PHYSICAL ACCESS MANAGEMENT USING A DOMAIN CONTROLLER

US 20170046890A1
Filed: 08/11/2015
Published: 02/16/2017
Est. Priority Date: 08/11/2015
Status: Abandoned Application

First Claim

Patent Images

9. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:

a credential input interface configured to receive authentication credentials from a user;

a communications interface communicatively coupled to an access control device associated with the access-controlled area and a domain controller associated with the access control system, the domain controller managing a directory service comprising a plurality of user entries, each user entry of the plurality of user entries comprising physical access attribute information;

a processor communicatively coupled to the credential input interface and the communications interface;

a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing instructions that, when executed by the processor, cause the processor to;

generate, based on the received authentication credentials, a physical access authentication request;

transmit, via the communications interface, the physical access authentication request and the authentication credentials to the domain controller;

receive, from the domain controller, an authentication response, the authentication response being generated by the domain controller based on a comparison of the authentication credentials with the physical access attribute information included in the directory service;

generate, based on the authentication response, an access control signal configured to implement an access control action by the access control device allowing the user physical access to the access-controlled area; and

transmit, via the communications interface, the access control signal to the access control device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for managing physical access to an access-controlled area using a domain controller. In certain embodiments, physical access attribute and/or credential information may be managed as part of a user entry in a directory service managed by the domain controller. Using this information, the domain controller and/or a communicatively coupled access control system may perform physical access control determinations based on physical access control requests received from a user wishing to gain physical access to an access-controlled area.

7 Citations

View as Search Results

20 Claims

9. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
- a credential input interface configured to receive authentication credentials from a user;
  
  a communications interface communicatively coupled to an access control device associated with the access-controlled area and a domain controller associated with the access control system, the domain controller managing a directory service comprising a plurality of user entries, each user entry of the plurality of user entries comprising physical access attribute information;
  
  a processor communicatively coupled to the credential input interface and the communications interface;
  
  a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing instructions that, when executed by the processor, cause the processor to;
  
  generate, based on the received authentication credentials, a physical access authentication request;
  
  transmit, via the communications interface, the physical access authentication request and the authentication credentials to the domain controller;
  
  receive, from the domain controller, an authentication response, the authentication response being generated by the domain controller based on a comparison of the authentication credentials with the physical access attribute information included in the directory service;
  
  generate, based on the authentication response, an access control signal configured to implement an access control action by the access control device allowing the user physical access to the access-controlled area; and
  
  transmit, via the communications interface, the access control signal to the access control device.
- View Dependent Claims (10, 11, 12, 20)
- - 10. The access control system of claim 9, wherein the authentication credentials comprise at least one of a personal identification number, a password, a passphrase, a response to a challenge, a pattern, information stored on a card, information stored on a security token, information stored on a hardware token, information stored on a software token, and biometric identification information.
  - 11. The access control system of claim 9, wherein the access control signal is configured to cause the access control device to actuate a lock associated with the access-controlled area.
  - 12. The access control system of claim 9, wherein the access control signal is configured to cause the access control device to change a status of an alarm system associated with the access-controlled area.
  - 20. The method of claim 12, wherein the method further comprises:
    - generating, based on the authentication response, audited access information regarding access to the access-controlled area by the user.

13. A method performed by a domain controller for managing physical access to an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
- receiving a physical access authentication request and authentication credentials provided by a user from a communicatively coupled access control system associated with the access-controlled area;
  
  identifying, based on the physical access authentication request, physical access attribute information associated with a user entry included in a directory service managed by the domain controller;
  
  determining, based on the physical access attribute information, whether the authentication credentials are associated with an individual having current access rights to the access-controlled area;
  
  generating, based on the determination, an authentication response indicating whether the authentication credentials are associated with an individual having current access rights to the access-controlled area; and
  
  transmitting the authentication response to the access control system.
- View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 8, 14, 15, 17, 18, 19)
- - 1. A domain controller configured to manage physical access to an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
    - a communications interface configured to receive a physical access authentication request and authentication credentials from a communicatively coupled access control system associated with the access-controlled area;
      
