Converged logical and physical security

US 8,108,914 B2
Filed: 04/25/2007
Issued: 01/31/2012
Est. Priority Date: 04/25/2006
Status: Active Grant

First Claim

Patent Images

1. A converged physical and logical security management system comprising:

a unique identifier having associated therewith information usable for authentication and authorization to control access decisions for a physical area and logical access to one or more of a computer system, computer network or network resource, the information including at least two configuration options; and

a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer scalable via one or more connections to one or more additional security management computers, the security management computer determining the access decisions for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more access control readers and capable of communicating with the one or more access control readers in the access control readers'"'"' standard protocol,wherein the security management computer also includes a directory service that is used with the data store and the configuration options to make the access decisions, wherein;

for an access request to the physical area, a first authentication and authorization utilize a first of the at least two configuration options within the data store of the security management computer for a physical access decision, andfor logical access, a second, separate, authentication and authorization utilize a second of the at least two configuration options within the directory service of the security management computer for a logical access decision.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security management system that includes a hierarchical security platform, converged IT and physical security management, unified credentialing, credential issuance and incident(s) management. An exemplary aspect of the invention also relates to physical and logical security management and information technology/network security management, with a credential issuance and integrity checking system as well as associated readers and printers of the credential. Still further aspects of the invention relate to obtaining, assembling and analyzing one or more of data, video information, image information, biometric information, sensor information, terrorist information, profile information, and/or other types of information to provide a comprehensive platform for all aspects of security management. A toolkit is also provided that allows complete management, integration, scalability, interoperability and centralized control of all aspects of security including personnel credentialing, personnel management, personnel tracking, task management, security system integration, security information exchange and scalability.

Citations

52 Claims

1. A converged physical and logical security management system comprising:
- a unique identifier having associated therewith information usable for authentication and authorization to control access decisions for a physical area and logical access to one or more of a computer system, computer network or network resource, the information including at least two configuration options; and
  
  a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer scalable via one or more connections to one or more additional security management computers, the security management computer determining the access decisions for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more access control readers and capable of communicating with the one or more access control readers in the access control readers'"'"' standard protocol,wherein the security management computer also includes a directory service that is used with the data store and the configuration options to make the access decisions, wherein;
  
  for an access request to the physical area, a first authentication and authorization utilize a first of the at least two configuration options within the data store of the security management computer for a physical access decision, andfor logical access, a second, separate, authentication and authorization utilize a second of the at least two configuration options within the directory service of the security management computer for a logical access decision.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The system of claim 1, further comprising a credential issuance system that can associate additional information with the unique identifier.
  - 3. The system of claim 2, wherein the additional information pertains to one or more of personnel and equipment.
  - 4. The system of claim 3, wherein additional information about the personnel comprises one or more of fingerprint information, name, credentials, certifications, biometric information, access information, a picture, background information and medical information.
  - 5. The system of claim 1, wherein the unique identifier is associated with one or more of a contact or contactless chip, a bar code, printed data, a proximity chip, a magnetic stripe, a token and computer readable information.
  - 6. The system of claim 1, wherein the configuration options include one or more of a card ID, card certificate, username and AccessID, and an incident management perimeter access control and tracking system manages one or more of personnel, tasks, equipment and access for a secure area.
  - 7. The system of claim 1, wherein a credential issuance system interfaces with one or more of a fingerprint capture system, a camera, a PIN capture system, a signature capture system, a document scanner, a card reader/writer, a card printer and a report printer.
  - 8. The system of claim 1, wherein the unique identifier is stored on a smart card, smart chip, embedded chip, mobile device or implanted chip.
  - 9. The system of claim 1, wherein the information associated with the unique identifier is verified through a government entity.
  - 10. The system of claim 9, wherein status information related to the verification of the information is maintained by the security management computer.
  - 11. The system of claim 1, wherein the security management computer can receive information from one or more external data sources.
  - 12. The system of claim 11, wherein the external data sources include one or more of map information, terrorist activity information, incident information, global positioning system information, audio information, video information, perimeter breach information, alarms, enterprise security system status information, local emergency response information, local, state, federal or international governmental information and information obtained from one or more other security management systems.
  - 13. The system of claim 1, further comprising a rules toolkit, the toolkit allowing a user to construct one or more rules including metrics that govern the handling and action to be taken based on received information.
  - 14. The system of claim 1, further comprising an interface module configured to communicate with the one or more of an existing enterprise physical security system and an existing enterprise computer system.
  - 15. The system of claim 1, wherein the system includes one or more of satellite communications capabilities, VOIP capabilities, networking capabilities, switch-based network communication capabilities and packet-based network capabilities.
  - 16. The system of claim 1, wherein the system can be booted into a plurality of modes.
  - 17. The system of claim 16, wherein the modes are one or more of an EMS mode, a national disaster mode, an incident mode, a local disaster mode, a state disaster mode, a terrorist activity mode and a international disaster mode.
  - 18. The system of claim 17, wherein additional modes can be dynamically added in real-time.
  - 19. The system of claim 17, wherein each mode has an associated set of templates related to management of information associated with the security management system.
  - 20. The system of claim 1, further comprising a data filtering module that filters data based on one or more of a sensitivity rating, permissions, incident information and government information.
  - 21. The system of claim 1, further comprising a prediction module utilizing artificial intelligence to analyze information received by the security management system.
  - 22. The system of claim 1, wherein the system provides security for one or more of chemical, drinking water and wastewater treatment systems, energy facilities, dams, commercial nuclear reactors, water sectors, process manufacturing, emergency services, public health and healthcare, continuity of government, government facilities, defense facilities, defense industrial base, information technology, telecommunications, converged facilities, national monuments and icons, postal and shipping, banking and finance, commercial facilities, materials and waste facilities, transportation systems, port security, aviation security, cargo, cruise ships, trains, mass transit, Intermodal, food and agriculture facilities, military facilities, first responders, police, fire control access to a machine and OSHA Compliance.
  - 23. The system of claim 1, wherein the unique identifier is stored on a media in a RFID (Radio Frequency Identification) shielded pouch.
  - 24. The system of claim 1, wherein the first of the at least two configuration options is one or more of a Card ID, a card certificate, a username and an AccessID.
  - 25. The system of claim 1, wherein the second of the at least two configuration options is one or more of a Card ID, a card certificate, a username and an AccessID.
  - 26. The system of claim 1, wherein the first and the second configuration options are the same.

