1. TECHNICAL FIELD

The present technology relates to access control systems, methods and devices. The technology may find particular application in building access control applications. However, this should not be seen as limiting on the present technology.

2. BACKGROUND ART

Access control systems are used around the world to control access to areas and buildings e.g. to prevent unauthorised access and to track / monitor access. These systems utilise a range of different arrangements or technology in order to determine whether to provide access to an individual. Examples include pin-pad, radio frequency identification (RFID), and biometric technologies.

A common approach in access control systems is to issue people authorised to access an area or building (authorised personnel) with identifiers such as a key, pins, passwords, barcodes and RFID card(s). These identifiers however can be being lost, stolen or cracked or forged. Therefore, there is a need to be able to validate that a person attempting to access any given area is authorised to do so.

One approach to ensuring that areas are only accessed by authorised personnel is to employ security officers to monitor or guard entrances to secure areas. This approach can be costly, and still does not provide an entirely secure authorised access control system as the security officers may be manipulated or make mistakes.

Another approach is to use biometric technologies such as fingerprint, retina, and voice based identification technologies. These validate that the person attempting to access the area is present at the door and is authorised using a relatively unique physical characteristic of the authorised personnel. These systems however are costly to install, and can still be vulnerable to attacks, such as recordings of an authorised person's voice. Biometric technologies can also be controversial to use as not all people consent to having their biometric information recorded for access control purposes.

Some access control systems use online or web-based systems to control access to an area or building. One implementation of this technology is to provide a static barcode at an entryway which is scanned by a user's smartphone or similar device. The fixed barcode redirects the user's smartphone / device to a software platform e.g. website or App, where they can enter their access credentials to gain access. These systems can be defeated by acquiring the access credentials of an authorised personnel and entering them into the website /App, even if the authorised personnel is not physically present at the door.

Another vulnerability of these barcode systems is the ability to replace the barcode with one that redirects the user to a malicious webpage which collects a user's credentials. They therefore introduce a point of potential attack by third parties which undermines the purpose of the access control system.

Two-factor authentication is often used to strengthen access control systems and prevent unauthorised entry. For example, a system may be configured to require a pin and RFID card to be present before access is provided. However, increasing authentication methods can slow access times and frustrate authorised personnel. This can then cause authorised personnel to create shortcuts or introduce other security risks .

Finally, the human element of any access control system must be considered. People are known to write down pin numbers or passwords on the back of their access cards, or at store both next to each other for convenience. This minimises the advantages of many two-factor authentication methods. Security protocols such as introducing expiring passwords/pins create further complexity and frustration. There are also administrative overheads associated with resetting pins/passwords after incorrect attempts and issuing temporary access cards to those who misplace theirs cards.

It is an object of the present invention to address one or more of the foregoing problems or at least to provide the public with a useful choice.

All references, including any patents or patent applications cited in this specification are hereby incorporated by reference. No admission is made that any reference constitutes prior art. The discussion of the references states what their authors assert, and the applicants reserve the right to challenge the accuracy and pertinency of the cited documents. It will be clearly understood that, although a number of prior art publications are referred to herein, this reference does not constitute an admission that any of these documents form part of the common general knowledge in the art, in New Zealand or in any other country. Throughout this specification, the word "comprise", or variations thereof such as "comprises" or "comprising", will be understood to imply the inclusion of a stated element, integer or step, or group of elements integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps.

Further aspects and advantages of the present invention will become apparent from the ensuing description which is given by way of example only.

3. DISCLOSURE OF THE INVENTION

According to one aspect of the technology there are provided systems, methods and devices for providing access control.

According to another aspect of the technology, there are provided systems, methods and devices for providing access control using a time-varying code generator and at least one identifying credential.

According to another aspect of the technology there is provided an access control system, which comprises: a time-varying code generator configured to generate a code; an electronic display configured to display the code; a locking mechanism; an electronic device configured to input the code together with at least one identifying credential; and a processor configured to validate the code and at least one identifying credential, wherein upon validation the processor is configured to disengage the locking mechanism.

