Controlling physical access to secure areas via client devices in a networked environment

US 10,127,751 B2
Filed: 07/21/2016
Issued: 11/13/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying, by a client device, a particular physical access point comprising a physical lock actuator;

identifying, by the client device, at least one authentication credential associated with the client device;

generating, by the client device, a request to cause the physical lock actuator to be in an unlocked state, the request comprising the at least one authentication credential associated with the client device, the request comprising a hardware restriction, the hardware restriction identifying that a hardware feature of the client device is restricted;

transmitting, by the client device, the request to a computing device wherein the computing device returns an access credential to the client device, the access credential comprising a hash of at least one security identifier associated with at least one physical access point comprising the particular physical access point, wherein the computing device returns the access credential based on the authentication credential and the hardware restriction; and

transmitting, by the client device, the access credential to the particular physical access point to actuate the physical lock actuator.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for providing physical access credentials to a client device. The method may include receiving a request for a physical access credential, where the first request includes at least one user access credential and at least one physical access point identifier. The method may also include determining whether the request should be granted based at least in part on the at least one user access credential. The method may further include, in response to determining that the request should be granted, sending the physical access credential associated with the physical access point.

149 Citations

20 Claims

1. A method, comprising:
- identifying, by a client device, a particular physical access point comprising a physical lock actuator;
  
  identifying, by the client device, at least one authentication credential associated with the client device;
  
  generating, by the client device, a request to cause the physical lock actuator to be in an unlocked state, the request comprising the at least one authentication credential associated with the client device, the request comprising a hardware restriction, the hardware restriction identifying that a hardware feature of the client device is restricted;
  
  transmitting, by the client device, the request to a computing device wherein the computing device returns an access credential to the client device, the access credential comprising a hash of at least one security identifier associated with at least one physical access point comprising the particular physical access point, wherein the computing device returns the access credential based on the authentication credential and the hardware restriction; and
  
  transmitting, by the client device, the access credential to the particular physical access point to actuate the physical lock actuator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - identifying, by the client device, a device profile associated with the client device, the device profile comprising a plurality of characteristics describing the client device.
  - 3. The method of claim 2, wherein the request further comprises the device profile associated with the client device.
  - 4. The method of claim 2, wherein the characteristics describing the client device comprise hardware specifications of the client device and the hardware restriction.
  - 5. The method of claim 2, wherein the characteristics describing the client device comprise software specifications of the client device.
  - 6. The method of claim 1, wherein identifying the at least one authentication credential associated with the client device comprises obtaining login information using an application executed by the client device.
  - 7. The method of claim 1, wherein the at least one authentication credential associated with the client device comprises a device identifier associated with the client device.
  - 8. The method of claim 1, wherein the at least one authentication credential associated with the client device comprises a user identifier associated with a user of the client device.

9. A computing system, comprising:
- one or more processors; and
  
  ,a memory coupled to the one or more processors, the memory storing instructions that, when executed by the one or more processors, cause the computing system to;
  
  identify, by a client device, a particular physical access point comprising a physical lock actuator;
  
  identify, by the client device, at least one authentication credential associated with the client device;
  
  generate, by the client device, a request to cause the physical lock actuator to be in an unlocked state, the request comprising the at least one authentication credential associated with the client device, the request comprising a hardware restriction, the hardware restriction identifying that a hardware feature of the client device is restricted;
  
  transmit, by the client device, the request to a computing device wherein the computing device returns an access credential to the client device, the access credential comprising a hash of at least one security identifier associated with at least one physical access point comprising the particular physical access point, wherein the computing device returns the access credential based on the authentication credential and the hardware restriction; and
  
  transmit, by the client device, the access credential to the particular physical access point to actuate the physical lock actuator.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computing system of claim 9, wherein the computing device comprises the particular physical access point.
  - 11. The computing system of claim 9, wherein the computing device comprises an authentication service, the authentication service being configured to determine whether the client device is authorized to cause the physical lock actuator to be in an unlocked state based at least in part on the at least one authentication credential associated with the client device.
  - 12. The computing system of claim 9, wherein the computing device comprises a compliance service, the compliance service being configured to determine whether the client device is authorized to cause the physical lock actuator to be in an unlocked state based at least in part on whether at least one compliance rule is satisfied by the client device.
  - 13. The computing system of claim 12, wherein the at least one compliance rule requires the hardware restriction.
  - 14. The computing system of claim 12, wherein the at least one compliance rule requires at least one software restriction.
  - 15. The computing system of claim 12, wherein at least one compliance rule comprises at least one mobile device management restriction.

16. A non-transitory computer-readable medium storing instructions that, when executed by one or more processors, cause at least one computing device to:
- identify, by a client device, a particular physical access point comprising a physical lock actuator;
  
  identify, by the client device, at least one authentication credential associated with the client device;
  
  generate, by the client device, a request to cause the physical lock actuator to be in an unlocked state, the request comprising the at least one authentication credential associated with the client device, the request comprising a hardware restriction, the hardware restriction identifying that a hardware feature of the client device is restricted;
  
  transmit, by the client device, the request to a computing device wherein the computing device returns an access credential to the client device, the access credential comprising a hash of at least one security identifier associated with at least one physical access point comprising the particular physical access point, wherein the computing device returns the access credential based on the authentication credential and the hardware restriction; and
  
  transmit, by the client device, the access credential to the particular physical access point to actuate the physical lock actuator.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, further storing instructions that, when executed by the one or more processors, further cause the at least one computing device to:
    - receive a request to transmit a device profile associated with the client device to at least one of;
      
      an authentication service, a compliance service, or the particular physical access point.
  - 18. The non-transitory computer-readable medium of claim 16, further storing instructions that, when executed by the one or more processors, further cause the at least one computing device to:
    - identify at least one compliance rule associated with the client device; and
      
      ,determine that the client device satisfies the at least one compliance ruleassociated with the client device based at least in part on a device profile associated with the client device.
  - 19. The non-transitory computer-readable medium of claim 16, wherein the hardware restriction comprises at least one of:
    - a camera restriction, a Bluetooth restriction, an IRDA restriction, a tethering restriction, an external storage restriction, or a mobile access point restriction.
  - 20. The non-transitory computer-readable medium of claim 17, further storing instructions that, when executed by the one or more processors, further cause the at least one computing device to:
    - transmit the device profile to the physical lock actuator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Tse, Kar Fai
Primary Examiner(s)
King, John B

Application Number

US15/216,236
Publication Number

US 20160328895A1
Time in Patent Office

845 Days
Field of Search
US Class Current
CPC Class Codes

G07C 2009/00769   with data transmission perf...

G07C 2009/0088   centrally

G07C 9/00309   operated with bidirectional...

G07C 9/00571   operated by interacting wit...

G07C 9/257   electronically G07C9/26 tak...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Controlling physical access to secure areas via client devices in a networked environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

149 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Controlling physical access to secure areas via client devices in a networked environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others