Entry control system
First Claim
1. A method for physically controlling access to a protected location, comprising:
- establishing a secure communications connection over a network between a security controller and at least an authentication server;
operatively coupling a security token to said security controller;
sending a critical security parameter from said security token to said security controller for authentication after using a token remote authentication application on said security token to verify a user supplied critical security parameter against one or more reference critical security parameters operatively stored in said security token;
sending said critical security parameter to at least said authentication server via said secure communications connection;
performing an authentication transaction by said authentication server for said critical security parameter;
sending a result of said authentication transaction from said authentication server to said security controller via said secure communications connection; and
energizing an electromechanical circuit coupled to and controlled by said security controller if said result is affirmative of said authentication transaction being successful, wherein energizing said electromechanical circuit is limited to a pre-established duration specific to said security token to control opening of a physical access gateway and wherein the duration corresponds to an amount of time the physical access gateway is open in a single instance.
4 Assignments
0 Petitions
Accused Products
Abstract
An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module. These transactions allow for the updating, replacement, deletion and creation of critical security parameters, cryptographic keys, user data and applications used by the secure access module and/or security token. In another embodiment of the invention a security access module associated with the security controller locally performs local authentication transactions which are recorded in a local access list used to update a master access list maintained by the authentication server.
17 Citations
30 Claims
-
1. A method for physically controlling access to a protected location, comprising:
-
establishing a secure communications connection over a network between a security controller and at least an authentication server; operatively coupling a security token to said security controller; sending a critical security parameter from said security token to said security controller for authentication after using a token remote authentication application on said security token to verify a user supplied critical security parameter against one or more reference critical security parameters operatively stored in said security token; sending said critical security parameter to at least said authentication server via said secure communications connection; performing an authentication transaction by said authentication server for said critical security parameter; sending a result of said authentication transaction from said authentication server to said security controller via said secure communications connection; and energizing an electromechanical circuit coupled to and controlled by said security controller if said result is affirmative of said authentication transaction being successful, wherein energizing said electromechanical circuit is limited to a pre-established duration specific to said security token to control opening of a physical access gateway and wherein the duration corresponds to an amount of time the physical access gateway is open in a single instance. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for physically controlling access to a protected location, comprising:
-
establishing a secure communications connection over a network between at least an authentication server and a secure access module associated with a security controller, wherein said secure communications connection incorporates a shared secret which is maintained by said authentication server and said secure access module; operatively coupling a security token to said secure access module via an interface coupled to said security controller; sending a critical security parameter from said security token to said secure access module after using a token remote authentication application on said security token to verify a user supplied critical security parameter against one or more reference critical security parameters operatively stored in said security token; sending said critical security parameter to said authentication server via said secure communications connection; performing an authentication transaction by said authentication server via a process which incorporates said critical security parameter; sending a result of said authentication transaction from said authentication server to said security controller via said secure communications connection; and energizing an electromechanical circuit coupled to and controlled by said security controller if said result is affirmative of said authentication transaction being successful, wherein energizing said electromechanical circuit is limited to a pre-established duration specific to said security token to control opening of a physical access gateway and wherein the duration corresponds to an amount of time the physical access gateway is open in a single instance. - View Dependent Claims (9, 10, 11)
-
-
12. A method for performing one or more life cycle management transactions with a secure access module coupled to a security controller and a life cycle management server, comprising:
-
establishing a secure communications connection between a secure access module and at least a life cycle management server; and performing one or more life cycle management transactions with said secure access module in conjunction with said at least a life cycle management server; operatively coupling a security token to the security controller, wherein at least one critical security parameter is sent from the security token to the security controller after using a token remote authentication application on said security token to verify a user supplied critical security parameter against one or more reference critical security parameters operatively stored in said security token; and energizing an electromechanical circuit coupled to and controlled by said security controller if the security controller affirms that the critical security parameter is authorized, wherein energizing said electromechanical circuit is limited to a pre-established duration specific to said security token to control opening of a physical access gateway and wherein the duration corresponds to an amount of time the physical access gateway is open in a single instance. - View Dependent Claims (13)
-
-
14. A method for physically controlling access to a protected location, comprising:
-