According to another aspect of the technology, there is provided a device for providing access control, the device comprising: a time-varying code generator configured to generate a code; an electronic display configured to display the code; an output configured to connect to a locking mechanism; and a network connection configured to receive access information, wherein upon receipt of the access information, the device is configured to control the output in order to disengage the locking mechanism. According to another aspect of the technology, there is provided an access control system which comprises: a time-varying code generator configured to generate a code; an access module comprising an emitter, wherein the emitter is configured to generate a detectable signal indicative of the code generated by the time-varying code generator; and a processor; wherein the system is configured to receive from an electronic device: a signal which is indicative of the detectable signal, and at least one identifying credential, wherein the processor is configured to validate the detectable signal received from the electronic device and the at least one identifying credential, and further wherein the processor is configured to actuate a locking mechanism after validation.

In embodiments of the technology, the time varying code generator may be configured to generate a signal. In other embodiments, the access control systems and devices described herein may comprise an emitter configured to generate a detectable signal indicative of the code generated by the time-varying code generator.

In preferred embodiments the detectable signal may be a two-dimensional barcode e.g. a matrix barcode such as a QR code. In other embodiments of the technology, the time-varying code generator may be configured to generate one or more of a one-dimensional barcode, a pin number, a word or passphrase, an alphanumeric string, near field or RFID communication device configured to transmit variable codes, a tone or sequence of tones, a variable light pattern or flashing sequence, or ultrasonic or other wireless data transmission methods.

In preferred embodiments the detectable signal may be presented on an electronic display. For example the detectable signal may comprise an image or series of images on the electronic display. However this should not be seen as limiting on the technology, and in other embodiments, the detectable signal may be provided as Near-Field communications (NFC) or radio frequency identification (RFID) signals, a tone, or sequence of tones, ultrasonic or other wireless data transmissions. For example the emitter described herein may generate a detectable signal in the form of radio, ultrasonic or sound waves. Preferably, the time-varying code generator may be configured to generate a new code at fixed time intervals e.g. every 30 minutes. In other embodiments the time-varying code generator may be configured to generate a new code after a variable or random amount of time, at certain times of the day, or in response to one or more events such as after successful or a predefined number of unsuccessful access attempts.

Preferably, any one or more components of the foregoing technology may be provided as access devices. For example, at least one of the time-varying code generator, access module and processor may be integrated into an access device.

Alternatively, the time-varying code may be generated by a remote server which is in communication with an emitter or electronic display by one or more communication methods such as WiFi, Bluetooth or a LAN network.

Validation of the time-varying codes and/or access credentials may be performed on a remote server. However, this should not be seen as limiting and in other embodiments, validation may be performed on the electronic device or a local server.

Preferably, the access control system may be configured to provide access to one or more barriers, such as doors, turnstyles, security fences etc.

Preferably, the barriers are secured using one or more locking mechanisms. For example, the locking mechanism may be configured to move between a released position in which the barrier can be moved, and an engaged position in which the barrier is substantially immovable.

Preferably, the time-varying access codes may be associated with one or more of the barriers.

Preferably, the processor may be configured to process the user credentials and time-varying access code and determine whether access should be granted.

Preferably, upon determining whether access should be granted the processor may be configured to relay the access decision to a local server.

Preferably, a local server may be operatively connected to one or more locking mechanisms. In use, the local server may be able to enable locking and unlocking of access barriers e.g. doors.

Preferably the local server may be configured to provide access through the access barriers associated with the time-varying access code. Preferably, the local server may be configured to provide access to a plurality of doors.

Preferably, the electronic device may be a portable computing device such as a smartphone, tablet or laptop. In other embodiments the electronic device may be a fixed computer terminal.

Preferably, the electronic device may comprise one or more input systems such as a touchscreen interface, camera, GPS, fingerprint scanner, microphone, or NFC reader.

