TECHNICAL FIELD

The present invention relates to an arrangement for managing, and communicating, an electronic key, of access systems, a system and an interface, therefore, which may all be useful with regard to any suitable type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, or e.g. rental functions.

BACKGROUND ART

Access to resources, such as assets, e.g. an access point (e.g. a door), may be controlled by an electronic access control system. It is known that a person may have a keycard or mobile device to provide their credentials to the access control system.

Moreover, for example US2020314651 A relates to physical access control systems having credential location detection capabilities, wherein the systems may include a host server to which readers and actuators are connected in a centrally managed configuration. Further, said readers may obtain credentials from key devices (e.g., a radio frequency identification (RFID), or a personal electronic device) and pass those credentials to a host server. Further, the host server may determine whether the credentials authorize access to the secure area and commands the actuator accordingly.

However, there is still a need for sustainable and environment friendly solutions in relation to access control systems.

DESCRIPTION OF THE INVENTION

The present invention relates to an arrangement for managing, and communicating, an electronic key, wherein the electronic key concerns access rights to a resource and for its access system, wherein the arrangement comprises: a mobile device, wherein the mobile device comprises a software application, e.g. an app, wherein the software application is provided with a secure login and a capability to communicate electronic keys, and means for wireless communication; an interface, wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled, means for wireless communication, and means for communication with a key reader of an access activation system; and a remote server assembly, wherein the remote server assembly comprises means for communication and is, via an application programming interface (API), able to communicate with an access rights database of the access activation system; and wherein the arrangement further comprises that: the mobile device is able to communicate with the remote server assembly through a secure login, and the mobile device is, via the software application, able to communicate an electronic key, generated in the remote server assembly, to the interface, the remote server assembly is, via said API, then able to communicate said electronic key to said access rights database, and the execution of the validation, and a generated electronic key, are communicable, via said API and via said remote server assembly, to said mobile device, thereby enabling said mobile device, via the software application, to communicate the generated electronic key, and enabling said interface to be prepared to communicate the generated electronic key to said key reader of said access activation system; and wherein the interface comprises means for installation, and, when the interface is installed within a distance from the key reader that enables communication of the generated electronic key from the mobile device, via the interface, to the key reader, and when the user, and the fulfilment of the pre-set proximity requirements, are detected, the access activation system is enabled to grant access to the resource to the user if authorized.

The arrangement for managing, and communicating, an electronic key, in accordance with the present invention, as described herein, may be used with an external access system or with any other suitable system.

Further, said external access system may, if necessary, be adapted for optimally functioning together with the arrangement for managing, and communicating, an electronic key, in accordance with the present invention.

The resource may, in accordance with the present invention, be any type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, an interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, and/or e.g. rental functions.

Furthermore, said "external access system" may, e.g., be an already existing system, or may, for example, be a newly deployed system.

Further, the arrangement for managing, and communicating, an electronic key, as described herein, comprises a mobile device, wherein the mobile device may be any suitable device, for example, any type of wearable or wearable technology, e.g. a wearable computer, a hand-held computer device, a mobile telephone, e.g. a smartphone, tablet computer or a personal digital assistant (PDA).

The mobile device, as described herein, comprises a software application, e.g. an app, wherein the software application is provided with a secure login and the mobile device is, via the software application, able to communicate an electronic key. A user is able to log in to the software application via a secure login service, i.e. the secure login. Further, by using unique data from the secure login service, the user will be paired with an existing user in the access rights database of the access system. The existing user, e.g. an employee, will have its information, for example, name, e-mail-address, and further user info, already in the access rights database. The software application will compare the information from the secure login service with the information already in the access rights database. A new electronic key, will be generated in the remote server assembly and the new electronic key, is devoted to said user. The new credential will then be sent to the user ^' s mobile device and added as a new credential devoted to the user in the access system via an API.

The software application is, in accordance with the present invention, installed on the mobile device to enable functions comprising, but not limited to: establishing a connection with the remote server assembly through internet, and/or intranet, connections; handling secure login procedure via connected service; adding user to "the remote server assembly"; storing electronic key, generated in the remote server assembly, for Bluetooth, e.g. encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, connection; activating the mobile device to connect with interfaces when in reach; establishing connection with interface via Bluetooth or BLE; communicating with the remote server assembly through a secure login; communicating, i.e. sending, generated electronic key to interface; and/or logging and transmitting user actions and interface status to the remote server assembly. How user credentials are generated is depending on credential setup, and capabilities, of each individual access rights system or access system. The interface emulates, for example, a proximity card or a contactless smartcard. Further, the mobile device, comprising the installed software application, may also be adapted with functionalities for, and may be used with, any suitable format, for example, any variant, or family, of Mifare formats or Prox EM formats.

Further, the software application may also be adapted to be, and be used as, an extra layer of security (e.g. for biometric identification in the mobile device) to specific, or sensitive, resources.

Furthermore, the software application may also be adapted to be, and be used as, an optional proximity source to simplify access for disabled users or in conditions when the resource is out of reach, for instance at a garage gate.

The secure login may, for example, comprise a login via a BankID or Single sign-on (SSO), and/or said secure login may, e.g., comprise a login via an identity and access management (1AM) platform with links to e.g. Single sign-on (SSO) and electronic authentication like, e.g. Swedish BankID. Identity and access management (1AM) is the practice of making sure that people and entities with digital identities have the right level of access to resources, e.g. enterprise resources like networks and databases. User roles and access privileges may be defined and managed through an 1AM system.

Further the arrangement for managing, and communicating, an electronic key, as described herein, comprises an interface, wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled, means for wireless communication, and means for communication with a key reader of an access activation system.

Furthermore, the term "electronic key" may correspond, for example, to a mobile credential, mobile key, and/or electronic credential.

The interface, as described herein, comprises said means for detection of: a user and if pre set user proximity requirements are fulfilled, wherein the means for detection comprises, for example, detection systems, and/or sensors, which may be used to detect proximity, motion, range, angle or velocity of objects, i.e. here user. The detection systems, and/or sensors, may, for example, be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology.

Further, the interface comprises said means for wireless communication, wherein the means for wireless communication, for example, comprises a Bluetooth interface which can be used to communicate with the mobile device.

The interface, as described herein, may, suitably comprise a power supply, which may be connected to a power supply of the key reader or any other external source.

Further, the interface may also comprise any suitable microcontroller (MCU) which may be used to process and control data and signals from/to the connected peripherals, i.e. the key reader and/or the mobile device. Moreover, the interface may further also comprise any suitable emulator that may be used to emulate the user credentials to be read by the key reader. Further, the interface, as described herein, is ready to communicate with any mobile device that has the software application, e.g. an app, connected to the remote server assembly, e.g. a cloud, and thereby to communicate the key securely.

Furthermore, when the pre-set proximity requirements are fulfilled, connection between the mobile device and the interface is established via the means for wireless communication, e.g. Bluetooth (BLE), and the generated electronic key is sent, i.e. is communicated.

When the interface receives the generated electronic key, it will forward it to the key reader via wireless communication, for example, wireless, and/or contactless, communication, e.g. RFID or NFC, or via any other suitable wireless method/standard.

The access activation system, to which the key reader is connected, will grant access to the resource depending on the generated electronic key, i.e. the user's, to which the user credential is attached, access rights.

The access rights to the resource are managed entirely by the access activation system.

The arrangement for managing, and communicating, an electronic key, as described herein, further comprises a remote server assembly, wherein the remote server assembly comprises means for communication and is, via an application programming interface (API), able to communicate with the access rights database of one or multiple access activation systems.

The remote server assembly comprises suitably server unit/s, computer storage medium unit/s, processor unit/s, database unit/s, memory unit/s, cloud unit/s, and communication unit/s. Further, the remote server assembly is able to generate electronic keys and to communicate, with, and via, clients comprising protocols, and with, and via, API/s, whereby the remote server assembly is enabled to communicate with the access rights database of one or multiple access activation systems. The API may suitably be comprised in an external (already existing or new) access system or in any other suitable system. Further, the remote server assembly suitably communicates by means of client functions, e.g. clients comprising protocols, via the API.

Further, the arrangement for managing, and communicating, an electronic key, as described herein, further comprises that the mobile device is able to communicate with the remote server assembly through a secure login, and the mobile device is, via the software application, able to communicate an electronic key, generated in the remote server assembly, to the interface.

