Policy-managed physical access authentication
First Claim
1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
- a credential input interface configured to receive first authentication credentials from a first user and second authentication credentials from a second user;
a communications interface communicatively coupled to an access control device associated with the access-controlled area;
processing circuitry communicatively coupled to the credential input interface and the communications interface;
a non-transitory computer-readable storage medium communicatively coupled to the processing circuitry, the computer-readable storage medium storing instructions that when executed by the processing circuitry cause the processing circuitry to;
retrieve an access control policy, the access control policy comprising first authentication requirements and second authentication requirements, wherein the second authentication requirements have at least one factor of authentication and the second authentication requirements have at least one factor of authentication less than the first authentication requirements when the second authentication credentials are received within a defined period following receipt of the first authentication credentials to enforce a physical presence requirement between the first user and the second user;
determine that the first authentication credentials satisfy the first authentication requirements;
send, based on the determination that the first authentication credentials satisfy the first authentication requirements, a first access control signal to cause the access control device to allow the first user physical access to the access-controlled area;
determine that the second authentication credentials satisfy the second authentication requirements; and
send, based on the determination that the second authentication credentials satisfy the second authentication requirements, a second access control signal to cause the access control device to allow the second user physical access to the same access-controlled area with the at least one factor of authentication less than the first user while enforcing the physical presence requirement between the first user and the second user.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed that provide for physical access management of an access-controlled area of a distributed site of an electric power delivery system using one or more one or more articulated access control policies. In some embodiments, to authenticate rights to access an access-controlled area, a first user may provide an associated access control system with credentials satisfying first authentication requirements based on an applicable policy. In connection with subsequent access authentication requests, the access control system may accept credentials satisfying second authentication requirements that may be different than the first authentication requirements. In this manner, access control requirements to the access-controlled area may be managed based on an associated articulated policy.
-
Citations
18 Claims
-
1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
-
a credential input interface configured to receive first authentication credentials from a first user and second authentication credentials from a second user; a communications interface communicatively coupled to an access control device associated with the access-controlled area; processing circuitry communicatively coupled to the credential input interface and the communications interface; a non-transitory computer-readable storage medium communicatively coupled to the processing circuitry, the computer-readable storage medium storing instructions that when executed by the processing circuitry cause the processing circuitry to; retrieve an access control policy, the access control policy comprising first authentication requirements and second authentication requirements, wherein the second authentication requirements have at least one factor of authentication and the second authentication requirements have at least one factor of authentication less than the first authentication requirements when the second authentication credentials are received within a defined period following receipt of the first authentication credentials to enforce a physical presence requirement between the first user and the second user; determine that the first authentication credentials satisfy the first authentication requirements; send, based on the determination that the first authentication credentials satisfy the first authentication requirements, a first access control signal to cause the access control device to allow the first user physical access to the access-controlled area; determine that the second authentication credentials satisfy the second authentication requirements; and send, based on the determination that the second authentication credentials satisfy the second authentication requirements, a second access control signal to cause the access control device to allow the second user physical access to the same access-controlled area with the at least one factor of authentication less than the first user while enforcing the physical presence requirement between the first user and the second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for managing physical access to an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
-
receiving, via processing circuitry, first authentication credentials from a first user; retrieving, via the processing circuitry, an access control policy, the access control policy comprising first authentication requirements and second authentication requirements, wherein the second authentication requirements have at least one factor of authentication, and wherein the second authentication requirements have at least one factor of authentication less than the first authentication requirements when the second authentication requirements are received within a defined period following receipt of the first authentication credentials to enforce a physical presence requirement between the first user and the second user; determining, via the processing circuitry, that the first authentication credentials satisfy the first authentication requirements; based on the determination that the first authentication credentials satisfy the first authentication requirements, sending, via the processing circuitry, a first access control signal to cause the access control device to allow the first user physical access to the access-controlled area; receiving, via the processing circuitry, second authentication credentials from a second user; determining, via the processing circuitry, that the second authentication credentials satisfy the second authentication requirements; and based on the determination that the second authentication credentials satisfy the second authentication requirements, sending, via the processing circuitry, a second access control signal to cause the access control device to allow the second user physical access to the same access-controlled area with the at least one factor of authentication less than the first user while enforcing the physical presence requirement between the first user and the second user. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification