US20230206706A1 - Smart building integration and device hub - Google Patents
Smart building integration and device hub Download PDFInfo
- Publication number
- US20230206706A1 US20230206706A1 US18/119,955 US202318119955A US2023206706A1 US 20230206706 A1 US20230206706 A1 US 20230206706A1 US 202318119955 A US202318119955 A US 202318119955A US 2023206706 A1 US2023206706 A1 US 2023206706A1
- Authority
- US
- United States
- Prior art keywords
- smart
- access
- access control
- credential
- devices
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000010354 integration Effects 0.000 title 1
- 238000000034 method Methods 0.000 claims abstract description 64
- 238000004891 communication Methods 0.000 claims description 66
- 238000003860 storage Methods 0.000 claims description 50
- 230000008569 process Effects 0.000 claims description 33
- 230000015654 memory Effects 0.000 claims description 28
- 238000012545 processing Methods 0.000 claims description 17
- 239000011159 matrix material Substances 0.000 claims 2
- 230000009471 action Effects 0.000 abstract description 66
- 238000007726 management method Methods 0.000 description 36
- 238000010586 diagram Methods 0.000 description 30
- 238000012806 monitoring device Methods 0.000 description 27
- 230000001413 cellular effect Effects 0.000 description 25
- 230000006870 function Effects 0.000 description 16
- 238000005516 engineering process Methods 0.000 description 14
- 238000012795 verification Methods 0.000 description 14
- 238000012384 transportation and delivery Methods 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 10
- 230000000694 effects Effects 0.000 description 9
- 238000012546 transfer Methods 0.000 description 9
- 238000012544 monitoring process Methods 0.000 description 8
- 238000004519 manufacturing process Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 6
- 230000001276 controlling effect Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 6
- 230000006855 networking Effects 0.000 description 5
- 230000005291 magnetic effect Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- FDQGNLOWMMVRQL-UHFFFAOYSA-N Allobarbital Chemical compound C=CCC1(CC=C)C(=O)NC(=O)NC1=O FDQGNLOWMMVRQL-UHFFFAOYSA-N 0.000 description 3
- 230000004913 activation Effects 0.000 description 3
- 230000002238 attenuated effect Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 230000001105 regulatory effect Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000004308 accommodation Effects 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000010438 heat treatment Methods 0.000 description 2
- 230000000670 limiting effect Effects 0.000 description 2
- 229920000642 polymer Polymers 0.000 description 2
- 238000009420 retrofitting Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- FMFKNGWZEQOWNK-UHFFFAOYSA-N 1-butoxypropan-2-yl 2-(2,4,5-trichlorophenoxy)propanoate Chemical compound CCCCOCC(C)OC(=O)C(C)OC1=CC(Cl)=C(Cl)C=C1Cl FMFKNGWZEQOWNK-UHFFFAOYSA-N 0.000 description 1
- 241000447437 Gerreidae Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000004378 air conditioning Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 230000005236 sound signal Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000007306 turnover Effects 0.000 description 1
- 238000012559 user support system Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B15/00—Systems controlled by a computer
- G05B15/02—Systems controlled by a computer electric
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00571—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00896—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
- G07C9/00904—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses for hotels, motels, office buildings or the like
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/215—Individual registration on entry or exit involving the use of a pass the system having a variable access-code, e.g. varied as a function of time
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2807—Exchanging configuration information on appliance services in a home automation network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2816—Controlling appliance services of a home automation network by calling their functionalities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/14—Systems for two-way working
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/26—Pc applications
- G05B2219/2642—Domotique, domestic, home control, automation, smart house
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/18—Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
Definitions
- the present invention relates to smart devices, and more particularly to smart building systems that integrate access point and smart device systems.
- Smart access control systems can implement smart access control devices, electronic door activating hardware, and a backend system that together can manage credentials and authorizations.
- the readers receive credentials from users (for example, via a mobile device) and determine whether that user is authorized to perform its desired action, e.g., be allowed access to a particular area. If it is determined that the user is authorized to perform its desired action, the access control device or an associated access device can unlock the electronic door activating hardware.
- Smart devices can include, for example, devices that are capable of being controlled remotely through a networking protocol, such as, but not limited to Internet Protocol (IP), Bluetooth, Zigbee, or Z-wave.
- IP Internet Protocol
- Bluetooth Bluetooth
- Zigbee Zigbee
- Z-wave Z-wave
- FIGS. 1 A- 1 B are diagrams showing system architectures for smart building and home systems, according to some embodiments.
- FIG. 2 is a diagram showing an example implementation of a smart building system, according to some embodiments.
- FIGS. 3 A- 3 D are diagrams representing the contents of credentials, according to some embodiments.
- FIGS. 4 A- 4 B show a credential verification process and token for the same, according to some embodiments.
- FIG. 5 is a flow diagram showing a verification process for a plurality of credentials, according to some embodiments.
- FIG. 6 is a flow diagram showing a process for pairing one or more smart devices with a hub, according to some embodiments.
- FIG. 7 is a flow diagram showing a move in process for a building, according to some embodiments.
- FIG. 8 is a block diagram showing a beacon-based access system, according to some embodiments.
- FIGS. 9 A- 9 D are block diagrams showing operation of beacon-based access systems, according to some embodiments.
- FIG. 10 is a block diagram showing a beacon-based access system, according to some embodiments.
- FIG. 11 is a block diagram of a smart lock, according to some embodiments.
- FIG. 12 is a block diagram of a smart intercom, according to some embodiments.
- FIG. 13 is a block diagram of a smart hub, according to some embodiments.
- FIG. 14 is a block diagram of a smart access reader, according to some embodiments.
- FIG. 15 is an example of a system in accordance with embodiments discussed herein.
- FIG. 16 is an example of a processing flow in accordance with embodiments discussed herein.
- FIG. 17 is an example of a processing flow in accordance with embodiments discussed herein.
- an integrated smart building access and smart device system allows for a centralized credentialing process to provision and administer operation of access points and smart devices.
- Embodiments of the present disclosure increase operational efficiency, reduce errors from maintaining user information in multiple systems, increase security, reduce energy costs by allowing property managers to regulate the temperature of unoccupied areas, and provide users with unique amenities that can be costly or burdensome to administer without centralized credentialing.
- users of the system can control, manage, and gain access to access points and devices using a single interface, such as an application or web interface.
- FIG. 1 A is a diagram showing a system architecture for a smart building system, according to some embodiments.
- the smart building system can include one or more of a cloud-based computing system 100 , at least one smart access control device 110 , at least one beacon 115 , at least one access device 120 , at least one NFC or RFID reader 130 , at least one intercom 140 , at least one monitoring device 150 , at least one mobile device 160 , at least one access card 165 , at least one voice-over-IP (VOIP) network 170 , at least one video management system (VMS) network 175 , a management gateway 180 , at least one smart hub 190 , at least one smart device 195 , a third party cloud based computing system 101 , or at least one beacon 196 .
- VOIP voice-over-IP
- VMS video management system
- cloud-based computing system 100 includes one or more remote servers that can communicate with remote devices over a communications pathway, such as the internet or a cellular network.
- Cloud-based computing system 100 can store information about users of the smart building system, connect with a management gateway 180 to provide for management of the smart building system, and provide access and sharing privileges (e.g., via provisioning of credentials) for usage of the smart building system.
- Management gateway 180 can be any type of computing device such as, but not limited to a desktop or laptop computer, a smart phone, a tablet, a server, etc.
- Cloud-based computing system 100 can further provide monitoring and/or alert functionalities, as described in more detail below.
- the smart building system can include one or more access technologies that permit access to access points (such as doors) in the smart building systems based on credentials generated by the cloud-based computing system 100 .
- one or more smart access control devices 110 can include an integrated electronically actuated lock, which locks or unlocks upon receiving and authenticating a valid credential generated by cloud-based computing system 100 .
- a separate remote card or signal reader such as an NFC or RFID reader 130 (e.g., at a garage door or elevator) can provide information to an access control device 110 to determine whether an entrant (e.g., into a garage or elevator) is authorized.
- a separate access device 120 such as a control panel on an elevator or an automatic garage door opener can receive a credential from the NFC or RFID reader 130 and/or access control device 110 and provide for access to other access points such as a garage door or elevator, respectively, upon authentication of the valid credential.
- a beacon 115 can be associated with a smart access control device 110 , an access device, or both. As described in more detail below, the beacon 115 can contain information to assist with gaining access to the access point.
- the beacon 115 can be a near field communication (NFC) tag, a QR code, BLE device, or other physical beacon that allows for encoding a link to tell the system what action to perform.
- NFC near field communication
- FIG. 11 is a block diagram of a smart lock 1100 , according to some embodiments.
- the smart lock 1100 can include a processor/storage module 1110 , an array of communication interfaces including transceivers (e.g., NFC transceiver 1120 , cellular network transceiver 1122 , BLE transceiver 1124 , and/or RF/WiFi transceiver 1126 ), a USB interface 1128 (or other serial bus), a touch-sensitive interface 1142 , a serial interface 1140 , a locking assembly (e.g., including a motor controller 1132 , a motor 1134 , and deadbolt 1136 ), a battery 1154 , and/or a power management module 1152 .
- transceivers e.g., NFC transceiver 1120 , cellular network transceiver 1122 , BLE transceiver 1124 , and/or RF/WiFi transceiver 1126
- the processor/storage module 1110 can include instructions thereon that, when executed, cause it to perform the functions discussed throughout the present disclosure.
- the processor/storage module 1110 can be configured to receive or transmit information via one of NFC transceiver 1120 , cellular network transceiver 1122 , BLE transceiver 1124 , RF/WiFi transceiver 1126 , and/or USB interface 1128 .
- the processor/storage module 1110 can be configured to instruct the motor controller 1132 to control the motor 1134 to unlock the deadbolt 1136 .
- the processor/storage module 1110 can be configured to identify the presence or absence of a person or object using information from a serial interface 1140 , such as a camera, or proximity sensing using the touch interface.
- the processor/storage module 1110 can be configured to receive user input via a touch interface 1142 .
- the processor/storage module 1110 can be configured to instruct power management module 1152 to control the battery 1154 and use thereof to power any of the elements in the smart lock 1100 .
- the features and components of the smart hub 1300 may be integrated into an access control device 110 , such as smart lock 1100 .
- the smart lock 1100 may operate as a smart hub, as discussed herein.
- FIG. 14 is a block diagram of a smart access reader 1400 , according to some embodiments.
- the smart access reader 1400 can include a processor/storage module 1410 , an array of communications transceivers (e.g., NFC transceiver 1420 , BLE transceiver 1424 , and/or RF/WiFi transceiver 1426 ), an ethernet interface 1478 , a communications bus 1494 , a relay output 1484 controlled by a relay controller 1482 , touch interface 1499 , and/or a power input 1454 regulated by power management module 1452 .
- the processor/storage module 1410 can include instructions thereon that, when executed, cause it to perform the functions discussed throughout the present disclosure.
- the processor/storage module 1410 can be configured to receive or transmit information via one of NFC transceiver 1420 , BLE transceiver 1424 , RF/WiFi transceiver 1426 , and/or ethernet interface 1478 .
- the processor/storage module 1410 can be configured to instruct relay controller 1482 to control a relay output 1484 to actuate a relay in another device.
- the processor/storage module 1410 can be configured to receive or transmit information via communications bus 1494 , for example to tell an elevator which floors can be accessed.
- the processor/storage module 1410 can be configured to instruct power management module 1452 to control and/or monitor the power input 1454 and use thereof to power any of the elements in the smart access reader 1400 .
- the smart access reader 1400 can receive user input, such as a PIN or password, via a touch interface 1499 in communication with the processor/storage module 1410 .
- the processor/storage module 1410 can process the received input, for example as described throughout the present disclosure.
- an intercom 140 can be installed at one or more access points.
- Intercom 140 can be any type of intercom, including, but not limited to a virtual intercom or a smart intercom.
- Intercom 140 can monitor an access point, for example by providing audio and/or video monitoring, and provide remote access to monitoring data for security, authentication, or other purposes.
- FIG. 12 is a block diagram of a smart intercom 1200 , according to some embodiments.
- the smart intercom 1200 can include a processor/storage module 1210 , an array of communications transceivers (e.g., cellular network transceiver 1222 , BLE transceiver 1224 , RF/WiFi transceiver 1226 ), a USB interface 1228 , an ethernet interface 1278 , a power input 1254 regulated by power management module 1252 , a sensor block 1246 , a microphone and speaker 1242 (which may be separate elements), a serial interface 1240 , and/or a display and button interface 1260 controllable by a display & button controller 1262 .
- a processor/storage module 1210 an array of communications transceivers (e.g., cellular network transceiver 1222 , BLE transceiver 1224 , RF/WiFi transceiver 1226 ), a USB interface 1228 , an ether
- the processor/storage module 1210 can include instructions thereon that, when executed, cause it to perform the functions discussed throughout the present disclosure.
- the processor/storage module 1210 can be configured to receive or transmit information via one of cellular network transceiver 1222 , BLE transceiver 1224 , RF/WiFi transceiver 1226 , USB interface 1228 , and/or ethernet interface 1278 .
- the processor/storage module 1210 can be configured to receive user input via the display and button interface 1260 controllable by a display & button controller 1262 .
- the processor/storage module 1210 can be configured to display information, images, or video via the display and button interface 1260 controllable by a display & button controller 1262 .
- the processor/storage module 1210 can be configured to receive input via the serial interface 1240 , such as image data from a camera.
- the processor/storage module 1210 can be configured to receive audio input via the microphone of the microphone and speaker 1242 .
- the processor/storage module 1210 can be configured to cause the speaker of microphone and speaker 1242 to emit an audio signal.
- the processor/storage module 1210 can be configured to receive input from sensors of the sensor block 1246 .
- the processor/storage module 1210 can be configured to instruct power management module 1252 to control and/or monitor the power input 1254 and use thereof to power any of the elements in the smart intercom 1200 .
- the smart building system can include one or more monitoring devices 150 that monitor an access point or area associated with the smart building system.
- Monitoring devices 150 can be any type of monitoring device such as, but not limited to a camera (for capturing image or video data), a microphone (for capturing audio data), an infrared sensor, a motion sensor, a radar detector, water sensor (for leak detection), contact sensor (for sensing when doors or windows are opened, etc.
- monitoring device 150 can be used to compile additional data on access attempts.
- monitoring devices 150 implemented as radar detectors can be configured to monitor traffic patterns within a building
- a monitoring device 150 can be integral with an access control device, such as a smart lock with Bluetooth Low Energy (BLE) capabilities.
- BLE Bluetooth Low Energy
- an integral radar sensor can detect moving objects and check for correlations with BLE proximity unlocking attempts. If an object is detected with no correlating unlocking attempt, an event can be logged (as described in more detail below) indicating a potential unauthorized access attempt.
- a radar detector can further identify obstructions in proximity to the access control device that may interfere with a wireless signal to be emitted by the access control device, such as an RF or wireless signal. The access control device or device can then adjust the strength of the emitted wireless signal and/or notify an installer of the potential interference.
- a user can gain access to an access point and other elements in the smart building system by using one or more of a mobile device 160 , an access card 165 , or a door code.
- Mobile device 160 can receive one or more credentials from the cloud-based computing system 100 and provide the one or more credentials to an element in the smart building system in order to gain access.
- using the cloud-based computing system 100 to control credential generation for multiple components in the system can provide a number of benefits.
- an apartment building manager when implemented in an apartment building, can seamlessly control access to common areas in the apartment building, manage access to apartments and smart devices contained therein, monitor access throughout the apartment building including access to common or shared devices or areas for security purposes, monitor usage and problems with smart appliances, share management privileges or portions thereof with others using the smart building system (e.g., permit tenants to manage guest access), show available units to potential tenants without requiring a manager to be present, facilitate apartment turnover, facilitate maintenance or service provider access to particular areas and/or devices/appliances, etc.
- the smart building system e.g., permit tenants to manage guest access
- facilitate apartment turnover facilitate maintenance or service provider access to particular areas and/or devices/appliances, etc.
- users of the smart building system can use a single application on their mobile device to access their apartment, common areas, and shared smart devices; permit guest or service provider access to devices or areas, control and manage smart home devices, monitor smart home devices and areas to which the user has access, etc.
- one or more of the access technologies can also have backward compatibility with credentials that were not generated by the cloud-based computing system 100 .
- the NFC or RFID reader 130 or smart access control device 110 can be configured to accept a credential from an access card 165 that was previously used in a building before the smart building system was installed.
- an existing access control device can be replaced with a smart access control device as described in more detail in U.S. Pat. Application Serial No. 15/342,911 titled “Systems and methods for controlling access to physical space.”
- An access card 165 used with the previous access reader can then be used with the smart access controller.
- mobile device 160 can receive credentials for a particular access point, such as NFC or RFID reader 130 or access control device (smart lock) 110 , from the cloud-based computing system 100 or by reading an RFID access card 165 .
- Mobile device 160 or access card 165 can provide a credential to NFC or RFID reader 130 to gain access to an access point.
- the NFC or RFID reader 130 may receive the credential and may provide the credential to the access control device 110 using, for example, a Wiegand code, which can then unlock an integral smart lock or instruct another access device 120 to provide access via another Wiegand code.
- the NFC or RFID reader 130 may provide the communicate with the access control device 110 via a wireless (WiFi, Bluetooth, NFC, etc.) and/or wired connection. While the present disclosure discusses the use of Wiegand codes for many different applications, other protocols, such as but not limited to IP, can be used in place thereof.
- a mobile device 160 may present a credential directly to an access control device access control device 110 using, for example, Bluetooth, NFC, WiFi, cellular network communication (e.g., SMS), or other connection type or combination thereof. If the access control device access control device 110 is a smart lock, it can unlock the access point upon authenticating the valid credential. In some embodiments, the access control device access control device 110 instructs another access device 120 , such as an elevator or garage door, to provide access to an access point, for example by transmitting a Wiegand code over a wired or wireless connection.
- another access device 120 such as an elevator or garage door
- a user can provide access to an access point remotely.
- the user can use a user mobile device 160 to request that access control device access control device 110 provide access, either by unlocking an integral electrically actuated lock or instructing an access device 120 to provide access.
- a user can use an application or web terminal on the mobile device 160 to transmit to the cloud-based computing system 100 a request to provide access.
- the request can be transmitted over a WiFi, cellular network, or other type of connection or any combination thereof.
- the cloud 100 can then provide a valid credential to the access control device access control device 110 , for example via a WiFi or cellular network connection or combination thereof, which will then provide access to the access point upon authenticating the valid credential.
- the mobile device 160 can provide the credential directly to the access control device access control device 110 via a BLE, NFC, WiFi, cellular network, or other connection or combination thereof to provide access to the access point.
- the smart building system can also facilitate requests for access, according to some embodiments.
- a service provider or guest may arrive at the access point and request access via, for example, the intercom 140 .
- Intercom 140 can collect and relay data, including video data, audio data, and user input relating to the request for access to the cloud-based computing system 100 via, for example, an ethernet, WiFi, cellular network, or other connection type or combination thereof for storage and/or transmission to the user mobile device 160 .
- the information can be relayed to a third party, such as a concierge, who can initiate a two-way video call with the visitor to welcome the visitor to the building or ask questions of the visitor to determine whether access should be granted.
- the cloud-based computing system 100 and/or the intercom 140 can transmit at least some of the data to the user mobile device 160 to indicate that a guest has arrived at the building and is requesting access.
- data is transmitted via a VOIP network 170 or VMS network 175 .
- the user can transmit video, audio, or other data from the user mobile device 160 to the intercom 140 via similar connections, such as WiFi, cellular network, VOIP network 170 , VMS network 175 , or any other type of connection type or combination thereof, which can be displayed to the guest.
- Data can optionally be stored on the cloud-based computing system 100 .
- the user can request, via the user mobile device 160 , either directly to the access control device 110 , via the intercom’s 140 connection to the access control device, or via the cloud-based computing system 100 to either the intercom or reader that the guest be provided access.
- the user can request that the cloud-based computing system 100 provide a credential to the guest that can then be provided to the access control device 110 to gain access to the access point.
- the requested credential can be transmitted to a mobile device of the guest.
- the guest credential can include additional credentials relating to other access points and devices in the building in order to enable the guest to fulfil the purpose of the visit.
- data collected via an intercom 140 and/or user mobile device 160 can be provided to the management gateway 180 , for example via VMS network 175 or through the cloud-based computing system 100 .
- the intercom 140 can be a virtual intercom 140 .
- the virtual intercom can be implemented as a QR code or another indication or coded link, on a user mobile device 160 (e.g., a guest’s mobile device), or method for accessing a virtual intercom interface on the web or through an application on the user mobile device 160 .
- the guest simply looks up a virtual intercom on a mobile application or website by entering in the address of the building.
- the guest can contact the recipient (e.g., an occupant of the building associated with the virtual intercom 140 ) via a plurality of methods, including, but not limited to, placing an IP call (e.g., using audio or video), sending a text message to the recipient, POTS call, or otherwise notifying the recipient that the guest is seeking access to the access point.
- placing an IP call e.g., using audio or video
- sending a text message to the recipient e.g., using audio or video
- monitoring device 150 in the smart building system can provide data to one or more of the cloud-based computing system 100 , the management gateway 180 , and the user mobile device 160 . As shown in FIG. 1 A , in some embodiments this information can be provided via a connection such as VMS network 175 , Bluetooth, WiFi, or Zigbee, either directly to the management gateway 180 or user mobile device 160 , or to the cloud-based computing system 100 .
- the user or manager may access data stored on the cloud-based computing system 100 in accordance with permissions. For example, if a monitoring device 150 is installed in a user’s apartment, only the user may be able to gain access.
- the manager is the only entity permitted to access data in the cloud-based computing system 100 from a monitoring device 150 installed in a common area of the building.
- the cloud-based computing system 100 can be configured to give a tenant access to monitoring data under certain limited conditions, such as when the user has recently permitted guest access or when there is a suspected break-in.
- the smart building system can include one or more smart devices 195 .
- Smart devices can include, but are not limited to, smart thermostats, smart outlets, smart home appliances, smart speakers, smart exercise equipment, smart leak detectors, smart shades, etc.
- Smart devices can interface with other elements in the smart building system, such as a smart hub 190 , to receive commands or data, transmit data, receive information about user preferences, etc.
- smart devices 195 can be associated with a particular area within the smart building system. For example, a credential generated by the cloud-based computing system 100 can be used to determine access to the smart devices 195 , and/or to determine which users have permissions to control particular settings or attributes of the smart devices 195 .
- the access control device 110 can perform both the functions of the access control device 110 and smart hub 190 .
- credentials are broken down into a sub-unit level. For example, in a shared dorm room, all residents may have access to a common smart thermostat, while only some may have access to smart lights in each respective dorm room.
- FIG. 13 is a block diagram of a smart hub 1300 , according to some embodiments.
- the smart hub 1300 can include a processor/storage module 1310 , an array of transceivers (e.g., cellular network transceiver 1322 , BLE transceiver 1324 , WiFi transceiver 1326 , Zigbee transceiver 1372 , Z-wave transceiver 1374 ), an ethernet interface 1378 , and/or a power input 1354 regulated by power management module 1352 .
- the processor/storage module 1310 can include instructions thereon that, when executed, cause it to perform the functions discussed throughout the present disclosure.
- the processor/storage module 1310 can be configured to receive or transmit information via one of cellular network transceiver 1322 , BLE transceiver 1324 , RF/WiFi transceiver 1326 , USB interface 1328 , ethernet interface 1378 , Zigbee transceiver 1372 , and/or Z-wave transceiver 1374 .
- the processor/storage module 1210 can be configured to instruct power management module 1352 to control and/or monitor the power input 1354 and use thereof to power any of the elements in the smart hub 1300 .
- the third-party cloud-based computing system 101 can be associated with a third party that sells, manufactures, or is otherwise associated with one or more particular smart devices 195 or access control devices 110 (e.g., smart locks). As described in more detail below, the third-party cloud-based computing system 101 can be involved in gaining access to or otherwise controlling smart devices 195 . Third-party cloud-based computing system 101 can communicate with different elements in the smart building system such as, but not limited to the mobile device 160 and/or the cloud-based computing system 100 .
- the third-party cloud-based computing system 101 can communicate with the mobile device 160 , the cloud-based computing system 100 , an smart device 195 , an access control device 110 , or any combination thereof via, for example, a wireless or wired internet connection or a cellular network.
- access control device any combination thereof via, for example, a wireless or wired internet connection or a cellular network.
- particular areas can be associated in the cloud-based computing system 100 with a smart hub 190 or access control device 110 associated with and/or integrated with the smart hub 190 .
- Associating Smart hubs with particular areas, such as apartments can streamline smart building management, monitoring, and access functions. For example, when a user or manager requests (e.g., via user mobile device 160 or management gateway 180 ) that cloud-based computing system 100 provide to a user access credentials to an area, such as, but not limited to a guest, service provider, new tenant, the user or manager can also request cloud-based computing system 100 to coordinate credentialing for smart devices 195 associated with the area.
- an area such as, but not limited to a guest, service provider, new tenant
- the smart hub 190 or access control device 110 can communicate wirelessly (for example, over Bluetooth, a wireless network, Zigbee, or a cellular network) with the smart devices 195 .
- smart hub 190 or access control device 110 can serve as a WiFi hotspot that provides local area WiFi networking for the area (e.g., apartment or common space) by broadcasting an internet connection received via an ethernet, WiFi, or cellular connection.
- communications between the smart device 195 and the smart hub 190 or access control device 110 can include, but are not limited to providing commands, providing software updates, providing settings changes, transmitting data, etc. Communications can be sent using a variety of formats or standards, including, but not limited to Zigbee or Bluetooth.
- the smart hub 190 or access control device 110 can communicate with the cloud-based computing system 100 to receive or transmit communications, or directly with the user mobile device 160 .
- the smart home devices 195 can communicate directly with cloud-based computing system 100 , for example via a WiFi, a cellular network, or any other communication type.
- a beacon 196 can be associated with a smart home device 195 . As described in more detail below, the beacon 196 can contain information to assist with gaining access to or controlling the smart home device 195 .
- the beacon 196 can be a near field communication (NFC) tag, a QR code, BLE device identifier, RFID tag, or other physical beacon (e.g., an image with encoded data or an audio beacon broadcasting a link via audible or ultrasonic code) that allows for encoding a link to tell the system what action to perform.
- NFC near field communication
- QR code QR code
- BLE device identifier BLE device identifier
- RFID tag or other physical beacon (e.g., an image with encoded data or an audio beacon broadcasting a link via audible or ultrasonic code) that allows for encoding a link to tell the system what action to perform.
- the manager or user when a manager or user requests that a guest receive temporary access to one or more access points in the building, because the cloud-based computing system 100 is responsible for all credentialing across the smart building system, the manager or user can more easily provide appropriate credentials for all access points and devices related to that guest’s visit.
