Converged logical and physical security
First Claim
1. A system comprising:
- a first converged physical and logical security management system associated with a first critical infrastructure comprising;
a unique identifier having associated therewith information usable for authentication and authorization to control access decisions in the first critical infrastructure for a physical area and logical access to one or more of a computer system, computer network or network resource;
a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer determining the access decisions in the first critical infrastructure for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more physical access control readers and capable of communicating with the one or more access control readers,wherein the security management computer also includes a directory service that is used with the data store to make the access decisions in the first critical infrastructure, wherein;
for an access request to the physical area in the first critical infrastructure, a first authentication and authorization utilize the unique identifier for a physical access decision, andfor logical access in the first critical infrastructure, a second, separate, authentication and authorization utilize the unique identifier for a logical access decision; and
at least a second, separate, converged physical and logical security management system associated with a second critical infrastructure comprising;
the unique identifier having associated therewith information usable for authentication and authorization to control access decisions in the second critical infrastructure for a physical area and logical access to one or more of a computer system, computer network or network resource;
a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer determining the access decisions in the second critical infrastructure for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more physical access control readers and capable of communicating with the one or more access control readers,wherein the security management computer also includes a directory service that is used with the data store to make the access decisions in the second critical infrastructure, wherein;
for an access request to the physical area in the second critical infrastructure, a third authentication and authorization utilize the unique identifier for a physical access decision, andfor logical access in the second critical infrastructure, a fourth, separate, authentication and authorization utilize the unique identifier for a logical access decision,wherein the unique identifier is shared between the first converged physical and logical security management system and the second converged physical and logical security management system, and an identity associated with the unique identifier is replicated across the data stores.
0 Assignments
0 Petitions
Accused Products
Abstract
A security management system that includes a hierarchical security platform, converged IT and physical security management, unified credentialing, credential issuance and incident(s) management. An exemplary aspect of the invention also relates to physical and logical security management and information technology/network security management, with a credential issuance and integrity checking system as well as associated readers and printers of the credential. Still further aspects of the invention relate to obtaining, assembling and analyzing one or more of data, video information, image information, biometric information, sensor information, terrorist information, profile information, and/or other types of information to provide a comprehensive platform for all aspects of security management. A toolkit is also provided that allows complete management, integration, scalability, interoperability and centralized control of all aspects of security including personnel credentialing, personnel management, personnel tracking, task management, security system integration, security information exchange and scalability.
71 Citations
20 Claims
-
1. A system comprising:
-
a first converged physical and logical security management system associated with a first critical infrastructure comprising; a unique identifier having associated therewith information usable for authentication and authorization to control access decisions in the first critical infrastructure for a physical area and logical access to one or more of a computer system, computer network or network resource; a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer determining the access decisions in the first critical infrastructure for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more physical access control readers and capable of communicating with the one or more access control readers, wherein the security management computer also includes a directory service that is used with the data store to make the access decisions in the first critical infrastructure, wherein; for an access request to the physical area in the first critical infrastructure, a first authentication and authorization utilize the unique identifier for a physical access decision, and for logical access in the first critical infrastructure, a second, separate, authentication and authorization utilize the unique identifier for a logical access decision; and at least a second, separate, converged physical and logical security management system associated with a second critical infrastructure comprising; the unique identifier having associated therewith information usable for authentication and authorization to control access decisions in the second critical infrastructure for a physical area and logical access to one or more of a computer system, computer network or network resource; a security management computer including at least one microprocessor, a data store and connectivity modules, the security management computer determining the access decisions in the second critical infrastructure for the physical area and the logical access to the one or more of the computer system, the computer network or the network resource, the security management computer connected to one or more physical access control readers and capable of communicating with the one or more access control readers, wherein the security management computer also includes a directory service that is used with the data store to make the access decisions in the second critical infrastructure, wherein; for an access request to the physical area in the second critical infrastructure, a third authentication and authorization utilize the unique identifier for a physical access decision, and for logical access in the second critical infrastructure, a fourth, separate, authentication and authorization utilize the unique identifier for a logical access decision, wherein the unique identifier is shared between the first converged physical and logical security management system and the second converged physical and logical security management system, and an identity associated with the unique identifier is replicated across the data stores. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification