(12) Ulllted States Patent
`Lowe
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 7,706,778 B2
`Apr. 27, 2010
`
`US007706778B2
`
`(54) SYSTEM AND METHOD FOR REMOTELY
`ASSIGNING AND REVOKING ACCESS
`CREDENTIALS USINGA NEAR FIELD
`COMMUNICATION EQUIPPED MOBILE
`PHONE
`
`(75) Inventor: Peter R- Lowe, Peyton’ CO (Us)
`_
`(73) Asslgneei Assa Abloy AB, SIOCkhO1m(SE)
`
`_
`( * ) Not1ce:
`
`_
`_
`_
`_
`Subject to any d1scla1mer, the term ofth1s
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 600 days.
`
`(21) Appl~ bro‘Z 11/397 542
`,
`Apr. 3, 2006
`
`(22) Filed:
`
`(65)
`
`Prior Publication Data
`US 2006/0224901 A1
`Oct. 5, 2006
`
`Related US. Application Data
`
`4/2002 Daigneault et a1.
`6,374,356 B1
`6/2003 Bonneau et a1.
`6,577,229 B1
`12/2003 W<_>Od 6t 81
`6,668,322 B1
`‘W004 W161)?
`6,719,200 B1
`7/2004 M1ca11
`6,766,450 B2
`2/2005 Ritter
`6,859,650 B1
`6,895,234 B1* 5/2005 Laursen et a1. ............ .. 455/403
`2003/0023874 A1 *
`1/2003 Prokupets et a1. .
`713/201
`2004/0059590 A1* 3/2004 Mercredi et a1. ..
`.... .. 705/1
`2004/0177270 A1 *
`9/2004 Little et a1. ..... ..
`713/200
`
`2004/0180646 A1 *
`Zoos/0163361 A1
`
`9/2004 Donley et a1. ............. .. 455/411
`7/2008 Davis @131,
`
`FOREIGN PATENT DOCUMENTS
`
`W0 WO 2004/025545
`W0 WO 2005/024549
`
`3/2004
`3/2005
`
`OTHER PUBLICATIONS
`
`Phillips Semiconductoersi‘Near Field Communication PN511
`Transmision m°du1e~”(Feb~ 2004) (18 Pages)
`Nokiai‘Use Cases” http://WWWnokiacom (Copyright 2005) (2
`Pages)
`
`(Continued)
`Primary ExamineriCharles N Appiah
`Assistant ExamineriKiet Doan
`(74) Attorney, Agent, or FirmiSheridan Ross P.C.
`(57)
`ABSTRACT
`
`The present invention is generally directed toWard a mobile
`device that can be used in a secure access system. More
`speci?cally, the mobile device can have credential data
`loaded thereon remotely updated, enabled, disabled, revoked,
`or otherWise altered With a message sent from, for example, a
`control panel and/or controller in the system.
`
`(60) Provisional application No. 60/668,828, ?led on Apr.
`5’ 2005'
`(51) Int Cl
`(2006 01)
`HollM'l/66
`(2006.01)
`H04L 29/06
`(52) US. Cl. ...................... .. 455/411; 713/200; 713/158
`(58) Fleld of
`471123/i?(1)f
`’705 /1’
`
`’
`
`(56)
`
`U.S. PATENT DOCUMENTS
`
`’
`’
`’
`h h. t
`1 t
`?l f
`t.
`1.
`S
`ee app 10a Ion e or Comp 6 e Seam 15 Dry‘
`References Cited
`
`’
`
`5,903,845 A *
`
`5/1999 Buhrmann et a1. ........ .. 455/461
`
`42 Claims, 5 Drawing Sheets
`
`Communication
`Network
`
`132
`
`102
`\ Controller
`
`Hub
`
`MT‘
`\ ~,\
`
`1081
`
`Reader
`
`Reader
`
`1121
`g'oléile
`evice v
`
`Mobile
`‘T’ Device
`
`------- "D
`
`'
`
`120
`
`Database
`
`129
`
`1082 :
`p
`124
`
`130
`
`/
`
`100
`
`Reader
`
`)
`108 N
`
`-
`
`z
`
`112 2
`
`Mobile
`
`Devlce
`\ 112 K
`
`UniKey Exhibit 1001, Page 1
`
`