- the tenant can request that the cloud-based computing system 100 provide credentials to the technician that allow for access to any access point leading up to the tenants apartment, the access point to the tenants apartment, and to change settings on the smart thermostat that controls the broken heating system all from one application on the user mobile device 160 of the technician, and without requiring the technician to seek separate credentials relating to each access point or smart device involved in the visit.
- each credential can be coordinated on the same time frame and in a way that works together (e.g., the credential for changing settings on the smart thermostat is only valid after use of a credential to enter the apartment) to increase security, ease of access, etc.
- a building manager can easily instruct cloud-based computing system 100 to transfer privileges to a new tenant, including privileges to access an access control reader 110 such as a smart lock, and all associated smart home devices including fixtures like smart appliances, smart thermostats, etc.
- an access control reader 110 such as a smart lock
- all associated smart home devices including fixtures like smart appliances, smart thermostats, etc.
- building managers can more easily manage their buildings.
- users of the system can more easily share access to their properties and/or devices to guests, such as friends or those visiting for a short-stay accommodation. Users can gain, grant, and exercise access to multiple different locations using the same interface.
- Smart home control permissions can also automatically and/or temporarily transfer from a host to a guest in a short-stay accommodation, preserving the Guest’s privacy and security without granting carte blanche access by the host.
- security measures are put in place whenever a credential is transmitted from one element to another.
- transport of credentials over a public network can be conducted using a transport layer security (TLS) protocol, or equivalent protocol.
- TLS transport layer security
- an exception can be made for BLE transfers (or Zigbee, Z-wave, NFC) executed for unlocking events.
- all credentials stored on mobile devices and/or in other elements are stored in an encrypted state. When in use (e.g., when transmitted for validation) other encryption and security techniques can be used.
- FIG. 1 B is a diagram showing a system architecture for an individual smart home system, according to some embodiments.
- a smart home system can include similar elements to the smart building system and operate similarly to the operation described above.
- the functionality of intercom 140 can be transferred to the access control device 110 , which can, for example, record video or audio of a guest at an access point and provide such data to the cloud-based computing system 100 and/or the user mobile device 160 in order to determine whether to grant access to the guest and/or for security purposes.
- Access control device 110 such as a smart lock, can still act as a smart home hub, thereby facilitating access to other connected devices in the individual smart home system and provisioning of access to guests and service providers, lessees, or new owners after sale of the home.
- both individual smart home systems e.g., that shown in FIG. 1 B
- smart building systems e.g., that shown in FIG. 1 A
- cloud-based computing system 100 can interface with users and managers to gain and transfer access to both access points and associated smart devices.
- FIG. 2 is a diagram showing an example implementation of a smart building system, according to some embodiments. While the elements in FIG. 2 are discussed in relation to an implementation in an apartment building, a person of ordinary skill in the art would understand from the present disclosure that a smart building system can be implemented in any type or types of building, such as, but not limited to office buildings, single-resident buildings, hotels, governmental buildings, academic buildings, dormitories, transportation buildings (e.g., airports or bus stations), etc.
- the smart building system is installed in an apartment building 200 having one or more areas such as, but not limited to, an entry point (main entrance) 201 , a garage entrance 209 , a common area 206 , a restricted common area 207 , an elevator 208 , a management area 204 , and one or more residences 202 , 203 .
- an entry point main entrance
- a garage entrance 209 common area
- a restricted common area 207 a restricted common area 207
- an elevator 208 a management area 204
- residences 202 , 203 As shown in the example of FIG. 2 , in some embodiments, the smart building system is installed in an apartment building 200 having one or more areas such as, but not limited to, an entry point (main entrance) 201 , a garage entrance 209 , a common area 206 , a restricted common area 207 , an elevator 208 , a management area 204 , and one or more residences 202 , 203 .
- each of the entry point 201 , restricted common area 207 (such as a gym), a management area 204 , elevator 208 , garage entrance 209 , and residences 202 , 203 have an access point (such as, but not limited to, a door or turnstile) equipped with access control devices 211 , 217 , 214 , 218 , 219 , 212 , and 213 , respectively.
- the access control devices 211 , 217 , 214 , 218 , 219 , 212 , and 213 can be any type of device that receives an input credential and assists in determining whether the input credential is authorized for the access point with which the access control device is associated.
- one or more of the access control devices 211 , 217 , 214 , 218 , 219 , 212 , or 213 can be a smart lock.
- the credential can be read or received through one or more different types of technologies, such as, but not limited to a card reader, an RFID sensor, a touchscreen for receiving an alphanumeric credential, a Bluetooth or wireless interface, etc.
- one or more of the access control devices 211 , 217 , 214 , 218 , 219 , 212 , or 213 can be integral with a smart lock, such as one of the smart locks described in U.S. Pat. Application Serial No. 14/589,805 filed on Jan.
- the one or more of access control devices 211 , 217 , 214 , 218 , 219 , 212 , or 213 can communicate with a separate access device, such as an elevator control panel 228 or garage door opener 229 .
- a separate access device such as an elevator control panel 228 or garage door opener 229 .
- one or more of the access control devices 211 , 217 , 214 , 212 , 218 , 219 , or 213 can be separate from a reading device, such as an RFID reader 231 or 239 or from an associated locking or actuatable device, such as a lock, a garage door opener 229 .
- one or more of the access control devices 211 , 217 , 214 , 212 , or 213 can have storage thereon to store data, such as, but not limited to a list of valid access credentials, an access log containing a list of credentials or users who accessed or attempted to access the access point with which the smart lock is associated optionally in combination with a timestamp and/or a photo taken at the time of access, codes (such as, but not limited to Wiegand codes or IP) for instructing an associated access device (such as, but not limited to, an electrically actuated lock) to allow access to, for example the access point or a particular floor accessible by an elevator.
- data such as, but not limited to a list of valid access credentials, an access log containing a list of credentials or users who accessed or attempted to access the access point with which the smart lock is associated optionally in combination with a timestamp and/or a photo taken at the time of access, codes (such as, but not limited to Wiegand codes or IP) for instructing an associated
- one or more of the access points and the areas can include a monitoring device, such as monitoring devices 251 , 256 , 252 A, and 252 B.
- Monitoring devices 251 , 256 , 252 A, and 252 B can be, for example, video cameras, motion sensors, flood sensors, infrared sensors, or any other devices configured to monitor an area.
- Some of monitoring devices 251 , 256 , 252 A, and 252 B can be associated with an access control device, such as the monitoring devices 252 A and 251 located in proximity to access control devices 212 and 211 , respectively.
- Other of monitoring devices 251 , 256 , 252 A, and 252 B can be associated with an area, such as the monitoring devices 252 B and 256 which are associated with apartment 202 and common area 206 , respectively.
- the building 200 can further include additional access points, such as a garage entrance 209 or an elevator 208 .
- Each of the garage entrance 209 and the elevator 208 can include a device for receiving access credentials.
- elevator 208 is associated with an elevator control panel 228 , such as an elevator control panel.
- the elevator control panel 228 can receive an access credential from a user, for example using any of the technologies described above such as the access control device 218 and provide a signal to the elevator to permit access when the credential is authorized.
- access can be limited to particular floors accessible by the elevator.
- Access control reader 218 can therefore provide the elevator control panel 228 of the elevator 208 with, for example, information about which floors are to be accessed using, for example, Wigand codes or another type of communication.
- garage entrance 209 can include a garage door opener 229 , which can, for example, receive communications from an access control device 219 connected to an RFID reader 239 . When the correct credential or credentials are provided to the RFID reader 239 , access control device 219 , and a garage door opener 229 that can open the garage door or garage gate.
- garage door opener 229 can receive instructions to open the garage door from access control device 219 via, for example, Wiegand codes provisioned in the access control device 219 .
- areas in the building 200 can house additional smart devices connected to the smart building system, such as, but not limited to smart exercise equipment 297 in the gym 207 , manager access device 284 , smart outlets 292 , 293 A, smart thermostat 293 B, etc.
- smart exercise equipment 297 can provide data gathering functions (e.g., heart rate monitoring) that can then be uploaded to a remote server or user device for analytics.
- smart exercise equipment 297 can communicate with a remote server to receive customized workout plans, such as an elevation map for an indoor stationary bicycle.
- Smart outlets 292 , 293 A can provide functionalities beyond typical outlets, which can include, but are not limited to voice command capabilities, remote control or remote scheduling via a web interface or API, power usage monitoring, uploading gathered data to a local or remote database, etc.
- Smart thermostat 293 B can control the climate (e.g., via heat, air conditioning, and/or humidifier control) of the apartment 203 .
- Smart thermostat 293 B can provide various smart functionalities such as, but not limited to, remote control or scheduling via a web interface or API, temperature monitoring, uploading gathered data to a local or remote database, etc.
- smart thermostat 293 B can receive information from cloud-based computing system 100 about user preferences for users known to be within or to otherwise occupy the apartment 203 and control the climate of apartment 203 based on such information. As described in more detail below, access to or management of the smart exercise equipment 297 in the gym 207 , manager access device 284 , smart outlets 292 , 293 A, and smart thermostat 293 B can be governed by access credentials generated by the cloud-based computing system 100 .
- a user in one of the apartments can use a third-party smart device to interact with other parts of the system.
- a user may instruct a smart speaker to turn on a light associated with smart outlet 292 or 293 A.
- the smart speaker can contact a third-party cloud service, which can be provisioned to send the command to the cloud-based computing system 100 .
- the cloud-based computing system 100 can then send a command with an associated credential to a local smart hub, such as the access reader 212 , e.g., access control device, or smart hub 290 which can then send an instruction to a local device, such as smart outlet 292 or 293 A respectively to turn on.
- a local smart hub such as the access reader 212 , e.g., access control device, or smart hub 290 which can then send an instruction to a local device, such as smart outlet 292 or 293 A respectively to turn on.
- a user can use the smart hub 290 to access a device without using the Internet, thereby bypassing the cloud-based computing system 100 .
- a user can connect directly to the smart hub 290 (for example using a Bluetooth or WiFi connection) and send an instruction relating to a device to the hub 290 (for example, also using a credential).
- the smart hub 290 can then direct the instruction directly to the smart device, such as a smart lock or smart outlet 293 A.
- the smart hub functionality may be implemented in an access control device, such as a smart lock, and the access control device can control smart devices.
- one or more of smart exercise equipment 297 in the gym 207 , manager access device 284 , smart outlets 292 , 293 A, smart thermostat 293 B can connect to other devices or networks via a connectivity technologies such as, but not limited to WiFi, Bluetooth wired connections, cellular network connectivity, etc.
- a connectivity technologies such as, but not limited to WiFi, Bluetooth wired connections, cellular network connectivity, etc.
- one or more of smart exercise equipment 297 in the gym 207 , manager access device 284 , smart outlets 292 , 293 A, smart thermostat 293 B can connect to a smart hub, such as smart hub 290 in apartment 203 or smart access device 212 in apartment 202 that can act as an all-in-one smart access reader, smart lock, and smart hub.
- Smart devices can connect to smart hubs to receive commands, software updates, receive or transmit data, internet connectivity, etc. and to relay information to the cloud-based computing system 100 or other devices such as a user mobile device or management gateway.
- the smart building system can simplify the access, usage, and management functions associated with such systems.
- smart home devices can be associated with a beacon, such as the beacon 295 associated with smart outlet 293 A.
- beacon 295 can be used to assist with accessing or controlling the smart outlet 293 A.
- additional beacons can be provided to assist with access to other devices in the system of FIG. 2 , such as access points, elevators, etc.
- beacon 295 can be an unpowered device that can be read by, for example, a user’s mobile device.
- an intercom 241 can be installed at an access point 201 of the building 200 .
- Intercom 241 can possess the same capabilities and connectivity as intercom 140 discussed with reference to FIG. 1 A .
- intercom 240 is a virtual intercom or can be integrated with the access control device 211 .
- Intercom 241 can be connected to the cloud-based computing system 100 .
- the intercom 241 can automatically be updated whenever a tenant moves into the building 200 .
- intercom 241 can be automatically configured to send notifications to a new tenant without having to manually alter or reconfigure the intercom 241 .
- the intercom 241 can have a voice activation feature.
- a voice activation feature can receive a user command to access a particular apartment or visit a particular resident and process the command, either remotely on the cloud-based computing node or locally by the intercom 241 .
- each resident can gain access, for example using a credential from cloud-based computing system 100 , to configure the intercom 241 .
- the resident can configure the name that appears on a user interface of the intercom, what action should be taken when someone tries to reach that resident via the intercom (e.g., whether to send an alert or call to the resident’s mobile device, a connected smart speaker in the user’s residence, initiate a video call with a concierge, etc.), etc.
- the resident when intercom 241 connects to a smart speaker of the resident, the resident can then use the smart speaker to unlock the access point associated with the intercom 241 , for example, by sending a credential thereto.
- the cloud-based computing system 100 can be configured to receive event data from smart devices, such as a smart leak sensor, and notify both a tenant and management when a leak is detected. A tenant can then authorize management to access the apartment in order to inspect the problem. Furthermore, a tenant can restrict access to smart devices when a guest is using or is otherwise authorized to use an area. For example, a tenant can power down particular smart devices such as smart speakers, etc. when a service provider is present to prevent the service provider from using smart devices.
- a user can configure particular smart device behaviors when a door is unlocked. For example, smart lights can be automatically turned on whenever a particular user gains access to an access point at the front door to their apartment. All of these functions can be implemented into a single application on the user’s mobile device to simplify management and usage and/or improve overall security of the system.
- FIGS. 3 A- 3 D are diagrams representing various credentials generated by a cloud-based computing system 100 , such as the cloud-based computing system 100 in FIGS. 1 A, 1 B, or 1 C , according to some embodiments.
- the credentials shown in FIGS. 3 A- 3 D are merely illustrate examples, and a person of skill in the art would understand from the present disclosure that other credential formats are contemplated.
- FIGS. 3 A- 3 D is described with reference to FIG. 2 , a person of skill in the art would understand from the present disclosure that the same or similar credentials in accordance with the present disclosure would be operable in many different smart building or home applications.
- FIG. 3 A is a diagram representing the contents of a generic credential 300 provided to a user mobile device from a cloud-based computing system 100 , according to some embodiments.
- a generic credential 300 can include separate fields containing information about one or more of access privileges 310 , sharing rights 320 , time-to-live (TTL) and/or scheduling restrictions 330 , device IDs 340 , the credential user’s public key 350 , delivery modality restrictions 360 , or security code 370 .
- TTL time-to-live
- Access privileges 310 can include a listing or representation of one or more particular access types, which can include, but are not limited to unlocking or otherwise receiving access from an access control device (e.g., access control devices 211 , 217 , 214 , 218 , 219 , 212 , and 213 ); keeping a door unlocked; setting up a smart device (e.g., smart devices 292 , 293 A, 293 B, 297 , or monitoring devices 252 A, 256 , 251 ) and/or pairing it to a particular smart hub (e.g., 212 or 290 ); updating a settings or a subset of settings on an access control device, smart device, or monitoring device (e.g., access control devices 211 , 217 , 214 , 218 , 219 , 212 , 213 , smart devices 292 , 293 A, 293 B, 297 , or monitoring devices 252 A, 256 , 251 ); performing a firmware update on
- Sharing rights 320 can indicate whether the user of the credential 300 is authorized to share the credential 300 , and what form that sharing can take (e.g., universal sharing to any user of the system, sharing in accordance with certain restrictions such as during particular hours or to certain subsets of users, etc.).
- TTL and/or scheduling restrictions 330 indicate the time before the credential 300 expires and/or the times during which the credential can be used before expiration (e.g., expires in 1 week and can be used from 9am to 5pm).
- Device IDs 340 can include a listing or representation of the device IDs of system elements for which the credential is valid (e.g., IDs for access control devices 211 , 217 , 214 , 218 , 219 , 212 , 213 , smart devices 292 , 293 A, 293 B, 297 , or monitoring devices 252 A, 256 , 251 ).
- each device ID is a unique universal identifier (UUID).
- User’s public key 350 can be a public key associated with a private key of the user of the credential and/or the user’s mobile device. As described in more detail below, the user’s private key associated with the user’s public key 350 can be used to encrypt a NONCE received from a device (e.g., a smart access reader or a smart device), which can be provided to a device in order to gain access. A device can then decrypt the NONCE with the public key to determine whether the user is authorized.
- a device e.g., a smart access reader or a smart device
- Delivery modality restrictions 360 can be a listing or indication of any restrictions on how a credential can be delivered to a device for authentication.
- delivery modality restrictions may restrict delivery of a credential or information based on the credential to be delivered only via BLE, or another type of communication type.
- Security code 370 can be any type of security code, for example a certificate signed from a granting authority (e.g., the cloud-based computing node) recognizable by the receiving device (e.g., an access control device or smart device).
- a granting authority e.g., the cloud-based computing node
- the receiving device e.g., an access control device or smart device.
- FIG. 4 A is a flow diagram showing a user authentication process for using a credential such as credential 300 , according to some embodiments.
- the credential verification process begins at step 410 , where an external device, such as a user’s mobile device establishes a connection with a lock.
- an external device such as a user
- FIG. 4 refers to processes involving a lock, a person of skill in the art would understand from the present disclosure that other devices can be used, such as, but not limited to, access control devices, smart hubs, smart devices, etc.
- the lock can send a NONCE to the external device in step 420 .
- the NONCE can be any type of NONCE, and can be stored by the lock for use later in the authentication process and for logging purposes.
- the external device After receiving the NONCE, the external device generates and sends a token to the lock.
- the token can be generated using the NONCE received in the step 420 , information contained on the external device, and/or any other information accessible by the external device such as information requested or received from the cloud-based computing system 100 or other information received from the lock.
- the NONCE is sent to the external device in a BLE communication, or any other type of communication.
- FIG. 4 B shows an example token 400 , according to some embodiments.
- the Token can include at least one credential 300 retrieved from memory, such as the credential 300 described with reference to FIG. 3 ; a command 402 , such as a command to unlock, stay unlocked, etc.; a command argument 403 , such as a time period for a device to stay unlocked; a NONCE 404 received from a lock or other device to which the token bearer is attempting to gain access; and a signature 405 .
- the command 402 and command argument 403 correspond to one or more access privileges 310 for a device ID 340 included in the credential 300 .
- the NONCE 404 can be encrypted using the private key of the external device for verification based on the public key 352 included in the credential.
- the signature 405 can similarly be signed using a private key of the external device.
- the token 400 can be provided as a single token, as packets, or using any other packaging or transmission method.
- the at least one credential 300 includes all credentials associated with the unique identifier or group identifier of the lock.
- a group identifier can be an identifier associated with a structure (e.g., an apartment building) containing multiple UUIDs.
- the lock performs a verification on the received token.
- the verification can include evaluating one or more evaluation criteria.
- the evaluation criteria can include one or more of determining whether the signature(s) in the at least one credential(s) 300 was generated by a known authority, such as the could-based computing system 100 ; determining the validity of the security code 370 ; determining that the NONCE corresponds to the NONCE transmitted to the external device in step 420 (optionally by decrypting a public key 350 in the at least one credential 300 ), determining that the signature 405 is valid (e.g., properly generated using the private key associated with the public key 350 ); or determining that the lock’s unique identifier or group identifier is contained in the device IDs 340 .
- the lock can determine that the external device that provided the credential is indeed authorized for the credential 300 .
- the lock (or another device, such as a cloud-based computing system 100 ) can determine if the credential has been suspended, for example by comparing to a local black-list or sending a query to the cloud-based computing node to determine if the credential was backlisted.
- step 450 the lock verifies that the requested command is permitted.
- the lock can verify that one of the at least one credential 300 is authorized for the command 402 and argument 403 by confirming they correspond to the listed access privileges 310 for the lock’s device ID 340 , and further that the command is submitted in accordance with the restrictions 330 . If the credential 300 was shared, the lock can determine if it was shared in accordance with sharing rights 320 .
- the lock can apply the one or more verification criteria in step 440 and the verification in step 450 discussed above to each credential. Such a process is shown in FIG. 5 .
- the lock can disregard each credential that does not meet one of the verification criteria. If no credentials pass the verification criteria, the lock can abort the transaction with an authorization failed status.
- the lock can log or transmit information about a failed verification check. For example, the lock can transmit a message to a specified user or to a building manager with information associated with the failed verification such as information received in the step 430 and/or any information recorded by the lock or an associated monitoring device in association with the failed verification check.
- the lock causes the requested command to be performed.
- the lock can instruct a smart hub or a device with which the lock is in communication to perform the requested command.
- the lock can optionally send the valid credential associated with the requested command so that a smart hub or device can confirm permission for the requested command.
- the lock can maintain a list of each permitted device and action from the at least one credential 300 .
- the list is maintained with an order such that only the highest superset is applied. For example, where one credential requires that a photo be taken or logged when granting access, whereas another “higher” credential does not (e.g., it has fewer restrictions), the lock may apply a policy in accordance with the highest credential policy.
- the external device can send the credential with the highest policy.
- a device when a device, such as an access control device, receives a credential, it can log information about the credential. For example, the access control device can log information about the time of receipt, the source of the credential, and whether the credential is determined to be valid. If an activity is rejected due to an invalid credential, the credential payload (or a portion thereof) can be included within the activity log. If an activity is accepted, activity log can be created that captures relevant information pertaining to the actions the device took after this request. For example, in the case of an unlock, the log can include information on motor states before and after, as well as photo/video/audio data taken from a nearby or integrated monitoring device.
- Activity commands can also contain information about received commands, data transmitted during performance of an activity, and an identification of the device performing the logging.
- Activity logs can be transmitted to another device for storage and/or review, such as to manager access device 284 , e.g., manager gateway, a user mobile device, or the cloud-based computing system 100 .
- FIG. 3 B shows an example set of credentials 301 A, 301 B, 301 C, and 301 D for when a resident logs into an application on a user mobile device, according to some embodiments.
- the credential 301 A can be used to allow a user to access a lock at the user’s residence, such as the smart access reader 212 .
- the fields of the credential 301 A include access privileges 311 A to unlock, update, and FW upgrade, sharing rights 321 A that allow for unrestricted sharing, TTL & schedule restrictions 331 A which indicate an expiration of 1 week and no scheduling restrictions, device ID 341 A of the of the user’s smart access reader 212 , the user’s public key 351 , delivery modality restrictions 361 A which are null, and security code 371 A.
- the credential 301 B can be used to allow a user to access a common area, such as a gym 207 .
- the fields of the credential 301 B include access privileges 311 B to unlock, sharing rights 321 B that allow for unrestricted sharing, TTL & schedule restrictions 331 B which indicate an expiration of 1 week and usage only during 9am to 9pm Monday through Saturday, device ID 341 B of the access control device 217 and smart device (smart exercise equipment) 297 , the user’s public key 351 , delivery modality restrictions 361 B which are null, and security code 371 B.
- the credential 301 C can be used to allow a user to access common areas, such as access control device 211 and elevator 208 .
- the fields of the credential 301 C include access privileges 311 C to unlock and floors 1 and 2, sharing rights 321 C to unrestricted, TTL & schedule restrictions 331 C which are set to 1 week, device ID 341 C of the access control devices 208 and 211 , the user’s public key 351 , delivery modality restrictions 361 C which are null, and security code 371 C.
- security code 371 C can include a Wiegand code to be provided to an elevator control panel 228 upon successful authentication of a credential by the access control device 218 .
- the credential 301 D can be used to allow a user to control their smart home devices, such as hub and access control device 212 , internal monitoring device 252 B and the connected smart plug or outlet 292 .
- the fields of the credential 301 D include access privileges 311 D to control smart home, sharing rights 321 D set to unrestricted, TTL & schedule restrictions 331 D which are set to one week, device ID 341 D of the smart access reader 212 , the user’s public key 351 , delivery modality restrictions 361 D which are null, and security code 371 D. Because smart devices are connected to the smart access reader 212 , the UUIDs of each smart device can be but need not be provided in the credential 301 D.
- credential 301 C is sent, in conjunction with a signed NONCE and “unlock door” command, in response to the access control device’s NONCE request.
- the credential 301 B is provided to the access control device 217 in conjunction with a signed NONCE and “unlock door” command, in response to the access control device’s NONCE request. Timing restrictions in the credential can be enforced by the access control device 217 .
- credential 301 A is sent, in conjunction with a signed NONCE and “unlock door” command, in response to the lock’s NONCE request.
- an HTTPS request is sent to the smart hub’s control endpoint (e.g., in the cloud-based computing system 100 or directly from a mobile device), with credential 301 D as a header entry in the request.
- the body of the request contains JavaScript Object Notation (JSON) describing the request (e.g., the action required by the credential), encrypted or signed by the private key of the credential bearer.
- JSON JavaScript Object Notation
- the application which handles credentials on the user’s mobile device can request updated credentials to ensure the credentials stay up to date.
- the cloud-based computing system 100 plans TTLs accordingly to ensure the user doesn’t receive a credential that extends past the tenancy.
- FIG. 3 C shows an example set of credentials 302 A and 302 B for when a guest is provided temporary access, for example in a hotel, according to some embodiments.
- the credential 302 A can be used to allow a user to access a common area, such as the smart access reader 211 at the access point 201 and the access control device 218 on the elevator 208 .
- the fields of the credential 302 A include access privileges 312 A to unlock, sharing rights 322 A that are null, TTL & schedule restrictions 332 A which indicate an expiration of 3 days and no scheduling restrictions, device ID of the access control device elevator 208 , e.g., an access control device located in a elevator, access point 201 , the user’s public key 352 , delivery modality restrictions 362 A which are null, and security code 372 A.
- the credential 302 B can be used to allow a user to access their room, such as room 203 .
- the fields of the credential 302 B include access privileges 312 B to unlock, sharing rights 322 B that are null, TTL & schedule restrictions 332 B which indicate an expiration of 3 days and usage only from check-in time to check-out time, device ID 342 B of the access control device 213 , the user’s public key 352 , delivery modality restrictions 362 B which are null, and security code 372 B.
- a credential similar to that of 301 D can be used to allow the guest access to smart devices 290 , 293 A, 293 B in accordance with the timing restrictions of the guest’s stay. Usage of the credentials 302 A, 302 B can proceed similarly to those described with reference to FIG. 3 A .
- a blacklist entry is scheduled for the common area and the suite UUID doors.
- a blacklist can be a list of devices that, even when presenting a valid credential, are nonetheless not given access to perform an operation.
- the blacklist can be provided to an access controller, for example from the cloud-based computing system 100 via the internet. For example, if a guest is issued a valid credential to access a hotel room but later cancels their reservation, information about the guest’s device or credential can be added to the blacklist and provided to the access controller associated with the hotel room.
- a sequence ID can be, for example, a specified ID that provides an additional way to determine that a credential is invalidated. If a lock is presented a credential with a higher sequence ID than it has encountered before, the sequence ID can be retained and all credentials with a lower sequence ID can be considered to be invalidated. In this way, the cloud-based computing system 100 can invalidate prior credentials by simply providing an individual with a credential having a higher sequence ID.
