Method and apparatus for making a decision on a card

US 8,578,472 B2
Filed: 10/17/2011
Issued: 11/05/2013
Est. Priority Date: 08/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

determining that a portable credential has been presented to a local host, the local host protecting one or more assets;

in response to determining that the portable credential has been presented to the local host, determining, at the portable credential, a current location of the portable credential;

the portable credential analyzing the current location using an application stored on the portable credential;

the portable credential making an access control decision for itself, the access control decision comprising a determination as to whether or not the portable credential is allowed access to the asset protected by the local host, and the access control decision being based on the analyzing step;

the portable credential generating a message containing results of the access control decision; and

the portable credential sending the message to the local host.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and devices for making access decisions in a secure access network are provided. The access decisions are made by a portable credential using data and algorithms stored on the credential. Since access decisions are made by the portable credential non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database thereby reducing the cost of building and maintaining the secure access network.

Citations

46 Claims

1. A method, comprising:
- determining that a portable credential has been presented to a local host, the local host protecting one or more assets;
  
  in response to determining that the portable credential has been presented to the local host, determining, at the portable credential, a current location of the portable credential;
  
  the portable credential analyzing the current location using an application stored on the portable credential;
  
  the portable credential making an access control decision for itself, the access control decision comprising a determination as to whether or not the portable credential is allowed access to the asset protected by the local host, and the access control decision being based on the analyzing step;
  
  the portable credential generating a message containing results of the access control decision; and
  
  the portable credential sending the message to the local host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the local host comprises a host operatively disconnected from a network.
  - 3. The method of claim 1, wherein the local host comprises a reader configured to communicate with the portable credential and control access to the asset based on the decision made by the portable credential.
  - 4. The method of claim 1, wherein the access control decision is made after a mutual authentication is performed between the portable credential and the local host.
  - 5. The method of claim 1, wherein the message comprises access control information sent in a secured format, where the information is secured through at least one of encryption and cryptographic protocol.
  - 6. The method of claim 1, wherein the portable credential holds policy information used to make the access control decision based on information received from the local host.
  - 7. The method of claim 1, wherein the portable credential comprises at least one of a smartcard, proximity card, passport, key fob, cellular phone, portable computer, and Personal Digital Assistant (PDA).
  - 8. The method of claim 7, wherein the portable credential comprises a device utilizing near field communication protocols and associated equipment to establish the transfer of information between the portable credential and the local host.
  - 9. The method of claim 1, wherein the current location of the portable credential is determined through at least one of WiFi access points, cell towers, and GPS location information updated from the portable credential.
  - 10. The method of claim 1, wherein the current location of the portable credential is determined using information received from the local host, where the information received from the local host comprises a local host identifier assigned to the local host.
  - 11. The method of claim 1, wherein the local host receives timestamp information from the portable credential upon presentation by the portable credential to the local host.
  - 12. The method of claim 11, wherein the timestamp is used by the portable credential to make the access control decision.
  - 13. The method of claim 1, wherein the protected asset comprises a physical asset including at least one of a room, building, structure, object, and area.
  - 14. The method of claim 1, wherein the protected asset comprises a logical asset including at least one of a processor, database, storage medium, application, electrical signal transmission path, gateway, port, and router.
  - 15. The method of claim 1, wherein the access control decision comprises a denial of access to an asset associated with the access control system, the method further comprising:
    - an access controller denying a user of the portable credential access to the asset; and
      
      the reader saving the message received from the portable credential in a log.
  - 16. The method of claim 1, further comprising:
    - presenting the portable credential to a reader that is in communication with a validation server;
      
      the portable credential sending user information to the validation server;
      
      the validation server checking a status of the user information; and
      
      the validation server performing one of the following;
      
      (i) in the event that the status is active, the validation server updating an expiration of the user information and sending the updated user information back to the portable credential;
      
      (ii) in the event that the status is inactive, the validation server noting the portable credential as invalid and setting the user information as expired; and
      
      (iii) in the event that the status is active, the validation server doing nothing.

17. An access control system, comprising:
- at least one local host configured to control access to an asset; and
  
  at least one portable credential comprising;
  
  a memory configured to store an access decision application that is capable of making an access decision for the portable credential based on location information of the portable credential, the access control decision comprising a determination as to whether or not the portable credential is allowed access to the asset protected by the at least one local host; and
  
