Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
SYSTEM AND METHOD FOR CONTROLLING ACCESS USING CODED LIGHT COMMUNICATION
Document Type and Number:
WIPO Patent Application WO/2019/076678
Kind Code:
A1
Abstract:
A system (100, 200) for controlling access of an individual within a secured environment (110), including: (i) a plurality of lighting units (10) located along a pre- authorized route within the secured environment, each lighting unit configured to transmit a unique code via coded light, the unique code associated with a unique identifier for the transmitting lighting unit; (ii) a code receiver (240) configured to receive, from a light 5 receiving device (250) associated with an individual, a plurality of codes received from the plurality of lighting units as the individual moved within a pre-authorized route within the secured environment; (iii) a processor (220) configured to compare the received plurality of codes to the unique codes transmitted by the plurality of lighting units located along a pre- authorized route within the secured environment, where the security system authorizes the 10 individual if the received plurality of codes match the unique codes.

Inventors:
GOPAL SAMY, Mathan, Kumar (5656 AE Eindhoven, 5656 AE, NL)
RAO, Zhibiao (5656 AE Eindhoven, 5656 AE, NL)
HU, Jia (5656 AE Eindhoven, 5656 AE, NL)
VANGALAPAT, Tharak (5656 AE Eindhoven, 5656 AE, NL)
Application Number:
EP2018/077427
Publication Date:
April 25, 2019
Filing Date:
October 09, 2018
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
SIGNIFY HOLDING B.V. (High Tech Campus 48, 5656 AE Eindhoven, 5656 AE, NL)
International Classes:
G07C9/00; H04B10/116
Foreign References:
US20170127372A12017-05-04
US9520939B22016-12-13
US20170237487A12017-08-17
US9100124B22015-08-04
Other References:
None
Attorney, Agent or Firm:
VAN EEUWIJK, Alexander, Henricus, Walterus et al. (Signify Netherlands B.V. - Intellectual Property, High Tech Campus 7, 5656 AE Eindhoven, 5656 AE, NL)
Download PDF:
Claims:
CLAIMS:

1. A system (100, 200) for controlling access of an individual within a secured environment (1 10) by a security system, comprising:

a plurality of lighting units (10) located along a pre-authorized route within the secured environment, each lighting unit configured to transmit a unique code via coded light, the unique code associated with a unique identifier for the respective transmitting lighting unit;

a code receiver (240) configured to receive, from a light receiving device (250) associated with an individual, a plurality of codes received by the light receiving device from the plurality of lighting units as the individual moved within a pre-authorized route within the secured environment; and

a processor (220) configured to compare the received plurality of codes to the unique codes transmitted by the plurality of lighting units located along a pre-authorized route within the secured environment;

wherein the security system authorizes the individual if the received plurality of codes match the unique codes, wherein a match comprises a sequence associated with the plurality of codes matching a sequence associated with the unique codes.

2. The system of claim 1, wherein the processor is further configured to identify the light receiving device.

3. The system of claim 1, wherein the processor is further configured to generate one or more of the unique codes.

4. The system of claim 3, wherein the codes are generated according to the following equation:

where Kt is the generated unique code, t = time, D = the unique identifier of the light receiving device, Ek = a unique identifier of the individual k; G = the unique code i transmitted by the lighting unit; and F = an encryption function.

5. The system of claim 1, wherein the light receiving device is a mobile computing device. 6. The system of claim 1, further comprising a database (230) comprising pre- authorized routes for a plurality of individuals.

7. The system of claim 1, wherein the processor is further configured to analyze the received plurality of codes for dwell time and/or velocity of the individual along the pre- authorized route.

8. The system of claim 1, wherein the unique codes transmitted via coded light change as a function of time. 9. A method (500) for controlling access of an individual within a secured environment (110) comprising a plurality of lighting units (10), comprising:

generating (530), by a processor (220), a plurality of unique codes for the plurality of lighting units, wherein each of the plurality of lighting units is configured to transmit at least one of the generated unique codes via coded light, and wherein each of generated unique code is associated with a unique identifier for the respective transmitting lighting unit;

transmitting (540) the plurality generated codes by the plurality of lighting units, wherein at least some of the plurality of generated codes are received by a light receiving device (250) associated with the individual as the individual moves within a pre- authorized route within the secured environment;

receiving (560), by a code receiver, a plurality of codes received by the light receiving device and sent to the code receiver;

comparing (570), by the processor, the received plurality of codes to the unique codes transmitted by the plurality of lighting units located along the pre- authorized route within the secured environment; and

authorizing (580) the individual if the received plurality of codes match the unique codes, wherein a match comprises a sequence associated with the plurality of codes matching a sequence associated with the unique codes.

10. The method of claim 9, wherein said authorizing step further comprises authorizing the individual if the light receiving device sending the received codes to the code receiver is authorized by the security system. 11. The method of claim 9, wherein the codes are generated according to the following equation:

Kt = F(t, Dy, Ek, Ci)

where Kt is the generated unique code, t = time, Dy = the unique identifier of the light receiving device, Ek = a unique identifier of the individual k; Ci = the unique code i transmitted by the lighting unit; and F = an encryption function.

12. The method of claim 9, wherein the light receiving device is a mobile computing device. 13. The method of claim 9, wherein said comparing step further comprises analysing the received plurality of codes for dwell time and/or velocity of the individual along the pre-authorized route.

14. The method of claim 9, wherein the unique codes transmitted via coded light change as a function of time.

15. The method of claim 9, further comprising the step of granting access to a secured space, if the individual is authorized.

