Abstract: Methods, systems, and devices for updating access permissions of users in an access control system are described. The access permissions are capable of being updated based on rules and thresholds that include as at least one variable presence or contextual information associated with a user. The presence or contextual information associated with a user may be analyzed to trigger a credential update process for that user or other users within the access control system.

Abstract: Atomically modifying a personal security device includes presenting the personal security device to a reader/writer coupled to an access module, the access module determining if the personal security device includes a factory security mechanism, and, if the personal security device includes a factory security mechanism, using the reader/writer and the access module to replace the factory security mechanism with another security mechanism. The access module may authenticate the personal security device in connection with replacing the factory security mechanism. Authenticating the personal security device may grant access to a user through a door controlled by the access module. Replacing the factory security mechanism may include replacing an application on the personal security device. An ISO/IEC 7816-13 application management request command may be used to replace the application.

Abstract: A user of a mobile communication apparatus (160) seeks permission to operate an access control device (110) by placing an active mobile power source unit (150), which is controlled by the mobile communication apparatus (160), within an operation range of a wireless power transmission interface (116) in the access control device (110). In response thereto, a wireless power transfer link is established between the mobile power source unit (150) and the access control device (110). Thereafter, a wireless communication link (WL2) is established between the mobile communication apparatus (160) and the access control device (110). Data are then exchanged between the access control device (110) and the mobile communication apparatus (160) over the wireless communication link (WL2). The exchanged data pertain to at least one access-related service implementable via the access control device (110); and provided that the user is authorized, the requested services are effected.

Abstract: It is presented an access control communication device comprising: a short distance radio communication module; a cellular radio communication module; and a controller arranged to communicate access rights associated with a key device, using the cellular radio communication module, with an access control device over a cellular communication network, the communicating comprising sending a request for access management data associated with the lock device, and receiving access management data associated with the lock device; and the controller further being arranged to transmit the access management data to the key device for transfer to the lock device, the communicating and transmitting being arranged to be performed upon the access control device being in communication with the key device using the short distance radio communication module. A corresponding method, computer program and computer program product area also presented.

Abstract: A keyboard includes a plurality of keys, a plurality of keyboard components coupled to the keys, and one-time password (OTP) generation hardware integrated with at least some of the keyboard components, where actuating at least one of the keys causes a one-time password to be generated. The OTP generation hardware may be actuated with a dedicated button on the keyboard, by pressing a button on the keyboard that is otherwise used for pairing the keyboard to a device, or by pressing a specific sequence of keys on the keyboard. The keyboard may maintain state information to cause input by the user for OTP generation to be provide to the OTP generation hardware instead of to a device paired with the keyboard. The keyboard may also include a display that is part of the keyboard, where the display shows the one-time password generated by the OTP hardware.

Abstract: Methods, systems, and devices for managing energy consumption in multi-room facilities are provided. In particular, intelligent mechanisms for determining a location of a mobile device (124) associated with a room (112a, 112b . . . 112n) and then for managing energy settings, especially setback controls, of that room (112a, 112b . . . 112n) are provided. Some logic for implementing these mechanisms may be provided in a mobile device (124) and in-room device, such as a motion detector, thermostat, HVAC controller, door, lock, television, set top box, etc.

Abstract: The present invention is directed toward an RFID device that includes a motion sensing mechanism. The motion sensing mechanism is adapted to sense motion of the RFID device and then selectively allow or restrict the RFID device's ability to transmit messages, which may include sensitive data, when the RFID device is placed in an RF field. Thus, the motion sensing mechanism is utilized to control access to data on the RFID device to only instances when the holder of the RFID device moves the RFID device in a predefined sequence of motion(s).

Abstract: Methods and systems are provided for enabling a user to enroll with a security system and create access credentials via a mobile device. In particular, a mobile device user may use the mobile device to enter user information, including identification information, communicate the information to a manufacturer for creating access credentials associated with the user. The user information may be verified before it is sent to manufacturing. Verification may be based on rules stored in memory and can be configured to prevent fraud. In addition, aspects of the present disclosure anticipate that a user may monitor a status of manufacturing associated with the access credentials.