- FIG. 3 D shows an example set of credentials 303 A and 303 B for when a service provider is provided temporary access to an apartment, according to some embodiments.
- Credentials 303 A and 303 B are similar to and operate similarly to credentials 301 A and 301 C, respectively, but differ in that they include the public key of the service provider 353 and are valid only for 1 day and during the service window (e.g., 12pm to 2pm).
- the credential provided from a user device to another device can include a field for commands.
- a command can be used, for example, to instruct a device to perform a settings or firmware update, to instruct a device to turn on or off, instruct a device to pair with another device, or any other function.
- the command further comprises a firmware update.
- FIG. 6 is a flow diagram showing a process for pairing one or more smart devices with a hub in the system, such as a smart access controller or a smart hub, according to some embodiments.
- an installer can compile a list of all smart device codes associated with smart home devices to be paired with a hub, which can be, for example, a smart lock.
- the installer scans a barcode on the smart device which links or translates to a code associated with each device.
- the installer can compile a file, such as a .csv file with the codes read from each device.
- the installer can provide the device codes to the cloud-based computing system 100 , for example by sending a list or .csv file.
- the codes can be assigned to a building or a unit, for example a particular apartment. The assignment can be included in the information provided with the device codes or can be selected via an interface, such as a mobile application or a web interface.
- the cloud-based computing system 100 can store the list of devices to be paired in association with the assigned location.
- step 640 the cloud (or a device of the installer) can provide the device codes to the lock.
- the installer can then place the smart devices and the smart lock in paring mode in steps 650 and 660 .
- step 660 the placing of the smart lock in pairing mode can be automatically triggered by the cloud-based computing system 100 receiving the list of device codes.
- pairing mode the smart devices advertise the device codes already stored on the smart lock. Once all devices to be paired are in pairing mode, the lock can automatically pair with devices based on the list of device codes, for example by scanning over Zigbee for devices advertising the device codes in the list. In some embodiments, in this way, when pairing a large number of smart devices with a single smart lock (or other hub), the installer does not need to individually pair each smart device with the lock.
- an installer can compile a single list for all units, devices, and locks, and transmit to the cloud-based computing node in one simple step.
- devices can more easily be transferred from one tenant to another, or from one hub to another, or replaced.
- an installer can simply update the device code in the cloud-based computing system 100 , and begin at step 640 in FIG. 6 .
- an installer need only place the new smart device into a pairing mode, which can cause it to search for a network to join.
- the smart device hub can detect the device in pairing mode, and provide the smart device with a network key to add the device to the network.
- the cloud-based computing node can then store the install code read by the smart hub in such a way that indicates that the smart hub and device are paired.
- pairing via the cloud-based computing system 100 enables simple testing of pairings.
- an installer or other manager can transmit a request to the cloud-based computing system 100 to confirm successful pairing.
- the cloud-based computing system 100 can send a test command to the smart lock, which can in turn relay a command to the smart device.
- the smart lock can then confirm that the smart device has successfully responded to the command.
- WiFi can be more easily swapped or altered.
- a user can transfer WiFi credentials stored on their mobile device to the smart home hub, e.g., directly or via the cloud-based computing system 100 using an application or web interface.
- the hub can the transfer these credentials to each smart home device to permit WiFi access.
- storing pairings of devices in cloud-based computing system 100 as part of an access system can simplify user and manager experiences. For example, by pairing smart devices to a hub (e.g., a smart lock), a user of the smart device (e.g., a tenant) can use the same application or web interface to control access devices as well as smart home devices.
- a hub e.g., a smart lock
- the same credentialing system described throughout the present disclosure can be used both to unlock a dual lock/smart hub and to instruct, via cloud-based computing system 100 , the lock to send commands to paired smart home devices.
- a manager can easily transfer control of smart home devices by changing the user associated with the unit having an association with smart home devices, vastly simplifying tenant changes when a unit includes smart home devices such as a smart thermostat or smart lights.
- managers can give maintenance workers temporary administrative permissions on smart devices that are having problems, allowing maintenance workers to fix the issue without exposing the resident to a larger security risk.
- a manager can control smart devices, such as a smart thermostat, in vacant units to maintain energy efficiency without having to manually adjust each unit.
- both managers and tenants can receive notifications of problems, such as leaks detected by smart leak detectors.
- a manager can easily understand which apartments are experiencing issues without having to maintain a separate list that matches apartments to smart devices.
- a manager can more easily manage permissions for particular smart devices in common areas without having to make changes on smart devices or smart hubs.
- a user may receive an updated credential which is valid at a smart device hub, which then provides access to sending commands to associated smart devices.
- FIG. 7 is a flow diagram showing a move in process for an apartment building equipped with both smart access readers and smart home devices, according to some embodiments.
- a user may first receive at least one credential associated with a “move in” action, for example from the cloud-based computing system 100 or from a property manager, at their mobile device.
- the credential can include a plurality of credentials, each associated with various smart devices in the unit (e.g., smart lights, thermostats, etc. managed by the hub).
- the user’s mobile device can establish a connection with a smart hub, such as a smart access reader, for example via a web interface or a mobile application.
- the user’s mobile device can send a “move_in” request token including the credential(s) to the smart hub.
- the hub can perform a verification, such as that described with reference to FIG. 6 A , of the credential(s) and commands in the token.
- the smart hub can cache or otherwise store information about each authorized credential in accordance with any restrictions, such as TTL restrictions.
- the smart hub can return a configuration for each permitted smart device to the user’s mobile device, along with endpoints on the hub for how to control them.
- These endpoints can be pre-configured with, for example, a URI encoded form of the session token stored thereon, to prevent having to credential each time.
- a user can change a configuration on the smart device to stop storing the URI-encoded form of the session token when the user wants to switch to having to present a credential again.
- the user can then control the configurations and other features of the smart devices using their user device.
- a manager can “lock” or “unlock” features in an apartment simply by changing credentials on the cloud-based computing system 100 . In this way, a manager can include premium smart home devices in each unit, but only enable them for particular units who pay for the credential.
- the cloud-based computing system 100 can configure credentials in a way that facilitates the features described throughout the present disclosure while maintaining an efficient storage, processing, transmission, and authorization process.
- the cloud-based computing system 100 can implement a set of heuristics that balances the transmission size for all applicable resulting credentials for the user, the authentication time and security of the credential, the mode of transmission (NFC, BLE, etc.), and permissions contained within the credential.
- the cloud-based computing system 100 can return all credentials.
- the entries can be split up individually by unit/set of devices/access points to ensure that the least data is sent on each event. How the cloud-based computing system 100 groups credentials can be user-configurable, manager-configurable, and/or automated by the cloud-based computing system 100 .
- restrictions are dependent on various aspects of a credential.
- a credential TTL could be dynamic, with the time based on the modality of delivery.
- NFC based ones could be configured to be longer-lived, while BLE could be shorter. Such configurations could balance the risk of issuance of longer credentials with the inconvenience of having to keep generating and receiving new ones.
- a credential holder can cryptographically attenuate a credential stored on their device.
- the user can modify a credential that was issued by the cloud-based computing system 100 , and restrict it further temporarily on their local device for transmission externally.
- a user can modify a credential that allows access to a lock between a certain set of times by attenuating it to be only applicable for a narrow window to share with cleaning staff.
- a cryptographic chain of trust can be used to verify that the holder was the one that attenuated it, and the original credential was legitimate.
- a user can attenuate a credential before it is sent at the point of transmission, to further reduce a security attack.
- third parties authorized for an access point or device can attenuate a general access credential to a narrower window before issuing it to a specific employee tasked with carrying out a service. If the resident has issued a credential that allows 3-5pm access on M-F, the service could internally attenuate to a 1 h window on the day of service.
- a user can share access to any smart home devices without having to go through the cloud-based computing system 100 . Instead, the user can simply share an attenuated credential with another user. In some embodiments, attenuation is instead carried out by the cloud-based computing system 100 , which would either provide an attenuated credential to the requesting user for transmission to the other user, or directly to the other user.
- the cloud-based computing system 100 can change or remove access thereto by any other entity, such as building management, in the database and blacklist any outstanding credentials. In this way, management will lose some or all access to devices now under the purview of a tenant, thereby ensuring privacy to the tenant.
- the tenant can then transfer access privileges back to management.
- management access is limited or removed for the period until the lease expires.
- the database can store this expiration date, and transfer control back to management upon expiration of the lease.
- activity logs relating to a particular tenant are either transferred to the tenant or destroyed when the tenant moves out.
- FIG. 8 is a block diagram representing a system architecture for a beacon-based access system, according to some embodiments.
- the system architecture can include a cloud-based computing system 100 , a third-party cloud-based computing system 101 , a mobile device 160 , a hub 190 , a device 802 (which can be a smart device), and a beacon 800 .
- the smart device 802 can be a smart home device, such as the smart outlets 293 A, 293 B, smart thermostat 293 B, smart exercise equipment 297 , or any other type of smart home device.
- the smart device 802 can be an access control device, such as a smart lock, or an elevator.
- the mobile device 160 can communicate with the cloud-based computing system 100 via a WiFi internet connection, a cellular network, and/or any other communication technology.
- the mobile device 160 can communicate with a third-party cloud-based computing system or device 101 using a WiFi connection, a cellular network, and/or any other communication technology.
- the mobile device 160 can also read information stored or imprinted on the beacon 800 using an NFC reader, a camera (e.g., for capturing pictures of a QR or barcode), and/or any other sensor or an active beacon, such as an active NFC beacon, a BLE beacon, an audio beacon (e.g., ultrasonic encoding), or a display that changes an image such as a QR code.
- User mobile device 160 can also communicate with the hub 190 and smart device 802 via Bluetooth, WiFi, NFC, and/or any other connection technology.
- the hub 190 can communicate with the smart device 802 via Bluetooth, Zigbee, Z-wave, Wifi, a wired serial bus, and/or any other type of communications technology and/or protocol, and can further communicate with the cloud-based computing system 100 and/or third-party cloud-based computing system 101 via a ethernet, WiFi, and/or cellular network connection.
- the cloud-based computing system 100 and third-party cloud-based computing system 101 can communicated via, for example, an IP connection.
- FIGS. 9 A- 9 D are flow diagrams showing example operation of beacon-based access systems, according to some embodiments.
- FIG. 9 A is a flow diagram showing a beacon-based access system operating via hub control of requests.
- operation begins in step 910 , where the mobile device 160 reads the beacon 800 .
- the beacon 800 is a passive, unpowered NFC tag containing an NFC Data Exchange Format (NDEF) record
- the user’s mobile device 160 can scan the NFC tag beacon 800 when in proximity thereto and read the NDEF record.
- the beacon 800 can include information about an action to be taken with the associated device 802 .
- NDEF NFC Data Exchange Format
- the action can include, for example, a request to unlock a smart lock or a request to change the on/off status of a smart plug.
- the beacon 800 can include a beacon ID to identify the beacon from which the information was read.
- the information read from the beacon 800 can include an indication or route to an associated mobile application, an indication or information for accessing the device 802 associated with the beacon 800 .
- the information read from the beacon 800 can include a public key or a device key, such as an associated device 802 or a nearby smart hub associated with the device 802 . This public key can be used as part of a security process by the user’s mobile device 160 with the device 802 or the smart hub, for example as described throughout the present disclosure.
- the public key can be used alone, or using an Elliptic-curve Diffie-Hellman (ECDH) technique (e.g., either with a key associated with the user’s mobile device 160 (or the user) as the other portion of the curve or with a session key as the second portion).
- ECDH Elliptic-curve Diffie-Hellman
- the user’s mobile device 160 can compute a session key pair, and ECDHs the private portion with the public key read from the beacon.
- the resultant ECDH is used by the user’s mobile device 160 for communication with the device 802 and/or a nearby hub.
- the beacon 800 ′s public key can be used to encrypt or sign information without use of a session key.
- the information contained in the beacon 800 can be read as a universal resource identifier (URI) such as a universal resource locator (URL), where each portion of the URL indicates a different information type (e.g., with portions being separated by backslashes or dashes, or designated by a particular length).
- URI universal resource identifier
- URL universal resource locator
- beacon 800 can be read using a variety of different formats, such as various other forms of strings, organized data with particular fields, etc.
- a particular format can be used to indicate or separate different actions within the information read from the beacon 800 .
- &supportedActions ...” where actionTag is a list of key value pairs, secKey indicates a security key, defaultAction is a default action from a list of supported actions in supportedActions, etc. A user can be prompted to select an action where multiple actions are supported.
- the information described above is non-limiting, and other fields or types of information are contemplated.
- the OS of the user’s mobile device 160 ensure that the user is routed to the appropriate application or web interface.
- instructions to reach the appropriate application or web interface can be wrapped in a field in, for example, an Eddystone (e.g., the “Eddystone-URL” field) or iBeacon format, at which point the OS of the user’s mobile device 160 can route the information to the desired application or web interface.
- the OS is not capable of appropriately routing to an application or web interface
- the user can initiate the appropriate application or web interface, which can read the beacon 800 .
- the user’s mobile device 160 can process the information read from the beacon.
- processing can include recognizing and launching a mobile application associated with the information read from the beacon 800 in step 910 .
- the user’s mobile device 160 can recognize a mobile application associated with the domain “https://dev-api.latch.com/” and launch that mobile application.
- the mobile device 160 then provides the additional information read from the beacon 800 to the mobile application, such as the action to be conducted, the information to address the device 802 , and any other additional information such as a beacon ID.
- the mobile device 160 can communicate with a hub 190 or the cloud-based computing system 100 to obtain such information. In some embodiments the mobile device 160 processes the information without using the internet.
- the mobile application can determine whether the user has valid access to the device 802 associated with the beacon 800 based at least in part on the information read from the beacon 800 (or received from a hub 190 or cloud-based computing system 100 ). For example, the mobile application can search a set of credentials stored locally on the mobile device 160 to determine if there is a valid credential, subject to any access restrictions, for the device 802 based on the information to address the device 802 and/or the beacon ID of the beacon 800 (e.g., without using the internet). In some embodiments, the mobile application can communicate with the cloud-based computing system 100 or the third-party cloud-based computing system 101 to validate a credential or otherwise determine that the user has valid access to the device 802 .
- the user of the mobile device 160 may be prompted to input additional information, such as a username and/or password, to assist with determining whether the user has valid access to the device 802 .
- additional information such as a username and/or password
- other forms of authentication are used, such as biometric authentication.
- biometric authentication is used, such as biometric authentication.
- a virtual intercom is launched on the mobile device 160 or a call is initiated with a virtual doorman
- the user can be asked to provide additional input or provide a selection of what action to take. Once launched, the virtual intercom or virtual doorman can interact with and/or receive input from the user using voice, text search, link selection, etc. in order to determine which action should be taken.
- a prompt can be triggered to download the appropriate application.
- the mobile device 160 connects with nearby hub 190 and requests an action for the device 802 .
- the mobile device 160 can search for a hub 190 in proximity to the beacon 800 , for example based on the strength of signal of a WiFi or Bluetooth-based hub.
- the mobile device 160 is already registered with the hub 190 , and simply sends a communication to the hub 190 in association with the requested action.
- the request for an action can include, but is not limited to, an indication of the action to be taken (e.g., the action read from the beacon 800 ), information about the device 802 (e.g., the information to address the device 802 read from the beacon 800 ), information about the mobile device 160 or a user/account associated therewith, and/or the user’s credential or another token to authenticate the request.
- an indication of the action to be taken e.g., the action read from the beacon 800
- information about the device 802 e.g., the information to address the device 802 read from the beacon 800
- information about the mobile device 160 or a user/account associated therewith e.g., the information to address the device 802 read from the beacon 800
- communication between the mobile device 160 and the hub 190 is performed without connecting to the internet.
- the hub 190 authenticates the request, for example using any of the techniques described throughout the present disclosure. In some embodiments, the hub 190 authenticates the request without using to the internet based on information stored on the hub 190 .
- the hub 190 connects with device associated with beacon (e.g., via a BLE, Zigbee, or Z-wave connection) and performs a requested action (e.g., causes the device 802 to unlock or change an on/off status), for example as described in more detail throughout the present disclosure. In some embodiments, the hub 190 connects with the device without using to the internet.
- the device 802 can be operated or otherwise connected to a third party service for controlling access (e.g., integrated with a third-party cloud-based computing system 101 ) and not otherwise be integrated with or support the functionality associated with the cloud-based computing system 100 , such as access logs, varied permissions among users, multiple user support, etc.
- the hub 190 can act as an abstraction layer to make the device agnostic to these functions, while still providing such functionality on behalf of the device. For example, if the device 802 is a basic smart lock that does not support more than one user (e.g.
- the hub 190 can provide such functionality.
- the hub 190 can pair with the smart lock as the only “user,” and can perform the authentication of permissions, time-restricted access enforcement, logging, etc. in place of the lock, and send the command to “unlock” as the device’s only user when necessary.
- a user can use the beacon-based operation described with reference to FIGS. 9 A or 9 B to gain access to the device 802 .
- third-party devices that are not configured to be integrated with the smart home or building system of FIG. 1 A can nonetheless be integrated into such a system with full or partial functionality facilitated by the hub 190 and/or beacon 800 .
- the device 802 can be one of a number of different types of devices, such as, but not limited to a lock, elevator, smart home device, turnstile, or other type of device capable of interfacing with a smart building system.
- the credentials used during the operation of a beacon-based access system can provide access to a number of different features, such as locking or unlocking a door, accessing a particular floor of a building, accessing control of a smart thermostat/light/leak sensor/switch/button/exercise equipment/air quality monitor/etc., powering a device/circuit through a smart switch or connected panel, actuating a window blind, turning on a fan, turning on an appliance, turning on a TV, purchasing an item, renewing a subscription purchase, etc. Accordingly, the same credentialing system can be used across the entire smart building system, even with third-party devices that are not otherwise configured to interface with the smart building system.
- FIG. 9 B is a flow diagram showing a beacon-based access system operating via internet/cloud control of requests, according to some embodiments. The operation initially proceeds similarly to the operation described with reference to FIG. 9 A . For example, in step 911 the mobile device 160 reads the beacon 800 and then processes the read information in step 921 .
- step 931 rather than connecting with a hub 190 , the mobile device 160 instead sends a communication to a cloud-based computing node to request an action.
- the communication can be to cloud-based computing system 100 and/or third-party cloud-based computing system 101 .
- the decision to communicate with a cloud-based computing node ( FIG. 9 B ) rather than hub 190 ( FIG. 9 A ) can be contained, for example, in the information read from the beacon 800 (e.g., via the format or a field of the information to address the device 802 ) or hard coded into the mobile application.
- communication with a cloud-based computing node can be responsive to a changed or unreachable endpoint or an incorrect action by the mobile application.
- the request to the cloud-based computing node can include, for example, an indication of the action to be taken (e.g., the action read from the beacon 800 ), information about the device 802 (e.g., the information to address the device 802 read from the beacon 800 ), information about the mobile device 160 or a user/account associated therewith, and/or the user’s credential or another token to authenticate the request.
- an indication of the action to be taken e.g., the action read from the beacon 800
- information about the device 802 e.g., the information to address the device 802 read from the beacon 800
- information about the mobile device 160 or a user/account associated therewith e.g., the information about the mobile device 160 or a user/account associated therewith, and/or the user’s credential or another token to authenticate the request.
- the cloud-based computing node can authenticate the request from the mobile device 160 , for example using the techniques described in more detail throughout the present disclosure.
- the cloud-based computing node can cause the requested action to be performed on the device 802 , for example, using the techniques described in more detail throughout the present disclosure.
- the cloud-based computing system 100 can send a communication to a hub 190 including a credential and/or an indication of the requested action, which can authenticate the request and perform the action on the device 802 .
- the cloud-based computing system 100 can send a communication including a credential and/or an indication of the requested action directly to the smart device 802 , for example using a WiFi or cellular network, to perform the action.
- the cloud-based computing system 100 simply forwards the same request received from the mobile device 160 to the hub 190 or the device 802 .
- the cloud-based computing node can skip the authentication step 941 and instead pass authentication responsibilities to the device 802 .
- the cloud-based computing system 100 can send a communication to the third-party cloud-based computing system 101 requesting the desired action.
- the third-party cloud-based computing system 101 can then perform the action on device 802 using the third party’s own remote actuation processes, which can but do not necessarily require use of a hub 190 .
- Such operation is shown in FIG. 9 C , with steps 912 , 922 , 932 , and 942 corresponding to steps 911 , 921 , 931 , and 941 in FIG. 9 B .
- the cloud-based computing system 100 can send a request to a third-party cloud-based computing system 101 to perform the requested action.
- such a request involves reformatting some of the information contained in the request received in the step 932 , for example, to match a third party’s proprietary request format.
- additional information stored on the cloud-based computing system 100 can be added to the request, such as a third-party or device-specific credential required for authentication with the third-party cloud-based computing system 101 .
- the third-party cloud-based computing system 101 can then authenticate the request, and instruct the deice 302 to perform the requested action using the third party’s remote actuation protocol.
- the same process can be used both for devices associated with the cloud-based computing system 100 as well as third-party devices, without having to use different beacons, permissions, and/or mobile applications.
- cloud-based computing system 100 and/or hub 190 can update applicable logs to include access and use information.
- FIG. 9 D shows an example process for purchasing access.
- the process in FIG. 9 D can be used, for example, to purchase access to an access device (e.g., a smart lock) associated with a hotel room or other rentable resource such as shared office space, according to some embodiments.
- an access device e.g., a smart lock
- the mobile device determines that access is not permitted to the device 802 .
- the mobile device 160 transmits a communication to cloud-based computing system 100 to determine if access is for sale or rent.
- a communication can include an indication of the device 802 , for example from information read from beacon 800 , and/or information about the requesting party, for example based on information about the user or the mobile device 160 stored on the mobile device 160 .
- the cloud-based computing system 100 can then return a message in step 933 with information about whether access to the device 802 is for sale/rent, and, if so, the applicable rate or rates, terms, and/or other information related to the rentable resource. If access to the device is not currently available for sale/rent, the cloud-based computing system 100 can return a message indicating that the device is not available and can optionally include information about future availability or options to rent (e.g., a contact us link).
- step 943 if access is for sale or rent, the mobile device 160 can prompt the user with options for purchase, including displaying rates, terms, limitations, etc. received from the cloud-based computing system 100 in the step 033 .
- the user can proceed with the purchase using the mobile device, for example by inputting credit card information or accepting a charge to an account associated with the user or mobile device 160 .
- the cloud-based computing system 100 can generate, store, and/or provide one or more valid credentials for the action with the device 802 to the mobile device 160 in accordance with any restrictions on access.
- step 973 the mobile device 160 continues with valid credentials, for example at steps 930 , 931 , or 932 in FIGS.
- the cloud-based computing node can initiate a remote performance of the desired action that has just been credentialed, rather than making the user perform a local request again. In this way, the desired action can be performed immediately upon grant of a valid credential, while in the future the mobile device 160 can perform local requests with the newly issued credential.
- the cloud-based computing node can instead confirm whether an account associated with the user’s mobile device 160 should have access to the device 802 . If the answer is yes, then the cloud-based computing node can send the appropriate credential, rather than requiring the user to purchase a credential.
- FIGS. 9 A- 9 C A person of skill in the art would understand based on the present disclosure that purchasing access could occur at other points during the operations described in FIGS. 9 A- 9 C .
- a communication could be sent to the mobile device 160 to trigger the process of FIG. 9 D .
- other credentialing processes could be provided that do not involve purchasing a valid credential.
- the mobile device is redirected to a virtual intercom system.
- the mobile device could be directed to a web-based or application-based interface.
- the interface can be configured to connect the user seeking access to the device 802 with someone who can permit access.
- the device 802 is a smart lock at an access point for a building
- an audio or video connection can be established between the user’s mobile device 160 and a mobile device of a resident of the building, for example using a cellular, VOIP, or other type of connection.
- the resident wants to provide access to the user of the mobile device 160 , they can be prompted to do so from their mobile device.
- the user of the mobile device 160 can be prompted to input an apartment number or the name of a resident who they wish to contact.
- the mobile device 160 can emulate an existing or virtual intercom on a web app, which can allow the user to follow the same process of selecting the unit and then the residents of that unit’s selected identifiers.
- the user mobile device can establish a connection with a manager of the building or with a security station associated with the access point for the building. The manager or an operator at the security station can then determine whether to grant access to the visitor.
- the web or application-based interface includes a virtual doorman with whom the visitor can interact and to whom the visitor can provide information in order to determine which resident to contact and/or whether to grant the individual access to the building.
- the link between a device 802 and a beacon 800 can be pre-provisioned during manufacturing of the beacon.
- the beacon 800 can be provisioned during manufacturing with the URI described above.
- at least some of the information included in the URI can be provided by a consumer about a particular device 802 that will be associated with the beacon 800 .
- a consumer may purchase a beacon 800 for use with a particular device 802 , and the beacon 800 can be manufactured and provisioned with the appropriate information to link the beacon 800 and device so that no set-up is required.
- at least some of the information included in the URI can be provided by a manufacturer of the device 802 .
- a manufacturer of the device 802 can provide information for accessing respective devices 802 and functionality associated with devices 802 (e.g., unlock, on/off, etc.).
- the devices 802 and associated beacons can then be sold in pairs.
- at least some of the information included in the URI can be provided by the manufacturer of the beacon 800 .
- different beacons 800 can be sold for different types of devices (e.g., smart locks, smart outlets, etc.), and therefore can be provisioned with particular actuatable actions in the information stored in the beacons 800 .
- Each different beacon 800 can be provisioned with a type of action associated with the type of device 802 (e.g., lock/unlock, on/off, etc.).
- Each beacon 800 can also be provisioned with at least one of a beacon ID or information to reach the device 802 .
- the beacon ID can serve to identify the beacon 800 , for example where more than one beacon is associated with a particular device 802 .
- the information to reach the device 802 can be generic or arbitrary information during initial manufacturing such that no link between the information and the device 802 has yet been established. Such as link can be established after manufacturing as described below.
- a device 802 and beacon 800 can be registered during pairing with a hub 190 .
- a hub 190 or mobile device 160 can read the information to reach a device 802 from the beacon 800 during pairing, and can associate such information with the particular device 802 being paired.
- the information to reach a device 802 can be provided visually on a package or other element sold with the device 802 such that a user can manually input the information to reach the device 802 such that the beacon 800 can be paired with a particular device 802 .
- the information can then be provided to a mobile device 160 or other entry point into the smart building system to be associated with information to reach the particular device 802 .
- Such information can be stored at the hub 190 , the cloud-based computing system 100 , or both, to establish a record of which device 802 is to be reached based on the provided information. Accordingly, when a mobile device 160 reads information on the beacon 800 , it can contact one or more of the hub 190 or the cloud-based computing system 100 to obtain information identifying the associated device 802 .
- information can be provided either to the hub 190 , the cloud-based computing system 100 , or both after pairing such that a link with a beacon is established after pairing.
- the device 802 knows the information stored on the beacon 800 , the device can provide the hub 190 and/or the cloud-based computing system 100 with such information during or after pairing.
