System and Method for Policy Enforcement and Token State Monitoring
First Claim
1. A method for policy verification in physical access systems, the method comprising:
- receiving a request for access from a requesting entity at a point of access within a physical access system;
obtaining profile information for the requesting entity;
creating a profile ticket comprising the profile information;
forwarding the profile ticket to a policy engine server;
using the profile ticket to generate at least one request specific policy;
evaluating the request for access against the request specific policy to generate an access decision; and
granting access to the requesting entity at the point of access in accordance with the access decision.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for monitoring the state of a token and communication exchanges between the token containing an embedded integrated circuit chip and a system are provided. Communications between the token and the system are established and the exchanged of commands and responses between the token and the system are monitored and evaluated for compliance with an identified policy. The identified policy contains lists of impermissible commands, responses and content, and delivery of the commands and responses is contingent upon compliance with the identified policy. The token is in communication with a token reader which communicates with the system using token reader driver software. Either the token reader driver software or the token itself is adapted to provide for the desired monitoring, evaluation and policy enforcement. Systems and methods are also provided that enforce policies at access points within a physical access system. The physical access system can be used in combination with tokens.
25 Citations
14 Claims
-
1. A method for policy verification in physical access systems, the method comprising:
-
receiving a request for access from a requesting entity at a point of access within a physical access system; obtaining profile information for the requesting entity; creating a profile ticket comprising the profile information; forwarding the profile ticket to a policy engine server; using the profile ticket to generate at least one request specific policy; evaluating the request for access against the request specific policy to generate an access decision; and granting access to the requesting entity at the point of access in accordance with the access decision. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13, 14)
-
- 11. The method of calm 1, wherein the step of evaluating the request further comprises identifying one or more actions to be taken at the point of access.
Specification