REALIZATION OF ACCESS CONTROL CONDITIONS AS BOOLEAN EXPRESSIONS IN CREDENTIAL AUTHENTICATIONS
First Claim
Patent Images
1. A method comprising:
- detecting the presence of a first credential in proximity to a reader;
determining that group authentication is required to make an access control decision; and
invoking a group authentication process that includes;
exchanging data between the reader and the first credential;
obtaining a first value based on the exchange of data between the reader and the first credential;
exchanging data between the reader and a second credential;
obtaining a second value based on the exchange of data between the reader and the second credential;
analyzing a group authentication rule with the first and second values; and
making a group authentication decision based on the analysis step.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, reader, and system are provided for performing group authentication processes. In particular, a group access decision can be made upon the analysis of a group rule. The group rule may contain a Boolean expression including one or more Boolean conditions. If an appropriate group of credentials are presented to a reader such that the Boolean expression is satisfied, then the group of credentials and the holders thereof are allowed access to a protected asset.
-
Citations
22 Claims
-
1. A method comprising:
-
detecting the presence of a first credential in proximity to a reader; determining that group authentication is required to make an access control decision; and invoking a group authentication process that includes; exchanging data between the reader and the first credential; obtaining a first value based on the exchange of data between the reader and the first credential; exchanging data between the reader and a second credential; obtaining a second value based on the exchange of data between the reader and the second credential; analyzing a group authentication rule with the first and second values; and making a group authentication decision based on the analysis step. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An access control system, comprising:
-
memory including instructions in the form of machine-readable code, the instructions including an authentication module and authentication data; a processor, configured to execute the instructions stored in the memory; and wherein the authentication module is configured to detect the presence of a first credential in proximity to a reader, determine that group authentication is required to make an access control decision, and invoke a group authentication process that includes; exchanging data between the reader and the first credential; obtaining a first value based on the exchange of data between the reader and the first credential; exchanging data between the reader and a second credential; obtaining a second value based on the exchange of data between the reader and the second credential; analyzing a group authentication rule contained within the authentication data with the first and second values; and making a group authentication decision based on the analysis step. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification