ACCESS CONTROL SYSTEM

Abstract

An access control system is provided for controlling access to at least one secure area. The access control system includes credentials associated with a user and being for identifying the user to the access control system; administrator level permissions that have been set by an administrator and being for determining if the user is an authorised person in order to control access to the at least one secure area; and user level permissions that have been set by the user and being for determining if accessing the at least one secure area is in accordance with user preferences. The access control system is arranged to permit access to the at least one secure area when presented with credentials that both identify the user as being an authorised person for that secure area and also confirm that access by the user is in line with the user preferences.

Claims

1. An access control system for controlling access to at least one secure area, the access control system comprising: credentials associated with a user and being for identifying the user to the access control system; administrator level permissions that have been set by an administrator and being for determining if the user is an authorised person in order to control access to the at least one secure area; and user level permissions that have been set by the user and being for determining if accessing the at least one secure area is in accordance with user preferences; wherein the access control system is arranged to permit access to the at least one secure area when presented with credentials that both identify the user as being an authorised person for that secure area and also confirm that access by the user is in line with the user preferences.

2. An access control system as claimed in claim 1, wherein the secure area comprises an area of a building; and wherein the access control system controls doors or other access routes in order to control access to or exit from the secure area.

3. An access control system as claimed in claim 1, comprising an administrator input module accessible only to a set of operators with administrator level access to the system, and a user input module accessible only to the user.

4. An access control system as claimed in claim 3, wherein administrator input module is a part of a secure system configured for overall control of access to the secure areas; and wherein the user is not permitted any access to the secure area(s) unless they are identified as an authorised user via the administrator level permissions set via the administrator input module.

5. An access control system as claimed in claim 3, wherein the user does not have access to the administrator input module and/or the user is not authorised to change the administrator level permissions.

6. An access control system as claimed in claim 3, wherein the administrator input module is configured to define parameters that the user can adjust by use of the user input module; and wherein the administrator input module does not have the capability to change the user level permissions.

7. An access control system as claimed in claim 3, wherein the user level permissions can only be changed by the user acting via the user input module.

8. An access control system as claimed in claim 3, wherein the user input module does not enable the user to change the administrator level permissions; and wherein the user input module gives the user access to adjust the user level permissions in line with user preferences.

9. An access control system as claimed in claim 1, wherein the user preferences take into account characteristics of the secure area and/or of systems/environments within the secure area; and/or wherein the user preferences define characteristics that the user considers acceptable or unacceptable in terms of permitting entry into the secure area with reference to safety.

10. An access control system as claimed in claim 1, further comprising user level notification criteria that have been set by the user and being for determining if the user should receive a notification of details relevant to the user preferences prior to access to the secure area.

11. An access control system as claimed in claim 1, wherein the access control system also controls exit from the at least one secure area, with the access control system being arranged to permit exit from the at least one secure area when presented with credentials that both identify the user as being an authorised person for leaving that secure area and also confirm that exit by the user is in line with the user preferences.

12. An access control system as claimed in claim 1, wherein the user preferences in relation to user level permissions and/or user level notification criteria relate to one or more of: threshold environment parameters to be satisfied for entry into the secure area and comprising one or more of temperature, cleanliness, door or window status, air circulation levels, noise levels or any other measured environment parameter or signal; assessment of operation of devices within the secure area to avoid malfunction of some devices that the user considers to be dangerous; security status of the secure area; detection of air quality by smoke detectors or any other suitable sensors; numbers or density of other persons within the secure area; and/or presence or absence of specific other users or other categories of user; active and historical alarms/events known to the access control system, such as events resulting from the operation of devices and/or events resulting from human activity; historical, current or predicted state(s) of access control system or area; signals or data from external systems or cloud services.

13. An access control system as claimed in claim 1, wherein the administrator level permissions are based on policies determining if the user is permitted to access the secure area; and wherein these policies include static policies and dynamic policies.

14. A method of controlling access to a secure area, the method comprising using the access control system of claim 1, further comprising: the access control system detecting credentials associated with a user and using the credentials for identifying the user; determining if the user is an authorised person based on administrator level permissions that have been set by an administrator; and determining if accessing the at least one secure area is in accordance with user preferences based on user level permissions that have been set by the user; wherein user is permitted access to the secure area by the access control system when the credentials both identify the user as being an authorised person for that secure area and also confirm that access by the user is in line with the user preferences.

