Local access control system management using domain information updates

US 9,922,476 B2
Filed: 08/11/2015
Issued: 03/20/2018
Est. Priority Date: 08/11/2015
Status: Active Grant

First Claim

Patent Images

1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:

a credential input interface configured to receive authentication credentials from a user;

a communications interface communicatively coupled to an access control device associated with the access-controlled area and a domain controller associated with the access control system, the domain controller managing a directory service comprising a plurality of user entries, each user entry comprising physical access attribute information;

a processor communicatively coupled to the credential input interface and the communications interface;

a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing executable program instructions that cause the processor to;

receive, via the communications interface from the domain controller, local domain update information, the local domain update information comprising at least a subset of the plurality of user entries included in the directory service managed by the domain controller;

store the local domain update information within local domain information managed by the access control system;

determine, based on the received authentication credentials and the local domain information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area;

generate, based on the determination, an access control signal configured to implement an access control action by the access control device;

transmit, via the communications interface, the access control signal to the access control device;

generate, based on the determination, a logical access control signal configured to implement a logical access control determination by a resource included in the access-controlled area; and

transmit, via the communications interface, the logical access control signal to the resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are presented for managing physical access to an access-controlled area using a local access control system. In certain embodiments, information that may be used in access control determinations managed by a remote domain controller may be communicated to a local access control system for use in connection with local access control determinations performed by the access control system independent of the domain controller. In some embodiments, such a configuration may allow for access control determinations to be performed when communication with the domain controller is interrupted and/or otherwise limited.

Citations

17 Claims

1. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
- a credential input interface configured to receive authentication credentials from a user;
  
  a communications interface communicatively coupled to an access control device associated with the access-controlled area and a domain controller associated with the access control system, the domain controller managing a directory service comprising a plurality of user entries, each user entry comprising physical access attribute information;
  
  a processor communicatively coupled to the credential input interface and the communications interface;
  
  a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing executable program instructions that cause the processor to;
  
  receive, via the communications interface from the domain controller, local domain update information, the local domain update information comprising at least a subset of the plurality of user entries included in the directory service managed by the domain controller;
  
  store the local domain update information within local domain information managed by the access control system;
  
  determine, based on the received authentication credentials and the local domain information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area;
  
  generate, based on the determination, an access control signal configured to implement an access control action by the access control device;
  
  transmit, via the communications interface, the access control signal to the access control device;
  
  generate, based on the determination, a logical access control signal configured to implement a logical access control determination by a resource included in the access-controlled area; and
  
  transmit, via the communications interface, the logical access control signal to the resource.
- View Dependent Claims (2, 3, 4)
- - 2. The access control system of claim 1, wherein the authentication credentials comprise at least one of a personal identification number, a password, a passphrase, a response to a challenge, a pattern, information stored on a card, information stored on a security token, information stored on a hardware token, information stored on a software token, and biometric identification information.
  - 3. The access control system of claim 1, wherein the access control signal is configured to cause the access control device to actuate a lock associated with the access-controlled area.
  - 4. The access control system of claim 1, wherein the access control signal is configured to cause the access control device to change a status of an alarm system associated with the access-controlled area.

5. A method performed by an access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
- receiving, from a communicatively-coupled domain controller, local domain information, the local domain information comprising a subset of information included in a directory service managed by the domain controller;
  
  receiving, from a communicatively-coupled credential input interface, a physical access request comprising authentication credentials from a user;
  
  identifying, based on the physical access request, physical access attribute information associated with a user entry included in the local domain information;
  
  determining, based on the physical access attribute information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area;
  
  generating, based on the determination, an access control signal configured to implement an access control action by an access control device;
  
  transmitting the access control signal to the access control device; and
  
  generating audited access information regarding access to the access-controlled area by the user.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The method of claim 5, wherein the method further comprises:
    - receiving, from the domain controller, local domain update information; and
      
      updating the local domain information based at least in part on the local domain update information.
  - 7. The method of claim 5, wherein prior to receiving the local domain update information, the method further comprises:
    - transmitting, to the domain controller, a domain information update request.
  - 8. The method of claim 7, wherein the domain information update request is transmitted periodically.
  - 9. The method of claim 5, wherein the authentication credentials comprise at least one of a personal identification number, a password, a passphrase, a response to a challenge, a pattern, information stored on a card, information stored on a security token, information stored on a hardware token, information stored on a software token, and biometric identification information.
  - 10. The method of claim 5, wherein the physical access attribute information comprises at least one credential issued to the user.
  - 11. The method of claim 10, wherein the physical access attribute information further comprises at least one of a personal identification number, a password, a passphrase, a response to a challenge, a pattern, information stored on a card, information stored on a security token, information stored on a hardware token, information stored on a software token, and biometric identification information.
  - 12. The method of claim 5, wherein determining whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area comprises:
    - comparing the authentication credentials with the physical access attribute information; and
      
      determining that the received authentication credentials match the physical access attribute information.
  - 13. The method of claim 5, wherein the access control signal is configured to cause the access control device to actuate a lock associated with the access-controlled area.
  - 14. The method of claim 5, wherein the access control signal is configured to cause the access control device to change a status of an alarm system associated with the access-controlled are.

15. An access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the system comprising:
- a credential input interface configured to receive authentication credentials from a user;
  
  a communications interface communicatively coupled to an access control device associated with the access-controlled area and a domain controller associated with the access control system, the domain controller managing a directory service comprising a plurality of user entries, each user entry comprising physical access attribute information;
  
  a processor communicatively coupled to the credential input interface and the communications interface;
  
  a computer-readable storage medium communicatively coupled to the processor, the computer-readable storage medium storing executable program instructions that cause the processor to;
  
  transmit, via the communications interface to the domain controller, a request for a local domain update;
  
  receive, via the communications interface from the domain controller, local domain update information, the local domain update information comprising at least a subset of the plurality of user entries included in the directory service managed by the domain controller;
  
  store the local domain update information within local domain information managed by the access control system; and
  
  determine, based on the received authentication credentials and the local domain information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area.

16. A method performed by an access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
- receiving, from a communicatively-coupled domain controller, local domain information, the local domain information comprising a subset of information included in a directory service managed by the domain controller;
  
  receiving, from a communicatively-coupled credential input interface, a physical access request comprising authentication credentials from a user;
  
  identifying, based on the physical access request, physical access attribute information associated with a user entry included in the local domain information;
  
  determining, based on the physical access attribute information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area;
  
  generating, based on the determination, an access control signal configured to implement an access control action by an access control device;
  
  transmitting the access control signal to the access control device;
  
  generating, based on the determination, a logical access control signal configured to implement a logical access control determination by a resource included in the access-controlled area; and
  
  transmitting the logical access control signal to the resource.

17. A method performed by an access control system associated with an access-controlled area of a distributed site of an electric power delivery system, the method comprising:
- transmitting, to a communicatively-coupled domain controller, a request for a local domain information;
  
  receiving, from the communicatively-coupled domain controller, local domain information, the local domain information comprising a subset of information included in a directory service managed by the domain controller;
  
  receiving, from a communicatively-coupled credential input interface, a physical access request comprising authentication credentials from a user;
  
  identifying, based on the physical access request, physical access attribute information associated with a user entry included in the local domain information;
  
  determining, based on the physical access attribute information, whether the authentication credentials are associated with a user entry having current access rights to the access-controlled area;
  
  generating, based on the determination, an access control signal configured to implement an access control action by an access control device; and
  
  transmitting the access control signal to the access control device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Schweitzer Engineering Laboratories, Incorporated
Original Assignee
Schweitzer Engineering Laboratories, Incorporated
Inventors
Masters, George W., Gordon, Colin
Primary Examiner(s)
Garcia, Carlos E

Application Number

US14/823,246
Publication Number

US 20170046892A1
Time in Patent Office

952 Days
Field of Search

340 52, 340 521, 340 522, 340 56
US Class Current
CPC Class Codes

G07C 2209/04   Access control involving a ...

G07C 9/00309   operated with bidirectional...

G07C 9/00571   operated by interacting wit...

G07C 9/22   in combination with an iden...

G07C 9/27   with central registration

Local access control system management using domain information updates

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Local access control system management using domain information updates

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links