      a processor communicatively coupled to the communications interface; and
      
      a computer-readable storage medium communicatively coupled to the processor and the communications interface, the computer-readable storage medium storing instructions that, when executed by the processor, cause the processor to;
      
      identify, based on the physical access authentication request, physical access attribute information associated with a user entry included in a directory service managed by the domain controller, the directory service being stored on the computer-readable storage medium;
      
      determine, based on the physical access attribute information, whether the authentication credentials are associated with an individual having current access rights to the access-controlled area;
      
      generate, based on the determination, an authentication response indicating whether the authentication credentials are associated with an individual having current access rights to the access-controlled area; and
      
      transmit, using the communications interface, the authentication response to the access control system.
  - 2. The domain controller of claim 1, wherein the authentication credentials comprise at least one of a personal identification number, a password, a passphrase, a response to a challenge, a pattern, information stored on a card, information stored on a security token, information stored on a hardware token, information stored on a software token, and biometric identification information.
  - 3. The domain controller of claim 1, wherein the physical access attribute information comprises at least one credential issued to a user.
  - 4. The domain controller of claim 3, wherein the physical access attribute information further comprises at least one of a personal identification number, a password, a passphrase, a response to a challenge, a pattern, information stored on a card, information stored on a security token, information stored on a hardware token, information stored on a software token, and biometric identification information.
  - 5. The domain controller of claim 1, wherein determining whether the authentication credentials are associated with an individual having current access rights to the access-controlled area comprises:
    - comparing the authentication credentials with the physical access attribute information; and
      
      determining that the received authentication credentials match the physical access attribute information.
  - 6. The domain controller of claim 1, wherein the authentication response is configured to cause the access control system to generate an access control signal configured to cause an access control device to actuate a lock associated with the access-controlled area.
  - 7. The domain controller of claim 1, wherein the authentication response is configured to cause the access control system to generate an access control signal configured to cause the access control device to change a status of an alarm system associated with the access-controlled area.
  - 8. The domain controller of claim 1, wherein the directory service further comprises access rights information associating the user entry with computing resources including in at least one computing domain managed by the domain controller.
  - 14. The method of claim 13, wherein the authentication credentials comprise at least one of a personal identification number, a password, a passphrase, a response to a challenge, a pattern, information stored on a card, information stored on a security token, information stored on a hardware token, information stored on a software token, and biometric identification information.
  - 15. The method of claim 13, wherein the physical access attribute information comprises at least one credential issued to a user.
  - 17. The method of claim 15, wherein the physical access attribute information further comprises at least one of a personal identification number, a password, a passphrase, a response to a challenge, a pattern, information stored on a card, information stored on a security token, information stored on a hardware token, information stored on a software token, and biometric identification information.
  - 18. The method of claim 13, wherein the authentication response is configured to cause the access control system to generate an access control signal configured to cause an access control device to actuate a lock associated with the access-controlled area.
  - 19. The method of claim 13, wherein the authentication response is configured to cause the access control system to generate an access control signal configured to cause the access control device to change a status of an alarm system associated with the access-controlled area.

17-1. The method of claim 13, wherein determining whether the authentication credentials are associated with an individual having current access rights to the access-controlled area comprises:
- comparing the authentication credentials with the physical access attribute information; and
  
  determining that the received authentication credentials match the physical access attribute information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Schweitzer Engineering Laboratories, Incorporated
Original Assignee
Schweitzer Engineering Laboratories, Incorporated
Inventors
Smith, Rhett, Masters, George W.

Application Number

US14/823,210
Publication Number

US 20170046890A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G07C 2209/04   Access control involving a ...

G07C 9/00182   operated with unidirectiona...

G07C 9/00571   operated by interacting wit...

G07C 9/22   in combination with an iden...

PHYSICAL ACCESS MANAGEMENT USING A DOMAIN CONTROLLER

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PHYSICAL ACCESS MANAGEMENT USING A DOMAIN CONTROLLER

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links