Abstract: A data-carrying device and methods of authenticating the same are disclosed. The data-carrying device is described as being capable of communicating via the Near Field Communications (NFC) protocol and may have one or more NFC Data Exchange Format (NDEF) records stored in its memory. The data-carrying device also comprises or has the ability to generate a signature that proves the data-carrying device is the authorized device for storing the one or more NDEF records. A data-carrying device that attempts to transmit an NDEF record without a valid signature may be identified as an unauthorized data-carrying device.

Abstract: It is presented a method for determining whether a portable key device is located in an active area in relation to a barrier. The method is performed in an access control device and comprising the steps of: detecting a first angle of arrival of a wireless signal from the portable key device using a first pair of separated antennas; detecting a second angle of arrival of a wireless signal from the portable key device using a second pair of separated antennas; determining a first pair of directions based on the first angle of arrival; determining a second pair of directions based on the second angle of arrival; determining a position of the portable key device to be where one of the first pair of directions intersects one of the second pair of directions; and determining whether the portable key device is located in the active area based on the position.

Abstract: A credential with one or more security features is disclosed. The disclosed credential includes a windowed security feature. The windowed security feature is taught to include a mirror element positioned in proximity with a transparent window and a first photo-luminescent feature positioned relative to the transparent window and the mirror element such that the mirror element enhances a luminescence of the first photo-luminescent feature when viewed and illuminated through the transparent window.

Abstract: An RFID device includes a substrate and an antenna. The antenna includes a first antenna section on a first side of the substrate and a second antenna section on the first side of the substrate and separated from the first antenna section by a non-conductive part of the substrate. The first antenna section includes a first plurality of vias that extend through the substrate from the first side of the substrate to a second side of the substrate. The antenna includes a third antenna section on at least the second side of the substrate to electrically connect conductive portions of the first plurality of vias to the second antenna section. The RFID device includes a circuit on the substrate and to process signals of the antenna.

Abstract: It is presented a method performed for controlling access to a physical space. The method is performed in an access control device and comprises the steps of: communicating with an electronic key to authenticate the electronic key; performing a lookup of an access right using an identity of the electronic key in a credential cache when the access control device is unable to communicate with an access control server; and sending an unlock signal when the access right indicates that the electronic key should be granted access; retrieving, from the access control server, an access right indicating whether the electronic key should have access or not, when the access control device is able to communicate with the access control server; and updating the credential cache dential cache with the access right retrieved from the access control server.

Abstract: Methods and systems are provided for sending messages in a security system. In particular, a new message syntax can include one or more positive assertions that may be verified. The receiver of the message or credential may verify all the positive assertions. In other configurations, one or more nodes that relay the message from the sender to the receiver can verify the positive assertions or may create one or more of the positive assertions. In this way, the network or entities used to relay the message can also be checked.

Abstract: A portable authentication system includes a security module, that may be a smart card, SIM (Subscriber Identity Module), USB controller with a secure chip, or similar module capable of storing one or more credentials, and an interface module such as a digital badge holder that is able to communicate with the security module, for instance by providing a smart card communication interface. The portable authentication system may be either a single integrated system or a dual system where the security module can be removed or disconnected from the interface system.

Abstract: It is presented an access control device for considering whether a portable key device is located inside or outside a barrier. The access control device comprises: a first antenna being configured to be directed towards the outside of the barrier with a first antenna lobe; a second antenna being configured to be directed towards the inside of the barrier with a second antenna lobe, a gain towards the outside by the second antenna is greater than a gain towards the inside by the first antenna, and the signal strength from the portable key device using the second antenna is greater than using the first antenna at all positions of the portable key device on the inside; and a determiner arranged to consider the portable key device to be located on the outside of the barrier only when a first signal strength of a radio signal from the portable key device received by the first antenna is greater than a second signal strength of a radio signal from the portable key device received by the second antenna.

Abstract: It is presented a key device comprising: a mechanical interface for mechanically manoeuvring a lock device upon successful access control. The mechanical interface comprises a connector for powering the lock device and for communication with the lock device such that the lock device is able to perform electronic access control using the key device. The key device further comprises a clock; a memory; a radio communication module; and a controller arranged to, using the radio communication module communicate online with an access control device and use the memory as temporary storage for offline communication between the access control device and one or more lock devices. A corresponding method, computer program and computer program product are also presented.