- the hub 190 or cloud-based computing system 100 can inform the other of the link between the information on the beacon 800 and the device 802 .
- the beacon 800 only stores a tag ID, such as a UUID containing a random/arbitrary identification number.
- the UUID can be sent to the cloud-based computing system 100 after manufacturing and a link to a particular device 802 can be established later, for example during or after pairing as described above.
- each manufacturer of beacons 800 can include a prefix to the UUID such that there are no collisions between UUIDs manufactured by different companies.
- a manufacturer of the beacons 800 can request UUIDs for devices that it is manufacturing from the cloud-based computing system 100 and further provide the cloud-based computing system 100 with information the manufacturer wishes to be stored with the UUID on the cloud-based computing node (e.g., model numbers, etc.).
- the link between the beacon 800 and a device 802 can be established based on the UUID assigned by the cloud-based computing system 100 or the manufacturer of the beacon 800 .
- the processing steps 920 , 921 , and/or 922 described above can involve contacting, by the mobile device 160 , the cloud-based computing system 100 and/or a hub 190 to determine which device 802 is associated with the beacon 800 , what actions are associated with the device 802 , and/or how to reach the device 802 .
- the mobile device 160 does not need to learn information for contacting the device 802 associated with a beacon 800 .
- the mobile device 160 does not identify credentials for the device 802 , and instead sends information to the cloud-based computing system 100 or hub 190 identifying the beacon 800 (e.g., the beacon ID) and the mobile device 160 (or a user thereof), and the cloud-based computing system 100 or hub 190 can identify the device 802 based on the beacon ID, and determine whether the user is authorized to perform the desired action the device 802 .
- the beacon 800 e.g., the beacon ID
- the mobile device 160 or a user thereof
- FIG. 10 is a block diagram showing a system architecture for beacon-based access to devices.
- the system architecture in FIG. 10 is similar to that in FIG. 8 , but differs in that the cloud-based computing node can communicate with an access panel (e.g., via a wired or wireless internet connection) to provide access to a device. Therefore, as shown in FIG. 10 , a building may include a central access control panel 1090 capable of communicating with one or more of the cloud-based computing system 100 and mobile device 160 .
- Control panel 1090 can control access to multiple devices 1002 , which may or may not be smart devices.
- Devices 1002 can include, for example, electric locks, elevators, or other devices that require presentment of a credential for use.
- the devices 1002 have been retrofitted to work with a beacon-based system.
- devices 1002 could have originally been configured to receive signals from a control panel 1090 that is not cloud-enabled to provide access based on receipt of a valid credential from a respective reader 1004 associated with each device 1002 .
- each device could be an electronically actuated door lock originally associated with a card reader, keypad, biometric sensor, etc..
- the reader 1004 can receive a credential from a guest seeking access to one of the devices 1002 , and forward the received credential to a control panel 1090 for authentication.
- the control panel can instruct the associated device(s) 1002 , e.g., electronically actuated door lock, to provide access.
- the some or all of the readers 1004 can be augmented or replaced with beacons 1000 .
- the control panel 1090 can be upgraded to be or replaced with a cloud-enabled control panel 1090 that can interface with the cloud-based computing system 100 and/or a mobile device 160 via a cellular network and/or wired/WiFi internet connections.
- the operation of the system of FIG. 10 proceeds similarly to the operation described with reference to FIGS. 9 A- 9 B , except that the hub 190 is replaced with an access control panel 1090 that instructs the devices 1002 to perform an action (e.g., unlock a door) upon receipt of a request for an action with a valid credential.
- an action e.g., unlock a door
- a building system can be retrofitted with a cloud-connected access control panel that enables beacon-based access without having to replace the entire building system. Control from the access panel 1090 to the devices 1002 can proceed the same way as prior to retrofitting.
- beacons 1000 can be unpowered beacons, installing such a system in a building is simpler than other cloud-based systems that require a powered smart reader 1004 .
- unpowered beacons 1000 can be more energy efficient, cheaper, and less prone to problems that may hinder operation of the system.
- the user in the event that a user of the system requests access to a device for which the user is not authorized, the user can easily purchase or otherwise gain access using the cloud-based system without having to reconfigure the access panel 1090 , device 1002 , or the beacon 1000 .
- a cloud-based computing node could be implemented using multiple different nodes, for example across multiple different data centers.
- Functions of the cloud-based computing node described above can instead be implemented in other components of the system, such as, but not limited to a hub, a smart lock, or a smart intercom.
- functions of the cloud-based computing node can be redundantly implemented in both the cloud-based computing node and another node to increase security and/or functionality during times that communications with the cloud-based computing node are not available.
- an implementation of the communication protocol can be realized in a centralized fashion in one system, or in a distributed fashion where different elements are spread across several interconnected systems. Any kind of computer system, or other apparatus adapted for carrying out the methods described herein, is suited to perform the functions described herein.
- Connections between different devices can be made with or without a wire.
- the connection between the access control panel and the smart reader can be wired and/or wireless.
- the connection between the access control panel and the electronic locking mechanism can be wired and/or wireless.
- FIG. 15 illustrates an embodiment of an exemplary computing architecture 1500 that may be suitable for implementing an apparatus, system, and/or method for performing operations associated with the implementation of one or more of the disclosed techniques, e.g., computing devices, mobile devices, etc.
- the computing architecture 1500 may comprise or be implemented as part of an electronic device and/or system discussed herein.
- a component can be, but is not limited to being, a process running on a processor, a processor, a hard disk drive, multiple storage drives (of optical and/or magnetic storage medium), an object, an executable, a thread of execution, a program, and/or a computer.
- a component can be, but is not limited to being, a process running on a processor, a processor, a hard disk drive, multiple storage drives (of optical and/or magnetic storage medium), an object, an executable, a thread of execution, a program, and/or a computer.
- an application running on a server and the server can be a component.
- One or more components can reside within a process and/or thread of execution, and a component can be localized on one computer and/or distributed between two or more computers. Further, components may be communicatively coupled to each other by various types of communications media to coordinate operations. The coordination may involve the uni-directional or bi-directional exchange of information. For instance, the components may communicate information in the form of signals communicated over the communications media. The information can be implemented as signals allocated to various signal lines. In such allocations, each message is a signal. Further embodiments, however, may alternatively employ data messages. Such data messages may be sent across various connections. Exemplary connections include parallel interfaces, serial interfaces, and bus interfaces.
- the computing architecture 1500 includes various common computing elements, such as one or more processors, multi-core processors, co-processors, memory units, chipsets, controllers, peripherals, interfaces, oscillators, timing devices, video cards, audio cards, multimedia input/output (I/O) components, power supplies, and so forth.
- processors multi-core processors
- co-processors memory units
- chipsets controllers
- peripherals peripherals
- oscillators oscillators
- timing devices video cards
- audio cards audio cards
- multimedia input/output (I/O) components power supplies, and so forth.
- the embodiments are not limited to implementation by the computing architecture 1500 .
- the computing architecture 1500 comprises a processing unit 1504 , a system memory 1506 and a system bus 1508 .
- the processing unit 1504 can be any of various commercially available processors, including without limitation an AMD® Athlon®, Duron® and Opteron® processors; ARM® application, embedded and secure processors; IBM® and Motorola® DragonBall® and PowerPC® processors; IBM and Sony® Cell processors; Intel® Celeron®, Core (2) Duo®, Itanium®, Pentium®, Xeon®, and XScale® processors; and similar processors. Dual microprocessors, multi-core processors, and other multi-processor architectures may also be employed as the processing unit 1504 .
- processing circuitry of processing unit 1504 and/or other processing circuitry of computing architecture 1500 may be operative to perform operations associated with logic flow 500 and/or logic flow 600 , and/or other operations associated with implementation of one or more of the disclosed techniques. In some embodiments, such processing circuitry may be coupled to a network interface of computing architecture 1500 .
- the system bus 1508 provides an interface for system components including, but not limited to, the system memory 1506 to the processing unit 1504 .
- the system bus 1508 can be any of several types of bus structure that may further interconnect to a memory bus (with or without a memory controller), a peripheral bus, and a local bus using any of a variety of commercially available bus architectures.
- Interface adapters may connect to the system bus 1508 via a slot architecture.
- Example slot architectures may include without limitation Accelerated Graphics Port (AGP), Card Bus, (Extended) Industry Standard Architecture ((E)ISA), Micro Channel Architecture (MCA), NuBus, Peripheral Component Interconnect (Extended) (PCI(X)), PCI Express, Personal Computer Memory Card International Association (PCMCIA), and the like.
- the system memory 1506 may include various types of computer-readable storage media in the form of one or more higher speed memory units, such as read-only memory (ROM), random-access memory (RAM), dynamic RAM (DRAM), Double-Data-Rate DRAM (DDRAM), synchronous DRAM (SDRAM), static RAM (SRAM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, polymer memory such as ferroelectric polymer memory, ovonic memory, phase change or ferroelectric memory, silicon-oxide-nitride-oxide-silicon (SONOS) memory, magnetic or optical cards, an array of devices such as Redundant Array of Independent Disks (RAID) drives, solid state memory devices (e.g., USB memory, solid state drives (SSD) and any other type of storage media suitable for storing information.
- the system memory 1506 can include non-volatile memory 1510 and/or volatile memory 1512
- the computer 1502 may include various types of computer-readable storage media in the form of one or more lower speed memory units, including an internal (or external) hard disk drive (HDD) 1514 , a magnetic floppy disk drive (FDD) 1516 to read from or write to a removable magnetic disk 1518 , and an optical disk drive 1520 to read from or write to a removable optical disk 1522 (e.g., a CD-ROM or DVD).
- the HDD 1514 , FDD 1516 and optical disk drive 1520 can be connected to the system bus 1508 by a HDD interface 1524 , an FDD interface 1526 and an optical drive interface 1528 , respectively.
- the HDD interface 1524 for external drive implementations can include at least one or both of Universal Serial Bus (USB) and IEEE 1394 interface technologies.
- the drives and associated computer-readable media provide volatile and/or nonvolatile storage of data, data structures, computer-executable instructions, and so forth.
- a number of program modules can be stored in the drives and memory units 1510 , 1512 , including an operating system 1530 , one or more application programs 1532 , other program modules 1534 , and program data 1536 .
- a user can enter commands and information into the computer 1502 through one or more wire/wireless input devices, for example, a keyboard 1538 and a pointing device, such as a mouse 1540 .
- Other input devices may include microphones, infra-red (IR) remote controls, radio-frequency (RF) remote controls, game pads, stylus pens, card readers, dongles, finger print readers, gloves, graphics tablets, joysticks, keyboards, retina readers, touch screens (e.g., capacitive, resistive, etc.), trackballs, trackpads, sensors, styluses, and the like.
- IR infra-red
- RF radio-frequency
- input devices are often connected to the processing unit 1504 through an input device interface 1542 that is coupled to the system bus 1508 , but can be connected by other interfaces such as a parallel port, IEEE 1394 serial port, a game port, a USB port, an IR interface, and so forth.
- a monitor 1544 or other type of display device is also connected to the system bus 1508 via an interface, such as a video adaptor 1546 .
- the monitor 1544 may be internal or external to the computer 1502 .
- a computer typically includes other peripheral output devices, such as speakers, printers, and so forth.
- the computer 1502 may operate in a networked environment using logical connections via wire and/or wireless communications to one or more remote computers, such as a remote computer 1548 .
- the remote computer 1548 can be a workstation, a server computer, a router, a personal computer, portable computer, microprocessor-based entertainment appliance, a peer device or other common network node, and typically includes many or all of the elements described relative to the computer 1502 , although, for purposes of brevity, only a memory/storage device 1550 is illustrated.
- the logical connections depicted include wire/wireless connectivity to a local area network (LAN) 1552 and/or larger networks, for example, a wide area network (WAN) 1554 .
- LAN and WAN networking environments are commonplace in offices and companies, and facilitate enterprise-wide computer networks, such as intranets, all of which may connect to a global communications network, for example, the Internet.
- the computer 1502 When used in a LAN networking environment, the computer 1502 is connected to the LAN 1552 through a wire and/or wireless communication network interface or adaptor 1556 .
- the adaptor 1556 can facilitate wire and/or wireless communications to the LAN 1552 , which may also include a wireless access point disposed thereon for communicating with the wireless functionality of the adaptor 1556 .
- the computer 1502 can include a modem 1558 , or is connected to a communications server on the WAN 1554 , or has other means for establishing communications over the WAN 1554 , such as by way of the Internet.
- the modem 1558 which can be internal or external and a wire and/or wireless device, connects to the system bus 1508 via the input device interface 1542 .
- program modules depicted relative to the computer 1502 can be stored in the remote memory/storage device 1550 . It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers can be used.
- the computer 1502 is operable to communicate with wire and wireless devices or entities using the IEEE 802 family of standards, such as wireless devices operatively disposed in wireless communication (e.g., IEEE 802.16 over-the-air modulation techniques).
- wireless communication e.g., IEEE 802.16 over-the-air modulation techniques.
- the communication can be a predefined structure as with a conventional network or simply an ad hoc communication between at least two devices.
- Wi-Fi networks use radio technologies called IEEE 802.11x (a, b, g, n, etc.) to provide secure, reliable, fast wireless connectivity.
- a Wi-Fi network can be used to connect computers to each other, to the Internet, and to wire networks (which use IEEE 802.3-related media and functions).
- Coupled and “connected” along with their derivatives. These terms are not intended as synonyms for each other. For example, some embodiments may be described using the terms “connected” and/or “coupled” to indicate that two or more elements are in direct physical or electrical contact with each other. The term “coupled,” however, may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.
- processing refers to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulates and/or transforms data represented as physical quantities (e.g., electronic) within the computing system’s registers and/or memories into other data similarly represented as physical quantities within the computing system’s memories, registers or other such information storage, transmission or display devices.
- physical quantities e.g., electronic
- FIG. 16 illustrates an example logic flow 1600 that may be performed by one or more device discussed herein.
- the operations may be performed by a mobile device executing an application to control the devices of a smart system.
- a user may utilize a single application to control and operate smart devices including smart access devices and smart home devices.
- the application is configured to control smart devices in accordance with one or more wireless protocols, such as a near-field communication (NFC) protocol, a cellular protocol, a Bluetooth low energy (BLE) protocol, an 802.11 protocol, a Zigbee protocol, and a z-wave protocol, and so forth.
- NFC near-field communication
- BLE Bluetooth low energy
- 802.11 802.11 protocol
- Zigbee protocol Zigbee protocol
- a z-wave protocol a z-wave protocol
- the logic flow 1600 establishes a connection with a smart lock of the smart system.
- a mobile device including an application may detect and/or determine that a user wants to perform an action on a smart device. The detection may be based on a user input detected by the mobile device and the mobile device may establish a connection with the smart lock. In some instances, the mobile device may establish a connection with the smart lock automatically, e.g., when the smart lock is within range of the mobile device.
- the logic flow 1600 determines a device of the smart system and an action to perform by the device.
- the mobile device including the application may receive a user input selecting a particular smart device and an action to be performed by the smart device.
- the logic flow 1600 communicates a request to perform the action to the smart lock of the smart system.
- the request may include information that may be used by the smart lock to cause the action.
- the request may include identifying information to identify the smart device and information to indicate which action is to be performed.
- the mobile device including the application may receive an indication that the action was successfully perform and/or was not successfully performed.
- the mobile device including the application may be configured to control smart devices on third-party cloud-based computing system.
- the mobile device may communicate information to the smart lock and the smart lock may communicate with a smart device on the third-party cloud-based computing system.
- the mobile device including the application may communicate directly with a smart device on the third-party cloud-based computing system.
- FIG. 17 illustrates an example logic flow 1700 that may be performed by one or more device discussed herein.
- the operations may be performed by smart device, such as a smart lock to control one or more other smart devices.
- the smart lock may be configured to control smart devices in accordance with one or more wireless protocols.
- the smart lock may communicate on a third-party cloud-based computing system to control third-party smart devices.
- the logic flow 1700 receives a request to cause an action on a device.
- a smart lock may receive a request including information to identify a device and an action to perform on the device from a mobile device.
- the request may be received from a mobile device after a connection is established with the mobile device.
- the logic flow 1700 determines a wireless interface from a plurality of wireless interfaces to communicate with the device.
- the smart lock may determine the device to perform the action based on the information received from the mobile device.
- the logic flow 1700 communicates information to cause the action to the device.
- the smart lock may communicate one or more commands or instructions to the device to cause the device to perform the action.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Automation & Control Theory (AREA)
- General Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Multimedia (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Lock And Its Accessories (AREA)
- Telephonic Communication Services (AREA)
- Selective Calling Equipment (AREA)
Abstract
Embodiments are generally directed to systems, devices, methods, and techniques to control devices via a mobile device platform in a smart building system. Embodiments further include techniques to determine a device of the smart building system and an action to perform by the device. The techniques include establishing, a connection with a smart lock of the smart system, and communicating a request to perform the action to the smart lock of the smart system.
Description
- This application is a Continuation of U.S. Pat. Application No. 17/473,417, filed on Sep. 13, 2021, which is a Continuation of U.S. Pat. Application No. 17/085,160, filed on Oct. 30, 2021, which is a Non-Provisional of U.S. Provisional Application No. 62/946,167, filed on Dec. 10, 2019, and also a Non-Provisional of U.S. Provisional Application No. 62/933,023, filed on Nov. 8, 2019. The contents of both aforementioned patent applications are incorporated herein by reference in their entireties.
- The present invention relates to smart devices, and more particularly to smart building systems that integrate access point and smart device systems.
- Smart access control systems can implement smart access control devices, electronic door activating hardware, and a backend system that together can manage credentials and authorizations. The readers receive credentials from users (for example, via a mobile device) and determine whether that user is authorized to perform its desired action, e.g., be allowed access to a particular area. If it is determined that the user is authorized to perform its desired action, the access control device or an associated access device can unlock the electronic door activating hardware.
- Traditional access control systems lack the ability to integrate with other smart building and home devices. Smart devices can include, for example, devices that are capable of being controlled remotely through a networking protocol, such as, but not limited to Internet Protocol (IP), Bluetooth, Zigbee, or Z-wave. Furthermore, building management companies who install smart devices in common areas and restricted spaces within the building (e.g., an apartment or gym) must coordinate many different types of credentials across many different types of systems.
-
FIGS. 1A-1B are diagrams showing system architectures for smart building and home systems, according to some embodiments. -
FIG. 2 is a diagram showing an example implementation of a smart building system, according to some embodiments. -
FIGS. 3A-3D are diagrams representing the contents of credentials, according to some embodiments. -
FIGS. 4A-4B show a credential verification process and token for the same, according to some embodiments. -
FIG. 5 is a flow diagram showing a verification process for a plurality of credentials, according to some embodiments. -
FIG. 6 is a flow diagram showing a process for pairing one or more smart devices with a hub, according to some embodiments. -
FIG. 7 is a flow diagram showing a move in process for a building, according to some embodiments. -
FIG. 8 is a block diagram showing a beacon-based access system, according to some embodiments. -
FIGS. 9A-9D are block diagrams showing operation of beacon-based access systems, according to some embodiments. -
FIG. 10 is a block diagram showing a beacon-based access system, according to some embodiments. -
FIG. 11 is a block diagram of a smart lock, according to some embodiments. -
FIG. 12 is a block diagram of a smart intercom, according to some embodiments. -
FIG. 13 is a block diagram of a smart hub, according to some embodiments. -
FIG. 14 is a block diagram of a smart access reader, according to some embodiments. -
FIG. 15 is an example of a system in accordance with embodiments discussed herein. -
FIG. 16 is an example of a processing flow in accordance with embodiments discussed herein. -
FIG. 17 is an example of a processing flow in accordance with embodiments discussed herein. - In some embodiments, an integrated smart building access and smart device system are disclosed. The integrated system allows for a centralized credentialing process to provision and administer operation of access points and smart devices. Embodiments of the present disclosure increase operational efficiency, reduce errors from maintaining user information in multiple systems, increase security, reduce energy costs by allowing property managers to regulate the temperature of unoccupied areas, and provide users with unique amenities that can be costly or burdensome to administer without centralized credentialing. Furthermore, users of the system can control, manage, and gain access to access points and devices using a single interface, such as an application or web interface.
-
FIG. 1A is a diagram showing a system architecture for a smart building system, according to some embodiments. The smart building system can include one or more of a cloud-basedcomputing system 100, at least one smartaccess control device 110, at least onebeacon 115, at least oneaccess device 120, at least one NFC orRFID reader 130, at least oneintercom 140, at least onemonitoring device 150, at least onemobile device 160, at least one access card 165, at least one voice-over-IP (VOIP)network 170, at least one video management system (VMS)network 175, amanagement gateway 180, at least onesmart hub 190, at least onesmart device 195, a third party cloud basedcomputing system 101, or at least onebeacon 196. - In some embodiments, cloud-based
computing system 100 includes one or more remote servers that can communicate with remote devices over a communications pathway, such as the internet or a cellular network. Cloud-basedcomputing system 100 can store information about users of the smart building system, connect with amanagement gateway 180 to provide for management of the smart building system, and provide access and sharing privileges (e.g., via provisioning of credentials) for usage of the smart building system.Management gateway 180 can be any type of computing device such as, but not limited to a desktop or laptop computer, a smart phone, a tablet, a server, etc. Cloud-basedcomputing system 100 can further provide monitoring and/or alert functionalities, as described in more detail below. - In some embodiments, the smart building system can include one or more access technologies that permit access to access points (such as doors) in the smart building systems based on credentials generated by the cloud-based
computing system 100. For example, one or more smartaccess control devices 110 can include an integrated electronically actuated lock, which locks or unlocks upon receiving and authenticating a valid credential generated by cloud-basedcomputing system 100. In some embodiments, a separate remote card or signal reader, such as an NFC or RFID reader 130 (e.g., at a garage door or elevator) can provide information to anaccess control device 110 to determine whether an entrant (e.g., into a garage or elevator) is authorized. In some embodiments, aseparate access device 120 such as a control panel on an elevator or an automatic garage door opener can receive a credential from the NFC orRFID reader 130 and/oraccess control device 110 and provide for access to other access points such as a garage door or elevator, respectively, upon authentication of the valid credential. In some embodiments, as described in more detail below, abeacon 115 can be associated with a smartaccess control device 110, an access device, or both. As described in more detail below, thebeacon 115 can contain information to assist with gaining access to the access point. In some embodiments, thebeacon 115 can be a near field communication (NFC) tag, a QR code, BLE device, or other physical beacon that allows for encoding a link to tell the system what action to perform. -
FIG. 11 is a block diagram of asmart lock 1100, according to some embodiments. As shown inFIG. 11 , thesmart lock 1100 can include a processor/storage module 1110, an array of communication interfaces including transceivers (e.g.,NFC transceiver 1120,cellular network transceiver 1122,BLE transceiver 1124, and/or RF/WiFi transceiver 1126), a USB interface 1128 (or other serial bus), a touch-sensitive interface 1142, aserial interface 1140, a locking assembly (e.g., including amotor controller 1132, amotor 1134, and deadbolt 1136), abattery 1154, and/or apower management module 1152. The processor/storage module 1110 can include instructions thereon that, when executed, cause it to perform the functions discussed throughout the present disclosure. For example, the processor/storage module 1110 can be configured to receive or transmit information via one ofNFC transceiver 1120,cellular network transceiver 1122, BLEtransceiver 1124, RF/WiFi transceiver 1126, and/orUSB interface 1128. The processor/storage module 1110 can be configured to instruct themotor controller 1132 to control themotor 1134 to unlock thedeadbolt 1136. The processor/storage module 1110 can be configured to identify the presence or absence of a person or object using information from aserial interface 1140, such as a camera, or proximity sensing using the touch interface. The processor/storage module 1110 can be configured to receive user input via a touch interface 1142. The processor/storage module 1110 can be configured to instructpower management module 1152 to control thebattery 1154 and use thereof to power any of the elements in thesmart lock 1100. In some embodiments, the features and components of thesmart hub 1300 may be integrated into anaccess control device 110, such assmart lock 1100. In other words, thesmart lock 1100 may operate as a smart hub, as discussed herein. -
FIG. 14 is a block diagram of asmart access reader 1400, according to some embodiments. As shown inFIG. 14 , thesmart access reader 1400 can include a processor/storage module 1410, an array of communications transceivers (e.g.,NFC transceiver 1420,BLE transceiver 1424, and/or RF/WiFi transceiver 1426), anethernet interface 1478, acommunications bus 1494, arelay output 1484 controlled by arelay controller 1482,touch interface 1499, and/or apower input 1454 regulated bypower management module 1452. The processor/storage module 1410 can include instructions thereon that, when executed, cause it to perform the functions discussed throughout the present disclosure. For example, the processor/storage module 1410 can be configured to receive or transmit information via one ofNFC transceiver 1420,BLE transceiver 1424, RF/WiFi transceiver 1426, and/orethernet interface 1478. The processor/storage module 1410 can be configured to instructrelay controller 1482 to control arelay output 1484 to actuate a relay in another device. The processor/storage module 1410 can be configured to receive or transmit information viacommunications bus 1494, for example to tell an elevator which floors can be accessed. The processor/storage module 1410 can be configured to instructpower management module 1452 to control and/or monitor thepower input 1454 and use thereof to power any of the elements in thesmart access reader 1400. In some embodiments, thesmart access reader 1400 can receive user input, such as a PIN or password, via atouch interface 1499 in communication with the processor/storage module 1410. The processor/storage module 1410 can process the received input, for example as described throughout the present disclosure. - With reference again to
FIG. 1A , in some embodiments, anintercom 140 can be installed at one or more access points.Intercom 140 can be any type of intercom, including, but not limited to a virtual intercom or a smart intercom.Intercom 140 can monitor an access point, for example by providing audio and/or video monitoring, and provide remote access to monitoring data for security, authentication, or other purposes. -
FIG. 12 is a block diagram of a smart intercom 1200, according to some embodiments. As shown inFIG. 12 , the smart intercom 1200 can include a processor/storage module 1210, an array of communications transceivers (e.g.,cellular network transceiver 1222,BLE transceiver 1224, RF/WiFi transceiver 1226), aUSB interface 1228, an ethernet interface 1278, apower input 1254 regulated bypower management module 1252, asensor block 1246, a microphone and speaker 1242 (which may be separate elements), aserial interface 1240, and/or a display andbutton interface 1260 controllable by a display &button controller 1262. The processor/storage module 1210 can include instructions thereon that, when executed, cause it to perform the functions discussed throughout the present disclosure. For example, the processor/storage module 1210 can be configured to receive or transmit information via one ofcellular network transceiver 1222,BLE transceiver 1224, RF/WiFi transceiver 1226,USB interface 1228, and/or ethernet interface 1278. The processor/storage module 1210 can be configured to receive user input via the display andbutton interface 1260 controllable by a display &button controller 1262. The processor/storage module 1210 can be configured to display information, images, or video via the display andbutton interface 1260 controllable by a display &button controller 1262. The processor/storage module 1210 can be configured to receive input via theserial interface 1240, such as image data from a camera. The processor/storage module 1210 can be configured to receive audio input via the microphone of the microphone andspeaker 1242. The processor/storage module 1210 can be configured to cause the speaker of microphone andspeaker 1242 to emit an audio signal. The processor/storage module 1210 can be configured to receive input from sensors of thesensor block 1246. The processor/storage module 1210 can be configured to instructpower management module 1252 to control and/or monitor thepower input 1254 and use thereof to power any of the elements in the smart intercom 1200. - With reference again to
FIG. 1A in some embodiments, the smart building system can include one ormore monitoring devices 150 that monitor an access point or area associated with the smart building system. Monitoringdevices 150 can be any type of monitoring device such as, but not limited to a camera (for capturing image or video data), a microphone (for capturing audio data), an infrared sensor, a motion sensor, a radar detector, water sensor (for leak detection), contact sensor (for sensing when doors or windows are opened, etc. As described in more detail throughout the present disclosure,monitoring device 150 can be used to compile additional data on access attempts. Furthermore,monitoring devices 150 implemented as radar detectors can be configured to monitor traffic patterns within a building - In some embodiments a
monitoring device 150 can be integral with an access control device, such as a smart lock with Bluetooth Low Energy (BLE) capabilities. For example, an integral radar sensor can detect moving objects and check for correlations with BLE proximity unlocking attempts. If an object is detected with no correlating unlocking attempt, an event can be logged (as described in more detail below) indicating a potential unauthorized access attempt. In some embodiments, a radar detector can further identify obstructions in proximity to the access control device that may interfere with a wireless signal to be emitted by the access control device, such as an RF or wireless signal. The access control device or device can then adjust the strength of the emitted wireless signal and/or notify an installer of the potential interference. - In some embodiments, a user can gain access to an access point and other elements in the smart building system by using one or more of a
mobile device 160, an access card 165, or a door code.Mobile device 160 can receive one or more credentials from the cloud-basedcomputing system 100 and provide the one or more credentials to an element in the smart building system in order to gain access. As described in more detail throughout the present disclosure, using the cloud-basedcomputing system 100 to control credential generation for multiple components in the system, can provide a number of benefits. For example, when implemented in an apartment building, an apartment building manager can seamlessly control access to common areas in the apartment building, manage access to apartments and smart devices contained therein, monitor access throughout the apartment building including access to common or shared devices or areas for security purposes, monitor usage and problems with smart appliances, share management privileges or portions thereof with others using the smart building system (e.g., permit tenants to manage guest access), show available units to potential tenants without requiring a manager to be present, facilitate apartment turnover, facilitate maintenance or service provider access to particular areas and/or devices/appliances, etc. In addition, users of the smart building system, such as tenants, can use a single application on their mobile device to access their apartment, common areas, and shared smart devices; permit guest or service provider access to devices or areas, control and manage smart home devices, monitor smart home devices and areas to which the user has access, etc. - In some embodiments, one or more of the access technologies can also have backward compatibility with credentials that were not generated by the cloud-based
computing system 100. For example, the NFC orRFID reader 130 or smartaccess control device 110 can be configured to accept a credential from an access card 165 that was previously used in a building before the smart building system was installed. For example, when installing a smart building system, an existing access control device can be replaced with a smart access control device as described in more detail in U.S. Pat. Application Serial No. 15/342,911 titled “Systems and methods for controlling access to physical space.” An access card 165 used with the previous access reader can then be used with the smart access controller. - As shown in
FIG. 1A , elements in the smart building system are communicating using various communication types in order to facilitate access to various areas and usage of various devices. For example,mobile device 160 can receive credentials for a particular access point, such as NFC orRFID reader 130 or access control device (smart lock) 110, from the cloud-basedcomputing system 100 or by reading an RFID access card 165.Mobile device 160 or access card 165 can provide a credential to NFC orRFID reader 130 to gain access to an access point. For example, the NFC orRFID reader 130 may receive the credential and may provide the credential to theaccess control device 110 using, for example, a Wiegand code, which can then unlock an integral smart lock or instruct anotheraccess device 120 to provide access via another Wiegand code. The NFC orRFID reader 130 may provide the communicate with theaccess control device 110 via a wireless (WiFi, Bluetooth, NFC, etc.) and/or wired connection. While the present disclosure discusses the use of Wiegand codes for many different applications, other protocols, such as but not limited to IP, can be used in place thereof. - In another example, a
mobile device 160 may present a credential directly to an access control deviceaccess control device 110 using, for example, Bluetooth, NFC, WiFi, cellular network communication (e.g., SMS), or other connection type or combination thereof. If the access control deviceaccess control device 110 is a smart lock, it can unlock the access point upon authenticating the valid credential. In some embodiments, the access control deviceaccess control device 110 instructs anotheraccess device 120, such as an elevator or garage door, to provide access to an access point, for example by transmitting a Wiegand code over a wired or wireless connection. - In another example, a user can provide access to an access point remotely. In some embodiments, the user can use a user
mobile device 160 to request that access control deviceaccess control device 110 provide access, either by unlocking an integral electrically actuated lock or instructing anaccess device 120 to provide access. For example, a user can use an application or web terminal on themobile device 160 to transmit to the cloud-based computing system 100 a request to provide access. The request can be transmitted over a WiFi, cellular network, or other type of connection or any combination thereof. Thecloud 100 can then provide a valid credential to the access control deviceaccess control device 110, for example via a WiFi or cellular network connection or combination thereof, which will then provide access to the access point upon authenticating the valid credential. In some embodiments, themobile device 160 can provide the credential directly to the access control deviceaccess control device 110 via a BLE, NFC, WiFi, cellular network, or other connection or combination thereof to provide access to the access point. - The smart building system can also facilitate requests for access, according to some embodiments. For example, a service provider or guest may arrive at the access point and request access via, for example, the
intercom 140.Intercom 140 can collect and relay data, including video data, audio data, and user input relating to the request for access to the cloud-basedcomputing system 100 via, for example, an ethernet, WiFi, cellular network, or other connection type or combination thereof for storage and/or transmission to the usermobile device 160. In some embodiments, the information can be relayed to a third party, such as a concierge, who can initiate a two-way video call with the visitor to welcome the visitor to the building or ask questions of the visitor to determine whether access should be granted. In some embodiments, the cloud-basedcomputing system 100 and/or theintercom 140 can transmit at least some of the data to the usermobile device 160 to indicate that a guest has arrived at the building and is requesting access. In some embodiments, data is transmitted via aVOIP network 170 orVMS network 175. In some embodiments, the user can transmit video, audio, or other data from the usermobile device 160 to theintercom 140 via similar connections, such as WiFi, cellular network,VOIP network 170,VMS network 175, or any other type of connection type or combination thereof, which can be displayed to the guest. Data can optionally be stored on the cloud-basedcomputing system 100. If the user wants to provide access to the guest, the user can request, via the usermobile device 160, either directly to theaccess control device 110, via the intercom’s 140 connection to the access control device, or via the cloud-basedcomputing system 100 to either the intercom or reader that the guest be provided access. In some embodiments, the user can request that the cloud-basedcomputing system 100 provide a credential to the guest that can then be provided to theaccess control device 110 to gain access to the access point. In some embodiments, the requested credential can be transmitted to a mobile device of the guest. As described in more detail below, the guest credential can include additional credentials relating to other access points and devices in the building in order to enable the guest to fulfil the purpose of the visit. In some embodiments, data collected via anintercom 140 and/or usermobile device 160 can be provided to themanagement gateway 180, for example viaVMS network 175 or through the cloud-basedcomputing system 100. - In some embodiments, the
intercom 140 can be avirtual intercom 140. The virtual intercom can be implemented as a QR code or another indication or coded link, on a user mobile device 160 (e.g., a guest’s mobile device), or method for accessing a virtual intercom interface on the web or through an application on the usermobile device 160. In some embodiments, the guest simply looks up a virtual intercom on a mobile application or website by entering in the address of the building. Once the guest’s usermobile device 160 has accessed the virtual intercom interface, the guest can contact the recipient (e.g., an occupant of the building associated with the virtual intercom 140) via a plurality of methods, including, but not limited to, placing an IP call (e.g., using audio or video), sending a text message to the recipient, POTS call, or otherwise notifying the recipient that the guest is seeking access to the access point. - In some embodiments,
monitoring device 150 in the smart building system can provide data to one or more of the cloud-basedcomputing system 100, themanagement gateway 180, and the usermobile device 160. As shown inFIG. 1A , in some embodiments this information can be provided via a connection such asVMS network 175, Bluetooth, WiFi, or Zigbee, either directly to themanagement gateway 180 or usermobile device 160, or to the cloud-basedcomputing system 100. The user or manager may access data stored on the cloud-basedcomputing system 100 in accordance with permissions. For example, if amonitoring device 150 is installed in a user’s apartment, only the user may be able to gain access. The user can then have the option of permitting access to the manager for the data in the event of a suspected break-in or other emergency. Similarly, in some embodiments the manager is the only entity permitted to access data in the cloud-basedcomputing system 100 from amonitoring device 150 installed in a common area of the building. In some embodiments, the cloud-basedcomputing system 100 can be configured to give a tenant access to monitoring data under certain limited conditions, such as when the user has recently permitted guest access or when there is a suspected break-in. - In some embodiments, the smart building system can include one or more
smart devices 195. Smart devices can include, but are not limited to, smart thermostats, smart outlets, smart home appliances, smart speakers, smart exercise equipment, smart leak detectors, smart shades, etc. Smart devices can interface with other elements in the smart building system, such as asmart hub 190, to receive commands or data, transmit data, receive information about user preferences, etc. As described in more detail below,smart devices 195 can be associated with a particular area within the smart building system. For example, a credential generated by the cloud-basedcomputing system 100 can be used to determine access to thesmart devices 195, and/or to determine which users have permissions to control particular settings or attributes of thesmart devices 195. In some embodiments, theaccess control device 110, such as a smart door lock, can perform both the functions of theaccess control device 110 andsmart hub 190. In some embodiments, credentials are broken down into a sub-unit level. For example, in a shared dorm room, all residents may have access to a common smart thermostat, while only some may have access to smart lights in each respective dorm room. -
FIG. 13 is a block diagram of asmart hub 1300, according to some embodiments. As shown inFIG. 13 , thesmart hub 1300 can include a processor/storage module 1310, an array of transceivers (e.g.,cellular network transceiver 1322,BLE transceiver 1324,WiFi transceiver 1326,Zigbee transceiver 1372, Z-wave transceiver 1374), anethernet interface 1378, and/or a power input 1354 regulated bypower management module 1352. The processor/storage module 1310 can include instructions thereon that, when executed, cause it to perform the functions discussed throughout the present disclosure. For example, the processor/storage module 1310 can be configured to receive or transmit information via one ofcellular network transceiver 1322,BLE transceiver 1324, RF/WiFi transceiver 1326, USB interface 1328,ethernet interface 1378,Zigbee transceiver 1372, and/or Z-wave transceiver 1374. The processor/storage module 1210 can be configured to instructpower management module 1352 to control and/or monitor the power input 1354 and use thereof to power any of the elements in thesmart hub 1300. - With reference again to
FIG. 1A , in some embodiments, the third-party cloud-basedcomputing system 101 can be associated with a third party that sells, manufactures, or is otherwise associated with one or more particularsmart devices 195 or access control devices 110 (e.g., smart locks). As described in more detail below, the third-party cloud-basedcomputing system 101 can be involved in gaining access to or otherwise controllingsmart devices 195. Third-party cloud-basedcomputing system 101 can communicate with different elements in the smart building system such as, but not limited to themobile device 160 and/or the cloud-basedcomputing system 100. In some embodiments, the third-party cloud-basedcomputing system 101 can communicate with themobile device 160, the cloud-basedcomputing system 100, ansmart device 195, anaccess control device 110, or any combination thereof via, for example, a wireless or wired internet connection or a cellular network. access control device - In some embodiments, particular areas, such as, but not limited to apartments, can be associated in the cloud-based
computing system 100 with asmart hub 190 oraccess control device 110 associated with and/or integrated with thesmart hub 190. Associating Smart hubs with particular areas, such as apartments, can streamline smart building management, monitoring, and access functions. For example, when a user or manager requests (e.g., via usermobile device 160 or management gateway 180) that cloud-basedcomputing system 100 provide to a user access credentials to an area, such as, but not limited to a guest, service provider, new tenant, the user or manager can also request cloud-basedcomputing system 100 to coordinate credentialing forsmart devices 195 associated with the area. Thesmart hub 190 oraccess control device 110 can communicate wirelessly (for example, over Bluetooth, a wireless network, Zigbee, or a cellular network) with thesmart devices 195. In some embodiments,smart hub 190 oraccess control device 110 can serve as a WiFi hotspot that provides local area WiFi networking for the area (e.g., apartment or common space) by broadcasting an internet connection received via an ethernet, WiFi, or cellular connection. In some embodiments, communications between thesmart device 195 and thesmart hub 190 oraccess control device 110 can include, but are not limited to providing commands, providing software updates, providing settings changes, transmitting data, etc. Communications can be sent using a variety of formats or standards, including, but not limited to Zigbee or Bluetooth. Thesmart hub 190 oraccess control device 110 can communicate with the cloud-basedcomputing system 100 to receive or transmit communications, or directly with the usermobile device 160. In some embodiments, thesmart home devices 195 can communicate directly with cloud-basedcomputing system 100, for example via a WiFi, a cellular network, or any other communication type. In some embodiments, abeacon 196 can be associated with asmart home device 195. As described in more detail below, thebeacon 196 can contain information to assist with gaining access to or controlling thesmart home device 195. In some embodiments, thebeacon 196 can be a near field communication (NFC) tag, a QR code, BLE device identifier, RFID tag, or other physical beacon (e.g., an image with encoded data or an audio beacon broadcasting a link via audible or ultrasonic code) that allows for encoding a link to tell the system what action to perform. - In some embodiments, when a manager or user requests that a guest receive temporary access to one or more access points in the building, because the cloud-based
computing system 100 is responsible for all credentialing across the smart building system, the manager or user can more easily provide appropriate credentials for all access points and devices related to that guest’s visit. For example, when a tenant requires service from a third party, such as a technician for a broken heating system, the tenant can request that the cloud-basedcomputing system 100 provide credentials to the technician that allow for access to any access point leading up to the tenants apartment, the access point to the tenants apartment, and to change settings on the smart thermostat that controls the broken heating system all from one application on the usermobile device 160 of the technician, and without requiring the technician to seek separate credentials relating to each access point or smart device involved in the visit. Further, where time-limited credentials are used, each credential can be coordinated on the same time frame and in a way that works together (e.g., the credential for changing settings on the smart thermostat is only valid after use of a credential to enter the apartment) to increase security, ease of access, etc. In another example, when a tenant moves out of an apartment, a building manager can easily instruct cloud-basedcomputing system 100 to transfer privileges to a new tenant, including privileges to access anaccess control reader 110 such as a smart lock, and all associated smart home devices including fixtures like smart appliances, smart thermostats, etc. In some embodiments, by using the same credentials across the entire system, building managers can more easily manage their buildings. In some embodiments, by using the same credentials across the entire system, users of the system can more easily share access to their properties and/or devices to guests, such as friends or those visiting for a short-stay accommodation. Users can gain, grant, and exercise access to multiple different locations using the same interface. Smart home control permissions can also automatically and/or temporarily transfer from a host to a guest in a short-stay accommodation, preserving the Guest’s privacy and security without granting carte blanche access by the host. - In some embodiments, security measures are put in place whenever a credential is transmitted from one element to another. For example, transport of credentials over a public network can be conducted using a transport layer security (TLS) protocol, or equivalent protocol. In some embodiments, an exception can be made for BLE transfers (or Zigbee, Z-wave, NFC) executed for unlocking events. In some embodiments, all credentials stored on mobile devices and/or in other elements are stored in an encrypted state. When in use (e.g., when transmitted for validation) other encryption and security techniques can be used.
-
FIG. 1B is a diagram showing a system architecture for an individual smart home system, according to some embodiments. As shown inFIG. 1B , a smart home system can include similar elements to the smart building system and operate similarly to the operation described above. In some embodiments, the functionality ofintercom 140 can be transferred to theaccess control device 110, which can, for example, record video or audio of a guest at an access point and provide such data to the cloud-basedcomputing system 100 and/or the usermobile device 160 in order to determine whether to grant access to the guest and/or for security purposes.Access control device 110, such as a smart lock, can still act as a smart home hub, thereby facilitating access to other connected devices in the individual smart home system and provisioning of access to guests and service providers, lessees, or new owners after sale of the home. - In some embodiments, both individual smart home systems (e.g., that shown in
FIG. 1B ) and smart building systems (e.g., that shown inFIG. 1A ) can interface with the same cloud-basedcomputing system 100. Accordingly, users and managers can easily gain and transfer access to both access points and associated smart devices. -
FIG. 2 is a diagram showing an example implementation of a smart building system, according to some embodiments. While the elements inFIG. 2 are discussed in relation to an implementation in an apartment building, a person of ordinary skill in the art would understand from the present disclosure that a smart building system can be implemented in any type or types of building, such as, but not limited to office buildings, single-resident buildings, hotels, governmental buildings, academic buildings, dormitories, transportation buildings (e.g., airports or bus stations), etc. - As shown in the example of
FIG. 2 , in some embodiments, the smart building system is installed in anapartment building 200 having one or more areas such as, but not limited to, an entry point (main entrance) 201, agarage entrance 209, acommon area 206, a restrictedcommon area 207, anelevator 208, amanagement area 204, and one ormore residences FIG. 2 , each of theentry point 201, restricted common area 207 (such as a gym), amanagement area 204,elevator 208,garage entrance 209, andresidences access control devices access control devices access control devices access control devices access control devices elevator control panel 228 orgarage door opener 229. In some embodiments, one or more of theaccess control devices RFID reader garage door opener 229. - In some embodiments, one or more of the
access control devices - As shown in
FIG. 2 , in some embodiments, one or more of the access points and the areas can include a monitoring device, such asmonitoring devices devices monitoring devices monitoring devices control devices monitoring devices monitoring devices apartment 202 andcommon area 206, respectively. - As shown in
FIG. 2 , in some embodiments, thebuilding 200 can further include additional access points, such as agarage entrance 209 or anelevator 208. Each of thegarage entrance 209 and theelevator 208 can include a device for receiving access credentials. For example,elevator 208 is associated with anelevator control panel 228, such as an elevator control panel. Theelevator control panel 228 can receive an access credential from a user, for example using any of the technologies described above such as theaccess control device 218 and provide a signal to the elevator to permit access when the credential is authorized. In some embodiments, as described in more detail below, access can be limited to particular floors accessible by the elevator.Access control reader 218 can therefore provide theelevator control panel 228 of theelevator 208 with, for example, information about which floors are to be accessed using, for example, Wigand codes or another type of communication. Similarly,garage entrance 209 can include agarage door opener 229, which can, for example, receive communications from anaccess control device 219 connected to anRFID reader 239. When the correct credential or credentials are provided to theRFID reader 239,access control device 219, and agarage door opener 229 that can open the garage door or garage gate. In some embodiments,garage door opener 229 can receive instructions to open the garage door fromaccess control device 219 via, for example, Wiegand codes provisioned in theaccess control device 219. - As shown in
FIG. 2 , in some embodiments, areas in thebuilding 200 can house additional smart devices connected to the smart building system, such as, but not limited tosmart exercise equipment 297 in thegym 207,manager access device 284,smart outlets smart thermostat 293B, etc. For example, in some embodiments,smart exercise equipment 297 can provide data gathering functions (e.g., heart rate monitoring) that can then be uploaded to a remote server or user device for analytics. In some embodiments,smart exercise equipment 297 can communicate with a remote server to receive customized workout plans, such as an elevation map for an indoor stationary bicycle.Smart outlets Smart thermostat 293B can control the climate (e.g., via heat, air conditioning, and/or humidifier control) of theapartment 203.Smart thermostat 293B can provide various smart functionalities such as, but not limited to, remote control or scheduling via a web interface or API, temperature monitoring, uploading gathered data to a local or remote database, etc. In some embodiments,smart thermostat 293B can receive information from cloud-basedcomputing system 100 about user preferences for users known to be within or to otherwise occupy theapartment 203 and control the climate ofapartment 203 based on such information. As described in more detail below, access to or management of thesmart exercise equipment 297 in thegym 207,manager access device 284,smart outlets smart thermostat 293B can be governed by access credentials generated by the cloud-basedcomputing system 100. - In some embodiments, a user in one of the apartments can use a third-party smart device to interact with other parts of the system. For example, a user may instruct a smart speaker to turn on a light associated with
smart outlet computing system 100. The cloud-basedcomputing system 100 can then send a command with an associated credential to a local smart hub, such as theaccess reader 212, e.g., access control device, orsmart hub 290 which can then send an instruction to a local device, such assmart outlet - In some embodiments, a user can use the
smart hub 290 to access a device without using the Internet, thereby bypassing the cloud-basedcomputing system 100. For example, a user can connect directly to the smart hub 290 (for example using a Bluetooth or WiFi connection) and send an instruction relating to a device to the hub 290 (for example, also using a credential). Thesmart hub 290 can then direct the instruction directly to the smart device, such as a smart lock orsmart outlet 293A. In some embodiments, the smart hub functionality may be implemented in an access control device, such as a smart lock, and the access control device can control smart devices. - In some embodiments, one or more of
smart exercise equipment 297 in thegym 207,manager access device 284,smart outlets smart thermostat 293B can connect to other devices or networks via a connectivity technologies such as, but not limited to WiFi, Bluetooth wired connections, cellular network connectivity, etc. In some embodiments, one or more ofsmart exercise equipment 297 in thegym 207,manager access device 284,smart outlets smart thermostat 293B can connect to a smart hub, such assmart hub 290 inapartment 203 orsmart access device 212 inapartment 202 that can act as an all-in-one smart access reader, smart lock, and smart hub. Smart devices can connect to smart hubs to receive commands, software updates, receive or transmit data, internet connectivity, etc. and to relay information to the cloud-basedcomputing system 100 or other devices such as a user mobile device or management gateway. As described throughout the present disclosure, by integrating credentialing for both theaccess control devices - In some embodiments, smart home devices can be associated with a beacon, such as the
beacon 295 associated withsmart outlet 293A. As described in more detail with reference toFIGS. 8-10 ,beacon 295 can be used to assist with accessing or controlling thesmart outlet 293A. In some embodiments, additional beacons can be provided to assist with access to other devices in the system ofFIG. 2 , such as access points, elevators, etc. In some embodiments,beacon 295 can be an unpowered device that can be read by, for example, a user’s mobile device. - As shown in
FIG. 2 , in some embodiments anintercom 241 can be installed at anaccess point 201 of thebuilding 200.Intercom 241 can possess the same capabilities and connectivity asintercom 140 discussed with reference toFIG. 1A . In some embodiments intercom 240 is a virtual intercom or can be integrated with theaccess control device 211. - In some embodiments,
Intercom 241 can be connected to the cloud-basedcomputing system 100. In such embodiments, theintercom 241 can automatically be updated whenever a tenant moves into thebuilding 200. Similarly,intercom 241 can be automatically configured to send notifications to a new tenant without having to manually alter or reconfigure theintercom 241. In some embodiments, theintercom 241 can have a voice activation feature. For example, a voice activation feature can receive a user command to access a particular apartment or visit a particular resident and process the command, either remotely on the cloud-based computing node or locally by theintercom 241. The voice activation can then, based on the command, identify the access point or resident, and make a call to the resident’s mobile device or a smart speaker associated with the resident. In some embodiments, each resident can gain access, for example using a credential from cloud-basedcomputing system 100, to configure theintercom 241. For example, the resident can configure the name that appears on a user interface of the intercom, what action should be taken when someone tries to reach that resident via the intercom (e.g., whether to send an alert or call to the resident’s mobile device, a connected smart speaker in the user’s residence, initiate a video call with a concierge, etc.), etc. In some embodiments, whenintercom 241 connects to a smart speaker of the resident, the resident can then use the smart speaker to unlock the access point associated with theintercom 241, for example, by sending a credential thereto. - In some embodiments, integrating access control and smart device management into a single system allows for additional functionality. For example, the cloud-based
computing system 100 can be configured to receive event data from smart devices, such as a smart leak sensor, and notify both a tenant and management when a leak is detected. A tenant can then authorize management to access the apartment in order to inspect the problem. Furthermore, a tenant can restrict access to smart devices when a guest is using or is otherwise authorized to use an area. For example, a tenant can power down particular smart devices such as smart speakers, etc. when a service provider is present to prevent the service provider from using smart devices. In some embodiments, a user can configure particular smart device behaviors when a door is unlocked. For example, smart lights can be automatically turned on whenever a particular user gains access to an access point at the front door to their apartment. All of these functions can be implemented into a single application on the user’s mobile device to simplify management and usage and/or improve overall security of the system. -
FIGS. 3A-3D are diagrams representing various credentials generated by a cloud-basedcomputing system 100, such as the cloud-basedcomputing system 100 inFIGS. 1A, 1B, or 1C , according to some embodiments. The credentials shown inFIGS. 3A-3D are merely illustrate examples, and a person of skill in the art would understand from the present disclosure that other credential formats are contemplated. Although the use and operation of the example credentials inFIGS. 3A-3D is described with reference toFIG. 2 , a person of skill in the art would understand from the present disclosure that the same or similar credentials in accordance with the present disclosure would be operable in many different smart building or home applications. -
FIG. 3A is a diagram representing the contents of ageneric credential 300 provided to a user mobile device from a cloud-basedcomputing system 100, according to some embodiments. As shown inFIG. 3A , ageneric credential 300 can include separate fields containing information about one or more ofaccess privileges 310, sharingrights 320, time-to-live (TTL) and/orscheduling restrictions 330,device IDs 340, the credential user’spublic key 350,delivery modality restrictions 360, orsecurity code 370. - Access privileges 310 can include a listing or representation of one or more particular access types, which can include, but are not limited to unlocking or otherwise receiving access from an access control device (e.g., access control devices 211, 217, 214, 218, 219, 212, and 213); keeping a door unlocked; setting up a smart device (e.g., smart devices 292, 293A, 293B, 297, or monitoring devices 252A, 256, 251) and/or pairing it to a particular smart hub (e.g., 212 or 290); updating a settings or a subset of settings on an access control device, smart device, or monitoring device (e.g., access control devices 211, 217, 214, 218, 219, 212, 213, smart devices 292, 293A, 293B, 297, or monitoring devices 252A, 256, 251); performing a firmware update on a device (e.g., access control devices 211, 217, 214, 218, 219, 212, 213, smart devices 292, 293A, 293B, 297, or monitoring devices 252A, 256, 251); controlling a smart device (e.g., smart devices 292, 293A, 293B, 297); receiving or providing information to a monitoring device or intercom (e.g., monitoring devices 252A, 256, 251 or intercom 241), etc.
