WO2024068034A1 - Controlled perimeter security - Google Patents

Abstract

Provided is an apparatus configured to provide a video doorbell function, comprising: at least one sensor; a video camera; at least one processor; at least one memory; wherein the at least one sensor is configured to generate an actuation signal upon actuation by a user of the video doorbell function; wherein, upon receiving the actuation signal, the at least one processor is configured to enable the video camera and obtain at least one image and/or video segment of the field of view proximate to the video doorbell; wherein the at least one processor is further configured to process the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal, and if at least one threat factor is identified based on the processing, generating an alarm token for at least one of: a central unit (208) of a controlled perimeter security system (201); a remote monitoring service (210); a wireless transmit receive unit (mobile device) contacted for processing a doorbell actuation. A corresponding method is also provided.

Description

CONTROLLED PERIMETER SECURITY

Technical Field

The disclosure relates to a video doorbell of a controlled perimeter security system, a controlled perimeter security system including such a video doorbell, corresponding methods, to various computer implemented methods performed in a controlled perimeter security system comprising a plurality of nodes, node apparatus for use in a controlled perimeter security system, central units for use in a controlled perimeter security system, controlled perimeter security systems, and an associated computer program elements and computer readable mediums.

Perimeter security installations that are, or include, security monitoring systems for monitoring premises, often referred to as alarm systems, typically provide a means for detecting the presence and/or actions of people at and around a perimeter of the premises. Such security systems react to events that are detected by sensor nodes connected to the system.

Commonly such systems include sensors to detect the opening and closing of doors and windows to provide a secure perimeter to the premises, thus creating one or more protected spaces. Motion detectors monitor spaces (both within and outside the controlled building) for signs of movement. Microphones are used to detect sounds such as breaking glass. Image sensors can capture still images, or videos, of monitored zones. In some variations, these security systems are self-contained, or partially autonomous. Alarm indicators such as sirens and flashing lights are activated in the event of an alarm condition being detected. Such installations typically include a central control unit (which may also be termed a central unit, CU). The CU is generally mains powered, and is communicably coupled to the sensors, detectors, cameras, etc. (“nodes”) of the perimeter security system. The CU processes notifications received from the various nodes, and determines a response.

The CU is communicably coupled to the nodes by wired or wireless means. Wireless connections facilitate installation, and may also provide some safeguards against sensors/detectors effectively being disabled by disconnecting them from the CU. Similarly, for ease of installation and to improve security, the nodes of such systems typically include an autonomous power source, such as a battery power supply, as a replacement or at least a backup to mains power. As an alternative to self-contained systems, a security monitoring system may include an installation at a premises, domestic or commercial, that is linked to a remote Central Monitoring Station (CMS) where human operators manage the responses required by different alarm and notification types.

In such centrally monitored systems, the CU at the premises installation typically processes notifications received from the various nodes in the installation, and notifies the CMS of only some of these, dependent on the settings of the system, and the nature of the detected events. In such a configuration, the CU at the installation acts as a gateway between the nodes and the Central Monitoring Station. In such installations the CU may be linked by wires, or wirelessly, to the various nodes of the installation, and these nodes will typically be battery rather than mains powered.

Such security monitoring systems contribute to the safety and wellbeing of occupants of the protected premises, as well as safeguarding articles within the protected perimeter - which may of course not simply be limited to a house or dwelling, but may also extend to the grounds of the house, protected by a boundary fence and gate, for example. Such systems may, however, be further improved.

Embodiments of the present invention seek to provide enhanced security monitoring systems, and corresponding apps, methods and other implementations that improve the scope of security monitoring systems to address aspects of the problem of user authentication, as well as providing new functionality and methods.

User Authentication

According to a first aspect, there is provided a computer implemented method for personal authentication by a controlled perimeter security system comprising at least one node, wherein the method comprises: obtaining, using a first sensor of a first node located at, or outside, the perimeter of the security system, an inherent signal related to a person seeking access to the perimeter; processing the inherent signal to obtain an inherent authentication artifact; searching a plurality of data records of an inherent authentication artefact data store using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the plurality of data records, validating the inherent authentication artifact wherein validating the inherent authentication artefact comprises: identifying, in a user data store, a unique user record associated with the inherent authentication artefact; generating an authentication token corresponding to the unique user record; and communicating the authentication token to the first node and/or a further node. The inherent signal, for example a biometric signal, is obtained by first node associated with a controlled perimeter security system. Biometric signals can improve the likelihood of correct user authentication. For security reasons, the secure storage and processing of biometric signals is preferable. According to the first aspect, the collection and processing of inherent signals (such as biometric signals) is performed within a controlled perimeter security system by nodes of the controlled perimeter security system. When an authentication determination using an inherent signal has succeeded, an authentication token referring to an authenticated user is generated from within the controlled perimeter security system. The authentication token can be transmitted to further nodes in the controlled perimeter security system for the purposes of, for example, changing the arming status of the alarm system, obtaining entry to the controlled perimeter security system or a room within it, logging the entry or exit of the user from the system or rooms of the system, and the like.

In another example, the authentication token can be transmitted outside of the controlled perimeter security system to a remote monitoring station. In this example, a user registration database hosted in the remote monitoring station can be updated with authenticated user status updates without the need to transmit sensitive inherent or biometric data outside of the controlled perimeter security system.

The method according to the first aspect can also be considered an information reduction process in which one or more inherent (biometric) signals are analysed, transformed, into inherent authentication artefacts. The inherent authentication artefacts are in turn compared to a database of inherent authentication artefacts which may also be hosted inside the controlled perimeter security system. Such a comparison enables a match of a user proximate to the first node to a user held in a user data store, and the subsequent generation of an authentication token. If the relevant inherent authentication artefacts obtained from the inherent signal of a person standing proximate to the first node do not match a record in the inherent authentication artefact data store, then an authentication token is not transmitted. In examples of this case, the security system would not disarm an alarm system, or not unlock a door lock. Still further, a member or administrator of the controlled perimeter security system can prompt an unauthenticated individual to register themselves by allowing themselves to be recorded by the first sensor the first node, for example, such that a new inherent authentication artefact can be registered and bound to the unauthenticated individual. On another entry attempt, the newly registered individual would then be able to generate an authentication token. Systems capable of obtaining inherent signals and inherent authentication artefacts from individuals at the perimeter of a security system can also use the inherent signals as indicators that a registered user has left a controlled perimeter. Furthermore, a registered user or unregistered user can use inherent signals to signal a distress or duress state to the controlled perimeter security system.

Accordingly, the present specification provides ways to exploit the benefits of inherent authentication data such as biometric data in a controlled perimeter security system whilst also protecting the integrity of the inherent authentication data.

According to a second aspect, there is provided a central unit for use in a controlled perimeter security system. The central unit comprises a processor, a communications interface communicably coupled to the processor via a communication link, and a memory. The processor is configured (e.g. programmed) to obtain, from a first sensor of a first node located at, or outside, the perimeter of the security system, an inherent signal related to a person seeking access to the perimeter, to process the inherent signal to obtain an inherent authentication artifact to search a plurality of data records of an inherent authentication artefact data store using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the plurality of data records, to validate the inherent authentication artifact, wherein validating the inherent authentication artefact comprises identifying, in a user data store, a unique user record associated with the inherent authentication artefact, generating an authentication token corresponding to the unique user record, and communicating the authentication token to the first node and/or at least one further node in the controlled perimeter security system.

Therefore, a central unit located within the security perimeter can receive, process, and store an inherent signal obtained from a user of the security system such as images, videos, voice samples, fingerprint scans, and iris scans. The central unit can also derive information from the inherent signal in the form of an inherent authentication artefact. For example, a videophone located at the entry to an access controlled facility may require that biometric authentication is performed with low latency. Low latency can be defined as unlocking and opening a controlled door with less than five, two, one, or 0.5 seconds delay between the videophone identifying the approach of a person, and the confirmation or denial of opening the door. An inherent signal such as a video can be captured by the videophone and transmitted to a central unit using a high bandwidth network of the house such as a Wi-Fi (TM) network, for example. The processor of the central unit is typically provisioned with high-speed processors that can perform video processing at lower latencies compared to the videophone, for example.

Therefore, the inherent signal can be converted to the inherent authentication artefact quickly, enabling faster registration of new users, and/or the faster admission of authenticated users. Because all processing is performed either in the videophone, or the central unit, the inherent signal and/or the inherent artefact is not transmitted outside of the security system, thus aiding the security of the stored inherent signal and/or artefact. However, a remote system may still be kept aware of the authenticated users inside the security perimeter, because an authentication token can, in some options, be transmitted to a remote monitoring centre.

According to a third aspect, there is provided a node for use in a controlled perimeter security system. The node comprises a processor, a transceiver communicably coupled to the processor via a communication link, and a memory. The processor is configured (e.g. programmed) to obtain, from a first sensor of a first node located at, or outside, the perimeter of the security system, an inherent signal related to a person seeking access to the perimeter, to process the inherent signal to obtain an inherent authentication artifact to search a plurality of data records of an inherent authentication artefact data store using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the plurality of data records, to validate the inherent authentication artifact, wherein validating the inherent authentication artefact comprises identifying, in a user data store, a unique user record associated with the inherent authentication artefact, generating an authentication token corresponding to the unique user record, and communicating the authentication token to the first node and/or at least one further node in the controlled perimeter security system.

According to a fourth aspect, there is provided a controlled perimeter security system comprising a first node comprising a first sensor, a central unit according the third aspect; and a communications system configured (if necessary, programmed and arranged) to communicably couple at least the first node and the central unit. A first sensor of the first node is configured to obtain an inherent signal related to a person seeking access to the perimeter, and to transmit the inherent signal to the central unit, and wherein, upon a successful validation, the central unit is configured to communicate an authentication token to the first node and/or at least one further node in the controlled perimeter security system.

According to a fifth aspect, there is provided a computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to one of the first aspect, or its embodiments.

According to a sixth aspect, there is provided a computer readable medium or signal comprising the computer program element according to the fifth aspect.

User Registration

According to a seventh aspect, there is provided a computer implemented method for user registration on a controlled perimeter security system comprising a plurality of processing nodes, wherein the method comprises: generating, based on a command from an authenticated user of a security system or from the back-end system (or monitoring station) of the controlled perimeter security system, a registration token from within the security system to which a prospective user intends to obtain access permissions, and storing a copy of the registration token within the security system;communicating, via a communications network, the registration token to the prospective user;reading, by a first node of the security system, the registration token as presented to the first node by the prospective user; validating, within the security system, the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user; if the identity of the prospective user is validated based on the registration token, obtaining at least one inherent signal associated with the prospective user, wherein the at least one inherent signal is obtained using the first node, and/or a further node in the vicinity of the prospective user;processing the inherent signal to obtain an inherent authentication artefact of the validated user, and storing the inherent authentication artefact in an inherent authentication artefact data store; andgenerating a new user record for the validated user in a user data store associated with the inherent authentication artefact.

Registering new users, or temporarily registering guest users of a controlled perimeter security system is frequently a difficult process involving manually entering commands using an alphanumeric keypad, or logging on to a web interface. It would be desirable to facilitate easier registration of new users or guests on a controlled perimeter security system. According to the foregoing aspect, a user who is already registered on the and thus trusted, can issue a special registration token to a new user or a guest user. Conveniently, a portion of data may be transmitted from within the control perimeter security system at the prompting of an authenticated user, to a smart phone, tablet, smart watch or similar owned by the new user or guest user. In one example, a portion of data may define a QR code for display on a smartphone screen. When the display of smart phone is held in the field of view of a videophone proximate to, for example, an entry door of the security controlled system, the videophone reads the QR code and transfers it to the central unit. This temporarily authenticates the new user or guest user with the central unit, and initiates a process whereby the central unit commands the videophone to obtain at least one inherent signal of the new user. For example, the central unit may obtain, using the videophone, a photograph, video sample, or sound sample of the new user. The at least one inherent signal of the new user can be converted into an inherent authentication artefact either at the videophone, or at the central unit. This inherent authentication artefact is bound to the user data of the new user at either the central unit and/or the videophone.

Therefore, it is possible for the new user or guest user to authenticate themselves via a simplified procedure that is adapted to smart phone. Of course, the data presented to the videophone could be in many forms, such as a code word spoken by the new user, a barcode or QR code on a physical paper letter held up to the video phone, or a specific hand signal, as some examples. Optionally, the detection of the data, for example the QR code by the videophone may in itself trigger the unlocking of the door and the disarming of an alarm, where relevant. Notably, a new user may be registered without recourse to needing to allow transfer of biometric or inherent data from a remote server (remote to the controlled perimeter security system) for inherent or biometric data of the new user.

The controlled perimeter security system facilitates the new user in providing their inherent or biometric data at the time of registration at a boundary of the controlled perimeter security system (in an alternative, the existing authenticated user who sent the registration token may choose to admit the new user on their first visit, so that they can provide their inherent or biometric data inside the controlled perimeter security system.

According to an eighth aspect, there is provided a central unit for use in a controlled perimeter security system, and further comprising a processor, a communications interface communicably coupled to the processor via a communication link, and a memory. The processor is configured (e.g. programmed) to generate, based on a command from an authenticated user of a security system or from the back-end system (or monitoring station) of the controlled perimeter security system, a registration token with which a prospective user intends to obtain access permissions to a security system comprising the central unit, and store a copy of the registration token within the security system , and to communicate the registration token to the prospective user, via a communications network, to receive, from a first node of the security system, the registration token as presented to the first node by the prospective user, to validate the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user, and if the identity of the prospective user is validated based on the registration token, to obtain at least one inherent signal associated with the prospective user, wherein the at least one inherent signal is obtained via the first node, and/or a further node in the vicinity of the prospective user, wherein the processor is further configured (e.g. programmed) to process the inherent signal to obtain an inherent authentication artefact of the validated user, to store the inherent authentication artefact in an inherent authentication artefact data store, and to generate a new user record for the validated user in a user data store associated with the inherent authentication artefact.

According to a ninth aspect, there is provided a node for use in a controlled perimeter security system, comprises a processor, a transceiver communicably coupled to the processor via a communication link, and a memory. The node is configured to read a registration token as presented to the first node by a prospective user of a security system communicably coupled to the node, and to validate, within the security system, the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user, wherein if the processor receives a message from the central unit that the identity of the prospective user is validated based on the registration token, the processor is further configured (e.g. programmed) to obtain at least one inherent signal associated with the prospective user, wherein the at least one inherent signal is obtained using the first node, and to process the inherent signal to obtain an inherent authentication artefact of the validated user, wherein the inherent signal and/or the inherent authentication artefact are communicated to an inherent authentication artefact data store hosted by the first node and/or a central unit, wherein the node and/or the central unit are optionally configured to generate anew user record for the validated user in a user data store associated with the inherent authentication artefact.

According to a tenth aspect, a controlled perimeter security comprises a first node according to the ninth aspect, a central unit according to the eighth aspect, and a communications system configured to communicably couple at least the first node and the central unit.

According to an eleventh aspect, there is provided a computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method the seventh aspect.

According to a twelfth aspect, there is provided a computer readable medium or signal comprising the computer program element according to the eleventh aspect. Tracking User Exit

According to a thirteenth aspect, there is provided a computer implemented method for tracking user exit from a controlled perimeter security system. The method comprises: obtaining, using at least one sensor located at, inside, or outside, the perimeter of the security system, an inherent signal related to a person exiting the controlled perimeter; processing the inherent signal to obtain an inherent authentication artifact;searching one or more data records of an inherent authentication artefact data store using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the one or more data records, validating the inherent authentication artifact; wherein validating the inherent authentication artefact comprises identifying a unique user record in a user data store associated with the inherent authentication artefact of a user;generating an authentication token corresponding to the unique user record; and communicating the authentication token to at least one further node in the controlled perimeter security system.

Conventional controlled perimeter security systems place significant emphasis on authenticating visitors as they enter a control facility using entry codes, videophones, and the like. However, as soon as a visitor is admitted into the controlled perimeter, it becomes difficult to be certain that the user has left the controlled perimeter. Exit doors in many conventional systems are operated anonymously by door handles or exit pushbuttons, without any form of de-authentication or de-registration of the visitor taking place. Other systems may require the user to exit the security perimeter using, for example, a chip card or by entering a code into a PIN pad, although such approaches are clumsy because they slow the user down on their exit from the controlled perimeter.

Accordingly, obtaining an inherent signal and an associated inherent authentication artefact from a visitor as they leave the controlled perimeter security system can enable the security system to improve its information on the identities of people remaining within the controlled perimeter (by automatically de-registering the visitor as they leave using at least inherent or biometric information). Inherent or biometric information can be collected much more easily than, for example, ownership information (such as showing a token to a token reader) or knowledge information (such as entering an alphanumeric code). For example, a videophone could obtain a photograph of a user as they entered the controlled perimeter, and process the photograph to extract the clothing style of the user in a form of image mask that could be used as the inherent authentication information. At the time the user leaves the controlled perimeter, the same or a different videophone would identify that the similarly dressed user was leaving the controlled perimeter. As the user opens the door and leave the security perimeter, the central unit could deregister or de-authenticate the user in a seamless manner based on identifying the user by their closing. Because the inherent signal and/or inherent authentication information is stored either on the videophone, or the central unit within the controlled perimeter security system, there is no need to communicate this sensitive information away from the control facility. Indeed, one option is that the inherent signal and/or inherent authentication information are deleted from any data storage from within the security perimeter as soon as the departure of the user has been detected.

According to a fourteenth aspect, there is provided a central unit for use in a controlled perimeter security system, comprising a processor, a communications interface communicably coupled to the processor via a communication link, and a memory. The processor is configured (e.g. programmed) to obtain, from at least one sensor located at, inside, or outside, the perimeter of the security system, an inherent signal related to a person exiting the controlled perimeter, to process the inherent signal to obtain an inherent authentication artifact, to search one or more data records of an inherent authentication artefact data store using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the one or more data records, to validate the inherent authentication artifact, wherein validating the inherent authentication artefact causes the processor to identify a unique user record in a user data store associated with the inherent authentication artefact of a user, to generate an authentication token corresponding to the unique user record; and to communicate the authentication token to at least one further node in the controlled perimeter security system .

According to a fifteenth aspect, there is provided a node for use at, inside, or outside, the perimeter of a controlled perimeter security system. The node comprises: a processor, a transceiver communicably coupled to the processor via a communication link, a memory and at a first sensor, the at least one sensor is configured to obtain an inherent signal related to a person exiting a controlled perimeter, to process the inherent signal to obtain an inherent authentication artifact, and to transmit the inherent authentication artifact to a central unit.

According to a sixteenth aspect, there is provided a controlled perimeter security system comprising a first node according to the fifteenth aspect, a central unit according to the fourteenth aspect, and a communications system configured to communicably couple at least the first node and the central unit. According to a seventeenth aspect, there is provided a computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to the thirteenth aspect.

According to an eighteenth aspect, there is provided a computer readable medium or signal comprising the computer program element according the seventeenth aspect.

Duress Detection

According to a nineteenth aspect, there is provided a computer implemented method for detecting at least one predefined signal from a person using a controlled perimeter security system, wherein the method comprises detecting the presence of a first person proximate to a sensor of at least one node of a controlled perimeter security system;obtaining, using the sensor, a sample of the behaviour of the first person as they are proximate to the sensor; processing the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate; and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to a central unit of the controlled perimeter security system, and/or a remote central monitoring station.

Controlled perimeter security systems are sometimes attractive targets for criminals, because they may protect valuable property. Owing to the advances in the technology used to secure controlled perimeter security systems, criminals may be discouraged from tampering with technical equipment at the entry to the controlled perimeter. For example, a tamper alarm could silently call a local police force, making tampering with technical equipment of the controlled perimeter security system risky for criminals. Unfortunately, users of a controlled perimeter security system may instead be coerced by criminals to gain access to the controlled perimeter.

For example, a criminal may threaten a registered user of a controlled perimeter security system with a weapon or violence, such that the registered user is frightened into opening up the controlled perimeter security system and allowing the criminal to breach the controlled perimeter. The standard advice to users of such a system is often to allow the criminal to breach the controlled perimeter, rather than risk injury or violence at the hands the criminal. Although the standard advice remains sensible, the foregoing aspect provides a method of enabling the detection of inherent or biometric cues of a user under duress is a field of view (in the case of a video camera) around the entrance to controlled perimeter, for example that enable a controlled perimeter security system to infer that a user is acting under duress. For example, the controlled perimeter security system may identify that the registered user is showing signs of being coerced towards the door. In another example, the controlled perimeter security system may notice that the registered user is deploying a pre-programmed alarm signal which is capable of detection by the videophone, for example, but which is subtle enough for the criminal not to notice.

For example, the registered user under duress may look in a specific direction, hold their hands or legs in a specific pattern, or blink a given number of times. A plurality of commands may be entered to enable a coerced registered user of the system to choose which response is required of the controlled perimeter security system. For example, in some contexts, a simulated lockout authentication failure may enable a registered user to persuade the criminal to leave. In other contexts, a registered user may need to allow the criminal into the controlled perimeter but simultaneously and silently call the police. Accordingly, inherent signals of a registered user can be monitored to identify whether, or not, the user is acting under duress. To benefit from duress detection, a person does not, in all examples, need to be registered and/or authenticated user of the security system.

According to a twentieth aspect, there is provided a central unit for use in a controlled perimeter security system, further comprising a processor, a communications interface communicably coupled to the processor via a communication link a memory. The processor is configured to receive, via a first node, a sample of the behaviour or a predetermined signal from the first person as they are proximate to the sensor, to process the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate, and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to one or more further nodes in the controlled perimeter security system, and/or a remote central monitoring station.

According to a twenty first aspect, there is provided a node for use in a controlled perimeter security system comprising a processor, a transceiver communicably coupled to the processor via a communication link, a memory, and a first sensor. The processor is configured (e.g. programmed) to detect the presence of a first person proximate to a sensor of at least one node of a controlled perimeter security system, and to obtain, using the sensor, a sample of the behaviour or a predetermined signal of the first person as they are proximate to the sensor. The processor is further configured (e.g. programmed) to perform one, or both, of the following: (i) to process the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate, and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to a central unit, and/or one or more further nodes in the controlled perimeter security system, and/or a remote central monitoring station; or (ii) to transmit the sample to the central unit of the controlled perimeter security system.

According to a twenty second aspect, there is provided a controlled perimeter security system comprising a first node according to the twenty second aspect, a central unit according the twenty first aspect, and a communications system configured to communicably couple at least the first node and the central unit.

According to a twenty third aspect, there is provided a computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method.

According to a twenty fourth aspect, there is provided a computer readable medium or signal comprising the computer program element according to the twenty third aspect.

Automatic authentication is the process of guaranteeing that a user claiming to have a given identity, as defined in a user database of unique users, is correctly identified such that a system can assign a degree of trust to them.

Authentication fundamentally makes use of three forms of information available to an authentication system from a user: a knowledge factor, an ownership factor, or an inherence factor. The location from which the act of authentication is attempted can be viewed as a form of inherence factor. An example of a knowledge factor is a password that a user must remember and enter into the PIN pad of a security system. An example of an ownership factor is an encrypted NFC (near-field communication) token that is uniquely owned by a unique user of the security system.

An example of an inherence factor is characteristic, such as a biometric characteristic, that a unique user of the security system exhibits. Preferably, the inherence factor is a characteristic that is unique to a unique user of the security system. However, in combination with other forms of inherent information, or other knowledge factors or ownership factors, a non-unique inherence factor, or an inherence factor that has a relatively low fidelity relative to the total population of users of a security system, can still increase the probability that a unique user of the security system has been correctly authenticated.

Multifactor authentication requires a plurality of factors in order to authenticate a user. This is effective because it is unlikely that a bad actor attempting to gain access to the security system will simultaneously possess more than one factor linked to a unique user. Multifactor authentication can comprise factors taken from at least two different categories chosen from the group: knowledge factor, and ownership factor, an inherence factor, and/or a location factor.

An inherent signal of a person is a measurable quality, metric, or impression that can be used by a computing system to distinguish one person in a population of users of a security system from a plurality of remaining users of the security system. For example, inherent signal of a person is a signal that a person cannot easily disguise, mimic, avoid, or disguise. An inherent signal of a person is a biometric signal of a person. The inherent signal of a person exists in relation to the suite of sensors available in a controlled perimeter security system to sense the inherent signal of the person. The inherent signal of a person can be measured by additional nodes or sensors that belong to the person, rather than the controlled perimeter security system provided that the additional nodes or sensors are communicable coupled to the controlled perimeter security system in such a way that the security system can obtain the measurements of the additional nodes or sensors have made of the user.

An example of the foregoing point is that a smartwatch does not belong to a security system, but a smartwatch does measure inherent signals (biometric signals) such as heartbeat, heart rate variation, and temperature of the user. These biometric signals could be useful to a security system, particular for determining whether or not user is under duress. An application programming interface related to the smartwatch may expose measurements made of the user by the smartwatch to an Internet application, or to a Bluetooth beacon hosted by the smartwatch, for example. The security system may, for example, be configured to obtain the measurements made by the smartwatch opportunistically, and use them as inherent signals characteristic of the user. Therefore, the security system can extend the number and type of measurements possible using nodes and sensors that are not part of the security system in a strict sense.

A “controlled perimeter security system” relies on directing guests and registered users through one or a plurality of controlled entry and exit portals. At each portal, at least one node is present that is able to control an access door based on an identity authentication performed on a user by the at least one node. Typically, the at least one node is a videophone, although as the present specification discusses, many different devices can be used to regulate entry to the controlled perimeter security system. In variants of such systems, for example, public buildings, the controlled perimeter may in practice not exist and instead, the building is subdivided into one or more areas of controlled access applying techniques discussed in this specification. However, even if access control is not performed, nodes may still be provided at entry and access points to identify authenticated users, for example. References in this specification to a processing action being performed “by the security system” anticipate that processing operations can be performed across a wide range of different nodes of the security system, or even, in some instances, be performed at remote servers outside the security system (assuming that biometric information transmitted outside the security system has been appropriately protected and/or encrypted using cryptographic primitives that are only kept inside the security system). The phrase that the processing action can be performed “by the security system” is intended to cover the possibility of the same processing operation being performed on different nodes, as the context demands.

References to an external node being located “outside of the controlled perimeter security system” mean that a logical and geographical separation between the controlled perimeter security system and the respective node exists. In order for the external node to communicate with, upload data to, and download data from datastores comprised within the controlled perimeter security system, the external node preferably undergoes a form of network authentication to ensure that the controlled perimeter security system will be communicating with another, trusted system.

BRIEF DESCRIPTION OF THE DRAWINGS

Other characteristics will be apparent from the accompanying drawings, which form a part of this disclosure. The drawings are intended to further explain the present disclosure and to enable a person skilled in the art to practice it. However, the drawings are intended as nonlimiting examples. Common reference numerals on different figures indicate like or similar features.

Figure 1 is a schematic drawing showing a front elevation of stylised building with an external space which is monitored by an example of a controlled perimeter security monitoring system according to an embodiment.

Figure 2 is a schematic part plan view of an example of premises protected by a security monitoring system, together with other elements of the system;

Figure 3 schematically illustrates an example of a security monitoring system.

Figure 4 schematically illustrates an example of a node according to a third aspect.

Figure 5 schematically illustrates an example of a central unit according to a second aspect.

Figure 6 schematically illustrates an example of a computer implemented method according to the first aspect.

Figure 7 schematically illustrates an example of a data model of the system. Figure 8 schematically illustrates an example of authentication using inherent data according to an example of the first aspect.

Figure 9 schematically illustrates an example of user registration using inherent data according to an example of the seventh aspect.

Figure 10 schematically illustrates an example of tracking user exit using inherent data according to an example of the thirteenth aspect.

DETAILED DESCRIPTION

Figure 1 shows a view of the front of a premises 100 protected by a security monitoring system according to aspects discussed herein. The premises, here in the form of a house, have an exterior door, here front door, 102. The door gives access to a protected space (within a controlled perimeter). The security system 201, also referred to herein as a controlled perimeter security system 201, monitors and secures at least part of a perimeter to the premises 100, and the door constitutes an exterior closure 102 in the secure perimeter giving access to a protected space 200 of the premises. A lock 104 on the exterior door is optionally electrically controlled so that it can be locked and unlocked remotely.

The security system 201 can comprise elements of an audible alarm system such as an alarm sounder to provide audible feedback to people in the locality when the alarm is triggered. Security system 201 is capable of arming and disarming the alarm system when, for instance, a user authenticates themselves using a token, a PIN code, a biometric technique, or a combination of these factors. The security system 201 may have an “armed at home” state in which the internal sensors inside the house are set to not trigger the alarm system, the perimeter sensors are configured to operate normally.

To the side of the door, on the facade of the house, is a first node 105 comprising a first video camera in the form of a video doorbell 106 which looks out from the facade of the premises so that anyone approaching the door along the path 108 can be seen, and in particular when a person stands at the door their face should clearly be visible. The video doorbell may include an actuator, e.g. a push button, for a person to indicate their presence at the closure. The video doorbell may be automatically triggered, for example by monitoring sounds in proximity to the video doorbell 106. In an example, video doorbell includes an audio interface (microphone) to enable bidirectional audio communication with a visitor at the front door 102.

The video doorbell preferably includes a light source compatible with the wavelengths of operation of the camera unit of the video doorbell to illuminate whatever is present in the field of view of the video doorbell. For example, the light source may be a visible light or infrared light source. The first node 105 can comprise the

Optionally, as shown, the facade of the house also carries an external keypad 110 by means of which a user can disarm the security system 201, and unlock the lock 104. Also shown in Figure 1 is an optional second video camera 112 which is coupled to a presence and/or movement detector 114. Without loss of generality, the aspects and techniques discussed herein can be applied to office buildings, school or university buildings, agricultural buildings, factories and research establishments, warehouses, military barracks, police and fire stations, museums, public gardens, recreational parks and zoos, restricted access areas of shops, malls, theatres, public swimming pools. The aspects and techniques discussed herein can also be applied to perimeter security of residential buildings having two or three permanently registered users and up to 10 occasional guests, up the case of a large office building having thousands of registered users and hundreds, or thousands of occasional guests.

The detector may optionally be a thermal detector, for example a PIR sensor. The second video camera 112 may be arranged when the security monitoring system is armed, with a field of view configured to capture video of the front of the house and the private area, e.g. the garden, in front of the house and signal an alarm event to a controller of the security system 201.

The video camera, microphone, and external keypad 110 can be integrated in a unified enclosure, including communication interface circuitry, constituting the first node 105. The first node 105 may additionally comprise a display screen (such as an OLED, e-ink, or LCD display) to present a visitor proximate to the first node 105 with information and/or instructions. In another example, one or more of the video camera, microphone, display screen, and external keypad 110 are distributed between different enclosures in the proximity of the front door 102, but are communicatively coupled together by wiring or by a short range radio network to form a first node 105.

In an example, the second video camera is provided with an audio interface 116 to enable bidirectional audio communication with anyone entering the field of view of the second video camera. Although the first video camera is illustrated in the form of a video doorbell 106 of a first node 105, the first video camera may additionally or alternatively have the features described above for the second video camera, whether or not plural video cameras are used. Figure 2 is a schematic part plan view of a premises 100 protected by a controlled perimeter security system 201 according to aspects discussed herein, together with other elements of the system, corresponding generally to the premises of Figure 1. In this specification, the term “controlled perimeter security system” is sometimes shortened to “security system”.

The front door 102, with electrically controlled lock 104, leads into the interior space 200 of the premises. At least the interior space 200 of the premises is protected by the security system. Each of the windows 202, and the rear door 204, is fitted with a sensor 206 to detect when they are opened. Each of the sensors 206 includes a radio transceiver to report events to a controller, or central unit, 208 of the security system 201.

If one of the sensors 206 is triggered when the system is armed, a signal is sent to the central unit 208 which in turn may signal an alarm event to a remote central monitoring station 210. The central unit 208 is connected to the remote central monitoring station 210 via the a communications network 212 such as the Internet, either via a wired or a wireless connection. Also wirelessly coupled to the central unit 208 are the video doorbell 106, the electrically controlled lock 104, and if present the second video camera 112, its associated presence and/or movement detector 114 (although the latter may be integral with the second video camera 112) and the audio interface 116.

These items, and the sensors 206, are preferably coupled to the central unit 208 using transceivers operating in the industrial scientific and medical (ISM) bandwidths, for example a sub-gigahertz bandwidth such as 868 MHz, and/or 2.4 GHz, and the communications are encrypted preferably using shared secret keys.

The security monitoring system may also include other sensors within the interior space, such as an interior video camera 214 and associated movement detector 216 (which again may be integral with the camera 214), and each of the interior doors 218 may also be provided with a sensor 206 to detect the opening/closing of the door. Also shown in Figure 2 are a user device 220, preferably loaded with an appropriate software application - as will be described later, and a public land mobile network (PLMN) by means of which the central monitoring station 210, and the central unit 208, may communicate with the user device 220.

Operation of the security monitoring system may be controlled by one or more of: a node such as the first node 105, the controller 208, the remote monitoring station 210, and a security monitoring software application installed on the user device 220. For example, the remote monitoring station 210, if provided, may receive one or more signals from any of the first camera and/or video doorbell 106, the second camera 112, the keypad 110, the sensors 206 and/or 520 (described in more detail later).

The remote monitoring station 210 may transmit commands for controlling any one or more of: the arm state of the alarm system (e.g. armed or unarmed); commanding a tripped alarm state to be signalled by the alarm system (e.g. by triggering one or more sirens to generate alarm noise); commanding a lock state of the door lock 104 (e.g. locked or unlocked), commanding operation of one or more functions of the video doorbell 106, commanding operation of one or more cameras to transmit images to the remote monitoring unit, authenticating a user of the security system and transmitting authentication token, registering a new user of the security system, handling guest registration on the security system, monitoring exiting users of the security system, and detecting a duress signal from a user of the security system.

Communication with the remote monitoring station 210 may pass through the controller 208, as described above. Preferably, biometric information based, for example, on inherent signals captured from a user (such as voice samples, image samples, and the like) are not transmitted outside of the perimeter of the security system to one. Typically, such as one, or more, of the nodes or the central unit of the security system. Preferably, if biometric information is released from the security system 201 to a remote central monitoring station 210, a user with high access privileges to the security system 201 must consciously authenticate such transfers.

Preferably, such transfers are performed using strong encryption. Preferably, the remote monitoring station 210 upon receiving encrypted biometric information is required to obtain decryption keys for decrypting the encrypted biometric information from an authenticated user of the security system 201 from within the security system 201 on each instance of the use of the biometric information at the remote central monitoring station 210 such that if the encryption key is not provided from within the security system 201, the encrypted biometric information is effectively not accessible to the remote central monitoring station 210.

In other embodiments not comprising the remote monitoring station 210, or should communication with the remote monitoring station 210 be interrupted, operation of the alarm system may be controlled by the central unit 208. In yet other embodiments, the central unit 208 may be omitted, and the individual peripheral devices may communicate directly with the remote monitoring station 210. According to another example, at least one node of the security system 201 may comprise an embedded central unit 208. The security monitoring system preferably further comprises a first video camera arranged to observe a field of view in front of the exterior of the closure, the controller 208 being configured (e.g. programmed) to enable the remote monitoring centre 210 to use the first video camera to observe the person.

The security monitoring system may further comprise an audio interface to enable audio communication with a person at the closure, the controller 208 being configured (e.g. programmed) to enable the remote monitoring centre 210 to use the audio interface to speak to the person.

Conveniently, the first video camera may be a video doorbell, which is convenient both in terms of the location of the camera, and the co-location of the video and audio interfaces, along with the actuator, and in terms of the visual performance of the camera - as video doorbells are typically very well placed to capture images of people at the door. Conveniently, the video doorbell includes the audio interface, as this is likely to be well located from the point of view of performance, and it may also reduce installation complexity and time.

Preferably, the security monitoring system further comprising a second video camera arranged to observe the interior space behind the closure, the controller being configured (e.g. programmed) to enable the remote monitoring centre to use the second video camera to observe any person within the interior space.

Although use of a doorbell video camera for the purpose of observing the person, and the doorbell audio interface as a means to speak with a person at the door are preferred, it will be appreciated that the actuator, the external video source, and the external audio interface may all be provided in free-standing components to implement embodiments. Thus, although it is preferred for the first video camera, if used, to be the video camera of a video doorbell, because of the generally ideal location of such a camera in terms of providing a field of view in front of the front door 102, it is also possible to use a different video camera installation, such as that shown as 112, which also observes the space in front of the front door.

Unlike most video doorbells, which typically do not show a view of the exterior face of the front door itself, a video camera installation such as that shown schematically in figures 1 and 2 as 112 may provide a view not only of the space in front of the front door, but also of the door. As previously described, the video camera installation 112 includes, or has an associated, presence and/or motion detector 114, such as a PIR or other thermal sensor, with the camera 112 typically only being turned on when the sensor detects movement and/or a presence within its field of view. For example, the camera 112 comprises a field of view extending along a longitudinal portion of an approach path 108, facilitating the collection of a gait of a person

It is also possible to make use of a different form of video camera installation, such as a surveillance camera installation. Typically, a surveillance camera installation does not require a movement/presence sensor, rather when the surveillance camera is activated it may continuously monitor the area under surveillance, typically streaming images continuously or every few seconds to a monitoring location. Such a surveillance camera may also operate under the control of a security monitoring system according to an aspect, the controller 208 of the security monitoring system transmitting a signal to cause the surveillance camera to capture images and transmit the captured images to the controller 208, and to forward the captured images for checking remotely, e.g. at the central monitoring station 210 or at a user device 220.

A security monitoring system software application is installed on a user device 220, here shown as a smartphone, although it could be almost any kind of electronic device, such as a laptop or desktop computer, a tablet such as an iPad, a smart watch, or even a television. The security monitoring system can be used by an authenticated user to perform one, or any combination, of a wide range of tasks determined by the capabilities of the security system to one, or a subset of tasks.

Examples are the arming or disarming the security system 201 in its entirety or arming or disarming selected subsets of the security system 201, changing the automated timing of an arming protocol, changing access codes, viewing images and videos of visitors approximate to an entry point 102 of the controlled perimeter, performing remote access authorisation using videophone or audio phone functionality of the videophone 105, performing remote new user or guest user authentication, receiving an alarm that a person at the controlled perimeter is under duress, or receiving a notification that a registered user of the security system has left the controlled perimeter. In addition, the software application can collect statistics from the central unit 208 and/or the central monitoring station to 210 to provide insights into operational usage of the security system 201. A wide range of other uses a software application will be introduced in the following specification.

Figure 3 shows schematically an architecture in which a security monitoring system, shown generally as 500, is coupled to a video entry arrangement 510, an electrically controlled lock, such as the lock 104 of figures 1 to 4, and a remote monitoring station 210. The security monitoring system 500 includes a security monitoring system controller 208, together with a collection of various sensors 520, including an external video camera 112, an internal video camera 214, a closure status sensor 206 for the closure (e.g. door 102) which is locked by electrically controlled lock 104, and an admittance zone sensor 216 - an example of which is the motion sensor 216 shown in figure 2, but more generally this is a sensor of any form to detect presence within a zone to which a person such as a delivery person, or the like, may be admitted.

The elements of the security system 201, 500, are configured to communicate using a one or more networks 212. Communication between elements inside the security system 201, 500 may use a different communication network compared to communication between nodes outside the controlled perimeter security system 201.

Aspects discussed in this specification concern, for example, how to control the movement of biometric data (inherent signals and inherent authentication artefacts) inside the security system 500 and specifically outside of the security system 500, how to register new and a guest users on the security system 500, how to detect that an individual approximate to an external video camera 112 is exhibiting signs of duress, and how to exploit information about the exit of an individual from the security system 500. Of course, the security system 500 is one example topology, but the techniques discussed in this specification can apply to many other topologies.

Figure 4 is a schematic block diagram of a video entry arrangement 510, such as that shown as first node 105 in Figure 1. Conveniently, the video entry arrangement 510 may take the form of a video doorbell. The video entry arrangement 510 includes a video entry arrangement controller, 600, including a processor 602, and a memory 604, which controls operation of the video entry arrangement - in necessary in association with the central unit 208 (if present) and/or the central monitoring station 210 if present and contactable.

An RF transceiver 606 may be provided for communication with the central unit 208 (if present), and/or the central monitoring station 210, and optionally with other nodes of the security monitoring system (for example an electronic door lock if fitted). The video entry arrangement 510 also preferably includes a power supply unit which may be mains powered, or D.C. powered from an external source (which itself may be mains powered), and which preferably includes at least battery backup but may be only battery powered. Also provided are an audio interface 610, preferably comprising both an input device 612, and an output device 614, a video camera, 620, and an actuator, or bell push, 630, all of which are operatively coupled to the controller 600.

According to a further aspect, there is provided an access node 105 of a controlled perimeter access system. The node comprises at least one sensor 106, a processor, and a transceiver for communicating with at least a central unit 208 of a controlled perimeter access system a visual indicator. The processor is configured (e.g. programmed and arranged) to receive an alarm token from a central unit 208 and/or a further node of the controlled perimeter security system, and to activate the visual indicator to signal an alarm state proximate to the access node 105. Further embodiments of the access node 105 are discussed in statements B1-B7 at the end of this specification.

The access node 105 according to the further aspect of the preceding paragraph may be a video entry arrangement as discussed above.

According to this further aspect, an illuminable visual indicator (sign) may be coupled to the access node, to provide a deterrent effect. For example, the visual indicator may be coupled by cable to the access node, exposed or hidden. The access node may provide power to the visual indicator, for example at night or in low lighting conditions. The visual indicator may also have solar cells for recharging, and may serve to charge the access node during the day. The visual indicator may have different illumination effects and intensities. The visual indicator may pulse, or flash, or produce some other visual effect when the alarm is triggered to deter an intruder. The visual indicator may illuminate as a person approaches, or is detected in the vicinity of the access node, and/or in response to a doorbell push. The visual indicator may behave the same way, whether or not the alarm is armed, so as not to provide any indication of alarm state at the access node. The sign may deactivate once the person is authenticated, according to one or more embodiments of an authentication approach to be discussed below.

A video doorbell function may be provided using an integrated unit, for example in the form of an access node 105, optionally working in conjunction with one or more external entities - such as a central unit 208, but equally a video doorbell function may be provided by an apparatus in the form of a distributed system. According to an aspect there is provided an apparatus configured to provide a video doorbell function, comprising: at least one sensor; a video camera; at least one processor; at least one memory; the at least one sensor being configured to generate an actuation signal upon actuation by a user of the video doorbell function. Upon receiving the actuation signal, the at least one processor is configured to enable the video camera and obtain at least one image and/or video segment of the field of view proximate to the video doorbell. The at least one processor is preferably further configured to process the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal. Preferably, if at least one threat factor is identified based on the processing, the at least one processor optionally generates an alarm token for at least one of: a central unit (208) of a controlled perimeter security system (201); a remote monitoring service (210); a wireless transmit receive unit (mobile device) contacted for processing a doorbell actuation. The apparatus may for example be provided by a doorbell node, or by a system of apparatus including an access node and a central unit, or by an access node - such as a video doorbell - working in conjunction with a software app on a user device (e.g. a WTRU such as a smartphone).

In this aspect the apparatus may include a first unit (e.g. an access node 105) that houses the video camera, one of the at least one processors, and one of the at least one sensors, the one of the at least one sensors being configured to generate the actuation signal upon actuation by a user. The processor of the first unit may be configured to process the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal.

The processing may be handled on an access node or on another device, such as a central unit of a security monitoring system or a user device, or even a remote monitoring station. The processing may be distributed in the sense that part of the processing is performed by a processing arrangement (processor or microcontroller, for example) on one device, with further processing being performed by another processing arrangement on another device or other devices. The processing may be image processing or it may involve, additionally or alternatively processing of other sensor data, such as data from a radar sensing arrangement and/or from other presence or movement detectors such as those based on light or infrared - such as PIRs or thermal MOS (TMOS) sensors. By arranging for the processing to determine the existence of a threat to be offloaded from the access node it becomes possible to use a low cost processor or microcontroller in the access node yet still perform high power processing (optionally including image processing) to determine the existence of a threat quickly enough to be useful. Alternatively, of course, the access node could be provided with a powerful processor to perform suitable quick processing to determine the existence of a threat, but this clearly comes with a significant cost penalty - it being appreciated that the controller/processor of the central unit for a security monitoring system is likely to be of quite high performance, and of course the processors of smartphones and other readily available WTRUs are typically extremely powerful in computing terms. It can therefore be attractive in terms of performance against cost to make use of such existing processing power in determining the existence of a threat. The first unit may include a transceiver configured to communicate with the central unit (208) of a controlled perimeter security system, the central unit including one of the at least one processors. The processor of the central unit may be configured to process the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal.

The apparatus according to this aspect may include the wireless transmit receive unit (mobile device) including a processor of the at least one processors and having a software application configured to process a doorbell actuation.

In the apparatus according to this aspect the at least one sensor may include a radar arrangement and the at least one processor may be further configured to process a signal from the radar arrangement to identify the at least one threat factor.

In the apparatus according to this aspect the at least one sensor may include a movement or presence sensor and the at least one processor may be further configured to process a signal from the movement or presence sensor to identify the at least one threat factor.

In the apparatus according to this aspect the threat factor identified in the image and/or video segment is one, or more, of an identification of a specific person at the door, optionally by means of an inherent authentication artefact of the specific person, the fact that an individual at the door is wearing a helmet or balaclava capable of concealing the person’s face, or the fact that the person is carrying a potentially threatening object.

In the apparatus according to this aspect the at least one threat factor may include the presence of more than one person in the image.

In a related aspect there is provided a method performed by an apparatus configured to provide a video doorbell function, the apparatus including a video camera, at least one sensor, and at least one processor, the method comprising: receiving an input from a user; in response to receiving the input, obtaining using the video camera at least one image and/or video segment of the field of view proximate to the video camera; processing the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal; and if at least one threat factor is identified based on the processing, generating an alarm token for at least one of: a central unit (208) of a controlled perimeter security system (201); a remote monitoring service (210); a mobile device contacted for processing a doorbell actuation. In the method according to this aspect the apparatus may include a first unit that houses the video camera, one of the at least one processors, and one of the at least one sensors, the one of the at least one sensors being configured to generate the actuation signal upon actuation by a user.

The method according to this aspect may comprise processing the at least one image and/or video segment and/or a signal from the at least one sensor using the processor of the first unit to identify at least one threat factor associated with an instance of the actuation signal.

In the method according to this aspect the first unit may include a transceiver configured to communicate with the central unit (208) of a controlled perimeter security system, the central unit including one of the at least one processors. The method may further comprise processing using the processor of the central unit the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal.

In the method according to this aspect the apparatus may include the wireless transmit receive unit (mobile device) including a processor of the at least one processors and having a software application configured to process a doorbell actuation.

In the method according to this aspect the at least one sensor may include a radar arrangement, the method comprising processing, using the at least one processor, a signal from the radar arrangement to identify the at least one threat factor.

In the method according to this aspect the at least one sensor may include a movement or presence sensor, the method comprising processing, using the at least one processor, a signal from the movement or presence sensor to identify the at least one threat factor.

In the method according to this aspect the threat factor identified in the image and/or video segment may be one, or more, of an identification of a specific person at the door, optionally by means of an inherent authentication artefact of the specific person, the fact that an individual at the door is wearing a helmet or balaclava capable of concealing the person’s face, or the fact that the person is carrying a potentially threatening object.

In the method according to this aspect the at least one threat factor may include the presence of more than one person in the image.

Figure 5 schematically illustrates an example of a central unit 208 according to a second aspect. For example, the central unit 208 comprises a communications interface 140 communicable coupled to a processor 142. The processor 142 is configured (e.g. programmed) to read and write to a local volatile and/or non-volatile memory 144. A communication link, to network interface for example, enables the central unit 208 to communicate with other elements of the security system 201. According to an example, the communication link comprises an Ethernet link. According to an example, the communication link comprises a wireless link, such as using Wi-Fi. In embodiments, the central unit 208 is an embedded personal computer or embedded industrial computer hosting a secure operating system capable of operating application software of the security system 201, and storing components of the databases to be discussed in relation to Figure 7, for example.

In embodiments, the central unit 208 is configured (e.g. programmed and arranged) to receive an inherent signal from one or more of the nodes comprised in the security system 201 such as a video, audio sample, and the like. The central unit 208 can, in embodiments, process the inherent signal to provide an inherent authentication artefact. Generally, this processing is a form of information reduction, aiming to extract significant features from the inherent signal that enable the identification and/or authentication of a registered user of the security system 201. The central unit 208 should have appropriate processor 142, memory 144, and communication interface 140 to be able to perform the conversion of the inherent signal to the extraction of an inherent authentication artefact from the inherent signal. In embodiments, a plurality of inherent signals may be converted into one inherent authentication artefact. In embodiments, a plurality of inherent signals may be converted into a plurality of inherent authentication artefacts. In embodiments, one inherent signal may be converted into a plurality of inherent authentication artefacts. If the inherent signal is an audio sample, and the inherent authentication artefact is a spectral analysis of the audio sample, relatively low specification processor could be used. If inherent signal is a section of video, and the inherent authentication artefact is, for example, a gait analysis, more powerful processing will be required at the location of processing, whether the central node 208 or the first node 105. In particular, low latency video processing is may be important for low latency perimeter access) may require that the processor 142 comprises a video acceleration coprocessor.

Authentication

Figure 6 schematically illustrates an example of a computer implemented method according to the first aspect.

According to a first aspect, there is provided a computer implemented method 300 for personal authentication by a controlled perimeter security system 201 comprising at least one node 105, wherein the method comprises: obtaining 302, using a first sensor 107 of a first node 105 located at, or outside, the perimeter 200 of the security system 201, an inherent signal 150 related to a person seeking access to the perimeter; processing 304 the inherent signal 150 to obtain an inherent authentication artifact, 152; searching 306 a plurality of data records of an inherent authentication artefact data store 154 using the inherent authentication artifact 152, and based on a closeness of the inherent authentication artifact 152 to a record of the plurality of data records, validating the inherent authentication artifact 152, wherein validating the inherent authentication artefact 152 comprises: identifying 308, in a user data store 156, a unique user record 157 associated with the inherent authentication artefact 152; generating 310 an authentication token 160 corresponding to the unique user record 157; and communicating 312 the authentication token 160 to the first node 105 and/or a further node.

The technique according to the first aspect generally relates to authenticating a registered user of a controlled perimeter security system using one or more inherent signals 150 derived from the registered user.

According to an embodiment, the inherent signal 150 is one or more biometric signals. One or more inherent signals 150 may be combined with other inherent signals 150, or other forms authentication information 159 to provide multifactor authentication when authenticating on a controlled perimeter security system 201.

Inherent signals 150 are original, and/or pre-processed data signals captured from the sensor modality intended to capture an intended biometric of the user. For example, an inherent signal 150 may be an audio sample obtained from a microphone 132 of the security system 201. The inherent signal 150 is converted into an inherent authentication artefact 152. An inherent authentication artefact 152 is an information reduced version of the inherent signal 150 that still enables unique, or improved, identification of a registered user 157 of the security system 201.

Computation of the inherent authentication artefact 152 from the inherent signal 150 is performed using a wide range of different signal processing techniques dependent on the original inherent signal 150, and the particular biometric out of a wide range of biometrics being targeted. Some signal processing techniques, such as basic voice recognition, are of low enough complexity to be performed in a first node (such as a video phone) 105 of a security system. The first node 105 of the security system 201 may be considered to be an “edge node”.

Other signal processing techniques, such as the analysis of a video to identify the instantaneous angle of elevation of a head of a user can be performed by the central unit 208. Some signal processing techniques, such as a gait analysis of a long portion of video, our complex enough to require a central unit 208 having multiple processes or a video accelerator, and/or to require outsourcing processing of the gait analysis to an off-site processing node. When the inherent authentication artefact 152 has been computed from the inherent signal 150, the inherent authentication artefact 152 can be used to identify a unique user, all unique users, of a security system 201.

In brief, the inherent authentication artefact 152 is compared to one or more stored inherent authentication artefacts relating to unique users of the security system 201. For a given group of inherent authentication artefacts, the closest match of a compared inherent authentication artefact 152 to the entire group of inherent authentication artefacts enables identification of a unique user. What constitutes the closeness of the match between inherent authentication artefacts depends on the type of biometric being compared.

For example, the comparison of the inherent authentication artefact 152 to the entire group of inherent authentication artefacts may be performed on the basis of a continuous likelihood metric, or log likelihood metric, with the highest likelihood being used to identify a user. If the inherent signal is an audio signal, the inherent authentication artefact is, for example, a spectrum of the audio signal. The spectrum of the audio signal may be compared to a plurality of spectra of unique users held in the inherent authentication artefact datastore 154 enabling identification of a unique user entirely, or partially based on the spectrum of the user’s voice.

Once the inherent authentication artefact has identified a unique user 157, an authorisation token 160 can be generated, and transmitted to any further node of the security system 201. The authorisation token 160 can be communicated externally (outside of the security system 201), because it contains no vestige of the inherent signal or the inherent authentication artefact.

The authorisation token 160 may, in an embodiment, be an anonymous authorisation token transmitted to disarm, for example, a door lock 104, or an alarm, of a security system 201. The door lock 104 and/or the alarm do not, in some embodiments, require identification of the unique user. Instead, the anonymous authentication token is transmitted to provide confirmation to the door lock 104 that one authenticated user out of the total set of authenticated users has requested to unlock the door.

The authentication token 160 may, in another embodiment, contain a user identifier Uid#l of the unique user. Such an identifying authentication token could be used, for example, to update a register of individuals present within the controlled perimeter of the security system 201. Alternatively, such an identifying authentication token could be used by central unit 208 or a remote control centre 210 to customise the security system 201to a preset profile of the unique user. Figure 7 schematically illustrates an example of a data model of the system applicable to authentication.

The data model may be implemented, for example, on one or more databases such as a hierarchical database, a network database, an object oriented database, a relational database, a NoSQL database, as some examples. Furthermore, the data model does not need to be implemented in a specific database, and may be implemented as a custom application or applications executed by one or more of the central unit 208 and/or one of the plurality of nodes of the controlled perimeter security system 201. The central unit 208 and remote central monitoring station 21 are, for example, implement using embedded computers, personal computers, servers, and the like, with the capability of running most intensive database applications.

In some embodiments, a distributed data, or edge processing paradigm enables one or more of the data objects discussed in Figure 7 to be hosted by one or more nodes in the controlled perimeter security system, such as a first node 105 performing as a video camera. Some data stores in the data model of Figure 7 may, therefore, be implemented in one or more nodes of the security system 201 in embedded databases at the nodes themselves. Whether the elements of the data model are distributed over an edge network, or concentrated in the central unit, the techniques of this specification are applicable.

The data model is divided into a portion 170 that is hosted on the controlled perimeter security system 208, and a portion 172 that is hosted externally to the controlled perimeter security system 208. Information that is transmitted across the boundary between the controlled perimeter security system 208 and the external portion 172 falls outside the direct control of an administrator of the controlled perimeter security system 208, and thus extra security precautions need to be taken.

In particular, inherent signals 150 or inherent authentication artefacts 152 originating as, for example, biometric data in the controlled perimeter security system 208 preferably are not transmitted outside of the controlled perimeter security system 208. If there is a requirement to transmit inherent signals or inherent authentication artefacts outside of the controlled perimeter security system 208, this is, in an embodiment, following specific authorisation by an authenticated administrator of the controlled perimeter security system 208.

In an embodiment, inherent signals or inherent authentication artefacts originating as, for example, biometric data in the controlled perimeter security system 208 are strongly encrypted when transmitted outside of the security system 208. The data model comprises an inherent authentication artefact data store 154 comprising a plurality of inherent authentication artifacts. Alternatively, the inherent authentication artefact data store 154 may be called a biometric authentication artefact datastore comprising a plurality of biometric authentication artefacts.

The data model comprises a user datastore 156 comprising a plurality of unique user records.

The data model comprises a further authentication data store 158 comprising, for at least one user, a number of other authentication factors. According to an embodiment the at least one further authentication factor is a knowledge factor, an ownership factor, or an inherence factor, for example the inherence factor is a biometric factor. Typically, at least the inherent authentication artefact datastore 154, and the further authentication data store 158 remain within the portion 172 of the data model hosted on the controlled perimeter security system 208. In an embodiment, an external element such as a remote central monitoring station 210 may maintain a mirror of the user data store 156’ (defining possible users of the security system 201). In an embodiment, the remote central monitoring station 210 may maintain a mirror of received authentication tokens 160’.

In an embodiment, the remote central monitoring station 210 may maintain a validation datastore 164 defining which users of the mirrored user datastore 154’ are currently authenticated (and thus validated) and are present in the controlled perimeter security system 201. For example, a remote monitoring station 210 could use the information in the validation datastore 164 in the case that a fire alarm of the building within the controlled perimeter security system 201 was activated, because the information in the validation datastore represents a manifest of the unique users who have been validated as within the controlled perimeter security system 201.

Figure 8 schematically illustrates an example of authentication using inherent data according to an example of the first aspect.

Figure 8 illustrates signalling between the first node 105, elements of the central unit 208 (specifically the inherent authentication artefact datastore 154, the user data store 156, the further authentication datastore 158) and the validation datastore 164 of the remote monitoring station 210. In operation, and referring to Figure 8, the method according to the first aspect provides user authentication as follows. In sequence, a first node 105 obtains an inherent signal 150 from a registered unvalidated user of the security system 101. The inherent signal 150 is converted to an inherent authentication artefact (IAA) either at the first node 105, the central unit 208, or one or a plurality of edge nodes or edge processes comprised within the security system 201. Upon reception at the central unit 208, the IAA is compared to a plurality of lAAs in the IAA datastore 154. In embodiments, the unique user ID associated with the closest IAA match is used to search the unique user datastore 156. According to another embodiment, a subset of unique user IDs that are a close match to the IAA (are within a predetermined threshold) are used to extract a subset of unique user data records from the user datastore 156. In the case that a subset of unique user IDs are extracted based on the IAA, further authentication factors may be used to select the correct user from the matched subset of unique user IDs.

If the IAA is validated to a unique user match in the user datastore 156, an authentication token #1 is transmitted to other nodes within the security system 201, and to the remote monitoring station 210, where the validated user datastore 164 is updated.

The process of interrogating the further authentication datastore 158 of the central unit 208 is triggered at, for example, the first node 105 by the entry of a PIN code at a keypad of the first node 105, for example. Confirmation that the further authentication has passed may be returned to at least the first node 105 in the form of a second authentication token. In this example, the first node 105 also controls the door lock of the door 102. The first node 105 is configured to use multifactor authentication to unlock the door 102. In this case, upon receiving the first and second authentication tokens from the user data store 156 and the further authentication data store 158 of the central unit 208, the first node 105 may be configured to send an unlock command to the door lock 104. The second authentication token can also be forwarded to update the validation database of the remote monitoring station 210 so that the remote monitoring system 210, has information that multifactor authentication has taken place to unlock the door 102 without needing to forward the specific credential outside of the security system.

According to an embodiment, the computer implemented method 300 further comprises: obtaining, from the person, at least one further authentication factor; and wherein validating further comprises: comparing the at least one further authentication factor to a factor stored as data in at least one further authentication field 159 of a further authentication data store 158; and generating the authentication token 160 only if each of the further authentication factors match the data in the at least one further authentication field 159 of the further authentication data store 158.

Accordingly, a wide range of inherent factors (biometric factors), knowledge factors, and ownership factors can be combined in a multifactor authentication process.

According to an example, a first authentication factor is an ownership factor, and the second authentication factor is an inherent (biometric) factor. According to an example, a first authentication factor is a knowledge factor, and the second authentication factor is an inherent (biometric) factor.

According to example, a first authentication factor is a first inherent (biometric) factor, and a second authentication factor is a second inherent (biometric) factor.

According to an example, a first authentication factor is an inherent (biometric factor), a second authentication factor is an ownership factor, and a third authentication factor is a knowledge factor.

According to an example, an inherent factor is a biometric factor or signal.

According to an example, an inherent factor is one, or any combination, of signals obtained from a user or users selected from the following list: 2D face image, 2D multispectral face image, 2D multispectral body image, 2D infra-red image, 2D UV image (from a UV-enabled camera), 2D thermal image, 3D face image, audio sample of voice, audio sample of door knock, hand motion, static hand image, static hand vein pattern, body gesture image, body gesture motion, gait analysis, smile shape image, smile video, tooth pattern, eye colour, iris scan, retina scan, height, fingerprint, palm print, piezo electric, muscle tonus detection, heartbeat, breathing characteristic, weight measured by a doormat comprising a digital weight scale, a phone location, etc.

According to an example, a knowledge factor is one, or any combination, of the following: mobile handshake via Bluetooth with node, smart watch Bluetooth handshake, PIN code, alphanumeric code, challenge questions bank ID.

According to an example, an ownership factor is one, or any combination, of, the following: QR, barcode, NFC key fob, body area network, secure network logon token, item of jewellery, clothing with a customized pattern.

According to an example, a first authentication factor comprises entering an alphanumeric or PIN code, and a second authentication factor comprises tracking the movement of the user’s eyes as they are entering the alphanumeric or PIN code.

According to an example, a first authentication factor comprises entering an alphanumeric or PIN code, and the second authentication factor comprises obtaining an iris characteristic, or iris image, of a user as an inherent signal.

According to an example, a first authentication factor comprises entering an alphanumeric or PIN code, and the second authentication factor comprises recording a user speaking one or more predetermined pass phrases, and using the speech signal as an inherent signal. According to example, a first authentication factor comprises an inherent signal comprising an audio sample of a voice command, and a second authentication factor comprises an inherent signal comprising a 2D or 3D face scan.

According to an example, a first authentication factor comprises an ownership factor comprising a barcode or QR code of a delivered package, and a second authentication factor comprises an inherent signal comprising a still image or video image of a delivery worker, wherein the uniform of the delivery worker is analysed and recognised as an IAA.

According to an example, a first authentication factor comprises a voice sample of a user, and a second authentication factor comprises an audio recording of the same user knocking on a front door.

According to example, a first authentication factor comprises a voice sample (as an inherent signal) of a user, and a second authentication factor comprises a safe word (as a knowledge factor) extracted by speech recognition that is spoken by the user when providing the voice sample.

According to an example, a first authentication factor comprises an inherent signal derived from a video of a user, and a second authentication factor comprises a further inherent signal obtained from a voice sample of a user.

According to example, a first authentication factor comprises an ownership factor comprising a barcode or a QR code, and a second authentication factor comprises a knowledge factor comprising a spoken password, or a password entered into an alphanumeric or PIN pad.

According to an example, a first authentication factor is a location factor, and a second authentication factor is an inherent (biometric) factor.

According to an example, a first authentication factor is a knowledge factor comprising a pin code or an alphanumeric code, and a second authentication factor is an inherent factor based on an inherent signal of an image and/or video of the teeth or smile of a user.

According to an embodiment, the knowledge factor is one or more of a PIN code, password, or a challenge answer. According to an embodiment, the ownership factor is at least one of an SMS one time password, a QR code, an alphanumeric sequence generated by a physical security token, a security key, a radio key fob, and/or a communications network identifier of a communications enabled device that is communicably coupled to the controlled perimeter security system 201. According to an embodiment, the first sensor 107 comprises one or more of a video camera 106, an infra-red video camera, and/or an ultraviolet camera, and the inherent signal 150 comprises a video of a field of view of a video camera 106, an infra-red video camera, and/or an ultraviolet camera.

According to an embodiment, the video comprised in the inherent signal 150 is processed to obtain an inherent authentication artefact 152 characterizing one, or any combination, of a still image of the face of a user, a hand gesture, gait, smile, teeth pattern, height, hairstyle, clothes style, tattoo pattern, mole pattern, and/or wrinkle pattern of the person.

A range of potential inherent signals will now be discussed. Of course, any combination of these inherent signals is a composite inherent signal. When several inherent signals are combined, such a composite inherent signal may enable more accurate and/or more stable authentication of a user.

Beginning with a typical video doorbell node of a security system, a video camera, and a microphone are typically used in video doorbells at the perimeter of a security system. The video camera as a field of view capable of capturing a video and/or photograph of at least the face and upper half of a user. The microphone typically has a fidelity capable of capturing speech in the vicinity of the video doorbell.

An example of an inherent signal that can be derived from the video is, for example, a still image of the face of a user or the body of the user useful for facial and/or body recognition. Upon obtaining an inherent signal as a still image of a user, a still image is processed to obtain an inherent authentication artefact. An inherent authentication artefact is an information reduced version of the inherent signal that filters the inherent signal in some way that makes it easier to compare to an inherent signal of another user.

Facial recognition concerns the proportions and distances between features such as the eyes and nose, shape of the mouth, shape of a smile, tooth pattern, ears and jaws of a user, haircut, hair colour, eye colour, eye shape, pupil dilation as a function of time of day, and fringe shape of a user, and visual information about the condition of the skin of a user such as the presence of wrinkle patterns, freckles, tattoos, scars and moles. The aforementioned features are typically relatively stable over time and provide a stable inherent signal. Facial recognition signals can be represented as two-dimensional inherent authentication artefacts can be represented as an inherent authentication artefact comprising a two-dimensional bitmap. For example, an image processing filters such as a Canny or a Sobel image processing filter can be applied to a still image of a face to extract wrinkles in the form of a two-dimensional bitmap. The previous examples of the use of the video camera to obtain an inherent signal of user referred to still images. Video of the user can capture characteristic movements of the head of the user, for example while speaking an entry pass code. Video of the user can aid to identify unique facial tics or mouth shapes when the user is in the field of view of the video doorbell (first node 105).

Video of the user can capture the ambulation, and thus the gait of the user from, for example, a front gate along the path of residential property as these approaches the video doorbell. Parameters taken into account in gait analysis that can be registered in a video image of a walking user include stride length, speed, foot angle, step length, and the like. Such parameters are further examples of an IAA obtained from an inherent signal comprising video.

In an embodiment, a node of a security system provides pre-loaded instructions to a user of the system in order to guide the user to provide inherent signals that are desired when authenticating, or when registering a new user. For example, a videophone can obtain a first latent image of a user, when the user has a blank expression, and then instruct the user via loudspeaker to smile, to obtain a second inherent signal at the second time point.

In general, obtaining an IAA from an inherent signal is an example of dimensionality reduction. In an example, obtaining an IAA from an inherent signal may be performed by principal component analysis (PCA), or singular value decomposition (SVD). In an example, the IAA is based on a SVD of the inherent signal. In an example, the IAA is based on a PCA of the inherent signal.

According to an embodiment, the first sensor 107 comprises a microphone, and the inherent signal 150 comprises a sound sample of the environment at, or proximate, to the first node 105. In an example, the inherent signal 150 comprises a voice sample of the person.

Therefore, when a user is proximate to the first node 105, a sound sample of the user’s voice can be obtained as an inherent signal. An example of an inherent authentication artefact (IAA) derived from a sound sample is an average frequency of a user’ speech during a windowed sound sample, or a spectrum obtained by Fourier transform of a time window of the sound sample. The IAA may apply a filter bank to extract the tone of voice, and accents, and stresses of the voice and parameterise them.

According to an example, the sound sample is obtained in parallel with obtaining a further authentication artefact such as a knowledge artefact. For example, a user may provide their pass phrase to the first node 105 as a spoken sound sample. Speech processing is performed on the spoken sound sample. The linguistic content of the spoken sound sample is provided to a further node, a central unit 208, or a remote monitoring station 210 as a knowledge authentication factor. The spectral audio content of the spoken sound sample is provided to a further node, a central unit 208, or a remote monitoring station 210 as an IAA. This addresses a problem of speech recognition entry systems that a bad actor can be authenticated having guessed, or stolen, a pass phrase in written form which is then spoken to the speech recognition entry system. According to this example, authentication can only occur if the correct pass phrase spoken in linguistic terms, and simultaneously the spectral properties of the user’s voice match record of an IAA datastore in one of the first node 105, a central node 208, or a remote monitoring unit 210.

In an embodiment, a first inherent signal is obtained at a first time point, and a second inherent signal is obtained at a second time point. An inherent authentication artefact may be based on a difference between the first and second inherent signals.

According to an embodiment, at least one record of the inherent authentication artefact data store 154 comprises a field 153 defining a generation time point when a corresponding inherent authentication artefact 152 was generated; and for each unique user record 157, transforming the inherent authentication artefact 152 to account for a time-lapse between the generation time point and a current time.

Inherent signals obtained from biometric observations of users of a security system 201 can age over time. For example, relevant to facial recognition from a still image, a user can change their hairstyle, or owing to a medical procedure may wear an eye patch or other bandage. If an IAA of user is provisioned with a generation time point (timestamp), the security system can be configured to prompt a user to reregister selected inherent signals of interest to the security system. Different inherent signals may have a different effective timelapse. For example, the security system may prompt a user to reregister inherent signals of interest every week, two weeks, months, two months, six months, year, two years, or over a longer period of time.

According to an embodiment, a first node and/or a central unit are configured to identify an inherent signal comprising an image or video obtained with a date stamp indicating that the image or video were obtained in low lighting conditions relative to the time of year, and to flag such an image or video for replacement when the user with the same user ID presents themself for authentication and entry again.

According to an embodiment, the method further comprises obtaining a quality metric 155 characterizing the fidelity of the inherent authentication artefact 152 to the user; and if the quality metric indicates that the inherent authentication artefact 152 has a low fidelity as compared to the user, warning the user and/or prompting the user to update the inherent authentication artefact 152.

The security system may be able to identify a user based on another authentication factor, such as a pin code, NFC token, and the like. In an example, the security system may authenticate a user based on a first authentication factor. The security system may obtain an obsolete IAA from an IAA Datastore pointed to by the user identifier obtained using the first authentication factor. In an example, the IAA may be designated as obsolete after a certain time period. In this case, the security system can update the obsolete IAA. For example, by a video doorbell node, an audible or visual alert may ask the user to authorise the updating of an inherent signal such as a still image of the user’s face.

In an embodiment, the user may authorise the updating of the inherent signal by pressing a selection button on the video doorbell node. Once authorised, the video doorbell node obtains a new still image as an updated inherent signal, generates an updated IAA, and overwrites the previous IAA having the same user ID and type.

A quality metric characterising the fidelity of the IAA to a specific user may be computed in many different ways dependent on the type of original inherent signal and IAA. In one example, cross correlation between an older image of a user’s face and a new image of a user’s face may indicate a lack of correlation between a predetermined threshold. Such an indication is the trigger for obtaining an updated IAA of the image of the user’s face.

According to an embodiment, the first sensor 107 comprises a depth camera, and the inherent signal 150 comprises a depth image and/or depth video sequence of a field of view of the depth camera.

A time-of-flight camera (ToF) is an example of a range imaging camera system that can resolve distance between each point of a subject of an image and the time-of-flight camera by measuring the round-trip time. Thus, a time-of-flight camera is one example of a depth camera. A first node 105 of the security system can be equipped with a depth camera such as a time-of-flight camera, which this enables a three-dimensional characteristic or model of a user, and/or a user’s face, to be captured.

In an example, an inherent signal is a three-dimensional model of user, and/or a user’s face. In an example, an inherent signal is a three-dimensional video of a user’s gait. In an example, an inherent signal is a three-dimensional video of an expression of a user optionally when speaking a known linguistic phrase, such as a pass phrase.

In an example, an IAA can be obtained from a depth image using a PCA, vector flow analysis, or SVD of the depth image. According to an embodiment, the first sensor 107 comprises an iris scanner or retina scanner, and the inherent signal 150 comprises an iris or retina scan, and/or wherein the first sensor comprises a fingerprint or palm print scanner, and the inherent signal 150 comprises a palm print or fingerprint.

A particularly strong form of biometric identification can be based on iris scans, retina scans, fingerprint scans, or palm print scans. Iris scans can be performed using a high- resolution camera installed in a videophone. High-resolution iris scans, retina scans, fingerprint scans, and palm print scans require corresponding specialised sensors installed at the point of entry of the controlled perimeter security system.

According to an embodiment, the computer implemented method 300, the first sensor 107 comprises a radar sensor, and the inherent signal 150 comprises a radar scan. According to an embodiment, the inherent signal 150 is one of a height, inferred cardiac motion, or inferred breathing motion obtained from the radar sensor.

Millimetric wave radar sensors (for example, operating within the ISM bandwidth of 57 GHz to 64 GHz) are able to capture rudimentary three-dimensional images of a user, and also the movement of a user’s body. Breathing motion and/or cardiac motion of a user can therefore be sampled over a time period, and used as the basis of an inherent signal. For example, resting breathing rate and/or resting heart rate are examples of an IAA obtained in such a way.

According to an embodiment, the communications enabled device 220 is one, or more, of a smartphone 220, a smart watch, a smart ring, a fitness band, smart glasses, an NFC chip implant, an NFC tag, an RFID tag, a laptop, a credit card, or a medical device.

For example, each of the listed devices in the foregoing paragraph comprises a radio network access code such as a MAC address, network address, or similar. The listed devices also comprise unique device identification codes dependent on the individual practice of the OEM supplying the respective device. Such addresses can be used as a proxy for a knowledge authentication factor.

According to an embodiment, one or both of the knowledge factors and the ownership factors are provided to the controlled perimeter security system 201 by the person via at least one of a visual or audio user interface comprised in the first node 105 or a geofenced web application accessed via a smartphone 220 when proximate to the first node 105.

According to an embodiment, the validation of the inherent authentication artefact 152 is performed at the first node 105, and the authentication token 160 is communicated from the first node 105 to the at least one further node 208 in the controlled perimeter security system 201.

Accordingly, the inherent signal and the inherent authentication artefact do not need to be transmitted away from the first node 105. All user validation based on the inherent signal and inherent authentication artefact occurs on the first node 105 (such as a videophone). According to example, the first node 105 validates users based on inherent signals and inherent authentication artefacts obtained from audio signals, because the signal processing computing requirements of audio signals relative to video signals means that effective validation processing can be performed at an edge node such as the first node. The inherent signal and inherent authentication artefacts remain within the controlled perimeter security system 201, improving information security and preventing malicious attackers from being up to obtain the inherent signal or inherent authentication artefact by means of a hacking attack, for example.

According to an embodiment, the validation of the inherent authentication artefact 152 is performed at a central unit 208 of the controlled perimeter security system 201, and the authentication token is communicated from the first node 105 to the at least one further node in the controlled perimeter security system 201. The inherent signal and inherent authentication artefacts remain within the controlled perimeter security system 201. The central unit 208 may be provisioned with more powerful processing hardware, for example enabling derivation of an inherent authentication artefact from a video.

According to an embodiment, the validation of the inherent authentication artefact 152 is performed at a remote central monitoring station 210, and the authentication token 160 is communicated from the remote central monitoring station 210 to the at least one further node in the controlled perimeter security system 201.

In some examples, a controlled perimeter security system may not have enough processing power to extract and inherent authentication artefact from an inherent signal comprising a video, for example. Therefore, the user may elect to outsource the computational processing to a remote central monitoring station 210, or a similar cloud processor. In this case, the inherent signal is sent to, and received from, the remote central monitoring station 210 using strong encryption.

According to an embodiment, the method further comprises receiving, at the further node, the authentication token 160; and upon receipt of the authentication token 160, updating at least one field of a user record comprised in an access data store of the security system 201 to change at least one access policy for the person. According to an embodiment, the method further comprises arming or disarming an alarm of the security system 201, locking or unlocking a door lock 104 of the security system 201, and/or enabling access to a configuration interface of the security system 201 based on the access policy for the person, and/or wherein the authentication token does not comprise the inherent signal 150 and/or the inherent authentication artefact 152, or enable derivation of them.

A wide range of node comprised in a domestic or commercial controlled perimeter security system can use the authentication token 160 when an authenticated user enters the facility. For example, when the authentication token is broadcast on a network of the controlled perimeter security system to which other nodes are connected containing a unique identifier of the user UID, an automatic lighting system may change its lighting settings based on the arrival or departure of a specific user.

An alarm system may be disarmed when an authorised user enters the building, and armed when an authorised user leaves the building. Receipt of the authentication token by elements of the alarm system can be used to arm and disarm the alarm system. One or more actuators comprised inside digital locks that are communicably coupled to the security system may be changed in lock state based on the identity of the user represented by the authentication token. An authentication token may be received by the central unit 208, and a log file of users who have entered or left the controlled perimeter security system is updated, according to an embodiment. Because the transmission of the authentication token within the security system is dependent on at least one inherent authentication artefact being validated to a user, there is an increased probability that the authentication token has been sent in respect of a correctly identified user.

According to a second aspect, a central unit 208 for use in a controlled perimeter security system 201 comprises a processor 142, a communications interface 140 communicably coupled to the processor via a communication link 146, and a memory 144. The processor is configured (e.g. programmed) to obtain, from a first sensor 107 of a first node 105 located at, or outside, the perimeter 200 of the security system 201, an inherent signal 150 related to a person seeking access to the perimeter, to process the inherent signal to obtain an inherent authentication artifact 152, to search a plurality of data records of an inherent authentication artefact data store 154 using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the plurality of data records, to validate the inherent authentication artifact, wherein validating the inherent authentication artefact 152 comprises identifying, in a user data store 156, a unique user record 157 associated with the inherent authentication artefact 152, generating an authentication token corresponding to the unique user record, and communicating the authentication token to the first node 105 and/or at least one further node in the controlled perimeter security system 201.

According to a third aspect, there is provided anode 105 for use in a controlled perimeter security system 201 comprising a processor 122, a transceiver 128 communicably coupled to the processor via a communication link, and a memory 124. The processor is configured (e.g. programmed) to obtain, from a first sensor 107 of a first node 105 located at, or outside, the perimeter 200 of the security system 201, an inherent signal 150 related to a person seeking access to the perimeter, to process the inherent signal 150 to obtain an inherent authentication artifact, 152 to search a plurality of data records of an inherent authentication artefact data store 154 using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the plurality of data records, to validate the inherent authentication artifact 152, wherein validating the inherent authentication artefact 152 comprises identifying, in a user data store 156, a unique user record 157 associated with the inherent authentication artefact 152, generating an authentication token corresponding to the unique user record 157, and communicating the authentication token to the first node 105 and/or at least one further node in the controlled perimeter security system 201.

According to a fourth aspect, there is provided a first node 105 comprising a first sensor 107, a central unit 208 according to claim 24, and a communications system configured to communicably couple at least the first node 105 and the central unit 208. A first sensor 107 of the first node 105 is configured to obtain an inherent signal 150 related to a person seeking access to the perimeter, and to transmit the inherent signal 150 to the central unit 208, and wherein, upon a successful validation, the central unit 208 is configured to communicate an authentication token to the first node 105 and/or at least one further node in the controlled perimeter security system 201.

According to a fifth aspect, computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to the first aspect.

According to a sixth aspect, there is provided a computer readable medium or signal comprising the computer program element according to the fifth aspect.

According to a further authentication aspect which may, optionally, be combined with authentication aspects and embodiments above, a computer implemented method 300 for provisioning a first node 105 of a controlled perimeter security system 201 with an external access credential for a controlled perimeter security system, is provided optionally comprising the subject matter of the first, seventh, thirteenth, or nineteenth aspects, wherein the method comprises: receiving, from anode located outside of a controlled perimeter security system 201, at least one external access credential for enabling access to the controlled perimeter security system 201 provisioning a user data store 156 hosted by at least one of a central unit 208 comprised within the controlled perimeter security system 201, and/or hosted by a first node 105 with the at least one external access credential; obtaining, using a first sensor 107 of the first node 105, an authentication factor comprised of at least one of: an inherent signal 150, a knowledge factor, and/or a possession factor; comparing the at least one external access credential comprised in the user data store 156 received from the node located outside of a controlled perimeter security system 201 to the authentication factor obtained by the first node 105; and if the at least one external access credential corresponds to the authentication factor obtained by the first node 105: generating an authentication token 160 corresponding to the external access credential; and/or communicating the authentication token 160 to a further node inside the controlled perimeter security system 201 and/or the node located outside of the controlled perimeter security system 201.

For example, a remote server outside the controlled perimeter security system 201 is capable of permanently or temporarily provisioning at least one access node 105 within the controlled perimeter security system with the authentication credentials of additional recognised persons. These authentication credentials may comprise biometric information (in the form of an inherent signal or inherent authentication artefacts, as well as ownership authentication factors and knowledge authentication factors. This is especially useful for emergency services, facility management services, or neighbours to be able to gain immediate access to premises within the controlled perimeter security system in the case of an alarm, fire, flood, an accident, or an SOS or panic signal triggered by a person inside the controlled perimeter security system, or approximate to it.

For example, individual emergency service workers may have pre-stored or preenrolled information comprising authentication credentials in an emergency services datastore. According to an embodiment, the authentication credentials may be moved onto an active list based on a shift plan of the emergency services personnel. Upon receiving an assignment to address an emergency at to a facility protected by the controlled perimeter security system, the server at the emergency services site can download authentication credentials of the emergency services personnel attending the emergency to a user data store one five six of the controlled perimeter security system.

This enables emergency services workers to access the premises without the delay of having to wait for an administrator of the controlled perimeter security system 201 to grant access to the system.

Furthermore, instead of individual access, the attending emergency services workers may be provided with a temporary access code such as a PIN code, a QR code, or an NFC token. At the same time, the first node 105 used as an access node can be updated from the remote server to authenticate the temporary access code.

User Registration

This relates to enrolling a guest for temporary authentication on an access device. In general, the homeowner can, via a mobile application (for example) generated token such as a QR code for granting visitor access to the first node 105. A QR code generated on the homeowner’s mobile application can be sent (such as via SMS, email, or other messaging) to a visitor, optionally without requiring the visitor to install an application on their own phone. The ease of transmission of the QR code makes it convenient, however multifactor authentication may improve the security by preventing individuals but who are not intended guests from being authenticated at the first node 105.

Therefore, authentication using an inherent signal of the guest (such as a biometric signal such as voice authentication) may be used. The guest may be requested to enrol a vocal model on the first node 105, for example. If the homeowner is present, they can use their app in situ. If the homeowner is not present the homeowner can still validate the guest remotely via the mobile application.

As a specific overview, the homeowner may generate a QR code and sends it to a visitor in advance. The visitor arrives at a first node 105 and presents the QR code. The first node 105 sends a notification to the homeowner’s app with captured image of visitor. The homeowner validates the visitor, and authorises the first node 105 to begin collection of at least one inherent signal (voice enrolment). During voice enrolment, for example, the visitor may record a voice model (an example of biometric information) and/or choose a code word as further (knowledge factor) authentication information. Following processing of the voice model into an inherent authentication artefact, the central unit 208 of the security system 201 has sufficient information to perform multi-factor authentication of the guest under the parameters defined and authorised by the homeowner, whether the homeowner is present or not. According to a seventh aspect, there is provided a computer implemented method for user registration on a controlled perimeter security system 201 comprising a plurality of processing nodes, comprising: generating, based on a command from an authenticated user of a security system 201 or from the back-end system (or monitoring station) of the controlled perimeter security system, a registration token from within the security system 201 to which a prospective user intends to obtain access permissions, and storing a copy of the registration token within the security system 201; communicating, via a communications network, the registration token to the prospective user; reading, by a first node 105 of the security system 201, the registration token as presented to the first node 105 by the prospective user; validating, within the security system 201, the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user; if the identity of the prospective user is validated based on the registration token, obtaining at least one inherent signal 150 associated with the prospective user, wherein the at least one inherent signal 150 is obtained using the first node 105, and/or a further node in the vicinity of the prospective user; processing the inherent signal 150 to obtain an inherent authentication artefact 152 of the validated user, and storing the inherent authentication artefact 152 in an inherent authentication artefact data store 154; and generating a new user record for the validated user in a user data store 156 associated with the inherent authentication artefact 152.

The example of a data model of the system of Figure 7 is also applicable to the computer implemented method for user registration on a controlled perimeter security system 201 comprising a plurality of processing nodes.

The ownership, knowledge, and inherent (biometric) factors listed above in respect of the authentication aspects, and their combinations, are also valid for the present new user or guest user authentication aspects.

Figure 9 schematically illustrates an example of user registration using inherent data according to an example of the seventh aspect.

Figure 9 illustrates signalling between a user authenticated on the security system (User 1), a new user wishing to be authenticated on the security system, the first node 105, elements of the central unit 208 (specifically the inherent authentication artefact datastore 154, the user data store 156, the further authentication datastore 158) and the validation datastore 164 of the remote monitoring station 210. In operation, and referring to Figure 9, the method according to the seventh aspect provides user registration as follows. An authenticated user may become aware that a guest or new user needs to be registered as a unique user of the security system 201. The new user may, for example, be a house guest or a craftsman. Therefore, the new registration may be permanent, or time limited.

The authenticated user triggers the generation of a registration token. Typically, the authenticated user may use a smartphone application to generate and communicate the token to a prospective user. This allows the authenticated user to authenticate the prospective user when located in geographically separate places. Likewise, a back-end system (or monitoring station) of the controlled perimeter security system may become aware, for example based on a detected emergency situation at the protected premises, that a new user needs to be registered to permit entry to the protected premises. The back-end system (or monitoring station) of the controlled perimeter security system may trigger the generation of a registration token and communicate the newly generated token to a prospective user - such as an emergency worker or (known/proven) neighbour. In such a situation there may be no interest in obtaining at least one inherent signal 150 from the newly authenticated user - so that the following description of this aspect may not apply in cases where the back-end system (or monitoring station) of the controlled perimeter security system triggers the generation of a registration token.

In another case, the authenticated user may accompany the new user to the perimeter of the security system 201. In this case, anode of the security system 201, for example, the first node 105 comprising a video camera and alphanumeric keypad, may be used by the authenticated user to generate a registration token. For example, the authenticated user may enter a special code sequence into an alphanumeric keypad of the first node 105.

The registration token is transmitted, and stored, in the user data store of the central unit 208. In an example, the registration token comprises a unique identifier enabling the central unit 208 to guarantee that the registration token has been generated by an authorised user. The registration token may, for example, comprise an alphanumeric string, or a barcode or a QR code defining the unique identifier.

Separately, the authorised user transmits the registration token to the new user who is awaiting registration in the security system. The token may be transmitted electronically, or made available at a website URL, for example. However, the token may also be provided in the form of a printed identifier, or as a spoken code.

The prospective user presents the registration token to the first node 105. In the case of a video camera, the QR or barcode can be directly displayed and read by the first node 105. The video image is transmitted to the central unit 208, where the QR or barcode are decoded. Alternatively, the prospective user may enter unique alphanumeric code representing the registration token into an alphanumeric keypad of the first node 105.

The central unit 208 validates the registration token received from the prospective user against the registration token received from the authorised user. The two registration tokens may be identical, in which case the validation is a comparison for an exact match. Alternatively, the two registration tokens may be encoded with a complimentary cryptographic function, in which case the validation examines whether the combination of the two registration tokens results in an expected result. When the prospective user has been validated as genuine, a new user record 162 is added to the user datastore 156 having a new unique user ID Guidon representing the newly authenticated user (previously the prospective user).

The next stage of the authentication process may concern obtaining at least one inherent signal 150 from the newly authenticated user. Conveniently, if the newly authorised user has provided the registration token at the first node 105, at least one inherent signal 105 may also be captured using the first node 105. Alternatively, if the newly authorised user has provided the registration token via a web interface, the central unit 208 can be configured to collect an inherent signal of the newly authenticated user from the first node 105. Although, as previously noted, this stage of the authentication process may be dispensed with in cases where the back-end system (or monitoring station) of the controlled perimeter security system triggers the generation of a registration token - unless for some reason the newly authenticated user requires longer term access to the protected premises (as may arise in cases where an occupant of the protected premises requires extended care and support, for example as the result of an accident, ill-health, or a disability).

Beneficially, the inherent signal is captured using the same hardware that will be regularly used by the newly authenticated user. If the inherent signal is captured using different hardware to the hardware of the first node 105 to that will regularly be used by the newly authenticated user, variations in acoustics, lighting conditions, hardware parameters of different microphones, lens variations of different cameras will cause the inherent signal captured subsequently on, for example, the first node to have a poor match to an inherent signal provided at a previous time on different hardware, registration purposes.

Accordingly, in an embodiment, the central unit 208 prompts the first node 105 to collect an inherent signal for registration. In other words, the central unit 208 prompts the newly registered user to present their inherent signal for registration purposes using the same node of the security system 201 that they intend to use for regularly accessing the security system 201, to ensure the best fidelity of the inherent signal provided for registration purposes with an inherent signal provided subsequently for access purposes.

In an embodiment, a mobile application that the initially authenticated user uses to transmit the registration token to the prospective user of the security system 201 is configured (e.g. programmed) to designate the permitted entry door 102 for the prospective user. The central unit 208is configured (e.g. programmed and arranged) to obtain the inherent signal of the prospective user from sensors approximate to the permitted entry door 102, to improve the fidelity of the captured inherent signal to genuine use conditions.

The first node 105 records the inherent signal (for example a sound sample or a video sample). According to an embodiment, the first node 105 processes the inherent signal to extract the inherent authentication artefact (IAA). The IAA is then transmitted to the central unit and stored in the IAA datastore with the user ID of the newly registered user.

According to an embodiment, the first node 105 obtains the inherent signal, and forwards it to the central unit 208. The central unit 208 processes the inherent signal to extract the inherent authentication artefact (IAA). The IAA is then stored in the IAA datastore with the user ID of the newly registered user.

According to an embodiment (not shown), the first node 105 obtains the inherent signal, or monitoring station 210 processes the inherent signal to extract the inherent authentication artefact (IAA). The IAA is then stored in the IAA datastore of the central unit 208 with the user ID of the newly registered user. According to a variant of this embodiment, an authenticated user and/or the newly authenticated user of the security system 201 may authorise the transmission of the inherent signal outside of the security system 201 for external processing by the remote monitoring station 210

Dependent on the strength of the authentication desired for the newly registered user, one, two, three, four, five, or more inherent signals can be collected at the first node 105. Furthermore, the first node may request that the new user provides a further authentication factor that is a knowledge factor or an ownership factor rather than an inherence factor.

For example, before or after the newly registered user enters the inherent signals, a node of the security system 201 being used by the newly registered user for registration may prompt the newly registered user to provide a further authentication factor. For example, the newly registered user may be prompted to provide a personal identification number or code, using an alphanumeric keypad at the first node 105. As a variation, the host user can generate the further authentication factor when sending the registration token to the perspective user, if it is not important that the further authentication factor is not confidential as between the host user and the prospective user.

Following the successful registration of the further authentication factor, a success message may be transmitted both to the new user (for example, by the interface of the first node 105) and to the host user (for example, through a mobile application). The prospective user has now been registered at a specific node 105 of the security system 201 having established an inference authentication artefact in the central unit, and optionally a related further authentication factor.

According to an embodiment, the validation of the identity of the prospective user based on the registration token comprises presenting the registration token from the prospective user to the authenticated user of the security system 201, optionally using a smartphone 220; and asserting that the prospective user is validated via an input from the authenticated user.

In an example, an image sent to the prospective user from the authenticated user, or a video conference between the prospective user and the authenticated user can be used to guarantee that the prospective user is the correct individual to possess the registration token. In this way, an authenticated user of the security system 201 can personally verify the identity of a prospective user before they are registered on the security system and an inherent signal is collected for conversion into an inherent authentication artefact. This reduces the risk that a bad actor could become registered on a security system, because of the user supervision exercised over the user of the registration token.

According to an embodiment, the validation of the identity of the prospective user based on the registration token comprises comparing the registration token received from the prospective user to the copy of the registration token stored within the security system 201; and if the registration token received from the prospective user accords with the copy of the registration token stored within the security system 201, asserting that the prospective user is validated.

According to an example, the registration token (for example, a QR code) is a one-use token that is deactivated after its first use.

According to an example, the registration token (for example, a QR code) is not usable after the lapse of a predetermined time limit.

According to an example, the registration token (for example, a QR code) is a multiuse token that remains activated for a predetermined number of registrations on the security system. According to an example, the first time the registration token (for example, a QR code) is presented to a first node 105 of the security system, the security system (such as the central unit 208 and/or the remote monitoring station 210) searches for a user record in the user datastore that was generated using the registration token. If no user record is present in the user datastore that was generated based on the registration token, then the security system initiates an enrolment process. The security system creates the completed user record. At a time in the future when the same token (in other words, the same QR code) is shown at, for example, the first node 105, the security system begins a multi -factor authentication to obtain at least one inherent signal of the user (which optionally comprises obtaining an inherent signal from a user according to one of the modalities discussed elsewhere in this specification).

According to an embodiment, the method further comprises receiving from the authenticated user of a security system 201, a knowledge factor and/or an ownership factor to be input by the prospective user; and the validation of the identity of the prospective user further comprises: challenging the prospective user by prompting for the input of a knowledge factor and/or an ownership factor; transmitting the input knowledge factor and/or an input ownership factor to the authenticated user, optionally via a smartphone 220; presenting the input knowledge factor and/or the input ownership factor to the authenticated user, optionally via a smartphone 220, of the security system 201; and asserting that the prospective user is validated via an input, optionally via a smartphone 220, from the authenticated user.

For example, when registering, the prospective user’s smartphone application used for registration, and/or a first node 105 performing a registration procedure, may challenge the prospective user with a password, challenge question, securelD (TM) code from a securelD (TM) token, and the like.

According to an embodiment, the registration token is comprised within a media element selected from: a printed or electronically displayed barcode, a printed or electronically displayed QR code, an audio sample, a printed or electronically displayed image, or a video sample.

According to an embodiment, the processing of the at least one inherent signal 150 to obtain an inherent authentication artefact 152 of the prospective user is performed at either the first node 105, a central unit 208, or a further node of the controlled perimeter security system 201. According to an embodiment, the inherent authentication artefact data store 154 and the user data store 156 are hosted by the first node 105, and/or at least one further node, and/or the central unit 208 of the controlled perimeter security system 201.

According to an embodiment, the data comprised in the inherent authentication artefact data store 154 and the user data store 156 is encrypted. Accordingly, sensitive data having a biometric origin is safely encrypted.

Preferably the controlled perimeter security system provides the ability to back-up / transfer encrypted authentication data from a doorbell unit such as the first node 105, optionally using public/private keys, or optionally using a QR code kept by a user on the central unit.

According to an embodiment, the at least one inherent signal 150 and/or the inherent authentication artefact 152 of the prospective user are not transmitted outside the controlled perimeter security system 201. This reduces the likelihood that data having a biometric origin could be misused.

According to an embodiment, the processing of the at least one inherent signal 150 to obtain an inherent authentication artefact 152 of the prospective user is performed at a remote central monitoring station. Some types of inherent signal may require a large amount of computer processing during conversion into, for example, an inherent authentication artefact. Such processing may be effectively outsourced to an external remote central monitoring station, and/or a cloud processing service, provided strong encryption is applied between the controlled perimeter security system and the remote central monitoring station and/or cloud service.

According to an embodiment, the inherent authentication artefact data store 154 and the user data store 156 are hosted by the remote central monitoring station. For example, in the case of a multinational company with a plurality of sites each with a controlled perimeter security system according to aspects discussed herein around the country or region, they may be convenient to host the inherent authentication artefact datastore 154 and the user datastore 156 centrally, enabling users moving between different sites to be authenticated into the different sites using the same inherent (biometric) factors.

According to an embodiment, after validating the prospective user based on the registration token, generating an authentication token unique to the validated user, and associating the authentication token with the user data record of the validated user in the user data store 156. According to an embodiment, after validating the prospective user based on the registration token, arming or disarming an alarm of the security system 201, locking or unlocking a door lock of the security system, and/or enabling access to a configuration interface of the security system 201 based on the access policy for the validated user. Upon arriving at the entrance to a controlled perimeter security system, the registration process for a guest or a new user takes place simultaneously with the entry to the building. As a means of facilitating the convenience of newly registered users, a successful registration on the security system to a one using an inherent signal may also be used to disarm the alarm system, or change the configuration of one or more locks.

According to an embodiment, there is provided receiving, from the authenticated user, a command to delete the user data record of the validated user from the user data store 156, and deleting the user data record of the validated user from the user data store 156.

According to an embodiment, the method further comprises receiving, from the authenticated user, a command to alter an access permission of the controlled perimeter security system 201 of the validated user in the user data record stored in the user data store 156, and altering the access permission of the validated user by altering the user data record of the validated user from the user data store 156.

According to an embodiment, the method comprises: receiving, from the authenticated user, a time window during which validation of the prospective user is possible; and if the registration token is presented to the first node 105 by the prospective user outside of the time window, refusing to validate the prospective user, or if the registration token is presented to the first node 105 by the prospective user during the time window, validating the prospective user. Time-limited registration opportunities guarantee that bad actors are not able to exploit an old registration token.

According to an embodiment, the method further comprises receiving, from the authenticated user, a condition defining whether, or not, the validated user of the security system 201 remains validated; and if the condition is not met, updating the user record to define that a previously validated user is not validated. For example, the condition is the local time at the security system 201. If the authenticated user is able to preset conditions for removing validation of the new user or guest user, lapses in access control will be greatly reduced, because there is no need for the authenticated user to remember to check on the status of all of the newly registered system users. This approach may be particularly applicable in, for example, a controlled perimeter access system of a hotel, where registered on to a room entry access system, and the checkout times of the new guests is known in advance.

According to an embodiment, the method comprises receiving, from a computing device associated with an authenticated user located outside of the security system 201, a command from an authenticated user located outside of the controlled perimeter of the security system 201 to issue a registration token from within the security system 201 to a prospective user; and sending, from within the security system 201, the registration token to the prospective user.

It may not be viewed as secure for a registration token to be obtained for a controlled perimeter security system from a third party information technology device. However, a user authenticated with the controlled perimeter security system may still wish to register a prospective user with that controlled perimeter security system. In this case, a cryptographically authenticated command received at the security system sent by the authorised user to, for example, a central unit 208 or a first node 105 within the controlled perimeter security system 201 is used to induce the central unit 208 or the first node 105 to transmit a registration token to the new user or guest user of the controlled perimeter security system 201.

According to an eighth aspect, there is provided a central unit 208 for use in a controlled perimeter security system 201 comprising a processor 142; a communications interface 140 communicably coupled to the processor via a communication link 146, and a memory 144. The processor is configured (e.g. programmed) to generate, based on a command from an authenticated user of a security system 201, a registration token with which a prospective user intends to obtain access permissions to a security system 201 comprising the central unit 208, and storing a copy of the registration token within the security system 201, and to communicate the registration token to the prospective user, via a communications network, to receive, from a first node 105 of the security system 201, the registration token as presented to the first node 105 by the prospective user, to validate the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user, and if the identity of the prospective user is validated based on the registration token, to obtain at least one inherent signal 150 associated with the prospective user, wherein the at least one inherent signal 150 is obtained via the first node 105, and/or a further node in the vicinity of the prospective user, wherein the processor 142 is further configured (e.g. programmed and arranged) to process the inherent signal 150 to obtain an inherent authentication artefact 152 of the validated user, to store the inherent authentication artefact 152 in an inherent authentication artefact data store 154, and to generate a new user record for the validated user in a user data store 156 associated with the inherent authentication artefact 152.

According to a ninth aspect, there is provided a node 105 for use in a controlled perimeter security system 201, comprising a processor 122; a transceiver 128 communicably coupled to the processor via a communication link, and a memory 124. The node 105 is configured to read a registration token as presented to the first node 105 by a prospective user of a security system 201 communicably coupled to the node, and to validate, within the security system 201, the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user, wherein if the processor 122 receives a message from the central unit 208 that the identity of the prospective user is validated based on the registration token, the processor 122 is further configured (e.g. programmed) to obtain at least one inherent signal 150 associated with the prospective user, wherein the at least one inherent signal 150 is obtained using the first node 105, and to process the inherent signal 150 to obtain an inherent authentication artefact 152 of the validated user, wherein the inherent signal 150 and/or the inherent authentication artefact 152 are communicated to an inherent authentication artefact data store 154 hosted by the first node 105 and/or a central unit 208, wherein the node 105 and/or the central unit 208 are optionally configured to generate a new user record for the validated user in a user data store 156 associated with the inherent authentication artefact 152.

According to a tenth aspect, there is provided a controlled perimeter security system 201 comprising a first node 105 according to the ninth aspect, a central unit 208 according to the eighth aspect, and a communications system configured to communicably couple at least the first node 105 and the central unit 208.

According to an eleventh aspect, there is provided a computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to the seventh aspect.

According to the twelfth aspect, there is provided a computer readable medium or signal comprising the computer program element according to the eleventh aspect.

Tracking User Exit

Components of the authentication registration process can also be used to handle registered users of the security system 201 when leaving the controlled perimeter of the security system 201. For example, the first node 105 could monitor the door lock 104 magnetically or by using audio recognition, thus providing warning to the central unit 208 that a person (not necessarily a registered user) is leaving the secure perimeter. For example, the first node 105 and/or a further microphone node in the vicinity of the door 102 may detect a voice code word or an inherent (biometric) signifier triggering the arming of the alarm system and/or locking the door 102. Another codeword is configured to lock the door without arming the alarm.

According to a thirteenth aspect, there is provided a computer implemented method for tracking user exit from a controlled perimeter security system 201. The method comprises: obtaining, using at least one sensor located at, inside, or outside, the perimeter of the security system 201, an inherent signal 150 related to a person exiting the controlled perimeter; processing the inherent signal 150 to obtain an inherent authentication artifact 152; searching one or more data records of an inherent authentication artefact data store 154 using the inherent authentication artifact 152, and based on a closeness of the inherent authentication artifact 152 to a record of the one or more data records, validating the inherent authentication artifact 152, wherein validating the inherent authentication artefact 152 comprises: identifying a unique user record 157 in a user data store 156 associated with the inherent authentication artefact 152 of a user generating an authentication token corresponding to the unique user record 157; and communicating the authentication token to at least one further node in the controlled perimeter security system.

According to an embodiment, the user is designated within at least one of the user data store 156 and/or the validated user data store 164 as being present within the controlled perimeter.

The example of a data model of the system of Figure 7 is also applicable to the computer implemented method for tracking user exit from a controlled perimeter security system 201.

Knowledge factors, ownership factors, and inherent factors (biometric data) discussed in relation to the authentication aspects above, and their combinations, also applicable to this set of aspects.

Figure 10 schematically illustrates an example of tracking user exit using inherent data according to an example of the thirteenth aspect.

Inherent signals, such as biometric signals, are detectable at many times when a user is present in a security system 201, rather than merely on entry. This aspect considers how inherent signals, such as biometric signals, can be used when a user is preparing to leave, is leaving, or has left a controlled perimeter security system. For example, as shown in Figure 10, at least one sensor, for example interior camera 214, movement detector 21 sensors 206, or first node 105 detect an inherent signal 150 of a user as they are exiting the interior space 200’. The sensors may detect, for example, one or more of a facial characteristic, a clothing style, a gait, a hair colour or hair style, voice tone, and any other inherent signal, or combination of inherent signals, discussed in this specification. The first node is, thus, in this example, one of the nodes 214 in an interior space that is capable of identifying an inherent signal of user about to exit the controlled perimeter security system 201. According to one embodiment, the first node 105 may itself perform signal processing on the inherent signal 150 to obtain an inherent authentication artefact IAA. The IAA so computed is then transmitted to the central unit 208. According to a variation, the first node 105 transmits the inherent signal 152 to the central unit 208 for conversion into the inherent authentication artefact IAA.

The central unit 208 searches the IAA datastore 154 using the IAA computed from the inherent signal 150 obtained of a user exiting the security system 201. As previously explained, if an IAA is found that is suitably close to a record of the IAA datastore, a user identifier of the record in the IAA datastore enables the identity of the user to be found in the user datastore 156 of the central unit 208.

Preferably, a further node (in Fig. 10, node 2) in the exit area is configured to collect one or more knowledge or ownership authentication factors of an exiting user. For example, the exiting user may present an NFC key fob to a detector prior to exiting, or enter a PIN code in a keypad proximate to an exit door 102. This is not, however, essential, and the authentication of user exit may be performed using inherent information (biometric information) alone.

The inherent authentication artefact matches with a user ID that can be used to extract a unique user record 157 in the user datastore. An authentication token is generated using the unique user record 157 and the authentication token is transmitted to a further node (node 2), which is in this case a door lock 104. Thus, the IAA is at least partially used to authenticate a user who is leaving the security controlled perimeter of the security system 201.

After unlocking the door lock, the at least one further node 104 comprising the door lock signals to the central unit 208 that the authenticated user has exited the controlled perimeter security system 201. The unique user record of the user datastore 156 is updated to indicate that the user is no longer located within the controlled perimeter security system.

According to a variation, at least one further node, for example a videophone 105 located proximate to the exit door, may detect one or more voice commands of the exiting user. For example, the exiting user may issue a voice command to lock the door 102, to set the alarm system in one of a plurality of armed modes, or to change the exterior or interior lighting, for example. A skilled person appreciates that many commands may be verbally issued to the security system from the user. In an embodiment, a remote central monitoring system 210 can also be updated, by transmitting the authentication token representing that a user is exiting the system from the central unit to the remote central monitoring system 210.

According to an embodiment, the method comprises obtaining, from the person, at least one further authentication factor; and validating further comprises: comparing the at least one further authentication factor to a factor stored as data in at least one further authentication field of the unique user record 157; and generating the authentication token only if each of the further authentication factors match the data in the at least one further authentication field of the unique user record 157. According to an embodiment., the at least one further authentication factor is a knowledge factor, an ownership factor, or an inherence factor.

Combining inherent authentication factors with at least one further authentication factor increases the probability that the security system has correctly identified the exiting user, thus reducing error and improving the security of the security system.

According to an embodiment, the sensor comprises one or more of a video camera 106, an infra-red video camera, and/or an ultraviolet camera, and the inherent signal 150 comprises a video of a field of view of a video camera 106, an infra-red video camera, and/or an ultraviolet camera According to an embodiment, the video comprised in the inherent signal 150 is processed to obtain an inherent authentication artefact 152 characterizing one, or any combination, of a hand gesture, gait, smile, teeth pattern, height, hairstyle, clothes style, tattoo pattern, mole pattern, and/or wrinkle pattern of the person.

The systems according to any of the various embodiments and aspects of the invention may additionally be configured to accept user gestures for at least partial authentication, for example as part of multi-factor authentication that does not rely on gesture alone. Recognisable gestures may be made with one or both hands, one or both arms, one or both legs, the head, or any combination of these. A gesture may be used in combination with a voice sample for speaker recognition, a password or passphrase (optionally in either case as part of a challenge/response interaction) - optionally also with voice recognition, and/or in combination with the presentation of a token (NFC, BTLE, Wi-Fi,) or object (e.g. a mobile RF device - WTRU - such as a phone, smart watch, smart ring, health tracker, item of jewellery, etc.). According to an embodiment, each unique user record 157 comprises a field defining a generation time point when a corresponding inherent authentication artefact 152 was generated; and for each unique user record 157, transforming the inherent authentication artefact to account for a time-lapse between the generation time point and a current time.

According to an embodiment, the first sensor comprises a microphone, and the inherent signal 150 comprises a sound sample of the environment at, or proximate, to the first node 105. According to an embodiment, the inherent signal 150 comprises a voice sample of the person. According to an embodiment, the first sensor comprises a depth camera, and the inherent signal 150 comprises a depth image and/or depth video sequence of a field of view of the depth camera. According to an embodiment, the first sensor comprises an iris scanner or retina scanner, and the inherent signal 150 comprises an iris or retina scan, and/or wherein the first sensor comprises a fingerprint or palm print scanner, and the inherent signal 150 comprises a palm print or fingerprint. According to an embodiment, the first sensor comprises a radar sensor, and the inherent signal 150 comprises a radar scan. According to an embodiment, the inherent signal 150 is one of a height, inferred cardiac motion, or inferred breathing motion obtained from the radar sensor.

According to an embodiment, the knowledge factor is one or more of a PIN code, password, or a challenge answer. According to an embodiment, the ownership factor is at least one of an SMS one time password, a QR code, an alphanumeric sequence generated by a physical security token, a security key, a radio key fob, and/or a communications network identifier (e.g. an IMSI number or wireless MAC address) of a communications enabled device that is communicably coupled to the controlled perimeter security system 201.

According to an embodiment the validation of the inherent authentication artefact 152 is performed at the first node 105, and the authentication token is communicated from the first node 105 to the at least one further node in the controlled perimeter security system 201. Therefore, when exiting, nodes of the security system 201 may perform one or more predetermined actions based on the identity of the user who has exited. For example, different alarm arm settings can be used to dependent on who has exited the building. For example, in a commercial office building, standard office workers exiting the building would not need to trigger an increase in the alarm posture. However, if a security guard of the commercial office building needed to exit the building to perform a patrol for example the posture of the alarm system of the commercial office building would need to be enhanced for the time that the security guard was away from the building. Accordingly, by distinguishing between different system users and transmitting authentication tokens around the controlled perimeter security system, the system may be flexibly adapted to a security context.

According to an embodiment, the validation of the inherent authentication artefact 152 is performed at the first node 105, and the authentication token is communicated from the first node 105 to the at least one further node in the controlled perimeter security system 201. According to an embodiment, the validation of the inherent authentication artefact 152 is performed at a central unit 208 of the controlled perimeter security system 201, and the authentication token is communicated from the first node 105 to the at least one further node in the controlled perimeter security system 201. Accordingly, an inherent signal and/or an inherent authentication artefact is not transmitted outside of the controlled perimeter security system 201

According to an embodiment, the validation of the inherent authentication artefact 152 is performed at a remote central monitoring station, and the authentication token is communicated from the remote central monitoring station to the at least one further node in the controlled perimeter security system 201.

According to an embodiment, the method further comprises defining, in the unique user record 157, that the user has exited the controlled perimeter security system 201.

According to an embodiment, the method further comprises obtaining the inherent signal 150 using at least one sensor located inside the perimeter of the security system 201 and proximate to an exit door of the security system 201, and upon receiving, at the central unit 208, the authentication token, unlocking a door lock of the exit door, and/or locking the exit door and/or arming an alarm system after a predetermined amount of time.

A sensor located inside the perimeter of the security system 201 and proximate to an exit door of the security system 201 is most likely to be able to capture an accurate inherent signal of an exiting user, because the sensor will be located close enough to capture a good image, video, or infrared sample of the exiting user.

According to an embodiment, if a code word for arming an alarm system of the controlled perimeter security system 201 is detected in the voice sample, arming the alarm system. According to an embodiment, if a code word for locking a door of the controlled perimeter security system 201 is detected in the voice sample, locking the door.

According to an embodiment, the at least one sensor located at, inside, or outside, the perimeter of the security system 201 is configured to detect that an exit door of the controlled perimeter security system has been left open, or is not completely shut. The central unit 208, or node communicably coupled to the at least one sensor, is configured to generate a token indicating that the exit door has been left open, or is not completely shut. Optionally, the central unit 208 generates an alarm indicating that the door has not been computer shut.

According to a fourteenth aspect, there is provided a central unit 208 for use in a controlled perimeter security system 201 and further comprising a processor 142, a communications interface 140 communicably coupled to the processor via a communication link 146, and a memory 144. The processor 142 is configured (e.g. programmed and arranged) to obtain, from at least one sensor located at, inside, or outside, the perimeter of the security system 201, an inherent signal 150 related to a person exiting the controlled perimeter, to process the inherent signal 150 to obtain an inherent authentication artifact 152, to search one or more data records of an inherent authentication artefact data store 154 using the inherent authentication artifact 152, and based on a closeness of the inherent authentication artifact 152 to a record of the one or more data records, to validate the inherent authentication artifact 152, wherein validating the inherent authentication artefact 152 causes the processor 142 to identify a unique user record 157 in a user data store 156 associated with the inherent authentication artefact 152 of a user, to generate an authentication token corresponding to the unique user record 157; and to communicate the authentication token to at least one further node in the controlled perimeter security system 201. In this way, user exits from protected premises may be tracked.

According to a fifteenth aspect, there is provided a node 105 for use at, inside, or outside, the perimeter of a controlled perimeter security system 201 comprising a processor 122, a transceiver 128 communicably coupled to the processor via a communication link, and a memory 124, and at a first sensor 107, wherein the at least one sensor 107 is configured to obtain an inherent signal 150 related to a person exiting a controlled perimeter, to process the inherent signal 150 to obtain an inherent authentication artifact 152, and to transmit the inherent authentication artifact 152 to a central unit 208.

According to a sixteenth aspect, there is provided a controlled perimeter security system 201 comprising a first node 105 according to the fifteenth aspect, a central unit 208 according to the fourteenth aspect, a communications system configured (e.g. programmed and arranged) to communicably couple at least the first node 105 and the central unit 208.

According to a seventeenth aspect, there is provided a computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according the thirteenth aspect.

According to an eighteenth aspect, there is provided a computer readable medium or signal comprising the computer program element according to the seventeenth aspect. Duress Detection

According to a nineteenth aspect, there is provided a computer implemented method for detecting at least one predefined signal from a person using a controlled perimeter security system 201, comprising: detecting the presence of a first person proximate to a sensor of at least one node 105 of a controlled perimeter security system 201 ; obtaining, using the sensor, a sample of the behaviour of the first person as they are proximate to the sensor; processing the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate; and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to a central unit 208 of the controlled perimeter security system 201, and/or a remote central monitoring station.

The example of a data model of the system of Figure 7 is also applicable to the computer implemented method for detecting at least one predefined signal from a person using a controlled perimeter security system 201.

A system designed to detect and process inherent signals as defined in this specification (biometric signals) is also useful to aid users of a controlled perimeter security system who are acting out of duress owing to a criminal attack in progress. Such a system may detect duress passively or expressly. For example, an individual under attack may exhibit a faster heart rate or breathing rate, which are detectable using millimetre wave radar sensors. An individual under attack may stand in a different posture or speak with a different voice timbre to the expected characteristics or utter a predetermined codeword.

Accordingly, a first node 105 and a central unit 208 may identify an identity of a user from, for example, an inherent factor analysis such as facial recognition, and additional authentication factors such as a pin code entry. The first node 105 and the central unit 208 may, for example, use image processing to analyse the gait, or to analyse whether or not another individual (perhaps behaving erratically or carrying a forbidden weapon) is standing too close to the user of the controlled perimeter security system. Accordingly, it may be possible to isolate an individual user of the controlled perimeter security system, but recognise that their behaviour is not normal and may indicate that the user is acting out of duress.

In some scenarios, duress does not require the active presence of a bad actor in the field of view of a video camera of at least a first node 105. For example, the duress attempt might be directed by a distantly located individual directing events by mobile telephone. According to the foregoing discussion, a duress condition of a user of the security system 201 can be detected automatically, without the conscious input of the user of the security system 201, by correlation of abnormal biometric behaviour of a user of the security system compared to previously recorded behaviour.

Alternatively, or in addition, a duress condition may be detected by a user of the controlled perimeter security system signalling in front of the at least first node 105 (such as a video camera) a distress code to the central unit 208 and/or the remote monitoring unit 210. As will be discussed below, the dress condition may be signalled by, for example, moving the eyes in a certain pattern, or looking at a certain feature in front of the first node 105. The user may press a key part of the first node 105 using a certain emergency code, or by pressing a button for a predetermined amount of time.

In particular, an inherent signal 150 is obtained by the at least first node 105 and converted to an inherent authentication artefact. For example, if the duress code is intended to be performed by monitoring the direction of gaze of the user of the security system 201, the inherent signal 150 is a video or still image of the user proximate to the at least first node 105. The inherent authentication artefact is, in this example, a bearing, or direction, of the user’s gaze in the plane of the at least first node 105, for example. As an example, if the user goes is to their left for 2 seconds, this may indicate a duress state. Such an inherent authentication artefact is either computed by the at least first node 105, or by the central unit 208. The central unit 208 compares the inherent authentication artefacts are computed to a database of duress signals. In an example, a user may pre-program the database of duress signals.

If the comparison of the inherent authentication artefact to the database of duress signals yields a positive result, an alert message token is transmitted to at least the central unit 208, and/or the remote central unit 210. Either of these units may, for example, send an automated safety message to the police, building security staff, and/or relatives of the user.

According to an embodiment, the method comprises detecting the presence of at least a second person proximate to a sensor of at least one node 105 of a controlled perimeter security system 201; and enabling the transmission of the message token only if the at least second person is proximate to the at least one node 105.

A duress attempt will typically require one or more bad actors to surround and/or threaten a legitimate user of the controlled perimeter security system. Therefore, an inherent signal of a video phone 105 that indicates that a user may be under duress could optionally filter by whether, or not, at least two people are present in the field of view of the video camera, According to an embodiment, the sensor comprises a video camera 106, and determining a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate comprises one, or any combination, of: performing image or video processing on the sample to identify a predefined gesture of the first person. According to an embodiment, the predefined gesture is selected from one, or any combination of: closure of the left eye for a predetermined time, closure of the right eye for a predetermined time, blinking at a predetermined range of rates, standing in a predetermined posture, dropping an object on the floor, performing a predetermined facial expression, or looking in a predetermined direction.

According to an embodiment, one or more of the first node 105, the central unit 208, or the remote monitoring unit 210 are used to record a new predefined gesture, so that a authorised user of the security system 201 can customise the duress signal. Preferably, the duress signal is recorded at the same node that the duress signal is likely to be given out, in practice, to ensure that lighting and acoustic conditions (for example) around the node are similar to those likely to be experienced when the duress signal is used in a genuine duress scenario.

According to an embodiment, the method comprises performing image or video processing on the sample to identify that the second person is physically coercing the first person; and if determined that the second person is physically coercing the first person, transmitting in the message token a warning that the first person is in distress.

According to an embodiment, the method comprises performing image or video processing on the sample to identify that the second person is carrying a predetermined item from a list of predefined items; and if determined that the second person is carrying or wearing a predetermined item from a list of predefined items, displaying on a display of the first node 105 a message that authentication has failed, and transmitting in the message token a warning that the second person is armed. According to an embodiment, the list of predefined items comprises one, or any combination, of: a gun, a knife, a baseball bat, an axe, a crowbar, a balaclava, or a motorcycle helmet.

According to an embodiment, the method further comprises signalling to a central unit 208 of the controlled perimeter security system 201 to lock one or more access points, when a detection of an item on the list of predefined items is made.

According to an embodiment, the sensor comprises an eye tracker, and determining a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally atempting to communicate comprises identifying that the first person is looking in a predetermined direction.

According to an embodiment, the first node 105 comprises a keypad or a touch screen, and determining a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate comprises identifying that the first person has entered a predetermined personal identification distress code into the keypad or a touch screen, and/or depressed a buton of the keypad or a touch screen for a predetermined amount of time or in a predetermined sequence.

According to an embodiment, the first node 105 comprises a microphone, and determining a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate comprises performing audio signal processing on the sample to detect a predetermined pitch, timing, or timbre modulation of the first person; and/or performing speech recognition to determine that the first person has spoken a predetermined word, or sequence of words.

A person involved in a confrontation or duress scenario near the first node 105 is likely to change their voice tone compared to a usual voice tone. If a further authentication artefact correctly authenticates a user, but the voice-based authentication fails, or indicates a non-compliance with a stored inherent authentication artefact of the user’s voice, this is likely to be an indication that the user is in a duress scenario.

According to an embodiment, the sample of the behaviour or a predetermined signal of the first person as they are proximate to the sensor is obtained during an authentication procedure of the controlled perimeter security system 201.

According to an embodiment, if a determination is made that the person is intentionally communicating the at least one predefined signal, transmiting an alert message token to a law enforcement facility.

According to an embodiment, processing the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally atempting to communicate further comprises: identifying the at least one predefined signal from a group of a first predefined signal and a second predefined signal; wherein the first predefined signal causes the transmission, by the first node 105, of an alert message token to a central unit 208 and an authentication token to the controlled perimeter security system 201; and wherein the second predefined signal causes the transmission, by the first node 105, of an alert message token to a central unit without the transmission of an authentication token to the controlled perimeter security system 201. According to a further aspect, there is provided a video doorbell node comprising at least one sensor, a video camera, a processor, a transceiver configured to communicate with another node in a controlled perimeter security system, a memory, wherein the at least one sensor is configured to generate an actuation signal upon actuation by a user of the video doorbell. Upon receiving the actuation signal, the processor is configured (e.g. programmed) to enable the video camera and obtain at least one image and/or video segment of the field of view proximate to the video doorbell. The processor may be configured (e.g. programmed) to perform an image processing comprising identifying at least one threat factor in the image and/or video segment. If at least one threat factor is identified in the image and/or video segment, generating an alarm token and communicating the alarm token to at least one of a central unit of the controlled perimeter security system and/or a remote monitoring server.

The video doorbell according to this aspect may perform the steps of the nineteenth method, or its embodiments.

According to an embodiment, the threat factor identified in the image and/or video segment is one, or more, of an identification of a specific person at the door, optionally by means of an inherent authentication artefact of the specific person, the fact that an individual at the door is wearing ahelmet or balaclava capable of concealing the person’s face, or the fact that the person is carrying a potentially threatening object.

According to a further aspect, there is provided a video doorbell node comprising: at least one sensor; a video camera; a processor; a transceiver configured to communicate with another node in a controlled perimeter security system; a memory; wherein the at least one sensor is configured to generate an actuation signal upon actuation by a user of the video doorbell; wherein, upon receiving the actuation signal, the processor is configured to enable the video camera and obtain at least one image and/or video segment of the field of view proximate to the video doorbell; wherein the processor is configured to perform either or both of: i) an image processing comprising identifying at least one threat factor in the image and/or video segment; or ii) transmitting image data to another device for remote image processing, and receiving a result of the remote image processing; and if at least one threat factor is identified in the image and/or video segment based on the image processing and/or remote image processing, generating an alarm token and communicating the alarm token to one or more of: a central unit (208) of the controlled perimeter security system (201); a remote monitoring service (210); a mobile device contacted for processing a doorbell actuation.

The video doorbell node may have sufficient processing power to perform the requisite image processing, but it may be possible to supplement this processing power by offloading some or all of the image processing task to a remote device - such as a central unit of the controlled perimeter security system, or a remote monitoring station (or system back end or alarm receiving centre) , or even to a user device such as a smartphone or tablet computer, or the like - in particular one which hosts an app associated with the video doorbell (e.g. which is configured to receive notifications from the video doorbell in the event that someone pushes (more generally activates) a “bellpush” or actuator on the video doorbell. The same app may be configured also to receive notifications in the event that someone appears in the field of view of the motion sensor of the video doorbell. Notifications from the video doorbell may pass through the central unit of the controlled perimeter security system and thence to a remote monitoring station or system back end (although the installation may be such that under certain circumstances at least notifications from the video doorbell may be transmitted directly to the remote monitoring station/system back end. In either case, the remote monitoring station/system back end may then initiate communication with the user device (e.g. smartphone, tablet, etc.), optionally via a SIP call or via a mobile data network. The video doorbell may additionally be arranged to call the user device directly, particularly if the controlled perimeter security system is aware that the device is in the vicinity - for example because the device is currently registered with a short range radio network hosted by the system (e.g. a Wi-Fi network of which the central unit acts as access point and to which the video doorbell may connect)) or which is serving the controlled perimeter security system and/or the video doorbell.

Thus, data for image processing may be sent directly to a user’s mobile (or mobile app) as part of the doorbell call. The system announces a doorbell ring, and may also indicate a threat factor.

Particularly if the image processing is handled at least in part by a device other than the video doorbell, e.g. the central unit, it would be possible to take account of information additional to that contained in image captures - such as that captured by another node of the controlled perimeter security system (e.g.. a motion detector, a radar or lidar system) or captured by a distributed proximity sensor or sensing arrangement such as a Wi-Fi (or equivalent RF-based presence detection system). Optionally, the another device may be a central unit of the controlled perimeter security system, the processor being configured to transmit image data to the central unit for remote image processing, and to receive from the central unit a result of the remote image processing.

Optionally, the another device may be a remote monitoring service of the controlled perimeter security system, the processor being configured to transmit image data to the remote monitoring service for remote image processing, and to receive from the remote monitoring service a result of the remote image processing.

Optionally, the another device may be a mobile device contacted for processing a doorbell actuation, the processor being configured to transmit image data to the mobile device for remote image processing, and to receive from the a mobile device a result of the remote image processing.

Similarly, in another aspect there is provided a method performed by a video doorbell of a controlled perimeter security system, the method comprising: receiving an input from a user; in response to receiving the input, obtaining using a video camera of the doorbell at least one image and/or video segment of the field of view proximate to the video doorbell; and either: i) performing image processing comprising identifying at least one threat factor in the image and/or video segment; or ii) transmitting image data to another device for remote image processing, and receiving a result of the remote image processing; and if at least one threat factor is identified in the image and/or video segment based on the image processing and/or remote image processing, generating an alarm token and communicating the alarm token to one or more of: a central unit of the controlled perimeter security system ; a remote monitoring server; a mobile device contacted for processing a doorbell actuation. Optionally, the another device may be a central unit of the controlled perimeter security system, and the method comprises transmitting image data to the central unit (208) of the controlled perimeter security system for remote image processing, and receiving from the central unit a result of the remote image processing.

Optionally, the another device may be a remote monitoring service of the controlled perimeter security system, and the method comprises transmitting image data to the remote monitoring service for remote image processing, and receiving from the remote monitoring service a result of the remote image processing. Optionally, the another device may be a mobile device contacted for processing a doorbell actuation, and the method comprises transmitting image data to the mobile device for remote image processing, and receiving from the mobile device a result of the remote image processing.

In any variant of the two aspects discussed immediately above, the aspect the threat factor identified in the image and/or video segment may be one, or more, of an identification of a specific person at the door, optionally by means of an inherent authentication artefact of the specific person, the fact that an individual at the door is wearing a helmet or balaclava capable of concealing the person’s face, or the fact that the person is carrying a potentially threatening object.

According to a twentieth aspect, there is provided a processor 142, a communications interface 140 communicably coupled to the processor via a communication link 146, and a memory 144. The processor is configured (e.g. programmed and arranged) to receive, via a first node 105, a sample of the behaviour or a predetermined signal from the first person as they are proximate to the sensor, to process the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate, and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to one or more further nodes in the controlled perimeter security system 201, and/or a remote central monitoring station.

According to a twenty first aspect, there is provided a node 105 for use in a controlled perimeter security system 201. The node comprises a processor 122, atransceiver 128 communicably coupled to the processor via a communication link, a memory 124, and a first sensor 107. The processor is configured (e.g. programmed and arranged) to detect the presence of a first person proximate to a sensor of at least one node 105 of a controlled perimeter security system 201, and to obtain, using the sensor, a sample of the behaviour or a predetermined signal of the first person as they are proximate to the sensor. The processor is further configured (e.g. programmed and arranged) to perform one, or both, of the following: i. to process the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate, and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to a central unit 208, and/or one or more further nodes in the controlled perimeter security system 201, and/or a remote central monitoring station; or ii.to transmit the sample to the central unit 208 of the controlled perimeter security system 201.

According to a twenty second aspect, there is provided a controlled perimeter security system 201 comprising a first node 105 according to the twenty first aspect, a central unit 208 according to a twenty first aspect, and a communications system configured to communicably couple at least the first node 105 and the central unit 208.

According to a twenty third aspect, there is provided a computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to the nineteenth aspect.

According to a twenty fourth aspect, there is provided a computer readable medium or signal comprising the computer program element according to the twenty third aspect.

Although many of the aspects previously described have made use of biometrics in some way, the disclosure of the present patent application also extends to the following aspects that may not make use of biometrics - although in some system implementations these aspects may usefully and beneficially be combined with other aspects that do make use of biometrics.

It can be useful for there to be ability for a remote server (or for example an alarm receiving centre or system back end) to be able, permanently or temporarily, to update the list of records in the access device node, with additional recognized persons or authentication codes. This is especially useful for emergency services to be able to gain immediate access to a premises in the case of an alarm, a fire, an accident, or an SOS or panic signal triggered by an occupant.

For example, individual emergency services workers may have pre-stored or preenrolled information in a database accessible at the remote site or system back end. Upon notification of who is attending an emergency at the premises, the remote site can download the respective information into the access node so that the emergency services worker (i.e. a specified individual or individuals) can access the premises without delay.

Instead of individual access, the attending workers may be provided with a temporary access code (PIN code, QR code, or a NFC token on one of their smartphones). At the same time, the access node can be updated from the remote server or back end to authenticate this temporary access code.

Similarly, a neighbour of the occupant (e.g. a resident of a neighbouring property to the protected premises) can also be remotely authorized to access the protected premises in a similar way. Subsequently the remote server (or an alarm receiving centre or system back end) can also delete the newly-added information so that the temporary access code is no longer available, thereby restoring the previous status quo.

(ii) Deterrent Signage.

An illuminated sign may be coupled to the access node, to provide a deterrent effect. For example, the sign may be coupled by a cable, exposed or hidden. The access node may provide power to the sign, especially at night. The sign may also have solar cells for recharging, and may serve to charge the access node during the day. The sign may include one or more rechargeable batteries that are charged by solar cells of the sign, so that the sign may be self-powered, even at night - and possibly be arranged also to provide power to the access node as occasion demands.

The sign may have different illumination effects and intensities. It may pulse or flash or have some other visual effect when the alarm is triggered to deter an intruder or otherwise to attract attention. It may illuminate as a person approaches or is detected in the vicinity of the access node, and/or in response to a doorbell push. It may behave in the same way whether or not the alarm is armed, so as not to provide any indication of alarm state at the access node. The sign may deactivate once the person is authenticated.

(iii) Doorbell Functionality

When the access device is (also) a doorbell, such as a video doorbell, it can provide additional warnings.

When a person presses the doorbell, the access device can analyse an image capture and: warn if there is more than one person at the door; warn if a person at the door is wearing head-gear that conceals his or her face, like a balaclava or crash-helmet; warn if a person at the door is carrying a potentially threatening object or offensive weapon, such as a fire-arm , a crowbar or a baseball bat.

(iv) Other warnings

Another useful warning the access device can give is whether, based on the camera image, the door appears to have been left open, or even just slightly ajar. This may depend on the installation, the field of view of the camera, and whether the door opens outwardly (mandatory in some countries). The warning can be generated especially if the user is attempting to lock the door or arm the alarm. The warning is useful because some conventional alarm systems do not provide such a warning. For example, when arming a conventional alarm system, if a sensor is reporting a non-compliant state or fault, the system just ignores this sensor, so as not to delay the person from leaving the premises. Throughout the specification and claims, the expression “configured to” may be taken to mean “programmed” (e.g. in the case of a processor, processing arrangement, or programmable device), or “arranged”, or “programmed and arranged”, rather than merely implying “configurable to”.

The examples provided in the drawings and described in the foregoing written description are intended for providing an understanding of the principles of this specification. No limitation to the scope of the appended claims is intended thereby. The present specification describes alterations and modifications to the illustrated examples. Only the preferred examples have been presented, and all changes, modifications and further applications to these within the scope of the specification are desired to be protected.

The disclosure also extends to the following statements, at least some of which relate to inventive ideas that make use of biometrics:

Al . A computer implemented method (300) for provisioning a first node (105) of a controlled perimeter security system (201) with an external access credential for a controlled perimeter security system, optionally comprising the subject matter of the first, seventh, thirteenth, or nineteenth aspects, wherein the method comprises: receiving, from a node located outside of a controlled perimeter security system (201), at least one external access credential for enabling access to the controlled perimeter security system (201); provisioning a user data store (156) hosted by at least one of a central unit (208) comprised within the controlled perimeter security system (201), and/or hosted by a first node (105) with the at least one external access credential; obtaining, using a first sensor (107) of the first node (105), an authentication factor comprised of at least one of: an inherent signal (150), a knowledge factor, and/or a possession factor; comparing the at least one external access credential comprised in the user data store (156) received from the node located outside of a controlled perimeter security system (201) to the authentication factor obtained by the first node (105); and if the at least one external access credential corresponds to the authentication factor obtained by the first node (105): generating an authentication token (160) corresponding to the external access credential; and/or communicating the authentication token (160) to a further node inside the controlled perimeter security system (201) and/or the node located outside of the controlled perimeter security system (201).

A2. The computer implemented method according to Al, wherein the node located outside of a controlled perimeter security system is a server of an emergency service, such as the fire service, police service, ambulance service, or the like. A3. The computer implemented method according to Al, wherein the node located outside of a controlled perimeter security system is a server of a facility management company of a building within the controlled perimeter security system.

A4. The computer implemented method according to Al, wherein the node located outside of a controlled perimeter security system is a server of a security system monitoring company with responsibility for monitoring the controlled perimeter security system.

A5. The computer implemented method according to Al or A2, wherein the external access credential comprises one or more of an inherent authentication artefact, a knowledge factor, or an ownership factor enabling access to the controlled perimeter security system. A6. The computer implemented method according to A5, wherein the inherent authentication artefact characterises an emergency service uniform, and/or equipment carried by emergency service personnel.

A7. The computer implemented method according to A6, further comprising: detecting, by a fire detection node comprised within the controlled perimeter security system (201), the outbreak of a fire and/or the presence of smoke; transmitting, to a server of the emergency service, an alarm token; receiving, at the server of the emergency service, the alarm token; and communicating the at least one external access credential to the central unit (208) and/or the first node upon receiving the alarm token.

A7. The computer implemented method according to A1-A7, wherein a node of the security system is configured to receive the authentication token (160) corresponding to the external access credential, and to unlock at least one access door of the controlled perimeter security system, and/or to communicate a message to the node located outside of a controlled perimeter security system (201) that the external access credential has been used to gain access to the controlled perimeter security system (201).

A8. An apparatus comprising a processor 142, a communications interface communicably coupled to the processor via a communication link (146), and a memory (144); wherein the processor is configured to perform a method according to one of Al to A7.

A9.A controlled perimeter security system (201) comprising the apparatus according to A8. A10. A computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the method according to one of statements Al to A9.

Bl. An access node (105) of a controlled perimeter access system, comprising: at least one sensor (106); a processor; and a transceiver for communicating with at least a central unit (208) of a controlled perimeter access system; and a visual indicator; wherein the processor is configured to receive an alarm token from the central unit (208) and/or a further node of the controlled perimeter security system, and to activate the visual indicator to signal an alarm state proximate to the access node (105).

B2. An access node (105) according to Bl, further comprising: a solar panel coupled to a battery; wherein the processor is configured to control the charging of the battery based on a charging current produced by the solar panel, and to provide energy to the access node (105) during conditions of low light intensity.

B3. An access node according to one of B2 or Bl, wherein the at least one sensor (106) is a proximity sensor, optionally a PIR sensor; and wherein the processor is configured to activate the visual indicator when the access node has received an alarm token, and when the proximity sensor detects a person proximate to the access node.

B4. The access node according to B4, wherein the visual indicator pulses or flashes.

B5. The access node according to one of Bl to B4 further comprising: a push button or touch screen actuator; wherein, upon an actuation of the push button or touch screen actuator, the visual indicator is activated, or the visual indication is changed.

B6. The access node according to one of Bl to B5 further comprising: wherein the processor is configured to receive an indication of a changed state, such as an alarm state, from the controlled perimeter security system, and wherein the processor is configured to change a display mode of the visual indicator based on the received indication.

B7. A method for operating an access node according to one of Bl to B6, comprising: receiving an alarm token from the central unit and/or a further node of the controlled perimeter security system, and activating the visual indicator to signal an alarm state proximate to the access node (105).

Cl . A video doorbell node comprising: at least one sensor; a video camera; a processor; a transceiver configured to communicate with another node in a controlled perimeter security system; a memory; wherein the at least one sensor is configured to generate an actuation signal upon actuation by a user of the video doorbell; wherein, upon receiving the actuation signal, the processor is configured to enable the video camera and obtain at least one image and/or video segment of the field of view proximate to the video doorbell; wherein the processor is configured to perform an image processing comprising identifying at least one threat factor in the image and/or video segment; and if at least one threat factor is identified in the image and/or video segment, generating an alarm token and communicating the alarm token to at least one of a central unit (208) of the controlled perimeter security system (201) and/or a remote monitoring server (210). C2. The video doorbell according to Cl , wherein the threat factor identified in the image and/or video segment is one, or more, of an identification of a specific person at the door, optionally by means of an inherent authentication artefact of the specific person, the fact that an individual at the door is wearing a helmet or balaclava capable of concealing the person’s face, or the fact that the person is carrying a potentially threatening object.

DI . A computer implemented method (300) for personal authentication by a controlled perimeter security system (201) comprising at least one node (105), wherein the method comprises: obtaining (302), using a first sensor (107) of a first node (105) located at, or outside, the perimeter (200) of the security system (201), an inherent signal (150) related to a person seeking access to the perimeter; processing (304) the inherent signal (150) to obtain an inherent authentication artifact, (152); searching (306) a plurality of data records of an inherent authentication artefact data store (154) using the inherent authentication artifact (152), and based on a closeness of the inherent authentication artifact (152) to a record of the plurality of data records, validating the inherent authentication artifact (152), wherein validating the inherent authentication artefact (152) comprises: identifying (308), in a user data store (156), a unique user record (157) associated with the inherent authentication artefact (152); generating (310) an authentication token (160) corresponding to the unique user record (157); and communicating (312) the authentication token (160) to the first node (105) and/or a further node.

D2. The computer implemented method (300) according to DI, further comprising: obtaining, from the person, at least one further authentication factor; and wherein validating further comprises: comparing the at least one further authentication factor to a factor stored as data in at least one further authentication field (159) of a further authentication data store (158); and generating the authentication token (160) only if each of the further authentication factors match the data in the at least one further authentication field (159) of the further authentication data store (158).

D3. The computer implemented method (300) according to D2, wherein the at least one further authentication factor is a knowledge factor, an ownership factor, or an inherence factor.

D4. The computer implemented method (300) according to D3, wherein the inherence factor is a biometric factor.

D5. The computer implemented method (300) according to one of DI to D4, wherein the first sensor (107) comprises one or more of a video camera (106), an infra-red video camera, and/or an ultraviolet camera, and the inherent signal (150) comprises a video of afield of view of a video camera (106), an infra-red video camera, and/or an ultraviolet camera. D6. The computer implemented method (300) according to D4, wherein the video comprised in the inherent signal (150) is processed to obtain an inherent authentication artefact (152) characterizing one, or any combination, of a hand gesture, gait, smile, teeth pattern, height, hairstyle, clothes style, tattoo pattern, mole pattern, and/or wrinkle pattern of the person.

D7. The computer-implemented method (300) according to D6, wherein at least one record of the inherent authentication artefact data store (154) comprises a field (153) defining a generation time point when a corresponding inherent authentication artefact (152) was generated; and for each unique user record (157), transforming the inherent authentication artefact (152) to account for a time-lapse between the generation time point and a current time.

D8. The computer implemented method (300) according to D6 or D7, further comprising: obtaining a quality metric (155) characterizing the fidelity of the inherent authentication artefact (152) to the user; and if the quality metric indicates that the inherent authentication artefact (152) has a low fidelity as compared to the user, warning the user and/or prompting the user to update the inherent authentication artefact (152).

D9. The computer implemented method (300) according to one of DI to D8, wherein the first sensor (107) comprises a microphone, and the inherent signal (150) comprises a sound sample of the environment at, or proximate, to the first node (105).

D10. The computer implemented method (300) according to D9, wherein the inherent signal (150) comprises a voice sample of the person.

Dl l. The computer implemented method (300) according to one of DI to D10, wherein the first sensor (107) comprises a depth camera, and the inherent signal (150) comprises a depth image and/or depth video sequence of a field of view of the depth camera.

D12. The computer implemented method (300) according to one of DI to DI 1, wherein the first sensor (107) comprises an iris scanner or retina scanner, and the inherent signal (150) comprises an iris or retina scan, and/or wherein the first sensor comprises a fingerprint or palm print scanner, and the inherent signal (150) comprises a palm print or fingerprint.

D13. The computer implemented method (300) according to one of DI to D12, wherein the first sensor (107) comprises a radar sensor, and the inherent signal (150) comprises a radar scan. DI 4. The computer implemented method (300) according to DI 3, wherein the inherent signal (150) is one of a height, inferred cardiac motion, or inferred breathing motion obtained from the radar sensor.

D15. The computer implemented method (300) according to one of D3 to D14, wherein the knowledge factor is one or more of a PIN code, password, or a challenge answer.

DI 6. The computer implemented method (300) according to one of D3 to DI 5, wherein the ownership factor is at least one of an SMS one time password, a QR code, an alphanumeric sequence generated by a physical security token, a security key, a radio key fob, and/or a communications network identifier of a communications enabled device that is communicably coupled to the controlled perimeter security system (201).

DI 7. The computer implemented method (300) according to DI 6, wherein the communications enabled device (220) is one, or more, of a smartphone (220), a smart watch, a smart ring, a fitness band, smart glasses, an NFC chip implant, an NFC tag, an RFID tag, a laptop, a credit card, or a medical device.

DI 8. The computer implemented method (300) according to one of D3 to DI 7, wherein one or both of the knowledge factors and the ownership factors are provided to the controlled perimeter security system (201) by the person via at least one of a visual or audio user interface comprised in the first node (105) or a geofenced web application accessed via a smartphone (220) when proximate to the first node (105).

D19. The computer implemented method (300) according to one of DI to D18, wherein the validation of the inherent authentication artefact (152) is performed at the first node (105), and the authentication token (160) is communicated from the first node (105) to the at least one further node (208) in the controlled perimeter security system (201).

D20. The computer implemented method (300) according to one of DI to D19, wherein the validation of the inherent authentication artefact (152) is performed at a central unit (208) of the controlled perimeter security system (201), and the authentication token is communicated from the first node (105) to the at least one further node in the controlled perimeter security system (201).

D21. The computer implemented method (300) according to one of DI to D20, wherein the validation of the inherent authentication artefact (152) is performed at a remote central monitoring station (210), and the authentication token (160) is communicated from the remote central monitoring station (210) to the at least one further node in the controlled perimeter security system (201). D22. The computer implemented method (300) according to one of DI to D21, further comprising: receiving, at the further node, the authentication token (160); and upon receipt of the authentication token (160), updating at least one field of a user record comprised in an access data store of the security system (201) to change at least one access policy for the person.

D23. The computer implemented method (300) according to D22, further comprising: arming or disarming an alarm of the security system (201), locking or unlocking a door lock (104) of the security system (201), and/or enabling access to a configuration interface of the security system (201) based on the access policy for the person, and/or wherein the authentication token does not comprise the inherent signal (150) and/or the inherent authentication artefact (152), or enable derivation of them.

D24. A central unit (208) for use in a controlled perimeter security system (201) comprising: a processor (142); a communications interface (140) communicably coupled to the processor via a communication link (146), and a memory (144); wherein the processor is configured to obtain, from a first sensor (107) of a first node (105) located at, or outside, the perimeter (200) of the security system (201), an inherent signal (150) related to a person seeking access to the perimeter, to process the inherent signal to obtain an inherent authentication artifact (152), to search a plurality of data records of an inherent authentication artefact data store (154) using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the plurality of data records, to validate the inherent authentication artifact, wherein validating the inherent authentication artefact (152) comprises identifying, in a user data store (156), a unique user record (157) associated with the inherent authentication artefact (152), generating an authentication token corresponding to the unique user record, and communicating the authentication token to the first node (105) and/or at least one further node in the controlled perimeter security system (201).

D25. A node (105) for use in a controlled perimeter security system (201) comprising: a processor (122); a transceiver (128) communicably coupled to the processor via a communication link, and a memory (124); wherein the processor is configured to obtain, from a first sensor (107) of a first node (105) located at, or outside, the perimeter (200) of the security system (201), an inherent signal (150) related to a person seeking access to the perimeter, to process the inherent signal (150) to obtain an inherent authentication artifact, (152) to search a plurality of data records of an inherent authentication artefact data store (154) using the inherent authentication artifact, and based on a closeness of the inherent authentication artifact to a record of the plurality of data records, to validate the inherent authentication artifact (152), wherein validating the inherent authentication artefact (152) comprises identifying, in a user data store (156), a unique user record (157) associated with the inherent authentication artefact (152), generating an authentication token corresponding to the unique user record (157), and communicating the authentication token to the first node (105) and/or at least one further node in the controlled perimeter security system (201).

D26. A controlled perimeter security system (201) comprising: a first node (105) comprising a first sensor (107); a central unit (208) according to D24; and a communications system configured to communicably couple at least the first node (105) and the central unit (208); wherein a first sensor (107) of the first node (105) is configured to obtain an inherent signal (150) related to a person seeking access to the perimeter, and to transmit the inherent signal (150) to the central unit (208), and wherein, upon a successful validation, the central unit (208) is configured to communicate an authentication token to the first node (105) and/or at least one further node in the controlled perimeter security system (201).

D27. A computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to one of DI to D23.

D28. A computer readable medium or signal comprising the computer program element according to D27.

D29. A computer implemented method for user registration on a controlled perimeter security system (201) comprising a plurality of processing nodes, wherein the method optionally comprises one of DI to D23, and wherein the method comprises: generating, based on a command from an authenticated user of a security system (201), a registration token from within the security system (201) to which a prospective user intends to obtain access permissions, and storing a copy of the registration token within the security system (201); communicating, via a communications network, the registration token to the prospective user; reading, by a first node (105) of the security system (201), the registration token as presented to the first node (105) by the prospective user; validating, within the security system (201), the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user; if the identity of the prospective user is validated based on the registration token, obtaining at least one inherent signal (150) associated with the prospective user, wherein the at least one inherent signal (150) is obtained using the first node (105), and/or a further node in the vicinity of the prospective user; processing the inherent signal (150) to obtain an inherent authentication artefact (152) of the validated user, and storing the inherent authentication artefact (152) in an inherent authentication artefact data store (154); and generating anew user record for the validated user in a user data store (156) associated with the inherent authentication artefact (152). D30. The computer implemented method according to D29, wherein the validation of the identity of the prospective user based on the registration token comprises: presenting the registration token from the prospective user to the authenticated user of the security system (201), optionally using a smartphone (220); and asserting that the prospective user is validated via an input from the authenticated user.

D31. The computer implemented method according to D29, wherein the validation of the identity of the prospective user based on the registration token comprises: comparing the registration token received from the prospective user to the copy of the registration token stored within the security system (201); and if the registration token received from the prospective user accords with the copy of the registration token stored within the security system (201), asserting that the prospective user is validated.

D32. The computer implemented method according to one of D29 to D31, wherein the inherent signal (150) is a biometric signal characterizing at least one biometric property of the prospective user.

D33. The computer implemented method according to one of D29 to D32, wherein the at least one inherent signal (150) is obtained using one, or any combination, of a microphone, a video camera (106), an infra-red video camera, an ultraviolet camera, a radar, an iris scanner, a retina scanner, a millimetre wave radar, a fingerprint scanner or a palm print scanner.

D34. The computer implemented method according to one of D29 to D33, further comprising: receiving from the authenticated user of a security system (201), a knowledge factor and/or an ownership factor to be input by the prospective user; and wherein the validation of the identity of the prospective user further comprises: challenging the prospective user by prompting for the input of a knowledge factor and/or an ownership factor; transmitting the input knowledge factor and/or an input ownership factor to the authenticated user, optionally via a smartphone (220);presenting the input knowledge factor and/or the input ownership factor to the authenticated user, optionally via a smartphone (220), of the security system (201); and asserting that the prospective user is validated via an input, optionally via a smartphone (220), from the authenticated user.

D35. The computer implemented method according to one of D29 to D34, wherein the registration token is comprised within a media element selected from: a printed or electronically displayed barcode, a printed or electronically displayed QR code, an audio sample, a printed or electronically displayed image, or a video sample. D36. The computer implemented method according to one of D29 to D35, wherein the processing of the at least one inherent signal (150) to obtain an inherent authentication artefact (152) of the prospective user is performed at either the first node (105), a central unit (208), or a further node of the controlled perimeter security system (201).

D37. The computer implemented method according to D29 to D36, wherein the inherent authentication artefact data store (154) and the user data store (156) are hosted by the first node (105), and/or at least one further node, and/or the central unit (208) of the controlled perimeter security system (201).

D38. The computer implemented method according to one of D29 to D37, wherein the data comprised in the inherent authentication artefact data store (154) and the user data store (156) is encrypted.

D39. The computer implemented method according to one of D29 to D38, wherein the at least one inherent signal (150) and/or the inherent authentication artefact (152) of the prospective user are not transmitted outside the controlled perimeter security system (201). D40. The computer implemented method according to one of D29 to D38, wherein the processing of the at least one inherent signal (150) to obtain an inherent authentication artefact (152) of the prospective user is performed at a remote central monitoring station. D41. The computer implemented method according to one of D29 to D40, wherein the inherent authentication artefact data store (154) and the user data store (156) are hosted by the remote central monitoring station.

D42. The computer implemented method according to one of D29 to D41, further comprising: after validating the prospective user based on the registration token, generating an authentication token unique to the validated user, and associating the authentication token with the user data record of the validated user in the user data store (156).

D43. The computer implemented method according to one of D29 to D42, further comprising: after validating the prospective user based on the registration token, arming, or disarming an alarm of the security system (201), locking, or unlocking a door lock of the security system, and/or enabling access to a configuration interface of the security system (201) based on the access policy for the validated user.

D44. The computer implemented method according to one of D29 to D43, further comprising: receiving, from the authenticated user, a command to delete the user data record of the validated user from the user data store (156), and deleting the user data record of the validated user from the user data store (156). D45. The computer implemented method according to one of D29 to D44, further comprising: receiving, from the authenticated user, a command to alter an access permission of the controlled perimeter security system (201) of the validated user in the user data record stored in the user data store (156), and altering the access permission of the validated user by altering the user data record of the validated user from the user data store (156).

D46. The computer implemented method according to one of D29 to D45, further comprising: receiving, from the authenticated user, a time window during which validation of the prospective user is possible; and if the registration token is presented to the first node (105) by the prospective user outside of the time window, refusing to validate the prospective user, or if the registration token is presented to the first node (105) by the prospective user during the time window, validating the prospective user.

D47. The computer implemented method according to one of D29 to D46, further comprising: receiving, from the authenticated user, a condition defining whether, or not, the validated user of the security system (201) remains validated; and if the condition is not met, updating the user record to define that a previously validated user is not validated.

D48. The computer implemented method according to D47, wherein the condition is the local time at the security system (201).

D49. The computer implemented method according to one of D29 to D48, further comprising: receiving, from a computing device associated with an authenticated user located outside of the security system (201), a command from an authenticated user located outside of the controlled perimeter of the security system (201) to issue a registration token from within the security system (201) to a prospective user; and sending, from within the security system (201), the registration token to the prospective user.

D50. A central unit (208) for use in a controlled perimeter security system (201) optionally comprising D24, and further comprising: a processor (142); a communications interface (140) communicably coupled to the processor via a communication link (146), and a memory (144); wherein the processor is configured to generate, based on a command from an authenticated user of a security system (201), a registration token with which a prospective user intends to obtain access permissions to a security system (201) comprising the central unit (208), and storing a copy of the registration token within the security system (201), and to communicate the registration token to the prospective user, via a communications network, to receive, from a first node (105) of the security system (201), the registration token as presented to the first node (105) by the prospective user, to validate the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user, and if the identity of the prospective user is validated based on the registration token, to obtain at least one inherent signal (150) associated with the prospective user, wherein the at least one inherent signal (150) is obtained via the first node (105), and/or a further node in the vicinity of the prospective user, wherein the processor (142) is further configured to process the inherent signal (150) to obtain an inherent authentication artefact (152) of the validated user, to store the inherent authentication artefact (152) in an inherent authentication artefact data store (154), and to generate a new user record for the validated user in a user data store (156) associated with the inherent authentication artefact (152).

D51. A node (105) for use in a controlled perimeter security system (201) optionally comprising D24, and comprising: a processor (122); a transceiver (128) communicably coupled to the processor via a communication link, and a memory (124); wherein the node (105) is configured to read a registration token as presented to the first node (105) by a prospective user of a security system (201) communicably coupled to the node, and to validate, within the security system (201), the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user, wherein if the processor (122) receives a message from the central unit (208) that the identity of the prospective user is validated based on the registration token, the processor (122) is further configured to obtain at least one inherent signal (150) associated with the prospective user, wherein the at least one inherent signal (150) is obtained using the first node (105), and to process the inherent signal (150) to obtain an inherent authentication artefact (152) of the validated user, wherein the inherent signal (150) and/or the inherent authentication artefact (152) are communicated to an inherent authentication artefact data store (154) hosted by the first node (105) and/or a central unit (208), wherein the node (105) and/or the central unit (208) are optionally configured to generate a new user record for the validated user in a user data store (156) associated with the inherent authentication artefact (152).

D53. A controlled perimeter security system (201) optionally comprising D25, and comprising: a first node (105) according to D51; a central unit (208) according to D50; and a communications system configured to communicably couple at least the first node (105) and the central unit (208).

D54. A computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to one of D29 to D49, and optionally comprising machine readable instructions defined by D27 . D55. A computer readable medium or signal comprising the computer program element according to D54, and optionally D28.

D56. A computer implemented method for tracking user exit from a controlled perimeter security system (201), wherein the method optionally comprises either of DI to D23, or D29 to D49, and the method comprises: obtaining, using at least one sensor located at, inside, or outside, the perimeter of the security system (201), an inherent signal (150) related to a person exiting the controlled perimeter; processing the inherent signal (150) to obtain an inherent authentication artifact (152); searching one or more data records of an inherent authentication artefact data store (154) using the inherent authentication artifact (152), and based on a closeness of the inherent authentication artifact (152) to a record of the one or more data records, validating the inherent authentication artifact (152), wherein validating the inherent authentication artefact (152) comprises: identifying a unique user record (157) in a user data store (156) associated with the inherent authentication artefact (152) of a user; generating an authentication token corresponding to the unique user record (157); and communicating the authentication token to at least one further node in the controlled perimeter security system. D57. The computer implemented method according to D56, further comprising: obtaining, from the person, at least one further authentication factor; and wherein validating further comprises: comparing the at least one further authentication factor to a factor stored as data in at least one further authentication field of the unique user record (157); and generating the authentication token only if each of the further authentication factors match the data in the at least one further authentication field of the unique user record (157).

D58. The computer implemented method according to D57, wherein the at least one further authentication factor is a knowledge factor, an ownership factor, or an inherence factor.

D59. The computer implemented method according to one of D56 to D58, wherein the sensor comprises one or more of a video camera (106), an infra-red video camera, and/or an ultraviolet camera, and the inherent signal (150) comprises a video of a field of view of a video camera (106), an infra-red video camera, and/or an ultraviolet camera

D60. The computer implemented method according to D59, wherein the video comprised in the inherent signal (150) is processed to obtain an inherent authentication artefact (152) characterizing one, or any combination, of a hand gesture, gait, smile, teeth pattern, height, hairstyle, clothes style, tattoo pattern, mole pattern, and/or wrinkle pattern of the person. D61. The computer-implemented method according to D60, wherein each unique user record (157) comprises a field defining a generation time point when a corresponding inherent authentication artefact (152) was generated; and for each unique user record (157), transforming the inherent authentication artefact to account for a time-lapse between the generation time point and a current time.

D62. The computer implemented method according to one of D56 to D61, wherein the first sensor comprises a microphone, and the inherent signal (150) comprises a sound sample of the environment at, or proximate, to the first node (105).

D63. The computer implemented method according to D62, wherein the inherent signal (150) comprises a voice sample of the person.

D64. The computer implemented method according to one of D56 to D63, wherein the first sensor comprises a depth camera, and the inherent signal (150) comprises a depth image and/or depth video sequence of a field of view of the depth camera.

D65. The computer implemented method according to one of D56 to D64, wherein the first sensor comprises an iris scanner or retina scanner, and the inherent signal (150) comprises an iris or retina scan, and/or wherein the first sensor comprises a fingerprint or palm print scanner, and the inherent signal (150) comprises a palm print or fingerprint.

D66. The computer implemented method according to one of D56 to D65, wherein the first sensor comprises a radar sensor, and the inherent signal (150) comprises a radar scan.

D67. The computer implemented method according to D66, wherein the inherent signal (150) is one of a height, inferred cardiac motion, or inferred breathing motion obtained from the radar sensor.

D68. The computer implemented method according to one of D58 to D67, wherein the knowledge factor is one or more of a PIN code, password, or a challenge answer.

D69. The computer implemented method according to one of D58 to D68, wherein the ownership factor is at least one of an SMS one time password, a QR code, an alphanumeric sequence generated by a physical security token, a security key, a radio key fob, and/or a communications network identifier of a communications enabled device that is communicably coupled to the controlled perimeter security system (201).

D70. The computer implemented method according to one of D56 to D69, wherein the validation of the inherent authentication artefact (152) is performed at the first node (105), and the authentication token is communicated from the first node (105) to the at least one further node in the controlled perimeter security system (201).

D71. The computer implemented method according to one of D56 to D70, wherein the validation of the inherent authentication artefact (152) is performed at the first node (105), and the authentication token is communicated from the first node (105) to the at least one further node in the controlled perimeter security system (201). D72. The computer implemented method according to one of D56 to D71, wherein the validation of the inherent authentication artefact (152) is performed at a central unit (208) of the controlled perimeter security system (201), and the authentication token is communicated from the first node (105) to the at least one further node in the controlled perimeter security system (201).

D73. The computer implemented method according to one D56 to D72, wherein the validation of the inherent authentication artefact (152) is performed at a remote central monitoring station, and the authentication token is communicated from the remote central monitoring station to the at least one further node in the controlled perimeter security system (201).

D74. The computer implemented method according to one of D56 to D73, further comprising: defining, in the unique user record (157), that the user has exited the controlled perimeter security system (201).

D75. The computer implemented method according to one of D56 to D74, further comprising: obtaining the inherent signal (150) using at least one sensor located inside the perimeter of the security system (201) and proximate to an exit door of the security system (201); and upon receiving, at the central unit (208), the authentication token, unlocking a door lock of the exit door, and/or locking the exit door and/or arming an alarm system after a predetermined amount of time.

D76. The computer implemented method according to D63, further comprising: if a code word for arming an alarm system of the controlled perimeter security system (201) is detected in the voice sample, arming the alarm system.

D77. The computer implemented method according to D63, further comprising: if a code word for locking a door of the controlled perimeter security system (201) is detected in the voice sample, locking the door.

D78. A central unit (208) for use in a controlled perimeter security system (201) optionally comprising D24 and/or D50, and further comprising: a processor (142); a communications interface (140) communicably coupled to the processor via a communication link (146), and a memory (144); wherein the processor (142) is configured to obtain, from at least one sensor located at, inside, or outside, the perimeter of the security system (201), an inherent signal (150) related to a person exiting the controlled perimeter, to process the inherent signal (150) to obtain an inherent authentication artifact (152), to search one or more data records of an inherent authentication artefact data store (154) using the inherent authentication artifact (152), and based on a closeness of the inherent authentication artifact (152) to a record of the one or more data records, to validate the inherent authentication artifact (152), wherein validating the inherent authentication artefact (152) causes the processor (142) to identify a unique user record (157) in a user data store (156) associated with the inherent authentication artefact (152) of a user, to generate an authentication token corresponding to the unique user record (157); and to communicate the authentication token to at least one further node in the controlled perimeter security system (201).

D79. A node (105) for use at, inside, or outside, the perimeter of a controlled perimeter security system (201) optionally comprising D24 and/or D51 comprising: a processor (122); a transceiver (128) communicably coupled to the processor via a communication link, and a memory (124); and at a first sensor (107); wherein the at least one sensor (107) is configured to obtain an inherent signal (150) related to a person exiting a controlled perimeter, to process the inherent signal (150) to obtain an inherent authentication artifact (152), and to transmit the inherent authentication artifact (152) to a central unit (208).

D80. A controlled perimeter security system (201) optionally comprising D25 and/or D50, and comprising: a first node (105) according to D79; a central unit (208) according to D80; and a communications system configured to communicably couple at least the first node (105) and the central unit (208).

D81. A computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to one of D56 to D77, and optionally as recited by D27 and/or 5D4.

D82. A computer readable medium or signal comprising the computer program element according to D81, optionally comprising a computer readable medium as recited by D28 and/or D55.

D83. A computer implemented method for detecting at least one predefined signal from a person using a controlled perimeter security system (201), wherein the method optionally comprises the method according to one of DI -23, and/or one of D29 to D49, and/or one of D56 to D77, wherein the method comprises: detecting the presence of a first person proximate to a sensor of at least one node (105) of a controlled perimeter security system (201); obtaining, using the sensor, a sample of the behaviour of the first person as they are proximate to the sensor; processing the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate; and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to a central unit (208) of the controlled perimeter security system (201), and/or a remote central monitoring station. D84. The computer implemented method according to D83, further comprising: detecting the presence of at least a second person proximate to a sensor of at least one node (105) of a controlled perimeter security system (201); and enabling the transmission of the message token only if the at least second person is proximate to the at least one node (105).

D85. The computer implemented method according to one of D83 or D84, wherein the sensor comprises a video camera (106), and determining a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate comprises one, or any combination, of: performing image or video processing on the sample to identify a predefined gesture of the first person.

D86. The computer implemented method according to D85, wherein the predefined gesture is selected from one, or any combination of: closure of the left eye for a predetermined time, closure of the right eye for a predetermined time, blinking at a predetermined range of rates, standing in a predetermined posture, dropping an object on the floor, performing a predetermined facial expression, or looking in a predetermined direction.

D87. The computer implemented method according to D85, further comprising: performing image or video processing on the sample to identify that the second person is physically coercing the first person; and if determined that the second person is physically coercing the first person, transmitting in the message token a warning that the first person is in distress. D88. The computer implemented method according to D85, further comprising: performing image or video processing on the sample to identify that the second person is carrying a predetermined item from a list of predefined items; and if determined that the second person is carrying or wearing a predetermined item from a list of predefined items, displaying on a display of the first node (105) a message that authentication has failed, and transmitting in the message token a warning that the second person is armed.

D89. The computer implemented method according to D88, wherein the list of predefined items comprises one, or any combination, of: a gun, a knife, a baseball bat, an axe, a crowbar, a balaclava, or a motorcycle helmet.

D90. The computer implemented method according to D88 or D89, further comprising: signalling to a central unit (208) of the controlled perimeter security system (201) to lock one or more access points.

D91. The computer implemented method according to one of D83 to D90, wherein the sensor comprises an eye tracker, and determining a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate comprises identifying that the first person is looking in a predetermined direction.

D92. The computer implemented method according to one of D83 to D91, wherein the first node (105) comprises a keypad or a touch screen, and determining a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate comprises identifying that the first person has entered a predetermined personal identification distress code into the keypad or a touch screen, and/or depressed a button of the keypad or a touch screen for a predetermined amount of time or in a predetermined sequence.

D93. The computer implemented method according to one of D83 to D92, wherein the first node (105) comprises a microphone, and determining a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate comprises performing audio signal processing on the sample to detect a predetermined pitch, timing, or timbre modulation of the first person; and/or performing speech recognition to determine that the first person has spoken a predetermined word, or sequence of words.

D94. The computer implemented method according to one of D83 to D93, wherein the sample of the behaviour or a predetermined signal of the first person as they are proximate to the sensor is obtained during an authentication procedure of the controlled perimeter security system (201).

D95. The computer implemented method according to one of D83 to D94, further comprising: if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to a law enforcement facility. D96. The computer implemented method according to one of D83 to D95, wherein processing the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate further comprises: identifying the at least one predefined signal from a group of a first predefined signal and a second predefined signal; wherein the first predefined signal causes the transmission, by the first node (105), of an alert message token to a central unit (208) and an authentication token to the controlled perimeter security system (201); and wherein the second predefined signal causes the transmission, by the first node (105), of an alert message token to a central unit without the transmission of an authentication token to the controlled perimeter security system (201). D97. A central unit (208) for use in a controlled perimeter security system (201) optionally comprising D24, D50, and/or D78, and further comprising: a processor (142); a communications interface (140) communicably coupled to the processor via a communication link (146), and a memory (144); wherein the processor is configured to receive, via a first node (105), a sample of the behaviour or a predetermined signal from the first person as they are proximate to the sensor, to process the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate, and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to one or more further nodes in the controlled perimeter security system (201), and/or a remote central monitoring station.

D98. A node (105) for use in a controlled perimeter security system (201) optionally comprising D24, D51, and/or D79, and comprising: a processor (122); a transceiver (128) communicably coupled to the processor via a communication link, a memory (124); and a first sensor (107) wherein the processor is configured to detect the presence of a first person proximate to a sensor of at least one node (105) of a controlled perimeter security system (201), and to obtain, using the sensor, a sample of the behaviour or a predetermined signal of the first person as they are proximate to the sensor, wherein the processor is further configured to perform one, or both, of the following: i).to process the sample to determine a likelihood of whether, or not, the sample comprises at least one predefined signal that the first person is intentionally attempting to communicate, and if a determination is made that the person is intentionally communicating the at least one predefined signal, transmitting an alert message token to a central unit (208), and/or one or more further nodes in the controlled perimeter security system (201), and/or a remote central monitoring station; or ii)to transmit the sample to the central unit (208) of the controlled perimeter security system (201).

D99. A controlled perimeter security system (201) optionally comprising D25, D53, and/or D80, and comprising: a first node (105) according to D98; a central unit (208) according to D97; and a communications system configured to communicably couple at least the first node (105) and the central unit (208).

DI 00. A computer program element comprising machine readable instructions which, when executed by a processor, cause the processor to perform the computer implemented method according to one of D83 to D96, optionally comprising machine readable instructions as recited by D27, D54, and/or D80. D101. A computer readable medium or signal comprising the computer program element according to DI 00, and optionally comprising a computer readable medium as recited by D28, D55, and/or D81.

DI 02. A computer implemented method for user registration on a controlled perimeter security system (201) comprising a plurality of processing nodes, wherein the method comprises: generating, based on a command either from an authenticated user of the security system (201) or from a back-end system (or monitoring station) of the controlled perimeter security system, a registration token from within the security system (201) to which a prospective user intends to obtain access permissions, and storing a copy of the registration token within the security system (201); communicating, via a communications network, the registration token to the prospective user; reading, by a first node (105) of the security system (201), the registration token as presented to the first node (105) by the prospective user; validating, within the security system (201), the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user; and generating a new user record for the validated user in a user data store (156).

It will be appreciated that such a method can be useful in providing an ability for a remote server (or for example an alarm receiving centre or system back end) to be able, permanently or temporarily, to update the list of records in an access device node, with additional recognized persons or authentication codes. This is especially useful for emergency services to be able to gain immediate access to a premises in the case of an alarm, a fire, an accident, or an SOS or panic signal triggered by an occupant.

For example, individual emergency services workers may have pre-stored or preenrolled information in a database accessible at the remote site or system back end. Upon notification of who is attending an emergency at the premises, the remote site can download the respective information into the access node so that the emergency services worker (i.e. a specified individual or individuals) can access the premises without delay.

Instead of individual access, the attending workers may be provided with a temporary access code (PIN code, QR code, or a NFC token on one of their smartphones). At the same time, the access node can be updated from the remote server or back end to authenticate this temporary access code.

Similarly, a neighbour of the occupant (e.g. a resident of a neighbouring property to the protected premises) can also be remotely authorized to access the protected premises in a similar way. Subsequently the remote server (or an alarm receiving centre or system back end) can also delete the newly-added information so that the temporary access code is no longer available, thereby restoring the previous status quo.

DI 03. The computer implemented method according to DI 02, wherein the validation of the identity of the prospective user based on the registration token comprises: presenting the registration token from the prospective user to the authenticated user of the security system (201) or to the back-end system (or monitoring station) of the controlled perimeter security system, optionally using a smartphone (220); and asserting that the prospective user is validated via an input from the authenticated user or the back-end system (or monitoring station) of the controlled perimeter security system.

DI 04. The computer implemented method according to D 102, wherein the validation of the identity of the prospective user based on the registration token comprises: comparing the registration token received from the prospective user to the copy of the registration token stored within the security system (201); and if the registration token received from the prospective user accords with the copy of the registration token stored within the security system (201), asserting that the prospective user is validated.

Claims

1. Apparatus configured to provide a video doorbell function, comprising: at least one sensor; a video camera; at least one processor; at least one memory; wherein the at least one sensor is configured to generate an actuation signal upon actuation by a user of the video doorbell function; wherein, upon receiving the actuation signal, the at least one processor is configured to enable the video camera and obtain at least one image and/or video segment of the field of view proximate to the video doorbell; wherein the at least one processor is further configured to process the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal, and if at least one threat factor is identified based on the processing, generating an alarm token for at least one of: a central unit (208) of a controlled perimeter security system (201); a remote monitoring service (210); a wireless transmit and/or receive unit (mobile device) contacted for processing a doorbell actuation.

2. Apparatus according to claim 1, wherein the apparatus includes a first unit that houses the video camera, one of the at least one processors, and one of the at least one sensors, the one of the at least one sensors being configured to generate the actuation signal upon actuation by a user.

3. Apparatus according to claim 2, wherein the processor of the first unit is configured to process the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal.

4. Apparatus according to claim 2, wherein the first unit includes a transceiver configured to communicate with the central unit (208) of a controlled perimeter security system, the central unit including one of the at least one processors.

5. Apparatus according to claim 4, wherein the processor of the central unit is configured to process the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal.

6. Apparatus according to claim 1, 2 or 4, wherein the apparatus includes the wireless transmit receive unit (mobile device) including a processor of the at least one processors and having a software application configured to process a doorbell actuation.

7. Apparatus according to any one of the preceding claims, wherein the at least one sensor includes a radar arrangement and the at least one processor is further configured to process a signal from the radar arrangement to identify the at least one threat factor.

8. Apparatus according to any one of the preceding claims, wherein the at least one sensor includes a movement or presence sensor and the at least one processor is further configured to process a signal from the movement or presence sensor to identify the at least one threat factor.

9. Apparatus as claimed in any one of the preceding claims, wherein the threat factor identified in the image and/or video segment is one, or more, of an identification of a specific person at the door, optionally by means of an inherent authentication artefact of the specific person, the fact that an individual at the door is wearing a helmet or balaclava capable of concealing the person’s face, or the fact that the person is carrying a potentially threatening object.

10. Apparatus as claimed in any one of the preceding claims, wherein the at least one threat factor includes the presence of more than one person in the image.

11. A method performed by an apparatus configured to provide a video doorbell function, the apparatus including a video camera, at least one sensor, and at least one processor, the method comprising: receiving an input from a user; in response to receiving the input, obtaining using the video camera at least one image and/or video segment of the field of view proximate to the video camera; processing the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal; and if at least one threat factor is identified based on the processing, generating an alarm token for at least one of: a central unit (208) of a controlled perimeter security system (201); a remote monitoring service (210); a mobile device contacted for processing a doorbell actuation.

12. Method according to claim 11, wherein the apparatus includes a first unit that houses the video camera, one of the at least one processors, and one of the at least one sensors, the one of the at least one sensors being configured to generate the actuation signal upon actuation by a user.

13. Method according to claim 12, the method comprising processing the at least one image and/or video segment and/or a signal from the at least one sensor using the processor of the first unit to identify at least one threat factor associated with an instance of the actuation signal.

14. Method according to claim 12, wherein the first unit includes a transceiver configured to communicate with the central unit (208) of a controlled perimeter security system, the central unit including one of the at least one processors.

15. Method according to claim 14, the method comprising processing using the processor of the central unit the at least one image and/or video segment and/or a signal from the at least one sensor to identify at least one threat factor associated with an instance of the actuation signal.

16. Method according to claim 11, 12 or 14, wherein the apparatus includes the wireless transmit receive unit (mobile device) including a processor of the at least one processors and having a software application configured to process a doorbell actuation.

17. Method according to any one of claims 11 to 16, wherein the at least one sensor includes a radar arrangement, the method comprising processing, using the at least one processor, a signal from the radar arrangement to identify the at least one threat factor.

18. Method according to any one of claims 11 to 17, wherein the at least one sensor includes a movement or presence sensor, the method comprising processing, using the at least one processor, a signal from the movement or presence sensor to identify the at least one threat factor.

19. The method as claimed in any one of claims 11 to 18, wherein the threat factor identified in the image and/or video segment is one, or more, of an identification of a specific person at the door, optionally by means of an inherent authentication artefact of the specific person, the fact that an individual at the door is wearing a helmet or balaclava capable of concealing the person’s face, or the fact that the person is carrying a potentially threatening object.

20. The method as claimed in any one of claims 11 to 19, wherein the at least one threat factor includes the presence of more than one person in the image.

21. A controlled perimeter security system (201) comprising: an apparatus as claimed in any one of claims 1 to 10; a central unit (208) that includes a processor (142), a communications interface (140) communi cably coupled to the processor via a communication link (146), and a memory (144); and a communications system configured to communicably couple at least the video camera and the central unit (208).

22. The controlled perimeter security system (201) of claim 21, operatively connected to a remote monitoring service (210).

23. A computer implemented method for user registration on a controlled perimeter security system (201) comprising a plurality of processing nodes, wherein the method comprises: generating, based on a command either from an authenticated user of the security system (201) or from a back-end system or monitoring station of the controlled perimeter security system, a registration token from within the security system (201) to which a prospective user intends to obtain access permissions, and storing a copy of the registration token within the security system (201); communicating, via a communications network, the registration token to the prospective user; reading, by a first node (105) of the security system (201), the registration token as presented to the first node (105) by the prospective user; validating, within the security system (201), the identity of the prospective user based on the registration token, to thus redesignate the prospective user as a validated user; and generating a new user record for the validated user in a user data store (156).

24. The computer implemented method according to claim 23, wherein the validation of the identity of the prospective user based on the registration token comprises: presenting the registration token from the prospective user to the authenticated user of the security system (201) or to the back-end system (or monitoring station) of the controlled perimeter security system, optionally using a smartphone (220); and asserting that the prospective user is validated via an input from the authenticated user or the back-end system (or monitoring station) of the controlled perimeter security system.

25. The computer implemented method according to claim 23, wherein the validation of the identity of the prospective user based on the registration token comprises: comparing the registration token received from the prospective user to the copy of the registration token stored within the security system (201); and if the registration token received from the prospective user accords with the copy of the registration token stored within the security system (201), asserting that the prospective user is validated.

26. The computer implemented method of claim 23, in which the registration token is generated based on a command from a back-end system or monitoring station of the controlled perimeter security system, wherein the prospective user is a member of an emergency service such as the fire service, the police, or medical.

27. The computer implemented method of claim 126, wherein the back end or monitoring station issues the command to generate a token based upon having received notification of an alarm, a fire, or an accident at the protected premises, or an SOS or panic signal triggered by an occupant of the protected premises.

28. The computer implemented method of claim 26 or claim 27, wherein individual emergency services workers have pre-stored or pre-enrolled information in a database accessible at the remote site or system back end, and upon notification of the individual or individuals who will be attending an emergency at the premises, the remote site transferring respective information from the database into the access node so that the relevant emergency services worker(s) can access the protected premises.

29. The computer implemented method of claim 26 or claim 27, the method further comprising the back-end system or monitoring station providing the prospective user(s) with a temporary access code (such as a PIN code, QR code, or a NFC token) and providing the access node with the temporary access code to enable the access node to authenticate the prospective user(s) when the temporary access code is presented to the access node.

30. The computer implemented method according to claim 23, wherein if the identity of the prospective user is validated based on the registration token, obtaining at least one inherent signal associated with the prospective user, wherein the at least one inherent signal is obtained using the first node, and/or a further node in the vicinity of the prospective user; processing the inherent signal to obtain an inherent authentication artefact of the validated user, and storing the inherent authentication artefact in an inherent authentication artefact data store; and generating a new user record for the validated user in a user data store associated with the inherent authentication artefact.

31. The computer implemented method according to claim 30, wherein the validation of the identity of the prospective user based on the registration token comprises: presenting the registration token from the prospective user to the authenticated user of the security system (201), optionally using a smartphone (220); and asserting that the prospective user is validated via an input from the authenticated user.

32. The computer implemented method according to claim 30, wherein the validation of the identity of the prospective user based on the registration token comprises: comparing the registration token received from the prospective user to the copy of the registration token stored within the security system (201); and if the registration token received from the prospective user accords with the copy of the registration token stored within the security system (201), asserting that the prospective user is validated.

33. The computer implemented method according to one of claims 30 to 32, wherein the inherent signal (150) is a biometric signal characterizing at least one biometric property of the prospective user.

34. The computer implemented method according to one of claims 30 to 33, wherein the at least one inherent signal (150) is obtained using one, or any combination, of a microphone, a video camera (106), an infra-red video camera, an ultraviolet camera, a radar, an iris scanner, a retina scanner, a millimetre wave radar, a fingerprint scanner or a palm print scanner.

35. The computer implemented method according to one of claims 30 to 34, further comprising: receiving from the authenticated user of a security system (201), a knowledge factor and/or an ownership factor to be input by the prospective user; and wherein the validation of the identity of the prospective user further comprises: challenging the prospective user by prompting for the input of a knowledge factor and/or an ownership factor; transmitting the input knowledge factor and/or an input ownership factor to the authenticated user, optionally via a smartphone (220); presenting the input knowledge factor and/or the input ownership factor to the authenticated user, optionally via a smartphone (220), of the security system (201); and asserting that the prospective user is validated via an input, optionally via a smartphone (220), from the authenticated user.

36. The computer implemented method according to one of claims 30 to 35, wherein the registration token is comprised within a media element selected from: a printed or electronically displayed barcode, a printed or electronically displayed QR code, an audio sample, a printed or electronically displayed image, or a video sample.

37. The computer implemented method according to one of claims 30 to 36, wherein the processing of the at least one inherent signal (150) to obtain an inherent authentication artefact (152) of the prospective user is performed at either the first node (105), a central unit (208), or a further node of the controlled perimeter security system (201).

38. The computer implemented method according to claims 30 to 37, wherein the inherent authentication artefact data store (154) and the user data store (156) are hosted by the first node (105), and/or at least one further node, and/or the central unit (208) of the controlled perimeter security system (201).

39. The computer implemented method according to one of claims 30 to 38, wherein the data comprised in the inherent authentication artefact data store (154) and the user data store (156) is encrypted.

40. The computer implemented method according to one of claims 30 to 39, wherein the at least one inherent signal (150) and/or the inherent authentication artefact (152) of the prospective user are not transmitted outside the controlled perimeter security system (201).

41. The computer implemented method according to one of claims 30 to 39, wherein the processing of the at least one inherent signal (150) to obtain an inherent authentication artefact (152) of the prospective user is performed at a remote central monitoring station.

42. The computer implemented method according to one of claims 30 to 41, wherein the inherent authentication artefact data store (154) and the user data store (156) are hosted by the remote central monitoring station.

43. The computer implemented method according to one of claims 30 to 42, further comprising: after validating the prospective user based on the registration token, generating an authentication token unique to the validated user, and associating the authentication token with the user data record of the validated user in the user data store (156).

44. The computer implemented method according to one of claims 30 to 43, further comprising: after validating the prospective user based on the registration token, arming, or disarming an alarm of the security system (201), locking, or unlocking a door lock of the security system, and/or enabling access to a configuration interface of the security system (201) based on the access policy for the validated user.

45. The computer implemented method according to one of claims 30 to 44, further comprising: receiving, from the authenticated user, a command to delete the user data record of the validated user from the user data store (156), and deleting the user data record of the validated user from the user data store (156).

46. The computer implemented method according to one of claims 30 to 44, further comprising: receiving, from the authenticated user, a command to alter an access permission of the controlled perimeter security system (201) of the validated user in the user data record stored in the user data store (156), and altering the access permission of the validated user by altering the user data record of the validated user from the user data store (156).

47 The computer implemented method according to one of claims 30 to 46, further comprising: receiving, from the authenticated user, a time window during which validation of the prospective user is possible; and if the registration token is presented to the first node (105) by the prospective user outside of the time window, refusing to validate the prospective user, or if the registration token is presented to the first node (105) by the prospective user during the time window, validating the prospective user.

48. The computer implemented method according to one of claims 30 to 47, further comprising: receiving, from the authenticated user, a condition defining whether, or not, the validated user of the security system (201) remains validated; and if the condition is not met, updating the user record to define that a previously validated user is not validated.

49. The computer implemented method according to claim 48, wherein the condition is the local time at the security system (201).

50. The computer implemented method according to one of claims 30 to 49, further comprising: receiving, from a computing device associated with an authenticated user located outside of the security system (201), a command from an authenticated user located outside of the controlled perimeter of the security system (201) to issue a registration token from within the security system (201) to a prospective user; and sending, from within the security system (201), the registration token to the prospective user.

51. A controlled perimeter security system (201) to protect premises arranged to implement the method of any one of claims 23 to 50, the system comprising: an access node (105); a central unit (208) that includes a processor (142), a communications interface (140) communicably coupled to the processor via a communication link (146), and a memory (144); a back-end system or monitoring station remote from the protected premises; and a communications system configured to communicably couple at least the video doorbell node (105), the central unit (208) and the back-end system or monitoring station.