15. A computer program product comprising instructions which, when executed will configure an access control system to operate in accordance with the method of claim 14.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0049] Certain example embodiments of the present disclosure will now be described in greater detail, by way of example only and with reference to the drawing, in which:

[0050] FIG. 1 shows an access control system incorporating added user level permissions.

DETAILED DESCRIPTION

[0051] In a typical access control system, such as that of WO 2018/160560, an administrator sets permissions and this determines if a user can access a secure area or not, such as a room of a building. The user presents credentials to the access control system, for example by presenting a card, badge, or mobile device to a reader or other terminal, and the credentials are used to identify the user. An access decision is made based on the permissions controlled by the administrator of the access control system. If the user is authorised for access to the secure area then the access is permitted, such as by opening or unlocking a door or other access route.

[0052] With the proposed access control system, as shown in FIG. 1, there are multiple levels of permissions. In particular, the access control system comprises user level permissions 10 and administrator level permissions 12. These permissions 10, 12 may comprise dynamic or static policies as outlined above, and they may include areas of overlap as shown. An access decision 14 is made by the access control system based on both of the user level permissions 10 and the administrator level permissions 12. If both of the user level permissions 10 and the administrator level permissions 12 are satisfied then access is permitted 18, such as by opening or unlocking a door or other access route for the secure area. If either one of the user level permissions 10 or the administrator level permissions 12 are not satisfied then access is denied 16.

[0053] The access control system detects credentials 8 associated with a user and uses the credentials 8 for identifying the user, such as via a terminal (not shown) or any other suitable hardware and/or software as discussed above. The access control system is arranged to determine if the user is an authorised person based on the administrator level permissions 12 that have been set by an administrator; and also to determine if accessing the at least one secure area is in accordance with user preferences based on the user level permissions 10 that have been set by the user.

[0054] The access control system allows for setting and/or updating of the administrator level permissions 12 via an administrator input module 22, for example as discussed above, and allows for setting and/or updating of the user lever permissions 10 via a user input module 20.

[0055] The administrator input module 22 has the ability to define parameters that the user can adjust by use of the user input module 20, but the administrator input module 22 does not have the capability to change the user level permissions 10. In this embodiment, the user level permissions 10 can only be changed by the user acting via the user input module 20. Hence, the proposed access control system has two separate sets of permissions each being required to be satisfied for entry to a secure area, with one controlled only by the administrator (e.g. via an authorised person as above) and the other being controlled only by the user.

[0056] The user, via the user input module 20, adjusts the user level permissions 10 in line with user preferences. The user preferences take into account characteristics of the secure area and/or of systems/environments within the secure area. The user preferences may also take account of the time of day and/or external factors, such as the weather or other environment parameters. Historical information may also be taken into account, such as the time spent in the secure area or other areas in a prior time period and/or the number of visits in the prior time period.

[0057] The user preferences may also be used to determine user level notification criteria that can be taken into account at the same time as the user level permissions. The user preferences used for the user level notification criteria may be either in the same set of user preferences to those used for the user level permissions or they may be a different set of user preferences. The user level notification criteria can specify circumstances/characteristics where the user finds it acceptably to be permitted entry to the secure area (or other location, e.g. exiting the secure area) but wishes to be notified prior to entry.

[0058] User input module 20 may receive data in the form of internal data 30, such as data from the security system, and/or external data 31, such as data from other systems inside and/or outside the secure area, such as inside and/or outside a building or a room of a building. Thus, there may for example be input data from one or more of a fire system, an intrusion system, an intelligent building system, and/or cloud services like data from early warning systems for weather anomalies and hazards. This data may supply parameters enabling the input module to build a suitable set of user level permissions and user level notification criteria. Thus, the input module 20 may use the internal and/or external data to determine which preferences can be taken into account, such as via personal contract terms, and hence to determine what parameters to offer to the user when setting up the user level permissions and user level notification criteria. The access control system should thus have access to read the values of the related parameters this may be done by either the access control system (e.g. via a controller or processor thereof) or more specifically by the user input module.

[0059] The user input module can be separated from the other parts of the access control system. For example, it may be a separate application on the user's mobile device, this application may not be accessible by the administrator but may be configured to communicate with the access control system by secure and authorized connection. Thus, in that case the user level permissions (and optionally user level notification criteria can be evaluated by the user input module on the user device 20. In that case the access system will “ask” the user device 20 about the user level permissions (i.e. if they have been met) and the response from the user device 20 can be included during making of the access decision 14. The user device 20 may also be used for audible and/or visual notifications in relation to circumstances where the user has requested a notification before entering an area, as discussed elsewhere herein.

