巴西专利BR112015025282B1 SYSTEM TO CONTROL THE ACCESS OF INDIVIDUALS TO A CLOSED AREA

专利PDF首页>>巴西专利

专利附录

专利说明

权利要求

类似技术

同族专利

引用文献

法律状态

优先权

专利摘要:
system to control the access of individuals to an area. an access control method implemented in the processor includes receiving credentials and political directory information to configure an access controller to allow access controller self-provisioning through periodic automated querying of the directory by the access controller; acquire credential and policy information from the directory for one or more individuals who may need access to the gated area; cache the acquired credentials and policy information in a local cache; receive an access request to allow individual access to the closed area; comparing the access request to the cached credentials and policy information; and, when the comparison indicates a match, granting individual access.
公开号:BR112015025282B1
申请号:R112015025282-6
申请日:2014-03-13
公开日:2022-01-04
发明作者:E. Terry Neeley
申请人:Avigilon Patent Holding 2 Corporation；
IPC主号:

专利说明:

Historic
[0001] Access control systems may limit entry into enclosed areas, such as buildings, spaces located in buildings, or fenced regions to only those who are allowed to enter. Current access control systems include access card readers at building entry point doors). Individuals who are allowed to enter the building are given an access control card that can be read by access card readers. An access card reader obtains information from the access card and communicates the information to a control panel. The control panel determines whether the door should be unlocked (i.e. the access card is associated with an individual who is allowed to enter), the control panel sends a signal to a door locking mechanism, causing the mechanism is locked. summary
[0002] An access control method implemented in the processor to control access to a closed area includes receiving credentials and political directory information to configure an access controller to allow access controller self-provisioning through periodic automated querying of the directory by the access controller; acquire credential and policy information from the directory for one or more individuals who may need access to the gated area; cache the acquired credentials and policy information in a local cache; receive an access request to allow individual access to the closed area; comparing the access request to the cached credentials and policy information; and, when the comparison indicates a match, granting individual access to the enclosed area.
[0003] A system for controlling the access of individuals to an area includes a process and an access controller embedded in a computer-readable storage medium, the access controller, including machine instructions that when executed by the processor cause the processor configure the access controller to receive: credentials and policy directory information from a remote directory, to allow access controller self-provisioning through periodic automated querying of the access controller directory; and credential and policy information from the directory for one or more individuals who may need to access the area, store in a local cache, the credential and policy information received from the directory and the credential and policy information of one or more individuals, receive an access request to allow individual access to the closed area; compare the credential access request and policy information in the cache; and when the comparison indicates a match, grant individual access to the closed area.
[0004] A processor-implemented method for configuring an access controller for an individual to control access to an asset includes receiving credentials and the address of the policy directory from which the processor obtains credentials and policy information for individuals who require access to the asset; receive a destination address for the credential and policy information; establish a frequency for acquiring the credential and policy information; acquire credential and policy information for individuals who require access to the asset; automatically update credential and policy information for individuals who require access to the asset at the established frequency.
[0005] Self-provisioning/self-reporting access controller includes means for storing machine instructions to control access to an asset, and the means for executing the machine instructions. Means for execution include means for means for self-provisioning, means for executing machine instructions, means for granting/denying access to the asset, and means for reporting events related to granting and denying access to the asset. description of drawings
[0006] The detailed description refers to the following figures, which, like numerals, refer to similar items, and being that:
[0007] Figures 1A - 1C illustrate an example of access control system and selection of its components;
[0008] Figure 2 illustrates the elements and components of an exemplary access controller used with the system of Figures 1A - 1C;
[0009] Figure 3 illustrates an exemplary interface enabled through the access controller of Figure 2;
[00010] Figure 4 illustrates an access control mechanism exemplary of the access controller of Figure 2; and
[00011] Figures 5A - 5C are flowcharts that illustrate exemplary methods of the system of Figures 1A - 1C and the access controller of Figure 2. Detailed Description
[00012] Ensuring that only authorized individuals access protected or secured areas can be crucially important (eg, at an airport, a military installation, office building, etc.). Protected or secured areas can be defined by physical doors (eg doors through which a human being can enter) and walls, or they can be practically defined in other ways. For example, a protected area can be defined as one where unauthorized entry causes a detector to signal intrusion and possibly send a signal or sound an alarm if authorization is not provided.
[00013] Access control systems may limit entry to protected or secure areas, rooms in buildings, or fenced regions, or assets and resources therein, to only those individuals who are permitted to enter.
[00014] Therefore, an access control system, fundamentally, must identify the individual trying to enter the security area or access the assets and verify that the individual is authorized to enter or access. The access control systems described in this document, apparatus and methods may encompass any access technology, including: (1) using PINs and passwords that can be entered on a keypad associated with the access point (eg, a door); (2) using biometrics that can be entered by individuals through special readers associated with the door; (3) the use of traditional signatures, provided by individuals through a special pad associated with the door; (4) the use of smart cards or contactless cards (eg, sending a PIN to the door via a special reader/receiver); (5) using a digital certificate; for example, one stored on a smart card, contactless card or a wireless device, which can "talk to the door" through a card reader or other receiver; and (6) use a physical key inserted into a door lock; such a key/lock mechanism may include special encryption on the key that is read in the lock.
[00015] The above list of access technologies is not intended to be exhaustive. In addition, some facilities may use combinations of these technologies. The technologies can be used in any environment, including government facilities, private companies, public facilities, and an individual's home.
[00016] As another explanation of some of the above access technologies, some current access control systems use doors equipped with an entry device, such as a keyboard, through which an individual enters a PIN or password. The keypad has an attached memory or elementary processor in which a list of valid PINs/Passwords is stored so that the PIN/Password can be checked to determine if it is still valid. If the PIN/password is valid, the door opens; otherwise, the door remains locked. Such elementary access control mechanisms offer minimal security. For example, a fired employee will not be allowed through the door; however, a terminated employee who remembers his PIN is still able to open the door, so it would be necessary to "deprogram" the PIN of terminated employees. This procedure, however, can be very complicated and expensive: a factory can have hundreds of doors, and deprogramming all those doors whenever an employee is laid off can be impractical.
[00017] Some current card-based access control systems utilize radio frequency identification technology. (TIFR). The access card reader includes a TIFR transceiver, and the access card includes a TIFR tag or transponder. The RFID transceiver transmits a radio frequency (RF) query to the card as the card passes the RFID transceiver. The RF transponder includes a silicon chip and an antenna that allow the card to receive and respond to the RF query. The response is typically an RF signal that includes a pre-programmed identification (ID) number. The card reader receives the signal and transmits the identification number to a control panel using a wired or wireless connection. Current card readers can perform basic ID data formatting before sending the data to the control panel, but are often unable to perform higher-level functions.
[00018] Current access controllers rely on proprietary protocols and software to provision/deprovision credentials, provide configuration information, and report transactions. The unique nature of these current access controllers limits the customer's options regarding implementing changes, adding new features, and often shifting to other technology solutions once a specific manufacturer's products have been selected and installed. As access controllers move away from RS232/485 and into a TCP/IP network communication medium, proprietary protocols are much less acceptable by the customer.
