
`Page 10 of 15
`
`
`
`US 7,706,778 B2
`
`10
`
`7
`communicate with various other entities connected to the
`communication network 116. The mobile device 112 com(cid:173)
`municates with the communication network 116 via interface
`136. The communication network 116 provides a way forthe
`controller 102 to automatically notify and/ or update informa(cid:173)
`tion to the mobile devices 112 related to the access system
`100. Additionally, the communication network 116 allows
`mobile devices 112 to communicate with each other.
`Referring now to FIG. 2, an exemplary mobile device 112
`will be described in accordance with embodiments of the
`present invention. In the depicted embodiment, the mobile
`device 112 comprises a memory 200, a processor 204, an RF
`receiver/transmitter 208 including an RF modulation/de(cid:173)
`modulation unit 212 and an RF antenna 216 for communica(cid:173)
`tion with a reader 108, an RF receiver/transmitter 230 includ(cid:173)
`ing an antenna 226 and an RF modulation/demodulation unit
`230 for communication with the communication network
`116, an optional RF rectifier 220, and a power source 224. The
`processor 204 (e.g., an application specific integrated circuit
`(ASIC), microprocessor, programmable controller, or the
`like) uses bi-directional interfaces to communicate with vari(cid:173)
`ous other parts of the mobile device 112.
`One or more of the above-noted parts, of the mobile device
`may be located on a subscriber identification module (SIM)
`card, which identifies the user in the communication network
`116. SIM cards are already utilized now in GSM, DCS, or
`PCS mobile apparatus, among other things. Also, the SIM
`card may be either a full-sized card or a plug-in card; it is 30
`connected to the mobile device through a contact region (not
`shown) on the surface of the card. Other card formats, as well
`as contact lists SIM cards, may, however, likewise be used
`within the scope of this invention. U.S. Pat. No. 6,859,650 to
`Ritter, which is herein incorporated by this reference in its 35
`entirety, describes using a SIM card located in a mobile
`device and an interface to communicate with external
`devices, without use of a mobile radio network.
`As can be seen in FIG. 2, the mobile device 112, in one
`embodiment, communicates with external devices via two
`bi-directional interfaces 120and136. For example, the inter(cid:173)
`face 120 where the RF antenna 216 transmits RF signals
`through free-space to be received by the reader 108. The
`reader 108 has a transceiver mounted thereon to receive the
`RF signals transmitted by the mobile device 112. The RF
`antenna 216 used by the mobile device 112 to create interface
`120 may be a coil made by winding of a wire, by printing or
`etching of a conductor film, or with strip lines. Depending on
`the application, a transmission frequency, for instance, of 125
`kHz, 13.56 MHz, 400 MHz or 5.2 GHz is used, the applied
`frequency also being dependent on the data transmission
`where needed. A frequency of about 13 .56 MHz is preferred.
`However, in order to ensure compatibility with the readers
`108, various other frequencies may be used. Through inter(cid:173)
`face 120, the mobile device 112 and the reader 108 can 55
`exchange data and programs with each other without contact
`and without making use of the communications network 116.
`As noted above, the interface 120 is created when the mobile
`device 112 enters an active region of a reader 108.
`The memory 200 of the mobile device 112 generally com- 60
`prises at least one array of non-volatile memory cells, e.g.,
`static random access memory (SRAM) cells or Flash
`Memory Cells, among other types of non-volatile memory
`cells. The memory 200 may also comprise at least one array of
`dynamic random access memory (DRAM) cells. Therefore a 65
`content of at least a portion of the memory 200 may be
`pre-programmed and write protected thereaft