Description:
SYSTEM AND METHOD FOR CONTROLLING ACCESS USING CODED LIGHT COMMUNICATION

FIELD OF THE INVENTION

The present disclosure is directed generally to methods and systems configured to control access of individuals within a secured environment using coded light communication.

BACKGROUND

Access control is an important subsystem in a secured environment. Many commercial buildings have smart access control systems which employ technologies such as RFID, wireless keys, biometric sensors, and other methods for controlling access to and from the secured space.

However, there are numerous problems with existing access control technology. For example, technologies such as RFID and wireless keys are cost-effective but are highly vulnerable to hacking. These technologies also cannot protect the secured environment from unauthorized access via physical tampering or a stolen or duplicated key. In a traditional access control system an employee swipes an access badge, typically containing an RFID tag, in a panel near a door or other access point. The scanned badge number is checked against an access list such as a lookup table and the system actuates a lock to open the door. However, an access badge is easily misplaced, lost, or stolen, and the badge can be illicitly scanned and duplicated even at a distance using high-gain antennae. Similarly, an access badge reader can be jammed by attackers at a distance by streaming invalid RF codes using high-gain antennae.

Although biometric technologies may address some of the security issues associated with RFID or other wireless access systems, biometric technologies carry numerous privacy concerns and cost implications.

Existing access control systems are also not efficient for specific situations such as the presence of guests or visitors. Some security buildings need a guest visitor to be accompanied by a security staff all the time, which causes overhead. In addition, different guests may be granted different permission levels. This is not easy to achieve and monitor due to the complexity of security protocols. Existing security access control systems also affect building layout design and security deployment. Current methods and systems typically mandate that the security desk or front desk be located in front of an entry, which can be expensive if there are multiple entries.

Accordingly, there is a need for security access control systems that provide a more cost-effective and more secure means of access control.

SUMMARY OF THE INVENTION

The present disclosure is directed to inventive methods and apparatus for a security system configured to monitor and control access of an individual within a secured environment. Various embodiments and implementations herein are directed to a networked security system comprising multiple distributed lighting units that transmit a unique code in the visible spectrum via Coded Light Technology. The transmitted unique code is associated with a unique identifier for the respective transmitting lighting unit at a given point in time. As the individual moves within the secured environment, such as along a pre-authorized route, a light receiving device associated with the individual receives the coded light, including the transmitted codes. When the individual reaches a security checkpoint, the light receiving device transmits the received codes to a code receiver, and the system compares the received codes to the unique codes transmitted by the lighting units located along the pre- authorized route within the secured environment. The security system authorizes the individual if the received codes accurately match the unique codes transmitted by the lighting units at the specified time of access request.

Generally, in one aspect, a system is provided to control access of an individual within a secured environment. The system includes: (i) a plurality of lighting units located along a pre-authorized route within the secured environment, each lighting unit configured to transmit a unique code via coded light, the unique code associated with a unique identifier for the respective transmitting lighting unit; (ii) a code receiver configured to receive, from a light receiving device associated with an individual, a plurality of codes received by the light receiving device from the plurality of lighting units as the individual moved within a pre-authorized route within the secured environment; and (iii) a processor configured to compare the received plurality of codes to the unique codes transmitted by the plurality of lighting units located along a pre-authorized route within the secured

environment, where the security system authorizes the individual if the received plurality of codes match the unique codes. According to an embodiment, the processor is further configured to identify the light receiving device.

According to an embodiment, the processor is further configured to generate one or more of the unique codes. According to an embodiment, a code at time t is generated according to the following equation:

where K t is the generated unique code, t = time, Dy = the unique identifier of the light receiving device, Ek = a unique identifier of the individual k; G = the unique code i transmitted by the lighting unit; and F = an encryption function.

According to an embodiment, the light receiving device is a mobile computing device.

According to an embodiment, the system further includes a database comprising pre-authorized routes for a plurality of individuals.

According to an embodiment, the processor is further configured to analyze the received plurality of codes for dwell time and/or velocity of the individual's trajectory along the pre-authorized route.

According to an embodiment, the unique codes transmitted via coded light change as a function of time.

According to an aspect is a method for controlling access of an individual within a secured environment having a plurality of lighting units. The method includes the steps of: (i) generating, by a processor, a plurality of unique codes for the plurality of lighting units, wherein each of the plurality of lighting units is configured to transmit at least one of the generated unique codes via coded light, and wherein each of generated unique code is associated with a unique identifier for the respective transmitting lighting unit; (ii) transmitting the plurality generated codes by the plurality of lighting units, wherein at least some of the plurality of generated codes are received by a light receiving device associated with the individual as the individual moves within a pre-authorized route within the secured environment; (iii) receiving, by a code receiver, a plurality of codes received by the light receiving device and sent to the code receiver; (iv) comparing, by the processor, the received plurality of codes to the unique codes transmitted by the plurality of lighting units located along the pre-authorized route within the secured environment; and (v) authorizing the individual if the received plurality of codes match the unique codes. According to an embodiment, the authorizing step further comprises authorizing the individual if the light receiving device sending the received codes to the code receiver is authorized by the security system.

According to an embodiment, the method further includes the step of granting access to a secured space if the individual is authorized.