`

`US 7,706,778 B2
`Page 2
`
`OTHER PUBLICATIONS
`
`Esatoi“Nokia Launches NFC Shell for Mobile Payments” http://
`WWW.esato.com/neWs/articlephp/id?l36 (Feb. 25, 2005) (3 pages).
`NFC Forumi“About Near Field Communication” http://WWWnfc
`forum.org/aboutnfc/ (Copyright 2005) (3 pages).
`Indalai“Product Families” WWW.indala.com/products/indeX.htrnl
`(Copyright 2004) (2 pages).
`
`International Search Report for International (PCT) Patent Applica
`tion No. PCT/US06/l5304, mailed Jun. 11, 2008.
`Written Opinion for International (PCT) Patent Application No.
`PCT/US06/l5304, mailed Jun. 11, 2008.
`
`* cited by examiner
`
`UniKey Exhibit 1001, Page 2
`
`

`

`U.S. Patent
`
`n,
`
`S
`
`7
`
`6
`
`.n,
`
`2B00
`
`m{2
`
`mm“
`
`0838
`
`we
`
`mm“
`
`m:
`
`cosmoEnEEoo
`
`{oémz
`
`5mm:n8“U92mmoSwQm2522530m
`
`sN:U858
`m,x2m2
`
`wmmnmfio
`
`cm“
`
`02
`
`Fat
`
`UniKey Exhibit 1001, Page 3
`
`UniKey Exhibit 1001, Page 3
`
`
`
`

`

`U.S. Patent
`
`Apr. 27, 2010
`
`Sheet 2 of 5
`
`US 7,706,778 B2
`
`N:
`
`QNF
`
`IIIIIIIIIIIIIII'I
`
`accoE<“EInoEmDEoE“E
`
`ES
`
`Egon
`
`850m
`
`VNN
`
`m.9".
`
`QN
`
`:cD-UOEQDEOE“E—OWN
`
`mccoE<
`
`J
`
`mm»
`
`UniKey Exhibit 1001, Page 4
`
`UniKey Exhibit 1001, Page 4
`
`
`
`
`

`

`US. Patent
`
`Apr. 27, 2010
`
`Sheet 3 0f 5
`
`US 7,706,778 B2
`
`300
`
`Credential Information
`Changed at
`Control Panel / 304
`l
`
`Update Credential
`Information at
`Database
`
`308 /
`
`312 /
`
`316
`
`Determine Mobile
`Device Associated
`With Changed
`Credential Information
`
`l
`
`l
`
`Send Message
`to Determined
`Mobile Device
`
`l
`Update Memory
`of Mobile
`Device
`
`Fig. 3
`
`UniKey Exhibit 1001, Page 5
`
`

`

`US. Patent
`
`Apr. 27, 2010
`
`Sheet 4 of5
`
`US 7,706,778 B2
`
`400
`
`Determine Time
`Interval Between
`Credential Updates ’
`
`404
`
`l
`
`Determine New
`Credential Information
`A
`408
`
`l
`
`Send New
`/_\ Credential lnformatlon
`412
`to Readers
`
`l
`
`Send New
`416 f“ Credential Information
`to Mobile Devices
`
`V
`420 /-\_ Determine Time
`—> Elapsed Since Last
`Credential Update
`
`NO
`
`Time Elapsed > =
`Update Interval?
`
`Yes
`
`Fig. 4
`
`UniKey Exhibit 1001, Page 6
`
`

`

`US. Patent
`
`Apr. 27, 2010
`
`Sheet 5 of5
`
`US 7,706,778 B2
`
`500
`
`Activity Detected
`at a Reader /_ 504
`
`Determine
`Information Related /—_ 508
`to the Activity
`
`No
`
`512
`
`Relay Information
`to a Mobile Device ?
`l Yes
`Determine Mobile
`51 6
`\ Device to Relay
`Information to
`
`520\ Send Determined
`Mobile Device the
`Information
`
`524
`
`Fig. 5
`
`UniKey Exhibit 1001, Page 7
`
`

