Abstract: Systems and techniques for a physical access control systems with localization-based intent detection are described herein. In an example, an access control system may regulate access to an asset. The access control system is adapted to receive a credential for the asset from a key device associated with a user using a first wireless connection. The access control system may be further adapted to store the credential in a cache of memory. The access control system may be further adapted to establish a second wireless connection with the key device. The access control system may be further adapted to request a validation of the credential from an authorization service in response to establishing the second wireless connection with the key device. The access control system may receive a validation token from the authorization service. The access control system may be further adapted to store the validation token in the cache.

Abstract: A reader system for an access control system includes first and second antennas and first and second controllers. The first controller is configured to communicate with a credential device using a first communication protocol via the first antenna to exchange a credential with the credential device. The second controller is configured to communicate with the credential device using a second communication protocol via the second antenna to perform ranging for the credential device and is configured to communicate with the first controller via a communication link.

Abstract: An access control system may comprise a credential including credential data, and at least one reader. The at least one reader is configured to receive, over a link, the credential data. The at least one reader is configured to verify that the credential is valid based on the credential data, and mark the credential as valid and track a location of the credential relative to the at least one reader. The at least one reader is configured to make or delay an access control decision for the credential based on the location of the credential.

Abstract: Methods, devices, and systems are provided for providing continuous authentication to a user having a wearable device in an access control system. The wearable device allows the authentication of the user to be maintained until an authentication interruption signal is received. The interruption signal may be based on user biometrics, a state of the wearable device, a communication range of the wearable device with a trusted mobile device, and more. Upon receiving the interruption signal, the continuous authentication for the wearable device, and the user, may be revoked, destroyed, or disabled.

Abstract: An access control system is described in which a credential may be authenticated and permitted to access a protected resource only after discovery of a second device. Requiring discovery of a second device prior to authentication enhances security by protecting against unauthorized access by an illicit user of a credential.

Abstract: Systems and techniques for a physical access control systems with localization-based intent detection are described herein. In an example, an access control system may regulate access to an asset. The access control system is adapted to establish a first connection with a key-device. The access control system may be further adapted to receive a credential for a user over the first connection. The access control system may be further adapted to establish a second connection with the key-device. The access control system may be further adapted to determine an intent of the user to access the asset. The access control system may use location data derived from the second connection to determine the intent of the user. The access control system may be further adapted to provide the credential to an access controller, based on identifying an intent of the user to access the asset.

Abstract: An access control system is described in which a primary credential device has a master key and a secondary credential device has a key derived from the master key. Both the master key and the derivative key are required to gain access to the resource protected by the access control system. If the secondary credential device is lost, misplaced, or stolen, it cannot be used to gain illicit access to the protected resource, and it can be easily replaced by providing a different secondary credential device with another key derived from the master key.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Abstract: An access control system is described in which a primary credential device has a master key and a secondary credential device has a key derived from the master key. Both the master key and the derivative key are required to gain access to the resource protected by the access control system. If the secondary credential device is lost, misplaced, or stolen, it cannot be used to gain illicit access to the protected resource, and it can be easily replaced by providing a different secondary credential device with another key derived from the master key.

Abstract: Methods, devices, and systems are provided for configuring a reading device and/or a lock using a mobile device. The mobile device, running a configuration application, communicates with the reading device, determines a configuration of the reading device, and makes a determination for configuring the reading device based at least partially on configuration information provided by the reading device.

Abstract: Providing visual security verification includes an electronic credential of a credential holder causing credential holder information to be transmitted to an augmented reality device, superimposing the credential holder information on to a live image of an immediate environment of the augmented reality device to provide a superimposed image, where the credential holder information includes a picture of the credential holder, and providing security verification based on a comparison of the picture of the credential holder and the live image. The information may be stored in the augmented reality device and an identifier of the credential holder from the electronic credential may be used to look up the information. The information may be provided by the electronic credential to the augmented reality device. The augmented reality device may cache information for a subset of the credential holders. The information may be stored in a cloud storage device.

Abstract: Methods, devices, and systems are provided for performing and/or limiting features based on a determined motion associated with a portable device. When the portable device is determined to be in motion, a feature control application running on the portable device prevents at least one radio frequency identification (RFID) component of the device from communicating with RFID reading devices. When the portable device is still, or not in motion, the feature control application running on the portable device prevents the at least one RFID component of the device from communicating with RFID reading devices. Among other things, this feature control of a portable device can prevent theft of data in an access control system, credit payment system, and/or other data transfer system.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Abstract: Methods, devices, and systems are provided for invisibly indicating duress via a wearable device. In response to determining a duress condition associated with a user exists, a duress signal is provided to components of the access control system. The duress signal can identify a user associated with the duress, a duress type, and even include a location associated with the duress condition. An alert of the duress condition can be distributed to one or more devices in the access control system. These devices may be associated with users of the system and the alert may be configured to silently inform the users of the duress condition.

Abstract: Methods, devices, and systems are provided for providing continuous authentication to a user having a wearable device in an access control system. The wearable device allows the authentication of the user to be maintained until an authentication interruption signal is received. The interruption signal may be based on user biometrics, a state of the wearable device, a communication range of the wearable device with a trusted mobile device, and more. Upon receiving the interruption signal, the continuous authentication for the wearable device, and the user, may be revoked, destroyed, or disabled.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Abstract: An access control system enabling the use of a single mobile device with a plurality of keys is described. The plurality of keys are described as being stored in a key vault that is particularly administered by a holder of the mobile device and/or an enterprise that is granting the holder of the mobile device access to enterprise assets. By utilizing the key vault described herein, the holder of the mobile device does not need to carry separate access credentials or physical keys.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Abstract: Methods, devices, and systems are provided for performing and/or limiting features based on a determined motion associated with a portable device. When the portable device is determined to be in motion, a feature control application running on the portable device prevents at least one radio frequency identification (RFID) component of the device from communicating with RFID reading devices. When the portable device is still, or not in motion, the feature control application running on the portable device prevents the at least one RFID component of the device from communicating with RFIDreading devices. Among other things, this feature control of a portable device can prevent theft of data in an access control system, credit payment system, and/or other data transfer system.