ACCESS CONTROL ARRANGEMENT, READING MODULE AND ACCESS CONTROL METHOD

Abstract

Access control arrangement having a reading module and at least one mobile terminal, wherein the mobile terminal comprises a coupling interface and the reading module comprises a mating interface, wherein the interface and the mating interface are configured to wirelessly connect the reading module and the mobile terminal, wherein the mobile terminal is configured to transmit an authorization notification to the reading module via the wireless connection, having a control module, wherein the control module is connected to the reading module using data technology and is configured to grant or deny access on the basis of the authorization notification transmitted to the reading module, wherein the reading module forms an active reading module for initiating the wireless connection, wherein the mobile terminal forms a peripheral device for the wireless connection.

Claims

1. An access control arrangement (1) comprising: a reading module (3) a mobile terminal (5), wherein the mobile terminal (5) comprises a coupling interface and the reading module (3) comprises a mating interface, wherein the interface and the mating interface are configured to wirelessly connect (6) the reading module (3) and the mobile terminal (5), wherein the mobile terminal (5) is configured to transmit an authorization notification to the reading module (3) via the wireless connection (6), and a control module (4), wherein the control module (4) is connected to the reading module (3) using data technology and is configured to grant or deny access on the basis of the authorization notification transmitted to the reading module (3), wherein the reading module (3) forms an active reading module (3) for initiating the wireless connection (6), wherein the mobile terminal (5) forms a peripheral device for the wireless connection (6).

2. The access control arrangement (1) according to claim 1, wherein the mobile terminal (5) is configured to offer itself to the reading module (3) for wireless connection (6) and/or the mobile terminal (5) is configured to wirelessly transmit short offer notifications (6).

3. The access control arrangement (1) according to claim 1, wherein the reading module (3) is configured to search for mobile terminals (5) for wireless connection (6) and/or to detect offer notifications (6).

4. The access control arrangement (1) according to claim 1, wherein a plurality of mobile terminals (5) are and/or can be arranged in an environment of the reading module (3) for the purpose of respectively setting up the wireless connection (6), wherein the reading module (3) comprises a decision module, wherein the decision module is configured to select a terminal from the plurality of mobile terminals (5) as a selected terminal (5) for wireless connection (6) to the reading module (3).

5. The access control arrangement (1) according to claim 4, wherein the decision module is configured to select the selected terminal (5) on the basis of the offer notifications (6), a distance between the terminal (5) and the reading module (3) and/or an access history.

6. The access control arrangement (1) according to claim 4, wherein the offer notifications (6) comprise a terminal identifier, manufacturer data, a transmission characteristic, an antenna characteristic, a maximum transmission strength, an average transmission strength and/or connection data.

7. The access control arrangement (1) according to claim 1, wherein the reading module (3) has a preselection module, wherein the preselection module is configured to determine a signal strength for the mobile terminals (5) in the environment of the reading module (3), wherein the preselection module is configured to exclude mobile terminals (5) having a signal strength of less than a threshold value from setting up the wireless connection (6) and/or to provide the decision module with mobile terminals (5) having a signal strength of greater than or equal to the threshold value.

8. The access control arrangement (1) according to claim 1, characterized by a connection history module, wherein the connection history module is configured, for a wireless connection (6) which has been set up, to store the signal strength as a connection signal strength for the mobile terminal (5) and/or to determine and/or store a connection time of the mobile terminal (5).

9. The access control arrangement (1) according to claim 8, wherein the preselection module is configured to exclude mobile terminals (5) having a signal strength of less than a minimum connection strength from setting up the wireless connection (6) and/or to provide the decision module with mobile terminals (5) having a signal strength of greater than or equal to the minimum connection strength.

10. The access control arrangement (1) according to claim 1, wherein the reading module (3) or the control module (4) comprises an authorization granting module for generating an authorization data set and is configured to provide the mobile terminal (5) with the authorization data set, wherein the authorization notification is based on the authorization data set.

11. The access control arrangement (1), wherein the generation of the authorization key, the wireless connection (6), the authorization notifications, the offer notifications (6) and/or the storage is/are based on a blockchain.

12. The access control arrangement (1), wherein the reading module (3) is configured to manage the wireless connection (6).

13. A reading module (3) comprising: a mating interface, and a control module (4), wherein the reading module (3) and/or the mating interface is/are configured for wireless connection (6) to at least one mobile terminal (5), wherein the reading module (3) is configured as an active reading module (3) for initializing the wireless connection (6), for managing the wireless connection (6) and/or for terminating the wireless connection (6), wherein the control module (4) is configured to grant or deny access on the basis of an authorization notification transmitted from the mobile terminal (5) to the reading module (3).