-
Sharing rights 320 can indicate whether the user of thecredential 300 is authorized to share thecredential 300, and what form that sharing can take (e.g., universal sharing to any user of the system, sharing in accordance with certain restrictions such as during particular hours or to certain subsets of users, etc.). - TTL and/or
scheduling restrictions 330 indicate the time before thecredential 300 expires and/or the times during which the credential can be used before expiration (e.g., expires in 1 week and can be used from 9am to 5pm). -
Device IDs 340 can include a listing or representation of the device IDs of system elements for which the credential is valid (e.g., IDs foraccess control devices smart devices monitoring devices - User’s
public key 350 can be a public key associated with a private key of the user of the credential and/or the user’s mobile device. As described in more detail below, the user’s private key associated with the user’spublic key 350 can be used to encrypt a NONCE received from a device (e.g., a smart access reader or a smart device), which can be provided to a device in order to gain access. A device can then decrypt the NONCE with the public key to determine whether the user is authorized. -
Delivery modality restrictions 360 can be a listing or indication of any restrictions on how a credential can be delivered to a device for authentication. For example, delivery modality restrictions may restrict delivery of a credential or information based on the credential to be delivered only via BLE, or another type of communication type. -
Security code 370 can be any type of security code, for example a certificate signed from a granting authority (e.g., the cloud-based computing node) recognizable by the receiving device (e.g., an access control device or smart device). -
FIG. 4A is a flow diagram showing a user authentication process for using a credential such ascredential 300, according to some embodiments. The credential verification process begins atstep 410, where an external device, such as a user’s mobile device establishes a connection with a lock. AlthoughFIG. 4 refers to processes involving a lock, a person of skill in the art would understand from the present disclosure that other devices can be used, such as, but not limited to, access control devices, smart hubs, smart devices, etc. - After the external device initiates connection with the lock in
step 410, the lock can send a NONCE to the external device instep 420. The NONCE can be any type of NONCE, and can be stored by the lock for use later in the authentication process and for logging purposes. - In
step 430, after receiving the NONCE, the external device generates and sends a token to the lock. The token can be generated using the NONCE received in thestep 420, information contained on the external device, and/or any other information accessible by the external device such as information requested or received from the cloud-basedcomputing system 100 or other information received from the lock. In some embodiments the NONCE is sent to the external device in a BLE communication, or any other type of communication. -
FIG. 4B shows anexample token 400, according to some embodiments. The Token can include at least onecredential 300 retrieved from memory, such as thecredential 300 described with reference toFIG. 3 ; acommand 402, such as a command to unlock, stay unlocked, etc.; acommand argument 403, such as a time period for a device to stay unlocked; a NONCE 404 received from a lock or other device to which the token bearer is attempting to gain access; and asignature 405. In some embodiments, thecommand 402 andcommand argument 403 correspond to one ormore access privileges 310 for adevice ID 340 included in thecredential 300. TheNONCE 404 can be encrypted using the private key of the external device for verification based on thepublic key 352 included in the credential. Thesignature 405 can similarly be signed using a private key of the external device. The token 400 can be provided as a single token, as packets, or using any other packaging or transmission method. In some embodiments, the at least onecredential 300 includes all credentials associated with the unique identifier or group identifier of the lock. In some embodiments a group identifier can be an identifier associated with a structure (e.g., an apartment building) containing multiple UUIDs. - In
step 440 the lock performs a verification on the received token. In some embodiments, the verification can include evaluating one or more evaluation criteria. The evaluation criteria can include one or more of determining whether the signature(s) in the at least one credential(s) 300 was generated by a known authority, such as the could-basedcomputing system 100; determining the validity of thesecurity code 370; determining that the NONCE corresponds to the NONCE transmitted to the external device in step 420 (optionally by decrypting apublic key 350 in the at least one credential 300), determining that thesignature 405 is valid (e.g., properly generated using the private key associated with the public key 350); or determining that the lock’s unique identifier or group identifier is contained in thedevice IDs 340. By determining whether an encrypted NONCE and/orsignature 405 were generated with the properpublic key 350 associated with thecredential 300, the lock can determine that the external device that provided the credential is indeed authorized for thecredential 300. In some embodiments the lock (or another device, such as a cloud-based computing system 100) can determine if the credential has been suspended, for example by comparing to a local black-list or sending a query to the cloud-based computing node to determine if the credential was backlisted. - In
step 450 the lock verifies that the requested command is permitted. For example, the lock can verify that one of the at least onecredential 300 is authorized for thecommand 402 andargument 403 by confirming they correspond to the listedaccess privileges 310 for the lock’sdevice ID 340, and further that the command is submitted in accordance with therestrictions 330. If thecredential 300 was shared, the lock can determine if it was shared in accordance with sharingrights 320. - In embodiments where multiple credentials are transmitted, the lock can apply the one or more verification criteria in
step 440 and the verification instep 450 discussed above to each credential. Such a process is shown inFIG. 5 . The lock can disregard each credential that does not meet one of the verification criteria. If no credentials pass the verification criteria, the lock can abort the transaction with an authorization failed status. In some embodiments, the lock can log or transmit information about a failed verification check. For example, the lock can transmit a message to a specified user or to a building manager with information associated with the failed verification such as information received in thestep 430 and/or any information recorded by the lock or an associated monitoring device in association with the failed verification check. - In the
step 460, the lock causes the requested command to be performed. For example, the lock can instruct a smart hub or a device with which the lock is in communication to perform the requested command. The lock can optionally send the valid credential associated with the requested command so that a smart hub or device can confirm permission for the requested command. - In some embodiments, the lock can maintain a list of each permitted device and action from the at least one
credential 300. In some embodiments, the list is maintained with an order such that only the highest superset is applied. For example, where one credential requires that a photo be taken or logged when granting access, whereas another “higher” credential does not (e.g., it has fewer restrictions), the lock may apply a policy in accordance with the highest credential policy. In some embodiments, where the credentials are readable by the external device, the external device can send the credential with the highest policy. - In some embodiments, when a device, such as an access control device, receives a credential, it can log information about the credential. For example, the access control device can log information about the time of receipt, the source of the credential, and whether the credential is determined to be valid. If an activity is rejected due to an invalid credential, the credential payload (or a portion thereof) can be included within the activity log. If an activity is accepted, activity log can be created that captures relevant information pertaining to the actions the device took after this request. For example, in the case of an unlock, the log can include information on motor states before and after, as well as photo/video/audio data taken from a nearby or integrated monitoring device. Activity commands can also contain information about received commands, data transmitted during performance of an activity, and an identification of the device performing the logging. Activity logs can be transmitted to another device for storage and/or review, such as to
manager access device 284, e.g., manager gateway, a user mobile device, or the cloud-basedcomputing system 100. -
FIG. 3B shows an example set ofcredentials - The
credential 301A can be used to allow a user to access a lock at the user’s residence, such as thesmart access reader 212. As shown inFIG. 3B , the fields of thecredential 301A includeaccess privileges 311A to unlock, update, and FW upgrade, sharingrights 321A that allow for unrestricted sharing, TTL &schedule restrictions 331A which indicate an expiration of 1 week and no scheduling restrictions,device ID 341A of the of the user’ssmart access reader 212, the user’spublic key 351,delivery modality restrictions 361A which are null, andsecurity code 371A. - The
credential 301B can be used to allow a user to access a common area, such as agym 207. As shown inFIG. 3B , the fields of thecredential 301B includeaccess privileges 311B to unlock, sharingrights 321B that allow for unrestricted sharing, TTL &schedule restrictions 331B which indicate an expiration of 1 week and usage only during 9am to 9pm Monday through Saturday,device ID 341B of theaccess control device 217 and smart device (smart exercise equipment) 297, the user’spublic key 351,delivery modality restrictions 361B which are null, andsecurity code 371B. - The
credential 301C can be used to allow a user to access common areas, such asaccess control device 211 andelevator 208. As shown inFIG. 3B , the fields of thecredential 301C includeaccess privileges 311C to unlock andfloors 1 and 2, sharingrights 321C to unrestricted, TTL &schedule restrictions 331C which are set to 1 week,device ID 341C of theaccess control devices public key 351,delivery modality restrictions 361C which are null, andsecurity code 371C. In some embodiment,security code 371C can include a Wiegand code to be provided to anelevator control panel 228 upon successful authentication of a credential by theaccess control device 218. - The
credential 301D can be used to allow a user to control their smart home devices, such as hub andaccess control device 212,internal monitoring device 252B and the connected smart plug oroutlet 292. As shown inFIG. 3B , the fields of thecredential 301D includeaccess privileges 311D to control smart home, sharingrights 321D set to unrestricted, TTL &schedule restrictions 331D which are set to one week,device ID 341D of thesmart access reader 212, the user’spublic key 351,delivery modality restrictions 361D which are null, andsecurity code 371D. Because smart devices are connected to thesmart access reader 212, the UUIDs of each smart device can be but need not be provided in thecredential 301D. - In an example use case for the
credentials access control device 211 at theaccess point 201, e.g., front door, main entry way, main entrance, etc.,credential 301C is sent, in conjunction with a signed NONCE and “unlock door” command, in response to the access control device’s NONCE request. - In another example use case, when the user attempts to go to the
gym 207, thecredential 301B is provided to theaccess control device 217 in conjunction with a signed NONCE and “unlock door” command, in response to the access control device’s NONCE request. Timing restrictions in the credential can be enforced by theaccess control device 217. - In another example use case, when the user attempts to authenticate against the
access control device 212 at their unit entry door,credential 301A is sent, in conjunction with a signed NONCE and “unlock door” command, in response to the lock’s NONCE request. - In another example use case, when the user wants to turn on their room lights using
smart outlet 292, an HTTPS request is sent to the smart hub’s control endpoint (e.g., in the cloud-basedcomputing system 100 or directly from a mobile device), withcredential 301D as a header entry in the request. - In some embodiments, the body of the request contains JavaScript Object Notation (JSON) describing the request (e.g., the action required by the credential), encrypted or signed by the private key of the credential bearer. In some embodiments, periodically (e.g., every two days), the application which handles credentials on the user’s mobile device can request updated credentials to ensure the credentials stay up to date. In another example use case, when the resident’s tenancy/access is scheduled to end, the cloud-based
computing system 100 plans TTLs accordingly to ensure the user doesn’t receive a credential that extends past the tenancy. -
FIG. 3C shows an example set ofcredentials - The
credential 302A can be used to allow a user to access a common area, such as thesmart access reader 211 at theaccess point 201 and theaccess control device 218 on theelevator 208. As shown inFIG. 3C , the fields of thecredential 302A includeaccess privileges 312A to unlock,sharing rights 322A that are null, TTL &schedule restrictions 332A which indicate an expiration of 3 days and no scheduling restrictions, device ID of the accesscontrol device elevator 208, e.g., an access control device located in a elevator,access point 201, the user’spublic key 352,delivery modality restrictions 362A which are null, andsecurity code 372A. - The
credential 302B can be used to allow a user to access their room, such asroom 203. As shown inFIG. 3C , the fields of thecredential 302B includeaccess privileges 312B to unlock, sharingrights 322B that are null, TTL &schedule restrictions 332B which indicate an expiration of 3 days and usage only from check-in time to check-out time,device ID 342B of theaccess control device 213, the user’spublic key 352,delivery modality restrictions 362B which are null, andsecurity code 372B. - A credential similar to that of 301D can be used to allow the guest access to
smart devices credentials FIG. 3A . - In some embodiments, if the guest cancels their stay, a blacklist entry is scheduled for the common area and the suite UUID doors. In some embodiments, a blacklist can be a list of devices that, even when presenting a valid credential, are nonetheless not given access to perform an operation. The blacklist can be provided to an access controller, for example from the cloud-based
computing system 100 via the internet. For example, if a guest is issued a valid credential to access a hotel room but later cancels their reservation, information about the guest’s device or credential can be added to the blacklist and provided to the access controller associated with the hotel room. - Guests that reserve the same room for the same days can be given credentials with greater sequences as added protection. A sequence ID can be, for example, a specified ID that provides an additional way to determine that a credential is invalidated. If a lock is presented a credential with a higher sequence ID than it has encountered before, the sequence ID can be retained and all credentials with a lower sequence ID can be considered to be invalidated. In this way, the cloud-based
computing system 100 can invalidate prior credentials by simply providing an individual with a credential having a higher sequence ID. -
FIG. 3D shows an example set ofcredentials 303A and 303B for when a service provider is provided temporary access to an apartment, according to some embodiments. -
Credentials 303A and 303B are similar to and operate similarly tocredentials service provider 353 and are valid only for 1 day and during the service window (e.g., 12pm to 2pm). - In some embodiments the credential provided from a user device to another device such as a smart access control device or a smart device can include a field for commands. A command can be used, for example, to instruct a device to perform a settings or firmware update, to instruct a device to turn on or off, instruct a device to pair with another device, or any other function. In some embodiments, the command further comprises a firmware update.
- As discussed above, in some embodiments an access control device or a smart hub can be linked to various smart devices in a location such that the cloud-based
computing system 100 can be used for credentialing across access systems and for smart home devices.FIG. 6 is a flow diagram showing a process for pairing one or more smart devices with a hub in the system, such as a smart access controller or a smart hub, according to some embodiments. Instep 610, an installer can compile a list of all smart device codes associated with smart home devices to be paired with a hub, which can be, for example, a smart lock. In some embodiments the installer scans a barcode on the smart device which links or translates to a code associated with each device. In some embodiments the installer can compile a file, such as a .csv file with the codes read from each device. - After compiling the list of device codes, in
step 620 the installer can provide the device codes to the cloud-basedcomputing system 100, for example by sending a list or .csv file. Instep 630 the codes can be assigned to a building or a unit, for example a particular apartment. The assignment can be included in the information provided with the device codes or can be selected via an interface, such as a mobile application or a web interface. The cloud-basedcomputing system 100 can store the list of devices to be paired in association with the assigned location. - In
step 640 the cloud (or a device of the installer) can provide the device codes to the lock. The installer can then place the smart devices and the smart lock in paring mode insteps step 660 the placing of the smart lock in pairing mode can be automatically triggered by the cloud-basedcomputing system 100 receiving the list of device codes. In pairing mode, the smart devices advertise the device codes already stored on the smart lock. Once all devices to be paired are in pairing mode, the lock can automatically pair with devices based on the list of device codes, for example by scanning over Zigbee for devices advertising the device codes in the list. In some embodiments, in this way, when pairing a large number of smart devices with a single smart lock (or other hub), the installer does not need to individually pair each smart device with the lock. This can reduce errors in pairing where a large number of devices are to be paired at once, for example in an apartment building when multiple new smart devices are being installed in many different apartments to different smart locks. In some embodiments, an installer can compile a single list for all units, devices, and locks, and transmit to the cloud-based computing node in one simple step. - By storing associations of smart device hubs with smart devices in the cloud-based
computing system 100, devices can more easily be transferred from one tenant to another, or from one hub to another, or replaced. For example, when a smart device is to be replaced, an installer can simply update the device code in the cloud-basedcomputing system 100, and begin atstep 640 inFIG. 6 . In some embodiments, an installer need only place the new smart device into a pairing mode, which can cause it to search for a network to join. The smart device hub can detect the device in pairing mode, and provide the smart device with a network key to add the device to the network. The cloud-based computing node can then store the install code read by the smart hub in such a way that indicates that the smart hub and device are paired. - In some embodiments, pairing via the cloud-based
computing system 100 enables simple testing of pairings. In some embodiments, an installer or other manager can transmit a request to the cloud-basedcomputing system 100 to confirm successful pairing. The cloud-basedcomputing system 100 can send a test command to the smart lock, which can in turn relay a command to the smart device. The smart lock can then confirm that the smart device has successfully responded to the command. - In some embodiments, WiFi can be more easily swapped or altered. For example, a user can transfer WiFi credentials stored on their mobile device to the smart home hub, e.g., directly or via the cloud-based
computing system 100 using an application or web interface. Furthermore, the hub can the transfer these credentials to each smart home device to permit WiFi access. - In some embodiments, storing pairings of devices in cloud-based
computing system 100 as part of an access system can simplify user and manager experiences. For example, by pairing smart devices to a hub (e.g., a smart lock), a user of the smart device (e.g., a tenant) can use the same application or web interface to control access devices as well as smart home devices. The same credentialing system described throughout the present disclosure can be used both to unlock a dual lock/smart hub and to instruct, via cloud-basedcomputing system 100, the lock to send commands to paired smart home devices. In another example, a manager can easily transfer control of smart home devices by changing the user associated with the unit having an association with smart home devices, vastly simplifying tenant changes when a unit includes smart home devices such as a smart thermostat or smart lights. In another example, managers can give maintenance workers temporary administrative permissions on smart devices that are having problems, allowing maintenance workers to fix the issue without exposing the resident to a larger security risk. In another example, a manager can control smart devices, such as a smart thermostat, in vacant units to maintain energy efficiency without having to manually adjust each unit. In another example, both managers and tenants can receive notifications of problems, such as leaks detected by smart leak detectors. By linking smart access devices and smart sensors such as leak sensors in the same cloud-basedcomputing system 100, managers can easily understand which apartments are experiencing issues without having to maintain a separate list that matches apartments to smart devices. In another example, a manager can more easily manage permissions for particular smart devices in common areas without having to make changes on smart devices or smart hubs. In such an example, a user may receive an updated credential which is valid at a smart device hub, which then provides access to sending commands to associated smart devices. -
FIG. 7 is a flow diagram showing a move in process for an apartment building equipped with both smart access readers and smart home devices, according to some embodiments. As shown inFIG. 7 , in step 710 a user may first receive at least one credential associated with a “move in” action, for example from the cloud-basedcomputing system 100 or from a property manager, at their mobile device. The credential can include a plurality of credentials, each associated with various smart devices in the unit (e.g., smart lights, thermostats, etc. managed by the hub). Instep 720, the user’s mobile device can establish a connection with a smart hub, such as a smart access reader, for example via a web interface or a mobile application. Instep 730, the user’s mobile device can send a “move_in” request token including the credential(s) to the smart hub. Instep 740 the hub can perform a verification, such as that described with reference toFIG. 6A , of the credential(s) and commands in the token. The smart hub can cache or otherwise store information about each authorized credential in accordance with any restrictions, such as TTL restrictions. - In step 750, for all devices that are permitted by the requested credential(s), the smart hub can return a configuration for each permitted smart device to the user’s mobile device, along with endpoints on the hub for how to control them. These endpoints can be pre-configured with, for example, a URI encoded form of the session token stored thereon, to prevent having to credential each time. A user can change a configuration on the smart device to stop storing the URI-encoded form of the session token when the user wants to switch to having to present a credential again. In
step 760, the user can then control the configurations and other features of the smart devices using their user device. Using this process, multiple users can occupy a single unit with a single hub, but only have access to particular smart home devices. For example, if several people are sharing an apartment (i.e. dorm rooms), then all users may be given access to all the common area lights, but only their own bedroom. In some embodiments, a manager can “lock” or “unlock” features in an apartment simply by changing credentials on the cloud-basedcomputing system 100. In this way, a manager can include premium smart home devices in each unit, but only enable them for particular units who pay for the credential. - In some embodiments, the cloud-based
computing system 100 can configure credentials in a way that facilitates the features described throughout the present disclosure while maintaining an efficient storage, processing, transmission, and authorization process. For example, the cloud-basedcomputing system 100 can implement a set of heuristics that balances the transmission size for all applicable resulting credentials for the user, the authentication time and security of the credential, the mode of transmission (NFC, BLE, etc.), and permissions contained within the credential. - In some embodiments, if there are two units or sets of devices/access points for a single user with identical privileges, both can be combined into one entry on the cloud-based
computing system 100. Upon each credential request, the cloud-basedcomputing system 100 can return all credentials. In some embodiments if the user has access to dozens of devices, the entries can be split up individually by unit/set of devices/access points to ensure that the least data is sent on each event. How the cloud-basedcomputing system 100 groups credentials can be user-configurable, manager-configurable, and/or automated by the cloud-basedcomputing system 100. - In some embodiments, restrictions are dependent on various aspects of a credential. For example, a credential’s TTL could be dynamic, with the time based on the modality of delivery. NFC based ones could be configured to be longer-lived, while BLE could be shorter. Such configurations could balance the risk of issuance of longer credentials with the inconvenience of having to keep generating and receiving new ones.
- In some embodiments a credential holder can cryptographically attenuate a credential stored on their device. In such an embodiment, the user can modify a credential that was issued by the cloud-based
computing system 100, and restrict it further temporarily on their local device for transmission externally. For example, a user can modify a credential that allows access to a lock between a certain set of times by attenuating it to be only applicable for a narrow window to share with cleaning staff. A cryptographic chain of trust can be used to verify that the holder was the one that attenuated it, and the original credential was legitimate. In some embodiments, a user can attenuate a credential before it is sent at the point of transmission, to further reduce a security attack. - In some embodiments, third parties authorized for an access point or device (e.g., a service provider) can attenuate a general access credential to a narrower window before issuing it to a specific employee tasked with carrying out a service. If the resident has issued a credential that allows 3-5pm access on M-F, the service could internally attenuate to a 1 h window on the day of service.
