Resource management based on physical authentication and authorization
First Claim
1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
- a credential input interface configured to receive authentication credentials from one or more users;
a communications interface communicatively coupled to equipment included within the access-controlled area, the equipment comprising at least one resource;
a processor communicatively coupled to the credential input interface and the communications interface;
a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing instructions that when executed by the processor cause the processor to;
determine whether the authentication credentials received by the credential input interface are associated with one or more users having physical access rights to the access-controlled area;
generate, based on the determination, an access control signal configured to implement an access control action by an access control device associated with the access-controlled area allowing physical access to the one or more users;
identify one or more resource management policies associated with the one or more users based on the authentication credentials, wherein identifying the one or more resource management policies comprises;
determining an attribute associated with the one or more users based on the authentication credentials, andidentifying the one or more resource management policies based on the attribute, the attribute comprising group membership information accessed from a directory service configured to manage computing domain networks accessed by the one or more users;
generate at least one policy enforcement control signal based on the one or more identified resource management policies, the at least one policy enforcement control signal configured to manage access to the at least one resource by the one or more users; and
transmit, via the communications interface, the at least one policy enforcement control signal to the equipment.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed that provide for management of resources of one or more systems included in an access-controlled area of a distributed site of an electric power delivery system. In certain embodiments, one or more users entering and access-controlled area may be identified via physical access control credentials provided to an associated access control system. A determination may be made as to whether the users have access rights to one or more hardware and/or software resources of systems included in the access-controlled area. Based on the determination, control signals may be generated by the access control system to enable and/or disable associated resources.
-
Citations
20 Claims
-
1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
-
a credential input interface configured to receive authentication credentials from one or more users; a communications interface communicatively coupled to equipment included within the access-controlled area, the equipment comprising at least one resource; a processor communicatively coupled to the credential input interface and the communications interface; a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing instructions that when executed by the processor cause the processor to; determine whether the authentication credentials received by the credential input interface are associated with one or more users having physical access rights to the access-controlled area; generate, based on the determination, an access control signal configured to implement an access control action by an access control device associated with the access-controlled area allowing physical access to the one or more users; identify one or more resource management policies associated with the one or more users based on the authentication credentials, wherein identifying the one or more resource management policies comprises; determining an attribute associated with the one or more users based on the authentication credentials, and identifying the one or more resource management policies based on the attribute, the attribute comprising group membership information accessed from a directory service configured to manage computing domain networks accessed by the one or more users; generate at least one policy enforcement control signal based on the one or more identified resource management policies, the at least one policy enforcement control signal configured to manage access to the at least one resource by the one or more users; and transmit, via the communications interface, the at least one policy enforcement control signal to the equipment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
-
a credential input interface configured to receive authentication credentials from one or more users; a communications interface configured to receive identification information from one or more transient assets and being communicatively coupled to equipment included within the access-controlled area, the equipment comprising at least one resource; a processor communicatively coupled to the credential input interface and the communications interface; a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing instructions that when executed by the processor cause the processor to; determine whether the authentication credentials received by the credential input interface are associated with one or more users having physical access rights to the access-controlled area; generate, based on the determination, an access control signal configured to implement an access control action by an access control device associated with the access-controlled area allowing physical access to the one or more users; receive, in response to a transient asset discovery process performed by the processor, identification information from the one or more transient assets located within the access-controlled area; identify one or more resource management policies associated with the one or more users, wherein identifying the one or more resource management policies comprises; determining an attribute associated with the one or more users based on the authentication credentials, and identifying the one or more resource management policies based on the attribute, the attribute comprising group membership information accessed from a directory service configured to manage computing domain networks accessed by the one or more users; generate at least one policy enforcement control signal based on the one or more identified resource management policies, the authentication credentials, and the identification information, the at least one policy enforcement control signal configured to manage access to the at least one resource; and transmit, via the communications interface, the at least one policy enforcement control signal to the equipment. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for managing at least one resource associated with equipment included in an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
-
receiving authentication credentials from one or more users; determining that the received authentication credentials are associated with one or more users having physical access rights to the access-controlled area; generating, based on the determination, a control signal configured to allow the one or more users physical access to the access-controlled area; identifying one or more resource management policies associated with the one or more users based on the authentication credentials, wherein identifying the one or more resource management policies comprises; determining an attribute associated with the one or more users based on the authentication credentials by accessing a directory service configured to manage computing domain networks accessed by the one or more users to determine group membership information associated with the one or more users, and identifying the one or more resource management policies based on the attribute; generating at least one policy enforcement control signal based on the one or more identified resource management policies, the at least one policy enforcement signal configured to manage access to the at least one resource by the one or more sources; and transmitting the at least one policy enforcement control signal to the equipment. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification