System and Method for Policy Enforcement and Token State Monitoring

US 20110010766A1
Filed: 09/20/2010
Published: 01/13/2011
Est. Priority Date: 09/01/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for policy verification in physical access systems, the method comprising:

receiving a request for access from a requesting entity at a point of access within a physical access system;

obtaining profile information for the requesting entity;

creating a profile ticket comprising the profile information;

forwarding the profile ticket to a policy engine server;

using the profile ticket to generate at least one request specific policy;

evaluating the request for access against the request specific policy to generate an access decision; and

granting access to the requesting entity at the point of access in accordance with the access decision.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for monitoring the state of a token and communication exchanges between the token containing an embedded integrated circuit chip and a system are provided. Communications between the token and the system are established and the exchanged of commands and responses between the token and the system are monitored and evaluated for compliance with an identified policy. The identified policy contains lists of impermissible commands, responses and content, and delivery of the commands and responses is contingent upon compliance with the identified policy. The token is in communication with a token reader which communicates with the system using token reader driver software. Either the token reader driver software or the token itself is adapted to provide for the desired monitoring, evaluation and policy enforcement. Systems and methods are also provided that enforce policies at access points within a physical access system. The physical access system can be used in combination with tokens.

25 Citations

View as Search Results

14 Claims

1. A method for policy verification in physical access systems, the method comprising:
- receiving a request for access from a requesting entity at a point of access within a physical access system;
  
  obtaining profile information for the requesting entity;
  
  creating a profile ticket comprising the profile information;
  
  forwarding the profile ticket to a policy engine server;
  
  using the profile ticket to generate at least one request specific policy;
  
  evaluating the request for access against the request specific policy to generate an access decision; and
  
  granting access to the requesting entity at the point of access in accordance with the access decision.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13, 14)
- - 2. The method of claim 1, wherein the step of gathering profile information comprises using interface devices located at the point of access to obtain the profile information.
  - 3. The method of claim 1, wherein the step of creating the profile ticket comprises creating the profile ticket at a field panel within the physical access system.
  - 4. The method of claim 1, further comprising reviewing the profile information contained in the profile ticket and gathering additional information.
  - 5. The method of claim 4, wherein the additional information comprises threat condition, time of day, day of week, date, holiday status, existence of classified meetings or combinations thereof.
  - 6. The method of claim 4, wherein the step of using the profile ticket to generate at least one request specific policy further comprises matching the profile information and the additional gathered information to a pre-defined policy.
  - 7. The method of claim 6, wherein the step of matching the profile information further comprises matching the profile information and gathered information to at least one policy from a list of pre-defined policies.
  - 8. The method of claim 1, further comprising determining if additional data are needed to evaluate the request for access against the identified policy.
  - 9. The method of claim 8, further comprising:
    - identifying additional data needed to perform the evaluation;
      
      creating a list of tasks sufficient to obtain the additional data;
      
      adding the list of tasks to the profile ticket to create a task request ticket;
      
      forwarding the task request ticket to at least one field panel within the physical access system;
      
      obtaining the additional data using the list of tasks;
      
      adding the obtained additional data to the task request ticket to create an updated profile ticket; and
      
      forwarding the updated profile ticket to the policy engine server.
  - 10. The method of claim 9, wherein the step of evaluating the request for access further comprises using the additional data to evaluate the request for access against the request specific policy to generate an access decision.
  - 13. The method of claim 1, further comprising adding the access decision to the profile ticket to create an access decision ticket and forwarding the access decision ticket to one or more field panels within the physical access system.
  - 14. The method of claim 1, wherein the step of granting access to the requesting entity at the point of access in accordance with the access decision further comprises using a field panel within the physical access system to grant access in accordance with the access decision.

11. The method of calm 1, wherein the step of evaluating the request further comprises identifying one or more actions to be taken at the point of access.
- View Dependent Claims (12)
- - 12. The method of claim 11, wherein the action to be taken comprises granting access, denying access, providing feedback to the requesting entity, notifying a third party, securing the point of access or combinations thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Eric Arnold Hildre, Theodore Delano Putnam
Original Assignee
Eric Arnold Hildre, Theodore Delano Putnam
Inventors
HILDRE, Eric Arnold, PUTNAM, Theodore Delano

Application Number

US12/886,208
Publication Number

US 20110010766A1
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/60   Digital content management,...

H04L 51/00   User-to-user messaging in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/006   involving public key infras...

H04L 9/3234   involving additional secure...

H04L 9/3268   using certificate validatio...

H04L 9/40   Network security protocols

System and Method for Policy Enforcement and Token State Monitoring

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Policy Enforcement and Token State Monitoring

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links