Entry control system
First Claim
1. A method for physically controlling access to a protected location comprising the steps of;
- a. establishing a secure communications connection over a network between a security controller and at least an authentication server, b. operatively coupling a security token to said security controller, c. sending a critical security parameter from said security token to said security controller for authentication, c. sending said critical security parameter to at least said authentication server via said secure communications connection, d. performing an authentication transaction by said authentication server for said critical security parameter, and e. sending a result of said authentication transaction from said authentication server to said security controller via said secure communications connection.
3 Assignments
0 Petitions
Accused Products
Abstract
An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including EEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module. These transactions allow for the updating, replacement, deletion and creation of critical security parameters, cryptographic keys, user data and applications used by the secure access module and/or security token. In another embodiment of the invention a security access module associated with the security controller locally performs local authentication transactions which are recorded in a local access list used to update a master access list maintained by the authentication server.
-
Citations
36 Claims
-
1. A method for physically controlling access to a protected location comprising the steps of;
-
a. establishing a secure communications connection over a network between a security controller and at least an authentication server, b. operatively coupling a security token to said security controller, c. sending a critical security parameter from said security token to said security controller for authentication, c. sending said critical security parameter to at least said authentication server via said secure communications connection, d. performing an authentication transaction by said authentication server for said critical security parameter, and e. sending a result of said authentication transaction from said authentication server to said security controller via said secure communications connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for physically controlling access to a protected location comprising the steps of:
-
a. establishing a secure communications connection over a network between at least an authentication server and a secure access module associated with a security controller, wherein said secure communications connection incorporates a shared secret which is maintained by said authentication server and said secure access module, b. operatively coupling a security token to said secure access module via an interface coupled to said security controller, c. sending a critical security parameter from said security token to said secure access module, d. sending said critical security parameter to said authentication server via said secure communications connection, a secure communications e. performing an authentication transaction by said authentication server via a process which incorporates said critical security parameter, f. sending a result of said authentication transaction from said authentication server to said security controller via said secure communications connection, and g. energizing an electromechanical circuit controlled by said security controller if said result is affirmative of said authentication transaction being successful. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method for performing one or more life cycle management transactions with a secure access module coupled to a security controller and a life cycle management server comprising the steps of:
-
a. establishing a secure communications connection between a secure access module and at least a life cycle management server, and b. performing one or more life cycle management transactions with said secure access module in conjunction with said at least a life cycle management server. - View Dependent Claims (18)
-
-
19. A method for physically controlling access to a protected location comprising the steps of:
-
a. sending one or more critical security parameters from one or more security tokens to a secure access module operatively coupled to a security controller for authentication, b. performing one or more authentication transactions by said secure access module using said one or more critical security parameters, c. temporarily maintaining a local access list of at least the said one or more critical security parameters which have been authenticated by said secure access module, d. sending said local access list to an authentication server, and e. updating a master access list maintained by said authentication server. - View Dependent Claims (20, 21)
-
-
22. A system for physically controlling access to a protected location comprising:
-
a security token operatively coupled to a security controller and including means for sending a critical security parameter to said security controller for authentication;
a secure access module operatively coupled to said security controller and including means for securely maintaining a shared secret established by an authentication server and incorporating said shared secret into a secure communications connection established with at least an authentication server;
an electromechanical control means operatively coupled to said security controller including means for opening a physical access gateway when energized;
said security controller including means for;
establishing said secure communications connection with at least said authentication server, sending said critical security parameter to said authentication server via said secure communications connection and energizing said electromechanical control means in response to an affirmative authentication result received from said authentication server; and
,said authentication server including means for;
establishing said secure communications with said security controller, performing an authentication transaction in response to receiving said critical security parameter from said security controller, and supplying said affirmative authentication result to said security controller via said secure communications connection following a successful authentication of said critical security parameter. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A security apparatus for physically controlling access to a protected location comprising:
a security controller including;
a processor, a memory coupled to said processor, a security token interface coupled to said processor, a network transceiver coupled to said processor, a secure access module coupled to said processor, an electromagnetic control circuit coupled to said processor, and at least one application installed in at least a portion of said memory having logical instructions executable by said processor to;
establish a secure communications connection over a network with at least an authentication server over a network via said network transceiver, perform an authentication transaction in conjunction with said authentication server for a critical security parameter received via said security token interface, receive and maintain a shared secret in said secure access module, incorporate said shared secret into said secure communications connection, and energize said electromechanical control circuit upon receipt of an affirmative authentication result associated with said authentication transaction. - View Dependent Claims (31, 32, 33, 34)
-
35. A system for performing one or more life cycle management transactions with
a secure access module coupled to a security controller and a life cycle management server comprising: -
a secure access module operatively coupled to a security controller and including means for securely performing life cycle management functions in conjunction with a life cycle management server;
said security controller including means for exchanging communications between said secure access module and said life cycle management server; and
,said life cycle server including means for securely performing one or more life cycle management transactions in conjunction with said secure access module, wherein said one or more life cycle management transactions comprises distributing, exchanging, deleting, adding or modifying one or more critical security parameters, applications or user data installed in said secure access module. - View Dependent Claims (36)
-
Specification