- In some embodiments, a user can share access to any smart home devices without having to go through the cloud-based
computing system 100. Instead, the user can simply share an attenuated credential with another user. In some embodiments, attenuation is instead carried out by the cloud-basedcomputing system 100, which would either provide an attenuated credential to the requesting user for transmission to the other user, or directly to the other user. - In some embodiments, once access to an area, such as an apartment, is transferred to a user, such as a tenant, the cloud-based
computing system 100 can change or remove access thereto by any other entity, such as building management, in the database and blacklist any outstanding credentials. In this way, management will lose some or all access to devices now under the purview of a tenant, thereby ensuring privacy to the tenant. In some embodiments, when the tenant moves out of the apartment, the tenant can then transfer access privileges back to management. In some embodiments, when the apartment is first transferred to the tenant, management access is limited or removed for the period until the lease expires. The database can store this expiration date, and transfer control back to management upon expiration of the lease. In some embodiment, activity logs relating to a particular tenant are either transferred to the tenant or destroyed when the tenant moves out. -
FIG. 8 is a block diagram representing a system architecture for a beacon-based access system, according to some embodiments. As shown inFIG. 8 , the system architecture can include a cloud-basedcomputing system 100, a third-party cloud-basedcomputing system 101, amobile device 160, ahub 190, a device 802 (which can be a smart device), and a beacon 800. In some embodiments, thesmart device 802 can be a smart home device, such as thesmart outlets smart thermostat 293B,smart exercise equipment 297, or any other type of smart home device. In some embodiments, thesmart device 802 can be an access control device, such as a smart lock, or an elevator. - As shown in
FIG. 8 , various components in the beacon-based access system can be connected using various types of communication technology, depending on particular implementations. For example, themobile device 160 can communicate with the cloud-basedcomputing system 100 via a WiFi internet connection, a cellular network, and/or any other communication technology. Themobile device 160 can communicate with a third-party cloud-based computing system ordevice 101 using a WiFi connection, a cellular network, and/or any other communication technology. Themobile device 160 can also read information stored or imprinted on the beacon 800 using an NFC reader, a camera (e.g., for capturing pictures of a QR or barcode), and/or any other sensor or an active beacon, such as an active NFC beacon, a BLE beacon, an audio beacon (e.g., ultrasonic encoding), or a display that changes an image such as a QR code. Usermobile device 160 can also communicate with thehub 190 andsmart device 802 via Bluetooth, WiFi, NFC, and/or any other connection technology. Thehub 190 can communicate with thesmart device 802 via Bluetooth, Zigbee, Z-wave, Wifi, a wired serial bus, and/or any other type of communications technology and/or protocol, and can further communicate with the cloud-basedcomputing system 100 and/or third-party cloud-basedcomputing system 101 via a ethernet, WiFi, and/or cellular network connection. The cloud-basedcomputing system 100 and third-party cloud-basedcomputing system 101 can communicated via, for example, an IP connection. -
FIGS. 9A-9D are flow diagrams showing example operation of beacon-based access systems, according to some embodiments. For example,FIG. 9A is a flow diagram showing a beacon-based access system operating via hub control of requests. As shown inFIG. 9A , operation begins instep 910, where themobile device 160 reads the beacon 800. For example, where the beacon 800 is a passive, unpowered NFC tag containing an NFC Data Exchange Format (NDEF) record, the user’smobile device 160 can scan the NFC tag beacon 800 when in proximity thereto and read the NDEF record. In some embodiments, the beacon 800 can include information about an action to be taken with the associateddevice 802. The action can include, for example, a request to unlock a smart lock or a request to change the on/off status of a smart plug. In some embodiments, the beacon 800 can include a beacon ID to identify the beacon from which the information was read. In some embodiments, the information read from the beacon 800 can include an indication or route to an associated mobile application, an indication or information for accessing thedevice 802 associated with the beacon 800. In some embodiments, the information read from the beacon 800 can include a public key or a device key, such as an associateddevice 802 or a nearby smart hub associated with thedevice 802. This public key can be used as part of a security process by the user’smobile device 160 with thedevice 802 or the smart hub, for example as described throughout the present disclosure. For example, the public key can be used alone, or using an Elliptic-curve Diffie-Hellman (ECDH) technique (e.g., either with a key associated with the user’s mobile device 160 (or the user) as the other portion of the curve or with a session key as the second portion). When using an ECDH protocol with a session key, the user’smobile device 160 can compute a session key pair, and ECDHs the private portion with the public key read from the beacon. The resultant ECDH is used by the user’smobile device 160 for communication with thedevice 802 and/or a nearby hub. In a non-session key example, the beacon 800′s public key can be used to encrypt or sign information without use of a session key. - In some embodiments, the information contained in the beacon 800 can be read as a universal resource identifier (URI) such as a universal resource locator (URL), where each portion of the URL indicates a different information type (e.g., with portions being separated by backslashes or dashes, or designated by a particular length). For example, a URI “https://dev-api.latch.com/unlock/A5BCD8A0-295B-4CB1-AA45-0274A73594C6?requestTagID=1234” could be broken down as follows:
- A domain to route requests to a mobile application: “https://dev-api.latch.com/”
- An action to be conducted: “/unlock”
- Information to address the
device 802 associated with the beacon 800 (e.g., a unique arbitrary code): “ASBCD8A0-295B-4CB 1-AA45-0274A73594C6” - Information to capture any additional data that needs to be sent to perform the action, encoded as URI parameters, such as a beacon ID: “?requestTagID=1234”
- A person of skill in the art would understand from the present disclosure that information on the beacon 800 can be read using a variety of different formats, such as various other forms of strings, organized data with particular fields, etc. In some embodiments, where more than one action is/can be conducted, a particular format can be used to indicate or separate different actions within the information read from the beacon 800. In some embodiments a URI scheme can designate particular fields or classes, such as “secKey=...” and “defaultAction=...” in “http://dev-api.latch.com/actionTag?supportedActions=...&requestTagID=...&secKey=...&defaultAction=... &supportedActions=...” where actionTag is a list of key value pairs, secKey indicates a security key, defaultAction is a default action from a list of supported actions in supportedActions, etc. A user can be prompted to select an action where multiple actions are supported. The information described above is non-limiting, and other fields or types of information are contemplated. In some embodiments, if the information is URI encoded on the beacon 800 and delivered with a standard format for transmission of such encoded content, such as QR codes or NFC, the OS of the user’s
mobile device 160 ensure that the user is routed to the appropriate application or web interface. In some embodiments, such as BLE beacons, instructions to reach the appropriate application or web interface can be wrapped in a field in, for example, an Eddystone (e.g., the “Eddystone-URL” field) or iBeacon format, at which point the OS of the user’smobile device 160 can route the information to the desired application or web interface. In some embodiments, where the OS is not capable of appropriately routing to an application or web interface, the user can initiate the appropriate application or web interface, which can read the beacon 800. - At
step 920, the user’smobile device 160 can process the information read from the beacon. In some embodiments, processing can include recognizing and launching a mobile application associated with the information read from the beacon 800 instep 910. For example, where the information read from the beacon 800 is in the form of the URI discussed above, the user’smobile device 160 can recognize a mobile application associated with the domain “https://dev-api.latch.com/” and launch that mobile application. In some embodiments, themobile device 160 then provides the additional information read from the beacon 800 to the mobile application, such as the action to be conducted, the information to address thedevice 802, and any other additional information such as a beacon ID. In some embodiments, where the information read from the beacon 800 does not include information to address the associateddevice 802 and/or determine which actions can be requested, themobile device 160 can communicate with ahub 190 or the cloud-basedcomputing system 100 to obtain such information. In some embodiments themobile device 160 processes the information without using the internet. - During processing, the mobile application can determine whether the user has valid access to the
device 802 associated with the beacon 800 based at least in part on the information read from the beacon 800 (or received from ahub 190 or cloud-based computing system 100). For example, the mobile application can search a set of credentials stored locally on themobile device 160 to determine if there is a valid credential, subject to any access restrictions, for thedevice 802 based on the information to address thedevice 802 and/or the beacon ID of the beacon 800 (e.g., without using the internet). In some embodiments, the mobile application can communicate with the cloud-basedcomputing system 100 or the third-party cloud-basedcomputing system 101 to validate a credential or otherwise determine that the user has valid access to thedevice 802. In some embodiments, the user of themobile device 160 may be prompted to input additional information, such as a username and/or password, to assist with determining whether the user has valid access to thedevice 802. In some embodiments, other forms of authentication are used, such as biometric authentication. In some embodiments, where a virtual intercom is launched on themobile device 160 or a call is initiated with a virtual doorman, the user can be asked to provide additional input or provide a selection of what action to take. Once launched, the virtual intercom or virtual doorman can interact with and/or receive input from the user using voice, text search, link selection, etc. in order to determine which action should be taken. In some embodiments, if the appropriate application is not downloaded on the usermobile device 160, a prompt can be triggered to download the appropriate application. - In
step 930 of the hub-based operation, themobile device 160 connects withnearby hub 190 and requests an action for thedevice 802. For example, in some embodiments, themobile device 160 can search for ahub 190 in proximity to the beacon 800, for example based on the strength of signal of a WiFi or Bluetooth-based hub. In some embodiments, themobile device 160 is already registered with thehub 190, and simply sends a communication to thehub 190 in association with the requested action. The request for an action can include, but is not limited to, an indication of the action to be taken (e.g., the action read from the beacon 800), information about the device 802 (e.g., the information to address thedevice 802 read from the beacon 800), information about themobile device 160 or a user/account associated therewith, and/or the user’s credential or another token to authenticate the request. In some embodiments, communication between themobile device 160 and thehub 190 is performed without connecting to the internet. - In
step 940 thehub 190 authenticates the request, for example using any of the techniques described throughout the present disclosure. In some embodiments, thehub 190 authenticates the request without using to the internet based on information stored on thehub 190. Instep 950, thehub 190 connects with device associated with beacon (e.g., via a BLE, Zigbee, or Z-wave connection) and performs a requested action (e.g., causes thedevice 802 to unlock or change an on/off status), for example as described in more detail throughout the present disclosure. In some embodiments, thehub 190 connects with the device without using to the internet. - In some embodiments, the
device 802 can be operated or otherwise connected to a third party service for controlling access (e.g., integrated with a third-party cloud-based computing system 101) and not otherwise be integrated with or support the functionality associated with the cloud-basedcomputing system 100, such as access logs, varied permissions among users, multiple user support, etc. In such embodiments, thehub 190 can act as an abstraction layer to make the device agnostic to these functions, while still providing such functionality on behalf of the device. For example, if thedevice 802 is a basic smart lock that does not support more than one user (e.g. there is only one valid credential, such as one provisioned during device manufacturing) and/or has no support for time-restricted access, access logs, remote access, etc., thehub 190 can provide such functionality. For example, thehub 190 can pair with the smart lock as the only “user,” and can perform the authentication of permissions, time-restricted access enforcement, logging, etc. in place of the lock, and send the command to “unlock” as the device’s only user when necessary. Rather than presenting the credential to thedevice 802, a user can use the beacon-based operation described with reference toFIGS. 9A or 9B to gain access to thedevice 802. Accordingly, third-party devices that are not configured to be integrated with the smart home or building system ofFIG. 1A can nonetheless be integrated into such a system with full or partial functionality facilitated by thehub 190 and/or beacon 800. - As discussed above, the
device 802 can be one of a number of different types of devices, such as, but not limited to a lock, elevator, smart home device, turnstile, or other type of device capable of interfacing with a smart building system. As described in more detail throughout the present disclosure, the credentials used during the operation of a beacon-based access system can provide access to a number of different features, such as locking or unlocking a door, accessing a particular floor of a building, accessing control of a smart thermostat/light/leak sensor/switch/button/exercise equipment/air quality monitor/etc., powering a device/circuit through a smart switch or connected panel, actuating a window blind, turning on a fan, turning on an appliance, turning on a TV, purchasing an item, renewing a subscription purchase, etc. Accordingly, the same credentialing system can be used across the entire smart building system, even with third-party devices that are not otherwise configured to interface with the smart building system. -
FIG. 9B is a flow diagram showing a beacon-based access system operating via internet/cloud control of requests, according to some embodiments. The operation initially proceeds similarly to the operation described with reference toFIG. 9A . For example, instep 911 themobile device 160 reads the beacon 800 and then processes the read information instep 921. - In
step 931, rather than connecting with ahub 190, themobile device 160 instead sends a communication to a cloud-based computing node to request an action. The communication can be to cloud-basedcomputing system 100 and/or third-party cloud-basedcomputing system 101. The decision to communicate with a cloud-based computing node (FIG. 9B ) rather than hub 190 (FIG. 9A ) can be contained, for example, in the information read from the beacon 800 (e.g., via the format or a field of the information to address the device 802) or hard coded into the mobile application. In some embodiments, communication with a cloud-based computing node can be responsive to a changed or unreachable endpoint or an incorrect action by the mobile application. Like the request to thehub 190 in thestep 930, the request to the cloud-based computing node can include, for example, an indication of the action to be taken (e.g., the action read from the beacon 800), information about the device 802 (e.g., the information to address thedevice 802 read from the beacon 800), information about themobile device 160 or a user/account associated therewith, and/or the user’s credential or another token to authenticate the request. - In
step 941, the cloud-based computing node can authenticate the request from themobile device 160, for example using the techniques described in more detail throughout the present disclosure. In thestep 951, the cloud-based computing node can cause the requested action to be performed on thedevice 802, for example, using the techniques described in more detail throughout the present disclosure. In some embodiments, the cloud-basedcomputing system 100 can send a communication to ahub 190 including a credential and/or an indication of the requested action, which can authenticate the request and perform the action on thedevice 802. In some embodiments, the cloud-basedcomputing system 100 can send a communication including a credential and/or an indication of the requested action directly to thesmart device 802, for example using a WiFi or cellular network, to perform the action. In some embodiments, the cloud-basedcomputing system 100 simply forwards the same request received from themobile device 160 to thehub 190 or thedevice 802. In such embodiments, the cloud-based computing node can skip theauthentication step 941 and instead pass authentication responsibilities to thedevice 802. - In some embodiments, where the device only supports remote access via a third-party cloud-based
computing system 101, the cloud-basedcomputing system 100 can send a communication to the third-party cloud-basedcomputing system 101 requesting the desired action. The third-party cloud-basedcomputing system 101 can then perform the action ondevice 802 using the third party’s own remote actuation processes, which can but do not necessarily require use of ahub 190. Such operation is shown inFIG. 9C , withsteps steps FIG. 9B . Atstep 952 the cloud-basedcomputing system 100 can send a request to a third-party cloud-basedcomputing system 101 to perform the requested action. In some embodiments, such a request involves reformatting some of the information contained in the request received in thestep 932, for example, to match a third party’s proprietary request format. In some embodiments, additional information stored on the cloud-basedcomputing system 100 can be added to the request, such as a third-party or device-specific credential required for authentication with the third-party cloud-basedcomputing system 101. The third-party cloud-basedcomputing system 101 can then authenticate the request, and instruct the deice 302 to perform the requested action using the third party’s remote actuation protocol. In this way, the same process can be used both for devices associated with the cloud-basedcomputing system 100 as well as third-party devices, without having to use different beacons, permissions, and/or mobile applications. Furthermore, in the event that thedevice 802 and/or third-party cloud-basedcomputing system 101 are not integrated with the smart building system’s logging system, cloud-basedcomputing system 100 and/orhub 190 can update applicable logs to include access and use information. - In some embodiments, it may be determined at one of
steps steps device 802. For example, the user may be attempting to access a hotel room for which they do not have a valid credentials or at a time outside the time restrictions of a valid credential.FIG. 9D shows an example process for purchasing access. In a non-limiting example, the process inFIG. 9D can be used, for example, to purchase access to an access device (e.g., a smart lock) associated with a hotel room or other rentable resource such as shared office space, according to some embodiments. As shown inFIG. 9D , atstep 913 the mobile device determines that access is not permitted to thedevice 802. Instep 923, themobile device 160 transmits a communication to cloud-basedcomputing system 100 to determine if access is for sale or rent. Such a communication can include an indication of thedevice 802, for example from information read from beacon 800, and/or information about the requesting party, for example based on information about the user or themobile device 160 stored on themobile device 160. The cloud-basedcomputing system 100 can then return a message instep 933 with information about whether access to thedevice 802 is for sale/rent, and, if so, the applicable rate or rates, terms, and/or other information related to the rentable resource. If access to the device is not currently available for sale/rent, the cloud-basedcomputing system 100 can return a message indicating that the device is not available and can optionally include information about future availability or options to rent (e.g., a contact us link). - In
step 943, if access is for sale or rent, themobile device 160 can prompt the user with options for purchase, including displaying rates, terms, limitations, etc. received from the cloud-basedcomputing system 100 in the step 033. In thestep 953, the user can proceed with the purchase using the mobile device, for example by inputting credit card information or accepting a charge to an account associated with the user ormobile device 160. Instep 963, the cloud-basedcomputing system 100 can generate, store, and/or provide one or more valid credentials for the action with thedevice 802 to themobile device 160 in accordance with any restrictions on access. Instep 973, themobile device 160 continues with valid credentials, for example atsteps FIGS. 9A, 9B, and 9C , respectively. In some embodiments, rather than performing a local authentication via themobile device 160 after receiving the credential, the cloud-based computing node can initiate a remote performance of the desired action that has just been credentialed, rather than making the user perform a local request again. In this way, the desired action can be performed immediately upon grant of a valid credential, while in the future themobile device 160 can perform local requests with the newly issued credential. In some embodiments, rather than proceeding with steps 923-953, the cloud-based computing node can instead confirm whether an account associated with the user’smobile device 160 should have access to thedevice 802. If the answer is yes, then the cloud-based computing node can send the appropriate credential, rather than requiring the user to purchase a credential. - A person of skill in the art would understand based on the present disclosure that purchasing access could occur at other points during the operations described in
FIGS. 9A-9C . For example, if another element such as the third-party cloud-basedcomputing system 101 determines that access is not permitted, a communication could be sent to themobile device 160 to trigger the process ofFIG. 9D . In addition, other credentialing processes could be provided that do not involve purchasing a valid credential. For example, in some embodiments, if a valid credential is not available, rather than proceeding with the process for providing access shown inFIG. 9D , the mobile device is redirected to a virtual intercom system. For example, the mobile device could be directed to a web-based or application-based interface. The interface can be configured to connect the user seeking access to thedevice 802 with someone who can permit access. For example, where thedevice 802 is a smart lock at an access point for a building, an audio or video connection can be established between the user’smobile device 160 and a mobile device of a resident of the building, for example using a cellular, VOIP, or other type of connection. If the resident wants to provide access to the user of themobile device 160, they can be prompted to do so from their mobile device. In some embodiments, where multiple residents occupy a single building, such as in an apartment building, the user of themobile device 160 can be prompted to input an apartment number or the name of a resident who they wish to contact. In some embodiments, themobile device 160 can emulate an existing or virtual intercom on a web app, which can allow the user to follow the same process of selecting the unit and then the residents of that unit’s selected identifiers. In some embodiments, the user mobile device can establish a connection with a manager of the building or with a security station associated with the access point for the building. The manager or an operator at the security station can then determine whether to grant access to the visitor. In some embodiments the web or application-based interface includes a virtual doorman with whom the visitor can interact and to whom the visitor can provide information in order to determine which resident to contact and/or whether to grant the individual access to the building. - In some embodiments, the link between a
device 802 and a beacon 800 can be pre-provisioned during manufacturing of the beacon. For example, the beacon 800 can be provisioned during manufacturing with the URI described above. In some embodiments, at least some of the information included in the URI can be provided by a consumer about aparticular device 802 that will be associated with the beacon 800. For example, a consumer may purchase a beacon 800 for use with aparticular device 802, and the beacon 800 can be manufactured and provisioned with the appropriate information to link the beacon 800 and device so that no set-up is required. In some embodiments, at least some of the information included in the URI can be provided by a manufacturer of thedevice 802. For example, a manufacturer of thedevice 802 can provide information for accessingrespective devices 802 and functionality associated with devices 802 (e.g., unlock, on/off, etc.). Thedevices 802 and associated beacons can then be sold in pairs. In some embodiments, at least some of the information included in the URI can be provided by the manufacturer of the beacon 800. For example, different beacons 800 can be sold for different types of devices (e.g., smart locks, smart outlets, etc.), and therefore can be provisioned with particular actuatable actions in the information stored in the beacons 800. Each different beacon 800 can be provisioned with a type of action associated with the type of device 802 (e.g., lock/unlock, on/off, etc.). Each beacon 800 can also be provisioned with at least one of a beacon ID or information to reach thedevice 802. The beacon ID can serve to identify the beacon 800, for example where more than one beacon is associated with aparticular device 802. The information to reach thedevice 802 can be generic or arbitrary information during initial manufacturing such that no link between the information and thedevice 802 has yet been established. Such as link can be established after manufacturing as described below. - In some embodiments, a
device 802 and beacon 800 can be registered during pairing with ahub 190. For example, ahub 190 ormobile device 160 can read the information to reach adevice 802 from the beacon 800 during pairing, and can associate such information with theparticular device 802 being paired. In some embodiments, the information to reach adevice 802 can be provided visually on a package or other element sold with thedevice 802 such that a user can manually input the information to reach thedevice 802 such that the beacon 800 can be paired with aparticular device 802. The information can then be provided to amobile device 160 or other entry point into the smart building system to be associated with information to reach theparticular device 802. Such information can be stored at thehub 190, the cloud-basedcomputing system 100, or both, to establish a record of whichdevice 802 is to be reached based on the provided information. Accordingly, when amobile device 160 reads information on the beacon 800, it can contact one or more of thehub 190 or the cloud-basedcomputing system 100 to obtain information identifying the associateddevice 802. - In some embodiments, information can be provided either to the
hub 190, the cloud-basedcomputing system 100, or both after pairing such that a link with a beacon is established after pairing. In some embodiments, if thedevice 802 knows the information stored on the beacon 800, the device can provide thehub 190 and/or the cloud-basedcomputing system 100 with such information during or after pairing. In some embodiments, thehub 190 or cloud-basedcomputing system 100 can inform the other of the link between the information on the beacon 800 and thedevice 802. - In some embodiments, the beacon 800 only stores a tag ID, such as a UUID containing a random/arbitrary identification number. The UUID can be sent to the cloud-based
computing system 100 after manufacturing and a link to aparticular device 802 can be established later, for example during or after pairing as described above. In some embodiments, each manufacturer of beacons 800 can include a prefix to the UUID such that there are no collisions between UUIDs manufactured by different companies. In some embodiments a manufacturer of the beacons 800 can request UUIDs for devices that it is manufacturing from the cloud-basedcomputing system 100 and further provide the cloud-basedcomputing system 100 with information the manufacturer wishes to be stored with the UUID on the cloud-based computing node (e.g., model numbers, etc.). - In some embodiments, the link between the beacon 800 and a
device 802 can be established based on the UUID assigned by the cloud-basedcomputing system 100 or the manufacturer of the beacon 800. Furthermore, in such embodiments, the processing steps 920, 921, and/or 922 described above can involve contacting, by themobile device 160, the cloud-basedcomputing system 100 and/or ahub 190 to determine whichdevice 802 is associated with the beacon 800, what actions are associated with thedevice 802, and/or how to reach thedevice 802. In some alternative embodiments, themobile device 160 does not need to learn information for contacting thedevice 802 associated with a beacon 800. In such embodiments, themobile device 160 does not identify credentials for thedevice 802, and instead sends information to the cloud-basedcomputing system 100 orhub 190 identifying the beacon 800 (e.g., the beacon ID) and the mobile device 160 (or a user thereof), and the cloud-basedcomputing system 100 orhub 190 can identify thedevice 802 based on the beacon ID, and determine whether the user is authorized to perform the desired action thedevice 802. -
FIG. 10 is a block diagram showing a system architecture for beacon-based access to devices. The system architecture inFIG. 10 is similar to that inFIG. 8 , but differs in that the cloud-based computing node can communicate with an access panel (e.g., via a wired or wireless internet connection) to provide access to a device. Therefore, as shown inFIG. 10 , a building may include a centralaccess control panel 1090 capable of communicating with one or more of the cloud-basedcomputing system 100 andmobile device 160.Control panel 1090 can control access tomultiple devices 1002, which may or may not be smart devices.Devices 1002 can include, for example, electric locks, elevators, or other devices that require presentment of a credential for use. - In some embodiments, the
devices 1002 have been retrofitted to work with a beacon-based system. For example,devices 1002 could have originally been configured to receive signals from acontrol panel 1090 that is not cloud-enabled to provide access based on receipt of a valid credential from arespective reader 1004 associated with eachdevice 1002. For example, each device could be an electronically actuated door lock originally associated with a card reader, keypad, biometric sensor, etc.. Prior to retrofitting, thereader 1004 can receive a credential from a guest seeking access to one of thedevices 1002, and forward the received credential to acontrol panel 1090 for authentication. Upon successful authentication, the control panel can instruct the associated device(s) 1002, e.g., electronically actuated door lock, to provide access. - Maintaining and updating credentialing in such systems can be inefficient and time consuming. Furthermore, such systems are self-contained, and cannot integrate with other smart building systems. Accordingly, in some embodiments, the some or all of the
readers 1004 can be augmented or replaced with beacons 1000. Thecontrol panel 1090 can be upgraded to be or replaced with a cloud-enabledcontrol panel 1090 that can interface with the cloud-basedcomputing system 100 and/or amobile device 160 via a cellular network and/or wired/WiFi internet connections. - The operation of the system of
FIG. 10 proceeds similarly to the operation described with reference toFIGS. 9A-9B , except that thehub 190 is replaced with anaccess control panel 1090 that instructs thedevices 1002 to perform an action (e.g., unlock a door) upon receipt of a request for an action with a valid credential. In this way, a building system can be retrofitted with a cloud-connected access control panel that enables beacon-based access without having to replace the entire building system. Control from theaccess panel 1090 to thedevices 1002 can proceed the same way as prior to retrofitting. Furthermore, because beacons 1000 can be unpowered beacons, installing such a system in a building is simpler than other cloud-based systems that require a poweredsmart reader 1004. Furthermore, buildings can be fitted with or retrofitted with cloud-based access systems that can be more easily managed by building managers than traditional systems that require local access to access panels to reconfigure credentials or other management tasks. In addition, unpowered beacons 1000 can be more energy efficient, cheaper, and less prone to problems that may hinder operation of the system. In addition, as described with reference toFIG. 9D , in the event that a user of the system requests access to a device for which the user is not authorized, the user can easily purchase or otherwise gain access using the cloud-based system without having to reconfigure theaccess panel 1090,device 1002, or the beacon 1000. - Although the present disclosure discloses functions described as being performed by a cloud-based computing node, a person of skill in the art would understand based on the present disclosure that such a node could be implemented using multiple different nodes, for example across multiple different data centers. Functions of the cloud-based computing node described above can instead be implemented in other components of the system, such as, but not limited to a hub, a smart lock, or a smart intercom. In some embodiments, functions of the cloud-based computing node can be redundantly implemented in both the cloud-based computing node and another node to increase security and/or functionality during times that communications with the cloud-based computing node are not available.
- Various other modifications and additions can be made to the exemplary embodiments discussed without departing from the scope of the present disclosure. For example, while the embodiments described above refer to particular features or particular steps, the scope of this disclosure also includes embodiments having different combinations of features or steps, and embodiments that do not include all of the above described features or steps. Embodiments can also include other features or steps that are not described herein. Those of skill in the art would appreciate that the various illustrations in the specification and drawings described herein can be implemented as electronic hardware, computer software, or combinations of both. To illustrate this interchangeability of hardware and software, various illustrative blocks, modules, elements, components, methods, and algorithms have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware, software, or a combination depends upon the particular application and design constraints imposed on the overall system. Skilled artisans can implement the described functionality in varying ways for each particular application. Various components and blocks can be arranged differently (for example, arranged in a different order, or partitioned in a different way) all without departing from the scope of the subject technology.
- Furthermore, an implementation of the communication protocol can be realized in a centralized fashion in one system, or in a distributed fashion where different elements are spread across several interconnected systems. Any kind of computer system, or other apparatus adapted for carrying out the methods described herein, is suited to perform the functions described herein.
- Connections between different devices can be made with or without a wire. For example, the connection between the access control panel and the smart reader can be wired and/or wireless. As another example, the connection between the access control panel and the electronic locking mechanism can be wired and/or wireless.
-
FIG. 15 illustrates an embodiment of anexemplary computing architecture 1500 that may be suitable for implementing an apparatus, system, and/or method for performing operations associated with the implementation of one or more of the disclosed techniques, e.g., computing devices, mobile devices, etc. In various embodiments, thecomputing architecture 1500 may comprise or be implemented as part of an electronic device and/or system discussed herein. - As used in this application, the terms “system” and “component” and “module” are intended to refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution, examples of which are provided by the
exemplary computing architecture 1500. For example, a component can be, but is not limited to being, a process running on a processor, a processor, a hard disk drive, multiple storage drives (of optical and/or magnetic storage medium), an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a server and the server can be a component. One or more components can reside within a process and/or thread of execution, and a component can be localized on one computer and/or distributed between two or more computers. Further, components may be communicatively coupled to each other by various types of communications media to coordinate operations. The coordination may involve the uni-directional or bi-directional exchange of information. For instance, the components may communicate information in the form of signals communicated over the communications media. The information can be implemented as signals allocated to various signal lines. In such allocations, each message is a signal. Further embodiments, however, may alternatively employ data messages. Such data messages may be sent across various connections. Exemplary connections include parallel interfaces, serial interfaces, and bus interfaces. - The
computing architecture 1500 includes various common computing elements, such as one or more processors, multi-core processors, co-processors, memory units, chipsets, controllers, peripherals, interfaces, oscillators, timing devices, video cards, audio cards, multimedia input/output (I/O) components, power supplies, and so forth. The embodiments, however, are not limited to implementation by thecomputing architecture 1500. - As shown in
FIG. 15 , thecomputing architecture 1500 comprises aprocessing unit 1504, asystem memory 1506 and asystem bus 1508. Theprocessing unit 1504 can be any of various commercially available processors, including without limitation an AMD® Athlon®, Duron® and Opteron® processors; ARM® application, embedded and secure processors; IBM® and Motorola® DragonBall® and PowerPC® processors; IBM and Sony® Cell processors; Intel® Celeron®, Core (2) Duo®, Itanium®, Pentium®, Xeon®, and XScale® processors; and similar processors. Dual microprocessors, multi-core processors, and other multi-processor architectures may also be employed as theprocessing unit 1504. In some embodiments, processing circuitry ofprocessing unit 1504 and/or other processing circuitry ofcomputing architecture 1500 may be operative to perform operations associated withlogic flow 500 and/or logic flow 600, and/or other operations associated with implementation of one or more of the disclosed techniques. In some embodiments, such processing circuitry may be coupled to a network interface ofcomputing architecture 1500. - The
system bus 1508 provides an interface for system components including, but not limited to, thesystem memory 1506 to theprocessing unit 1504. Thesystem bus 1508 can be any of several types of bus structure that may further interconnect to a memory bus (with or without a memory controller), a peripheral bus, and a local bus using any of a variety of commercially available bus architectures. Interface adapters may connect to thesystem bus 1508 via a slot architecture. Example slot architectures may include without limitation Accelerated Graphics Port (AGP), Card Bus, (Extended) Industry Standard Architecture ((E)ISA), Micro Channel Architecture (MCA), NuBus, Peripheral Component Interconnect (Extended) (PCI(X)), PCI Express, Personal Computer Memory Card International Association (PCMCIA), and the like. - The
system memory 1506 may include various types of computer-readable storage media in the form of one or more higher speed memory units, such as read-only memory (ROM), random-access memory (RAM), dynamic RAM (DRAM), Double-Data-Rate DRAM (DDRAM), synchronous DRAM (SDRAM), static RAM (SRAM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, polymer memory such as ferroelectric polymer memory, ovonic memory, phase change or ferroelectric memory, silicon-oxide-nitride-oxide-silicon (SONOS) memory, magnetic or optical cards, an array of devices such as Redundant Array of Independent Disks (RAID) drives, solid state memory devices (e.g., USB memory, solid state drives (SSD) and any other type of storage media suitable for storing information. In the illustrated embodiment shown inFIG. 15 , thesystem memory 1506 can includenon-volatile memory 1510 and/orvolatile memory 1512. A basic input/output system (BIOS) can be stored in thenon-volatile memory 1510. - The
computer 1502 may include various types of computer-readable storage media in the form of one or more lower speed memory units, including an internal (or external) hard disk drive (HDD) 1514, a magnetic floppy disk drive (FDD) 1516 to read from or write to a removablemagnetic disk 1518, and anoptical disk drive 1520 to read from or write to a removable optical disk 1522 (e.g., a CD-ROM or DVD). TheHDD 1514,FDD 1516 andoptical disk drive 1520 can be connected to thesystem bus 1508 by aHDD interface 1524, an FDD interface 1526 and anoptical drive interface 1528, respectively. TheHDD interface 1524 for external drive implementations can include at least one or both of Universal Serial Bus (USB) and IEEE 1394 interface technologies. - The drives and associated computer-readable media provide volatile and/or nonvolatile storage of data, data structures, computer-executable instructions, and so forth. For example, a number of program modules can be stored in the drives and
memory units operating system 1530, one ormore application programs 1532,other program modules 1534, andprogram data 1536. - A user can enter commands and information into the
computer 1502 through one or more wire/wireless input devices, for example, akeyboard 1538 and a pointing device, such as amouse 1540. Other input devices may include microphones, infra-red (IR) remote controls, radio-frequency (RF) remote controls, game pads, stylus pens, card readers, dongles, finger print readers, gloves, graphics tablets, joysticks, keyboards, retina readers, touch screens (e.g., capacitive, resistive, etc.), trackballs, trackpads, sensors, styluses, and the like. These and other input devices are often connected to theprocessing unit 1504 through aninput device interface 1542 that is coupled to thesystem bus 1508, but can be connected by other interfaces such as a parallel port, IEEE 1394 serial port, a game port, a USB port, an IR interface, and so forth. - A
monitor 1544 or other type of display device is also connected to thesystem bus 1508 via an interface, such as a video adaptor 1546. Themonitor 1544 may be internal or external to thecomputer 1502. In addition to themonitor 1544, a computer typically includes other peripheral output devices, such as speakers, printers, and so forth. - The
computer 1502 may operate in a networked environment using logical connections via wire and/or wireless communications to one or more remote computers, such as aremote computer 1548. Theremote computer 1548 can be a workstation, a server computer, a router, a personal computer, portable computer, microprocessor-based entertainment appliance, a peer device or other common network node, and typically includes many or all of the elements described relative to thecomputer 1502, although, for purposes of brevity, only a memory/storage device 1550 is illustrated. The logical connections depicted include wire/wireless connectivity to a local area network (LAN) 1552 and/or larger networks, for example, a wide area network (WAN) 1554. Such LAN and WAN networking environments are commonplace in offices and companies, and facilitate enterprise-wide computer networks, such as intranets, all of which may connect to a global communications network, for example, the Internet. - When used in a LAN networking environment, the
computer 1502 is connected to theLAN 1552 through a wire and/or wireless communication network interface oradaptor 1556. Theadaptor 1556 can facilitate wire and/or wireless communications to theLAN 1552, which may also include a wireless access point disposed thereon for communicating with the wireless functionality of theadaptor 1556. - When used in a WAN networking environment, the
computer 1502 can include amodem 1558, or is connected to a communications server on theWAN 1554, or has other means for establishing communications over theWAN 1554, such as by way of the Internet. Themodem 1558, which can be internal or external and a wire and/or wireless device, connects to thesystem bus 1508 via theinput device interface 1542. In a networked environment, program modules depicted relative to thecomputer 1502, or portions thereof, can be stored in the remote memory/storage device 1550. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers can be used. - The
computer 1502 is operable to communicate with wire and wireless devices or entities using theIEEE 802 family of standards, such as wireless devices operatively disposed in wireless communication (e.g., IEEE 802.16 over-the-air modulation techniques). This includes at least Wi-Fi (or Wireless Fidelity), WiMax, and Bluetooth™ wireless technologies, among others. Thus, the communication can be a predefined structure as with a conventional network or simply an ad hoc communication between at least two devices. Wi-Fi networks use radio technologies called IEEE 802.11x (a, b, g, n, etc.) to provide secure, reliable, fast wireless connectivity. A Wi-Fi network can be used to connect computers to each other, to the Internet, and to wire networks (which use IEEE 802.3-related media and functions). - Numerous specific details have been set forth herein to provide a thorough understanding of the embodiments. It will be understood by those skilled in the art, however, that the embodiments may be practiced without these specific details. In other instances, well-known operations, components, and circuits have not been described in detail so as not to obscure the embodiments. It can be appreciated that the specific structural and functional details disclosed herein may be representative and do not necessarily limit the scope of the embodiments.
