Physical access control and security monitoring system utilizing a normalized data format
DCFirst Claim
1. A system comprising:
- a plurality of security sensors distributed throughout a plurality of sites, each sensor configured to generate a sensor signal in response to a defined event, wherein the sensor signal is provided in a native format proprietary to a manufacturer of the respective sensor;
a central security management processor coupled to the plurality of security sensors, configured to receive sensor signals from each of the plurality of security sensors and configured to manage individual user profiles and their respective access privileges and credentials in the system;
a normalization module configured to normalize the sensor signal data in accordance with a defined data mapping scheme by mapping the sensor signal data from each security sensor in the native format of each manufacturer to a common format, the common format including a data object and processing information for the sensor signal, the normalization module further configured to generate unique physical access privileges and credentials to exclusively map a user'"'"'s profile to a spatial hierarchy of physical sites along with security devices of the system, wherein the unique physical access credentials maintain a common representation of the user'"'"'s identity across the plurality of sites and to associate specific user identities with respective actionable events;
a visual policy manager having a rules definition component configured to define, at design time, physical security policies in the context of user profiles at all sites through actionable representations of physical, network and information technology resources of the sites, wherein the security policies define standardized rule definitions through visual rules depicted by live objects that contain attributes to define their spatial relationship to the actionable representations, and that are applied to the actionable events normalized to the common format to produce normalized event data; and
a signal processing component applying, at run time, the defined standardized rules comprising condition-action sequences including relevant transformation and routing rules to the normalized signal data and to invoke the defined responses to the actionable events in order to maintain user profiles and physical security states across the plurality of sites and to resolve the actionable events through the associated specific user identities.
3 Assignments
Litigations
1 Petition
Accused Products
Abstract
Embodiments disclose a system and method for the integration of data and events to and from physical access control and security monitoring systems that is normalized to standardized definition for enforcement of standardized rules, created through a visual policy editor, affecting persistence, propagation of data and generation of alerts and notifications for physical security, network and IT systems. Data from disparate physical security systems is normalized for visual rule creation by rule object shapes representing normalized security systems, data and processes. A rules-based policy engine enforces security policies and generates actionable events. The overall system provides an integration platform, methods and processes for normalizing data from physical security systems, representation of physical security systems, data and processes for visual creation of rules using defined stencil objects, generating formatted rules, and enforcing these rules in real-time on security systems data and events.
-
Citations
15 Claims
-
1. A system comprising:
-
a plurality of security sensors distributed throughout a plurality of sites, each sensor configured to generate a sensor signal in response to a defined event, wherein the sensor signal is provided in a native format proprietary to a manufacturer of the respective sensor; a central security management processor coupled to the plurality of security sensors, configured to receive sensor signals from each of the plurality of security sensors and configured to manage individual user profiles and their respective access privileges and credentials in the system; a normalization module configured to normalize the sensor signal data in accordance with a defined data mapping scheme by mapping the sensor signal data from each security sensor in the native format of each manufacturer to a common format, the common format including a data object and processing information for the sensor signal, the normalization module further configured to generate unique physical access privileges and credentials to exclusively map a user'"'"'s profile to a spatial hierarchy of physical sites along with security devices of the system, wherein the unique physical access credentials maintain a common representation of the user'"'"'s identity across the plurality of sites and to associate specific user identities with respective actionable events; a visual policy manager having a rules definition component configured to define, at design time, physical security policies in the context of user profiles at all sites through actionable representations of physical, network and information technology resources of the sites, wherein the security policies define standardized rule definitions through visual rules depicted by live objects that contain attributes to define their spatial relationship to the actionable representations, and that are applied to the actionable events normalized to the common format to produce normalized event data; and a signal processing component applying, at run time, the defined standardized rules comprising condition-action sequences including relevant transformation and routing rules to the normalized signal data and to invoke the defined responses to the actionable events in order to maintain user profiles and physical security states across the plurality of sites and to resolve the actionable events through the associated specific user identities. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
an interface circuit interfacing to a plurality of security sensor types distributed throughout a plurality of sites, each sensor type configured to respond to a corresponding type of actionable event, each sensor type provided by a different manufacturer of a plurality of manufacturers; an integration circuit including a processing agent for each type of security sensor to accept sensor data from each security sensor in a native data representation format of each respective manufacturer of the plurality of manufacturers; a central security management processor coupled to the integration circuit and configured to manage individual user profiles and their respective access privileges and credentials in the system; a normalization circuit mapping the sensor data from each security sensor in the native data representation format of each manufacturer of the plurality of manufacturers to a common data representation format, the common data representation format including a data object and processing information for the sensor data, the normalization circuit further configured to generate unique physical access privileges and credentials to exclusively map a user'"'"'s profile to a spatial hierarchy of physical sites along with security devices of the system, wherein the unique physical access credentials maintain a common representation of the user'"'"'s identity across the plurality of sites and to associate specific user identities with respective actionable events; a visual policy manager circuit defining, at design time, physical security policies in the context of user profiles at all sites through actionable representations of physical, network and information technology resources of the sites, wherein the security policies define standardized rule definitions through visual rules depicted by live objects that contain attributes to define their spatial relationship to the actionable representations, and that are applied to the actionable events normalized to the common data representation format to produce normalized event data; and a signal processing circuit receiving the normalized event data and applying, at run time, relevant transformation and routing rules comprising condition-action sequences in order to maintain user profiles and physical security states across the plurality of sites and to resolve the actionable events through the associated specific user identities. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method comprising:
-
interfacing in a centralized security system, a plurality of security sensor types distributed throughout a plurality of sites, each sensor type configured to respond to a corresponding type of actionable event, each sensor type provided by a different manufacturer of a plurality of manufacturers; accepting sensor data from each security sensor an integration module including an agent for each type of security sensor, wherein the sensor data from each security sensor is embodied in a native data representation format of each respective manufacturer of the plurality of manufacturers; defining individual user profiles and their respective access privileges and credentials in the system; mapping the sensor data from each security sensor in the native data representation format of each manufacturer of the plurality of manufacturers to a common data representation format, the common data representation format including a data object and processing information for the sensor data; generating unique physical access privileges and credentials to exclusively map a defined user profile to a spatial hierarchy of physical sites along with security devices of the system, wherein the unique physical access credentials maintain a common representation of the user'"'"'s identity across the plurality of sites and to associate specific user identities with respective actionable events; defining physical security policies of the site in the context of user profiles at all sites through actionable representations of physical, network and information technology resources of the site, wherein the security policies define standardized rule definitions through visual rules depicted by live objects that contain attributes to define their spatial relationship to the actionable representations, and that are applied to the actionable events normalized to the common data representation format to produce normalized event data; and receiving the normalized event data and applying relevant transformation and routing rules comprising condition-action sequences in order to maintain user profiles and physical security states across the plurality of sites and to resolve the actionable events through the associated specific user identities. - View Dependent Claims (12, 13, 14, 15)
-
Specification