Method and system for providing identity, authentication, and access services

US 9,076,273 B2
Filed: 02/22/2013
Issued: 07/07/2015
Est. Priority Date: 02/24/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing identity, authentication, and access control services in a mobile environment utilizing data encoded tags, the method comprising:

receiving, by a server computing device, tag data and user data from a mobile device via a secure connection, the tag data being read from a data-encoded tag in proximity to the mobile device using short-range communication circuitry embedded in the mobile device, the user data being stored on the mobile device, and the data-encoded tag being logically associated with a physical point of entry to a secure area;

authenticating, by the server computing device, a user of the mobile device based on the user data;

determining, by the server computing device, a location of the physical point of entry using the received tag data;

determining, by the server computing device, whether the user of the mobile device is authorized to pass through the physical point of entry at the location using permissions data associated with the user;

transmitting, by the server computing device, a message to a control panel associated with the physical point of entry that instructs the control panel to grant access to pass through the physical point of entry at the location if the user is authorized;

receiving, by the server computing device, a response from the control panel indicating that access is granted to pass through the physical point of entry at the location; and

transmitting, by the server computing device, a message to the mobile device indicating to the user that access is granted to pass through the physical point of entry at the location.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are methods and systems for providing identity, authentication, and access control services in a mobile environment utilizing data encoded tags. A server computing device receives tag data and user data from a mobile device, the tag data read from a data-encoded tag in proximity to the mobile device using a short-range communication protocol, and the user data stored on the mobile device. The server computing device authenticates a user of the mobile device based on the user data, determines whether the user is authorized to access an access point associated with the data-encoded tag, transmits a message to the access point that instructs the access point to grant user access if the user is authorized, receives a response from the access point indicating that user access is granted and transmits a message to the mobile device indicating to the user that access is granted to the access point.

43 Citations

View as Search Results

25 Claims

1. A method for providing identity, authentication, and access control services in a mobile environment utilizing data encoded tags, the method comprising:
- receiving, by a server computing device, tag data and user data from a mobile device via a secure connection, the tag data being read from a data-encoded tag in proximity to the mobile device using short-range communication circuitry embedded in the mobile device, the user data being stored on the mobile device, and the data-encoded tag being logically associated with a physical point of entry to a secure area;
  
  authenticating, by the server computing device, a user of the mobile device based on the user data;
  
  determining, by the server computing device, a location of the physical point of entry using the received tag data;
  
  determining, by the server computing device, whether the user of the mobile device is authorized to pass through the physical point of entry at the location using permissions data associated with the user;
  
  transmitting, by the server computing device, a message to a control panel associated with the physical point of entry that instructs the control panel to grant access to pass through the physical point of entry at the location if the user is authorized;
  
  receiving, by the server computing device, a response from the control panel indicating that access is granted to pass through the physical point of entry at the location; and
  
  transmitting, by the server computing device, a message to the mobile device indicating to the user that access is granted to pass through the physical point of entry at the location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the tag data includes identification data associated with the tag and identification data associated with the secure area.
  - 3. The method of claim 1, wherein the short-range communication circuitry communicates via infrared, near-field communication (NFC), Bluetooth, and radio frequency identification (RFID).
  - 4. The method of claim 1, wherein the tag data is read from the tag by capturing video with an integrated camera.
  - 5. The method of claim 1, wherein the tag data is read from the tag by scanning an optical code.
  - 6. The method of claim 5, wherein the optical code includes a bar code, a 2-D code, and a QR-code.
  - 7. The method of claim 1, wherein the user data includes identification data associated with the user and identification data associated with the mobile device.
  - 8. The method of claim 1, wherein the mobile device is connected to the server computing device via a cloud-based communications network.
  - 9. The method of claim 1, wherein the received tag data is encrypted using a secure authentication module (SAM) coupled to the mobile device.
  - 10. The method of claim 9, wherein the step of receiving tag data and user data includes decrypting the received tag data and user data.
  - 11. The method of claim 1, further comprising transmitting, by the server computing device, a message to the mobile device indicating an authentication failure if the user is not authorized to pass through the physical point of entry at the location.
  - 12. The method of claim 1, wherein the step of determining whether the user of the mobile device is authorized to pass through the physical point of entry at the location further comprisesdetermining, by the server computing device, one or more of:
    - a list of tags for which the user is permitted access and a level of access attributed to the user, based upon the user data; and
      
      determining, by the server computing device, whether the data-encoded tag is in the list of tags or whether the data-encoded tag is associated with the level of access, based upon the tag data.

