Unified network and physical premises access control server

US 7,437,755 B2
Filed: 10/26/2005
Issued: 10/14/2008
Est. Priority Date: 10/26/2005
Status: Active Grant

First Claim

Patent Images

1. An access control system comprising:

a plurality of devices capable of receiving credentials for access requests, the plurality of devices comprising a physical facility device for providing access to a physical facility and a network resource device for providing access to a network resource, the physical facility device configured to receive a first access request with a credential for access to the physical facility and the network resource device configure to receive an access request with a credential for access to the network resource where the physical facility device and network resource device defer validating of the credentials and generate and send access requests including the credentials; and

a server configured to receive the access requests including the credentials and having access to a list containing authorized entities, defined by credentials, permitted to access the physical facility and the network resource based upon a certain specified criteria or policy;

said server configured to verify credentials submitted by both the physical facility device and the network resource device and issue commands to distribute and implement said policies using the physical facility device and the network resource device, the server configured to be an initial verifier of credentials received in the access requests received from both the physical facility device for accessing the physical facility and the network resource device for accessing the network resource,wherein the physical facility device receives a command from the server regarding credential verification of the credential sent in the access request and enforces access based on the command, the server being the initial verifier of the credential to enforce access at the physical facility device,wherein the network resource device receives a command from the server regarding credential verification of the credential sent in the access request and enforces access based on the command, the server being the initial verifier of the credential to enforce access at the network resource device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides an access control server that holds information pertaining to both network access and facility access. The access control server enforces policies based on location, type of resource, time of day, duration, or other events, and logs all successful and unsuccessful attempts to access a given resource whether it be on the network or at the facility. The access control server operates off a common list or table of attributes and policies, or separate lists or tables of attributes and policies that are arbitrated by a credential verification and policy engine. This unified access control server implements protocols that work with network and/or physical premises-based devices. The unified access control server allows events in the facility to be associated with events on the network and vice versa and direct policies that may be executed in the physical or network realm.

214 Citations

20 Claims

1. An access control system comprising:
- a plurality of devices capable of receiving credentials for access requests, the plurality of devices comprising a physical facility device for providing access to a physical facility and a network resource device for providing access to a network resource, the physical facility device configured to receive a first access request with a credential for access to the physical facility and the network resource device configure to receive an access request with a credential for access to the network resource where the physical facility device and network resource device defer validating of the credentials and generate and send access requests including the credentials; and
  
  a server configured to receive the access requests including the credentials and having access to a list containing authorized entities, defined by credentials, permitted to access the physical facility and the network resource based upon a certain specified criteria or policy;
  
  said server configured to verify credentials submitted by both the physical facility device and the network resource device and issue commands to distribute and implement said policies using the physical facility device and the network resource device, the server configured to be an initial verifier of credentials received in the access requests received from both the physical facility device for accessing the physical facility and the network resource device for accessing the network resource,wherein the physical facility device receives a command from the server regarding credential verification of the credential sent in the access request and enforces access based on the command, the server being the initial verifier of the credential to enforce access at the physical facility device,wherein the network resource device receives a command from the server regarding credential verification of the credential sent in the access request and enforces access based on the command, the server being the initial verifier of the credential to enforce access at the network resource device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The access control system of claim 1 wherein said list is a synchronized set of lists.
  - 3. The access control system of claim 1 wherein said list is a distributed common set of lists.
  - 4. The access control system of claim 1 wherein said devices comprise physical access control, network-connected or both physical access control and network-connected and wherein said list further containing policy for issuing instructions to modify physical resource parameters and network access parameters.
  - 5. The access control system of claim 4 wherein said physical resource parameters include lighting, heating and cooling.
  - 6. The access control system of claim 4 wherein said server further generates and transmits policy-based instructions in response to an event or combination of events to said network connected devices such that said network connected devices perform a corresponding, pre-defined action.
  - 7. The access control system of claim 1 wherein said server comprises means for ingesting, maintaining and distributing access control policies for access to physical facilities and to network resources.
  - 8. The access control system of claim 1 further comprising a frame based network.
  - 9. The access control system of claim 1 further comprising a packet-based network.
  - 10. The access control system of claim 1 further comprising a unified sewer and management station for logging attempts to access a physical facility and a network resource.
  - 11. The access control system of claim 10 further comprising means for logging policy-based instructions in response to each access attempt.
  - 12. The access control system of claim 10 further comprising means for monitoring network resources and access control events.
  - 13. The access control system of claim 10 further comprising means for implementing an access policy for regulating user access to multiple facilities and multiple networks.
  - 14. The access control system of claim 1 wherein said list and policies are integrated into a network infrastructure device.

15. A method for implementing access control policies for physical facilities and network resources at server, the method comprising:
- defining policies for an entity or a group of entities;
  
  receiving a first credential verification request for a physical resource access request from a physical resource device, the first credential verification request including first credentials, wherein the first credential request defers validating of the first credentials to the server from the physical facility device;
  
  receiving a second credential verification request for a network-based resource access request from a network-based resource device, the second credential verification request including second credentials, wherein the second credential request defers validating of the second credentials to the server from the physical facility device;
  
  verifying, at the server, the first credential verification request based on a policy in said policies, the verifying by the server being an initial verifier of the first credentials;
  
  verifying, at the server, the second credential verification request based on a policy in said policies, the verifying by the server being an initial verifier of the second credentials;
  
  sending a first response to the first credential verification request to the physical resource device based on the verification of the first credential verification request, wherein the first response allows the physical resource device to enforce access based on the first response; and
  
  sending a second response to the second credential verification request to the network-based resource device based on the verification of the second credential verification requests, wherein the second response allows the network-based resource device to enforce access based on the second response.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15 wherein said policies are defined by correlating and specifying events in the physical realm with events or access of network resources.
  - 17. The method of claim 15 further comprising:
    - associating physical resource access requests or events with network-based resource access requests or events from a given entity or group of entities.
  - 18. The method of claim 17 further comprising:
    - correlating and specifying access to said network resources with events in the physical realm.

19. A method of managing access to physical and network-based assets at a server, the method comprising:
- provisioning a unified list with user credentials that define access fights to physical facilities and network resources, said unified list farther including user information that defines access rights to network resources and physical facilities;
  
  managing, at a server, access to physical and network-based assets from a common platform, wherein the common platform verifies user credentials for access to the physical facilities and network resources, the server being an initial verifier of user credentials in access requests received from the physical facilities and network resources; and
  
  sending verification responses to the physical facilities and network resources based on the server verifications to allow the physical facilities and the network resources to enforce access, the physical facilities and network resources deferring verification of the user credentials to the server.

20. An apparatus configured to implement access control policies for physical facilities and network resources, the apparatus comprising:
- one or more processors; and
  
  logic encoded in one or more tangible media for execution by the one or more processors and when executed operable to;
  
  define policies for an entity or a group of entities;
  
  receive a first credential verification request for a physical resource access request from a physical resource device, the first credential verification request including first credentials, wherein the first credential request defers validating of the first credentials to the apparatus from the physical facility device;
  
  receive a second credential verification request for a network-based resource access request from a network-based resource device, the second credential verification request including second credentials, wherein the second credential request defers validating of the second credentials to the apparatus from the physical facility device;
  
  verify the first credential verification request based on a policy in said policies, the verification by the apparatus being an initial verifier of the first credentials;
  
  verify the second credential verification request based on a policy in said policies, the verification by the apparatus being an initial verifier of the second credentials;
  
  send a first response to the first credential verification request to the physical resource device based on the verification of the first credential verification request, wherein the first response allows the physical resource device to enforce access based on the first response; and
  
  send a second response to the second credential verification request to the network-based resource device based on the verification of the second credential verification request, wherein the second response allows the network-base resource device to enforce access based on the second response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Beliles, Robert Pryor Jr., Kolar, Mark Anthony, Farino, Mark William, Twinam, David Christopher
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Lemma; Samson B

Application Number

US11/260,532
Publication Number

US 20070094716A1
Time in Patent Office

1,084 Days
Field of Search

726/5, 726/2, 726/12
US Class Current

726/5
CPC Class Codes

G07C 9/27   with central registration

G07C 9/38   with central registration

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

Unified network and physical premises access control server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

214 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Unified network and physical premises access control server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

214 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links