  a processor configured to execute the access decision application in connection with the location information, wherein the processor is further configured to generate a message after executing the access decision application and cause the message to be transmitted to the at least one local host, and wherein the message comprises results of the access decision for the portable credential.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 18. The system of claim 17, wherein the local host comprises a host operatively disconnected from a network.
  - 19. The system of claim 17, wherein the access control decision is made after a mutual authentication is performed between the portable credential and the local host.
  - 20. The system of claim 17, wherein the message comprises access control information sent in a secured format, where the information is secured through at least one of encryption, and cryptographic protocol.
  - 21. The system of claim 17, wherein the portable credential holds policy information used to make an access control decision based on information received from the local host.
  - 22. The system of claim 17, wherein the portable credential comprises at least one of a smartcard, proximity card, passport, key fob, cellular phone, portable computer, and Personal Digital Assistant (PDA).
  - 23. The system of claim 22, wherein the portable credential comprises a near field communications (NFC) compliant device.
  - 24. The system of claim 17, wherein the current location of the portable credential is determined through at least one of WiFi access points, cell towers, and GPS location information.
  - 25. The system of claim 17, wherein the current location of the portable credential is determined using information received from the local host, wherein the information comprises a local host identifier assigned to the local host.
  - 26. The system of claim 17, wherein the protected asset comprises at least one of the following;
    - a logical asset of at least one of a processor, database, storage medium, application, electrical signal transmission path, gateway, port, and router; and
      
      a physical asset of at least one of a room, building, structure, object, and area.
  - 27. The system of claim 17, wherein the at least one local host comprises:
    - a reader configured to communicate with the at least one portable credential; and
      
      an access control device in communication with the reader, wherein results of the access decision received at the reader are transmitted to the access control device for performance by the access control device consistent with the access decision.
  - 28. The system of claim 27, wherein the reader comprises at least one of a Radio Frequency Identification (RFID) reader, a magnetic reader, an optical reader, and a contact electrical reader.
  - 29. The system of claim 17, wherein the memory comprises a nonvolatile memory.
  - 30. The system of claim 17, wherein the access control application comprises at least one data structure at least partially defining access privileges of a user of the at least one portable credential.
  - 31. The system of claim 17, wherein historical data related to communications with local hosts is stored on the memory of the at least one portable credential.
  - 32. The system of claim 31, wherein the historical data is used in connection with the access control application to make an access decision.
  - 33. The system of claim 17, further comprising a validation server configured to maintain expiration times of the access decision application stored on the at least one portable credential.
  - 34. The system of claim 17, further comprising a privilege server configured to update the access decision application.
  - 35. The system of claim 17, further comprising a server configured to maintain expiration times of the access decision application stored on the at least one portable credential and further operable to update the access decision application.

36. A portable credential for use in a secure access system, comprising:
- a memory configured to store an access decision application that is capable of making an access decision for the portable credential based on location information of the portable credential obtained when the portable credential is presented to a local host, the access control decision comprising a determination as to whether or not the portable credential is allowed access to an asset protected by the local host; and
  
  a processor configured to execute the access decision application in connection with the location information, wherein the processor is further configured to generate a message after executing the access decision application and cause the message to be transmitted to the local host, and wherein the message comprises results of the access decision for the portable credential.
- View Dependent Claims (37, 38, 39, 40, 41)
- - 37. The portable credential of claim 36, wherein the current location of the portable credential is determined through at least one of WiFi access points, cell towers, and GPS location information.
  - 38. The portable credential of claim 36, wherein the current location of the portable credential is determined using information received from the local host, wherein the information comprises a local host identifier assigned to the local host.
  - 39. The portable credential of claim 36, wherein the portable credential comprises at least one of a contact smartcard, a contactless smartcard, a proximity card, passport, a key fob, a cellular phone, portable computer, and a Personal Digital Assistant (PDA).
  - 40. The portable credential of claim 36, wherein the access control application comprises at least one data structure at least partially defining access privileges of a user of the portable credential.
  - 41. The portable credential of claim 36, wherein the portable credential conveys data to the local host that updates the local host.

42. A local host for use in a secure access system, comprising:
- an access control device protecting one or more assets;
  
  a reader configured to exchange communications with a portable credential, wherein at least one message sent by the portable credential includes an access control decision processed by the portable credential and made for the portable credential, the access control decision being a result of analyzing location information at the portable credential that approximates a location of the local host;
  
  a processor configured to interpret the access control decision processed by the portable credential and grant or deny access to the one or more assets based on the processed access control decision; and
  
  a memory configured to store information associated with the local host.
- View Dependent Claims (43, 44, 45, 46)
- - 43. The local host of claim 42, wherein the memory is configured to store identification information associated with the local host including a local host identifier.
  - 44. The local host of claim 42, wherein the signal received by the local host is encoded and the processor decodes the signal at the local host.
  - 45. The local host of claim 42, wherein the local host is operatively disconnected from a network.
  - 46. The local host of claim 42, wherein the local host is operatively connected to a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Davis, Michael L., Wamsley, Robert, Hulusi, Tam
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US13/274,863
Publication Number

US 20120036575A1
Time in Patent Office

750 Days
Field of Search

None
US Class Current

726/16
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G07C 2209/08   With time considerations, e...

G07C 9/23   by means of a password

G07C 9/257   electronically G07C9/26 tak...

G07C 9/29   the pass containing active ...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

Method and apparatus for making a decision on a card

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for making a decision on a card

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links