Unified network and physical premises access control server
First Claim
1. An access control system comprising:
- a plurality of devices capable of receiving credentials for access requests, the plurality of devices comprising a physical facility device for providing access to a physical facility and a network resource device for providing access to a network resource, the physical facility device configured to receive a first access request with a credential for access to the physical facility and the network resource device configure to receive an access request with a credential for access to the network resource where the physical facility device and network resource device defer validating of the credentials and generate and send access requests including the credentials; and
a server configured to receive the access requests including the credentials and having access to a list containing authorized entities, defined by credentials, permitted to access the physical facility and the network resource based upon a certain specified criteria or policy;
said server configured to verify credentials submitted by both the physical facility device and the network resource device and issue commands to distribute and implement said policies using the physical facility device and the network resource device, the server configured to be an initial verifier of credentials received in the access requests received from both the physical facility device for accessing the physical facility and the network resource device for accessing the network resource,wherein the physical facility device receives a command from the server regarding credential verification of the credential sent in the access request and enforces access based on the command, the server being the initial verifier of the credential to enforce access at the physical facility device,wherein the network resource device receives a command from the server regarding credential verification of the credential sent in the access request and enforces access based on the command, the server being the initial verifier of the credential to enforce access at the network resource device.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides an access control server that holds information pertaining to both network access and facility access. The access control server enforces policies based on location, type of resource, time of day, duration, or other events, and logs all successful and unsuccessful attempts to access a given resource whether it be on the network or at the facility. The access control server operates off a common list or table of attributes and policies, or separate lists or tables of attributes and policies that are arbitrated by a credential verification and policy engine. This unified access control server implements protocols that work with network and/or physical premises-based devices. The unified access control server allows events in the facility to be associated with events on the network and vice versa and direct policies that may be executed in the physical or network realm.
214 Citations
20 Claims
-
1. An access control system comprising:
-
a plurality of devices capable of receiving credentials for access requests, the plurality of devices comprising a physical facility device for providing access to a physical facility and a network resource device for providing access to a network resource, the physical facility device configured to receive a first access request with a credential for access to the physical facility and the network resource device configure to receive an access request with a credential for access to the network resource where the physical facility device and network resource device defer validating of the credentials and generate and send access requests including the credentials; and a server configured to receive the access requests including the credentials and having access to a list containing authorized entities, defined by credentials, permitted to access the physical facility and the network resource based upon a certain specified criteria or policy;
said server configured to verify credentials submitted by both the physical facility device and the network resource device and issue commands to distribute and implement said policies using the physical facility device and the network resource device, the server configured to be an initial verifier of credentials received in the access requests received from both the physical facility device for accessing the physical facility and the network resource device for accessing the network resource,wherein the physical facility device receives a command from the server regarding credential verification of the credential sent in the access request and enforces access based on the command, the server being the initial verifier of the credential to enforce access at the physical facility device, wherein the network resource device receives a command from the server regarding credential verification of the credential sent in the access request and enforces access based on the command, the server being the initial verifier of the credential to enforce access at the network resource device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for implementing access control policies for physical facilities and network resources at server, the method comprising:
-
defining policies for an entity or a group of entities; receiving a first credential verification request for a physical resource access request from a physical resource device, the first credential verification request including first credentials, wherein the first credential request defers validating of the first credentials to the server from the physical facility device; receiving a second credential verification request for a network-based resource access request from a network-based resource device, the second credential verification request including second credentials, wherein the second credential request defers validating of the second credentials to the server from the physical facility device; verifying, at the server, the first credential verification request based on a policy in said policies, the verifying by the server being an initial verifier of the first credentials; verifying, at the server, the second credential verification request based on a policy in said policies, the verifying by the server being an initial verifier of the second credentials; sending a first response to the first credential verification request to the physical resource device based on the verification of the first credential verification request, wherein the first response allows the physical resource device to enforce access based on the first response; and sending a second response to the second credential verification request to the network-based resource device based on the verification of the second credential verification requests, wherein the second response allows the network-based resource device to enforce access based on the second response. - View Dependent Claims (16, 17, 18)
-
-
19. A method of managing access to physical and network-based assets at a server, the method comprising:
-
provisioning a unified list with user credentials that define access fights to physical facilities and network resources, said unified list farther including user information that defines access rights to network resources and physical facilities; managing, at a server, access to physical and network-based assets from a common platform, wherein the common platform verifies user credentials for access to the physical facilities and network resources, the server being an initial verifier of user credentials in access requests received from the physical facilities and network resources; and sending verification responses to the physical facilities and network resources based on the server verifications to allow the physical facilities and the network resources to enforce access, the physical facilities and network resources deferring verification of the user credentials to the server.
-
-
20. An apparatus configured to implement access control policies for physical facilities and network resources, the apparatus comprising:
-
one or more processors; and logic encoded in one or more tangible media for execution by the one or more processors and when executed operable to; define policies for an entity or a group of entities;
receive a first credential verification request for a physical resource access request from a physical resource device, the first credential verification request including first credentials, wherein the first credential request defers validating of the first credentials to the apparatus from the physical facility device;receive a second credential verification request for a network-based resource access request from a network-based resource device, the second credential verification request including second credentials, wherein the second credential request defers validating of the second credentials to the apparatus from the physical facility device; verify the first credential verification request based on a policy in said policies, the verification by the apparatus being an initial verifier of the first credentials; verify the second credential verification request based on a policy in said policies, the verification by the apparatus being an initial verifier of the second credentials; send a first response to the first credential verification request to the physical resource device based on the verification of the first credential verification request, wherein the first response allows the physical resource device to enforce access based on the first response; and send a second response to the second credential verification request to the network-based resource device based on the verification of the second credential verification request, wherein the second response allows the network-base resource device to enforce access based on the second response.
-
Specification