Local access control system management using domain information updates
First Claim
1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
- a credential input interface configured to receive authentication credentials from a user;
a communications interface communicatively coupled to an access control device associated with the access-controlled area and a domain controller associated with the access control system, the domain controller managing a directory service comprising a plurality of user entries, each user entry comprising physical access attribute information;
a processor communicatively coupled to the credential input interface and the communications interface;
a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing executable program instructions that cause the processor to;
receive, via the communications interface from the domain controller, local domain update information, the local domain update information comprising at least a subset of the plurality of user entries included in the directory service managed by the domain controller;
store the local domain update information within local domain information managed by the access control system;
determine, based on the received authentication credentials and the local domain information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area;
generate, based on the determination, an access control signal configured to implement an access control action by the access control device;
transmit, via the communications interface, the access control signal to the access control device;
generate, based on the determination, a logical access control signal configured to implement a logical access control determination by a resource included in the access-controlled area; and
transmit, via the communications interface, the logical access control signal to the resource.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are presented for managing physical access to an access-controlled area using a local access control system. In certain embodiments, information that may be used in access control determinations managed by a remote domain controller may be communicated to a local access control system for use in connection with local access control determinations performed by the access control system independent of the domain controller. In some embodiments, such a configuration may allow for access control determinations to be performed when communication with the domain controller is interrupted and/or otherwise limited.
-
Citations
17 Claims
-
1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
-
a credential input interface configured to receive authentication credentials from a user; a communications interface communicatively coupled to an access control device associated with the access-controlled area and a domain controller associated with the access control system, the domain controller managing a directory service comprising a plurality of user entries, each user entry comprising physical access attribute information; a processor communicatively coupled to the credential input interface and the communications interface; a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing executable program instructions that cause the processor to; receive, via the communications interface from the domain controller, local domain update information, the local domain update information comprising at least a subset of the plurality of user entries included in the directory service managed by the domain controller; store the local domain update information within local domain information managed by the access control system; determine, based on the received authentication credentials and the local domain information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area; generate, based on the determination, an access control signal configured to implement an access control action by the access control device; transmit, via the communications interface, the access control signal to the access control device; generate, based on the determination, a logical access control signal configured to implement a logical access control determination by a resource included in the access-controlled area; and transmit, via the communications interface, the logical access control signal to the resource. - View Dependent Claims (2, 3, 4)
-
-
5. A method performed by an access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
-
receiving, from a communicatively-coupled domain controller, local domain information, the local domain information comprising a subset of information included in a directory service managed by the domain controller; receiving, from a communicatively-coupled credential input interface, a physical access request comprising authentication credentials from a user; identifying, based on the physical access request, physical access attribute information associated with a user entry included in the local domain information; determining, based on the physical access attribute information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area; generating, based on the determination, an access control signal configured to implement an access control action by an access control device; transmitting the access control signal to the access control device; and generating audited access information regarding access to the access-controlled area by the user. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
-
a credential input interface configured to receive authentication credentials from a user; a communications interface communicatively coupled to an access control device associated with the access-controlled area and a domain controller associated with the access control system, the domain controller managing a directory service comprising a plurality of user entries, each user entry comprising physical access attribute information; a processor communicatively coupled to the credential input interface and the communications interface; a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing executable program instructions that cause the processor to; transmit, via the communications interface to the domain controller, a request for a local domain update; receive, via the communications interface from the domain controller, local domain update information, the local domain update information comprising at least a subset of the plurality of user entries included in the directory service managed by the domain controller; store the local domain update information within local domain information managed by the access control system; and determine, based on the received authentication credentials and the local domain information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area.
-
-
16. A method performed by an access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
-
receiving, from a communicatively-coupled domain controller, local domain information, the local domain information comprising a subset of information included in a directory service managed by the domain controller; receiving, from a communicatively-coupled credential input interface, a physical access request comprising authentication credentials from a user; identifying, based on the physical access request, physical access attribute information associated with a user entry included in the local domain information; determining, based on the physical access attribute information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area; generating, based on the determination, an access control signal configured to implement an access control action by an access control device; transmitting the access control signal to the access control device; generating, based on the determination, a logical access control signal configured to implement a logical access control determination by a resource included in the access-controlled area; and transmitting the logical access control signal to the resource.
-
-
17. A method performed by an access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
-
transmitting, to a communicatively-coupled domain controller, a request for a local domain information; receiving, from the communicatively-coupled domain controller, local domain information, the local domain information comprising a subset of information included in a directory service managed by the domain controller; receiving, from a communicatively-coupled credential input interface, a physical access request comprising authentication credentials from a user; identifying, based on the physical access request, physical access attribute information associated with a user entry included in the local domain information; determining, based on the physical access attribute information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area; generating, based on the determination, an access control signal configured to implement an access control action by an access control device; and transmitting the access control signal to the access control device.
-
Specification