111111
`
`1111111111111111111111111111111111111111111111111111111111111111111111111111
`US 20210319639Al
`
`(19) United States
`c12) Patent Application Publication
`HO et al.
`
`(54) SYSTEM AND METHOD FOR MANAGING
`ELECTRONIC LOCKS
`
`(71) Applicant: IGLOOCOMPANY PTE. LTD.,
`Singapore (SG)
`
`(72)
`
`Inventors: Khee Kien HO, Singapore (SG);
`Sastra WINARTA, Singapore (SG);
`Chun Chiang Eric CHAN, Singapore
`(SG)
`(73) Assignee: IGLOOCOMPANY PTE. LTD.,
`Singapore (SG)
`
`(21) Appl. No.:
`
`17/251,489
`
`(22) PCT Filed:
`
`Jun. 13, 2019
`
`(86) PCTNo.:
`§ 371 (c)(l),
`(2) Date:
`
`PCT /SG2019/050297
`
`Dec. 11, 2020
`
`(30)
`
`Foreign Application Priority Data
`
`Jun. 13, 2018
`
`(SG) ............................ 10201805051P
`
`(10) Pub. No.: US 2021/0319639 A1
`Oct. 14, 2021
`(43) Pub. Date:
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`G07C 9100
`G07C 9122
`(52) U.S. Cl.
`CPC ..... G07C 9100571 (2013.01); G07C 2209/08
`(2013.01); G07C 9122 (2020.01)
`
`(2006.01)
`(2006.01)
`
`(57)
`
`ABSTRACT
`
`An access management system and a method for managing
`electronic locks are disclosed. The system comprises a user
`management module configured to provision access rights to
`an authorized user associated with the electronic lock,
`wherein a first factor authentication data is configured to be
`associated with the authorized user. The system comprises a
`server arranged in wireless communication with the access
`management system and each electronic lock associated
`with each of the plurality of entry points. The server is
`configured to perform a first factor authentication and a
`second factor authentication of the user for releasing the
`electronic lock for entry to the authorized user of the entry
`point.
`
`4DS
`
`Rec~~v:: ~ fk:;:t h.ct>x authe:ntlc:.at:ort
`d.at:;~ irorn .a us;e:r
`
`Co---:<:):::r::: f~~ fa>::.t'~' Z!..tt!~e~<'ti@fu~"J ·~:a t~ fl~
`faLtrJ~~ ~rt-~::k!3"~i,~-:: m-r:a .rt,:::~d kl: ~o:,l'f5
`
`Gerl:::or.aJe;:::. 5-t=C::}n-d f;'!::Gt~::-r
`attthent~-eatit:;"l data
`
`S:?nd the :::.2-:::a~xi f.a·::tar ~:,;i.henticaEJ.o.:~
`d-ata to use~- dev~e2v~a co:rnnis.=r:!catlr:.n
`-::-h~nne~s
`
`R~~.:-ve the seco::-:1 ~sd·:x
`ac.ith'2-r)tfcat~nn rx~s.s.::::ude frt:'m s;s~r
`
`C:::~mpare :<er,)f;.d f;a·cto; as:tb-e:~H~i::tlor:;
`,Jat~ rer:eh.·--ed by ~:~er tc s€-cund f.actc·r
`a<...-the~-::ti(;ati·::·:~ d.ats gene:~t:ed
`
`..-
`
`iApartments Ex. 1008
`
`Page 1 of 17
`
`

`

`Patent Application Publication Oct. 14, 2021 Sheet 1 of 5
`
`US 2021/0319639 A1
`
`Fig. 1
`
`RD~.e: ~-;-~3~-::ag-en~e~~t
`
`t\-~\:'ld::..de
`
`~~~-~v··:r
`
`ACCESS Cad~
`Ge:ner~t•:..Jf
`
`~uc[i p-.,'}anagem·ent
`Morlu:~€:
`
`T
`
`~
`
`.....;I ......
`EJ
`..
`•
`
`r J
`
`-..(
`/
`
`iApartments Ex. 1008
`
`Page 2 of 17
`
`

`

`Patent Application Publication
`
`Oct. 14, 2021 Sheet 2 of 5
`
`US 2021/0319639 A1
`
`Fig. 2
`
`100
`
`I '"" \
`
`.Access !V1anagEment
`svstem
`
`a • •
`
`\ ·~
`150
`
`j
`
`161
`
`311
`
`312.
`
`iApartments Ex. 1008
`
`Page 3 of 17
`
`

`

`Patent Application Publication Oct. 14, 2021 Sheet 3 of 5
`
`US 2021/0319639 A1
`
`210
`211
`213
`. - . - . - . - . - .r:::. - . - . - . - . ...,..-;:.. . - . - . - . - . F: - . - . - . - ..-.:·. - . - . - . ,
`i
`!
`.J
`)
`)
`j
`E!;;.ctmnic lo6;
`2
`
`Fig. 3
`
`100
`
`A<x~s~. Ma~"iilgf'mer;t
`Sy.stem
`
`/
`16:1
`
`iApartments Ex. 1008
`
`Page 4 of 17
`
`

`

`Patent Application Publication Oct. 14, 2021 Sheet 4 of 5
`
`US 2021/0319639 A1
`
`Fig. 4
`
`A\~a~t input fran~ user
`('J .___ ______ ..,.... _____ ____.
`
`410
`}
`
`.~---
`
`412
`I
`.,.._ ..... .....-
`
`41.4
`
`416
`
`41S
`_, . ./
`
`410
`
`Co.···n:~r:: f~r~ fa~::t-,;):! ~l~f~·=•r:ticatio:) &ta t).J: fSr~
`factu~ 5'ilt.r::eorr~kE~i::::~v:: d:::ta :St,:J~d b.""t.~~ ... ·er
`
`S.end the :S-2{GSX~ f~ctor at:then'ticatiOB
`da::ta to user dev~c~ v~a cc::rnn::s.:nh:.ati;-)r~
`ch~rmels
`
`RE[2:i¥E th-e SE:CD{'Sd ·f3-c:t.;::-:;
`a:1th~r:;tfcat~nn p8~s-code f:on~ use:
`
`Compar-e s:eror::d factor authent~rBtion
`d:ctt« reo::+!t.o~d by :;j~er tc :;~cund f.actor
`s~ihe·n:·~icati-Gn -d~"ta gene:-ate:d
`
`421
`... -·-··-·_;.
`
`iApartments Ex. 1008
`
`Page 5 of 17
`
`

`

`Patent Application Publication Oct. 14, 2021 Sheet 5 of 5
`
`US 2021/0319639 A1
`
`Fig. 5
`
`/" 110
`r----------------------~-----------------,
`250
`f
`~nptJt Devk-e
`
`(
`
`221
`
`.NO
`
`220
`
`131
`
`(
`
`255 j
`
`Prcximitv
`Det.ectk:m
`fv~·rn~hJlE:
`
`Loc.::rkm
`Dete<tion
`:f\'1cdu::J?
`
`\'\lire~ess
`Transc~::dver
`
`:B;om€trk
`'>ensor
`
`Tamp<er
`detr::(tion
`mcd!lle
`
`2.53
`j
`
`2~.<'1
`I
`
`/
`
`255
`)
`
`100
`
`Ao.::.es:-1 Management
`sv·::te-rn
`
`161
`
`160
`
`iApartments Ex. 1008
`
`Page 6 of 17
`
`

`

`US 2021/0319639 AI
`
`1
`
`Oct. 14, 2021
`
`SYSTEM AND METHOD FOR MANAGING
`ELECTRONIC LOCKS
`
`TECHNICAL FIELD
`[0001] The present disclosure generally relates to elec-
`tronic locks. More particularly, the present disclosure relates
`to access management systems and methods and electronic
`locking devices with multi-factor authentication.
`
`BACKGROUND
`[0002] The following discussion of the background to the
`invention is intended to facilitate an understanding of the
`present invention. However, it should be appreciated that the
`discussion is not an acknowledgment or admission that any
`of the material referred to was published, known or part of
`the common general knowledge in any jurisdiction as at the
`priority date of the application.
`[0003] Currently, there is a growing trend in the use of
`smart locks in the home to restrict access to authorized
`individuals. Some smart locks typically require a user to use
`an application on the mobile device to unlock the smart lock
`for the home. Such smart locks usually rely on single factor
`authentication methods, either via a personal identification
`number (PIN), a card or use of biometric data access.
`[0004] However, in the enterprise setting, for example,
`real estate management companies that manage multiple
`residential or commercial units or multiple entry points,
`these residential or commercial units are prone to security
`breaches as physical keys to these units may be misplaced or
`easily duplicated and fall into the hands of unauthorised
`users. Short term occupants of these units may have to
`coordinate key exchanges with building and property man-
`agers who may not be available around the clock. If resi-
`dential or commercial units utilise smart locks for their
`residential or commercial unit to manage access, smart locks
`that rely on single factor authentication methods are also
`prone to security breaches as tokens and PINs may be easily
`shared with unauthorized users.
`[0005] Additionally, real estate managers typically man-
`age multiple residential and commercial units at a time, and
`they frequently issue keys or passcodes to third parties with
`various roles who require access to the residential or com-
`mercial units for varying lengths of time. For example, a
`handyman or technician may only be given access rights for
`a single visit while a cleaner may have a longer term access
`rights. Real estate managers may find it difficult to manage
`the duration of access rights given to various people and
`lapses in administration can lead to security breaches.
`[0006] Within the fleet management industry, operators
`manage commercial vehicles such as cars, vans, trucks,
`specialist vehicles, trailers, ships and rail cars in trains.
`Some of these commercial vehicles may carry high-value
`cargo which are prone to being stolen or hijacked during
`transportation to its intended destination. Typicality, these
`high-value cargo may be secured by locks or electronic
`locks. However, with the increased sophistication of orga-
`nized crime, these electronic locks may not provide enough
`security to prevent the high-value cargo from being stolen.
`Infrastructure management, particularly the secu-
`[0007]
`rity of high security critical installations such as power
`generation plants, cell towers, water supply installations,
`data centers, buildings housing essential services, requires
`increased security measures in the light of threat of terrorist
`
`attacks and cyberterrorism. These critical installations may
`be in remote areas that are secured by locks or electronic
`locks which may be prone to being hacked, or lapses in
`procedures amongst employees or security personnel may
`cause issued keys or passcodes to fall into unauthorised
`users, leading to security breaches.
`[0008] The present invention attempts to address or to
`overcome at least some of the aforementioned problems.
`Accordingly, it would be desirable to provide an efficient
`method and system for controlling access to multiple entry
`points secured by electronic locks. Accordingly, it would be
`desirable to improve the security, efficiency and flexibility of
`building and residential management operators managing
`multiple entry points secured by electronic locks. Accord-
`ingly, it would be desirable to provide reassurance and
`increased security to individual owners of highly secured
`areas, residential or commercial units that their properties
`can only be accessed by authorized users.
`
`SUMMARY OF THE INVENTION
`[0009] Throughout this document, unless otherwise indi-
`cated to the contrary, the terms "comprising", "consisting
`of', and the like, are to be construed as non-exhaustive, or
`in other words, as meaning "including, but not limited to".
`In accordance with a first aspect of the invention,
`[0010]
`there is disclosed an access management system for con-
`trolling access to a plurality of entry points each secured by
`an electronic lock, comprising a user management module
`configured to provision access rights to an authorized user
`associated with the electronic lock, wherein a first factor
`authentication data is configured to be associated with the
`authorized user; at least one server arranged in wireless
`communication with the access management system and
`each electronic lock associated with the each of the plurality
`of entry points; wherein the at least one server is configured
`to: receive, by the server, an input first factor authentication
`data from the authorized user; determine if the input first
`factor authentication data corresponds with the first factor
`authentication data associated with the authorized user of the
`electronic lock; generate, by the server, a second factor
`authentication data configured for transmission to a user
`device of the authorized user, in response to the input first
`factor authentication data matching the first factor authen-
`tication data associated with the authorized user; receive, by
`the server, an input second factor authentication data from
`the authorized user; perform a second factor authentication
`of the user, wherein the second factor authentication
`includes determining that the input second factor authenti-
`cation data corresponds with the second factor authentica-
`tion data; release, by the electronic lock, a locking mecha-
`nism into an open position for granting entry to the
`authorized user of the entry point, in response to the input
`second factor authentication data matching the second factor
`authentication data generated by the server.
`[0011] Preferably, a grant access module is configured to
`assign an authorized time period to the authorized user,
`wherein the authorized time period defines a first time period
`when the authorized user is authorized to unlock the elec-
`tronic lock and a second time period when the authorized
`user is not authorized to unlock the electronic lock.
`[0012] Preferably, a role management module is config-
`ured to assign a predetermined role to the authorized user,
`wherein the predetermined role is associated with a prede-
`
`iApartments Ex. 1008
`
`Page 7 of 17
`
`

`

`US 2021/0319639 AI
`
`2
`
`Oct. 14, 2021
`
`termined authorized time period when the authorized user is
`authorized to unlock the electronic lock.
`[0013] Preferably, a lock management module is config-
`ured to create a predetermined virtual perimeter around an
`intended destination, wherein the electronic lock is activated
`to receive a first factor authentication data when the elec-
`tronic lock is within the predetermined virtual perimeter
`around the intended destination, and deactivated to receive
`the first factor authentication data when the electronic lock
`is outside the predetermined virtual perimeter around the
`intended destination.
`[0014] Preferably, the first factor authentication data
`includes any one of the following: a unique passcode, a
`biometric signature or a secret key.
`[0015] Preferably, the input first factor authentication data
`is received by a gateway device in wireless communication
`with the electronic lock, wherein the gateway device is
`configured for transmitting the input first factor authentica-
`tion data to the application server.
`[0016] Preferably, the one or more electronic lock each
`includes a memory and a wireless transceiver in data com-
`munication with the memory, wherein the memory is con-
`figured to synchronize the plurality of first factor authenti-
`cation data with the application server at a predetermined
`time interval.
`[0017]
`In accordance with another aspect of the invention,
`there is provided a method for controlling access to a
`plurality of entry points each secured by an electronic lock
`controlled by a lock controller having a memory, the method
`comprising the steps of: storing a plurality of first factor
`authentication data, wherein each of the plurality of first
`factor authentication data is associated with an authorized
`user of one or more of the electronic locks; receiving, by an
`application server configured for wireless communication
`with the electronic lock and a user device of the authorized
`user, an input first factor authentication data from the
`authorized user; determining if the input first factor authen-
`tication data corresponds with the first factor authentication
`data associated with the authorized user of one or more of
`the electronic locks; generating, by the application server, a
`second factor authentication data configured for transmis-
`sion to the user device of the authorized user, in response to
`the input first factor authentication data matching the first
`factor authentication data associated with the authorized
`user of the one or more electronic locks; receiving, by the
`application server, an input second factor authentication data
`from the authorized user; performing a second factor authen-
`tication of the authorized user, wherein the second factor
`authentication includes determining that the input second
`factor authentication data corresponds with the second factor
`authentication data; releasing, by the electronic lock, a
`locking mechanism into an open position for granting entry
`to the authorized user, in response to the input second factor
`authentication data entered by the authorized user matching
`the second factor authentication data.
`[0018] Preferably, the first factor authentication data
`includes any one of the following: a unique passcode, a
`biometric signature or a secret key.
`[0019] Preferably, the biometric signature includes any
`one of the following: a fingerprint information or a facial
`profile information.
`[0020] Preferably, the plurality of first factor authentica-
`tion data are stored in a lock user database of the application
`server.
`
`[0021] Preferably, the input first factor authentication data
`is received by a gateway device in wireless communication
`with the electronic lock, wherein the gateway device is
`configured for transmitting the input first factor authentica-
`tion data to an application server.
`[0022] Preferably, the input first factor authentication data
`is received by an application server configured for wireless
`communication with the electronic lock, wherein the wire-
`less communication further includes any one of the follow-
`ing: Sigfox, Lora, or Narrow-Band loT technologies.
`[0023] Preferably, the electronic lock further includes a
`wireless
`transceiver
`in data communication with the
`memory, wherein the memory is configured to synchronize
`the plurality of first factor authentication data stored on the
`application server at a predetermined time interval.
`[0024] Preferably, the input first factor authentication data
`is received by the user device of the authorized user and
`transmitted wirelessly to the electronic lock through short-
`range wireless communication technology.
`[0025] Preferably, the user device includes any one of the
`following: a mobile device, an electronic token or a software
`token.
`[0026] Preferably, the input second factor authentication
`data includes any one of the following: a one-time passcode,
`a time-based one-time passcode, a biometric signature or a
`secret key.
`[0027] Preferably, the input second factor authentication
`data is received by the user device of the authorized user and
`transmitted wirelessly to the electronic lock through short-
`range wireless communication technology.
`[0028] Preferably, the input second factor authentication
`data is configured for transmission to the user device via any
`one of the following communication channels: Short-Mes-
`saging System, Email, or Whatsapp.
`[0029] Preferably, the method further comprises the steps
`of: logging an event in the lock controller, wherein the event
`corresponds to a date and time stamp of an instance when the
`input first factor authentication data does not match the first
`factor authentication data associated with the authorized
`user of the one or more electronic locks; and sending an
`alarm notification to the authorized user of the one or more
`electronic locks.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`[0030]
`In the drawings, like reference characters generally
`refer to the same parts throughout the different views. The
`drawings are not necessarily to scale, emphasis instead
`generally being placed upon illustrating the principles of the
`invention. The dimensions of the various features or ele-
`ments may be arbitrarily expanded or reduced for clarity. In
`the following description, various embodiments of the
`invention are described with reference to the following
`drawings, in which:
`[0031] FIG. 1 shows a block diagram of an access man-
`agement system according to various embodiments;
`[0032] FIG. 2 shows a high-level overview of the access
`management system interacting with other components of
`the system according to various embodiments;
`[0033] FIG. 3 shows a high-level overview of the access
`management system interacting with other components of
`the system according to various embodiments;
`[0034] FIG. 4 illustrates a flow diagram of the process of
`unlocking an electronic according to various embodiments;
`
`iApartments Ex. 1008
`
`Page 8 of 17
`
`

`

`US 2021/0319639 AI
`
`3
`
`Oct. 14, 2021
`
`[0035] FIG. 5 illustrates a high-level block diagram show-
`ing the internal components of the electronic lock according
`to various embodiments.
`
`DETAILED DESCRIPTION
`[0036] The following detailed description refers to the
`accompanying drawings that show, by way of illustration,
`specific details and embodiments in which the invention
`may be practiced. These embodiments are described in
`sufficient detail to enable those skilled in the art to practice
`the invention. Other embodiments may be utilized and
`structural, and logical changes may be made without depart-
`ing from the scope of the invention. The various embodi-
`ments are not necessarily mutually exclusive, as some
`embodiments can be combined with one or more other
`embodiments to form new embodiments.
`[0037] By way of example, an element, or any portion of
`an element, or any combination of elements may be imple-
`mented as a "processing system" that includes one or more
`processors. Examples of processors include microproces-
`sors, microcontrollers, graphics processing units (GPUs),
`central processing units (CPUs), application processors,
`digital signal processors (DSPs ), reduced instruction set
`computing (RISC) processors, systems on a chip (SoC),
`baseband processors, field progrannnable gate arrays (FP-
`GAs ), programmable logic devices (PLDs ), state machines,
`gated logic, discrete hardware circuits, and other suitable
`hardware configured to perform the various functionality
`described throughout this disclosure. One or more proces-
`sors in the processing system may execute software. Soft-
`ware shall be construed broadly to mean instructions,
`instruction sets, code, code segments, program code, pro-
`grams, subprograms, software components, applications,
`software applications, software packages, routines, subrou-
`tines, objects, executables, threads of execution, procedures,
`functions, etc., whether referred to as software, firmware,
`middleware, microcode, hardware description language, or
`otherwise.
`[0038] Accordingly, in one or more example embodi-
`ments, the functions described may be implemented in
`hardware, software, or any combination thereof. If imple-
`mented in software, the functions may be stored on or
`encoded as one or more instructions or code on a computer-
`readable medium.
`In the specification the term "comprising" shall be
`[0039]
`understood to have a broad meaning similar to the term
`"including" and will be understood to imply the inclusion of
`a stated integer or step or group of integers or steps but not
`the exclusion of any other integer or step or group of integers
`or steps. This definition also applies to variations on the term
`"comprising" such as "comprise" and "comprises".
`In order that the invention may be readily under-
`[0040]
`stood and put into practical effect, particular embodiments
`will now be described by way of examples and not limita-
`tions, and with reference to the figures. It will be understood
`that any property described herein for a specific system may
`also hold for any system described herein. It will be under-
`stood that any property described herein for a specific
`method may also hold for any method described herein.
`Furthermore, it will be understood that for any system or
`method described herein, not necessarily all the components
`or steps described must be enclosed in the system or method,
`but only some (but not all) components or steps may be
`enclosed.
`
`[0041] The term "coupled" (or "connected") herein may
`be understood as electrically coupled or as mechanically
`coupled, for example attached or fixed, or just in contact
`without any fixation, and it will be understood that both
`direct coupling or indirect coupling (in other words: cou-
`pling without direct contact) may be provided.
`[0042] To achieve the stated features, advantages and
`objects, the present disclosure provides solutions that make
`use of computer hardware and software to improve the
`security and efficiency of authentication of an electronic
`lock. The present disclosure provides for an access manage-
`ment system for controlling multiple entry points each
`secured by an electronic lock with an associated number of
`authorized users. The present disclosure can be applied to
`electronic locks with multi-factor authentication capabili-
`ties. These electronic locks include electronic locks with no
`capability of connection to a network or to the access
`management system or to electronic locks that are config-
`ured for access to a network or to the access management
`system.
`[0043] Electronic locks for use with the access manage-
`ment system may rely on a single factor or multi-factor
`authentication methods for unlocking the electronic locks.
`Where increased security is desired, multi-factor authenti-
`cation is used. A multi-factor authentication is based on two
`or more authentication factors, and these factors are based
`on what the user knows and who the user is. For example,
`authentication factors that are based on what the user knows
`may include a pre-configured password issued by the owner
`or administrator, or a server-generated password or a one-
`time password. Authentication factors that are based on who
`the user is include biometric information which may include
`facial recognition, fingerprint information, retinal informa-
`tion or voice recognition.
`In some embodiments, electronic locks with multi-
`[0044]
`factor authentication methods are used. The electronic lock
`could be a lock system where the user is required to register
`at least a first factor authentication data and a second factor
`authentication data locally on the electronic lock. The first
`factor and second factor authentication data may be stored
`on the memory of the electronic lock. For example, the
`electronic lock includes an input device. The input device
`may include a keypad, an access card reader and/or a
`biometric sensor (e.g. Fingerprint information or facial
`information). An access right owner or administrator may
`register the first authentication data (for example, a pass-
`word) and the second authentication data (for example, his
`fingerprint) for storage on the memory of the electronic lock.
`On requesting for access, he enters the first authentication
`data, followed by the second authentication data via his
`fingerprint information on the biometric sensor before the
`electronic lock opens and allows access. The lock may take
`many physical form factors including padlocks, deadbolts,
`mortises, rim locks, latches or even electro-magnetic door
`locks.
`In another embodiment, the electronic lock may be
`[0045]
`configured to receive a secret key from a user device that is
`in wireless communication with the electronic lock. For
`example, the electronic lock may include a wireless trans-
`ceiver and processor that are configured to wirelessly
`receive a secret key from the user device without requiring
`any manual input in the electronic lock. The secret key,
`which involves the use of secret key cryptography using
`symmetric-key algorithms, are algorithms for cryptography
`
`iApartments Ex. 1008
`
`Page 9 of 17
`
`

`

`US 2021/0319639 AI
`
`4
`
`Oct. 14, 2021
`
`that uses the same cryptographic keys for both encryption of
`plaintext and decryption of ciphertext and are well-known in
`the art. For example, secret key cryptographic algorithms
`such as DES, 3-DES, IDEA, Blowfish and Advanced
`Encryption Standard (AES) may be used. The keys may be
`identical or there may be a simple transformation to go
`between the two keys. The user device may be a computer,
`laptop, handheld computer, mobile communication device,
`smartphone, tablet, loT device, a hardware token, a software
`token, or any other device capable of sending and/or receiv-
`ing over the network. For example, the wireless transceiver
`of the electronic lock is capable of receiving data via
`short-range wireless communication protocols such as Blu-
`etooth or Bluetooth Low Energy. In some embodiments, the
`user may present a user device containing a secret key in
`close proximity to the electronic lock, which causes the
`secret key to be transmitted wirelessly to the electronic lock,
`and once the electronic lock validates the first factor authen-
`tication, the user thereafter presents a second factor authen-
`tication data. The second factor authentication data may
`include a unique passcode, an access card or biometric data.
`The electronic lock may remain connected to the user device
`via Bluetooth and send events to the access management
`system via the internet using the user device as a conduit, as
`well as all other events whilst it is connected to the user
`device.
`[0046]
`In various embodiments, and for the purposes of
`managing access for multiple locks each secured by an
`electronic lock in one or more locations, electronic locks
`with multi-factor authentication methods are used. A remote
`access management system may be utilized to manage the
`multiple locks. An administrator of the access management
`system may provision access right owners who in turn may
`provision access right grantees specific roles and permission
`levels to associated electronic locks. Each access right
`owner and access right grantee may choose a first factor
`authentication data for unlocking the electronic lock and
`each will be requested for a nnique first factor authentication
`data which is saved in a lock user database, details of which
`will be explained hereinafter. The first factor authentication
`data may include a nnique passcode or a biometric signature.
`A biometric signature is a unique physical characteristic of
`a user and can include facial profile information, fingerprint
`information, voice recognition or retinal information of a
`user.
`[0047] FIG. 1 illustrates an access management system
`according to various embodiments. The access management
`system 100 may be used in real estate management operators
`such as commercial buildings, hotels, co-living spaces,
`serviced apartments or suites, short-term accommodation
`units, groups of apartment units managed by a single opera-
`tor, fleet management for management of vehicles transport-
`ing high-value cargo or for management of vehicles, and
`infrastructure management of critical key installations for
`essential services or critical data. The access management
`system 100 may be integrated with existing hotel or accom-
`modation reservation systems, fleet management systems or
`infrastructure management systems. Other means of auto-
`mated import or manual entry of authorized users may be
`provisioned to facilitate integration with the access manage-
`ment system. The access management system 100 offers
`management operators an efficient and secure way of man-
`aging multiple entry points that are each secured by an
`electronic lock. The access management system 100 con-
`
`trois and manages the authorized users who may have access
`to one or more of these entry points with a specific duration
`of access.
`[0048] The access management system 100 may include
`several modules including a user management module 112,
`a role management module 110, a lock management module
`114, a grant access module 116 and a dashboard module 118.
`The system 100 may include an application server 160 in
`communication with a computing device (not shown) over a
`network 150. Although the singular is used to describe the
`application server, an application server 160 as described
`herein may operate as a single computing device, a set of
`computing devices, or a distributed computing cluster. Simi-
`larly, a computing device may be one or more progrannning
`devices capable of running a web application or native
`application to communicate with the application server. The
`application server 160 and/or computing device may have
`one or more processors configured to execute instructions
`retained in the database or memory. In some embodiments,
`application server and/or computing device may include
`servers, computers, laptops, notebooks, portable handheld
`computers, mobile communication devices, smart phones,
`personal digital assistants, tablets, wearable devices, Internet
`of Things (loT) devices, or any other communication
`devices capable of sending and receiving data over the
`network 150.
`[0049] As used herein, the term 'network' refers to a Local
`Area Network (LAN), a Metropolitan Area Network
`(MAN), a Wide Area Network (WAN), a Low Power Wide
`Area Network (LPWAN), a cellular network, a proprietary
`network, and/or Internet Protocol (IP) network such as the
`Internet, an Intranet or an extranet. Each device, module or
`component within the system may be connected over a
`network or may be directly connected. A person skilled in
`the art will recognize that the terms 'network', 'computer
`network' and 'online' may be used interchangeably and do
`not imply a particular network embodiment. In general, any
`type of network may be used to implement the online or
`computer networked embodiment of the present invention.
`The network may be maintained by a server or a combina-
`tion of servers or the network may be serverless. Addition-
`ally, any type of protocol (for example, HTTP, FTP, ICMP,
`UDP, WAP, SIP, H.323, NDMP, TCP/IP) may be used to
`communicate across the network. The devices as described
`herein may commnnicate via one or more such communi-
`cation networks. The communication over the network may
`utilize data encryption. Encryption may be performed by
`way of any of the techniques available now available in the
`art or which may become available.
`[0050] The access management system 100 include vari-
`ous modules that are accessible by administrators and autho-
`rized users via a mobile application or web application for
`configuration, provisioning and deprovisioning of multiple
`authorized users for multiple entry points each secured by an
`electronic lock. A mobile or a web application can be a
`mobile or a web application that runs and be executed on, for
`example, a user device