14. An access control method, the method comprising: connecting a reading module (3) to at least one mobile terminal (5) by means of a wireless connection, and transmitting an authorization notification from the mobile terminal (5) to the reading module (3) via the wireless connection (6), wherein the reading module (3) is in the form of an active reading module (3) that initiates, manages, and/or sets up the wireless connection (6) between the mobile terminal (5) and the reading module (3).

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0024] Further advantages, effects and configurations emerge from the accompanying figure and its description. In this case:

[0025] FIG. 1 shows an exemplary embodiment of an access control device.

DETAILED DESCRIPTION

[0026] FIG. 1 shows an exemplary embodiment of an access control arrangement 1 for access control for a door 2. The access control arrangement is designed to grant or deny access to an area for a person, for example by opening a closed door 2. The access control arrangement 1 comprises a reading module 3 which is connected to a control module 4 using data technology. The control module 4 is in turn connected to the door 2 using data technology and/or functionally, for example in order to initiate the opening of the door 2 when access is granted and/or to keep the door 2 closed when access is denied. The reading module 3 comprises a mating interface for wireless connection to at least one mobile terminal 5A, 5B, 5C. The mobile terminals 5A to C are, for example, in the form of smartphones and comprise an interface for wireless connection 6, in particular to the reading module 3. The mobile terminals 5A to C are also designed to repeatedly transmit offer notifications 6A to C. The wireless connection 6 is in the form of a Bluetooth low-energy connection, in particular. The authorization notification is transmitted from the mobile terminal to the reading module 3 via the wireless Bluetooth low-energy connection, wherein this authorization notification comprises an authorization key, in particular. This may be, for example, a simple user ID, a card number or a more complex data structure. The control module is designed to provide the control module 4 with the authorization notification, in particular the authorization key, wherein this control module verifies, for example, to whom the authorization key belongs, for example whether the person to whom the authorization key belongs has access through the door. For example, the reading module 3, the control module 4 and possibly a door opener of the door 2 may form a smart lock.

[0027] The authorization key preferably comprises a digital signature and/or attributes of the key owner, for example username, employee number, status and/or special certificates. In order to open the door, the mobile terminal 5 transmits the authorization notification containing the authorization key via the wireless connection 6. Preprocessing, for example decryption, integrity checking, validity checking and/or extraction of attributes from the authorization notification, is preferably carried out in the reading module 3. This or the authorization notification or the authorization key is forwarded from the reading module to the control module 4 in order to decide whether access is granted or denied.

[0028] In order to distinguish between which mobile terminal 5A to 5C and the reading module 3 the wireless connection 6 is intended to be set up, a decision module and/or a preselection module, which is/are preferably part of the reading module 3, is/are provided. The mobile terminals 5A, 5B, 5C continuously offer themselves and/or continuously indicate their presence, in particular that they are capable of acting as a basis for access control. In this case, the mobile terminals 5A, 5B, 5C form peripheral devices, wherein the reading module 3 forms a central role and/or a central module, in particular for managing and/or initializing the connection. For this purpose, the mobile terminals 5A, 5B, 5C continuously transmit an offer notification 6A to 6C, wherein this notification comprises all necessary information for setting up the wireless connection. In particular, they comprise an address of the mobile terminal and/or packet data, wherein the packet data comprise a serial number or manufacturer data, for example. The offer notifications are used by the reading module 3 as a basis for determining whether the mobile terminal can be used as a basis for access control.

[0029] The reading module 3, as a counterpart to the peripheral mobile terminals 5A, 5B, 5C, scans environment for mobile terminals and/or scans the environment for offer notifications, wherein a preselection module selects, for example, only those mobile terminals 5A, 5B, 5C as relevant which may in principle be the basis for access control, for example excludes wireless headphones.

[0030] In particular, it may be the case that the reading module 3 receives more than one offer notification 6A, B, C, wherein the associated mobile terminals 5A, B, C are listed according to received signal strength, for example, wherein this allows the reading module 3 to make a first estimation of a distance between the reading module 3 and the mobile terminal 5A, B, C.

TABLE-US-00001 Mobile terminal Signal strength 5A 10 5B 3 5C 8

[0031] In order to decide which mobile terminal 5A to 5C should be used to set up the wireless connection 6, a connection history module, for example, records a storage of past signal strengths, wherein these were determined, in particular, during a present connection of the respective terminal 5A, 5B, 5C to the reading module 3. A median is determined on the basis of this for each mobile terminal 5A, B, C, for example.

TABLE-US-00002 Mobile terminal Determined signal strengths Median 5A 10, 8, 5, 5, 6 6 5B 8, 5, 10 8 5C 5, 4, 4, 7, 2 5

[0032] The preselection module may exclude, for example, those mobile terminals whose current measured signal strength (Table 1) is less than the determined median (Table 2) from the connection.