Abstract: An access control system is disclosed in which a user or guest's first entry or usage of an electronic key is reported. Reporting of the first entry or usage may include information particular to the initial transaction and may be delivered by a path that is substantially the same, but reversed, from an original key delivery path. In this way, non-networked or ‘offline’ locks/readers can report first entry or usage of an electronic key.

Abstract: The RFID tag comprises an antenna (11) connected to a wireless communication device (18). The antenna comprises a conductive planar surface and a slot (14) extending at least in a part of said conductive planar surface, the slot (14) forming a non-conductive area of the antenna and defining a first part (12) and a second part (13) of the antenna. The wireless communication device comprises two contact pads (16, 17) being electrically connected respectively each to one of the first and second part of the antenna. The slot comprises a closed end formed by a further conductive part connecting said first and second parts the antenna and further comprises at least one conductive bridge (19-19??, 20, 21-21?) connecting said first and second parts of the antenna, the conductive bridge allowing to tune the resonance frequency of the tag by varying the length of the electrical path between the pads from the wireless communication device in the antenna.

Abstract: A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.

Abstract: It is presented a method for conditionally authenticating a user for access to a computer device, the method being performed in an access control device connected to a computer device. The method comprises the steps of: obtaining first sensor data being based on a mobile device sensing a physical movement of a user; obtaining second sensor data being based on a stationary sensor sensing a physical movement of a user; determining whether the first sensor data matches the second sensor data; and sending a match signal to the computer device when the first sensor data matches the second sensor data.

Abstract: It is presented a method for conditionally authenticating a user for access to a physical space. The method is performed in an access control device connected to a physical lock device. The method comprises the steps of: obtaining first sensor data being based on a mobile device sensing a tap of a user; obtaining second sensor data being based on a fixed sensor sensing a tap of a user; determining whether the first sensor data matches the second sensor data by determining whether the first sensor data reflects a tap of the user and corresponds to a tap of the user also reflected in the second sensor data; and sending an unlock signal to the physical lock device when the first sensor data matches the second sensor data.

Abstract: It is presented a method for determining a battery type of a battery set powering a host device, the battery set comprising at least one exchangeable battery. The method is performed in a battery type determiner and comprises the steps of: measuring a voltage of the battery set, yielding a voltage measurement; determining charge depletion of the battery set; storing the voltage measurement and the charge depletion; repeating the steps of measuring, determining charge depletion and storing until an exit condition is true; and determining the battery type based on the stored voltage measurements and the stored charge depletion. A corresponding battery type determiner, host device, computer program and computer program product are also presented.

Abstract: An authentication system is provided using one-time passwords (OTPs) for user authentication. An OTP key may be stored on a different device than the device on which the OTP is generated. In an embodiment, the system described herein enables a combined authentication system, including the two separate devices communicating over a non-contact interface, to provide advantageous security features compared to the use of a single device, such as a hardware OTP token. One device may be a personal security device and the other device may be a reader device coupled to a host device via which access is being controlled.

Abstract: Managing validity status of at least one associated credential includes providing a credential manager that selectively validates associated credentials for at least one device, the device invalidating a corresponding associated credential, and the device requesting that the credential manager validate the corresponding associated credential after invalidating the associated credential. The associated credential may be invalidated based on an external event, such as a user invalidating the associated credential from a UI of the device, a user improperly entering a pin value, a user indicating that a corresponding device is lost, the device entering sleep mode, the device locking a user interface thereof, the device shutting down, and a particular time of day. The at least one associated credential may be provided on an integrated circuit card (ICC) that may be part of a mobile phone and/or a smart card.

Abstract: In a transfer printing method using a transfer layer on a carrier layer, an image is printed over a transfer section of the transfer layer using a thermal print head and a print ribbon. At least one non-transfer portion of the transfer section is heated using the thermal print head without bonding the at least one non-transfer portion of the transfer section to the print ribbon. The at least one non-transfer portions of the transfer section are transferred from the carrier layer to an adhesive panel of the print ribbon using the thermal print head. Imaged transfer portions of the transfer section remain adhered to the carrier layer. The imaged transfer portions of the transfer section are then transferred from the carrier layer to a substrate using a transfer device.

Abstract: An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module.

Abstract: It is presented a portable access control communication device comprising: a housing for protecting a key device, the access control communication device; a socket arranged to hold a blade of a key device, the socket comprising a connector for communication with the key device; a cellular radio communication module; and a controller. The controller is arranged to communicate, using the cellular radio communication module, with an access control device over a cellular communication network when a key device is provided in the socket such that there is electric contact between the key device and the socket. A corresponding method, computer program and computer program product area also presented.