< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

A Method And A System For Providing Secure Access To A User Device

Abstract: The present disclosure discloses a system and a method for providing secure access to a user device. The system comprises a first access control device provided at a first entry point, a second access control device provided at a second entry point, and a third access control device provided at a third entry point. The first access control device, the second access control device, and the third access control device are placed in sequential order. The system comprises a user device, which sends a request to access the third access control device. The user device comes in proximity to the first access control device. The first access control device authenticates the user device using the authentication token, and provides access to the first entry point. The second access control device provides access to the user device at the second entry point using a blockchain authentication technique ensuring user has crossed first entry point. The third access control device provides access to the user device at the third entry point the blockchain authentication technique ensuring that the user has crossed the first entry point and the second entry point before reaching the third entry point.

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
13 September 2018
Publication Number
12/2020
Publication Type
INA
Invention Field
COMMUNICATION
Status
Email
manisha@lexorbis.com
Parent Application

Applicants

MOBIIKEY TECHNOLOGIES PRIVATE LIMITED
#51/1, 14TH Main, Shubh Enclave, Haralur Road, Off Sarjapur Road, Behind ICICI Bank, HSR Layout, Bangalore, Karnataka- 560102

Inventors

1. Ravichandra Reddy R N
S/o Narayana Reddy M R, 51/1, 14th Main, Shubh Enclave, Haralur Road, behind ICICI bank, HSR Layout, Bangalore –560102
2. Kurimeti Madhu Sudhan Rao
S/o Kurimeti Sankar Rao, Dno: 14-4-35, Flat no: S2, Ratnam Associates, Kolagatla Street, Vizianagaram – 535002 Andhra Pradesh.

Specification

Claims:WE CLAIM:

1. A method of providing secure access to a user device, the method comprising:
identifying, at a first access control device, a user device, wherein the first access control device is provided with an authentication token at a first entry point;
authenticating, by the first access control device, the user device using the authentication token;
providing, by a second access control device, access to the user device at a second entry point, wherein the access is provided using a blockchain authentication technique ensuring user has crossed the first entry point; and
providing, by a third access control device, access to the user device at a third entry point, wherein the access is provided using the blockchain authentication technique ensuring that the user has crossed the first entry point and the second entry point before reaching the third entry point.

2. The method as claimed in claim 1, wherein the second access control device decrypts the token using its public key, verifies its identity and then verifies the signature using the public key of the first access control device from the authentication token, and wherein the third access control device decrypts the token using its public key, verifies its identity and then verifies the signature using the public key of second access control device from the authentication token.

3. The method as claimed in claim 1, wherein the authentication technique comprises of signature based public key cryptography and encryption techniques.

4. The method as claimed in claim 1, wherein the first access control device provides access to the first entry point upon successful authentication of the user device.

5. A method of providing secure access to a user device, the method comprising:
identifying and authenticating a user device by first, second, third access control devices, wherein the access is determined by verifying the digital token using the public key stored in first, second, third access control devices.

6. The method as claimed in claim 5, wherein the digital token comprises of identities of first, second, third access control devices and signed by the private key.

7. A system for providing secure access to a user device, the system comprising:
a first access control device provided at a first entry point, a second access control device provided at a second entry point, and a third access control device provided at a third entry point, wherein the first access control device, the second access control device, and the third access control device are placed in sequential order; and
a user device,
wherein the user device sends a request to access the third access control device, wherein the user device comes in proximity to the first access control device, wherein the first access control device authenticates the user device using an authentication token, and accesses the first entry point,
the second access control device provides access to the user device at the second entry point using a blockchain authentication technique ensuring user has crossed the first entry point; and
the third access control device provides access to the user device at the third entry point using the blockchain authentication technique ensuring that the user has crossed the first entry point and the second entry point before reaching the third entry point.

8. The system as claimed in claim 7, wherein the authentication token comprises of identity, public key of previous entry point and signature signed by private key of previous entry point.

9. The system as claimed in claim 7, wherein the second access control device decrypts the token using its public key, verifies its identity and then verifies the signature using the public key of first access control device from the token, and wherein the third access control device decrypts the token using its public key, verifies its identity and then verifies the signature using the public key of second access control device from the token.

10. The system as claimed in claim 7, wherein the first access control device provides access to the first entry point upon successful authentication of the user device.
, Description:A METHOD AND A SYSTEM FOR PROVIDING SECURE ACCESS TO A USER DEVICE

FIELD OF INVENTION

[01] The present disclosure relates to a field of providing secure access to electronic devices. More particularly, the present disclosure relates to a system and a method of providing secure access to user devices through a series of access points.

BACKGROUND

[02] It is known that many building are provided with security personnel to screen people entering the building. The people may include regular occupants of the building such as employees. Further, the people may include visitor who might be visiting the building for limited number of times based on the need. Typically, the buildings have a single or multiple entry points such as gates, which allows the people to enter into the buildings.

[03] Generally, the regular occupants will be provided with identity cards, which enables the security personnel to identify and allow the regular occupants into the building. However, the security personnel need to verify the visitors for variety of purposes. For instance, the security personnel need to verify the person with whom the visitor wishes to meet. Further, the security personnel need to verify the visitors the purpose and time of the visit.

[04] Currently, the above procedure is manual and is tedious. Further, once the visitor is allowed to enter the building, there is no mechanism to verify movements of the visitor. This is because; the visitor, without knowledge, may enter wrong section of the building. Similarly, even for the regular occupants, there is no mechanism to verify whether they are occupying the intended sections in the building or not.

[05] Also, the current devices like magnetic swipe cards, RF devices to access the buildings are not safe as they can be stolen or lost. They are also vulnerable for cyber security breach. Therefore, It is extremely important to get the security requirements right, to ensure that the vulnerability is kept to a minimum in case of unforeseen situations. Additionally, there is significant efficiency improvement can be achieved by automating the access process.

[06] Therefore, there is a need in the art to provide a system and a method of providing secure access to personnel in a building or at a tollgate.

SUMMARY

[07] The problems in the existing art are met by providing a system and a method providing secure access to personnel in a building or at a tollgate.

[08] In one implementation, a system and a method for providing secure access to a user device is disclosed. The system comprises a first access control device provided at a first entry point, a second access control device provided at a second entry point, and a third access control device provided at a third entry point and so forth. The first access control device, the second access control device, and the third access control device are placed in sequential order. The system comprises a user device, which sends a request to access the first access control device. The user device comes in proximity to the first access control device. The first access control device authenticates the user device using the authentication method, and provides access to the first entry point. The second access control device provides access to the user device at the second entry point using a blockchain authentication technique ensuring user has crossed first entry point. The third access control device provides access to the user device at the third entry point the blockchain authentication technique ensuring that the user has crossed the first entry point and the second entry point before reaching the third entry point.

BRIEF DESCRIPTION OF FIGURES

[09] In the following drawings like reference numbers are used to refer to like elements. Although the following figures depict various examples of the disclosure, and the disclosure is not limited to the examples depicted in the figures.

[010] FIG. 1 illustrates an environment of a system for providing secure access to personnel in a building or at a tollgate, in accordance with one embodiment of the present disclosure;

[011] FIG. 2 illustrates a schematic diagram of a user device accessing a plurality of access control systems in a building, in accordance with one exemplary embodiment of the present disclosure; and

[012] FIG. 3 illustrates a method of providing secure access to personnel in a building or at a tollgate system, in accordance with one embodiment of the present disclosure.

DETAILED DESCRIPTION

[013] The following detailed description is intended to provide example implementations to one of ordinary skill in the art, and is not intended to limit the disclosure to the explicit disclosure, as one of ordinary skill in the art will understand that variations can be substituted that are within the scope of the disclosure as described.

[014] The present disclosure discloses a system and a method for providing secure access to a user device. The system comprises a first access control device provided at a first entry point, a second access control device provided at a second entry point, and a third access control device provided at a third entry point. The first access control device, the second access control device, and the third access control device are placed in sequential order. The system comprises a user device, which sends a request to access the third access control device. The user device comes in proximity to the first access control device. The first access control device authenticates the user device using the authentication token, and provides access to the first entry point. The second access control device provides access to the user device at the second entry point using a blockchain authentication technique ensuring user has crossed first entry point. The third access control device provides access to the user device at the third entry point the blockchain authentication technique ensuring that the user has crossed the first entry point and the second entry point before reaching the third entry point.

[015] Various embodiments of the present disclosure are explained with the help of FIGs 1-3.

[016] Referring to FIG. 1, an environment 100 of a system 105 for facilitating secure access is illustrated, in accordance with which various embodiments of the invention. The environment 100 includes the system 105, at least one user device 110, and two or more access control devices 120.1, 120.2…120.n, collectively termed as the access control devices 120. It should be understood that the system 105 might include a server or a database comprising an application to execute functions for facilitating secure access. Further, it must be understood that the system 105 may be implemented in any different computing systems, environments, and/or configurations such as a workstation, an electronic device, a mainframe computer, a laptop, and so on. Further, the system 105 is communicatively connected to the at least one user device 110, via a network 115.

[017] The user device 110 may include, but not limited to, a mobile phone, a tablet, a wrist watch, a wrist band, and so on. The user device 110 may comprise a processor (not shown), a memory (not shown), and a transceiver (not shown), capable of communicating with the system 105 and the access control devices 120 to perform various tasks.

[018] The access control devices 120 may indicate devices placed at access points such as gates, doors in a building to authenticate user devices 110. The access control devices 120 may a processor (not shown), a memory (not shown), and a transceiver (not shown), capable of communicating with the user device 110 to perform various tasks.

[019] In one example, the network 115 may be a wireless network, a wired network or a combination thereof. The network 115 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, and the like. The network 115 may either be a dedicated network or a shared network. The shared network represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), and the like, to communicate with one another. Further the network 115 may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, and the like.

[020] The system 105 comprises at least one processor 125, a memory 130 and an Input/output (I/O) Interface 135. The at least one first processor 125 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the at least one processor 125 is configured to fetch and execute computer-readable instructions stored in the memory 130.

[021] The memory 130 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.

[022] The I/O interface 135 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface 135 may allow the system 105 to interact with the at least one user device 110, and the two or more access control devices 120. The I/O interface 135 may facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or satellite. The first I/O interface 108 may include one or more ports for connecting a number of devices to one another.

[023] Referring to FIG. 2, a schematic architecture of the access control devices 120 placed in a building is shown, in accordance with one embodiment of the present disclosure. Each of the access control devices 120 may be placed at different entry points in the building. For example, the access control devices 120.1 may be placed at a first entry point EP1. The first entry point EP1 may indicate a main gate of the building. Further, the access control devices 120.2 may be placed at a second entry point EP2. The second entry point EP2 may indicate a main door of the building. Similarly, two or more access control devices 120 may be placed at several entry points in the building.

[024] It should be understood that each of the access control devices 120 are registered with the system 105. In order to register the access control devices 120, a unique identification and location of each of the access control devices 120 are provided to the system 105. Based on the details of the access control devices 120, the system 105 determines order of the access control devices 120 placed in the building. For example, the system 105 determines that the access control device 120.1 is placed at the first entry point EP1. Similar, the system 105 determines that the access control device 120.2 is placed at the second entry point EP2. Similar, the system 105 determines that the access control device 120.3 is placed at the third entry point EP3, e.g., a room in the building.

[025] To achieve seamless access, it is important that the control devices 120 are offline and not connected to system 105. To achieve this, offline authentication techniques are used and system 105 is setup to generate offline authentication token to user device 110. To achieve the seamless and secured access using user device 110, the system 105 is setup first as explained.

[026] The system 105 is initially configured with identity of each of the access control devices 120. Authentication methods use signature-based authentication using public key cryptography like RSA. Any signature-based algorithms like ECDSA can be used. The system 105 should be capable of generating an authentication token to any of the access control devices 120 where the token data is digitally signed by a private key which is securely stored in the memory 130 of the system 105.

[027] To achieve highest security of private key, it is required that these are stored in FIPS 140 compliant HSM modules which are attached externally to system 105. Also, the length of key at least 2048 bits and above. The corresponding public key that is used for verifying the signature is stored in control device 120 at the time of configuring the system.

[028] There are two types digital tokens that can used to generate and grant access to any premises i.e., a single token and a blockchain token. In single token method, a single private/public key is used for the entire building with multiple control devices. This means every access control device is programmed with same public key. When user/visitor needs access to for example to access control devices 120.1, 120.2, 120.n to reach his destination, the single token is programmed with the identities of all access control devices and the token is sent to user device 110 by the system 105.

[029] When the user device 110 comes in proximity to access control devices 120.1, 120.2, 120.3, the user device 110 will transmit the digital token to the access control device 120, which will intern validate the signature and also verify the identify. If one of the identities is matching, the access is granted by activating the output interface 135. Only drawback of this method is that user can skip control points 120.1 and 120.2 and still can get access at control point 120.3.

[030] The second token uses blockchain technique where every access control module is having
its own public and private key. The data format of the token for this method is shown below.

[031] In the blockchain technique, the system 105 uses the private key of control device 120.1 to digitally sign the first token. The public Key will be NULL and device identity will the identity of the access control device 120.1. This token is also encrypted using the public key of corresponding access control device. This token is first decrypted by the access control device 120.1, signature is validated, and identity is verified. It should be noted that the token will not work at the access control device 120.2 as the public key programmed in the access control device 120.2 is different. At the access control device 120.2, the system 105 generates a new token by automatically inserting the Public Key of the access control device 120.1, identity of control device 120.2. This token is encrypted using public key or private key of the access control device 120.2 and signed by private key of the access control device 120.1.

[032] The access control system 120.2 when it receives the token, first decrypts the data using the stored public key, extracts the public key from token and verifies the signature using the extracted public key. At the entry point 3, the access control device 120.3, new token is generated by the system 105 by inserting Public Key of previous access system, identity of current access system, encrypted by public key/private of current access system and signed by private key of previous access system. This continues till the last access gate is reached. This way it can be ensured that the user cannot skip any access path. Both type of access tokens can be used depending on requirement of specific building.

[033] In order to provide access to the user device 110, at first, the user device 110 may be registered with the system 105. In order to register, the user of the user device 110 may use an application or web application provided in the user device 110 to provide his details. For example, the user of the user device 110 may provide details such name, address, Phone number, name of the person or Unique identification of the person whom he wishes to visit in the building, time of the visit, purpose of the visit, duration of the visit and so on.

[034] After receiving the details, the system 105 may generate an authentication token and transmits the authentication token to the user device 110.

[035] When the user wishes to visit the person or a room in the building, the user may carry the user device 110 to the building. At first, the user may carry the user device 110 proximity to the access control device 120.1. The access control device 120.1 may communicate with the user device 110 using the network 115 e.g., using Bluetooth, NFC or Wi-Fi and so on. Upon establishing the connection, the user device 110 may transmit the authentication token as explained in previous paragraphs to the access control device 120.1. Upon receiving the authentication token key, the access control device 120.1, will authenticate the user device 110 as explained previously and then the access control device 120.1 allows the user device 110 through the first entry point EP1.

[036] When the user reaches proximity to the second entry point EP2, the user device 110 transmits the new authentication token to the access control device 120.2 indicating that the user device 110 has been authenticated at the access control device 120.1. Upon authentication and verification, the access control device 120.2 provides access to the user device 110.

[037] Similarly, when the user reaches proximity to the second entry point EP3, the user device 110 transmits the new authentication token to the access control device 120.3 indicating that the user device 110 has been authenticated at the access control device 120.2. Upon authentication and verification, the access control device 120.3 provides access to the user device 110.

[038] It is evident from above that the access control device 120.2 gave access upon validating that the user device 110 passed through the access control device 120.1. Similarly, the access control device 120.3 gave access upon validating that the user device 110 passed through the access control device 120.2 thereby ensuring that secure access is provided to the user of the user device 110.

[039] The above process is repeated for more than three entry points. Further, above process can be configured to provide access to users in a multi-layered fashion.

[040] Furthermore, the present disclosure may also be employed in tollgate system. In the tollgate system, each tool-gate may be considered as the entry-point, as explained above. The user must pass each tollgate on the way to access subsequent tollgate.

[041] In order to ensure the access is highly secured, multiple tokens may be utilized where public key of one signed token is hidden in another token etc. This can continue as a chain with minimum chain being 2.

[042] Referring to FIG. 3, a method 200 of providing secure access to a user device is shown in accordance with one embodiment of the present disclosure. The method 200 may be described in the general context of computer executable instructions. Generally, computer executable instructions may include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The method 200 may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.

[043] The order in which the method 200 is described and is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method 200 or alternate methods. Additionally, individual blocks may be deleted from the method 200 without departing from the spirit and scope of the disclosure described herein. Furthermore, the method may be implemented in any suitable hardware, software, firmware, or combination thereof. However, for ease of explanation, in the embodiments described below, the method 200 may be implemented in the above-described system 105.

[044] At step 205, a user device 110 is identified in proximity to an access control device at a first entry point.

[045] At step 210, the access control device verifies the signature receiving as part of authentication token using the public key stored in the device. If the signature verification is successful, then the method 200 proceeds to step 215. Else, the method 200 ends at step 220.

[046] At step 215, the access control device verifies the identity receiving along with the authentication token and compares with stored identity of the access control device. If identification check is successful, then the method 200 proceeds to step 225. Else, the method ends at step 230.

[047] At step 225, the access control device provides access to the first entry point.

[048] At step 235, the second access control device at the second entry point receives the authentication token from user device 110 and verifies the signature either using stored public key or by extracting the public key from the token. It also verifies the identity of the access control device. If these checks are passed then the method proceeds to step 245. Else, the method ends at the step 240.

[049] At step 245, the access control device at the second entry point provides access to the second entry point.

[050] At step 250, the third access control device at the third entry point receives the authentication token from user device 110 and verifies the signature either using stored public key or by extracting the public key from the token. It also verifies the identity of the access control device. If these checks are passed, then the method proceeds to step 255. Else, the method ends at the step 260.

[051] At 255, the access control device at the third entry point provides access to the third entry point.

[052] At step 265, the method 200 ends.

[053] Based on the above disclosure, secure access may be provided to visitors in a building or to the employees. In other words, restricted access can be provided to the users of the building. Further, the present disclosure allows reducing the cost of employing so many security personnel to check the authenticity of the people movement in the building. Further, the access control pass is given to the user device; as such additional equipment the access control mechanism is not required.

[054] Further, the features of the present disclosure can be implemented in a tollgate system. In the tollgate system, each toll-gate may be considered as the entry-point, as explained above. The user must pass each tollgate on the way to access subsequent tollgate. Further, in order to ensure the access is highly secured, multiple tokens may be utilized where public key of one signed token is hidden in another token etc. This can continue as a chain with minimum chain being 2.

[055] Although the above examples are provided for illustration purpose, one skilled in the art will appreciate use of present disclosure to provide secure access in other applications.

[056] Although embodiments of a method of providing secure access have been described in a language specific to features and/or methods, it is to be understood that the description is not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as examples of implementations of the providing secure access.

Documents

Application Documents

# Name Date
1 201841034609-STATEMENT OF UNDERTAKING (FORM 3) [13-09-2018(online)].pdf 2018-09-13
2 201841034609-REQUEST FOR EXAMINATION (FORM-18) [13-09-2018(online)].pdf 2018-09-13
3 201841034609-POWER OF AUTHORITY [13-09-2018(online)].pdf 2018-09-13
4 201841034609-OTHERS [13-09-2018(online)].pdf 2018-09-13
5 201841034609-FORM FOR STARTUP [13-09-2018(online)].pdf 2018-09-13
6 201841034609-FORM FOR SMALL ENTITY(FORM-28) [13-09-2018(online)].pdf 2018-09-13
7 201841034609-FORM 18 [13-09-2018(online)].pdf 2018-09-13
8 201841034609-FORM 1 [13-09-2018(online)].pdf 2018-09-13
9 201841034609-EVIDENCE FOR REGISTRATION UNDER SSI(FORM-28) [13-09-2018(online)].pdf 2018-09-13
10 201841034609-DRAWINGS [13-09-2018(online)].pdf 2018-09-13
11 201841034609-DECLARATION OF INVENTORSHIP (FORM 5) [13-09-2018(online)].pdf 2018-09-13
12 201841034609-COMPLETE SPECIFICATION [13-09-2018(online)].pdf 2018-09-13
13 201841034609-Proof of Right (MANDATORY) [24-09-2018(online)].pdf 2018-09-24
14 Others_Form1_27-09-2018.pdf 2018-09-27
15 Correspondence by Applicant_DIPP Certificate_27-09-2018.pdf 2018-09-27
16 Form26_Power of Attorney_29-11-2018.pdf 2018-11-29
17 Correspondence by Applicant_Startup Invoice_30-11-2018.pdf 2018-11-30
18 201841034609-Proof of Right (MANDATORY) [03-01-2019(online)].pdf 2019-01-03
19 201841034609-Response to office action [25-08-2021(online)].pdf 2021-08-25
20 201841034609-RELEVANT DOCUMENTS [25-08-2021(online)].pdf 2021-08-25
21 201841034609-POA [25-08-2021(online)].pdf 2021-08-25
22 201841034609-FORM-26 [25-08-2021(online)].pdf 2021-08-25
23 201841034609-FORM 13 [25-08-2021(online)].pdf 2021-08-25
24 201841034609-AMENDED DOCUMENTS [25-08-2021(online)].pdf 2021-08-25
25 201841034609-FER.pdf 2021-10-17

Search Strategy

1 2021-02-1616-42-35E_17-02-2021.pdf