SYSTEM AND METHOD FOR SECURE AND DISTRIBUTED PHYSICAL ACCESS CONTROL USING SMART CARDS
First Claim
Patent Images
1. A method of controlling access to a resource comprising:
- reading a first code from a user carried device, wherein the first code comprises an encoded form of at least an ID of a user and at least one privilege, and wherein the privilege embodies a policy defining the user'"'"'s access to the resource;
comparing the first code to a second code; and
,permitting access only if the first code compares favorably to the second code.
1 Assignment
0 Petitions
Accused Products
Abstract
A first code is read from a user carried device useable in an access control system. The first code is an encoded form of at least an ID of a user carrying the device and at least one privilege. The privilege defines the user'"'"'s access to a resource. The first code is compared to a second code, and access is permitted only if the first code compares favorably to the second code. A reader of the access control system computes the second code based on the user ID and the privilege. The first and second codes may be also based on a secret key applicable only to the user.
75 Citations
34 Claims
-
1. A method of controlling access to a resource comprising:
-
reading a first code from a user carried device, wherein the first code comprises an encoded form of at least an ID of a user and at least one privilege, and wherein the privilege embodies a policy defining the user'"'"'s access to the resource; comparing the first code to a second code; and
,permitting access only if the first code compares favorably to the second code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of controlling access to a resource comprising:
-
storing a first code on a user carried device, wherein the first code is based on at least an ID of a user, at least one privilege, a first secret key, and an encoding function, and wherein the privilege defines the user'"'"'s access to the resource; computing a second code from the user ID, the privilege, a second secret key, and the encoding function, wherein the first and second secret keys are symmetrical, and wherein the second secret key is stored in a user carried device reader; comparing the first code to a second code; and
,permitting access only if the first code compares favorably to the second code. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A reader of an access control system that controls access to a resource comprising:
-
a memory that stores a secret key; and
,a processor that reads the secret key from the memory, that reads an ID of a user, at least one privilege, and a first code from an user carried device carried by the user, that computes a second code based on the secret key read from the memory and the user ID and privilege read from the user carried device, that compares the first code to the second code, and that permits access to the resource based on the comparison, wherein the privilege defines the user'"'"'s access to the resource, and wherein the first code comprises an encoded form of at least the user ID and the privilege. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A user carried device for use by an access control system that controls access to a resource comprising:
-
a memory that stores an ID of a user, at least one privilege, and a hash value, wherein the hash value is based on an application of a hash function to encrypted data, wherein the encrypted data is based on the user ID, the privilege, and a key, and wherein the privilege embodies a policy governing the user'"'"'s access to the resource; and
,an interface that communicates the user ID, the privilege, and the hash value to a reader of the access control system. - View Dependent Claims (33, 34)
-
Specification