Converged logical and physical security

US 9,400,881 B2
Filed: 07/17/2015
Issued: 07/26/2016
Est. Priority Date: 04/25/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first converged physical and logical security management system associated with a first critical infrastructure comprising;

a unique identifier having associated therewith information usable for authentication and authorization to control access decisions in the first critical infrastructure for a physical area and logical access to one or more of a computer system, computer network or network resource;

a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer determining the access decisions in the first critical infrastructure for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more physical access control readers and capable of communicating with the one or more access control readers,wherein the security management computer also includes a directory service that is used with the data store to make the access decisions in the first critical infrastructure, wherein;

for an access request to the physical area in the first critical infrastructure, a first authentication and authorization utilize the unique identifier for a physical access decision, andfor logical access in the first critical infrastructure, a second, separate, authentication and authorization utilize the unique identifier for a logical access decision; and

at least a second, separate, converged physical and logical security management system associated with a second critical infrastructure comprising;

the unique identifier having associated therewith information usable for authentication and authorization to control access decisions in the second critical infrastructure for a physical area and logical access to one or more of a computer system, computer network or network resource;

a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer determining the access decisions in the second critical infrastructure for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more physical access control readers and capable of communicating with the one or more access control readers,wherein the security management computer also includes a directory service that is used with the data store to make the access decisions in the second critical infrastructure, wherein;

for an access request to the physical area in the second critical infrastructure, a third authentication and authorization utilize the unique identifier for a physical access decision, andfor logical access in the second critical infrastructure, a fourth, separate, authentication and authorization utilize the unique identifier for a logical access decision,wherein the unique identifier is shared between the first converged physical and logical security management system and the second converged physical and logical security management system, and an identity associated with the unique identifier is replicated across the data stores.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security management system that includes a hierarchical security platform, converged IT and physical security management, unified credentialing, credential issuance and incident(s) management. An exemplary aspect of the invention also relates to physical and logical security management and information technology/network security management, with a credential issuance and integrity checking system as well as associated readers and printers of the credential. Still further aspects of the invention relate to obtaining, assembling and analyzing one or more of data, video information, image information, biometric information, sensor information, terrorist information, profile information, and/or other types of information to provide a comprehensive platform for all aspects of security management. A toolkit is also provided that allows complete management, integration, scalability, interoperability and centralized control of all aspects of security including personnel credentialing, personnel management, personnel tracking, task management, security system integration, security information exchange and scalability.

71 Citations

View as Search Results

20 Claims

1. A system comprising:
- a first converged physical and logical security management system associated with a first critical infrastructure comprising;
  
  a unique identifier having associated therewith information usable for authentication and authorization to control access decisions in the first critical infrastructure for a physical area and logical access to one or more of a computer system, computer network or network resource;
  
  a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer determining the access decisions in the first critical infrastructure for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more physical access control readers and capable of communicating with the one or more access control readers,wherein the security management computer also includes a directory service that is used with the data store to make the access decisions in the first critical infrastructure, wherein;
  
  for an access request to the physical area in the first critical infrastructure, a first authentication and authorization utilize the unique identifier for a physical access decision, andfor logical access in the first critical infrastructure, a second, separate, authentication and authorization utilize the unique identifier for a logical access decision; and
  
  at least a second, separate, converged physical and logical security management system associated with a second critical infrastructure comprising;
  
  the unique identifier having associated therewith information usable for authentication and authorization to control access decisions in the second critical infrastructure for a physical area and logical access to one or more of a computer system, computer network or network resource;
  
  a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer determining the access decisions in the second critical infrastructure for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more physical access control readers and capable of communicating with the one or more access control readers,wherein the security management computer also includes a directory service that is used with the data store to make the access decisions in the second critical infrastructure, wherein;
  
