Architecture For Access Management

US 20180077151A1
Filed: 05/15/2017
Published: 03/15/2018
Est. Priority Date: 09/09/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprises:

listening by a guest user device for a beacon from a security system, the beacon including a message;

initiating by the guest user device a transaction with a kiosk in response to the message that causes a user wallet to send a user public key stored in the user wallet to the security server;

requesting by the user wallet from a security wallet of the security system an access code having a facility public key and a universal identifier credential exchange mechanism that allows a guest user wallet to verify the facility under control of an entity that issues its own credentials, by the facility having a unique certificate;

testing the facility public key and the universal identifier to determine whether they are legitimate;

sending by the user wallet a user profile corresponding the user associated with the user device to the security server when the public key and identifier are determined to be legitimate; and

receiving an access status message.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are techniques that use devices with corresponding identity wallet applications that execute on an electronic processor device of the devices, and which identity wallets store identity information and encrypt the stored identity information. A distributed ledger system, and a broker system that interfaces to the wallet and the distributed ledger are used for various information exchange cases pertaining to access to facilities. In particular, disclosed is a registration process to register an identity wallet with a facility.

19 Citations

12 Claims

1. A method comprises:
- listening by a guest user device for a beacon from a security system, the beacon including a message;
  
  initiating by the guest user device a transaction with a kiosk in response to the message that causes a user wallet to send a user public key stored in the user wallet to the security server;
  
  requesting by the user wallet from a security wallet of the security system an access code having a facility public key and a universal identifier credential exchange mechanism that allows a guest user wallet to verify the facility under control of an entity that issues its own credentials, by the facility having a unique certificate;
  
  testing the facility public key and the universal identifier to determine whether they are legitimate;
  
  sending by the user wallet a user profile corresponding the user associated with the user device to the security server when the public key and identifier are determined to be legitimate; and
  
  receiving an access status message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising:
    - storing the transaction in a distributed ledger system that is a sequential transaction database that comprises plural distributed database systems and network interface device that stores records of personally identifiable information;
  - 3. The method of claim 1 further comprising:
    - storing the facility public key and universal identifier on the user device, with the user device, with facility public key being embedded in a code.
  - 4. The method of claim 1 wherein the security access code having the embedded facility public key is in a matrix barcode.
  - 5. The method of claim 1 wherein the facility public key and facility universal identifier are specific to a single physical facility.
  - 6. The method of claim 1 wherein the universal identifier is based on a Universally Unique Identifier (UUID) identifier standard that uses a 128-bit value.
  - 7. The method of claim 1 further comprising:
    - sending a challenge message that comprises tokens that assert a claim and which tokens are signed.
  - 8. The method of claim 7 wherein the challenge message is a JWT message that follows the JSON Web Token (JWT) format.
  - 9. The method of claim 8 wherein the JWT message is used by the door reader to cause access to be granted.
  - 10. The system of claim 7 wherein the tokens are signed by a private key associated with the user'"'"'s public key, such that the door application is able to verify that the tokens are legitimate.
  - 11. The system of claim 7 wherein the tokens are claims that are used to pass identity of authenticated users between an identity provider that is the user device and a service provider that is the door app.

12. A system comprises:
- a device that issues a beacon, the beacon including a message to cause a user device to initiate a transaction with a kiosk in response to the message with the message causing a user wallet to send a user public key stored in the user wallet to the security server;
  
  send in response to a request by the user wallet, an access code having a facility public key and a universal identifier credential exchange mechanism from a security wallet of the security system, which allow the user wallet to verify the facility under control of an entity that issues its own credentials, by the facility having a unique certificate;
  
  testing the facility public key and the universal identifier to determine whether they are legitimate;
  
  sending by the user wallet a user profile corresponding the user associated with the user device to the security server when the public key and identifier are determined to be legitimate; and
  
  receiving an access status message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Johnson Controls Tyco IP Holdings LLP (Johnson Controls International plc)
Original Assignee
Tyco Integrated Security LLC (Johnson Controls International plc)
Inventors
Campero, Richard, Davis, Sean, Jarvis, Graeme, Rumble, Terezinha

Granted Patent

US 11,010,754 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/27   Replication, distribution o...

G06F 17/142   Fast Fourier transforms, e....

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/45   Structures or tools for the...

G06F 21/6218   to a system of files or obj...

G06F 21/6263   during internet communicati...

G06F 9/451   Execution arrangements for ...

G06Q 20/363   with the personal data of a...

G06Q 20/3674   involving authentication

G06Q 20/389   Keeping log of transactions...

G06Q 2220/00   Business processing using c...

G07C 9/00   Individual registration on ...

G07C 9/00182   operated with unidirectiona...

G07C 9/28   the pass enabling tracking ...

G07F 7/0826   Embedded security module

G08B 13/19682   Graphic User Interface [GUI...

H04L 51/58   Message adaptation for wire...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/0853 : using an additional device,...

H04L 63/0861 : using biometrical features,...

H04L 63/101 : Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/107 : wherein the security polici...

H04L 63/18 : using different networks or...

H04L 63/20 : for managing network securi...

H04L 9/06 : the encryption apparatus us...

H04L 9/08 : Key distribution or managem...

H04L 9/0825 : using asymmetric-key encryp...

H04L 9/30 : Public key, i.e. encryption...

H04L 9/32 : including means for verifyi...

H04L 9/3213 : using tickets or tokens, e....

H04L 9/3242 : involving keyed hash functi...

H04W 12/06 : Authentication

H04W 12/068 : using credential vaults, e....

H04W 12/069 : using certificates or pre-s...

H04W 12/08 : Access security

H04W 12/084 : using delegated authorisati...

H04W 4/021 : Services related to particu...

View All

Architecture For Access Management

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Architecture For Access Management

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links