Further, the arrangement for managing, and communicating, an electronic key, as described herein, comprises that the remote server assembly is, via said API, then able to communicate said electronic key to said access rights database, and a generated electronic key, are communicable, via said API and via said remote server assembly, to said mobile device, thereby enabling said mobile device, via the software application, to communicate the generated electronic key, and enabling said interface to be prepared to communicate the generated electronic key to said key reader of said access activation system; and wherein the interface comprises means for installation, and wherein, when the interface is installed within a distance from the key reader that enables communication of the generated electronic key from the mobile device, via the interface, to the key reader, and when the user, and the fulfilment of the pre-set proximity requirements, are detected, the access activation system is enabled to grant access to the resource to the user if authorized.

Moreover, the arrangement for managing, and communicating, an electronic key, in accordance with the present invention, and as described herein, comprises that the interface comprises means for installation, and, when the interface is installed within a distance from the key reader that enables communication of the generated electronic key from the mobile device, via the interface, to the key reader, and when the user, and the fulfilment of the pre set proximity requirements, are detected, the access activation system is enabled to grant access to the resource to the user, if authorized.

The interface, as described herein, will suitably be installed in close proximity to the key reader for it to be able to read data from the interface.

The interface, as described herein, will suitably be installed in a secure, and protected, way, for example, inside a casing near the key reader and/or, for example, inside the key reader, for example, in the reader ^' s enclosement or casing.

The interface, as described herein, makes it, surprisingly, possible to smoothly add the solution, i.e. the arrangement for managing, and communicating, an electronic key, as described herein, described herein to any access rights system that uses MIFARE- or Prox EM formatted credentials. Thus, the interface, as described herein, and the arrangement for managing, and communicating, an electronic key, as described herein, in accordance with the present invention, enables the reuse of any existing hardware and software of access right systems which saves tremendous amounts of resources and lessen the impact on environment. Further, by using electronic credentials in accordance with the interface, as described herein, and in accordance with the arrangement for managing, and communicating, an electronic key, as described herein, there will also be no need for traditional badges and plastic access cards.

In embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the electronic key concerns access rights to a resource and for its access system, wherein the access system is an access system being external to the arrangement and already existing at the resource.

The access system, which is external to the arrangement, may be an already existing access system, or may be a new access system.

In further embodiments, the access system is an already existing access system.

In still further embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the resource is selected from any type of resource, for example, an asset, e.g. an access point (e.g. a door, a speed gate, a interlock, a gate, elevator and/or locker), for example, printer access, e.g. vehicle access, e.g. ticketing functions, for example, payment functions, and/or e.g. rental functions.

In particular embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the resource is an asset.

In accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled, comprises, for example, detection systems, and/or sensors, which may be used to detect proximity, motion, range, angle or velocity of objects, i.e. here user. The detection systems, and/or sensors, may, for example, be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology, and the detection systems, and/or sensors, may, for example, comprise motion sensors and/or radar devices, e.g. comprising sensor devices, such as motion sensors devices, and/or radar devices.

In further embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection comprises detection systems, and/or sensors, for example, comprising motion sensors and/or radar devices, e.g. comprising sensor devices, such as motion sensors devices, and/or radar devices.

In even further embodiments, in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection comprises the detection systems, and/or sensors, for example, using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology.

An arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled, comprises motion sensors, or radar devices.

Further, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for detection of: a user, and if pre-set proximity requirements are fulfilled, comprises radar devices.

Furthermore, also in accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the interface is compatible with most access activation systems, especially all access activation systems comprising MIFARE formats or Prox EM formats.

An arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for communication with the key reader comprises e.g. Bluetooth, for example, encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, e.g. Radio-frequency identification (RFID), for example, near field communication (NFC), for example, Low-Power Wide-Area Networks (LPWAN) technologies, cellular technologies, Long Range (LoRa) technologies, Sigfox technologies, Long Term Evolution (LTE or LTE-M) technologies, Narrow-Band loT (NB-loT) technologies and/or, for example, short-range technologies, e.g. Wi-Fi technologies or, for example, ZigBee technologies.

Further, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the means for communication with the key reader utilises Bluetooth, for example, encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, and/or Radio-frequency identification (RFID), for example, near field communication (NFC).

In accordance with the present invention, an arrangement for managing, and communicating, an electronic key, as described herein, is disclosed, wherein the interface is placeable in a secure, and protected, way, for example, inside a casing near the key reader and/or, for example, inside the key reader.