The term "light source" should be understood to refer to any one or more of a variety of radiation sources, including, but not limited to, LED-based sources (including one or more LEDs as defined above), incandescent sources (e.g., filament lamps, halogen lamps), fluorescent sources, phosphorescent sources, high-intensity discharge sources (e.g., sodium vapor, mercury vapor, and metal halide lamps), lasers, other types of electroluminescent sources, pyro-luminescent sources (e.g., flames), candle-luminescent sources (e.g., gas mantles, carbon arc radiation sources), photo-luminescent sources (e.g., gaseous discharge sources), cathode luminescent sources using electronic satiation, galvano-luminescent sources, crystallo-luminescent sources, kine-luminescent sources, thermo-luminescent sources, triboluminescent sources, sonoluminescent sources, radioluminescent sources, and luminescent polymers.

The term "lighting unit" is used herein to refer to an apparatus including one or more light sources of same or different types. A given lighting unit may have any one of a variety of mounting arrangements for the light source(s), enclosure/housing arrangements and shapes, and/or electrical and mechanical connection configurations. Additionally, a given lighting unit optionally may be associated with (e.g., include, be coupled to and/or packaged together with) various other components (e.g., control circuitry) relating to the operation of the light source(s). An "LED-based lighting unit" refers to a lighting unit that includes one or more LED-based light sources as discussed above, alone or in combination with other non LED-based light sources.

In various implementations, a processor or controller may be associated with one or more storage media (generically referred to herein as "memory," e.g., volatile and non- volatile computer memory such as RAM, PROM, EPROM, and EEPROM, floppy disks, compact disks, optical disks, magnetic tape, etc.). In some implementations, the storage media may be encoded with one or more programs that, when executed on one or more processors and/or controllers, perform at least some of the functions discussed herein.

Various storage media may be fixed within a processor or controller or may be transportable, such that the one or more programs stored thereon can be loaded into a processor or controller so as to implement various aspects of the present invention discussed herein. The terms "program" or "computer program" are used herein in a generic sense to refer to any type of computer code (e.g., software or microcode) that can be employed to program one or more processors or controllers.

In one network implementation, one or more devices coupled to a network may serve as a controller for one or more other devices coupled to the network (e.g., in a master/slave relationship). In another implementation, a networked environment may include one or more dedicated controllers that are configured to control one or more of the devices coupled to the network. Generally, multiple devices coupled to the network each may have access to data that is present on the communications medium or media; however, a given device may be "addressable" in that it is configured to selectively exchange data with (i.e., receive data from and/or transmit data to) the network, based, for example, on one or more particular identifiers (e.g., "addresses") assigned to it.

The term "network" as used herein refers to any interconnection of two or more devices (including controllers or processors) that facilitates the transport of information (e.g. for device control, data storage, data exchange, etc.) between any two or more devices and/or among multiple devices coupled to the network. As should be readily appreciated, various implementations of networks suitable for interconnecting multiple devices may include any of a variety of network topologies and employ any of a variety of communication protocols. Additionally, in various networks according to the present disclosure, any one connection between two devices may represent a dedicated connection between the two systems, or alternatively a non-dedicated connection. In addition to carrying information intended for the two devices, such a non-dedicated connection may carry information not necessarily intended for either of the two devices (e.g., an open network connection).

Furthermore, it should be readily appreciated that various networks of devices as discussed herein may employ one or more wireless, wire/cable, and/or fiber optic links to facilitate information transport throughout the network.

It should be appreciated that all combinations of the foregoing concepts and additional concepts discussed in greater detail below (provided such concepts are not mutually inconsistent) are contemplated as being part of the inventive subject matter disclosed herein. In particular, all combinations of claimed subject matter appearing at the end of this disclosure are contemplated as being part of the inventive subject matter disclosed herein. It should also be appreciated that terminology explicitly employed herein that also may appear in any disclosure incorporated by reference should be accorded a meaning most consistent with the particular concepts disclosed herein. BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, like reference characters generally refer to the same parts throughout the different views. Also, the drawings are not necessarily to scale, emphasis instead generally being placed upon illustrating the principles of the invention.

FIG. 1 is a schematic representation of a secure access system, in accordance with an embodiment.

FIG. 2 is a schematic representation of a lighting unit, in accordance with an embodiment.

FIG. 3 is a schematic representation of a distributed lighting system network comprising a plurality of lighting units, in accordance with an embodiment.

FIG. 4 is a schematic representation of a light receiving device, in accordance with an embodiment.

FIG. 5 is a flowchart of a method for controlling access of an individual within a secured environment, in accordance with an embodiment.

FIG. 6 is an example of a lighting network mapped onto a building floor plan, in accordance with an embodiment.

DETAILED DESCRIPTION OF EMBODIMENTS

The present disclosure describes various embodiments of a security system comprising a plurality of spaced lighting units each configured to transmit a unique code via coded light. More generally, Applicant has recognized and appreciated that it would be beneficial to provide a security system configured to monitor and control access of an individual within a secured environment. A particular goal of utilization of certain embodiments of the present disclosure is to provide a security system configured to determine whether an individual within a secured environment has followed or deviated from a pre-authorized route.

In view of the foregoing, various embodiments and implementations are directed to a security system comprising multiple distributed lighting units that transmit a unique code via coded light. The unique code transmitted via coded light is associated with a unique identifier for the respective transmitting lighting unit. As the individual moves within the secured environment along a pre-authorized route, a light receiving device associated with the individual receives the coded light, including the transmitted codes. When the individual reaches a security checkpoint the light receiving device transmits the received codes to a code receiver, and the system compares the received codes to the unique codes transmitted by the lighting units located along the pre-authorized route within the secured environment. The security system authorizes the individual if the received codes accurately match the unique codes transmitted by the lighting units. The security system may also provide an alert or notification if the system determines that the received codes do not accurately match the unique codes transmitted by the lighting units along the pre-authorized route, suggesting that the individual wavered from that route.

Referring to FIG. 1, in one embodiment, a system 100 is provided that includes a plurality of spaced lighting units 10 located alone one or more routes within a secured environment 1 10. The secured environment 1 10 may be any environment, space, building, or other location or facility in which security is or might be a concern. For example, the secured environment may be a financial site such as a trading floor or a bank, an industrial location such as an oil rig, refinery, or manufacturing plant, a governmental agency building, or a research facility such as NASA, a pharmaceutical facility, or any of a wide variety of other locations.

The secured environment 110 comprises one or more routes or locations through which an individual may walk, drive, or otherwise travel. Referring to FIG. 1, for example, secured environment 110 comprises two routes, Route A and Route B, through which an individual may travel. Along each route are one or more spaced lighting units 10. Some or all of the lighting units 10 are configured to transmit a unique code via coded light. The unique code transmitted by each lighting unit is associated with a unique identifier for the transmitting lighting unit as described or otherwise envisioned herein.

As an individual travels along one of the one or more routes or locations within the secured environment 110, a light receiving device associated with an individual receives the coded light containing the unique code transmitted by the lighting units. For example, as an individual travels along Route A, the light receiving device associated with an individual receives coded light and the embedded unique codes from lighting units 10a, 10b, 10c, lOd, and lOe. As an individual travels along Route B, the light receiving device associated with an individual receives coded light and the embedded unique codes from lighting units 10a and/or 10b, lOf, lOg, and lOh. Thus, the light receiving device contains, within the received unique code information, a history of the route that the individual has taken through the secured environment 1 10.

The secured environment 1 10 also comprises a code receiver 20, which is configured to receive the unique codes which were received by and transmitted from the light receiving device associated with an individual who has travelled through the environment. This may be in response to a query to the light receiving device, or the light receiving device may automatically or continuously transmit its received codes. For example, the light receiving device may receive a request from the code receiver to transmit its received codes, or the light receiving device may determine it is in proximity to the code receiver and automatically transmit its received codes, and/or the light receiving device may transmit its received codes in response to a command or other action by the associated individual, among other options.

Referring to FIG. 2, in one embodiment, is a lighting unit 10 within system 100. Lighting unit 10 includes one or more light sources 12, where one or more of the light sources may be an LED-based light source. Further, the LED-based light source may have one or more LEDs. The light source can be driven to emit light of predetermined character (i.e., color intensity, color temperature) by one or more light source drivers 24. Many different numbers and various types of light sources (all LED-based light sources, LED- based and non-LED-based light sources alone or in combination, etc.) adapted to generate radiation of a variety of different colors may be employed in the lighting unit 10. According to an embodiment, lighting unit 10 can be any type of lighting fixture, including but not limited to a ceiling light, a street light, or any other interior or exterior lighting fixture. According to an embodiment, lighting unit 10 is configured to transmit a unique code via coded light. The unique code can be associated with a unique identifier for the respective transmitting lighting unit. Coded light, for example, may comprise embedding data in the light output of a light source, wherein the embedded data typically do not influence the primary lighting functionality of the light source and is therefore substantially invisible to humans. Coded light can be used in communications applications wherein one or more light sources in a coded lighting system are configured to emit coded light to communicate encoded information to an optical receiver. The coded light may be visible light, or may be electromagnetic energy emitted at a wavelength located outside the visible light range.

Lighting unit 10 may include a controller 22 configured or programmed to output one or more signals to drive the one or more light sources 12a-d and generate varying intensities, directions, and/or colors of light from the light sources. For example, controller 22 may be programmed or configured to generate a control signal for each light source to independently control the intensity and/or color of light generated by each light source, to control groups of light sources, or to control all light sources together. According to another aspect, the controller 22 may control other dedicated circuitry such as light source driver 24 which in turn controls the light sources so as to vary their intensities. Controller 22 can be or have, for example, a processor 26 programmed using software to perform various functions discussed herein, and can be utilized in combination with a memory 28. Memory 28 can store data, including one or more lighting commands or software programs for execution by processor 26, as well as various types of data including but not limited to a specific identifier for that lighting unit. For example, the memory 28 may be a non-transitory computer readable storage medium that includes a set of instructions that are executable by processor 26, and which cause the system to execute one or more of the steps of the methods described herein.

According to an embodiment, controller 22 can be programmed, structured and/or configured to cause light source driver 24 to drive light source 12 to emit coded light comprising the described unique code or codes. Controller 22 may also be programmed, structured and/or configured to cause light source driver 24 to regulate the intensity and/or color temperature of light source 12 based on predetermined data, such as ambient light conditions or sound data, among others, as will be explained in greater detail hereinafter. According to one embodiment, controller 22 can also be programmed, structured and/or configured to cause light source driver 24 to regulate the intensity and/or color temperature of light source 12 based on communications received by a wireless communications module 34. Wireless communications module 34 may also be configured to receive and/or transmit information about codes and identifiers from and to one or more other elements within system 100, including but not limited to other lighting units, a code receiver 20, and/or a central controller.

Referring to FIG. 3, in one embodiment, is a schematic representation of a system 300 configured to control access of an individual within a secured environment. System 300 may be, for example, a security system installed within the secured environment. However, system 300 may be located at several different locations. For example, portions of system 300 may be located within the secured environment, while other portions of system 300 may be located remotely from the secured environment, and/or in different locations within the secured environment.