Preferably, the camera may be used to input a time varying code. For example, the camera may be configured to read two-dimensional barcodes, or otherwise perform character recognition on alphanumeric characters.

Preferably, the camera may be used to capture one or more access credentials. For example, the camera may be used to take a photograph, or perform facial recognition, and provide the photograph or facial recognition result as a signal to the remote server or local server.

Preferably, the fingerprint scanner may be used to provide one or more access credentials. For example, the fingerprint scanner may be used to capture fingerprint information or perform fingerprint recognition, and provide the fingerprint information or fingerprint recognition result as an access credential.

In other embodiments, the microphone may be used to provide one or more access credentials. For example, the microphone may be used to capture audio or perform voice recognition, and provide the recording or voice recognition result as an access credential.

In other embodiments, the wireless connectivity may be used to provide one or more access credentials. For example, communication with nearby Bluetooth devices or transponders may be used to validate that the user is in range of a door.

In other embodiments, the GPS systems may be used to provide one or more access credentials. For example, GPS location may be used to validate that the user is in range of a door.

In other embodiments, the NFC systems may be used to provide one or more access credentials. For example, capturing of a NFC signa may be used to validate that the user is in range of a door.

Preferably, the access control system may be configured to require a plurality of access credentials. Requiring a plurality of access credentials may advantageously improve the security of the access control system. Preferably, the electronic device may comprise an output device such as a display. Preferably, the display may be used to prompt a user to provide access credentials or to input a time-varying code. Preferably the display may also be used to communicate successful or unsuccessful access attempts to the user.

Preferably, the access credentials comprise one or more of a pin number, a password, a username, a password, a specific gesture or pattern, a user personal identifier such as date-of-birth, correct response to security question(s), a device identifier, a software identifier, a photograph or facial recognition result, a recording or voice recognition result, fingerprint data or a fingerprint identification result.

Preferably, the electronic device may be configured to generate a signal which is indicative of the detectable signal, and provide the signal, and at least one identifying credential to the access control system. For example, the electronic device may be configured to provide the signal and at least one identifying credential over a wired or wireless network connection. For example using the internet, Bluetooth, NFC or any other suitable transmission means.

In some examples, the signal indicative of the detectable signal may be a request for access which contains information regarding the detectable signal, such as the location of the barrier, or a unique identifier associated with the barrier.

Preferably, the access control system may comprise an application containing machine readable code which is configured to be executed on the electronic device. Preferably the application is configured to prompt the user to input the time-varying code or access credentials described herein. In other embodiments, the user may be prompted to enter or scan the time-varying code or access credentials via a web browser.

4. BRIEF DESCRIPTION OF THE DRAWINGS

Further aspects of the present technology will become apparent from the ensuing description which is given by way of example only and with reference to the accompanying drawings in which:

Fig. 1 shows an example of an access control system in in accordance with the present technology;

Fig. 2 shows an example of an electronic device in accordance with the present technology; Fig. 3 shows an example of systems for presenting time varying access codes in accordance with the present technology; and

Fig. 4 shows a flow diagram for providing access to a user in accordance with the present technology.

5. BEST MODES FOR CARRYING OUT THE INVENTION

5.1. OVERVIEW OF AN EMBODIMENT OF THE TECHNOLOGY

Fig. 1 is a block diagram of a first embodiment of an access control system 100 according to the present technology for providing access through a barrier such as a doorway (106). However, this should not be seen as limiting on the technology, and other applications for the present technology such as providing access to assets, or controlling systems and alarms should be apparent to those skilled in the art.

In general terms, the access control system 100 comprises an electronic device 102 configured to receive a time-varying code 104 from a time-varying code generator. For example, the time-varying code generator may consist of a software algorithm running on a remote server 110 as described herein. In the illustrated example, the time-varying code 104 is associated with a door 106 through which the owner of the access control system 100 wants to limit or monitor access. For example, the time-varying code 104 may be a six-digit code, or barcode displayed near the door. Other examples of time-varying codes 104 are provided herein.