27. A method for operating a converged physical and logical security management system comprising:
- providing a unique identifier having associated therewith information usable for authentication and authorization to control access decisions for a physical area and logical access to one or more of a computer system, computer network or network resource, the information including at least two configuration options; and
  
  operating a security management computer that includes at least one microprocessor, a data store and connectivity modules, the security management computer scalable via one or more connections to one or more additional security management computers, the security management computer determining the access decisions for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more access control readers and capable of communicating with the one or more access control readers in the access control readers'"'"' standard protocol,wherein the security management computer also includes a directory service that is used with the data store and the configuration options to make the access decisions, wherein;
  
  for an access request to the physical area, a first authentication and authorization utilize a first of the at least two configuration options within the data store of the security management computer for a physical access decision, andfor logical access, a second, separate, authentication and authorization utilize a second of the at least two configuration options within the directory service of the security management computer for a logical access decision.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 28. The method of claim 27, wherein the information pertains to one or more of personnel, equipment, corporation, government entity, international entity or facility.
  - 29. The method of claim 28, wherein information about the personnel comprises one or more of fingerprint information, name, credentials, certifications, biometric information, access information, a picture, a unique identifier, background information and medical information.
  - 30. The method of claim 27, wherein the unique identifier is associated with one or more of a contact or contactless chip, a smart card, a smart chip, an embedded chip, an implanted chip, a bar code, printed data, a proximity chip, a magnetic stripe and computer readable information.
  - 31. The method of claim 27, wherein the configuration options include one or more of a card ID, card certificate, username and AccessID.
  - 32. The method of claim 27, wherein a credential issuance system interfaces with one or more of a fingerprint capture system, a camera, a PIN capture system, a signature capture system, a document scanner, a card reader/writer, a card printer and a report printer.
  - 33. The method of claim 27, wherein the unique identifier is stored on a smart card, implanted chip, mobile device or embedded chip.
  - 34. The method of claim 27, wherein the information associated with the unique identifier is verified through one or more of a government entity, certificate authority, corporate entity, state authority and local authority.
  - 35. The method of claim 34, wherein status information related to the verification of the information is maintained by the security management computer.
  - 36. The method of claim 27, wherein the security management computer can receive information from one or more external data sources.
  - 37. The method of claim 36, wherein the external data sources include one or more of map information, GIS information, terra server information, terrorist activity information, incident information, global positioning system information, audio information, video information, perimeter breach information, alarms, enterprise security system status information, local emergency response information, local, state, federal or international governmental information, sensor information and information obtained from one or more other security management systems.
  - 38. The method of claim 27, further comprising communicating via one or more of satellite communications capabilities, VOIP capabilities, networking capabilities, switch-based network communication capabilities and packet-based network capabilities.
  - 39. The method of claim 27, further comprising booting the system into one of a plurality of modes.
  - 40. The method of claim 39, wherein the modes are one or more of an EMS mode, a national disaster mode, an incident mode, a local disaster mode, a state disaster mode, a terrorist activity mode and a international disaster mode.
  - 41. The method of claim 40, wherein additional modes can be dynamically added in real-time.
  - 42. The method of claim 41, wherein each mode has an associated set of templates related to management of information associated with the security management system.