System 300 comprises a plurality of lighting units 10, which may be any of the lighting units described or otherwise envisioned herein. At least some of the lighting units are configured to transmit a unique code via coded light. The transmitted unique code is associated with a unique identifier for the respective transmitting lighting unit. System 300 comprises a central controller 210 configured to perform and/or coordinate one or more functions of the systems or methods described or otherwise envisioned herein. According to an embodiment, central controller 210 can be configured or programmed to generate unique coded light codes for the plurality of lighting units 10, which can then be communicated to the lighting units. Alternatively, the central controller 210 may coordinate unique code generation, although the lighting units or another component of the system may actually generate the codes. The central controller 210 can be configured or programmed to receive codes from the code receiver 240, which have been transmitted to the code receiver by the light receiving device 250 associated with an individual within the secured environment. The central controller 210 may be configured or programmed to interface with an access control device or mechanism, such as a security door, to provide or deny access as described or envisioned herein. Although central controller 210 is shown within the secured environment in FIG. 3, it should be recognized that the central controller may be located remote from the secured environment.

Central controller 210 can be or have, for example, a processor 220 programmed using software to perform various functions discussed herein, and can be utilized in combination with a memory or database 230. Memory or database 230 can store data, including one or more lighting commands or software programs for execution by the controller, as well as various types of data including but not limited to specific identifiers for that lighting unit. For example, the memory or database 230 may be a non-transitory computer readable storage medium that includes a set of instructions that are executable by processor 220, and which cause the system to execute one or more of the steps of the methods described herein.

The lighting units 10 may be in communication with the central controller 210 via a direct wired and/or wireless connection, or via a network 40. Additionally, lighting units 10 may communicate with other lighting units to convey or receive information.

System 300 also comprises a code receiver 240 which is configured to receive codes from the light receiving device 250 associated with an individual within the secured environment. The code receiver 240 may transmit a request for codes from the light receiving device 250 in response to a user request, in response to proximity detection, or in response to any other trigger. The code receiver 240 may alternatively transmit queries periodically or continuously without requiring a trigger. The code receiver 240 may be associated with entry and exit points or other access points. The code receiver may be or may be located with a manned or unmanned security desk, a security checkpoint, and/or any other security point. Referring to FIG. 4, in one embodiment, is a light receiving device 250.

According to an embodiment, light receiving device 250 is a handheld or wearable device and can be used, held, carried, and/or worn by a user as that user moves from one location to another location. For example, light receiving device 250 may be a smartphone, tablet, smart watch, activity tracker, personal organizer, or any other handheld or wearable computing device, where wearable devices can include anything worn on or inside a user's body or clothing.

According to an embodiment, light receiving device 250 includes a controller 410 that is configured or programmed to perform one or more of the functions described or otherwise envisioned herein. Controller 410 can be or have, for example, a processor 420 programmed using software to perform various functions discussed herein, and can be utilized in combination with a memory 430. Memory 430 can store data such as the unique codes contained within the coded light received by the light receiving device 250, as well as various types of data including but not limited to specific identifiers for one or more lighting units. Memory 430 may be a non-transitory computer readable storage medium that includes a set of instructions that are executable by processor 420, and which cause the system to execute one or more of the steps of the methods described herein.

Controller 420 may control other dedicated circuitry such as display driver 440 which in turn controls a display 450, although a driver and display are optional. Display driver 440 can be programmed, structured and/or configured to cause display 450 to display information on a screen, projection, or other display or surface, including text, images, and other information. In a smartphone, for example, the display will be a screen configured to display images, text, video, and many other formats and information. In a wearable device, the display may be a smaller screen configured to display or project images, text, video, and many other formats and information.

Light receiving device 250 includes an optical sensor 460 which is connected to an input of controller 410 and collects sensor data from within the vicinity of the device and can transmit data to controller 410, or transmit data externally via a communications module 470 which is representative of the data it collects. According to an embodiment, the optical sensor 460 receives optical information from one or more of the lighting units 10 within the secured environment 1 10 as the individual travels within the environment. The optical sensor can be any sensor capable of detecting light information. As one example, a smartphone may comprise one or more optical sensors configured to passively and/or actively obtain optical/light data from the environment. The optical sensor may be selected or configured to detect visible light, and/or may be selected or configured to detect emitted wavelengths outside the visible light range. According to an embodiment, the optical sensor is configured to detect the coded light emitted by the one or more lighting units 10 within the secured environment 1 10.

The wireless communications module 470 is configured to communicate with an external receiver such as code receiver 240. The communications module can be configured to communicate with the code receiver 240 via a variety of communications methods, including Wi-Fi, Bluetooth, IR, radio, near field communication, and/or a wide variety of other communications methods.

Referring to FIG. 5, in one embodiment, is a flowchart of a method 500 for controlling access of an individual within a secured environment 110. At step 510 of the method, a system 100, 200 comprising a plurality of lighting units 10 is provided. Lighting unit 10 can be any of the embodiments described herein or otherwise envisioned, and can include any of the components of the lighting units described herein, such as one or more light sources 12, light source driver 24, controller 22, and communications module 34, among other elements. Some or all of the lighting units 10 are configured to emit coded light.

System 100, 200 also includes a central controller 210 which may include a processor 220 and a memory 230. The system further includes a code receiver 240 configured to communicate with a light receiving device 250 associated with an individual within the secured environment 1 10.

At step 520 of the method, the system is configured for use. This could be performed by a programmer, a security officer, a building manager, or any other authorized user of the system. The authorized user may configure the system for use via a user interface or any other mechanism. According to an embodiment, the authorized user may perform one or more of the following actions to prepare the system for use.