While not show in Fig. 1 it should be appreciated that the code may be communicated from an emitter as a detectable signal which can be received by the electronic device 102. For example, the emitter can be an electronic display, or any device which can provide an appropriate signal such as a speaker, RF transmitter, or other suitable transducer. Reference, herein to the access module should be understood to mean the device which communicates the code, via an emitter as described herein.

The time-varying code generator is configured to display a different time-varying code at different times e.g. the code displayed by the time-varying code generator is able to be changed periodically.

The electronic device 102 is also configured to receive at least one access credential 108. The access credential(s) 108 are used to validate that a person attempting to access the door 106 is authorised to do so. For example, the access credential 108 may include a fingerprint, or password provided by the user. The electronic device 102 is configured to transmit the time-varying code 104 or a signal indicative of the time-varying code and at least one access credential 108 to a processor or remote server 110, such as a web-based server. In the illustrated embodiment, the processor or remote server 110 is configured to validate at least one of the time-varying code 104 and access credential(s) 108, to determine whether the user should be provided access. In other examples of the technology, at least part of the processing of the access credentials 108 or time-varying codes 104 are performed on the electronic device 102.

The remote server 110 is configured to communicate the access decision to local server 112 which is operatively connected to the locking mechanism 114 of the door. For example, the local server 112 is configured to communicate via a wired or wireless connection to one or more locking mechanisms 114 associated with the door. In examples of the technology, the local server 112 can be configured to communicate with a plurality of locking mechanisms 114, such as is common in office and factory environments. It should be appreciated that additional intermediate hardware may be provided between the locking mechanism 114 and the local server 112, such as locking electronics which are configured to receive the signal from the local server 112 and actuate the locking mechanism 114.

It should be appreciated that use of remote 110 and local servers 112 should not be seen as limiting on the technology, and in other examples described herein, the electronic device 102 may instead be configured to communicate directly with a local server 112 for example a server present on the same local area network (LAN) as the electronic device 102. In other examples, the processor which validates the time-varying code 104 and at least one access credential 108 may be configured to actuate the locking mechanism 114.

5.2. ELECTRONIC DEVICE

In examples of the technology, the electronic device 102 is a portable computing device such as a smartphone, tablet or laptop. However, this should not be seen as limiting on the technology, and in other examples the electronic device 102 may include non-portable computing devices such as a computer terminal.

One advantage of the present technology is that, unlike traditional access control systems, the technology described herein can be implemented without requiring expensive access control hardware at each entrance to a restricted area. For example, traditional access control systems generally require RFID devices, pin-pads and biometric scanners at the entrance to each area they control. This adds considerable cost to the access control system, particularly as the number of doors increase. The present technology is able to utilise the hardware present in most portable computing devices in order to provide access. Therefore, the only hardware required at each entrance is a means of displaying a time-varying code 104 (as is described herein) and a system for controlling the locking mechanism 114.

5.2.1. INPUT SYSTEMS

Fig. 2 shows one example of an electronic device 102 in accordance with the present technology. As shown the electronic device 102 includes one or more input systems 200. For example, the input systems 200 includes a touchscreen interface 202, or more specifically a capacitive, resistive or inductive touchscreen. In use the input system 200 is used to enter one or more of the access credential(s) 108 and time-varying access code(s) 104. For example, where the time-varying access code 104 is a pin number, password or alphanumeric code the code may be entered using an onscreen or virtual keyboard.

In examples of the technology the input system 200 comprises one or more of a camera 204, fingerprint sensor 206, microphone 208, NFC reader (not shown) or wireless connectivity (not shown) such as Bluetooth or WiFi.

In one example of the technology, the camera 204 is used to automatically detect and input an access code according to the present technology. For example, the electronic device 102 is configured to perform character or shape recognition in order to recognise and input an access code. For example, the camera 204 is configured to recognise alphanumeric characters, or detect and interpret barcodes including one-dimensional (otherwise known as linear) and two-dimensional barcodes (commonly known matrix barcodes or QR codes).

In examples of the technology, the camera 204 is configured to provide one or more access credentials 108. For example, an image may be taken of the user's face and the image relayed to the remote server 110 as an access credential 108 for validation.

In examples of the technology, the fingerprint sensor 206 is configured to detect a user's fingerprint and relay the fingerprint information in the form of an access credential 108 to the remote server 110. In some examples of the technology, the electronic device 102 is configured to capture the fingerprint information via the fingerprint sensor 206, and locally process the fingerprint information. In other words the electronic device 102 is used to validate the identity of the user, and relay the validated user information to the remote server 110. In other examples, the fingerprint information may be communicated to the remote server 110 for validation.

In examples of the technology, the microphone 208 is used to record an audio passphrase or similar voice patterns and relay the audio information to the remote server 110 as an access credential 108. In other examples the microphone 208 is configured to detect a specific tone or sequence of tones, whether or not these tones are audible to the human ear.

In examples of the technology, the wireless connectivity allows for one or more external peripherals to be connected to the electronic device 102, such as wireless keyboards, or transponders. Connecting to one or more transponders (for example using Bluetooth) can be used to validate that the user is present at or within proximity to the area they are requesting access to.

In examples of the technology, an NFC reader attached to or contained within the electronic device 102 is used to read one or more NFC tags present at the location the user is requesting access to. This may advantageously allow the access control system 100 to determine that the user is present at the location.

In examples of the technology, GPS technologies are used as a further access credential 108 to validate that the user is present at the location they are requesting access to.

In the aforementioned examples the input system 200 is configured to send access credentials 108 to a remote server 110 for processing/validation. This should not be seen as limiting on the scope of the technology, and in other examples, the electronic device 102 may be used to determine the identity of the user and relay the identification information to the remote server 110. For example, facial recognition, voice recognition and/or fingerprint recognition technologies may be used to validate a user's identity and relay the identity information to the remote server 110 as an access credential 108.

In yet further examples some or all of the validation decisions may be performed by the local server 112 as described herein.

In some examples of the present technology, two or more of the aforementioned input systems 200 are be used, in other words the access control systems 100 are configured to require a plurality of access credentials 108, otherwise known as multi-factor authentication (or two-factor authentication). In addition to increased security, providing multi-factor authentication on an electronic device 102 such as a smartphone is likely to be faster than traditional technologies, as multiple access credentials 108 can be processed very quickly, such as fingerprint and facial recognition.

5.2.2. COMMUNICATION SYSTEMS

The electronic devices 102 described herein are provided with a communication system such as Bluetooth, WiFi or cellular connections. These communication systems enable the electronic devices 102 to communicate with local and/or remote servers 110 as described in order to provide access credentials 108 and time-varying codes 104 to the access control system 100.

5.2.3. OUTPUT DEVICE

The electronic devices 102 described herein also include output devices such as displays, speakers and vibration motors to provide visual, audio, and/or haptic feedback to access attempts. For example, the display 210 as shown in Fig. 2 can be used to prompt a user to provide one or more access credentials 108, or input a time-varying code 104 e.g. scan a two-dimensional barcode provided by the time-varying code generator or displayed by a display 306 as shown in Fig. 3.

Furthermore, the output device provides a means to communicate with the user that a failed access attempt has occurred. For example, due to the time-varying access code 104 expiring, incorrect access credentials 108 being provided, or the user being unauthorised to access the area associated with the time-varying access code 104.

One exemplary user interface is provided in Fig. 2 which prompts a user to input an access code, either using the touchscreen 202 or alternatively using a camera 204 on the electronic device 102.

5.3. ACCESS CREDENTIALS

In order to be provided access to an area, the access control systems 100 described herein are configured to require one or more of the following access credentials 108:

• A pin number;

• A password, or username and password;

• A specific gesture or pattern of device inputs, such as a swipe patten on the electronic device's 102 touchscreen interface 202;

• Date of birth, or other personally identifying information; • Correct responses to one or more security questions;

• A device identifier, for example a unique identifier within the electronic device 102 such as an IM El or MAC address may be used to validate the device being used;

• A unique software identifier, such as a unique code generated on installation of access control software on the electronic device 102;

• Validation that the electronic device 102 has been unlocked, for example by having an application on the device report the status of the device;

• A photograph, for example provided by the camera 204 of the electronic device 102;

• A positive facial recognition result, for example from facial recognition performed on the electronic device 102;

• An audio recording, such as a voice recording;

• A positive voice recognition result, for example from a voice recognition performed on the electronic device 102; and

• Fingerprint data, or a positive fingerprint match, for example from a fingerprint scan performed on the device.

In examples the time-varying code is issued by a time-varying code generator, such as a software algorithm executed on the remote server 110.

5.4. TIME-VARYING CODE GENERATOR

One aspect of the present technology is to provide a time-varying access code 104 at a doorway or entry way which a user must input, for example into their electronic device 102 in order to gain access to the area.

Use of a time-varying access code 104 can assist with restricting or preventing a user from reusing access codes, or using expired / invalid access codes. This can help to ensure that the person is present at the area they are attempting to access. The combination of access credentials 108 and time-varying code generator can advantageously be used to ensure that the authorised person is present at the area, and that they are authorised to gain entry. Throughout the present specification, reference to the time-varying access code 104 or time-varying access code generator should be understood to mean an access code or access code generator which generates an access code which changes over time. The time-varying code generator may be configured to generate new codes after a set duration such as every 30 minutes, or alternatively after a variable amount of time, or after certain conditions have been met (for example, the code may change after use, at set times each day or randomly). That is to say that the scope of the present technology is not to be limited to variable code generation technologies which exclusively vary the access code based on time periods, fixed or otherwise.

Referring now to Fig. 3 which shows an example of a system 300 for presenting time-varying codes 104 to a user in accordance with the present technology.

In the example shown, a door 302 is provided with a locking mechanism 114 configured to selectively provide access through the door 302. Located adjacent to the door 302 is a display 306 configured to display time-varying access codes 104. In the example shown, the time-varying access code 104 is a 2D barcode, otherwise known as a matrix barcode or QR code, however this should not be seen as limiting on the technology, and further examples of time-varying access codes 104 are described herein.

The display 306 illustrated is an electronic display, as known to those skilled in the art. In some examples the display also comprises an input means, such as a touchscreen 202 to enable a user to interact with the display in use.

The display is operatively connected to a processor 308 which determines what information should be presented on the display 306. In some examples of the technology, the processor 308 is separate from the display, and operatively connected to the display, for example using one or more wires or wireless connections. In other examples of the technology the processor 308 is attached to the display to form a processing and display unit (not shown).

In some examples of the technology it may be advantageous for a plurality of displays 306 to be connected to a single processor 308. For example, where multiple doors are used in a building, or where secure areas are present on both sides of a door. In these applications it may be beneficial to have a single processor 308 configured to display the information on two or more displays 306, to reduce component costs, installation costs and system complexity. The processor 308 is provided with a communication system 310, which is wired or wireless. For example, the communication system 310 comprises one or more of ethernet, WiFi, Bluetooth, serial, parallel, mesh, or other network connection. In some examples of the technology, the network connection is configured to provide encrypted communications for added security.

The communication system 310 enables the processor 308 to communicate with a remote server 110 or local server 112 as described herein to do one or more of the following:

• Receive time-varying access codes 104 for presenting on the display;

• Receive information sufficient to generate time-varying access codes 104 on the display, for example seed information used to generate the time-varying access codes 104; and

• Receive instructions to control the locking mechanism 114, such as disengaging the locking mechanism 114 when an authorised person is present at the door.