13. A system for providing identity, authentication, and access control services in a mobile environment utilizing data encoded tags, the system comprising a server computing device configured to:
- receive tag data and user data from a mobile device via a secure connection, the tag data being read from a data-encoded tag in proximity to the mobile device using short-range communication circuitry embedded in the mobile device, the user data being stored on the mobile device, and the data-encoded tag being logically associated with a physical point of entry to a secure area;
  
  authenticate a user of the mobile device based on the user data;
  
  determine a location of the physical point of entry using the received tag data;
  
  determine whether the user of the mobile device is authorized to pass through the physical point of entry at the location using permissions data associated with the user;
  
  transmit a message to a control panel associated with the physical point of entry that instructs the control panel to grant access to pass through the physical point of entry at the location if the user is authorized;
  
  receive a response from the control panel indicating that access is granted to pass through the physical point of entry at the location; and
  
  transmit a message to the mobile device indicating to the user that access is granted to pass through the physical point of entry at the location.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, wherein the tag data includes identification data associated with the tag and identification data associated with the secure area.
  - 15. The system of claim 13, wherein the short-range communication communicates via infrared, near-field communication (NFC), Bluetooth, and radio frequency identification (RFID).
  - 16. The system of claim 13, wherein the tag data is read from the tag by capturing video with an integrated camera.
  - 17. The system of claim 13, wherein the tag data is read from the tag by scanning an optical code.
  - 18. The system of claim 17, wherein the optical code includes a bar code, a 2-D code, and a QR-code.
  - 19. The system of claim 13, wherein the user data includes identification data associated with the user and identification data associated with the mobile device.
  - 20. The system of claim 13, wherein the mobile device is connected to the server computing device via a cloud-based communications network.
  - 21. The system of claim 13, wherein the received tag data is encrypted using a secure authentication module (SAM) coupled to the mobile device.
  - 22. The system of claim 21, wherein the step of receiving tag data and user data includes decrypting the received tag data and user data.
  - 23. The system of claim 13, further comprising transmitting, by the server computing device, a message to the mobile device indicating an authentication failure if the user is not authorized to pass through the physical point of entry at the location.
  - 24. The system of claim 13, wherein the step of determining whether the user of the mobile device is authorized to pass through the physical point of entry at the location further comprisesdetermining one or more of:
    - a list of tags for which the user is permitted access and a level of access attributed to the user, based upon the user data; and
      
      determining whether the data-encoded tag is in the list of tags or whether the data-encoded tag is associated with the level of access, based upon the tag data.

25. A computer program product, tangibly embodied in a non-transitory computer readable storage device, for providing identity, authentication, and access control services in a mobile environment utilizing data encoded tags, the computer program product including instructions operable to cause a server computing device to:
- receive tag data and user data from a mobile device via a secure connection, the tag data being read from a data-encoded tag in proximity to the mobile device using short-range communication circuitry embedded in the mobile device, the user data being stored on the mobile device, and the data-encoded tag being logically associated with a physical point of entry to a secure area;
  
  authenticate a user of the mobile device based on the user data;
  
  determine a location of the physical point of entry using the received tag data;
  
  determine whether the user of the mobile device is authorized to pass through the physical point of entry at the location using permissions data associated with the user;
  
  transmit a message to a control panel associated with the physical point of entry that instructs the control panel to grant access to pass through the physical point of entry at the location if the user is authorized;
  
  receive a response from the control panel indicating that access is granted to pass through the physical point of entry at the location; and
  
  transmit a message to the mobile device indicating to the user that access is granted to pass through the physical point of entry at the location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Identive Group Incorporated
Original Assignee
Identive Group Incorporated
Inventors
Holmes, David, Tassone, Joseph, Smith, Matthew
Primary Examiner(s)
LEE, SEUNG H

Application Number

US13/774,490
Publication Number

US 20130221094A1
Time in Patent Office

865 Days
Field of Search

235/382, 235/492
US Class Current

1/1
CPC Class Codes

G07C 2009/00357   and the lock having more th...

G07C 2009/00793   by Hertzian waves

G07C 9/00309   operated with bidirectional...

G07C 9/20   involving the use of a pass

Method and system for providing identity, authentication, and access services

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing identity, authentication, and access services

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links