`

`US 7,706,778 B2
`
`1
`SYSTEM AND METHOD FOR REMOTELY
`ASSIGNING AND REVOKING ACCESS
`CREDENTIALS USING A NEAR FIELD
`COMMUNICATION EQUIPPED MOBILE
`PHONE
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`The present application claims the bene?t, under 35 U.S.C.
`§l 19(e), ofU.S. Provisional Application Ser. No. 60/668,828
`?led Apr. 5, 2005, Which is incorporated herein by this refer
`ence.
`
`10
`
`FIELD OF THE INVENTION
`
`The invention is directed generally to using mobile devices
`in an access control system. Speci?cally, a mobile device
`utilizing near ?eld communications protocol (NFC) may be
`used for controlling access to assets, places, or things by
`having access credentials remotely assigned and revoked.
`
`BACKGROUND OF THE INVENTION
`
`Radio frequency IDs (RFIDs), like contactless smart cards,
`store credential information that can be used later to gain
`access to an as set. When presented to a reader/ interro gator the
`smart card transmits the stored credential information for
`veri?cation by the reader/interrogator. The reader/interroga
`tor processes the credential information and determines if the
`smart card being presented is a valid smart card. If the reader/
`interro gator determines that the credential information on the
`smart card is valid then the reader/interrogator sends the
`initiates any number of actions alloWing the holder of the
`smart card access to a particular asset.
`NFC is a communication method that is shoWing great
`promise for communication betWeen devices at short range.
`NFC may be regarded as the same protocol that is used by
`contactless smart cards Working at 13.56 MHZ. Several com
`panies are in the process of announcing mobile phones that
`incorporate an NFC chip. The communication protocol of a
`typical NFC chip can be seen for instance in Short Form
`Specification of the PN5ll-Transmissi0n module, February
`2004 from Philips Semiconductors, Which is herein incorpo
`rated by reference in its entirety.
`The protocol used in NFC can vary depending on the mode
`that the chip and reader/interrogator are in. For example, if an
`active NFC mode is used, both a reader/interrogator and
`target are using their oWn radio frequency (RF) ?eld to enable
`communication betWeen each other. A reader/interrogator is
`poWered to generate an RF ?led of a particular frequency, for
`instance at 13.56 MHZ. The target has its oWn poWer supply
`for digital processing and communications. When the target
`receives a communication from a reader/ interro gator, the tar
`get uses its oWn poWer supply to generate another RF ?eld to
`ansWer the reader/interrogator. Communications can occur
`back and forth betWeen the reader/interrogator and target.
`Alternatively, if a passive NFC mode is implemented, the
`target ansWers to a reader/interrogator command in a load
`modulation scheme. The target is not poWered to generate its
`oWn RF ?eld. Rather, the target uses energy from the RF
`created by the reader/interrogator to create its RF ?eld and
`reply to be sent back to the reader/interrogator.
`If the NFC chip is coupled With a micro-processor, the chip
`may act like smart cards or the like Where communication
`betWeen a reader and card are performed to gain access to an
`asset. Typically a mobile phone includes a battery and the
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`NFC chip can be poWered by that battery. If the chip derives
`poWer from the mobile phone battery, the NFC chip may
`communicate With an reader/interrogator according to the
`active protocol described above. Alternatively, the NFC chip
`can communicate With a reader/interrogator in a passive
`mode. This Will eliminate the need for the chip to be poWered
`by the battery of a mobile phone, Which may increase the life
`of the battery.
`In most global system for mobile communication (GSM)
`devices, e. g., mobile phones, there is a Subscriber Identi?ca
`tion Module (SIM) that is a secure memory containing all of
`the oWner’s account information, as Well as space available
`for additional applications such as an electronic purse for
`e-commerce. This memory is accessible from outside of the
`mobile device, i.e., remotely. Mobile devices carry a secure
`memory much like smart cards or the like and the neW appli
`cations in NFC protocols enable the mobile device to perform
`functions like smart cards. The ability to have a mobile device
`also operate as a smart card creates a variety of neW applica
`tions for the device.
`Typical smart cards are a small, usually credit card shaped,
`device that contains at least a memory device for storing
`information and a transceiver to communicate With a reader/
`interrogator. The reader/interrogator communicates through
`the transceiver on the smart card to access the stored infor
`mation. The reader/interrogator may simply read the infor
`mation, load the information into the memory device or
`modify existing data in the memory device. For example, if
`the oWner of a smart card uses a smart card containing ?nan
`cial information to make a purchase, the reader/interrogator
`can read the information including the oWner’s identity and
`the availability of funds. The reader/interrogator can also
`deduct the purchase amount from the available funds if it has
`Writing capabilities. Further, the reader/interrogator can store
`transaction data on the smart card including the time and
`location of the transaction in addition to the identity of the
`reader/interro gator.
`Smart cards have a variety of uses and can be utiliZed in any
`transaction that involves the exchange of data or information
`betWeen individuals and an institution. For example, smart
`cards can be used to store information including medical
`records, ?nancial information, vehicle maintenance informa
`tion, pet information, and a virtually limitless variety of other
`information traditionally printed on paper or plastic or stored
`on cards having a magnetic stripe or an optical bar code.
`Smart card technology has been particularly useful in bank
`ing systems and other ?nancial transaction systems. Further
`more, smart cards have been Widely used in access control
`systems. For example, an reader/interrogator may control
`doors that provide access to particular assets. The reader/
`interrogator only alloWs quali?ed individuals carrying smart
`cards, With proper credentials loaded thereon, access through
`control doors.
`In a conventional access control system, the door reader/
`interrogators positioned at ingress/egress points are con
`nected to a control panel. This control panel is kept up to date
`With the authoriZed codes corresponding to persons With
`authoriZed access to the location. When activity occurs, the
`control panel is updated With the activity information. For
`example, if the activity related to access gained through a
`particular door, the door and potentially the person Who
`gained access are stored in the control panel log. Also, if the
`activity related to a ?nancial transaction, the information
`relating to the transaction including amount and Who per
`formed the transaction are sent and stored at the control panel.
`There are, hoWever, circumstances in Which control panels
`associated With remote locations that are not regularly
`
`UniKey Exhibit 1001, Page 8
`
`

`

`US 7,706,778 B2
`
`3
`updated. If a person’ s status changes from authorized to unau
`thoriZed, it might take a relatively long time for the control
`panel associated With a remote door to get the message and
`bar the credential associated With this person from access.
`Furthermore, typical access control systems are limited in
`that control panels, either localiZed or central, are the only
`source that tracks, logs, and monitors the activity associated
`With a given access point. When entries take place in these
`conventional access control systems, the information is sent
`to the control panel Where it stays. If someone Would like to be
`aWare of activity associated With the access control system
`they are usually required to physically go to the control panel
`itself.
`
`SUMMARY OF THE INVENTION
`
`4
`longer permitted access to a particular asset, the automatic
`enablement messages are not sent to his/her mobile device. If
`a user has had their credentials revoked or changed for What
`ever reason, they may attempt to shield their mobile device
`from receiving any authoriZation disabling messages. By
`changing the logic of the mobile device such that the creden
`tials periodically time out unless an enabling message is
`received from the control panel, attempts to maintain or pro
`long authoriZed credentials by shielding mobile devices from
`a disabling message are thWarted.
`In yet another embodiment of the present invention, a
`system and method for relaying information associated With
`activities detected at a reader or set of readers to a mobile
`device is provided. Rather than keeping a log of the activity
`information only at the controller, selected mobile devices
`can receive the activity information from the controller. In a
`residential lock situation, the system can send a Short Mes
`sage Service (SMS) message/ signal or the like to the mobile
`device of the homeoWner. A homeoWner at Work may Want to
`knoW When a child, housekeeper, or other person enters and
`exits their house. The selected mobile device could retrieve
`the message employing a number of other methods. For
`example, records of activities at a particular reader can be
`logged at that reader. A mobile device authoriZed to recover
`the activity log could be presented to the reader and the log ?le
`could be transferred to and displayed on the mobile device.
`LikeWise, the reader (or the mobile device) could send the log
`?le to a computer via email using various types of text mes
`saging protocols.
`These and other advantages Will be apparent from the
`disclosure of the invention(s) contained herein. The above
`described embodiments and con?gurations are neither com
`plete nor exhaustive. As Will be appreciated, other embodi
`ments of the invention are possible using, alone or in
`combination, one or more of the features set forth above or
`described in detail beloW.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a diagram depicting an exemplary system for
`authenticating mobile devices and remotely updating creden
`tials associated With the mobile devices in accordance With
`embodiments of the present invention;
`FIG. 2 is a block diagram depicting a mobile device in
`accordance With embodiments of the present invention;
`FIG. 3 is a How chart depicting a method of remotely
`updating credentials associated With a mobile device in accor
`dance With embodiments of the present invention;
`FIG. 4 is a How chart depicting a method of periodically
`updating credentials associated With a mobile device in accor
`dance With embodiments of the present invention; and
`FIG. 5 is a How chart depicting a method of relaying access
`activity in an exemplary system to a mobile device in accor
`dance With embodiments of the present invention.
`
`DETAILED DESCRIPTION
`
`The present invention is generally directed toWard a system
`and method for using mobile communication devices as per
`sonal credential veri?cation devices. Speci?cally, the present
`invention utiliZes communication techniques and protocols to
`automatically and remotely update credential information
`associated With one or a set of mobile devices.
`FIG. 1 depicts an access netWork 100 used to verify the
`identity of at least one mobile device. In one embodiment of
`the present invention, the system 100 comprises a controller
`102, a hub 104, a plurality of readers 108 1
`and a plurality of
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`It is thus one aspect of the present invention to provide a
`system and method that automatically updates credentials on
`a mobile device immediately after authoriZation changes
`have been made. In one embodiment, the system and method
`provides a controller (e.g., a control panel, number of control
`panels, host computer, number of host computers, server, and
`the like), a plurality of readers, and a plurality of mobile
`devices. Each of the plurality of mobile devices has a memory
`associated With them that stores credential information. The
`readers are typically associated With a particular asset (e. g., a
`door permitting access to a secure room, a computer permit
`ting access to secure information, a lock permitting access to
`a safe, etc.). The readers communicate With the mobile
`devices to determine if the credential information stored on
`the memory of the mobile device permits the person using the
`mobile device to access a particular asset. Credential infor
`mation is veri?ed at the reader then transmitted to the con
`troller in order to notify security personnel or the like about
`the activity that has just taken place at the reader. When
`credential information is changed at the controller (e.g.,
`access rights for a particularuser of a mobile device have been
`partially or fully revoked, updated, enabled, augmented,
`added, etc.), that changed information is relayed to the mobile
`device via a communication netWork. The memory of the
`mobile device is then updated to re?ect the change that Was
`logged at the controller.
`As used herein, a “credential” or “credential information”
`is any data, set of data, encryption scheme, key, and/ or trans
`mission protocol used by a particular mobile device to verify
`its authenticity With a reader/interrogator.
`In another embodiment of the present invention, a system
`and method for periodically updating and/or enabling the
`credentials of a mobile device and/or reader is provided.
`Speci?cally, the controller updates the credential information
`of a mobile device on a predetermined periodic basis. Every
`predetermined period (e.g., every second, minute, hour, day,
`etc.) the credentials associated With one or a population of
`mobile devices is updated. At the same time, in one embodi
`ment of the invention, the information relating to the updated
`credentials is relayed to the readers so that When a valid
`mobile device is presented to a reader, the reader is aWare of
`the updated credentials and can assess the validity of the
`mobile device appropriately. Alternatively, or in addition to
`updating the mobile device credentials, the mobile devices
`may require a periodic enablement of their credentials in
`order to maintain their validity. For example, the credential
`information associated With a particular mobile device may
`not change, but the information Will be erased, expire, or the
`mobile device may not be alloWed to transmit its credential
`information if it does not receive the periodic enablement
`messages from the controller. Therefore, When a user is no
`
`50
`
`55
`
`60
`
`65
`
`UniKey Exhibit 1001, Page 9
`
`

`

`US 7,706,778 B2
`
`5
`mobile devices 112 1_ k such that n and k are integers Wherein
`n and k are greater than or equal to one, and typically k is
`greater than n. The plurality of readers 108M may include
`readers 108 of the same type, as Well as readers of different
`types. For example, a subset of the plurality of readers 108144
`may be legacy readers (e.g. readers using older transmission
`protocols). Whereas another subset of the plurality of readers
`108M may be neWer readers utiliZing improved and/or more
`secure protocols.
`In the depicted embodiment, the readers 108 are coupled to
`the controller 102 via the interconnecting hub 104 through
`interfaces 124 and 128. In an alternate embodiment, the read
`ers 108 may be directly coupled to the respective inputs/
`outputs of the controller 102 via interface 129. Interfaces 124
`and 128 betWeen the readers 108, the hub 104, and the con
`troller 102 and interface 129 are generally bi-directional
`interfaces, Which may selectively be implemented in a form
`of Wired, Wireless, ?ber-optic communication links, or com
`binations thereof. Even though the interfaces 124, 128, and
`129 are depicted as bi-directional interfaces, one of skill in art
`can appreciate that the interfaces 124, 128, and 129 may be
`implemented as unidirectional interfaces that use a unidirec
`tional communication protocol, for example, the Wiegand
`protocol.
`As can be appreciated by one of skill in the art, the inter
`faces 124, 128, and 129 may be implemented utiliZing buses
`or other types of connections. For example, the I/O ports may
`be one or more of a USB port, parallel port, serial port, Small
`Computer Systems Interface (SCSI) port, modem, Ethernet,
`and/or an RF interface. The protocols used to communicate
`betWeen the controller 102 and the readers 108 may include
`one or more of the TCP/IP protocol, RS 232, RS 485, Current
`Loop, PoWer of Ethernet (POE), Bluetooth, ZigBee, GSM,
`WiFi, and other communication methods and protocols
`knoWn in the art.
`Bi-directional RF interfaces 120 betWeen a reader 108 and
`a mobile device 112 are automatically established When the
`mobile device 112 is placed Within an active Zone (not shoWn)
`of the interrogating reader 108. The active Zone of the reader
`108 is de?ned as a three dimensional space Where the inten
`sity of RF signals emitted by the reader exceeds a threshold of
`sensitivity of the mobile device 112 and the intensity of RF
`signals emitted by the mobile device 112 exceeds a threshold
`of sensitivity of the reader 108. The interface 120 shoWn can
`be betWeen one or a number of readers 108 and one or a
`number of mobile devices 11. Furthermore, the interface 120
`may utiliZe knoWn methods and protocols including NFC
`protocol, Infra Red communication methods, Bluetooth, Zig
`Bee, GSM, WiFi, and/or other protocols knoWn to those of
`skill in the art.
`The controller 102 may be a general-purpose computer
`adapted for multi-task data processing and suitable for use in
`various settings including, but not being limited to, business,
`commercial, residential, and industrial settings. Examples of
`suitable types of controllers 102 include, but are not limited
`to, a control panel, a number of control panels, a host com
`puter, a processor, a server, combinations thereof, and other
`controllers knoWn to those of skill in the art. A memory of the
`controller 102 comprises softWare program(s) containing a
`database of records for the access system 100. Alternatively,
`a database 130 may be separated from the controller 102 as
`depicted in FIG. 1. The database 130, Whether integral to the
`controller 102, separate from the controller 102, or both,
`maintains records associated With the readers 108, mobile
`devices 112 and their respective holders orusers, algorithm(s)
`for acquiring, decoding, verifying, and modifying data con
`tained in the mobile device, algorithm(s) for testing authen
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`ticity and validity of the mobile devices 112, and algorithm(s)
`for implementing the results of these tests. Speci?c con?gu
`rations of the controller 102 are determined based on and
`compliant With computing and interfacing capabilities of the
`readers 108 and/or the hub 104. As used herein, in reference
`to an individual or an object associated With a mobile device
`112, the terms a “holder” and a “user” are used interchange
`ably.
`Each reader 108 is adapted for exchanging information
`With the controller 102 and for requesting data from the
`mobile device 112 to verify the authenticity of the mobile
`device. Typically, a reader 108 is associated With a particular
`asset (e. g., a door protecting access to a secure room, a com
`puter lock protecting sensitive information or computer ?les,
`a lock on a safe, and the like). In one embodiment, upon
`veri?cation of credential information stored on the mobile
`device 112, the reader 108 generates signals facilitating
`execution of the results of interrogating the mobile device
`(e.g., engages/disengages a locking mechanism, alloWs/dis
`alloWs movement of a monitored article, temporarily disables
`itself, activates an alarm system, provides access to a com
`puter system, provides access to a particular document, and
`the like). Alternatively, the controller 102 may generate such
`signals.
`In addition to being proximity readers (e.g. readers that
`verify authenticity of smart cards, mobile devices and the
`like) the readers 108 may also have additional functionality.
`The readers 108 may include a keypad or other user input
`devices for receipt of additional user knoWn passWords, con
`tact card identi?cation devices, and biometric authentication
`devices including voice recognition, retina scanners, ?nger
`print analyzers, facial feature analyzers, and the like.
`In accordance With embodiments of the present invention,
`a stand-alone reader 108 may be utiliZed to perform the func
`tionality of both the reader 108 and the controller 102. This
`stand-alone reader 108 may include, or have access to, the
`database 130 that contains data used to determine the authen
`ticity of a mobile device 112 and/ or algorithm(s) used to make
`the determination of authenticity of the mobile device 112. A
`determination of authenticity for a mobile device 112 is made
`at the receiving point rather than having to transmit data
`across a netWork from the reader 108 to a controller 102 in
`order to make a determination of authenticity. The stand
`alone reader is further operable to execute instructions based
`upon the analysis of the mobile device 112.
`A user typically carries the mobile devices 112 in order to
`verify his/her identity to a reader 108. Acceptable mobile
`devices 112 include, mobile cellular phones, personal digital
`assistants (PDAs), BlackberrysTM, or any other mobile com
`munication device that can be enabled for use in the access
`system 100 described. Essentially, the mobile device 112 can
`perform functions associated With typical mobile devices and
`can also act like a smart card, RFID, or other type of identi
`?cation device. Typical identi?cation devices utiliZe various
`protocols to communicate their credential information to a
`reader in order to gain access to a particular asset. The mobile
`devices 112, in accordance With embodiments of the present
`invention, are enabled to communicate With readers 108 in a
`similar fashion to that of smart cards and the like.
`In accordance With embodiments of the present invention,
`the controller 102 is able to communicate With at least one of
`the plurality of the mobile devices 112 using a communica
`tion netWork 116. The communication netWork 116 utiliZed
`may be a conventional mobile radio netWork, for example, a
`GSM netWork, a Digital Cellular System (DCS), or Personal
`Communications Systems (PCS). The interface 132 may be a
`Wired or Wireless interface alloWing the controller 102 to
`
`UniKey Exhibit 1001, Page 10
`
`

`

`US 7,706,778 B2
`
`7
`communicate With various other entities connected to the
`communication network 116. The mobile device 112 com
`municates With the communication network 116 via interface
`136. The communication netWork 116 provides a Way for the
`controller 102 to automatically notify and/ or update informa
`tion to the mobile devices 112 related to the access system
`100. Additionally, the communication netWork 116 alloWs
`mobile devices 112 to communicate With each other.
`Referring noW to FIG. 2, an exemplary mobile device 112
`Will be described in accordance With embodiments of the
`present invention. In the depicted embodiment, the mobile
`device 112 comprises a memory 200, a processor 204, an RF
`receiver/transmitter 208 including an RF modulation/de
`modulation unit 212 and an RF antenna 216 for communica
`tion With a reader 108, an RF receiver/transmitter 230 includ
`ing an antenna 226 and an RF modulation/demodulation unit
`230 for communication With the communication netWork
`116, an optional RF recti?er 220, and a poWer source 224. The
`processor 204 (e. g., an application speci?c integrated circuit
`(ASIC), microprocessor, programmable controller, or the
`like) uses bi-directional interfaces to communicate With vari
`ous other parts of the mobile device 112.
`One or more of the above-noted parts, of the mobile device
`may be located on a subscriber identi?cation module (SIM)
`card, Which identi?es the user in the communication netWork
`116. SIM cards are already utiliZed noW in GSM, DCS, or
`PCS mobile apparatus, among other things. Also, the SIM
`card may be either a full-siZed card or a plug-in card; it is
`connected to the mobile device through a contact region (not
`shoWn) on the surface of the card. Other card formats, as Well
`as contact lists SIM cards, may, hoWever, likeWise be used
`Within the scope ofthis invention. US. Pat. No. 6,859,650 to
`Ritter, Which is herein incorporated by this reference in its
`entirety, describes using a SIM card located in a mobile
`device and an interface to communicate With external
`devices, Without use of a mobile radio netWork.
`As can be seen in FIG. 2, the mobile device 112, in one
`embodiment, communicates With external devices via tWo
`bi-directional interfaces 120 and 136. For example, the inter
`face 120 Where the RF antenna 216 transmits RF signals
`through free-space to be received by the reader 108. The
`reader 108 has a transceiver mounted thereon to receive the
`RF signals transmitted by the mobile device 112. The RF
`antenna 216 used by the mobile device 112 to create interface
`120 may be a coil made by Winding of a Wire, by printing or
`etching of a conductor ?lm, or With strip lines. Depending on
`the application, a transmission frequency, for instance, of 125
`kHZ, 13.56 MHZ, 400 MHZ or 5.2 GHZ is used, the applied
`frequency also being dependent on the data transmission
`Where needed. A frequency of about 13.56 MHZ is preferred.
`HoWever, in order to ensure compatibility With the readers
`108, various other frequencies may be used. Through inter
`face 120, the mobile device 112 and the reader 108 can
`exchange data and programs With each other Without contact
`and Without making use of the communications netWork 116.
`As noted above, the interface 120 is created When the mobile
`device 112 enters an active region of a reader 108.
`The memory 200 of the mobile device 112 generally com
`prises at least one array of non-volatile memory cells, e.g.,
`static random access memory (SRAM) cells or Flash
`Memory Cells, among other types of non-volatile memory
`cells. The memory 200 may also comprise at least one array of
`dynamic random access memory (DRAM) cells. Therefore a
`content of at least a portion of the memory 200 may be
`pre-programmed and Write protected thereafter, Whereas the
`
`20
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`content of other portions of the memory 200 may be selec
`tively modi?ed and/or erased by the controller 102 and/or the
`reader 108.
`The mobile device 112, according to embodiments of the
`present invention, is used as an identi?cation device. Identi
`?cation information is preferably loaded into a secure area of
`the memory 200 Where it can be accessed by the processor
`204 to communicate to readers 208 via interface 120. Infor
`mation loaded on the memory 200 may include credential
`information of the user of the mobile device 112, for instance,
`unique IDs, manufacture IDs, passWords, keys, encryption
`schemes, transmission protocols, and the like. Additionally,
`the memory 200 may contain executable functions that are
`used by the processor 204 to run other components of the
`mobile device 112. When presented to a reader 108, the RF
`antenna 216 typically receives interrogating signals via inter
`face 120. The