Additionally, the processor 308 can be configured to do one or more of the following:

• Communicate with an electronic device 102, for example using Bluetooth or RFID/NFC technologies as described herein;

• Provide an interactive menu, such as options to alarm an area or provide free access to an area for a period of time; and

• Present information on the display such as room booking information, do not disturb notices, security notices or other information.

While the present example relates to providing access to an area through a door, this should not be seen as limiting on the technology, and in other examples the access control systems 100 of the present technology may be used to provide access to assets, secure enclosures, control alarms or other secure equipment.

In addition, while the example shown in Fig. 3 shows the processor 308 controlling the locking mechanism 114, this should not be seen as limiting on the technology. For example, in the example of Fig. 1 the local server 112 is configured to operatively control the locking mechanism 114.

5.4.1. TIME-VARYING ACCESS CODES

The time-varying access codes 104 described herein may consist of any one or more of the following: • A barcode, including one-dimensional and two-dimensional barcodes;

• A pin number such as a 6-digit numeric code;

• A word or passphrase;

• An alphanumeric string or code;

• Near field or RFID communications configured to transmit codes which can be changed;

• A tone, or sequence of tones, audible or otherwise;

• A variable light pattern or flashing sequence; and

• Ultrasonic, or other suitable wireless transmissions.

Other suitable time-varying access codes 104 may also be used within the scope of the present technology.

5.5. REMOTE SERVER

It should be appreciated that the foregoing examples of remote and local servers should not be seen as limiting on the technology, and in each case one or more processor is configured to perform the actions described herein.

In examples of the technology, the remote server 110 is located remotely from the door access hardware, such as being cloud hosted. The use of remote servers 110 can advantageously provide a centralised location for managing the access control system 100, particularly where there is a need to provide access to multiple sites.

In other examples of the technology, the remote server 110 may be configured to provide a means for screening incoming access credentials 108 or signals indicative thereof and time-varying access codes 104 to ensure that they are genuine and meet certain predetermined requirements such as formatting and encryption. One advantage of using a remote screening server is to protect against digital forced entry attacks or hacking attempts. Furthermore in the event that a distributed denial of service attack (DDOS) is launched against the access control system 100, the remote server 110 can quickly screen out the invalid requests so as to not burden or affect the responsiveness of the local server 112, and attached access control devices. This however should not be limiting on the technology and in examples described herein the processing and validation of access credentials 108 and time-varying access codes 104 may be performed on site.

5.6. LOCAL SERVER

In examples of the technology, one or more local server 112 may be provided to centrally manage one or more doors or areas on a site. For example, the remote server 110 described herein is configured to relay access decisions to door hardware such as locking mechanisms 114, or electronics associated with the locking mechanisms 114.

However, this should not be seen as limiting on the technology, and in some examples of the technology described herein the processor 308 associated with the time-varying access code generator may instead be configured to receive access decisions and control the associated locking mechanisms 114 accordingly.

5.7. APPLICATION STRUCTURE

In one example of the technology, the user is provided with an access control application on their electronic device 102. This access control application may be configured to receive the time-varying access code 104 and access credentials 108. In some examples, the application processes at least part of the time-varying access code 104 and/or access credentials 108. In other examples, the application is configured to forward these to a remote or local server 112 for processing and validation.

One advantage of requiring that an access control application is installed on the electronic device 102 is the ability to utilise the electronic device's 102 processing power and hardware to assist with validation of user credentials. For example, installing an application may advantageously allow use of facial, voice, or fingerprint recognition technologies to validate the identity of the user requesting access. However, the use of access control applications should not be seen as limiting on the technology, and in another example of the technology, the user provides the time-varying access codes 104 and access credentials 108 to an interface on a web browser. For example, two-dimensional time-varying access codes 104 can be scanned by an electronic device 102, which may cause the electronic device 102 to open a webpage containing the required information fields. In this example, the two-dimensional barcode can contain sufficient information to pre-populate the time-varying access code 104 on the website when scanned. For example, a substantial component of the URL provided in the two-dimensional barcode may remain substantially unchanged, and the time-varying code 104 component of the two-dimensional barcode may change periodically.

