DYNAMIC ACCESS CONTROL IN RESPONSE TO FLEXIBLE RULES
First Claim
1. A method in a computer system for controlling access to a location based on one or more access rules, the method comprising:
- receiving identification information associated with an individual from a piece of identification;
comparing at least some of the received identification information with a first data set to assess the likelihood that the individual is a person of interest, the first data set including first data items, each first data item corresponding to a person of interest;
comparing at least some of the received identification information with a second data set to assess whether the individual is authorized to access the location, the second data set including second data items, each second data item corresponding to an authorized person; and
if the received identification information does not substantially match a first or second data item, applying one or more access rules to at least some of the read identification information to determine whether the individual is to be granted or denied access to the location.
6 Assignments
0 Petitions
Accused Products
Abstract
A dynamic access control facility that enables an operator to determine whether to grant or deny access to an individual based, in part, on the status of the individual. The operator scans the individual'"'"'s identification information from an identification record using a scanning device. To determine the status of the individual, the facility decodes the scanned identification information and identifies candidates based on the decoded identification information. The facility may identify a number of candidates or no candidates. For each authorized candidate, the facility selects for display the locations or resources that the candidate is authorized to access. When there is at least one candidate, the facility displays the selected candidate(s) to the operator indicating the status of the individual and/or whether access should be denied or granted. In some embodiments, when no candidates are identified, the facility indicates whether the individual should be denied or granted access.
92 Citations
34 Claims
-
1. A method in a computer system for controlling access to a location based on one or more access rules, the method comprising:
-
receiving identification information associated with an individual from a piece of identification; comparing at least some of the received identification information with a first data set to assess the likelihood that the individual is a person of interest, the first data set including first data items, each first data item corresponding to a person of interest; comparing at least some of the received identification information with a second data set to assess whether the individual is authorized to access the location, the second data set including second data items, each second data item corresponding to an authorized person; and if the received identification information does not substantially match a first or second data item, applying one or more access rules to at least some of the read identification information to determine whether the individual is to be granted or denied access to the location. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for controlling access to a location based on locally-defined access rules, the system comprising:
-
a device for reading identification information associated with an individual from an identification document; and a processing component for; comparing at least some of the read identification information with a data set containing records corresponding to persons of interest to determine whether the individual is a person of interest; comparing at least some of the read identification information with a data set containing records corresponding to authorized persons to determine whether the individual is authorized to access the location; and if the read identification information does not substantially match a record corresponding to a person of interest or a record corresponding to an authorized person, applying locally-defined access rules to at least some of the read identification information to determine whether the individual is to be granted or denied access to the location. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer-readable storage medium encoded with instructions that, when executed by a computing system, cause the computing system to control access to a location based on at least one locally-defined access rule, by:
-
reading information from an identification record presented by an individual; comparing at least some of the read identification information with a first data set to determine whether the individual is a person of interest, the first data set including first data items, each first data item corresponding to a person of interest; comparing at least some of the read identification information with a second data set to determine whether the individual is authorized to access the location, the second data set including second data items, each second data item corresponding to an authorized person; if the read identification information substantially matches a first data item and does not substantially match a second data item, providing an indication that the individual is to be denied access to the location; if the read identification information substantially matches a second data item and does not substantially match a first data item, providing an indication that the individual is to be granted access to the location; and if the read identification information does not substantially match a first or second data item, applying the at least one locally-defined access rule to at least some of the read identification information to determine whether the individual it to be granted or denied access to the location. - View Dependent Claims (34)
-
Specification