  for an access request to the physical area in the second critical infrastructure, a third authentication and authorization utilize the unique identifier for a physical access decision, andfor logical access in the second critical infrastructure, a fourth, separate, authentication and authorization utilize the unique identifier for a logical access decision,wherein the unique identifier is shared between the first converged physical and logical security management system and the second converged physical and logical security management system, and an identity associated with the unique identifier is replicated across the data stores.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein the unique identifier is used to uniquely identify the identity across one or more of local, regional, national and international structures.
  - 3. The system of claim 1, wherein the first critical infrastructure includes one or more of chemical, drinking water and wastewater treatment systems, energy facilities, dams, commercial nuclear reactors, water sectors, process manufacturing, emergency services, public health and healthcare, continuity of government, government facilities, defense facilities, defense industrial base, information technology, telecommunications, converged facilities, national monuments and icons, postal and shipping, banking and finance, commercial facilities, materials and waste facilities, transportation systems, port security, aviation security, cargo, cruise ships, trains, mass transit, Intermodal, food and agriculture facilities, military facilities, first responders, police, fire control access to a machine and OSHA Compliance.
  - 4. The system of claim 1, wherein the second critical infrastructure includes one or more of chemical, drinking water and wastewater treatment systems, energy facilities, dams, commercial nuclear reactors, water sectors, process manufacturing, emergency services, public health and healthcare, continuity of government, government facilities, defense facilities, defense industrial base, information technology, telecommunications, converged facilities, national monuments and icons, postal and shipping, banking and finance, commercial facilities, materials and waste facilities, transportation systems, port security, aviation security, cargo, cruise ships, trains, mass transit, Intermodal, food and agriculture facilities, military facilities, first responders, police, fire control access to a machine and OSHA Compliance.
  - 5. The system of claim 1, wherein the unique identifier is a global universal identifier, a universally unique identifier and a certificate.
  - 6. The system of claim 1, wherein the data stores share data.
  - 7. The system of claim 1, further comprising a scalability and interconnection module that connects the first converged physical and logical security management system and the second converged physical and logical security management system.
  - 8. The system of claim 1, further comprising a credential issuance system.
  - 9. The system of claim 1, further comprising a credential issuance system adapted to associate additional information with the unique identifier.
  - 10. The system of claim 9, wherein the a credential issuance system interfaces with one or more of a fingerprint capture system, a camera, a PIN capture system, a signature capture system, a document scanner, a card reader/writer, a card printer and a report printer.
  - 11. The system of claim 1, further comprising one or more environmental sensors.
  - 12. The system of claim 1, wherein the identities are correlated to other sets of information through lookups.
  - 13. The system of claim 1, wherein the system guarantees integrity and reliability of data and meets federal standards under (Homeland Security Presidential Directive) HSPD-12 for identity verification in a government environment.
  - 14. The system of claim 1, wherein the system allows near real-time updates for immediate identity visibility.
  - 15. The system of claim 1, wherein the unique identifier is associated with basic personal information, name, date of birth, position and access control parameters.
  - 16. The system of claim 1, wherein the authentication allows for multi-factored authentication mechanisms including one or more of:
    - what someone knows, what someone has, who someone is, where a person is, through space and time, through behavioral analysis.
  - 17. The system of claim 1, wherein an administrator initializes the system by adding one or more of personnel, equipment, credentials, and tangible or intangible assets that are to be managed.
  - 18. The system of claim 17, wherein the administrator associates information with the personnel comprising one or more of fingerprint information, name, credentials, certifications, biometric information, access information, a picture, a unique identifier, background information and medical information.
  - 19. The system of claim 1, wherein a credential issuance system cooperates with a module for registrar functionality, wherein registrar functionality includes one or more of a background check, fingerprinting and 1-9 documentation.
  - 20. The system of claim 1, wherein the system is for (Homeland Security Presidential Directive) HSPD compliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vetrix, LLC
Original Assignee
Vetrix, LLC
Inventors
Hernoud, Melani S., Pierce, Elizabeth J., Reith, Gregory
Primary Examiner(s)
POTRATZ, DANIEL B

Application Number

US14/802,660
Publication Number

US 20150324571A1
Time in Patent Office

375 Days
Field of Search

726/5
US Class Current

1/1
CPC Class Codes

G06F 16/29   Geographical information da...

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

G06K 19/06028   using bar codes

G07C 9/22   in combination with an iden...

G07C 9/257   electronically G07C9/26 tak...

G07C 9/26   using a biometric sensor in...

G07C 9/28   the pass enabling tracking ...

H04L 63/20   for managing network securi...

Converged logical and physical security

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Converged logical and physical security

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links