In yet further examples of the technology, both application and web-based interfaces are provided. This advantageously may allow contractors to easily engage with the access control system 100 without requiring any applications to be installed on their personal or company issued electronic device 102.

Fig. 4 provides an example flow-diagram of a control system according to the present technology. In the example shown, a user scans a time-varying access code 104 located near or otherwise associated with a door. If the user has the relevant access control application on their electronic device 102, the application prompts the user to enter at least one access credential 108, for example it may wait for a fingerprint to be registered, or use the camera 204 to perform facial recognition on the user.

In some examples of the technology (not shown in Fig. 4), it may be beneficial for the control system to direct the user to a webpage if no appropriate application is detected on the user's electronic device. The user can then be prompted to provide at least one access credential 108 such as a password or pincode.

The access credentials and time-varying access codes 104 are then sent to a remote server 110 for validation. If the credentials 108 or access code is invalid the user is denied entry. If they are found to be valid, the remote server 110 validates that the user is authorised to access the door associated with the time-varying access code 104. If the user is authorised, the access decision is forwarded to the local server 112 which facilitates access by temporarily disengaging the locking mechanism 114 at the door.

5.8. EXAMPLES

5.8.1. ACCESS CONTROL SYSTEMS

One example of an access control system 100 in accordance with the present technology comprises: a time-varying code generator configured to generate a code; an electronic display configured to display the code; a locking mechanism 114; an electronic device configured to input the code together with at least one identifying credential 108; and a processor configured to validate the code and at least one identifying credential 108, wherein upon validation the processor is configured to disengage the locking mechanism 114." In some examples of the technology the processor is located within a local or remote server as described herein, while in other examples the processor is located within the electronic device.

5.8.2. ACCESS CONTROL DEVICES

One example of an access control device in accordance with the present technology comprises: a time-varying code generator configured to generate a code; an electronic display configured to display the code; an output configured to connect to a locking mechanism 114; and a network connection configured to receive access information, wherein upon receipt of the access information, the device is configured to control the output in order to disengage the locking mechanism 114."

5.8.3. ACCESS METHODS

One example of the present technology is a method of providing access to a user via an access control system 100, the method comprising the steps of:

A) having the user input a time-varying access code 104 and at least one access credential 108 into an electronic device 102;

B) communicating the access code and access credential 108 to a remote server 110;

C) validating whether the user is authorised to access the area associated with the timevarying access code 104; and

D) providing access if the user is authorised.

In preferred examples of the technology, access is provided to the user by

E) communicating the access decision from the remote server 110 to a local server 112; and

F) using the local server 112 to disengage a locking mechanism 114 associated with the access area.

Another example of an access method, comprises the following steps: a) generating a code; b) emitting a signal indicative of the code using an emitter; c) receiving a signal indicative of the code together with at least one identifying credential; d) validating the code and at least one identifying credential are valid; e) controlling a locking mechanism if the code and at least one identifying credential are valid; and f) generating new codes periodically.

5.8.4. ACCESS POINTS

One feature of the present technology is to provide access points which comprise access control systems as described herein, together with a barrier and a locking mechanism, wherein the processor is configured to activate the locking mechanism after validation to cause the locking mechanism to move between a released position in which the barrier can be moved, and an engaged position in which the barrier is substantially immovable.

For example the barrier may be a door.

The foregoing technology may be said broadly to consist in the parts, elements and features referred to or indicated in the specification of the application, individually or collectively, in any or all combinations of two or more of said parts, elements or features.

Aspects of the present technology have been described by way of example only and it should be appreciated that modifications and additions may be made thereto without departing from the scope thereof as defined in the appended claims.