Decoupled authorization for restricted resource access

US 10,599,826 B2
Filed: 09/05/2017
Issued: 03/24/2020
Est. Priority Date: 09/05/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

performing, via at least a first wireless message exchanged between a first device of a user and a second device of an access control system, a first authorization of the user to access a restricted resource under control of the access control system in response to detection of a first trigger;

performing, via at least a second wireless message exchanged between the first device and the second device, a different and independent second authorization of said user to access the restricted resource in response to detection of a different second trigger; and

modifying access to the restricted resource from the access control system in response to successfully completing said first authorization and said second authorization based on the first wireless message and the second wireless message being exchanged in response to different triggers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for performing decoupled authorization, whereby authorizing access permissions of a user to a resource is performed separate and independent from authorizing intent of the user to access the resource. Once both authorizations are successfully completed within a specified timeout interval, the access state of the resource is changed, thereby granting the user access to the resource. The decoupled authorizations are independently performed over different networks, in response to different triggers, or by leveraging different hardware. Access to the resource can therefore be provided prior to the user arriving before the resource, with little to no action by the user, and without comprising security as the resources will remain restricted or locked if the either of the user'"'"'s intent or access permissions cannot be verified.

Citations

17 Claims

1. A method comprising:
- performing, via at least a first wireless message exchanged between a first device of a user and a second device of an access control system, a first authorization of the user to access a restricted resource under control of the access control system in response to detection of a first trigger;
  
  performing, via at least a second wireless message exchanged between the first device and the second device, a different and independent second authorization of said user to access the restricted resource in response to detection of a different second trigger; and
  
  modifying access to the restricted resource from the access control system in response to successfully completing said first authorization and said second authorization based on the first wireless message and the second wireless message being exchanged in response to different triggers.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising detecting the first trigger in response to a first action by said user or a first position of said user.
  - 3. The method of claim 2 further comprising detecting the second trigger in response to a different second action by said user or a different second position of said user.
  - 4. The method of claim 3, wherein the first action is a particular phrase spoken by said user, and wherein the second action is a particular movement or gesture performed by said user.
  - 5. The method of claim 3, wherein said first position is a position at which a mobile device of said user enters in range of a particular wireless network, and wherein detecting the first trigger comprises detecting the particular wireless network.

6. A method comprising:
- performing a first authorization of a user to access a restricted resource under control of an access control system based on at least a first message exchanged between a first device of the user and a local second device of the access control system that is disposed next to the restricted resource in response to detecting a first user action or a first network with a first sensor of one of the first device or the local second device;
  
  performing a different and independent second authorization of said user to access the restricted resource based on at least a second message exchanged between the first device and a remote third device of the access control system that is located away from the restricted resource in response to detecting a second user action or a second network with a different second sensor of one of the first device or the remote third device; and
  
  modifying access to the restricted resource from the access control system in response to successfully completing said first authorization and said second authorization based on the first wireless message and the second wireless message being exchanged in response to the different user actions or networks.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 7. The method of claim 6 further comprising receiving the first user action in response to the first sensor (i) sensing a first gesture or phrase spoken by said user or (ii) sensing a first position of said user.
  - 8. The method of claim 7 further comprising receiving the second user action in response to the second sensor (i) sensing a different second gesture or phrase spoken by said user or (ii) sensing a different second position of said user.
  - 9. The method of claim 6, wherein the first sensor is a microphone of the first device of said user or the local second device adjacent to said restricted resource, and wherein performing the first authorization comprises initiating the first authorization in response to the first user action comprising a particular audible phrase said microphone captures from the user.
  - 10. The method of claim 6, wherein the first sensor is a camera or touchscreen of the first device of said user or the local second device adjacent to said restricted resource, and wherein performing the first authorization comprises initiating the first authorization in response to the first user action comprising a particular motion or gesture captured by said camera or touchscreen.
  - 11. The method of claim 6, wherein the first sensor is one of a microphone, camera, touchscreen, and wireless network radio, and wherein the second sensor is a different one of said microphone, said camera, said touchscreen, and said wireless network radio.
  - 12. The method of claim 6, wherein said performing the first authorization comprises authorizing access permissions of said user to access said restricted resource, and wherein said performing the second authorization comprises authorizing intent of said user to access said restricted resource.
  - 13. The method of claim 12, wherein said modifying access comprises granting access to the restricted resource in response to independently authorizing permissions of said user to access said restricted resource and authorizing intent of said user to access said restricted resource.
  - 14. The method of claim 6, wherein said performing the first authorization comprises exchanging messaging over a first wireless network, and wherein said performing the second authorization comprises exchanging messaging over a different second wireless network.
  - 15. The method of claim 6, wherein said modifying access comprises providing said user with access to said restricted resource in response to successfully completing said second authorization within a timeout interval of completing said first authorization, and the method further comprising restricting said user access to said restricted resource in response to successfully completing said second authorization outside the timeout interval of completing said first authorization.
  - 16. The method of claim 6 further comprising detecting the first network with the first sensor of the first device, and detecting the second network with the second sensor of the first device, wherein the first sensor and the second sensor correspond to first and second wireless radios of the first device.

17. An access control system comprising:
- a restricted resource; and
  
  a system device comprising;
  
  a non-transitory computer-readable medium storing a set of processor-executable instructions; and
  
  one or more processors configured to execute the set of processor-executable instructions, wherein executing the set of processor-executable instructions causes the one or more processors to;
  
  perform, via at least a first wireless message exchanged between the system device and a user device of a user, a first authorization of the user to access the restricted resource in response to detection of a first trigger;
  
  perform, via at least a second wireless message exchanged between the system device and the user device, a different and independent second authorization of said user to access the restricted resource in response to detection of a different second trigger; and
  
  modify access to the restricted resource in response to successfully completing said first authorization and said second authorization based on the first wireless message and the second wireless message being exchanged in response to different triggers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Openpath Security, Inc. (Motorola Solutions, Inc.)
Original Assignee
Openpath Security, Inc. (Motorola Solutions, Inc.)
Inventors
Kazerani, Alexander A., Peters, Robert J., Kamkar, Samy
Primary Examiner(s)
Harris, Christopher C

Application Number

US15/695,085
Publication Number

US 20190073468A1
Time in Patent Office

931 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G07C 2209/63   Comprising locating means f...

G07C 9/00174   Electronically operated loc...

G07C 9/28   the pass enabling tracking ...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/08   Access security

H04W 12/68   Gesture-dependent or behavi...

H04W 4/80   Services using short range ...

Decoupled authorization for restricted resource access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Decoupled authorization for restricted resource access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links