[00019] In addition, as physical security systems increase their dependence on an organizational information technology (IT), IT departments may seek options to reduce costs and time for implementation. This requires systems to follow standards, both in installation and in communications. The added benefit provides interoperability between physical and logical security systems, utilizing logical and physical standards using off-the-shelf commercial standards and products.
[00020] To overcome these and other endemic problems in current access control systems revealed here are self-provisioning access controllers and access control systems and methods of their use. The access controllers described in this document, systems, and methods can be used to control physical access to buildings, structures, and areas. The access controllers described in this document, and methods, provide distributed access control policies, procedures, and credentials on a computer network while using an existing information technology (IT) infrastructure.
[00021] In addition to provisioning/deprovisioning access to assets such as physical areas, the access controller systems and methods described herein may also provide storage of user identity/credential with logical privileges to provide access to logical assets or resources, such as such as files, computing resources, or other computing systems. In addition, access to assets or logical resources may vary depending on the physical location of the individual requesting such access.
[00022] Access controllers, control systems and control methods are described below with reference to the following terms:
[00023] Access controller - A device programmed, or the program itself, to make access decisions based on a cached database provided by an identity store. Access requests are made through a detection device (card reader, push button, etc.); authorization is verified locally or by referring to a remote identity store for processing. If an access request is approved, entry and exit devices/systems are manipulated to allow access.
[00024] Door controller - an appliance communicating with the access controller and physically (eg wired or wireless) connected to a credential reader and associated input and output hardware. The door controller sends state changes and credential reads to the access controller, waits for an authorization response from the access controller, and commands attached input, output, and credential readers according to the authorization response.
[00025] Browser - a software or firmware program used to access and display web pages; Current browsers include Internet Explorer, Google Chrome, Mozilla Firefox and Apple Safari.
[00026] Identity store (or directory) - a database including relational, hierarchical, network architectures, or other architectures that include authorization and authentication data for individuals, credentials, resources, and group members. The identity store may reside in a facility owned and operated by an entity other than the entity owning and/or operating the protected areas.
[00027] Event Aggregation - the ability of the access controller to store and transmit, to various systems, events that occur or are generated in the course of the access controller's operation.
[00028] In one embodiment, the access controller is a software application capable of running on a working off-the-shelf commercial computer, for example the Linux operating system. The computer can be designed for desktop, mountable, cloud-based support or an embedded platform such as an access controller. The computer provides the necessary processor, storage, and connectivity for the software application. All necessary software is loaded onto the computer so any software installation is required on any other computer system.
[00029] The access controller provides an improved way to maintain credentials and associated access privileges and to transmit events in real-time using an existing information technology (IT) infrastructure and databases without the need to access or utilize security protocols. proprietary communication.
[00030] The access controller, as a self-provisioning access device, can obtain and maintain a cached list of credentials and associated access privileges; this data allowing the access controller to make decisions on the spot, in real time, without communicating with any other access control system(s). Credential cache and associated access privileges can be acquired from one or more hosting systems periodically, on a schedule, in real-time, or as a complete snapshot. For example, the access controller may, in effect, continuously access a directory on the hosting system for access credentials and associated access privileges, and download all credentials and privileges. In one aspect, the access controller transfers this data to a select number of individuals. An individual for whom data is downloaded may be uniquely identified, identified by group membership, or identified by assigned roles.
[00031] The access controller can be used in any real-time, on-demand, or on a schedule, to send real-time events to a recording and monitoring device or system. In one aspect, an event may be an access door unlock or lock, an access door open or signal closed (e.g. from an end-of-travel or position sensor, or based on a logic routine). ), an access failure or abnormal operation (open for a time greater than a variable threshold), etc. Events can be sent in any number of formats, including XML, directly into a database or relational logging installation system from any number of devices or Remate systems. If connectivity is lost, the access controller can store the events and can continue transmitting events when connectivity is re-established.
[00032] The access controller may contain or provide a browser accessible user interface. The interface provides a network control system operator with the ability to configure any number of access points (e.g. doors) and their operation and associated mapping to individuals and/or groups (on an individual basis, on a group basis and /or based on defined role) to pass access privileges. With the same interface, the operator can configure the access controller to communicate with credential sources, including credential sources implemented in or through a relational database, a directory or hierarchical data store, or flat files such as comma-separated value (ASV) file, or any common ASCII file.
[00033] With the interface, the operator selects and configures a type of data synchronization including timed, scheduled, on-demand and real-time intervals. Synchronization methods can include signing, with host access credentials and the policy system that "pushes" the information to the access controller; audit trail, in which the access controller requests information updates; or activates data modification, with code written on the host system detecting changes in information and sending the changed information to the access controller. The subscription method may need a persistent and permanent connection between the host system and the access controller, while the other two exemplary methods may use a transient connection.
[00034] Access controller initiates connection(s) to sources and retrieves credential and policy information to build controller local cache. Each individual can have a unique identifier to gather individual information from multiple sources into a single record. Once transferred to the local cache, the information can be used in access decisions as credentials are presented at access control points.
[00035] The access controller can log events, and the logs can be configured with the user interface to establish any number of devices, services, and systems as event recipients. The access controller can send events to a remote monitoring service in any number of formats, including, for example, SNMP, XML via direct socket connection (GSM, LAN, WAN, Wi-Fi), Syslog, and via a serial port.
[00036] Access controller can be used to assign priorities to events. Event priorities can determine which events, and in what order, these events are sent to the remote monitoring service.
[00037] Figures 1A - 1C illustrate an example of access control system and selection of its components. In Figure 1A, access control system 10 includes door systems 20, access controllers 100, directory credential and policy 200, and event monitoring workstation 300, all of which are intended to limit or control access to a area or volume. Controllers 100 communicate with directory 200 and workstation 300 using, for example, TCP/IP base 50. TCP/IP base 50 can be wired or wireless, or a combination of wired and wireless. Base 50 can include elements of a local area network (LAN) and a wide area network (WAN), including the Internet. Communications 110 between an access controller 100 and directory 200, and between controller 100 and workstation 300 may be secure communications (e.g., HTTPS communications).
[00038] Figure 1B illustrates selected components of the access system 10 to limit or control access by individuals to the enclosure 12. As shown, the enclosure 12 is a six-sided structure with an entrance door system 20 and a exit door system 20. Door systems 20 are described with reference to Figures 1A and 1C. Door systems 20 are intended for normal human access. Other access points (eg windows) may exist, and their operation can be monitored, alarmed, and controlled, although these access points are not described later.
[00039] The enclosure 12 includes a computing platform 101 where access control features are implemented that control, monitor and report on the operation of the door systems 20. The computing platform 101 can be fixed or mobile. Computing platform 101 is shown within enclosed area 12, but need not be. When performing its control, monitoring and reporting functions, the computing platform 101, with its access control capabilities, can communicate externally with the closed area 12 through a network of 50 with the (remote) directory with 200 and with the event monitoring (remote) workstation 300. The network 50 can be wired or wireless, and can provide secure communications and signaling in addition to unprotected communications and signaling.
