UNIVERSAL VALIDATION MODULE FOR ACCESS CONTROL SYSTEMS

US 20130194064A1
Filed: 11/09/2012
Published: 08/01/2013
Est. Priority Date: 10/29/2009
Status: Active Grant

First Claim

Patent Images

1. A validation device for an access control system, comprising:

modular communication interfaces that provide coupling to the access control system;

at least one processor; and

a computer readable storage medium storing executable code that is executable by the at least one processor, the computer readable storage medium including;

executable code that receives cardholder data in connection with an access request at an access point controlled by the access control system;

executable code that validates the cardholder data;

executable code that, after validation of the cardholder data, extracts ID information from the validated cardholder data; and

executable code that sends the extracted ID information to an access decision component of the access control system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A validation module provides for the upgrading of a physical access control system (PACS) to full HSPD-12 compliance without requiring modification or replacement of the existing PACS. The validation module may contain all of the validation functionality required by federal specifications and technical requirements. The validation module may be installed between an existing PACS panel and a supported card/biometric reader. Readers may be selected based on assurance level requirements, e.g., contactless or contact readers for low and medium assurance level areas and full biometric readers for high assurance areas. The validation module may validate a card according to the assurance level setting, extract ID information from data on the card and then pass the ID information to the PACS panel for an access decision. Cardholder data captured by one validation module may be distributed to other validation modules of the PACS using a management station.

Citations

23 Claims

1. A validation device for an access control system, comprising:
- modular communication interfaces that provide coupling to the access control system;
  
  at least one processor; and
  
  a computer readable storage medium storing executable code that is executable by the at least one processor, the computer readable storage medium including;
  
  executable code that receives cardholder data in connection with an access request at an access point controlled by the access control system;
  
  executable code that validates the cardholder data;
  
  executable code that, after validation of the cardholder data, extracts ID information from the validated cardholder data; and
  
  executable code that sends the extracted ID information to an access decision component of the access control system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21)
- - 2. The validation device according to claim 1, wherein the modular communication interfaces include:
    - a first communication port that couples to at least one reader of the access control system and enables the validation device to receive the cardholder data from the at least one reader; and
      
      a second communication port that couples to the access decision component of the access control system and enables the validation device to send the extracted ID information to the access decision component.
  - 3. The validation device according to claim 2, wherein the modular communication interfaces further include:
    - a third communication port that couples to a management station.
  - 4. The validation device according to claim 3, wherein the computer readable storage medium further includes:
    - executable code that exchanges information with the management station.
  - 5. The validation device according to claim 1, wherein the executable code that validates the cardholder data includes executable code that authenticates the cardholder data according to an authentication mechanism.
  - 6. The validation device according to claim 5, wherein the authentication mechanism is at least one of:
    - cardholder unique identifier (CHUID), card authentication key (CAK), NV authentication key (PKI), and biometric authentication (BIO).
  - 7. The validation device according to claim 1, wherein the executable code that validates the cardholder data performs certificate path discovery and validation to a trusted authority.
  - 8. The validation device according to claim 1, the computer readable storage medium further including:
    - executable code that performs enrollment processing for cardholder data that is identified as being used for a first time with the access control system.
  - 9. The validation device according to claim 8, wherein the enrollment processing includes capturing and storing certificates of the cardholder data that is identified as being used for the first time.
  - 21. The validation device according to claim 1, wherein the attribute is from a source different from both the access control system and the cardholder data presented by the cardholder.

10. A non-transitory computer readable medium storing executable code executable by the at least one processor, the computer readable storage medium comprising:
- executable code that receives cardholder data in connection with an access request at an access point controlled, by the access control system;
  
  executable code that validates the cardholder data;
  
  executable code that, after validation of the cardholder data, extracts ID information from the validated cardholder data; and
  
  executable code that sends the extracted ID information to an access decision component of the access control system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 22)
- - 11. The non-transitory computer readable medium according to claim 10, further comprising:
    - executable code that exchanges information with a management station.
  - 12. The non-transitory computer readable medium according to claim 10, wherein the executable code that validates the cardholder data includes executable code that authenticates the cardholder data according to an authentication mechanism.
  - 13. The non-transitory computer readable medium according to claim 12, wherein the authentication mechanism is at least one of:
    - cardholder unique identifier (CHUID), card authentication key (CAK), PIV authentication key (PKI), and biometric authentication (BIO).
  - 14. The non-transitory computer readable medium according to claim 10, wherein the executable code that validates the cardholder data performs certificate path discovery and validation to a trusted authority.
  - 15. The non-transitory computer readable medium according to claim 10, further comprising:
    - executable code that performs enrollment processing for cardholder data that is identified as being used for a first time with the access control system.
  - 16. The non-transitory computer readable medium according to claim 15, wherein the enrollment processing includes capturing and storing certificates of the cardholder data that is identified as being used for the first time.
  - 22. The non-transitory computer readable medium according to claim 10, wherein the attribute is from a source different from both the access control system and the cardholder data presented by the cardholder.

17. An access control system, comprising:
- an access decision component that controls access through an access point;
  
  a reader disposed at the access point that extracts cardholder data from a credential presented at the access point;
  
  a validation module coupled to the reader and the access decision component, wherein the validation module includes;
  
  modular communication interfaces that couple the at least one validation module to the access decision component;
  
  at least one processor; and
  
  a computer readable storage medium storing executable code executable by the at least one processor, the computer readable storage medium including;
  
  executable code that receives the cardholder data from the reader;
  
  executable code that validates the cardholder data;
  
  executable code that, after validation of the cardholder data, extracts ID information from the validated cardholder data; and
  
  executable code that sends the extracted ID information to the access decision component.
- View Dependent Claims (18, 19, 20, 23)
- - 18. The access control system according to claim 17, wherein the modular communication interfaces include:
    - a first communication port that couples the validation module to the reader and enables the validation module to receive the cardholder data from the reader; and
      
      a second communication port that couples the validation module to the access decision component and that enables the validation device to send the extracted ID information to the access decision component.
  - 19. The access control system according to claim 17, further comprising:
    - a management station coupled to the validation module and coupled to at least one additional validation module, wherein the management station manages information distributed between the validation module and the at least one additional validation module.
  - 20. The access control system according to claim 17, further comprising:
    - an enrollment module that performs enrollment processing for cardholder data that is identified as being used for a first time with the access control system.
  - 23. The access control system according to claim 17, wherein the attribute is from a source different from both the access control system and the cardholder data presented by the cardholder.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
John J. Mcgeachie
Inventors
MCGEACHIE, John J.

Granted Patent

US 9,092,016 B2
Time in Patent Office

Days
Field of Search
US Class Current

340/5.6
CPC Class Codes

G05B 1/00   Comparing elements, i.e. el...

G05B 2219/36542   Cryptography, encrypt, acce...

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G06F 2221/2153   Using hardware token as a s...

G07C 2209/02   Access control comprising m...

G07C 9/257   electronically G07C9/26 tak...

G07C 9/27   with central registration

H04L 63/0823   using certificates cryptogr...

H04L 63/0861   using biometrical features,...

UNIVERSAL VALIDATION MODULE FOR ACCESS CONTROL SYSTEMS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

UNIVERSAL VALIDATION MODULE FOR ACCESS CONTROL SYSTEMS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links