ACCESS CONTROL SYSTEM BASED UPON BEHAVIORAL PATTERNS
First Claim
1. A method comprising:
- providing a secured area having a plurality of security zones where access to each is controlled by an access controller;
detecting entrances to at least some of the plurality of security zones by an authorized person through respective access controllers of the plurality of zones over a predetermined previous time period;
forming a probability model of entry into each of the plurality of security zones from the detected entrances over the previous time period;
detecting access requests for the authorized user from the access controllers during a current time period; and
generating a security alert upon determining that an access request of the current access requests exceeds a probability threshold value associated with the probability model.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for detecting behavioral changes in a security system is provided. The method includes the steps of providing a secured area having a plurality of security zones where access to each is controlled by an access controller, detecting entrances to at least some of the plurality of security zones by an authorized person through respective access controllers of the plurality of zones over a predetermined previous time period, forming a probability model of entry into each of the plurality of security zones from the detected entrances over the previous time period, detecting access requests for the authorized user from the access controllers during a current time period, and generating a security alert upon determining that an access request of the current access requests exceeds a probability threshold value associated with the probability model.
-
Citations
20 Claims
-
1. A method comprising:
-
providing a secured area having a plurality of security zones where access to each is controlled by an access controller; detecting entrances to at least some of the plurality of security zones by an authorized person through respective access controllers of the plurality of zones over a predetermined previous time period; forming a probability model of entry into each of the plurality of security zones from the detected entrances over the previous time period; detecting access requests for the authorized user from the access controllers during a current time period; and generating a security alert upon determining that an access request of the current access requests exceeds a probability threshold value associated with the probability model. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
-
-
11. An apparatus comprising:
-
a secured area having a plurality of security zones where access to each is controlled by an access controller; an event log that contains detected entrances to at least some of the plurality of security zones by an authorized person through respective access controllers of the plurality of zones over a predetermined previous time period; a probability model of entry into each of the plurality of security zones formed from the detected entrances over the previous time period; access requests for the authorized user received from the access controllers during a current time period; and a security alert that is generated upon determining that an access request of the current access requests exceeds a probability threshold value associated with the probability model. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus comprising:
-
a secured area having a plurality of security zones where access to each is controlled by an access controller; means for detecting entrances to at least some of the plurality of security zones by an authorized person through respective access controllers of the plurality of zones over a predetermined previous time period; means for forming a probability model of entry into each of the plurality of security zones from the detected entrances over the previous time period; means for detecting access requests for the authorized user from the access controllers during a current time period; and means for generating a security alert upon determining that an access request of the current access requests exceeds a probability threshold value associated with the probability model.
-
Specification