[00040] Enclosed area 12 can be a room in a building, the building itself, or any other structure. Enclosed area 12 is not limited to a six-sided configuration. Enclosed area 12 can be an open structure (e.g. a sports stadium), a fenced area (e.g. an area around a runway), or a region with an "invisible" fence or "virtual walls". ". Enclosed area 12 can be geographically fixed (eg a building, a room in a building) or mobile (eg a trailer, plane, ship or container).
[00041] Enclosed Area 12 can be used to control access to government or classified documents for businesses or appliances contained therein, access to computer systems contained therein, access to individuals, access to valuable items such as rare paintings , jewelry, etc., and access to hazardous materials or systems. Enclosed area 12 may be a safe or vault in a bank, a control room for a nuclear reactor, a hangar for an airplane with classified new technology, or a passenger gate at an airport.
[00042] In a mobile configuration, the enclosed area 12 can be used, for example, in field operations to quickly establish a secure facility anywhere in the world. The security of such a movable enclosed area 12 will be evident from the discussion that follows. Furthermore, the enclosed mobile area can be utilized for very different operations, with different individuals being able to access the mobile enclosed area 12 depending on its intended use, by simple configuration changes implemented via a user interface as described below. . Therefore, the system 10 provides not only high levels of security, access control, monitoring and event reporting, but also the flexibility to quickly adapt the mobile closed area 12 in any operation or mission, anywhere in the world, in which the access control is desired.
[00043] Returning to Figure 1A, the access controllers 100 can also communicate with each other using peer-to-peer communications 120. Such peer-to-peer communications 120 may be enabled by using a secure LAN, for example. Alternatively, peer-to-peer communications 120 may be wireless secure communications. Peer-to-peer communications 120 can also follow the TCP/IP protocol.
[00044] Peer-to-peer communications 120 allow an access controller 100 to send and receive access status and event information to and from other access controllers used in the gated area 12. Therefore, if a door system 20 is inoperative, its associated access controller 100 may provide this information to other access controllers 100. Peer-to-peer communications 120 allow one access controller 100 to act as a primary (master) access controller and the remaining access controllers 100 to act as secondary (subservient) access controllers. In this regard, information and settings can be stored or implemented on the primary access controller and then can be replicated on the secondary access controllers.
[00045] Finally, access controller 100 can communicate with port systems 20 using secure wired or wireless communications 130.
[00046] The door systems 20, which are described in more detail with reference to Figure 1B, control normal human access to an enclosed area 12. In the example of Figure 1A, six door systems 20 are illustrated. In one aspect, the six door systems 20 provide three access points to the enclosure, and the door systems 20 operate in pairs; one door system 20 of a pair permits entry into the enclosure 12 and the other gate system 20 of the pair permits egress from the enclosure 12. In another aspect, a single gate system 20 may be used for entry and exit of the closed area 12
[00047] Figure 1A shows each door system pair communicating with a separate access controller 100. However, other combinations of controllers 100 and door systems 20 may be implemented in system 10. For example, a single controller 100 can control all systems from door 20 to closed area 12.
[00048] The 200 directory policy and credential shown in Figure 1A can represent one or many real directories. Directories can be located remotely from the closed area 12. Directories can be operated by persons other than the operator of the closed area 12. For example entities, the bounded area 12 can be a compartmentalized sensitive information academy (SCIF) for a government contractor and directory 200 can represent a directory for the government contractor and a directory for a government agency.
[00049] A directory 200 may include identifying information (name, age, physical characteristics, photograph) for individuals who may have authorized access to the locked area 12, the individuals' identification credentials (PIN/password, RFID tag, certificate) and other information.
[00050] Event monitoring workstation 300 can be implemented by the same entity as the closed area 12. On the other hand, event monitoring workstation 300 can be implemented by a separate entity and separate from the area closed 12.
[00051] Event monitoring workstation 300 can receive event data from access controllers 100.
[00052] Figure 1C illustrates an example of the door system that can be implemented in the system of Figure 1A. with the system of FIG. 1A In Figure 1C , the door system 20 is shown communicating with the access controller 100 on the communication path 110. The door system 20 includes access door 22, door locking mechanism 24, door controller 26, and credential reader 28. Door 22 can be any door that allows individuals to enter and leave the closed area. Door 22 may include a position sensor (eg, a limit switch - not shown), which indicates when door 22 is not completely closed. The position sensor may send a non-fully closed signal on a signal path 21 to the gate controller 26. The non-fully closed signal may be sent periodically or continuously, and cannot be sent until a predefined period has expired. .
[00053] The locking mechanism includes a remotely operated electromechanical locking element (not shown), such as a pawl that is positioned (locked or unlocked) in response to an electrical signal sent to the signal path 21 of the door controller 26.
[00054] Door controller 26 receives credential information on signal path 29 from credential reader 28 and passes the information to access controller 100 on signal path 130. Door controller 26 receives lock/unlock signals from the controller in signal path 130. Door controller sends lock/unlock signals to lock mechanism in signal path 21 to lock mechanism 24.
[00055] Credential reader 28 receives credential information 40 for an individual 42. Credential information 40 can be encoded on an RFID chip, a credential on a smart card, a PIN/password entry using a keypad, biometric data , such as fingerprints and retinal scan data, for example.
[00056] Door system 20 operates based on access request signals sent to access controller 100 and access authorization signals received in response from access controller 100. Door system 20 may incorporate a feature automatic lock that activates (locks) door 22 in a specified period of time after door 22 is opened and then closed, after an unlock signal has been sent to lock mechanism 24, but door 22 has not opened in a specified period, or under other conditions. Auto-lock logic can be implemented in door controller 26 or lock mechanism 24.
[00057] Door system 20 can send event signals for event monitoring system 300 through access controller 100. Such signals include door open, door closed, locking mechanism locked and locking mechanism unlocked. As noted above, signals can be coming from limit switches on port 20 system.
[00058] In one aspect, a door system 20 can be used for input only and a separate door system 20 can be used for output only.
[00059] While configured, the door systems 20 can indicate when an individual 42 is in the locked area 12 and when the individual 42 has left the locked area 12, based on information obtained by reading the credential information 40 of the individual 42 entering and output, respectively. These signals can be used to prevent re-entry without intervening an exit, for example. Signs (or their absence) can also be used to prevent access to areas and systems within the enclosed area. For example, individual 42 cannot be authorized to log on to his computer in enclosure 12 in the absence of an input signal originating from one of gate systems 20 in enclosure 12. Therefore, the access controller and its security functions Security implemented may be a first step in a cascading series of access operations to which the individual may be exposed.
[00060] Door systems 20 may incorporate various alarms, such as for an open supported door 22, an unlocked locking mechanism 24, and other indications of breakage or failure.
[00061] Figures 1A - 1C depict an access control system 10 primarily for physical access to an area, such as a building or a room in the building. However, the access control system 10 and selection of components thereof, as disclosed above, can be used to control access to an organization's assets and resources, including logical resources. For example, the self-provisioning access controller 100 can be used to control access to an organization's computer system and to the files (eg, logical resources) contained within the computer system. In addition, the access controller 100 may be self-provisioned to provide individuals with phased access to logical resources. For example, an individual may be allowed access to files 1 - 10 in a first, closed area, and access to files 1 - 20 in a second, more secure, closed area. In this example, the first enclosed area could be a building, and the second enclosed area could be a SCIF inside the building. Thus, the self-provisioning access controller 100 can establish very tight control of access privileges for individuals, including physical and logical access, and can adjust logical access based on the physical location of the individual, as indicated by a reading of the individuals' credentials.
[00062] Figure 2 illustrates the elements and components of an example access controller 100 used with the system 10 of Figures 1A - 1C. In Figure 2, the access controller 100 is shown implemented in a computing platform 101. The computing platform 101 can be any computing device, including a main computer, a desktop computer, a laptop or tablet computer, and a smartphone, for example. example. Access controller 100 may be implemented as software, hardware or firmware, or any combination of the three. When implemented in software, access controller 100 may be stored on non-transient computer readable storage medium.
[00063] The computing platform 101 may employ the Linux operating system. On the other hand, other operating systems can be used. Computing platform 101 includes data storage 102, which in turn includes local cache 103, which can be used to locally store credential and information access policy for individuals, such as individual 42, non-transient human-readable storage medium. computer 104 on which access controller 100 can be stored, and event buffer 107, which can temporarily store events pending transmission to event monitoring station 300. The computing platform further includes browser 105, processor 106 , and memory 108. Processor 106 may load running programs, including access controller 100, from data store 102 into memory 108.
[00064] Access controller 100 communicates with local cache 103 and, using browser 105, directories such as directory 200 and other computing appliances such as event monitoring workstation 300. However, communication with directory 200 and workstation 300 can be done by other means, including a dedicated local area network.
[00065] Access controller 100 includes interface engine 150 and access control engine 190. Interface engine 150 provides user interface 160 (see Figure 3), which can be used by a (human) operator of the access system. access control 10 to establish self-provisioning and event reporting capabilities by access controller 100, as described in detail with respect to Figure 3.
[00066] Access control mechanism 190 includes logic to communicate with self-provisioned directory 200, cache 103, to operate port systems 20 based on information contained in self-provisioned cache 103. Access control mechanism 190 includes the logic to log events and report events to the event monitor workstation 300. The logic can enable event aggregation, where the access controller 100 stores and reports events to multiple destinations. Access control mechanism 190 is described in detail with reference to Figure 4.
[00067] Figure 3 illustrates an exemplary user interface 160 activated through the access controller 100 of Figure 2. The user interface 160 provides the operator with the ability to configure and control the operation of any number of door systems 20 for the closed area 12. User interface 160 allows the operator to create mappings of authorized individuals to groups and to convey access privileges based on individual identities, group memberships and assigned roles within an organization. With the same interface 160, the operator can configure the access controller 100 to communicate with credential sources, including credential sources implemented in or through a relational database, a directory or hierarchical data store, or flat files, such as comma-separated value (ASV) file, or any common ASCII file.
[00068] As shown in Figure 3, the exemplary user interface includes access window 170 for information related to individuals, and event window 180 for information related to events. Individual access window 170 includes directory address window 171, wherein the operator enters the address (eg, a URL) of directory 200; individual name window 172, where an individual's name can be entered or can be listed in a drop-down menu; a membership window 173 where the individual's organization can be entered; a group window 174, into which the groups to which the individual belongs can be entered; function window 175, whose roles or tasks assigned to the individual can be entered; a window identification number 176 in which a unique assigned identification appears; an access level window 177, which lists the individual's highest access level; and a synchronization window 178 where a periodicity of updating the access data of the individuals by reference to the credential and policy directory 200 can be specified. Some of the windows 171 - 178 can be in the drop-down menus. Some windows, such as the sync window 178, can be displayed once and their selected value applied to all individuals. Windows 171 - 178 can appear on the operator display individually. Once the data is entered, the operator may be presented with a confirmation page to confirm the options. Not all windows need to be filled in, in one aspect, the operator can provide the directory address and the names of individuals, and the remaining data which is retrieved by the access controller from the directory 200. In addition, the access controller 100 can retrieve or update the data by reference to the directory 200 on a periodic basis, which can be close to real time or continuous forwarding. On the other hand, data can be retrieved at longer intervals as requested, for example. Therefore, the access controller 100 is capable of self-provisioning access control information to individuals who may need access to the closed area 12. As noted above, the retrieved data can be stored in the local cache 103, and the access controller 100 refers to local cache 103 in access decision making.
[00069] Event 180 window provides the window data entry number, which may also include drop-down menus, which a system operator can use to establish an initial configuration of access controller 100 to report the event to the event monitoring workstation 300. Event window 180 includes event description 181, in which event names or titles, brief description, measurement parameters, and other information can be entered. For example, event window 180 can be used to specify an open door event, the identity of the device providing the open door measurement, what an open door event means, and the way in which the open door event is provided.
[00070] Event window 180 also includes a window 182 in the priority event that the system operator is able to assign priorities to events. Priorities can determine the order in which events are sent from access controller 100 to event monitoring workstation 300. So, for example, an event indicative of an alarm or fault might have a higher priority than a door opening event.
[00071] In addition, event window 180 includes a reporting periodicity window 183, whereby the system operator sets a deadline for reporting events to the event monitoring workstation 300.
[00072] Finally, the event 180 window includes report destination window 184, where the system operator enters the event 300 monitoring workstation address. Using window 184, the system operator is able to assign many different entities to receive event reports. Different entities may receive different reports. For example, a first event monitoring workstation can receive only door open and door closed events, while a second event monitoring workstation can receive all events. The designated destinations do not have to belong to the same entity.
[00073] Figure 4 illustrates an example access mechanism 190 in access controller 100. Access engine 190 includes self-provisioning module 191, comparator 195, decision module 196, event detector/recorder 197, and event reporter 198.
[00074] In one embodiment, where the system 10 includes several access controllers 100, one access controller 100 may be designated as a primary access controller and the other access controllers may be designated as secondary access controllers. The master access controller can acquire data from directory 200 and then, using peer-to-peer communications 120, copy the acquired data to. On the other hand, each access controller 100 can communicate separately with directory 200.
[00075] As noted above, one aspect of the systems, appliances, and access methods described in this document is the ability of the access controller 100 to self-provision with access control information acquired from credentials and directory policy 200, which can be located remotely from the access controller 100 and may be owned and operated by an entity other than the entity that owns and operates the access controller 100. The self-provisioning module 191 provides some of the self-provisioning functionality. Self-provisioning module 191 includes communications submodule 192, cache filler 193, and cache communicator 194. Communications submodule 192 determines which of possibly multiple directories 200 the access controller 100 should address to acquire and update credentials and information about politics. Submodule 192 establishes secure (encrypted, eg HTTPS) communications with the selected directory 200 and acquires the information. On the other hand, some information may be acquired through unsecured (unencrypted) communications.
[00076] Communications submodule 192 can also establish secure (or non-secure) communication with event monitoring workstation 300 to send real-time, near-real-time event information (e.g., within a few seconds of the event), on a schedule as requested by the event 300 monitoring workstation, or on some other basis.
[00077] Communications between communications submodule 192 and directory 200 and event monitoring workstation 300 can be done via browser 105. Communications submodule 192 can perform data encryption (for requests/reports output) and decoding (for data packets received from directory 200 or requests received from event monitoring workstation 300).
[00078] Cache filler 193 receives information acquired from communications submodule 192 and fills local cache 103 accordingly. Cache filler 192 can perform error checks on received information before storing the information in cache 103.
[00079] Communicator from cache 194 may retrieve data from cache 103 for use in other components of the access control mechanism 190, such as, for example, to determine whether to unlock a port 22 to grant access to a specific listed individual cache 103. The cache communicator 104 may include a search/display feature that allows the system operator to search the cache and receive a report (display) of part or all of the contents of the cache. The report can be provided on the 160 interface and can be printed.
[00080] Comparator 195 receives credential information acquired on port systems 20 and communicates with cache communicator 194 to retrieve the appropriate information from cache 103. Acquired credential information and retrieved information is provided to decision module 196, which determines whether the information matches (sufficiently) to allow individual access to the enclosed area 12.
[00081] Event detector/recorder 197 receives signals from gate systems 20, classifies the signals according to a predefined event, formats the data as a reportable event, and records the event in event memory 107. event 198 reports the logged events to the event monitoring workstation 300 via communications submodule 192 and browser 105.
[00082] Figures 5A ®-5C are flowcharts that illustrate exemplary methods of the system of Figures 1A - 1C and the components of Figure 2-4.
[00083] Figures 5A and 5B illustrate an exemplary method 500, which begins at block 505 when access controller 100 receives directory credential and policy 200 and information about event monitoring workstation 300 (e.g., URLs of these appliances/systems) and the information is used to configure the access controller 100. In an access control system with multiple access controllers 100, the configuration of a first (primary) access controller can be copied to the access controllers remaining (secondary)
[00084] In block 510, directory information is used to acquire credential and policy information for one or more individuals who may need to access closed area 12.
[00085] At block 515, the acquired credentials and policy information are loaded into the local cache of each access controller 100.
[00086] In block 520, an access controller 100 receives an access request to allow an individual 42 to enter (or leave) the closed area 12 (through a specific door 22). The access request can be based on data read from the credential 40
[00087] In block 525, information about received requests is used in access controller 100 to retrieve the credentials and policy information in cache 103 for the individual 42, and the retrieved information is compared with the information contained in the access request.
[00088] At block 530, access controller 100 determines whether the comparison indicates a sufficient match to allow individual 42 to access closed area 12. For example, each item of information retrieved from cache 103 may be required to match exactly to the reading of certificate 40. At block 530, if a combination is determined, method 500 passes to block 535. If no combination is determined, method 500 passes to block 545.
[00089] At block 535, access controller 100 sends an unlock signal to system door 20. At block 540, access controller 100 monitors the operation of system door 20 to determine if door 22 opens (to admit individual 42, and then closes and locks).
[00090] At block 545, if implemented on system 10, access controller 100 sends access request to directory 200, which uses its own internal processing to determine whether information received from credential 40 matches that from directory 200 to the individual 42.
[00091] At block 550, access controller 100 receives a signal from directory 200 indicating a match or mismatch 200 indicating either a match or a mismatch. If a combination is indicated, method 500 goes to block 540. If no combination is indicated, method 500 goes to block 555 and access controller 100 denies access to individual 42.
[00092] In block 560, following the operation of block 540, access controller 100 receives event information from port system 20, formats the event information into events, and sends the events to the security monitoring workstation. event 300.
[00093] After block 555 or 560, process 500 goes to block 565 and ends.
[00094] Figure 5C is a flowchart illustrating an exemplary aspect of the process at block 505 of Figure 5A, specifically for configuring an access controller 100. In Figure 5C, method 505 begins at block 571 when the system operator uses interface 160 to set the address of the directory (source) from which access controller 100 will acquire credentials and policy information for individuals 42 who require access to the gated area 12. In block 573, the destination address (i.e. , cache address 103) is set. In block 575, a synchronization time is set. At block 577, the access controller receives an indication of specific individuals 42 whose credentials and related information are to be entered into cache 103.
[00095] In block 579, the access controller receives a definition of events to be monitored by the access controller 100. The events can be pre-defined or can be established and defined by the system operator using, for example, interface 160 In block 581, the access controller 100 receives the destination address of the event monitor that will receive the event information. At block 583, access controller 100 receives a reporting interval or required periodicity. Finally, at block 585, the access controller 100 receives parameters that define what information should be provided or recorded with each event. Method 505 ends.
[00096] Some appliances shown in the Figures include a computing system. The computing system includes a processor (CPU) and a system bus that couples various system components, including system memory, such as read-only memory (ROM) and random access memory (RAM), to the processor. Other system memory may be available for use as well. The computing system may include more than one processor or a group or set of networked computing systems together to provide greater processing power. The system bus can be any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, and a basic input/output (BIOS) stored in ROM or the like, can provide the basic routines that help transfer information between elements in the computing system, such as during startup. The computing system further includes data stores, which maintain a database in accordance with known database management systems. Data stores can take many forms, such as a hard disk drive, magnetic disk drive, optical disk drive, tape drive, or other type of computer readable media that can store data that can be accessed. by the processor, such as magnetic tapes, flash memory cards, digital versatile disks, cartridges, random access memory (RAM) and read-only memory (ROM). Data stores can be connected to the system bus via a drive interface. Data stores provide non-volatile storage of computer-readable instructions, data structures, programming modules, and other data for the computing system.
[00097] To enable human (and, in some cases, machine) interaction, the computing system may include an input device such as a microphone for voice and audio, a touchscreen for gesture or input. graphics, keyboard, mouse, motion input, and so on. An output device may include one or more of a number of output mechanisms. In some cases, multimodal systems allow a user to provide multiple types of input to communicate with the computing system. A communication interface generally allows the computing device system to communicate with one or more other computing devices using various communication and network protocols.
[00098] The above description refers to flowcharts and accompanying descriptions to illustrate the embodiments depicted in Figures 5A - 5C. The described apparatus, components and systems contemplate the use or implementation of any suitable technique for carrying out the illustrated steps. Furthermore, Figures 5A - 5C are for illustrative purposes only and the described or similar steps may be performed at any suitable time, including simultaneously, individually, or in combination. In addition, the steps in the trade charts may occur simultaneously and/or in different orders than those shown and described. Furthermore, the systems described may utilize processes and methods with additional, smaller and/or different steps.
[00099] Embodiments described in this document may be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed herein and their equivalents. Some embodiments may be implemented as one or more computer programs, that is, one or more modules of computer program instructions, encoded on the computer storage medium for the execution of one or more processors. A computer storage medium may be, or may be included in, a computer-readable storage device, a computer-readable storage substrate, or a serial or random-access memory. The computer storage medium may also be, or may be included in, one or more separate physical components or media, such as multiple CDs, disks, or other storage devices. The computer readable storage medium does not include a transient signal.
[000100] The methods described here may be implemented as operations performed by a processor on data stored on one or more computer-readable storage devices or received from other sources.
[000101] A computer program (also known as a program, module, engine, software, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, declarative or procedural languages, and may be deployed in any form, including as a standalone program or as a module, component, subroutine, object, or other unit suitable for use in a computing environment. A computer program can, but need not, match a file in a file system. A program may be stored in a part of a file that contains other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program in question, or in multiple files coordinates (for example, files that store one or more modules, subprograms, or pieces of code). A computer program can be implemented to run on one computer or on multiple computers that are located in one location or distributed across multiple locations and interconnected by a communication network.

权利要求:
Claims (15)
[0001]
1. System for controlling the access of individuals to an enclosed area, characterized in that it comprises: - a computer platform (101) physically located in the closed area (12), the computer platform (101) comprising a processor (106) ; and - an access controller (100) embedded in a computer readable storage medium, the access controller (100) comprising machine instructions which when executed by the processor (106) cause the processor to at least: - configure the system (10) to receive: - credential and policy directory information from a remote directory (200) to allow access controller self-provisioning through periodic and automated directory lookup by the access controller; and receive: - credential and credential policy information and policy information for one or more individuals (42) who may need to access the closed area (12), - store in a local cache accessible by the processor (106), the received credential and policy information from the credential and policy directory and the credential and policy information of one or more individuals, - periodically request an updated credential and policy information from the policy and credential directory; receive: at the processor (106), the credential and updated policy information in response to the periodic request; - update the local cache based on the updated credential and policy information; - receiving an access request to allow an individual access to the closed area, the physical entry by the individual to the closed area (12) being controlled by a door system (20) in communication with the access controller (100); - compare the credential access request and policy information in the local cache; - when the comparison indicates a combination, grant individual access to the closed area (12); - determining whether an input signal corresponding to an individual was originated from the gate system (20); - denying entry to any computer within the closed area (12) by the individual in the absence of an entry signal.
[0002]
2. System, according to claim 1, characterized in that the closed area (12) comprises several access controllers (100), and in the access controller configuration, the processor (106): - configures a first access controller through a user interface; and - automatically replicates the configuration on each of the other access controllers (100).
[0003]
3. System, according to claim 1, characterized in that the directory information comprises a directory URL, and the directory and the processor communicate using TCP/IP protocols.
[0004]
4. System, according to claim 1, characterized in that the access request is received in a credential reader (28) of the closed area (12), the credential reader reading an individual's credential (42), and where the access request comprises credential and credential policy information to compare with the credential and policy information in the local cache.
[0005]
5. System according to claim 1, characterized in that the comparison requires an exact match between the information in the access request and the corresponding credential, and policy information in the local cache.
[0006]
6. System according to claim 1, characterized in that the instructions further cause the processor (106), in response to a combination, to unlock an access door to the closed area to allow access.
[0007]
7. System, according to claim 1, characterized in that the instructions still make the processor (106) configure the access controller to monitor and collect events according to pre-defined event definition information.
[0008]
8. System, according to claim 7, characterized in that it also comprises a memory (107) to store the collected events; and the instructions further causing the processor (106) to cause the access controller to report harvested events to a plurality of event monitors.
[0009]
9. System according to claim 8, characterized in that the instructions further cause a processor (106) to receive an address from each plurality of event monitors, and simultaneously send the events to multiples of the plurality of event monitors .
[0010]
10. System according to claim 9, characterized in that an event comprises at least one open door, one closed door, one locked open door, one locked door, and one unlocked door.
[0011]
11. System, according to claim 1, characterized in that the access request is a request to access a resource, and the resource is a logical resource.
[0012]
12. System according to claim 11, characterized in that the instructions cause the processor to access the controller to self-provision access to the resource based on an individual's location with respect to the resource.
[0013]
13. System according to claim 1, characterized in that the instructions still cause the processor (106), when the comparison indicates that there is no match, to send the request for access to the credentials and policy directory to determine a combination.
[0014]
14. System, according to claim 1, characterized in that the update of policy and credential information is carried out continuously in real time.
[0015]
15. System according to claim 1, characterized in that the processor (106) is located within the closed area (12).

类似技术:

公开号 | 公开日 | 专利标题

BR112015025282B1|2022-01-04|SYSTEM TO CONTROL THE ACCESS OF INDIVIDUALS TO A CLOSED AREA

JP2016515784A5|2016-09-29|

AU2016273890B2|2018-04-19|Controlling physical access to secure areas via client devices in a networked environment

US8941465B2|2015-01-27|System and method for secure entry using door tokens

US10735965B2|2020-08-04|Multilayer access control for connected devices

US8907763B2|2014-12-09|System, station and method for mustering

US20140002236A1|2014-01-02|Door Lock, System and Method for Remotely Controlled Access

KR20150032189A|2015-03-25|Distribution of user credentials

EP3111615B1|2020-09-16|Systems and methods for providing secure access to local network devices

US10515493B2|2019-12-24|Method and system for tracking and pictorially displaying locations of tracked individuals

CA2870058C|2015-09-29|Device, system, method and database for managing permissions to use physical devices and logical assets

US10325095B2|2019-06-18|Correlating a task with a command to perform a change ticket in an it system

US20190392658A1|2019-12-26|Compact encoding of static permissions for real-time access control

KR20220002948A|2022-01-07|Management of data and data usage of IoT networks

US20210105616A1|2021-04-08|Methods, systems, apparatuses, and devices for controlling access to an access control location

US20210359995A1|2021-11-18|Secure access control

US10049194B2|2018-08-14|Control access to function of information device

同族专利:

公开号 | 公开日

AU2019275589A1|2020-01-02|

CN105378648B|2020-04-21|

AU2019275589B2|2021-04-01|

EP2981884B1|2021-01-20|

MX2015013925A|2016-06-06|

US9509719B2|2016-11-29|

US10629019B2|2020-04-21|

US20140298398A1|2014-10-02|

JP6966195B2|2021-11-10|

WO2014165305A1|2014-10-09|

ZA201508224B|2018-09-26|

EP2981884A4|2016-12-07|

BR112015025282A2|2017-07-18|

MX356761B|2018-06-12|

AU2014248457A1|2015-10-15|

KR102030225B1|2019-10-08|

SG11201507955YA|2015-10-29|

IL241867A|2021-09-30|

HK1221309A1|2017-05-26|

JP2020013591A|2020-01-23|

EP2981884A1|2016-02-10|

CN105378648A|2016-03-02|

JP2016515784A|2016-05-30|

CA2908734A1|2014-10-09|

US20170039789A1|2017-02-09|

KR20150126423A|2015-11-11|

引用文献:

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

US7716486B2|1995-10-02|2010-05-11|Corestreet, Ltd.|Controlling group access to doors|

US7337315B2|1995-10-02|2008-02-26|Corestreet, Ltd.|Efficient certificate revocation|

US7822989B2|1995-10-02|2010-10-26|Corestreet, Ltd.|Controlling access to an area|

US8015597B2|1995-10-02|2011-09-06|Corestreet, Ltd.|Disseminating additional data used for controlling access|

US7353396B2|1995-10-02|2008-04-01|Corestreet, Ltd.|Physical access control|

US7600129B2|1995-10-02|2009-10-06|Corestreet, Ltd.|Controlling access using additional data|

US8171524B2|1995-10-02|2012-05-01|Corestreet, Ltd.|Physical access control|

US8261319B2|1995-10-24|2012-09-04|Corestreet, Ltd.|Logging access attempts to an area|

JP2000259567A|1999-03-09|2000-09-22|Toshiba Corp|Device and method for controlling access and storage medium|

US6390697B1|1999-10-29|2002-05-21|Fargo Electronics, Inc.|Printhead mounting guide frame|

US20020118096A1|2000-05-26|2002-08-29|Hector Hoyos|Building security system|

US7194764B2|2000-07-10|2007-03-20|Oracle International Corporation|User authentication|

AU7593601A|2000-07-14|2002-01-30|Atabok Inc|Controlling and managing digital assets|

US7376839B2|2001-05-04|2008-05-20|Cubic Corporation|Smart card access control system|

US7243369B2|2001-08-06|2007-07-10|Sun Microsystems, Inc.|Uniform resource locator access management and control system and method|

US7308714B2|2001-09-27|2007-12-11|International Business Machines Corporation|Limiting the output of alerts generated by an intrusion detection sensor during a denial of service attack|

GB2398146B|2001-11-01|2005-07-13|Sun Microsystems Inc|Directory request caching in distributed computer systems|

US20030126464A1|2001-12-04|2003-07-03|Mcdaniel Patrick D.|Method and system for determining and enforcing security policy in a communication session|

US20030115243A1|2001-12-18|2003-06-19|Intel Corporation|Distributed process execution system and method|

JP2004062980A|2002-07-29|2004-02-26|Toyota Gakuen|Magnetic alloy, magnetic recording medium, and magnetic recording and reproducing device|

EP1636682A4|2003-06-24|2009-04-29|Corestreet Ltd|Access control|

JP3971408B2|2004-04-16|2007-09-05|日立情報通信エンジニアリング株式会社|Entrance / exit management system and log monitor device|

US8232862B2|2004-05-17|2012-07-31|Assa Abloy Ab|Biometrically authenticated portable access device|

US7583188B2|2004-08-31|2009-09-01|Ingersoll-Rand Company|Software controlled access control door controller|

US20060143292A1|2004-12-28|2006-06-29|Taubenheim David B|Location-based network access|

JP2008530677A|2005-02-10|2008-08-07|コーニンクレッカフィリップスエレクトロニクスエヌヴィ|Security equipment|

US7706778B2|2005-04-05|2010-04-27|Assa Abloy Ab|System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone|

JP4822738B2|2005-05-13|2011-11-24|株式会社日立製作所|Service authentication system and service authentication method|

WO2006127135A2|2005-05-23|2006-11-30|Sap Governance Risk And Compliance, Inc.|Access enforcer|

US20070055517A1|2005-08-30|2007-03-08|Brian Spector|Multi-factor biometric authentication|

US8183980B2|2005-08-31|2012-05-22|Assa Abloy Ab|Device authentication using a unidirectional protocol|

US7586413B2|2005-09-01|2009-09-08|Assa Abloy Ab|Human feedback using parasitic power harvesting of RFID tags|

US7437755B2|2005-10-26|2008-10-14|Cisco Technology, Inc.|Unified network and physical premises access control server|

US7734572B2|2006-04-04|2010-06-08|Panduit Corp.|Building automation system controller|

US20070254713A1|2006-04-28|2007-11-01|Isaac Lagnado|System and method for managing operation of a system based at least in part on a component of the system being physically accessible|

JP2007304785A|2006-05-10|2007-11-22|Hitachi Ltd|Building security system, user information generation apparatus and access control method|

US8074271B2|2006-08-09|2011-12-06|Assa Abloy Ab|Method and apparatus for making a decision on a card|

US8060620B2|2006-10-05|2011-11-15|Microsoft Corporation|Profile deployment using a generic format|

DE102007004073B4|2007-01-26|2012-03-01|Assa Abloy Sicherheitstechnik Gmbh|Locking system with force sensor|

US8203426B1|2007-07-11|2012-06-19|Precision Edge Access Control, Inc.|Feed protocol used to report status and event information in physical access control system|

US8543684B2|2007-08-24|2013-09-24|Assa Abloy Ab|Method for computing the entropic value of a dynamical memory system|

US8122497B2|2007-09-10|2012-02-21|Redcloud, Inc.|Networked physical security access control system and method|

US8009013B1|2007-09-21|2011-08-30|Precision Control Systems of Chicago, Inc.|Access control system and method using user location information for controlling access to a restricted area|

US8620269B2|2007-12-31|2013-12-31|Honeywell International Inc.|Defining a boundary for wireless network using physical access control systems|

US20090183264A1|2008-01-14|2009-07-16|Qualcomm Incorporated|System and method for protecting content in a wireless network|

US20090195445A1|2008-01-31|2009-08-06|Dehaas Ronald J|System and method for selecting parameters based on physical location of a computer device|

WO2010019593A1|2008-08-11|2010-02-18|Assa Abloy Ab|Secure wiegand communications|

US20100137143A1|2008-10-22|2010-06-03|Ion Torrent Systems Incorporated|Methods and apparatus for measuring analytes|

JP5035431B2|2010-05-19|2012-09-26|トヨタ自動車株式会社|Vehicle control system|

NZ593855A|2010-07-02|2011-10-28|Assa Abloy Australia Pty Ltd|Coupling plug lock typically for preventing access to hydraulic or pnuematic line with actuator and detents and lock, typically key in barrel|

US8924715B2|2010-10-28|2014-12-30|Stephan V. Schell|Methods and apparatus for storage and execution of access control clients|

US20120297461A1|2010-12-02|2012-11-22|Stephen Pineau|System and method for reducing cyber crime in industrial control systems|

US8726348B2|2010-12-15|2014-05-13|The Boeing Company|Collaborative rules based security|

EP2479696A1|2011-01-19|2012-07-25|British Telecommunications public limited company|Data security|

CA2827516C|2011-02-22|2019-11-12|Stanley Security Solutions, Inc.|Wireless lock with lockdown|

JP5695455B2|2011-03-08|2015-04-08|株式会社日立システムズ|Access control system|

US8601541B2|2011-08-15|2013-12-03|Bank Of America Corporation|Method and apparatus for session validation to access mainframe resources|

AU2012100460B4|2012-01-04|2012-11-08|Uniloc Usa, Inc.|Method and system implementing zone-restricted behavior of a computing device|

US8648689B2|2012-02-14|2014-02-11|Ford Global Technologies, Llc|Method and system for detecting door state and door sensor failures|

US8756655B2|2012-07-13|2014-06-17|International Business Machines Corporation|Integrated physical access control and information technology security|

US9609022B2|2014-12-10|2017-03-28|Sybase, Inc.|Context based dynamically switching device configuration|

US10303647B2|2015-07-15|2019-05-28|Mellanox Technologies, Ltd.|Access control in peer-to-peer transactions over a peripheral component bus|

US10282927B1|2017-03-29|2019-05-07|Alarm.Com Incorporated|Access control provisioning|

US10374803B2|2017-10-06|2019-08-06|Stealthpath, Inc.|Methods for internet communication security|US9548973B2|2007-08-24|2017-01-17|Assa Abloy Ab|Detecting and responding to an atypical behavior|

US11017106B2|2012-11-12|2021-05-25|Sielox, Llc|Emergency notification, access control, and monitoring systems and methods|

US11163901B2|2012-11-12|2021-11-02|Sielox, Llc|Emergency notification system and methods|

EP2917899A2|2012-11-12|2015-09-16|Sielox, LLC|Emergency notification system and methods|

US20150106150A1|2013-10-15|2015-04-16|Kastle Systems International Llc|System and method for managing event participant authorizations|

US9736159B2|2013-11-11|2017-08-15|Amazon Technologies, Inc.|Identity pool bridging for managed directory services|

US9407615B2|2013-11-11|2016-08-02|Amazon Technologies, Inc.|Single set of credentials for accessing multiple computing resource services|

US10375013B2|2013-11-11|2019-08-06|Amazon Technologies, Inc.|Managed directory service connection|

US10908937B2|2013-11-11|2021-02-02|Amazon Technologies, Inc.|Automatic directory join for virtual machine instances|

AU2015253051B2|2014-04-30|2019-07-11|Cubic Corporation|Failsafe operation for unmanned gatelines|

US20150319685A1|2014-05-02|2015-11-05|Qualcomm Incorporated|Techniques for managing wireless communications using a distributed wireless local area network driver model|

US10257184B1|2014-09-29|2019-04-09|Amazon Technologies, Inc.|Assigning policies for accessing multiple computing resource services|

US10515493B2|2014-12-05|2019-12-24|Avigilon Corporation|Method and system for tracking and pictorially displaying locations of tracked individuals|

US10509663B1|2015-02-04|2019-12-17|Amazon Technologies, Inc.|Automatic domain join for virtual machine instances|

US10706654B2|2015-03-23|2020-07-07|Paul K. Luker LLC|Worksite ingress/egress system|

GB2538963A|2015-06-01|2016-12-07|Idcontrol Oy|Access control controller, related system, method and computer program|

CA3051361A1|2017-01-23|2018-07-26|Carrier Corporation|Access control system with secure pass-through|

US11151240B2|2017-12-11|2021-10-19|Carrier Corporation|Access key card that cancels automatically for safety and security|

US11062543B2|2017-12-11|2021-07-13|Carrier Corporation|On-demand credential for service personnel|

CN108366368A|2018-01-08|2018-08-03|国网江苏省电力有限公司|A kind of electric power cloud platform system and its radio switch-in method based on Wi-Fi|

US10970949B2|2018-05-04|2021-04-06|Genetec Inc.|Secure access control|

US20200119586A1|2018-10-15|2020-04-16|Avigilon Corporation|Wireless charging of depleted mobile device for access control|

US11201871B2|2018-12-19|2021-12-14|Uber Technologies, Inc.|Dynamically adjusting access policies|

CN109582431A|2018-12-25|2019-04-05|杭州达现科技有限公司|A kind of the catalogue update method and device of display interface|

EP3716224A1|2019-03-27|2020-09-30|Carrier Corporation|System and method for providing secure access|

US11010995B2|2019-09-06|2021-05-18|Videx, Inc.|Access control system with dynamic access permission processing|

法律状态:
2018-03-27| B25D| Requested change of name of applicant approved|Owner name: AVIGILON PATENT HOLDING 2 CORPORATION (CA) |

2018-04-17| B25G| Requested change of headquarter approved|Owner name: AVIGILON PATENT HOLDING 2 CORPORATION (CA) |

2018-11-13| B06F| Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]|

2020-03-17| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|

2021-11-16| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|

2022-01-04| B16A| Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 13/03/2014, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

申请号 | 申请日 | 专利标题

US13/855,543|2013-04-02|

US13/855,543|US9509719B2|2013-04-02|2013-04-02|Self-provisioning access control|

PCT/US2014/026177|WO2014165305A1|2013-04-02|2014-03-13|Self-provisioning access control|

[返回顶部]