Further, the present invention also relates to an arrangement for managing, and communicating, an electronic key, as described herein, wherein, when communication of the generated electronic key from the mobile device, via the interface, to the key reader, is not enabled, the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and the mobile device is thereby, via the software application, enabled to communicate the generated electronic key to the key reader, when the user is detected, and the access activation system is then enabled to grant access to the resource to the user if authorized.

In further embodiments in accordance with the present invention of the arrangement for managing, and communicating, an electronic key, as described herein, and in situations, when communication of the generated electronic key from the mobile device, via the interface, to the key reader, is not enabled, the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and thereby functioning as, and to be used as, an additional credential, for example, in conditions where the interface cannot be applied.

Further embodiments of the arrangement for managing, and communicating, an electronic key, in accordance with the present invention, relate to an arrangement, as described herein, wherein, when communication of the generated electronic key from the mobile device, via the interface, to the key reader, is not enabled, the software application is adapted to function with, in the mobile device built in, communication functionalities, e.g. Radio-frequency identification (RFID) emulators, for example, near field communication (NFC) emulators, and the mobile device is thereby, via the software application, enabled to communicate the generated electronic key to the key reader, when the user is detected, and the access activation system is then enabled to grant access to the resource to the user, if authorized.

The present invention also relates to a system for regulating access to a resource comprising an access system, being able to give access to the resource, wherein the access system comprises an access activation system, a key reader, an access rights database and, at least, one API, and wherein the system for regulating access to the resource further comprises an arrangement for managing, and communicating, an electronic key, as described herein.

The interface as described herein, comprised in, and/or communicating with, the system for regulating access to a resource, according to the present invention, is installed in close proximity of the access control system readers, i.e. the key readers, and possibly powered by their power supply. Specific configurations of, e.g. proximity requirements, of the system may be done in the software application, e.g. the app, or in the remote server assembly ^' s configuration tool and then pushed via mobile devices.

The interface, as described herein, wherein the interface shall be paired with the specific system, e.g. the specific customer, in the application server, i.e. the remote server assembly, by a shared digital key. Said pairing may be done with NFC technology or by configuration in a system configuration/maintenance/service application in a mobile device. The invention also relates to a method for managing and communicating an electronic key, wherein the electronic key is associated with access rights, for a user, to a resource and its access system, said method comprising the following steps: allowing a log in for said user, via a login process, to a mobile device; providing a credential for said user, thereby connecting said credential to said user, and generating an electronic key for said user, in a server assembly; transmitting said electronic key to said mobile device and to said access system further transmitting said electronic key to an interface being configured for detecting said user and for communicating with said mobile device; forwarding said electronic key to a key reader forming part of said access system; and granting access to said resource after determining, in said access system, that pre-set requirements are fulfilled by said user.

According to an embodiment, the method may comprise the following steps: detecting the presence of the user; determining if pre-set proximity requirements are fulfilled; and, if this is the case; establishing a connection between said mobile device and said interface; and transmitting said key to said interface .

An advantage with the invention is that it may be implemented and integrated in an adaptable and flexible manner in existing systems, if needed. This means that the invention may contribute to cost-effective solutions related to systems allowing access to many types of resources, for example such resources as mentioned initially. The invention can be used for example in hotels, schools, hospitals, airports, office buildings, sports centres and in connection many other types of buildings, properties, objects and scenarios in which access to different types of resources is provided.

BRIEF DESCRIPTION OF DRAWINGS

Aspects of the invention will be described in greater detail with reference to the embodiments that are shown in the drawings, in which

Figure 1 illustrates a schematic view over an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also over an embodiment of the system for regulating access to a resource, as described herein, wherein the system comprises said arrangement. Figure 2 illustrates a schematic view over an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also over an embodiment of the system for regulating access to a resource, as described herein, wherein the system comprises said arrangement.

Figure 3 is a schematic sequence diagram illustrating an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, and also an embodiment of the system for regulating access to a resource, as described herein.

Figure 4 is a schematic sequence diagram illustrating an embodiment of the arrangement for managing, and communicating, an electronic key, as described herein, in particular an embodiment for enrollment for a user.

DETAILED DESCRIPTION

The embodiments of the present invention as described in the following are to be regarded only as examples and are in no way intended to limit the scope of the present invention.

Figure 1 illustrates a schematic view over an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also over an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10).