[0060] The hardware and software implementation of the access control system may incorporate similar features to existing systems, such as in relation to enabling unlocking of access doors and/or safe handling of credentials. The known systems of WO 2018/160560 and/or US 2020/312070 may for example be modified to incorporate the new features described herein.

[0061] The characteristics of the secure area taken into account for the user preferences may include one or more of: threshold environment parameters to be satisfied for entry into the secure area, such as one or more of temperature, cleanliness (e.g. timing since cleaning or meeting a certain quality of disinfection process), door or window status (e.g. requiring fully closed, or requiring at least one opening into outside air etc.), air circulation levels, or noise levels, for example; assessment of operation of devices within the secure area, for example to avoid malfunction of some devices that the user considers to be dangerous. [0062] security status of the secure area, such as if a possible security breach (e.g. a break in) has been detected in order to allow a user to ensure that they avoid accidental contact with a burglar. [0063] detection of air quality by smoke detectors or any other suitable sensors, for example to avoid values not acceptable and/or deemed not safe according to user preferences (e.g. with respect to allergies, suspicion of a fire, sensitivity to odour and so on). [0064] numbers or density of other persons within the secure area, such as to avoid entering an area with an excessive number of occupants or occupants beyond a threshold value for a given floor area. [0065] presence or absence of specific other users or other categories of user, for example to only enter certain areas when other personnel are present, or to avoid direct contact with other personnel or specific personnel, such as those who may present a risk in relation to infectious disease. [0066] active and historical alarms/events known to the access control system, such as events resulting from the operation of devices and/or events resulting from human activity. [0067] data from external systems, such as cloud services, fire system, intelligent building systems etc.

[0068] In each case the above may vary depending on the day and/or time of day, as well as potentially varying depending on external input regarding the secure area. For example, with reference to situations such as the covid-19 pandemic, the user preferences and the associated user level permissions may vary dependent on regulations in place as a result of national or local government. Thus, if a “lockdown” or otherwise increased level of restriction on citizens is declared then a more restrictive set of user preferences may be activated. Similarly, administrator controlled dynamic policies may be adjusted, such as to restrict the maximum occupancy of a room for all users.

[0069] The administrator level permissions are set based on similar considerations to known access control systems, such as that of WO 2018/160560 and/or as in the BlueDiamond™ system. The administrator level permissions may be based on policies determining if the user is permitted to access the secure area. These policies may include static policies indicating which of multiple users are authorised to access the secure area, with non-authorised users not being permitted access. The policies may also or alternatively include dynamic policies by which the administrator can set permissions based on dynamic events. The administrator policies may overlap with the user preferences, but as noted above the control of them is separated.

[0070] By way of a specific example: Users U1 and U2 have access to Area A1 (via administrator level permissions given by administrator).

[0071] User U1 has their own user level permissions (e.g. personal contract terms), which they have set for themselves (and which advantageously the administrator cannot change). In this example user U1 expects that temperature in Area A1<30 degrees C. and does not wish to enter an area exceeding that temperature.

[0072] User U2 has their own user level permissions (e.g. personal contract terms), which they have set for themselves (and which advantageously the administrator cannot change). In this example user U1 expects that temperature in Area A1>20 degrees C., and wishes to be warned if that condition is not met, i.e. access is permitted but a “warning” sound will notify the user.

[0073] In a first example circumstance, the current temperature in area A1=18 degrees.

[0074] when user U1 presents their credentials (e.g. swipes their badge/card) to enter into area A1 then access will be permitted (e.g. the door will open/unlock) since user U1 has permission at administrator level and the user lever permissions (e.g. personal contract terms) are met.

[0075] when user U2 presents their credentials (e.g. swipes their badge/card) to enter into area A1 presents their credentials (e.g. swipes their badge/card) but the card reader would play the “warning” sound notification.

[0076] In a second example circumstance the current temperature in area A1=32 degrees.

[0077] when user U1 presents their credentials to enter into area A1 then access is not permitted, since although user U1 has permissions given by administrator the requirements of the user level permissions are not met.

[0078] when user U2 presents their credentials to enter into area A1 then access is permitted and there is no warning sound, since user A2 has permissions given by the administrator and the requirements of the user lever permissions are met.

[0079] If the administrator removes permission for area A1 for either user U1 or U2 then they cannot enter into this area even if the temperature meets their expectations. If a user changes their expectations and hence makes changes to the user level permissions via the user level input module then the actions can be different. The user level permissions may include alternative or additional criteria such as those discussed above in relation to possible dynamic policies and characteristics of the secure area.