Abstract: An anti-passback algorithm for an access control system is described. The anti-passback algorithm prevents the use of valid credentials to gain access to an access-controlled area by more than one person within a given period of time. The algorithm is capable of distinguishing between credentials intentionally presented to the access control system and credentials that are unintentionally read by the access control system. Certain variables may be set by the access control system manufacturer or a trusted individual to adapt the algorithm for applications.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Abstract: The present invention concerns a smart tag for attachment to an object. The smart tag comprises an electronic system for contactless communication, a support to which at least part of the electronic system is fixed and at least one destruction component means configured to act on at least one element of the electronic system, when the smart tag is removed from said object, to demolish said at least one element of the electronic system. In at least one embodiment, the destruction component may be a demolisher movably mounted to pass through said support from a first position on one side of the support to a second position on the other side of the support.

Abstract: In a method of detecting a location of a print section of a transfer ribbon, the transfer ribbon is fed in a feed direction relative to a print section sensor. The print section sensor includes a reflective sensor and a transmissive sensor. The reflective sensor is positioned upstream of the transmissive sensor relative to the feed direction. A registration mark on the transfer ribbon, which indicates the location of the print section on the transfer ribbon, is detected using the reflective sensor. The registration mark is detected using the transmissive sensor. The location of the print section is determined based on the detection of the registration mark using the transmissive sensor.

Abstract: Confirming access for a user includes capturing an image of the user, capturing information on an identity badge worn by the user, and denying access to a resource in response to the information being inconsistent with the image. Confirming access for a user may also include denying access in response to the information being inconsistent additional information about the user stored in a database. The information may include a picture of the user. The resource may include access to an area. The resource may include access to a computer. Confirming access for a user may also include, following allowing access to the computer, periodically recapturing the image of the user and recapturing the information on the identity badge and denying access to the computer in response to the information being inconsistent with the image. The information may include a visual code that identifies the user.

Abstract: Methods, devices, and systems are provided for retrofitting an existing access control system with one or more supplemental access devices that add access control capabilities to the existing system. A supplemental access device can be configured as a retrofit keypad. The retrofit keypad adds the ability for a user to provide additional credential and/or security information to an access control system via one or more interface keys on the retrofit keypad. The retrofit keypad may be a portable device such as an RFID device, wireless communication device, near field communication (NFC) device, etc., and/or combinations thereof.

Abstract: A tracking system is disclosed that enables the tracking of a beacon device and a credential device being held by the beacon device. The beacon device may communicate with readers of an access control system using a first communication protocol whereas the credential device being held by the beacon device may communicate with readers of the access control system using a second communication protocol. As the beacon device and the credential device being held by the beacon device may also communicate with readers at different times, a beacon device may be associated with a credential device being held thereby such that tracking of one device enables inferred tracking of the other device.

Abstract: A temperature-controlled integrated circuit configured with a secure data processing element, and method of manufacture of same, is disclosed. Specifically, the temperature-controlled integrated circuit, comprising a secure data processing element operable within a nominal operating range, is configured with a heat-transfer element which allows the secure data processing element to operate in an extended operating range.

Abstract: It is presented a key device comprising: a mechanical interface for mechanically maneuvering a lock device upon successful access control. The mechanical interface comprises a connector for powering the lock device and for communication with the lock device such that the lock device is able to perform electronic access control using the key device. The key device further comprises a clock; a memory; a radio communication module; and a controller arranged to, using the radio communication module communicate online with an access control device and use the memory as temporary storage for offline communication between the access control device and one or more lock devices. A corresponding method, computer program and computer program product are also presented.

Abstract: An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module.

Abstract: This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases are stored on a remote server during personalization. Likewise, the answers to the passphrases are hashed and stored inside the security token for future comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token's serial number. A PIN unblock applet provides the administrative mechanism to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated.