Entry control system

US 10,089,803 B2
Filed: 01/10/2018
Issued: 10/02/2018
Est. Priority Date: 12/22/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method for physically controlling access to a protected location, comprising:

providing one or more critical security parameters to a security controller for authentication after using a token remote authentication application on a security token to verify a critical security parameter against one or more reference critical security parameters, wherein the security controller is in secure communications over the network with a life cycle management server that is adapted to perform life cycle management functions related to applications, critical security parameters or user data installed in either the security token or a secure access module operatively coupled to the security controller;

performing one or more authentication transactions using the one or more critical security parameters;

temporarily maintaining a local access list of the one or more critical security parameters which have been authenticated;

sending the local access list to an authentication server;

updating a master access list maintained by the authentication server; and

energizing an electromechanical circuit coupled to and controlled by the security controller if a result of the one or more authentication transaction is successful.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module. These transactions allow for the updating, replacement, deletion and creation of critical security parameters, cryptographic keys, user data and applications used by the secure access module and/or security token. In another embodiment of the invention a security access module associated with the security controller locally performs local authentication transactions which are recorded in a local access list used to update a master access list maintained by the authentication server.

Citations

18 Claims

1. A method for physically controlling access to a protected location, comprising:
- providing one or more critical security parameters to a security controller for authentication after using a token remote authentication application on a security token to verify a critical security parameter against one or more reference critical security parameters, wherein the security controller is in secure communications over the network with a life cycle management server that is adapted to perform life cycle management functions related to applications, critical security parameters or user data installed in either the security token or a secure access module operatively coupled to the security controller;
  
  performing one or more authentication transactions using the one or more critical security parameters;
  
  temporarily maintaining a local access list of the one or more critical security parameters which have been authenticated;
  
  sending the local access list to an authentication server;
  
  updating a master access list maintained by the authentication server; and
  
  energizing an electromechanical circuit coupled to and controlled by the security controller if a result of the one or more authentication transaction is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1 wherein the local access list is sent to the authentication server via a secure communications channel.
  - 3. The method according to claim 1 wherein the local access list is sent over an IEEE 802.x standard network arrangement.
  - 4. The method according to claim 1 wherein the secure communications connection includes a shared secret established between the security controller which is securely maintained by the secure access module.
  - 5. The method according to claim 1 wherein the security controller is one of a plurality of security controllers, wherein the plurality of security controllers are networked clients of the authentication server.
  - 6. The method according to claim 1 wherein at least a portion of the secure communications connection is established over a wireless telecommunications link.
  - 7. The method according to claim 1 wherein the secure communications connection incorporates a security protocol including SSL, IPsec, PCT, TLS or RADIUS.
  - 8. The method according to claim 1 wherein the critical security parameter is provided by the user and the one or more reference critical security parameters are operatively stored on the security token.
  - 9. The method according to claim 1 wherein the secure communications connection incorporates a shared secret which is maintained by the authentication server and the security controller.

10. A system for physically controlling access to a protected location, comprising:
- an authentication server that updates a master access list of one or more critical security parameters maintained at the authentication server based on receipt of a local access list of critical security parameters that have been previously authenticated;
  
  a security controller that establishes the secure communications connection with the authentication server;
  
  a security token operatively coupled to the security controller, the security token sending a critical security parameter to the security controller for authentication by the authentication server according to the master access list, wherein the security controller is in secure communications over the network with a life cycle management server that is adapted to perform life cycle management functions related to applications, critical security parameters or user data installed in either the security token or a secure access module operatively coupled to the security controller; and
  
  an electromechanical circuit that is coupled to and controlled by the security controller and that opens a physical access gateway to the protected location when energized, wherein the security controller sends the critical security parameter to the authentication server via the secure communications connection and energizes the electromechanical circuit in response to an affirmative authentication result received from the authentication server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system according to claim 10 wherein the local access list is sent to the authentication server via a secure communications channel.
  - 12. The system according to claim 10 wherein the local access list is sent over an IEEE 802.x standard network arrangement.
  - 13. The system according to claim 10 wherein the secure communications connection includes a shared secret established between the authentication server and the security controller which is securely maintained by the secure access module.
  - 14. The system according to claim 10 wherein the security controller is one of a plurality of security controllers, wherein the plurality of security controllers are networked clients of the authentication server.
  - 15. The system according to claim 10 wherein at least a portion of the secure communications connection is established over a wireless telecommunications link.
  - 16. The system according to claim 10, wherein the secure communications connection incorporates a security protocol including SSL, IPsec, PCT, TLS or RADIUS.
  - 17. The system according to claim 10 wherein the critical security parameter is provided by the user and the one or more reference critical security parameters are operatively stored on the security token.
  - 18. The system according to claim 10 wherein the secure communications connection incorporates a shared secret which is maintained by the authentication server and the security controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Fedronic, Dominique Louis Joseph, Wen, Wu
Primary Examiner(s)
Hailu, Teshome

Application Number

US15/866,731
Publication Number

US 20180218551A1
Time in Patent Office

265 Days
Field of Search

713172
US Class Current
CPC Class Codes

G07C 9/27   with central registration

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

Entry control system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Entry control system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links