Resource management based on physical authentication and authorization

US 9,779,566 B2
Filed: 08/11/2015
Issued: 10/03/2017
Est. Priority Date: 08/11/2015
Status: Active Grant

First Claim

Patent Images

1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:

a credential input interface configured to receive authentication credentials from one or more users;

a communications interface communicatively coupled to equipment included within the access-controlled area, the equipment comprising at least one resource;

a processor communicatively coupled to the credential input interface and the communications interface;

a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing instructions that when executed by the processor cause the processor to;

determine whether the authentication credentials received by the credential input interface are associated with one or more users having physical access rights to the access-controlled area;

generate, based on the determination, an access control signal configured to implement an access control action by an access control device associated with the access-controlled area allowing physical access to the one or more users;

identify one or more resource management policies associated with the one or more users based on the authentication credentials, wherein identifying the one or more resource management policies comprises;

determining an attribute associated with the one or more users based on the authentication credentials, andidentifying the one or more resource management policies based on the attribute, the attribute comprising group membership information accessed from a directory service configured to manage computing domain networks accessed by the one or more users;

generate at least one policy enforcement control signal based on the one or more identified resource management policies, the at least one policy enforcement control signal configured to manage access to the at least one resource by the one or more users; and

transmit, via the communications interface, the at least one policy enforcement control signal to the equipment.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed that provide for management of resources of one or more systems included in an access-controlled area of a distributed site of an electric power delivery system. In certain embodiments, one or more users entering and access-controlled area may be identified via physical access control credentials provided to an associated access control system. A determination may be made as to whether the users have access rights to one or more hardware and/or software resources of systems included in the access-controlled area. Based on the determination, control signals may be generated by the access control system to enable and/or disable associated resources.

Citations

20 Claims

1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
- a credential input interface configured to receive authentication credentials from one or more users;
  
  a communications interface communicatively coupled to equipment included within the access-controlled area, the equipment comprising at least one resource;
  
  a processor communicatively coupled to the credential input interface and the communications interface;
  
  a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing instructions that when executed by the processor cause the processor to;
  
  determine whether the authentication credentials received by the credential input interface are associated with one or more users having physical access rights to the access-controlled area;
  
  generate, based on the determination, an access control signal configured to implement an access control action by an access control device associated with the access-controlled area allowing physical access to the one or more users;
  
  identify one or more resource management policies associated with the one or more users based on the authentication credentials, wherein identifying the one or more resource management policies comprises;
  
  determining an attribute associated with the one or more users based on the authentication credentials, andidentifying the one or more resource management policies based on the attribute, the attribute comprising group membership information accessed from a directory service configured to manage computing domain networks accessed by the one or more users;
  
  generate at least one policy enforcement control signal based on the one or more identified resource management policies, the at least one policy enforcement control signal configured to manage access to the at least one resource by the one or more users; and
  
  transmit, via the communications interface, the at least one policy enforcement control signal to the equipment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the at least one resource comprises a hardware resource.
  - 3. The system of claim 2, wherein the hardware resource comprises at least one of a communications port, a status indicator light, a input interface, a display interface, and a processing environment.
  - 4. The system of claim 1, wherein the at least one resource comprises a software resource.
  - 5. The system of claim 4, wherein the software resource comprises at least one of an application, a graphical user interface, a communications protocol, a software process, and an information database.
  - 6. The system of claim 1, wherein the equipment is in an operational state prior to determining whether the authentication credentials are associated with one or more users having physical access rights to the access-controlled area.
  - 7. The system of claim 1, wherein the at least one policy enforcement control signal is configured to enable the at least one resource.
  - 8. The system of claim 1, wherein the at least one policy enforcement control signal is configured to disable the at least one resource.
  - 9. The system of claim 1, wherein identifying the one or more resource management policies further comprises:
    - determining an identity of the one or more users based on the authentication credentials; and
      
      identifying the one or more resource management policies based further on the identity of the one or more users.

10. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
- a credential input interface configured to receive authentication credentials from one or more users;
  
  a communications interface configured to receive identification information from one or more transient assets and being communicatively coupled to equipment included within the access-controlled area, the equipment comprising at least one resource;
  
  a processor communicatively coupled to the credential input interface and the communications interface;
  
  a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing instructions that when executed by the processor cause the processor to;
  
  determine whether the authentication credentials received by the credential input interface are associated with one or more users having physical access rights to the access-controlled area;
  
  generate, based on the determination, an access control signal configured to implement an access control action by an access control device associated with the access-controlled area allowing physical access to the one or more users;
  
  receive, in response to a transient asset discovery process performed by the processor, identification information from the one or more transient assets located within the access-controlled area;
  
  identify one or more resource management policies associated with the one or more users, wherein identifying the one or more resource management policies comprises;
  
  determining an attribute associated with the one or more users based on the authentication credentials, andidentifying the one or more resource management policies based on the attribute, the attribute comprising group membership information accessed from a directory service configured to manage computing domain networks accessed by the one or more users;
  
  generate at least one policy enforcement control signal based on the one or more identified resource management policies, the authentication credentials, and the identification information, the at least one policy enforcement control signal configured to manage access to the at least one resource; and
  
  transmit, via the communications interface, the at least one policy enforcement control signal to the equipment.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein the at least one resource comprises a hardware resource.
  - 12. The system of claim 10, wherein the at least one resource comprises a software resource.
  - 13. The system of claim 10, wherein the at least one policy enforcement control signal is configured to enable the at least one resource.
  - 14. The system of claim 10, wherein the at least one policy enforcement control signal is configured to disable the at least one resource.

15. A method for managing at least one resource associated with equipment included in an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
- receiving authentication credentials from one or more users;
  
  determining that the received authentication credentials are associated with one or more users having physical access rights to the access-controlled area;
  
  generating, based on the determination, a control signal configured to allow the one or more users physical access to the access-controlled area;
  
  identifying one or more resource management policies associated with the one or more users based on the authentication credentials, wherein identifying the one or more resource management policies comprises;
  
  determining an attribute associated with the one or more users based on the authentication credentials by accessing a directory service configured to manage computing domain networks accessed by the one or more users to determine group membership information associated with the one or more users, andidentifying the one or more resource management policies based on the attribute;
  
  generating at least one policy enforcement control signal based on the one or more identified resource management policies, the at least one policy enforcement signal configured to manage access to the at least one resource by the one or more sources; and
  
  transmitting the at least one policy enforcement control signal to the equipment.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the at least one resource comprises a hardware resource.
  - 17. The method of claim 15, wherein the at least one resource comprises a software resource.
  - 18. The method of claim 15, wherein the at least one policy enforcement control signal is configured to enable the at least one resource.
  - 19. The method of claim 15, wherein the at least one policy enforcement control signal is configured to disable the at least one resource.
  - 20. The method of claim 15, wherein identifying the one or more resource management policies further comprises:
    - determining an identity of the one or more users based on the authentication credentials; and
      
      identifying the one or more resource management policies based further on the identity of the one or more users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Schweitzer Engineering Laboratories, Incorporated
Original Assignee
Schweitzer Engineering Laboratories, Incorporated
Inventors
Gammel, Dennis, Masters, George W., Robinson, Kylan T.
Primary Examiner(s)
Negron, Daniell L

Application Number

US14/823,219
Publication Number

US 20170046895A1
Time in Patent Office

784 Days
Field of Search

None
US Class Current
CPC Class Codes

G07C 2209/04   Access control involving a ...

G07C 9/00174   Electronically operated loc...

G07C 9/00571   operated by interacting wit...

G07C 9/0069   actuated in a predetermined...

G07C 9/32   in combination with an iden...

H04W 4/08   User group management

H04W 4/80   Services using short range ...

Resource management based on physical authentication and authorization

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Resource management based on physical authentication and authorization

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links