FI123800B - Execution of a predetermined operation in a wireless access control system - Google Patents

Description

PERFORMANCE OF A PRE-SPECIFIED MEASURE IN A CORDLESS ACCESS CONTROL SYSTEM

The invention relates to a method for performing a predefined step 5 in a system. One embodiment of the invention relates particularly to access control and the use of Bluetooth technology in connection with access control.

Access control systems are based on the use of credentials. The identification data is traditionally stored in the memory of the access card, whereby the information stored in the memory can be read by a separate reader, for example a magnetic stripe reader. Alternatively, for example, RFID (Radio Frequency IDentifration) technology may be used. The information read from the card can be used to control the door locking mechanism.

One of the problems with traditional access control is that it always requires a separate terminal device specifically created for this purpose, such as a magnetic stripe card containing an identifier, an RFID card containing a memory, or other access card.

Another problem is that the range of traditional passive cards is limited from a few centimeters to a few tens of centimeters. Even with the latest and very expensive technologies so far, passive cards and their co-readers cannot reach a reading distance of a few meters. On the other hand, the desirability of using active or power supply cards is reduced by the space requirement of the 25 power supply, which makes the card impractical, o g Patent application GB 2 364 202 A discloses a solution in which a mobile phone c \ j is used as a access control device. In the solution, the cellular telephone connects to the server and receives an electronic key to unlock the lock (e.g., a door lock for a hotel room of 30 rooms). The mobile phone then establishes a connection with the lock control device and sends the received key to the device. If the key is 2 valid, the device will unlock. In an alternative embodiment of the solution disclosed in GB 2 364 202 A, a PIN (Personal Identification Number) is required to unlock the lock, which is requested from the mobile phone user.

5

GB 2 364 202 A mentions that communication between a mobile phone and a server and communication with a mobile phone and a lock control device can be effected by Bluetooth technology.

10 Bluetooth technology is a short-range wireless communication technology that uses a licensed 2.4 GHz radio frequency band. When using Bluetooth technology in access control as disclosed in GB 2 364 202 A, the access control system can be extended in operating range compared to conventional systems. A further advantage of the solution disclosed in GB-A-2 364 202 A brochure-15 is that when using a Bluetooth-enabled mobile phone instead of a access card, a separate access card is not even required.

However, in the solution disclosed in GB 2 364 202 A, the problem 20 is that the mobile phone user first has to connect to the server to obtain the key with his mobile phone and then to the device controlling the lock. Thereafter, in an alternative embodiment of the invention, he still has to enter the PIN. Thus, the solution is not completely effortless for its user.

According to a first aspect of the present invention, a process is carried out a method for performing a predetermined operation in a system, such as a access control system, in which a base station belonging to the system monitors incoming wireless terminals within its area by transmitting them via short-range radio frequency identification techniques and wireless terminals; 3 performing a device identification in the system, identifying, based on the identification information provided by the wireless terminal, the wireless terminal entering the area of the base station as a system terminal; requesting a special trusted relationship establishment procedure using the user ID code in said identified wireless terminal and establishing a special trusted relationship between the base station and the identified wireless terminal, whereby the terminal (100) is identified as a system-identified terminal and correct, and performing a procedure associated with the identification of said wireless terminal device, predefined in the system, such as unlocking the door; and dissolving said trusted relationship by a special trusted relationship formation procedure after performing said operation.

In embodiments of the invention, wireless access devices equipped with Bluetooth capability can be used to control access to space controlled by a company, community, etc., whereby a separate means of authentication, such as a passcode, is not required. Embodiments of the invention may be used for access control in premises requiring supervision and for the transmission of information associated with access 20 between the terminal and the access control device.

According to one embodiment, information may be transmitted from the rigid system to the terminal or main terminal to the system, which may be associated with access rights, destination, user ID, time and / or other information that may be relevant to the user or system supervisor. Thus, access control can be incorporated as part of larger rigid system assemblies that need the two-way communication of information. What information is transferred can be determined in advance by the cvj in the system database.

In one embodiment of the invention, a so-called. The MAC address and the trust between the base station and the terminal are confirmed by the base station and terminal PINs.

Short range refers to a range that is typically substantially shorter than the typical range of a cellular network connection. Typically, the maximum range that can be achieved with Blue-5 tooth technology is from about ten meters to a few hundred meters, depending on the transmit power used. By wireless, the terminal means that it is capable of communicating wirelessly. Trusted relationship, on the other hand, refers to a relationship between devices where they are labeled as trusted devices to each other.

10

In one embodiment of the invention, based on the identification information obtained from the terminal via short-range radio link, identification information such as access rights, access rights and / or service / service access rights are accessed from the system database, and operations such as door lock control 15 are performed. The measures may be site-specific in nature.

According to another aspect of the invention, the wireless terminal is implemented in accordance with claim 13.

20

According to a third aspect of the invention, a base station is implemented according to claim 14, co

According to a fourth aspect of the invention, a computer program product executable at a base station i cp 25 is implemented according to claim 15, and according to a fifth aspect of the invention the system is implemented according to claim 16.

C \ 1

C/O

0 CO

1 30

Similarly, a wireless terminal, a base station, a computer software product and a system can be implemented.

The dependent claims relate to embodiments of the invention. The contents of the dependent claims relating to one aspect of the invention are applicable to other aspects of the invention.

The invention will now be described in more detail by way of example with reference to the accompanying drawings, in which: Figure 1 illustrates a system according to an embodiment of the invention in which the wireless terminal is used for access control; Figure 2 illustrates message exchange in one embodiment of the invention; Figure 3 illustrates an arrangement according to an embodiment of the invention for performing a predefined operation in a system; Figure 4 shows an arrangement according to an embodiment of the invention with respect to a company having multiple locations; Figure 5 shows a terminal suitable for implementing an embodiment of the invention; and co w Fig. 6 shows an input 25 suitable for implementing an embodiment of the invention.

o | For the sake of clarity, the invention will now be described, in particular, by means of Bluetooth and IP (Internet Protocol) technologies, without, however, limiting the scope of the invention to these technologies alone.

§ 30

Figure 1 illustrates a system according to an embodiment of the invention. According to this 6 embodiment, access control utilizes a Bluetooth base station 200 located near the door 250 through which the owner (or terminal) of the Bluetooth wireless terminal 100 is identified and the door 250 is unlocked. The fact that the Bluetooth base station 200 and the door 250 are surrounded by a cat-5 duct line in FIG.

Door 250 can be, for example, the exterior door of a business unit. The Bluetooth terminal 100 may be any wireless terminal 10 having Bluetooth capability, such as a PDA or a cellular network mobile station.

The identification information of each system identifiable terminal 100, such as a unique Bluetooth device identifier (BDADDR or MAC address or the like), and a terminal-specific PIN are pre-stored on the authentication server 300 (e.g., AAA server (Authentication Server) , Authorization and Accounting)) to database 400. Database 400 also contains information on the action to be taken after authentication, in this case unlocking the door 250.

The system Bluetooth base station, or Bluetooth enabled base station 200, monitors incoming Bluetooth terminals 100 in its area. It transmits polls in a dense, predetermined cycle to identify them. Figure 2 shows an exchange of messages in an embodiment of the invention. Accordingly, messages sent by base station 200 may be INQUIRY messages 121 as defined by Bluetooth 25 standard.

The Bluetooth terminal 100 taken 2 responds to the INQUIRY message INQUIRY

ϊ with the RESPONSE message 122. In this message, the Bluetooth terminal 100 includes its cvj device identifier (BDADDR).

C/O

o

C/O

The access point 200 asks the access server 300 whether the terminal having the device ID in question is included in the system. The license server 300 checks this out of 7 databases 400. If no device ID is found in database 400, the terminal is not covered by the system and no action is taken. Here, the system identifies the desired terminals and carries out an ID code query only for them, whereby the user of a non-system terminal does not even become aware of the existence or purpose of the rigid system. If the device ID is found in the database 400, the operation defined in the database 400 as a post-authentication operation is performed, i.e., in this case unlocking the door 250 (i.e., if device 100 is found in the authorized device database 400 of access server 300, base station 200 in). However, in this embodiment, the operation is not performed on the basis of device identification alone, but for security reasons, the user of the Bluetooth terminal 100 is still asked for a separate passcode (PIN) before unlocking the door 250. The PIN code request utilizes the special trusted relationship established by Bluetooth standards, which results in a special trusted relationship between two Bluetooth devices.

Establishing a relationship of trust is known per se to those skilled in the art. It uses both a Bluetooth-specific terminal-specific PIN and a Bluetooth-based base station 200-specific PIN. The terminal 100 and the tu-20 kiosk 200 ask each other for their own PIN. In the present embodiment, the Bluetooth base station 200, based on the device ID, retrieves the PIN of the Bluetooth terminal 100 in question from the access server 300, co, whose database 400 contains the correspondences between the system identifiers and the ° PINs, and then delivers the io 25 100 PINs for the terminal, en | The Bluetooth base station 200 initiates, by means of an initial message, such as a PAGE message, a trusted connection setup procedure and requests from the Bluetooth terminal 100 a trusted Bluetooth access point 200 PIN. The Bluetooth co-o 30 terminal 100 asks the user to enter this code.

In the PAGE message, the base station 200 may, if desired, set itself as the host of the Bluetooth pico network formed by the base station 200 and the terminal 100. The terminal 100 responds to the PAGE message with a PAGE RESPONSE message, whereby the user-entered base station PIN is transmitted to the base station 200. If the user-entered PIN-5 code is correct, a trusted relationship is established between the Bluetooth base station 200 and the Bluetooth terminal 100. 400 defined action, in this case unlocking the door 250. After the operation, the trust relationship is dissolved. For example, the trusted relationship may be decoded from the base station 200 by the LMP_DETACH -10 message 123 to be sent to the terminal 100 (Figure 2).

Above, it was proposed to unlock the door 250 as a measure to be performed after the device identification and the ID code query. In alternative embodiments of the invention, in addition to or instead of unlocking the door, some other operation may be performed which may be site-specific in nature. In this connection, reference will now be made to Figure 3, which shows an arrangement according to an embodiment of the invention in a system for performing a predefined operation. The arrangement shown in Figure 3 is particularly suited to an enterprise that requires, in addition to access control, information on the arrival of an employee to the company's other systems and / or the need to transfer information from the company's systems to the employee's mobile terminal upon arrival. in addition to the units / elements, the information system 500 of the company 25 includes, for example, a telephone exchange 521, a location information system 522, a time tracking system 523, and an email and calendar system 524. Said systems 521-524 are interconnected via an information system c1,500. The access server 300 is connected to the enterprise information system o 500 via system interface 510, o o 30 c \ j

In the embodiment shown in Fig. 3, the procedure is essentially the same as in the embodiments illustrated in Figs. 1 and 2. The access server 300 database 400 contains pre-entered information on the actions to be taken after the Bluetooth terminal 100 is recognized. In this case, the actions may include, instead of unlocking or unlocking the door 250, transferring useful information 5 from one or more systems 521-524 to Bluetooth terminal 100 and / or transferring useful information from Bluetooth terminal 100 to one or more systems 521-524. Alternatively, or additionally, the actions may include transmitting information that the employee (or user) has entered the building from the Bluetooth base station 200 (or the access server 300, provided the base station 200 has communicated to the access server 300 that the user has entered the correct PIN ) for a number of other systems 521-524. Useful information herein refers to information (or data) useful to the user as distinct from system control or signaling information.

Thus, if the Bluetooth terminal 100 of the access terminal 200 is located in the access terminal 300 database 400 and the user enters the correct PIN to confirm the trusted relationship, the steps specified in the database 400 are performed, for example: 20 - transmitting from access point 200 the user has provided the correct PIN, and is forwarded from the access server 300 via system interface 510 to the information system 500 upon entry of the user (or employee terminal 100) into the area. Then, in information system 500, this information can be exported to telephone exchange 521 (or i cp 25 for accessibility service (not shown)), geographic information system 522, time tracking system 523, and email and calendar system £ 524 to update these systems with information that the user has access. subsided; 00 o - Unlocking the door 250 (Access server 300 can either directly control the door 250 locking mechanism or be connected to a system containing the door unlock mechanism functionality (not shown)) 10 - Perform synchronization operations between the terminal 100 and the system: synchronizing at the terminal 100 e-mail and cadence information with system 524 e-mail and calendar information (typically a two-way communication between terminal 100 and information system 500); - transmitting information from the information system 500 to the terminal 100, which then informs the user. For example, if a building has a device room, the device room status information such as temperature, air humidity, device 10 alarm, etc. in GIS 522 can be transmitted to the user (or installer).

The Bluetooth access point 200 can serve as a wireless local area network (WLAN) access point. After the authentication, it can automatically (without user intervention) input data to the terminal 100. The identification information can also be used for the identification procedure at the information system level, after which the data can be transmitted to the terminal / terminal 100 also through other network interfaces of the base station 200.

Although arrows between base station 200 and information system 20,500 are not shown in Figures 1 and 3, this does not mean that information cannot be transferred between Bluetooth terminal 100 and information system 500 without passing through access server 300, but that base station 200 may be directly connected to information system -to 500, for example, through a LAN connection or the like.

δ

CVJ

o 25 The IP protocol can be used for communication between different systems. Terminals-? Between the network 100 and the base station 200, IP traffic can be implemented over Bluetooth protocols.

The trusted relationship between the Bluetooth base station 200 and the Bluetooth terminal 100 (about 30 blades) may be decomposed based on a predetermined maximum validity period on the base station 200 and / or based on the fulfillment of a predetermined condition. Said condition may be the termination of a desired event (or location dependent operation), such as data transfer from system to terminal, from terminal to system, or between terminal and external application. When the trusted relationship is unblocked in response to the completion of the location dependent operation, the PIN can be queried the next time it arrives.

Thus, the credit relationship between the base station and the wireless terminal can be temporarily established and automatically discharged (without user intervention), thus freeing up space for potential new users. Typically, base station 10 can have trusted relationships only a limited number at a time. The credit relationship between the base station and the wireless terminal can be recreated, for example, by leaving the Bluetooth base station within range of the terminal and re-entering the range.

In one embodiment of the invention, the trusted relationship is defined to be created at the earliest after the desired minimum time (the minimum time depends on the implementation, it may be, for example, a few minutes or hours). This is done by temporarily setting the identity of the terminal 100 in question in the database 400 of the access server 300 temporarily "untrusted". In this way, inappropriate trust relationship creation and associated PIN code queries can be prevented immediately after the previous trust relationship has been created and decommissioned.

In summary, some of the above embodiments may be carried out in the following steps: o 25 T - base station 200 detects Bluetooth device 100; £ - identification of the Bluetooth device 100 is found in system database 400; cm - Base Station 200 suggests a temporary credit to the Bluetooth device 100

CM

00 o Create by asking your Bluetooth device for 100 access point PINs; o o 30 - Bluetooth device 100 returns the correct PIN code; - recovering from the database 400 the accesses and services 12 associated with the identification data of the Bluetooth device 100 to the access server 300, such as the AAA server, and, if necessary, to a separate server performing the provided operations such as unlocking the door 250; - forwarding information related to the arrival of the Bluetooth terminal 100 via the system interface 510 to other systems 500, 521-524, for example for data updating purposes; transmitting other information from systems 500, 521-524 to Bluetooth terminal 100, or from Bluetooth terminal 100 to systems 500, 521-524, for example for synchronization purposes; and 10 - releasing the trusted relationship between the base station 200 and the Bluetooth terminal 100.

It has been stated above that, when establishing a trusted relationship, the user of the Bluetooth terminal 100 becomes aware of the PIN of the Bluetooth base station 200 of the base station. PIN 15 is the same regardless of the user. In this case, the security of the system is thus based on the identification (BD_ADDR) of the Bluetooth terminal 100 and the knowledge of the base station PIN. As discussed above, the active party in the system is a base station 200 that automatically identifies the terminal 100. When a user has his or her terminal, he or she need only enter the PIN of the base station 20 when prompted by the terminal. Thus, the method can be considered quite easy to use from the user's point of view.

In an alternative embodiment of the invention, security can be improved by extending the establishment of a trusted relationship by providing each user with an access point PIN 400 in the access server database 400 which the user must know. In other words, in this embodiment, the PIN of the base station varies depending on the user. The user is asked for the base station PIN cm and if the user enters the correct code, a trusted relationship is established between the Bluetooth base station 200 and the Bluetooth o tooth terminal 100 and the above operation defined in the base 400 of the data base 30 is performed. In this embodiment, it is possible to change a single user regarding the base station PIN without affecting the other users.

Figure 4 illustrates an arrangement according to an embodiment of the invention suitable for access control and for performing the above operations, particularly in a company having multiple locations.

The premises of company headquarters 710 will have the required number of doors 250 and each of its own Bluetooth base station 200, the operation of which will be described in connection with the above embodiments. The access server 300 (AAA server) connected to the head office wired or wireless LAN 10 acts as an authentication server for all offices throughout the company. The same server can also serve as an authentication server for other enterprise systems (not shown in Figure 4).

The company has another branch office 720 that has a fixed data connection through the company 15's intranet 700 (or WAN (Wide Area Network)). The Bluetooth base station 201 at the branch office operates in a manner similar to the base station 200 in the above embodiments. Now, a request is made from the server 300 to determine whether the terminal 100 detected by the base station is included in the system through the interfaces 700 of the intranet. The location-specific operation performed 20 may include, for example, unlocking the door 250a.

Third branch office 730 (this may be a remote office) does not have a fixed co data interface. Connections to this branch office 730 and other corporate networks are done wirelessly. The request from the server 300 whether the terminal 100 detected by the base station 202 is part of the system is made through a cellular network connection such as GSM data or GPRS. The location-specific action to be performed may be, for example, unlocking the door 250b.

Figure 5 shows a simplified block diagram of a batch of wireless terminal 100 suitable for implementing embodiments of the invention. Such a terminal device may be any device comprising means for communicating with base station 200 by short-range radio frequency technology, such as a mobile station, a smartphone, a handheld computer or a laptop computer. The wireless terminal 100 of Figure 5 comprises a processing unit 101, a user interface 102, and a Blue-tooth transceiver 103. The Bluetooth transceiver 103 and the user interface UI are coupled to the processing unit 101. The user interface UI comprises a display and keyboard (not shown). wireless terminal 101. Additionally, wireless terminal 100 may comprise, for example, a separate radio frequency portion for performing cellular network functions.

The processing unit 101 comprises a processor (not shown) and a memory 104. A software is stored in the process by which the processor controls the operation of the wireless terminal 100, such as using Bluetooth transceiver 103, displaying information on the UI display 102 and reading UI keypad input. The software is constructed from a plurality of program codes, which may be packaged in a single computer program block or in different blocks of a single computer program, or may be part of a larger software package.

The INQUIRY message sent from the base station 102 is received via the Bluetooth transceiver 103 to a processing unit which, based on the Bluetooth protocol stack implemented in memory 104, generates an INQUIRYRESPONSE message sent to the base station via the Bluetooth transceiver 103. and the user-typed code is received through the keypad of the access terminal 25, en g The terminal 100 may also comprise an IP protocol stack for IP-based operations (or services). The terminal may comprise its own Java software or user interface for accessing or displaying information provided by the 00 o network (or system).

15

In the embodiments of the invention, the functionality of the system disclosed can be achieved by a programmable base station and its software. FIG. 6 is a simplified block diagram of a base station 200 suitable for implementing embodiments of the invention. The base station of Figure 6 can serve as both a Blue-5 tooth base station and a wireless LAN base station. The base station 200 comprises a processing unit 201, a Bluetooth transceiver 203, a WLAN transceiver 206, and an IP interface 207. The Bluetooth transceiver 203, the WLAN transceiver 206, and the IP interface 207 are coupled to the processing unit 201.

10

The processing unit 201 comprises a data processing processor (not shown) and a memory 204. The software stores the data processing processor to control the operation of the base station 200, such as the use of a Bluetooth transceiver 203, a WLAN transceiver 206 and an IP interface 207. The software is constructed from a plurality of program codes that may be packaged into a single computer program block or into different blocks of a single computer program, or may be part of a larger software package.

The INQUIRY messages to be sent to the Bluetooth terminals 100 are formed on the basis of the Bluetooth protocol stack implemented in the memory 204 in the processing unit 201 and transmitted via the Bluetooth transceiver 203. The INQUIRY RESPONSE messages in response from the Bluetooth terminals 100 are received via the Blue-tooth transceiver 203 to the processing unit 201. The processing unit 201 forms requests for terminal information based on the terminal identities to be sent to the access server 300 via the IP interface 207. The processing unit 203 also initiates the establishment of a trusted relationship with the code request queries g and instructs the access server 300 to perform the location-specific actions defined in the database 400. The data transmission to the terminal 100 and the terminal 100 may be implemented by IP technology via a Bluetooth transceiver 203 and / or a WLAN transceiver 206. If a WLAN connection is used, the terminal must also have a WLAN transceiver (not shown in Figure 5).

16

When the location-specific actions have been performed and / or the trusted relationship maximum validity period has expired, the processing unit 203 generates a trusted relationship decryption message (e.g., LMPDETACH) which is transmitted to the terminal 100 via the Bluetooth transceiver 203. Information that location-based operations have been performed can be brought to the base station via IP interface 207, either directly from information system 500 or through access server 300.

The arrangement according to embodiments of the invention enables the use of a wireless terminal 10, such as a mobile phone, in access control so that the wireless terminal can also be used to send and receive information from an access control system or other system.

The arrangement enables tracking of those passing through the base station area based on the query messages. The arrangement supports wireless LAN coverage and includes capabilities for IP-based services. The terminals can be used for example. Run special Java based software.

This description illustrates embodiments and embodiments of the invention by way of examples. It will be apparent to one skilled in the art that the invention is not limited to the details of the above embodiments, and that the invention may be embodied in another form without departing from the features of the invention. Instead of Bluetooth, other short-range wireless communication methods can be used, such as i cp 25 different PAN technologies (Personal Area Networks), WLAN technology, HIPERLAN 2 or Home RF technology.

X

cc

CL

CVJ The embodiments shown should be considered as illustrative but not limiting. The scope of the invention is limited and limited only by the appended claims. Thus, the various embodiments of the invention as defined by the claims, including equivalent embodiments, are within the scope of the invention.

Claims (17)

A method of an access control system for performing a predetermined operation, in which method a base station (200) associated with the system monitors wireless terminal devices (100) arriving in its area by transmitting them with short-frequency radio frequency technology and the wireless terminal devices (100) respond to the inquiries by providing their identification information to the base station (200), and in which method a device recognition is performed in the system, on the basis of which the identification information specified by the wireless terminal device (100) is recognized. arrives in the base station (200) of the base station (200) as a terminal device of the system; The user is requested a recognition code in said recognized treeless terminal device (100) by a sparse elite method of forming a reliable relationship and a particularly reliable relationship is formed between the base station (200) and the recognized treeless terminal device (100) in which they are marked as reliable devices. for each other if the terminal device (100) has been recognized as a terminal device belonging to the system and if the user-entered recognition code is correct, and a corresponding identification device connected to the wireless terminal device (100) is executed which has been determined in advance in the system, such as reading a door (250), wherein the method further dissolves in cp 25 said reliable relationship formed by the "special procedure for forming a reliable relationship after | the execution of said measure. C \ J CM o The method of claim 1, wherein said pre-determined action in the system is one of the following pass-through checks including, for example, controlling a door reading, 24 such as reading or reading a door (250) reading mechanism; updating the system, or systems associated therewith, such as a telephone exchange (521), an accessibility service, an email system (524), a calendar system (524) or a working time control system (523), with the task of the user or terminal device (100) arrived; transmitting utility data between the system, or a system associated therewith (524), and the wireless terminal device (100), for example, for synchronizing email or calendar data. 10 The method of claim 1, wherein the user of the wireless terminal device (100) requests a recognition code for the base station (200). The method of claim 1, wherein the base station (200) is the party taking the initiative, wherein the process for identifying the wireless terminal device (100) is initiated by the base station (200). The method according to claim 1, wherein the reliable relationship is resolved in response to said act on said dressing having been performed. The method of claim 1, wherein the reliable co ratio is dissolved in response to a time-bound condition being fulfilled. δ c \ j in cp 25 The method of claim 1, wherein the resolution of the reliable "ratio is effected by means of a resolution message (123) transmitted | from the base station (200) to the wireless terminal device (100). C \ J c \ j o The method of claim 1, wherein the rights of use of the user of the wireless terminal device are controlled in a database (400) in a usage rights server (300). 25 The method of claim 1, wherein said inquiries comprise request messages from the base station (200), such as an INQUIRY message (121) according to the Bluetooth technology to which the wireless terminal device (100) responds with a response message (122) by to enter their device code. The method of claim 1, wherein a minimum time is set such that between this base station (200) and the tree-less terminal device (100) during this time a new reliable relationship cannot be formed. A method as claimed in any preceding claim, using a Bluetooth protocol or some other short-range wireless radio frequency protocol in communication between the base station (200) and the wireless terminal device (100). A method according to any of the preceding claims, in which communication with packet switching technology is communicated, such as by means of an Internet protocol (IP) connection between the base station (200) and the other part of the system. 20 A wireless terminal device comprising means (101, 103) for transmitting co-identification information to a base station (200) associated with a short access control system in response to an inquiry from the base station by means of a short-range radio technique, in order to carry out a device recognition at the system. which recognizes "the wireless terminal device (100) as a terminal device of | the system, and which wireless terminal device (100) comprises cvj means (101, 103) for requesting the user of the wireless terminal device (100) a recognition code by a particular method for forming a reliable relationship, and means for forming a particular device. reliable relationship between the 26 base station (200) and the recognized treeless terminal device (100) in which they are marked as reliable devices for each other if the terminal device (100) has been recognized as a terminal device belonging to the system and if the user input code 5 is correct, and which the wireless terminal device in question is configured to interact with the base station so that an identification information associated with the wireless terminal device (100) is performed, which has been determined in advance in the system, such as readout of a drone (250), and that said reliable condition nd formed by the special process 10 for forming a reliable relationship is dissolved after the execution of said measure. A base station of an access control system configured to act on wireless terminal devices (100) arriving in its area by transmitting inquiries to them with short-range radio frequency technology, the wireless terminal devices (100) responding to these requests providing its identification information to the base station (200), and which base station (200) comprises means (207) for performing a device recognition at which the wireless terminal device (100) is recognized as a terminal device belonging to the system on the basis of the identification information specified by the terminal device; co means (201, 203) for carrying out a particular method of forming a reliable relationship at which a recognition code is requested in said untrusted terminal device (100) and a particularly reliable "relationship is established between the base station (200) and the recognized wireless the terminal device (100) in which they are marked as reliable devices c for each other if the terminal device (100) has been recognized as a terminal device belonging to the system and if the user-entered code 30 is correct; means for carrying out a recognition information connected to said terminal terminal device 27 (100) and a predetermined operation in the system, such as reading a door (250); and means (101, 103) for dissolving the reliable relationship formed by said particular method of forming a reliable relationship after the performance of said action. A computer program product executable in a base station belonging to an access control system, which base station (200) monitors wireless terminal devices (100) arriving in its area by transmitting inquiries to them with short-range radio frequency technology, and the wireless terminal devices ( 100) responds to the prefixes by providing its identification information to the base station (200) so as to be able, on the basis of this identification information, to perform a device recognition at which is recognized a terminal device of the system, which computer program product comprises a program code (205) for a method for forming a particularly reliable relationship at which a recognition code is requested in said treeless terminal device (100) and a particularly reliable relationship is formed between the base station (200) and the recognized treeless terminal device (100) at which they are marked as reliable devices for each other if the terminal device (100) has been recognized as a terminal device of the system and if the user-entered co-recognition code is correct, and which program code causes the base station to from a database (400) in the system on the basis of the wireless terminal device (100) in the system. cp identification information retrieve an identification code, such as a PIN code, CO 1 for the wireless terminal device, to form the g reliable relationship to be formed between the base station and the wireless c terminal device, and a program code for executing one with the relevant wireless device identification information (100) connected to the system and predetermined operation, such as reading a door (250), and which 28 computer program product comprises a program code (205) for resolving the reliable relationship formed by said particular method form of a reliable relationship after the execution of said measure. 5 A access control system for performing a predetermined operation in the system, which system includes a base station (200) for observing tree-less terminal devices (100) arriving in its area by sending requests to them with short-range radio frequency technology , wherein the wireless terminal devices (100) respond to these requests by providing their identification information to the system, which system includes means (207) for performing device recognition at which the wireless terminal device (100) is recognized as a terminal device belonging to the system on the basis of the identification information provided by the terminal device; means (201, 203) for carrying out a special method of forming a reliable relationship at which a recognition code is requested in said treeless terminal device (100) and a particularly reliable relationship is formed between the base station (200) and the recognized treeless terminal device (100). in which they are marked as reliable devices for each other if the terminal device (100) has been recognized as a terminal device belonging to the system and if the user-entered co-recognition code is correct; means for carrying out an identification information connected to the said wireless terminal device such as (100) and in the system predetermined> action, such as reading a door (250); and | means (101, 103) for dissolving the reliable ratio formed by the particular method of forming a reliable ratio 0o after the execution of said measure. Il 30 29 The access control system according to claim 16, wherein said pre-determined operation is one of the following access control control including, for example, controlling a door reading, such as reading or reading a door's reading mechanism (250); Updating the system or associated systems, such as a telephone exchange (521), an accessibility service, an email system (524), a calendar system (524) or a working time control system (523), with the information that the user or terminal device (100) has arrived ; transmitting utility data between the system or a system associated therewith (524) and the wireless terminal device (100), for example, for synchronizing email or calendar data. co δ c \ j i co o CO X cc CL CVJ CVJ CO o CO o o CVJ