- Some embodiments may be described using the expression “coupled” and “connected” along with their derivatives. These terms are not intended as synonyms for each other. For example, some embodiments may be described using the terms “connected” and/or “coupled” to indicate that two or more elements are in direct physical or electrical contact with each other. The term “coupled,” however, may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.
- Unless specifically stated otherwise, it may be appreciated that terms such as “processing,” “computing,” “calculating,” “determining,” or the like, refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulates and/or transforms data represented as physical quantities (e.g., electronic) within the computing system’s registers and/or memories into other data similarly represented as physical quantities within the computing system’s memories, registers or other such information storage, transmission or display devices. The embodiments are not limited in this context.
- It should be noted that the methods described herein do not have to be executed in the order described, or in any particular order. Moreover, various activities described with respect to the methods identified herein can be executed in serial or parallel fashion.
- Although specific embodiments have been illustrated and described herein, it should be appreciated that any arrangement calculated to achieve the same purpose may be substituted for the specific embodiments shown. This disclosure is intended to cover any and all adaptations or variations of various embodiments. It is to be understood that the above description has been made in an illustrative fashion, and not a restrictive one. Combinations of the above embodiments, and other embodiments not specifically described herein will be apparent to those of skill in the art upon reviewing the above description. Thus, the scope of various embodiments includes any other applications in which the above compositions, structures, and methods are used.
- It is emphasized that the Abstract of the Disclosure is provided to comply with 315 C.F.R. § 1.152(b), requiring an abstract that will allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, it can be seen that various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. Rather, as the following claims reflect, novel subject matter lies in less than all features of a single disclosed embodiment. Thus the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separate preferred embodiment. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein,” respectively. Moreover, the terms “first,” “second,” and “third,” etc. are used merely as labels, and are not intended to impose numerical requirements on their objects.
- Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
-
FIG. 16 illustrates an example logic flow 1600 that may be performed by one or more device discussed herein. For example, the operations may be performed by a mobile device executing an application to control the devices of a smart system. As previously discussed, a user may utilize a single application to control and operate smart devices including smart access devices and smart home devices. In embodiments, the application is configured to control smart devices in accordance with one or more wireless protocols, such as a near-field communication (NFC) protocol, a cellular protocol, a Bluetooth low energy (BLE) protocol, an 802.11 protocol, a Zigbee protocol, and a z-wave protocol, and so forth. In addition, the application may enable a user to control devices outside of the smart system on a third-party cloud-based computing system. Thus, smart system including the mobile device and application enable a user to have control over pre-existing and/or add-on smart devices. - In
block 1602, the logic flow 1600 establishes a connection with a smart lock of the smart system. For example, a mobile device including an application may detect and/or determine that a user wants to perform an action on a smart device. The detection may be based on a user input detected by the mobile device and the mobile device may establish a connection with the smart lock. In some instances, the mobile device may establish a connection with the smart lock automatically, e.g., when the smart lock is within range of the mobile device. - In
block 1604, the logic flow 1600 determines a device of the smart system and an action to perform by the device. For example, the mobile device including the application may receive a user input selecting a particular smart device and an action to be performed by the smart device. - In
block 1606, the logic flow 1600 communicates a request to perform the action to the smart lock of the smart system. The request may include information that may be used by the smart lock to cause the action. For example, the request may include identifying information to identify the smart device and information to indicate which action is to be performed. - In some instances, the mobile device including the application may receive an indication that the action was successfully perform and/or was not successfully performed. As mentioned, the mobile device including the application may be configured to control smart devices on third-party cloud-based computing system. In some instances, the mobile device may communicate information to the smart lock and the smart lock may communicate with a smart device on the third-party cloud-based computing system. In other instances, the mobile device including the application may communicate directly with a smart device on the third-party cloud-based computing system.
-
FIG. 17 illustrates an example logic flow 1700 that may be performed by one or more device discussed herein. For example, the operations may be performed by smart device, such as a smart lock to control one or more other smart devices. In embodiments, the smart lock may be configured to control smart devices in accordance with one or more wireless protocols. In some instances, the smart lock may communicate on a third-party cloud-based computing system to control third-party smart devices. - In
block 1702, the logic flow 1700 receives a request to cause an action on a device. For example, a smart lock may receive a request including information to identify a device and an action to perform on the device from a mobile device. In some instances, the request may be received from a mobile device after a connection is established with the mobile device. - In
block 1704,the logic flow 1700 determines a wireless interface from a plurality of wireless interfaces to communicate with the device. For example, the smart lock may determine the device to perform the action based on the information received from the mobile device. - In block 1706, the logic flow 1700 communicates information to cause the action to the device. For example, the smart lock may communicate one or more commands or instructions to the device to cause the device to perform the action.
Claims (20)
1. A computer-implemented method, comprising:
receiving, by a mobile device from a beacon device of a smart building system comprising a plurality of access control devices, a uniform resource identifier (URI);
launching, on the mobile device based on the URI, a web-based virtual intercom comprising a virtual intercom interface;
processing, by the virtual intercom, a request to contact a first recipient device that is authorized to unlock a subset of the plurality of access control devices of the smart building system using a mobile application installed on the first recipient device;
establishing, by the mobile device, a video communication session between the mobile device and the first recipient device, wherein the mobile application displays a video of a user of the mobile device;
receiving, by the mobile device from a server based on input provided in the mobile application, a credential to unlock a first access control device, wherein a link between the beacon device and the first access control device is created when the beacon device is provisioned; and
transmitting, by the mobile device, the credential to the first access control device to unlock the first access control device.
2. The computer-implemented method of claim 1 , wherein the beacon device comprises one of a near field communication (NFC) tag, a matrix barcode, a Bluetooth device, or a Bluetooth low energy BLE device.
3. The computer-implemented method of claim 1 , wherein the first recipient device is one of a plurality of recipient devices associated with the smart building system, wherein the virtual intercom interface comprises a virtual directory, wherein the virtual directory comprises a plurality of identifiers, each respective identifier associated with a respective one of the plurality of recipient devices.
4. The computer-implemented method of claim 3 , wherein the video communication session is established based on selection of a first identifier of the plurality of identifiers associated with the first recipient device.
5. The computer-implemented method of claim 1 , further comprising prior to receiving the credential:
receiving, by the mobile device from the server based on the video communication session, another credential to unlock a second access control device of the plurality of access control devices, wherein access to the second access control device is required to access the first access control device.
6. The computer-implemented method of claim 5 , further comprising:
transmitting, by the mobile device, the another credential to the second access control device to unlock the second access control device.
7. The computer-implemented method of claim 1 , wherein the URI is received via one of: a Bluetooth interface of the mobile device, a Near-Field Communication (NFC) interface of the mobile device, a WiFi interface of the mobile device, or an image capture device of the mobile device.
8. A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by a processor of a mobile device, cause the processor to:
receive, from a beacon device of a smart building system comprising a plurality of access control devices, a uniform resource identifier (URI);
launch, based on the URI, a web-based virtual intercom comprising a virtual intercom interface;
process, by the virtual intercom, a request to contact a first recipient device that is authorized to unlock a subset of the plurality of access control devices of the smart building system using a mobile application installed on the first recipient device;
establish a video communication session between the mobile device and the first recipient device, wherein the mobile application displays a video of a user of the mobile device;
receive, from a server based on input provided in the mobile application, a credential to unlock a first access control device, wherein a link between the beacon device and the first access control device is created when the beacon device is provisioned; and
transmit the credential to the first access control device to unlock the first access control device.
9. The computer-readable storage medium of claim 8 , wherein the beacon device comprises one of a near field communication (NFC) tag, a matrix barcode, a Bluetooth device, or a Bluetooth low energy BLE device.
10. The computer-readable storage medium of claim 8 , wherein the first recipient device is one of a plurality of recipient devices associated with the smart building system, wherein the virtual intercom interface comprises a virtual directory, wherein the virtual directory comprises a plurality of identifiers, each respective identifier associated with a respective one of the plurality of recipient devices.
11. The computer-readable storage medium of claim 10 , wherein the video communication session is established based on selection of a first identifier of the plurality of identifiers associated with the first recipient device.
12. The computer-readable storage medium of claim 8 , wherein the instructions further cause the processor to, prior to receiving the credential:
receive, from the server based on the video communication session, another credential to unlock a second access control device of the plurality of access control devices, wherein access to the second access control device is required to access the first access control device.
13. The computer-readable storage medium of claim 12 , wherein the instructions further cause the processor to:
transmit the another credential to the second access control device to unlock the second access control device.
14. The computer-readable storage medium of claim 8 , wherein the URI is received via one of: a Bluetooth interface of the mobile device, a Near-Field Communication (NFC) interface of the mobile device, a WiFi interface of the mobile device, or an image capture device of the mobile device.
15. A computing apparatus comprising:
a processor; and
a memory storing instructions that, when executed by the processor, cause the processor to:
receive, from a beacon device of a smart building system comprising a plurality of access control devices, a uniform resource identifier (URI);
launch, based on the URI, a web-based virtual intercom comprising a virtual intercom interface;
process, by the virtual intercom, a request to contact a first recipient device that is authorized to unlock a subset of the plurality of access control devices of the smart building system using a mobile application installed on the first recipient device;
establish a video communication session between the apparatus and the first recipient device, wherein the mobile application displays a video of a user of the apparatus;
receive, from a server based on input provided in the mobile application, a credential to unlock a first access control device, wherein a link between the beacon device and the first access control device is created when the beacon device is provisioned; and
transmit the credential to the first access control device to unlock the first access control device.
16. The computing apparatus of claim 15 , wherein the first recipient device is one of a plurality of recipient devices associated with the smart building system, wherein the virtual intercom interface comprises a virtual directory, wherein the virtual directory comprises a plurality of identifiers, each respective identifier associated with a respective one of the plurality of recipient devices.
17. The computing apparatus of claim 16 , wherein the video communication session is established based on selection of a first identifier of the plurality of identifiers associated with the first recipient device.
18. The computing apparatus of claim 15 , wherein the instructions further cause the processor to, prior to receiving the credential:
receive, from the server based on the video communication session, another credential to unlock a second access control device of the plurality of access control devices, wherein access to the second access control device is required to access the first access control device.
19. The computing apparatus of claim 18 , wherein the instructions further cause the processor to:
transmit the another credential to the second access control device to unlock the second access control device.
20. The computing apparatus of claim 15 , wherein the URI is received via one of: a Bluetooth interface of the apparatus, a Near-Field Communication (NFC) interface of the apparatus, a WiFi interface of the apparatus, or an image capture device of the apparatus.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US18/119,955 US20230206706A1 (en) | 2019-11-08 | 2023-03-10 | Smart building integration and device hub |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201962933023P | 2019-11-08 | 2019-11-08 | |
US201962946167P | 2019-12-10 | 2019-12-10 | |
US17/085,160 US11631291B2 (en) | 2019-11-08 | 2020-10-30 | Smart building integration and device hub |
US17/473,417 US11625965B2 (en) | 2019-11-08 | 2021-09-13 | Smart building integration and device hub |
US18/119,955 US20230206706A1 (en) | 2019-11-08 | 2023-03-10 | Smart building integration and device hub |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/473,417 Continuation US11625965B2 (en) | 2019-11-08 | 2021-09-13 | Smart building integration and device hub |
Publications (1)
Publication Number | Publication Date |
---|---|
US20230206706A1 true US20230206706A1 (en) | 2023-06-29 |
Family
ID=75846712
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/085,160 Active US11631291B2 (en) | 2019-11-08 | 2020-10-30 | Smart building integration and device hub |
US17/473,417 Active US11625965B2 (en) | 2019-11-08 | 2021-09-13 | Smart building integration and device hub |
US18/119,955 Pending US20230206706A1 (en) | 2019-11-08 | 2023-03-10 | Smart building integration and device hub |
US18/119,948 Pending US20230215231A1 (en) | 2019-11-08 | 2023-03-10 | Smart building integration and device hub |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/085,160 Active US11631291B2 (en) | 2019-11-08 | 2020-10-30 | Smart building integration and device hub |
US17/473,417 Active US11625965B2 (en) | 2019-11-08 | 2021-09-13 | Smart building integration and device hub |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/119,948 Pending US20230215231A1 (en) | 2019-11-08 | 2023-03-10 | Smart building integration and device hub |
Country Status (7)
Country | Link |
---|---|
US (4) | US11631291B2 (en) |
EP (1) | EP3992931A1 (en) |
JP (1) | JP2022073909A (en) |
KR (1) | KR20220058376A (en) |
CN (1) | CN114530008A (en) |
CA (1) | CA3118110A1 (en) |
TW (1) | TW202217607A (en) |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102017214941A1 (en) | 2017-08-25 | 2019-02-28 | Dometic Sweden Ab | Recreational vehicle, cooling device, control system and method of controlling the cooling device |
US11049347B2 (en) * | 2017-09-06 | 2021-06-29 | Sony Corporation | Gate apparatus and method in gate apparatus |
US10825273B2 (en) | 2018-10-16 | 2020-11-03 | Edst, Llc | Smart thermostat hub |
US11445043B2 (en) * | 2018-10-31 | 2022-09-13 | Fwd Inc. | Ephemeral and private beacon network |
US11639617B1 (en) | 2019-04-03 | 2023-05-02 | The Chamberlain Group Llc | Access control system and method |
US11455854B2 (en) * | 2019-05-29 | 2022-09-27 | Chirp Systems, Inc. | Access control for property management |
SE546189C2 (en) * | 2019-09-30 | 2024-06-25 | Assa Abloy Ab | Enabling remote unlock of a lock |
US20210182987A1 (en) * | 2019-12-13 | 2021-06-17 | Urban Technologies Ltd | System and Method for Vertical Integration of Real Estate Related Services |
CN111162975B (en) * | 2019-12-19 | 2021-09-21 | 华为技术有限公司 | Method for managing intelligent equipment, mobile terminal and communication system |
EP4113466A1 (en) * | 2021-06-29 | 2023-01-04 | Zesec of Sweden AB | Method and system for controlling unlocking of an entrance of a multi-family residential |
US12021653B2 (en) * | 2021-07-01 | 2024-06-25 | Schlage Lock Company Llc | Access control embedded into network gear |
US11821236B1 (en) | 2021-07-16 | 2023-11-21 | Apad Access, Inc. | Systems, methods, and devices for electronic dynamic lock assembly |
US12095615B2 (en) * | 2021-08-27 | 2024-09-17 | Tyco Fire & Security Gmbh | Security / automation system with router functionality |
US20230081318A1 (en) * | 2021-09-15 | 2023-03-16 | Inter Ikea Systems B.V. | Smart device access system |
WO2023049339A1 (en) * | 2021-09-23 | 2023-03-30 | Latch Systems, Inc. | System and techniques to normalize objects in spatial imaging of spaces |
US11676437B1 (en) | 2021-11-15 | 2023-06-13 | Latch Systems, Inc. | Smart access control device |
DE102021213695A1 (en) | 2021-12-02 | 2023-06-07 | Sphinx Electronics Gmbh & Co Kg | Method and system for providing a rentable space for use by different users throughout the day |
CA3240362A1 (en) * | 2021-12-15 | 2023-06-22 | Kraken Technologies Limited | Consumer access device |
GB2613822B (en) * | 2021-12-15 | 2024-10-02 | Kraken Tech Limited | Consumer access devices |
US20230215233A1 (en) * | 2022-01-04 | 2023-07-06 | VIZpin, Inc. | Smart lock remote admitting system and method |
IT202200000803A1 (en) * | 2022-01-19 | 2023-07-19 | Filippetti S P A | CONTROL SYSTEM OF A ROOM. |
US20230290150A1 (en) * | 2022-03-09 | 2023-09-14 | Motorola Solutions, Inc. | Monitoring system and method for identifying a changed object of interest using an access control system |
WO2024008301A1 (en) * | 2022-07-07 | 2024-01-11 | Dometic Sweden Ab | Minibar communication |
US20240046729A1 (en) * | 2022-08-03 | 2024-02-08 | Johnson Controls Tyco IP Holdings LLP | Auto-programming door and camera relationships for a security system |
EP4332920A1 (en) * | 2022-08-30 | 2024-03-06 | dormakaba Schweiz AG | Methods and devices for managing access for a managed residential building |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150199863A1 (en) * | 2014-01-15 | 2015-07-16 | HLT Domestic IP, LLC | Systems and methods for use in acquiring credentials from a portable user device in unlocking door lock systems |
US20190259231A1 (en) * | 2018-02-16 | 2019-08-22 | Carrier Corporation | Method for selectively opening a second lock from a first lock using short-range communications (src) |
US10685516B1 (en) * | 2019-03-22 | 2020-06-16 | Eingot Llc | Virtual intercom system |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SE531723C2 (en) * | 2006-12-20 | 2009-07-21 | Phoniro Ab | Access control system, lock device, management device and associated methods and computer software products |
CA2990331C (en) * | 2007-12-31 | 2020-06-16 | Schlage Lock Company | Mesh network security system gateway and method |
US9425981B2 (en) | 2011-07-14 | 2016-08-23 | Colin Foster | Remote access control to residential or office buildings |
US9781087B2 (en) * | 2011-09-09 | 2017-10-03 | Kingston Digital, Inc. | Private and secure communication architecture without utilizing a public cloud based routing server |
US20150035987A1 (en) | 2012-09-07 | 2015-02-05 | Jose Mario Fernandez | Method and apparatus for unlocking/locking a door and enabling two-way communications with a door security system via a smart phone |
US20150370272A1 (en) * | 2014-06-23 | 2015-12-24 | Google Inc. | Intelligent configuration of a smart environment based on arrival time |
US9891907B2 (en) * | 2014-07-07 | 2018-02-13 | Harman Connected Services, Inc. | Device component status detection and illustration apparatuses, methods, and systems |
US10553052B2 (en) | 2016-09-26 | 2020-02-04 | T-Mobile Usa, Inc. | Event identification and notification via an automation hub |
US10486937B2 (en) | 2017-03-31 | 2019-11-26 | Otis Elevator Company | User management of door and elevator access control |
US20190051144A1 (en) | 2017-07-27 | 2019-02-14 | NXT-ID, Inc. | Social Network for Responding to Event-Driven Notifications |
US20200036709A1 (en) | 2018-06-15 | 2020-01-30 | Proxy, Inc. | Secure biometric credential authorization methods and apparatus |
US11423717B2 (en) | 2018-08-01 | 2022-08-23 | The Chamberlain Group Llc | Movable barrier operator and transmitter pairing over a network |
US10846958B2 (en) | 2019-03-22 | 2020-11-24 | Eingot Llc | Virtual intercom system |
US11184666B2 (en) * | 2019-04-01 | 2021-11-23 | Sonos, Inc. | Access control techniques for media playback systems |
US11120657B2 (en) | 2019-04-11 | 2021-09-14 | Townsteel, Inc. | Integrated lock management and smart device control system |
US11158315B2 (en) | 2019-08-07 | 2021-10-26 | International Business Machines Corporation | Secure speech recognition |
US11145147B2 (en) * | 2019-08-21 | 2021-10-12 | T-Mobile Usa, Inc. | Location-aware beacon scanning and authentication for secure lock control and other IoT applications |
US11151827B1 (en) | 2020-11-20 | 2021-10-19 | Grand Dunes Entry Systems, LLC | Virtual entry system |
-
2020
- 2020-10-30 US US17/085,160 patent/US11631291B2/en active Active
-
2021
- 2021-05-07 JP JP2021079259A patent/JP2022073909A/en active Pending
- 2021-05-07 EP EP21172878.7A patent/EP3992931A1/en active Pending
- 2021-05-11 CA CA3118110A patent/CA3118110A1/en active Pending
- 2021-05-12 TW TW110117152A patent/TW202217607A/en unknown
- 2021-05-12 KR KR1020210061179A patent/KR20220058376A/en active Search and Examination
- 2021-05-12 CN CN202110518061.7A patent/CN114530008A/en active Pending
- 2021-09-13 US US17/473,417 patent/US11625965B2/en active Active
-
2023
- 2023-03-10 US US18/119,955 patent/US20230206706A1/en active Pending
- 2023-03-10 US US18/119,948 patent/US20230215231A1/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150199863A1 (en) * | 2014-01-15 | 2015-07-16 | HLT Domestic IP, LLC | Systems and methods for use in acquiring credentials from a portable user device in unlocking door lock systems |
US20190259231A1 (en) * | 2018-02-16 | 2019-08-22 | Carrier Corporation | Method for selectively opening a second lock from a first lock using short-range communications (src) |
US10685516B1 (en) * | 2019-03-22 | 2020-06-16 | Eingot Llc | Virtual intercom system |
Also Published As
Publication number | Publication date |
---|---|
TW202217607A (en) | 2022-05-01 |
US20230215231A1 (en) | 2023-07-06 |
US20210407229A1 (en) | 2021-12-30 |
US11631291B2 (en) | 2023-04-18 |
EP3992931A1 (en) | 2022-05-04 |
US11625965B2 (en) | 2023-04-11 |
CA3118110A1 (en) | 2022-04-30 |
JP2022073909A (en) | 2022-05-17 |
US20210142601A1 (en) | 2021-05-13 |
KR20220058376A (en) | 2022-05-09 |
CN114530008A (en) | 2022-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11625965B2 (en) | Smart building integration and device hub | |
US12118481B2 (en) | Scheduled temporary rental property access | |
US9437063B2 (en) | Methods and systems for multi-unit real estate management | |
US11151816B2 (en) | Methods and systems for access control and awareness management | |
CN109559407B (en) | Time-limited secure access | |
CN110622222B (en) | General access control device | |
US11120657B2 (en) | Integrated lock management and smart device control system | |
US9508207B2 (en) | Method and apparatus for network controlled access to physical spaces | |
CN109923592B (en) | Method and system for access control and awareness management | |
KR102085975B1 (en) | System for Managing Door Lock information of Accommodation And Driving Method Thereof | |
US20190088059A1 (en) | Extended instant guest access using near field communication tags | |
US20150187151A1 (en) | Systems and methods for controlling in-room safes with nfc-enabled devices | |
US20220254212A1 (en) | Systems and techniques to provide smart access capabilities in a smart system environment | |
KR101963437B1 (en) | System and method for doorlock | |
AU2015245889B2 (en) | Temporarily pairing a mobile device with a peripheral device | |
KR101855494B1 (en) | Door system and method using mobile device | |
US20150007280A1 (en) | Wireless personnel identification solution | |
US11134146B2 (en) | User preference utilization in remote applications | |
US20220130190A1 (en) | Systems and methods for premises access control | |
KR20030073807A (en) | An authentication and authorization system for home network | |
WO2021140506A1 (en) | A control system | |
JP2024523856A (en) | How to set up the door lock interlocking system using Door Lock Administrator privileges |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |