System and method for policy enforcement and token state monitoring
First Claim
1. A method for monitoring the state of a token, the method comprising:
- establishing communication between a token and a system;
monitoring an exchange of commands from the system to the token and of responses from the token to the system;
identifying a policy to be applied to the exchange of commands;
evaluating the exchange of commands and responses for compliance with the identified policy; and
controlling the exchange of commands and responses in accordance with the policy compliance evaluation.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for monitoring the state of a token and communication exchanges between the token containing an embedded integrated circuit chip and a system are provided. Communications between the token and the system are established and the exchanged of commands and responses between the token and the system are monitored and evaluated for compliance with an identified policy. The identified policy contains lists of impermissible commands, responses and content, and delivery of the commands and responses is contingent upon compliance with the identified policy. The token is in communication with a token reader which communicates with the system using token reader driver software. Either the token reader driver software or the token itself is adapted to provide for the desired monitoring, evaluation and policy enforcement. Systems and methods are also provided that enforce policies at access points within a physical access system. The physical access system can be used in combination with tokens.
-
Citations
38 Claims
-
1. A method for monitoring the state of a token, the method comprising:
-
establishing communication between a token and a system;
monitoring an exchange of commands from the system to the token and of responses from the token to the system;
identifying a policy to be applied to the exchange of commands;
evaluating the exchange of commands and responses for compliance with the identified policy; and
controlling the exchange of commands and responses in accordance with the policy compliance evaluation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A token firewall comprising:
-
a token comprising an embedded integrated circuit chip;
a token reader capable of communicating with the embedded integrated circuit chip;
a token reader driver that provides communication between the token reader and a system with which the token interacts, the token reader driver comprising;
a communication monitor capable of monitoring an exchange of commands from the system to the token and of responses from the token to the system;
a policy engine capable of analyzing the exchange of commands and responses for compliance with a pre-defined policy; and
a communication controller capable of prohibiting delivery of commands and responses that are not in compliance with the pre-defined policy. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A method for policy verification in physical access systems, the method comprising:
-
receiving a request for access from a requesting entity at a point of access within a physical access system;
obtaining profile information for the requesting entity;
creating a profile ticket comprising the profile information;
forwarding the profile ticket to a policy engine server;
using the profile ticket to generate at least one request specific policy;
evaluating the request for access against the request specific policy to generate an access decision; and
granting access to the requesting entity at the point of access in accordance with the access decision. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38)
-
- 35. The method of calm 25, wherein the step of evaluating the request further comprises identifying one or more actions to be taken at the point of access.
Specification