The authorized user may select one or more routes through the secured environment by which individuals may travel from one point to another point. For example, referring to FIG. 1 , the authorized user may identify Route A as being a first route, and Route B as being a second route. The system and/or authorized user may identify the lighting units located along each of the identified routes, and this information may be stored within a system memory or database.

The authorized user may identify one or more individuals that are allowed access to and/or within the secured environment. The user may select individuals from a list of employee identifiers, and/or from any other list of individuals that may or may not be authorized. Changes may be periodically or continuously made to the list of identified individuals, and individuals may be added or removed from the list at any point. Information about authorized individuals may be stored within a system memory or database.

The authorized user may select to which route or routes, and/or which rooms or other spaces, an identified individual may have access. For example, referring to FIG. 1, the authorized user may determine that individual X is pre-authorized to use Route A and to enter rooms containing lighting units 1 Ok and 101, but is not authorized to use Route B and cannot enter rooms containing lighting units lOi and lOj. Information about authorized routes may be stored within a system memory or database.

The authorized user may also select at which time(s) of day, day(s) of the week, day(s) of the year, or other timeframe(s) within which an authorized individual is pre- authorized to access an authorized space within the secured environment. For example, the authorized user may program or design the system such that an individual is only pre- authorized to access a space, route, room, or other location on weekdays from 9 AM to 5 PM. As another example, the authorized user may program or design the system such that an individual is only pre-authorized to access a space, route, room, or other location on

Mondays and Fridays. Many other examples and combinations are possible. Information about authorized timeframes may be stored within a system memory or database.

The authorized user may identify light receiving devices 250 that are authorized to function within the system. For example, an authorized individual may register their light receiving device 250 the first time they access the space, or at any other time. The system and/or authorized user may create an association between an authorized individual and their light receiving device(s). The system and/or authorized user may also create an association between a light receiving device and a pre-authorized route or routes for the individual. Information about authorized or registered light receiving devices may be stored within a system memory or database.

Referring to FIG. 6, in one embodiment, is an example of a lighting network mapped onto a building floor plan. This may represent, for example, a graphical display of an environment. The authorized user can convert the lighting network into a directed graph 600 where each node 610 represents a lighting unit, and an edge between nodes represents valid path between two luminaire. Each valid path through the environment may represent a subgraph.

As the authorized user converts the lighting network into a directed graph or subgraph, the authorized user can follow a set of rules. For example, a path should proceed unbroken from a starting point to an ending point. The ending point may be, for example, a location where the individual transmits received codes to a code receiver for verification or authorization. According to one embodiment, a defined path may be a single path, or may comprise multiple options such as branches, merges, and other options. An individual may be pre-authorized for one or multiple paths.

In FIG. 6, for example, the secured environment comprises 36 lighting units arranged in a 6 x 6 grid. The authorized user has generated or defined a defined path 620 which proceeds from lighting unit [1][3] through the secured environment to lighting unit [6] [2]. If this defined path 620 is associated with an authorized individual, the individual is now pre-authorized for that defined path. When the individual presents received codes to a code receiver for verification, such as codes collected by a light receiving device associated with the individual, it is expected that there will be codes for lighting units [1][3], [2][3], [2][4], [2][5], [3][5], [4][5], [4] [4] ,[4][3], [4][2], [5][2], and [6] [2]. If the individual presents codes that vary from these, or vary in sequence, the system may determine that the individual has deviated from the pre-authorized route. In some embodiments, the system may determine that codes from neighboring lighting units are possible. For example, if it is possible that the pre-authorized route could inadvertently receive codes from lighting unit [3] [4], the system may have a tolerance for those additional codes. Similarly, if it is possible that the individual could travel through the pre-authorized route without receiving codes from a lighting unit, such as if a lighting unit is turned off or faulty, the system may have a tolerance for missing one or a predetermined number of codes.

At step 530 of the method, the system generates one or more codes for transmission via coded light by one or more of the lighting units 10.

The codes may be generated by the lighting units, by the central controller, and/or by another component of the system, either local or remote. Generated codes may be stored, and/or may be transmitted to the lighting units by wired and/or wireless

communication. These transmitted codes may be utilized immediately, or may be stored for future use. The codes may be any information capable of being transmitted by coded light, either in a visible wavelength or a non- visible wavelength. For example, the code may be simply a data point or string, a time-stamped data point or string, a secured data point or string, or any other piece of information capable of being transmitted by coded light.

According to an embodiment, the codes are software hashed keys generated by a key generating algorithm. The key generating algorithm ensures that each key is unique, time-variant, and resist to tampering. A unique code can be assigned to a single lighting unit or to multiple lighting units. For example, to avoid possible delay, lighting units located near each other may be assigned the same code. The generated key may expire after a timed period, such as seconds, minutes, or any other timeframe. For example, once a lighting unit code is detected through the light receiving device, there is no need to communicate with neighboring lighting unit having the same code.

According to an embodiment, the key transmitted by coded light is generated using the following equation:

K t = F(t, Dy, E k , G) (Eq. 1) where K t is the generated unique code, t = time, Dy = unique identifier of the light receiving device (such as a mac address), Ek= unique identifier of the individual k (e.g. identifier from access list); G = the unique code i (e.g. code assigned to the lighting unit(s)), and F = encryption function. Many other methods are possible for generating the transmitted codes.

The codes transmitted by via coded light by the lighting units are associated with a unique identifier for the respective transmitting lighting unit. The association can be in a database. The association may be via a unique lighting unit identifier that is also transmitted via by coded light by the lighting unit together with the code. This association identifies the location of the transmitted code, and allows for verification of the individual's route.