sending one or more critical security parameters from one or more security tokens to a secure access module operatively coupled to a security controller for authentication after using a token remote authentication application on said one or more security tokens to verify a user supplied critical security parameter against one or more reference critical security parameters operatively stored in said one or more security tokens; performing one or more authentication transactions by said secure access module using said one or more critical security parameters; temporarily maintaining a local access list of at least said one or more critical security parameters which have been authenticated by said secure access module; sending said local access list to an authentication server; updating a master access list maintained by said authentication server; and for at least one of said one or more authentication transactions and at least one of said one or more security tokens, energizing an electromechanical circuit coupled to and controlled by said security controller if a result is affirmative of said at least one authentication transaction being successful, wherein energizing said electromechanical circuit is limited to a pre-established duration specific to said at least one security token to control opening of a physical access gateway and wherein the duration corresponds to an amount of time the physical access gateway is open in a single instance. - View Dependent Claims (15, 16)
-
-
17. A system for physically controlling access to a protected location, comprising:
-
a security token operatively coupled to a security controller and including a module that sends a critical security parameter to said security controller for authentication after using a token remote authentication application on said security token to verify a user supplied critical security parameter against one or more reference critical security parameters operatively stored in said security token; a secure access module operatively coupled to said security controller and including a module that securely maintains a shared secret established by an authentication server and incorporating said shared secret into a secure communications connection established with at least an authentication server; an electromechanical circuit that is coupled to and controlled by said security controller and that opens a physical access gateway when energized, wherein said security controller includes; a module that establishes said secure communications connection with at least said authentication server; a module that sends said critical security parameter to said authentication server via said secure communications connection; and a module that energizes said electromechanical circuit in response to an affirmative authentication result received from said authentication server, wherein energizing said electromechanical circuit is limited to a pre-established duration specific to said security token; and
,wherein said authentication server includes; a module that establishes said secure communications with said security controller; a module that performs an authentication transaction in response to receiving said critical security parameter from said security controller; and a module that supplies said affirmative authentication result to said security controller via said secure communications connection following a successful authentication of said critical security parameter to control opening of the physical access gateway and wherein the duration corresponds to an amount of time the physical access gateway is open in a single instance. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A security apparatus for physically controlling access to a protected location, comprising:
a security controller including; a processor; a memory coupled to said processor; a security token interface coupled to said processor; a network transceiver coupled to said processor; a secure access module coupled to said processor; an electromagnetic control circuit coupled to and controlled by said processor; and at least one application installed in at least a portion of said memory having logical instructions executable by said processor to; establish a secure communications connection over a network with at least an authentication server over a network via said network transceiver; perform an authentication transaction in conjunction with said authentication server for a critical security parameter received via said security token interface after a corresponding security token uses a token remote authentication application to verify a user supplied critical security parameter against one or more reference critical security parameters operatively stored in the security token; receive and maintain a shared secret in said secure access module; incorporate said shared secret into said secure communications connection; and energize said electromechanical control circuit upon receipt of an affirmative authentication result associated with said authentication transaction, wherein energizing said electromechanical control circuit is limited to a pre-established duration specific to a security token that interfaces with the security token interface to control opening of a physical access gateway and wherein the duration corresponds to an amount of time the physical access gateway is open in a single instance. - View Dependent Claims (26, 27, 28)
-
29. A system for performing one or more life cycle management transactions with a secure access module coupled to a security controller and a life cycle management server, comprising:
-
a secure access module operatively coupled to a security controller and including a module that securely performs life cycle management functions in conjunction with a life cycle management server, wherein said security controller includes a module that exchanges communications between said secure access module and said life cycle management server, wherein said life cycle server includes a module that securely performs one or more life cycle management transactions in conjunction with said secure access module, and wherein said one or more life cycle management transactions comprises distributing, exchanging, deleting, adding or modifying one or more critical security parameters, applications or user data installed in said secure access module; a security token operative coupled to the security controller, wherein at least one critical security parameter is sent from the security token to the security controller after using a token remote authentication application on the security token to verify a user supplied critical security parameter against one or more reference critical security parameters operatively stored in the security token; and an electromechanical circuit that is coupled to and controlled by said security controller and that opens a physical access gateway when energized, wherein the electromechanical circuit is energized by the security controller if the at least one critical security parameter is authorized, and wherein energizing said electromechanical circuit is limited to a pre-established duration specific to said security token to control opening of a the physical access gateway and wherein the duration corresponds to an amount of time the physical access gateway is open in a single instance. - View Dependent Claims (30)
-
Specification