  - 43. The method of claim 27, wherein the system provides security for one or more of chemical, drinking water and wastewater treatment systems, energy facilities, dams, commercial nuclear reactors, water sectors, process manufacturing, emergency services, public health and healthcare, continuity of government, government facilities, defense facilities, defense industrial base, information technology, telecommunications, converged facilities, national monuments and icons, postal and shipping, banking and finance, commercial facilities, materials and waste facilities, transportation systems, port security, aviation security, cargo, cruise ships, trains, mass transit, Intermodal, food and agriculture facilities, military facilities, first responders, police, fire and OSHA Compliance.
  - 44. The method of claim 27, wherein a combination of SQL and active directory are used to converge physical and logical access.
  - 45. The method of claim 27, wherein authentication is at least based on location based in time.
  - 46. The method of claim 45, wherein artificial intelligence compares location and time information to determine authentication.
  - 47. The method of claim 27, wherein the first of the at least two configuration options is one or more of a Card ID, a card certificate, a username and an AccessID.
  - 48. The method of claim 27, wherein the second of the at least two configuration options is one or more of a Card ID, a card certificate, a username and an AccessID.
  - 49. The method of claim 27, wherein the first and the second configuration options are the same.
  - 50. The method of claim 27, further comprising, querying a user as to a type of deployment, incident or environment and, based on the user'"'"'s selection, generating one or more of specific graphical user interfaces, templates and prompts for connections to various types of data feeds;
    - andone or more of invoking one or more various pre-defined rule sets and creating one or more custom rules that allow actions to be triggered based on satisfaction of one or more rules.
  - 51. A non-transitory computer-readable information storage media having stored thereon instructions, that if executed by a processor, perform the method of claim 27.

52. A converged physical and logical security management system comprising:
- circuitry for providing a unique identifier having associated therewith information usable for authentication and authorization to control access decisions for a physical area and logical access to one or more of a computer system, computer network or network resource, the information including at least two configuration options; and
  
  means for operating a security management system run on a computer managing a security management computer that includes at least one microprocessor, a data store and connectivity modules, the security management computer scalable via one or more connections to one or more additional security management computers, the security management computer determining the access decisions for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more access control readers and capable of communicating with the one or more access control readers in the access control readers'"'"' standard protocol,wherein the security management computer also includes a directory service that is used with the data store and the configuration options to make the access decisions, wherein;
  
  for an access request to the physical area, a first authentication and authorization utilize a first of the at least two configuration options within the data store of the security management computer for a physical access decision, andfor logical access, a second, separate, authentication and authorization utilize a second of the at least two configuration options within the directory service of the security management computer for a logical access decision.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vetrix, LLC
Original Assignee
Vetrix, LLC
Inventors
Hernoud, Melani S., Pierce, Elizabeth J., Reith, Gregory
Primary Examiner(s)
Popham, Jeffrey D
Assistant Examiner(s)
POTRATZ, DANIEL B

Application Number

US11/740,063
Publication Number

US 20080109883A1
Time in Patent Office

1,742 Days
Field of Search

713/172, 713/185, 726/5, 726/9, 726 18- 20, 705/55, 705/325
US Class Current

726/5
CPC Class Codes

G06F 16/29   Geographical information da...

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

G06K 19/06028   using bar codes

G07C 9/22   in combination with an iden...

G07C 9/257   electronically G07C9/26 tak...

G07C 9/26   using a biometric sensor in...

G07C 9/28   the pass enabling tracking ...

H04L 63/20   for managing network securi...

Converged logical and physical security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Converged logical and physical security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links