Further, the electronic key (150) concerns access rights to a resource and for its access system (51), e.g. here an external access system (51). The arrangement (10) comprises a mobile device (20), wherein the mobile device (20) comprises a software application (21), e.g. an app, wherein the software application (21) is provided with a secure login (22) and a capability to communicate electronic keys, and means for wireless communication (23). Further, the arrangement (10) also comprises an interface (30), wherein the interface (30) comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), means for wireless communication (33), and means for communication (34) with a key reader (53) of an access activation system (52) of the access system (51), e.g. here the external access system (51). Furthermore, the arrangement (10) also comprises a remote server assembly (40), wherein the remote server assembly (40) comprises means for communication and is, via an application programming interface (API) (50), able to communicate with an access rights database (55) of the access activation system (52). A user (200) is able to log in to the software application (21) via a secure login service, i.e. the secure login (22). Further, the user (200) is paired with an existing user in the access rights database (55) of the access system (51). The software application (21) compares the information from the secure login service with the information already in the access rights database (55). A new credential, and an electronic key (150), are generated in the remote server assembly (40) and devoted to said user (200). The electronic key (150) is then sent to the user ^' s mobile device (20) and added as an electronic key devoted to the user (200) in the access system (51) via an API (50). The software application (21), being installed on the mobile device (20), enables functions comprising establishing a connection with the remote server assembly (40) through internet, and/or intranet, connections; handling secure login (22) procedure via connected service, and storing user credential generated via the secure login (22); adding user to the remote server assembly (40); storing credential, generated in the remote server assembly (40), and electronic key (150), for Bluetooth, e.g. encrypted Bluetooth, for example, Bluetooth low energy (BLE), e.g. encrypted BLE, connection; activating the mobile device (20) to connect with interfaces when in reach; establishing connection with interface (30) via Bluetooth or BLE; sending user credential, generated via the secure login (22), to the remote server assembly (40); communicating, i.e. sending, generated electronic key (150) to interface (30); and/or logging and transmitting user actions and interface status to the remote server assembly (40).

Further in Figure 1, the arrangement (10) for managing, and communicating, an electronic key (150), comprises an interface (30), wherein the interface comprises means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), means for wireless communication (33), and means for communication (34) with a key reader (53) of an access activation system (52). The means for detection of: a user and if pre-set user proximity requirements are fulfilled (31), comprises detection systems (31), and/or sensors (31), which is used to detect proximity, motion, range, angle or velocity of objects, i.e. here user (200). The detection systems (31), and/or sensors (31), may be using infrared (IR), optics, radar (e.g. UWB), ultrasound or sound technology. Further, the interface (30) comprises means for wireless communication (33) comprising a Bluetooth interface which is used to communicate with the mobile device (20). The interface (30) communicates with the mobile device (20) comprising the software application, here the app, (21), being connected to the remote server assembly (40), e.g. a cloud, and thereby communicates the electronic key (150) securely.

Furthermore, when the pre-set proximity requirements are fulfilled (31), connection between the mobile device (20) and the interface (30) is established via the means for wireless communication (33), e.g. Bluetooth (BLE), and the generated electronic key (150) is sent, i.e. is communicated.

When the interface (30) receives the generated electronic key (150), it will forward it to the key reader (53) via means for communication (34), e.g. via means for wireless communication (34).

The access activation system (52), to which the key reader (53) is connected, grants access (160) to the resource depending on the generated electronic key (150), i.e. the user's (200), to which the user credential is attached, access rights.

In summary, and according to an aspect of this disclosure, a method is provided for managing and communicating an electronic key 150, wherein the electronic key 150 is associated with access rights, for a user 200, to a resource and its access system 51, said method comprising the following steps:

- allowing a log in for said user 200, via a login process, to a mobile device 20;

- providing a credential for said user 200, thereby connecting said credential to said user 200, and generating an electronic key 150 for said user 200, in a server assembly 40;

- transmitting said electronic key 150 to said mobile device 20 and to said access system 51

- further transmitting said electronic key 150 to an interface 30 being configured for detecting said user 200 and for communicating with said mobile device 20;

- forwarding said electronic key 150 to a key reader 53 forming part of said access system 51; and - granting access to said resource after determining, in said access system 51, that pre-set requirements are fulfilled by said user 200.

The term "credential" refers to a set of data which is related to the electronic key 150 and the user 200. According to an embodiment, the access system 51 is consequently configured for granting access for the user 200. The electronic key 150 is transmitted to the key reader 53 of the access system 51 for determining whether the user 200 in question should be granted access to the resource. This means that decisions regarding said access is normally not taken within the interface 30. Preferably, the method may comprise the following steps:

- detecting the presence of the user 200;

- determining if pre-set proximity requirements are fulfilled; and, if this is the case;

- establishing a connection between said mobile device 20 and said interface 30; and

- transmitting said key 150 to said interface 30. According to an embodiment, the interface 30 is configured for detecting the presence of the mobile device 20 of the user 200. According to a further embodiment, the mobile device 20 can also be configured for detecting the presence of the interface 30.

The electronic key 150 can be transmitted to the interface 30 either after the proximity requirements have been detected, or can alternatively be transmitted to the interface 30 before the proximity requirements have been actuated.

Furthermore, when detection of the user 200 in proximity to the interface 30 has been detected and established, the electronic key 150 is transmitted from the interface 30 to the key reader 53 in the access system 51 in order to grant access to the resource if the user 200 is authorized for such access. The above-mentioned interface 30 is configured to operate as a bridge for communication between the mobile device 20 and the interface 30, and also for communication between the interface 30 and the access system 51. In this manner, the interface 30 bridges the connection for the user 200, via the mobile device 20 and the interface 30, to the access system 51 and the access activation system 52 so as to obtain access to the resource in question. In particular, and according to an embodiment, the interface 30 is configured for detecting whether the user 200 is physically close to the interface 30 and is configured for transmitting the electronic key 150 to the key reader 53 if the pre-set proximity requirements are met by the user 200.

An advantage of this bridging function of the interface 30 is that it can be added to an existing access rights system for virtually any type of resource, providing the functionality of electronic keys, to which access could be granted if pre-determined requirements are met. This contributes to a cost-effective solution for granting access to said resource.

A further advantage of the arrangement and method according to this disclosure is that it may be used alongside an existing resource access system, which for example may be based on physical key cards which are used for unlocking the resources via said key reader. This makes it possible to enable a possibility to use both electronic keys and physical keys at the same time and in the same resource access system.

Figure 2 illustrates a schematic view over an embodiment of an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also over an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10), all as in Figure 1. However in Figure 2, it is further illustrated that the user (200) utilises a biometric identification in the mobile device (20), and that the user (200) then approaches the resource, key reader (53) and the interface (30). Here it is illustrated that the mobile device (20) and the interface (30) are comprised in the arrangement (10) for managing, and communicating, an electronic key (150). The remote server assembly (40), also comprised in the arrangement (10), is not shown in Figure 2.

Furthermore, and according to an embodiment, the interface 30 is suitably configured so as to be integrated within an existing resource access system 51. More precisely, the interface 30 can be positioned within the key reader 53 and be connected to the same voltage supply as the key reader 53. Being arranged in such manner, the interface 30 can be configured by a technician as regards for example detection of the presence of users 200 and similar parameters. The interface 30 can also be connected to other systems within this concept so as to provide the functionality described above.

Figure 3 is a schematic sequence diagram illustrating an embodiment of the arrangement (10) for managing, and communicating, an electronic key (150), as described herein, and also an embodiment of the system (100) for regulating access to a resource, as described herein, wherein the system (100) comprises said arrangement (10), all as in Figures 1 and 2. Figure 3 thus illustrates an exemplified embodiment of the sequence for regulating access to a resource in connection to the arrangement (10), and to the system (100), both in accordance with the present invention.

Further in Figure 3, the sequence between the user (200), "the mobile device (20)/ the software application (21)" (Mobile device/app (20, 21)), the remote server assembly (Remote server) (40), the interface (30) and the access system (External access system) (51), is shown. Here it is further shown that the access system (External access system) (51) comprises a key reader (Reader) (53) and a "Central unit".

Figure 4 teaches a schematic sequence diagram illustrating an embodiment of the arrangement and method for managing, and communicating, an electronic key 150, as described herein. In particular, Figure 4 teaches an enrollment process in which a user 200 may provide user information in a login process, after which user information is transmitted to the remote server 40, in which an electronic key 150 is generated. Furthermore, the electronic key 150 can be transmitted to the access system 51 (in an external system) and also to the mobile device 20.