FIELD OF THE INVENTION

[0001] The present invention relates to a remote access system and method for personnel accessing a secured site or a secured item such as a key cabinet.

BACKGROUND TO THE INVENTION

[0002] Historically access control systems for a site comprise a locally based PC for configuration which is connected to a number of access controllers for doors, gates, cabinets etcetera. Typically users are registered with the system and given a PIN and/or some kind of identification device such as a magnetic card to gain access. Such systems are cumbersome to administer and have major security issues when a user loses their identification device or forget their PIN.

[0003] In more recent systems smart devices have been incorporated into access systems, with the smart device communicating directly with an electronic lock or with a remote server which in turn activates an electronic lock. Whilst overcoming problems with lost PINs and identification devices, having to use a smart device to open a door is cumbersome and often inconvenient for a user. Security of such systems may also be readily compromised as there is only one factor of user authentication.

[0004] The object of this invention is to provide an access system to alleviate the above problems, or at least provide the public with a useful alternative.

SUMMARY OF THE INVENTION

[0005] In a first aspect the invention comprises a method for a user to gain access to a remote asset secured by an access controller, comprising the steps of: an administrator creating on an access control server an invitation to the asset for the user; the user using a smart device application to send a request to the server to access the asset; the server comparing the request with the invitation and if the request and invitation match sending an access PIN to the user and to the access controller; the user entering the access PIN into the access controller; and the access controller comparing the access PIN entered by the user with the access PIN received by the access controller from the server and if the PINs match opening a lock securing the asset. [0006] Preferably the request to access the asset includes the geolocation of the user.

[0007] The user may scan a QR code in proximity to the asset to identify the asset in the request to the server, or the application may display a selection of assets in proximity to the user from which the user selects the asset for the request.

[0008] Preferably the method further comprises the steps of the server sending notification of the invitation to the user by an email; and the user following a link in the email to install the application on the smart device, and may include the further steps of: the user entering a phone number for the smart device into the application; the server sending a verification PIN to the smart device and a verification email to the user; and the user following a verification link in the verification email, and entering the verification PIN into the application.

[0009] The smart device application may monitor the geolocation of the user after a fist use of the PIN and alert the user if they leave a specified geolocation before a second use of the PIN.

[0010] It should be noted that any one of the aspects mentioned above may include any of the features of any of the other aspects mentioned above and may include any of the features of any of the embodiments described below as appropriate.

DETAILED DESCRIPTION OF THE INVENTION

[0011] The present invention provides a system and method of gaining access to a site or asset that offers improved security and ease of use. In the following discussion the term asset will be used to refer to either a location, e.g. entering a gate, or a secured item such as a key cabinet. A user wishing to gain access to an asset uses an application on a smart device to send an access request to a cloud based access control system server and receives an access PIN in return if their request details match a pre-configured invitation. A corresponding PIN number is sent to the access controller securing the asset. The user then enters the PIN into the controller to gain access. The controller can be configured to accept the PIN for a specified time interval and/or a specified number of uses.

[0012] The method of the invention is part of an access management system as detailed in Australian Patent No. 2015101875 and will be discussed in the context of such a system, but may also find use in other similar systems that either monitor or control access to sites or assets. The system comprises a cloud based system server working in conjunction with smart device applications and physical access controllers.

[0013] Before using the system a user is invited by a site administrator, typically via email, to download the application and use it to register with the system. To register, a new user will create a username and password then enter details such as mobile number, email, photo, personal details and company details. Once details have been saved a verification email and SMS with a verification PIN are sent to the user who must then click on a link in the email and enter the verification PIN into the application. Once registered a user may then use the system to request an access PIN for an asset.

[0014] The provision of access PINs is restricted by invitations created by a site administrator, the invitations include various invitation details including user name, asset or site identification, access period and number of accesses allowed.

[0015] In addition to an invitation being initiated by a site administrator, a potential guest can also request an invitation using a web page link. This requires the guest to enter their details which are forwarded to the site administrator for approval, saving the site administrator from having to enter the details. If approved an invitation is sent to the guest and they download the application and register as above.

[0016] The following is a typical scenario of a guest user accessing a remote asset. A site administrator creates an invitation and sends an invitation email to the guest.

The guest follows the link in the invitation email, downloads the application to their smart device and registers their details. The user visits the site and approaches the site asset that they wish to have access to. To gain access the user launches the application and identifies the asset that they wish to access. This can be done by selecting an asset from a list of nearby assets determined by the geolocation of the user, or entering an asset identification by scanning a QR code on or adjacent to the asset. Optionally the application uses the smart device’s geolocation facilities to confirm that the guest is in proximity to the asset associated with the QR code. The application forwards the access request, including the asset identification, the user’s identification and geolocation, to the system server which checks for a matching invitation. If a matching invitation is found an access PIN is returned to the application and displayed to the user. The same access PIN is also sent to the access controller securing the asset together with a time window and number of times in which the access PIN can be used. The access controller stores the PIN and associated limitations for verifying future PIN entries. When the user wishes to access the asset they enter the access PIN into the access controller, which then verifies the PIN and checks the limitations and if all is in order opens the lock securing the asset. The access controller then reports the successful access back to the system server.

[0017] Depending on the invitation details the user may or may not be able to access the same asset at a later time using the same PIN. Typically only a single access will be provided for access to a site. The geolocation facilities of the application can then be used to record when the user leaves the site. For a secured key cabinet a PIN will need to be used at least twice, once to retrieve a key and once to return the key. The application may be configured to alert the user if they depart a specified geolocation before returning the key.

[0018] A returning guest will go through the above process again, but without the need to install the application and register their details. Once the user has registered with the system they can receive invitations via the application.

[0019] The various assets can be assigned to logical groups as can users, for example electrical services. An invitation to a user assigned to electrical services would give them access to all assets assigned to electrical services. An asset may belong to various logical groups, as can users. A user may be given an invitation to specific logical groups, or to the groups to which they belong, thus simplifying the management of access to multiple assets.

[0020] The above system provides an access system with improved security and ease of use using manually entered PINs. A guest user is only given an access PIN for an asset after they have: been invited by a site administrator using their mobile device and/or email as a primary identifier; installed an application and verified their mobile number and email details by SMS PIN confirmation and following an email link;

provided personal details such as name, company and identification photo; and, been at a specific geolocation at the invited time.

[0021] Further advantages and improvements may very well be made to the present invention without deviating from its scope. Although the invention has been shown and described in what is conceived to be the most practical and preferred embodiment, it is recognized that departures may be made therefrom within the scope of the invention, which is not to be limited to the details disclosed herein but is to be accorded the full scope of the claims so as to embrace any and all equivalent devices and apparatus. Any discussion of the prior art throughout the specification should in no way be considered as an admission that such prior art is widely known or forms part of the common general knowledge in this field.

[0022] In the present specification and claims (if any), the word "comprising" and its derivatives including "comprises" and "comprise" include each of the stated integers but does not exclude the inclusion of one or more further integers.