At step 540 of the method, a light receiving device receives codes transmitted by coded light from one or more lighting units located along a route followed by the individual. The light receiving device may be a handheld or wearable device and can be used, held, carried, and/or worn by a user as that user moves from one location to another location. For example, the light receiving device may be a smartphone, tablet, smart watch, activity tracker, personal organizer, or any other handheld or wearable computing device. A light sensor of the light receiving device receives the codes transmitted by coded light from the lighting units located along the travelled route. The route may comprise any travelable route, and may include hallways, rooms, and/or any other space or location. The route may comprise a single lighting unit, or a plurality of lighting units, some or all of which may transmit codes. A plurality of lighting units may comprise a variety of different types of lighting units.

The light receiving device stores the received codes in a memory or database.

According to an embodiment, the light receiving device transmits received codes as it receives them to an accessory or other device or location. For example, the light receiving device may be a light sensor that transmits received codes to an individual's smartphone or other computing device for storage. At step 550 of the method, the light receiving device transmits the received codes to a code receiver of the system. The light receiving device may transmit all the codes simultaneously or sequentially. For example, the light receiving device may transmit the codes sequentially in the order or the reverse order in which they were received.

Transmission of the received codes by the light receiving device may be in response to a query to the light receiving device from the code receiver, or the light receiving device may automatically or continuously transmit its received codes. For example, the light receiving device may receive a request from the code receiver to transmit its received codes, or the light receiving device may determine it is in proximity to the code receiver and automatically transmit its received codes, and/or the light receiving device may transmit its received codes in response to a command or other action by the associated individual, among other options.

As just one example, the individual associated with the light receiving device may instruct the device to transmit codes via a user interface, button, or other activation mechanism, when the individual reaches a security checkpoint such as a door. As another example, the individual may present the light receiving device to the code receiver or security personnel for review or transmission of the received codes. As another example, the light receiving device may comprise geolocation components or elements, such as one or more geofences, that instruct the device when to begin transmitting received codes. As yet another example, the light receiving device may automatically transmit codes when it detects a query from a code receiver. This may be in response to a further security check. For example, the light receiving device may only transmit codes after the code receiver has been verified.

At step 570 of the method, the system compares the codes received by the light receiving device and transmitted to the code receiver to the codes transmitted by the lighting units located along the pre-authorized route within the secured environment. The comparison may be performed by the code receiver, by the central controller, and/or by any other component of the system. The individual is authorized by the system if the transmitted codes match codes transmitted by the lighting units located along the pre-authorized route. If the transmitted codes do not match codes transmitted by the lighting units located along the pre-authorized route, then the individual must have wavered from the pre-authorized route, or there was an error in code transmission or collection. The security system may provide an alert or notification if the system determines that the received codes do not accurately match the unique codes transmitted by the lighting units along the pre-authorized route. According to an embodiment, verification follows one or more of the following steps. At step A, the path is verified. The generated key is decrypted, and the travelled path is validated to ensure that the individual followed the specified path. If not, the system might report the access path for further processing or analysis. At step B, key matching is validated. The collected keys from the specified path, together with the time variables, are verified by the system. Both time and keys are used for the key matching. At step C, there is time-based validation. The time-based parameters can be derived from the keys, such as dwell time, velocity, and others. These parameters can be used for verification. At an optional step D, the system determines or tracks a number of attempts for verification or authorization. For example, the key verification process may only allow a certain number of tries. The system may make the individual wait for a time period to try it again, and/or may report the attempts. According to an embodiment, the wait time may be based on factors such as the identity of the individual, the path distance, and/or other factors.

Accordingly, at step 580 of the method, the system authorizes the individual if the system determines that the codes received by the light receiving device and transmitted to the code receiver satisfy the security measures. For example, the system authorizes the individual if the system determines that the user did in fact travel along a route that was pre- authorized for the individual. According to another embodiment, the system authorizes the individual as long as the system determines that the user did not travel within a restricted space. In this embodiment, the system reviews received codes to determine whether any should not have been received by the individual.

Authorization of the individual may comprise allowing ingress or egress into or from the space, such as a security door. A door may unlock or open automatically upon authorization. Alternatively, the system may log the information without requiring an authorization indication to the individual. The system may provide an indicator such as a green light or other indicator providing authorization.

At step 590 of the method, the system fails to authorize the individual if the system determines that the codes received by the light receiving device and transmitted to the code receiver do not satisfy security measures. For example, the system may determine that the user did not travel along a route that was pre-authorized for the individual. The system may make such a determination if the light receiving device receives a code transmitted by a lighting unit that is located way from the pre-authorized route.

Failure to authorize the individual may comprise denying ingress or egress into or from the space, such as a security door. A door may lock or close automatically upon failure to authorize. Alternatively, the system may log the information. The system may provide an indicator such as a red light or other indicator indicating that the individual was not authorized. The system may issue an alert or warning to indicate a failure to authorize. Example 1

According to one embodiment of the methods and systems described or otherwise envisioned herein is the following example. In this example, the secured environment is a multi-story building with a server room, which is restricted. An authorized employee, who is pre-authorized to access the server room, has a light receiving device and enters the floor via an elevator. The light receiving device may be the employee's smartphone, a custom handheld device, or a body-worn badge, among other devices. The authorized employee may ensure that there is a link between the light receiving device and the security system, and/or between a lighting unit of the system. As the employee walks from the elevator to the server room, the light receiving device receives codes via coded light transmitted by lighting units located along the route. The light receiving device decodes and stores the codes in memory. When the employee reaches the server room, the codes received by the light receiving device are transmitted to the code receiver. The system verifies the light receiving device, and reviews the codes for the path(s) taken, dwell times, velocity, and/or other factors. If the system verifies the employee, the system sends an actuation command to the door lock, and the server room is available for access by the employee.

Example 2

According to one embodiment of the methods and systems described or otherwise envisioned herein is the following example. In this example, the secured environment is a multi-story building with a restricted space, and a guest visitor is accessing the environment. According to an embodiment, the light receiving device can provide a navigation function using the transmitted codes. This allows for visitor-specific access control permission without requiring an escort. The visitor can use the light receiving device to navigate to the destination following a specified path shown via a user display of the device. If the visitor's path deviates from the defined path, it will notify the security system. Similarly, when a visitor accesses the system, the system can automatically grant access if the data transmitted from the light receiving device is validated. If not validated, the collected key or keys can be transmitted to security system. The visitor's path can then be retrieved for further analysis. These and many other examples are possible. While several inventive embodiments have been described and illustrated herein, those of ordinary skill in the art will readily envision a variety of other means and/or structures for performing the function and/or obtaining the results and/or one or more of the advantages described herein, and each of such variations and/or modifications is deemed to be within the scope of the inventive embodiments described herein. More generally, those skilled in the art will readily appreciate that all parameters, dimensions, materials, and configurations described herein are meant to be exemplary and that the actual parameters, dimensions, materials, and/or configurations will depend upon the specific application or applications for which the inventive teachings is/are used. Those skilled in the art will recognize, or be able to ascertain using no more than routine experimentation, many equivalents to the specific inventive embodiments described herein. It is, therefore, to be understood that the foregoing embodiments are presented by way of example only and that, within the scope of the appended claims and equivalents thereto, inventive embodiments may be practiced otherwise than as specifically described and claimed. Inventive embodiments of the present disclosure are directed to each individual feature, system, article, material, kit, and/or method described herein. In addition, any combination of two or more such features, systems, articles, materials, kits, and/or methods, if such features, systems, articles, materials, kits, and/or methods are not mutually inconsistent, is included within the inventive scope of the present disclosure.

All definitions, as defined and used herein, should be understood to control over dictionary definitions, definitions in documents incorporated by reference, and/or ordinary meanings of the defined terms.

The indefinite articles "a" and "an," as used herein in the specification and in the claims, unless clearly indicated to the contrary, should be understood to mean "at least one."

The phrase "and/or," as used herein in the specification and in the claims, should be understood to mean "either or both" of the elements so conjoined, i.e., elements that are conjunctively present in some cases and disjunctively present in other cases.

Multiple elements listed with "and/or" should be construed in the same fashion, i.e., "one or more" of the elements so conjoined. Other elements may optionally be present other than the elements specifically identified by the "and/or" clause, whether related or unrelated to those elements specifically identified. Thus, as a non-limiting example, a reference to "A and/or B", when used in conjunction with open-ended language such as "comprising" can refer, in one embodiment, to A only (optionally including elements other than B); in another embodiment, to B only (optionally including elements other than A); in yet another embodiment, to both A and B (optionally including other elements); etc.

As used herein in the specification and in the claims, "or" should be understood to have the same meaning as "and/or" as defined above. For example, when separating items in a list, "or" or "and/or" shall be interpreted as being inclusive, i.e., the inclusion of at least one, but also including more than one, of a number or list of elements, and, optionally, additional unlisted items. Only terms clearly indicated to the contrary, such as "only one of or "exactly one of," or, when used in the claims, "consisting of," will refer to the inclusion of exactly one element of a number or list of elements. In general, the term "or" as used herein shall only be interpreted as indicating exclusive alternatives (i.e. "one or the other but not both") when preceded by terms of exclusivity, such as "either," "one of," "only one of," or "exactly one of." "Consisting essentially of," when used in the claims, shall have its ordinary meaning as used in the field of patent law.

As used herein in the specification and in the claims, the phrase "at least one," in reference to a list of one or more elements, should be understood to mean at least one element selected from any one or more of the elements in the list of elements, but not necessarily including at least one of each and every element specifically listed within the list of elements and not excluding any combinations of elements in the list of elements. This definition also allows that elements may optionally be present other than the elements specifically identified within the list of elements to which the phrase "at least one" refers, whether related or unrelated to those elements specifically identified. Thus, as a non-limiting example, "at least one of A and B" (or, equivalently, "at least one of A or B," or, equivalently "at least one of A and/or B") can refer, in one embodiment, to at least one, optionally including more than one, A, with no B present (and optionally including elements other than B); in another embodiment, to at least one, optionally including more than one, B, with no A present (and optionally including elements other than A); in yet another embodiment, to at least one, optionally including more than one, A, and at least one, optionally including more than one, B (and optionally including other elements); etc.

It should also be understood that, unless clearly indicated to the contrary, in any methods claimed herein that include more than one step or act, the order of the steps or acts of the method is not necessarily limited to the order in which the steps or acts of the method are recited.

In the claims, as well as in the specification above, all transitional phrases such as "comprising," "including," "carrying," "having," "containing," "involving," "holding," "composed of," and the like are to be understood to be open-ended, i.e., to mean including but not limited to. Only the transitional phrases "consisting of and "consisting essentially of shall be closed or semi-closed transitional phrases, respectively, as set forth in the United States Patent Office Manual of Patent Examining Procedures.