Systems and methods for controlling access within a system of networked and non-networked processor-based systems

US 7,730,126 B2
Filed: 03/12/2007
Issued: 06/01/2010
Est. Priority Date: 02/25/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of controlling access within a system, the system comprising at least one security server for managing access rights and at least one networked processor-based system that processes access attempts to provide or deny access and multiple non-networked processor-based systems that process access attempts to provide or deny access, the method comprising:

processing first access attempts from end-users by the at least one networked processor-based system, wherein the first access attempts occur when the end-users are in physical proximity to the at least one networked processor-based system, wherein the end-users do not manage, control, or modify access rights within the system, wherein the end-users are employees of a common organization and the at least one security server maintains one or several databases that store data pertaining to the end-user employees of the common organization, networked and non-networked processor-based systems of the common organization, and access rights specific to the common organization;

in conjunction with processing of the first access attempts by the at least one networked processor-based system,communicating with the at least one security server to obtain access rights information relevant to the respective end-users;

writing access rights information obtained from the at least one security server by the at least one networked processor-based system to portable cards, wherein the portable cards respectively belong to end-users and store data identifying each respective end-user and data relevant to the access rights associated with each respective end-user;

physically transporting the portable cards by the end-users to non-networked processor-based systems;

processing further access attempts from the end-users by non-networked processor-based systems, wherein the further access attempts occur when the end-users are in physical proximity to the non-networked processor-based systems;

in conjunction with processing of the further access attempts by the non-networked processor-based systems, writing access log information to the portable cards of each respective end-user, wherein the access log information includes time-stamps for times associated with accesses by the respective end-users;

in conjunction with processing of the further access attempts by the non-networked processor-based systems, analyzing time stamps of accesses by each end-user for multiple accesses on multiple processor-based systems against one or more access rules, the one or more rules defining one or more relative timing constraints or order constraints for accesses on multiple processor-based systems; and

in conjunction with processing of the further access attempts by the non-networked processor-based systems, controlling access decisions in response to determining whether the time stamps of respective end-users indicate that said respective end-users have violated the one or more access rules.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, access log information is written to portable cards of end-users of system that includes networked and non-networked processor based systems that control user access. In conjunction with processing of access attempts by non-networked processor-based systems, time stamps of accesses by each end-user for multiple accesses on multiple processor-based systems are analyzed against one or more access rules, the one or more rules defining one or more relative timing constraints or order constraints for accesses on multiple processor-based systems. Also, in conjunction with processing of the further access attempts by the non-networked processor-based systems, access decisions are controlled in response to determining whether the time stamps of respective end-users indicate that said respective end-users have violated the one or more access rules.

37 Citations

View as Search Results

16 Claims

1. A method of controlling access within a system, the system comprising at least one security server for managing access rights and at least one networked processor-based system that processes access attempts to provide or deny access and multiple non-networked processor-based systems that process access attempts to provide or deny access, the method comprising:
- processing first access attempts from end-users by the at least one networked processor-based system, wherein the first access attempts occur when the end-users are in physical proximity to the at least one networked processor-based system, wherein the end-users do not manage, control, or modify access rights within the system, wherein the end-users are employees of a common organization and the at least one security server maintains one or several databases that store data pertaining to the end-user employees of the common organization, networked and non-networked processor-based systems of the common organization, and access rights specific to the common organization;
  
  in conjunction with processing of the first access attempts by the at least one networked processor-based system,communicating with the at least one security server to obtain access rights information relevant to the respective end-users;
  
  writing access rights information obtained from the at least one security server by the at least one networked processor-based system to portable cards, wherein the portable cards respectively belong to end-users and store data identifying each respective end-user and data relevant to the access rights associated with each respective end-user;
  
  physically transporting the portable cards by the end-users to non-networked processor-based systems;
  
  processing further access attempts from the end-users by non-networked processor-based systems, wherein the further access attempts occur when the end-users are in physical proximity to the non-networked processor-based systems;
  
  in conjunction with processing of the further access attempts by the non-networked processor-based systems, writing access log information to the portable cards of each respective end-user, wherein the access log information includes time-stamps for times associated with accesses by the respective end-users;
  
  in conjunction with processing of the further access attempts by the non-networked processor-based systems, analyzing time stamps of accesses by each end-user for multiple accesses on multiple processor-based systems against one or more access rules, the one or more rules defining one or more relative timing constraints or order constraints for accesses on multiple processor-based systems; and
  
  in conjunction with processing of the further access attempts by the non-networked processor-based systems, controlling access decisions in response to determining whether the time stamps of respective end-users indicate that said respective end-users have violated the one or more access rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - writing revocation data that revokes previously issued one or more access rights of said respective end-user when the time stamps of said respective end-user indicate that said respective end-user has violated the one or more access rules.
  - 3. The method of claim 1 wherein access log information is stored on the portable card of the second-end user using a coding algorithm that includes redundancy within the written access log information such that some or all of the records of access are recoverable upon unauthorized erasure or modification of the written access log information.
  - 4. The method of claim 3 wherein the coding algorithm applies a hamming distance to the written access log information.
  - 5. The method of claim 3 wherein the written access log information is stored in multiple redundant portions.
  - 6. The method of claim 1 further comprising:
    - cryptographically processing the access log information for storage of the access log information on the portable card of the second end-user.
  - 7. The method of claim 1 wherein the one or more rules define one or more timing constraints associated with accesses on multiple processor-based systems.
  - 8. The method of claim 1, wherein information stored on the portable card of the end-user that identifies the end uses is a respective serial number that is correlated to the respective end-user by an entry in a database associated with the at least one security server.

9. A method of controlling access within a system, the system comprising at least one security server for managing access rights and at least one networked processor-based system that processes access attempts to provide or deny access and multiple non-networked processor-based systems that process access attempts to provide or deny access, the method comprising:
- processing first access attempts from end-users by the at least one networked processor-based system, wherein the first access attempts occur when the end-users are in physical proximity to the at least one networked processor-based system, wherein the end-users do not manage, control, or modify access rights within the system, wherein the end-users are employees of a common organization and the at least one security server maintains one or several databases that store data pertaining to the end-user employees of the common organization, networked and non-networked processor-based systems of the common organization, and access rights specific to the common organization;
  
  in conjunction with processing of the first access attempts by the at least one networked processor-based system,communicating with the at least one security server to obtain access rights information relevant to the respective end-users;
  
  writing access rights information obtained to portable cards, wherein the portable cards respectively belong to end-users and store data identifying each respective end-user and data relevant to the access rights associated with each respective end-user;
  
  physically transporting the portable cards by the end-users to non-networked processor-based systems;
  
  processing further access attempts from the end-users by non-networked processor-based systems, wherein the further access attempts occur when the end-users are in physical proximity to the non-networked processor-based systems;
  
  in conjunction with processing of the further access attempts by the non-networked processor-based systems, writing access log information to the portable cards of each respective end-user, wherein the access log information includes time-stamps for times associated with accesses by the respective end-users;
  
  in conjunction with processing of the further access attempts by the non-networked processor-based systems, analyzing time stamps of accesses by each end-user for multiple accesses on multiple processor-based systems against one or more access rules, the one or more rules defining order constraints for accesses on multiple processor-based systems, the order constraints requiring prior accesses on two or more different processor-based systems in a specific pattern of access on the two or more different processor-based systems as a condition for allowing continued access; and
  
  in conjunction with processing of the further access attempts by the non-networked processor-based systems, controlling access decisions in response to determining whether the time stamps of respective end-users indicate that said respective end-users have violated the one or more access rules.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9 further comprising:
    - writing revocation data that revokes previously issued one or more access rights of said respective end-user when the time stamps of said respective end-user indicate that said respective end-user has violated the one or more access rules.
  - 11. The method of claim 9 wherein access log information is stored on the portable card of the second-end user using a coding algorithm that includes redundancy within the written access log information such that some or all of the records of access are recoverable upon unauthorized erasure or modification of the written access log information.
  - 12. The method of claim 11 wherein the coding algorithm applies a hamming distance to the written access log information.
  - 13. The method of claim 11 wherein the written access log information is stored in multiple redundant portions.
  - 14. The method of claim 9 further comprising:
    - cryptographically processing the access log information for storage of the access log information on the portable card of the second end-user.
  - 15. The method of claim 9 wherein the one or more rules define one or more timing constraints associated with accesses on multiple processor-based systems.
  - 16. The method of claim 9, wherein information stored on the portable card of the end-user that identifies the end uses is a respective serial number that is correlated to the respective end-user by an entry in a database associated with the at least one security server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Crawford C S Lee
Original Assignee
Crawford C S Lee
Inventors
Crawford, C. S. Lee
Primary Examiner(s)
EL CHANTI, HUSSEIN A

Application Number

US11/684,673
Publication Number

US 20070156912A1
Time in Patent Office

1,177 Days
Field of Search

709/217, 709/223, 709/225, 709/229, 709/203
US Class Current

709/203
CPC Class Codes

G07C 2209/04 Access control involving a ...

G07C 9/22 in combination with an iden...

Systems and methods for controlling access within a system of networked and non-networked processor-based systems

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for controlling access within a system of networked and non-networked processor-based systems

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links