Controlling physical access to secure areas via client devices in a networked environment

US 9,148,416 B2
Filed: 03/15/2013
Issued: 09/29/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium encoded with software for execution and, when executed, operable to:

receive a request for a physical access credential, wherein the request comprises at least one user access credential associated with a mobile device and at least one physical access point identifier, the at least one user access credential obtained by a sensor associated with a physical lock actuator and the at least one physical access point identifier being associated with the physical lock actuator;

authenticate the request based at least in part on the at least one user access credential;

determine whether the mobile device is in compliance with a plurality of compliance rules, the compliance rules comprising at least a hardware restriction and a mobile device management restriction, the hardware restriction comprising a requirement that the mobile device include a particular hardware capability, the particular hardware capability comprising;

a Bluetooth capability, a camera, and a wireless communications capability, and the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system;

in response to authenticating the request and determining whether the mobile device is in compliance with the plurality of compliance rules, send the physical access credential associated with the physical lock actuator to the mobile device; and

actuate an unlocking function of the physical lock actuator associated with the physical access point identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for providing physical access credentials to a client device. The method may include receiving a request for a physical access credential, where the first request includes at least one user access credential and at least one physical access point identifier. The method may also include determining whether the request should be granted based at least in part on the at least one user access credential. The method may further include, in response to determining that the request should be granted, sending the physical access credential associated with the physical access point.

160 Citations

20 Claims

1. A non-transitory computer-readable medium encoded with software for execution and, when executed, operable to:
- receive a request for a physical access credential, wherein the request comprises at least one user access credential associated with a mobile device and at least one physical access point identifier, the at least one user access credential obtained by a sensor associated with a physical lock actuator and the at least one physical access point identifier being associated with the physical lock actuator;
  
  authenticate the request based at least in part on the at least one user access credential;
  
  determine whether the mobile device is in compliance with a plurality of compliance rules, the compliance rules comprising at least a hardware restriction and a mobile device management restriction, the hardware restriction comprising a requirement that the mobile device include a particular hardware capability, the particular hardware capability comprising;
  
  a Bluetooth capability, a camera, and a wireless communications capability, and the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system;
  
  in response to authenticating the request and determining whether the mobile device is in compliance with the plurality of compliance rules, send the physical access credential associated with the physical lock actuator to the mobile device; and
  
  actuate an unlocking function of the physical lock actuator associated with the physical access point identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The non-transitory computer-readable medium of claim 1, wherein:
    - the request further comprises an additional user credential; and
      
      determining whether the request should be granted is further based at least in part on the additional user credential.
  - 3. The non-transitory computer-readable medium of claim 2, wherein:
    - the additional user credential comprises a biometric identifier representative of a biometric characteristic of a user associated with the user access credential.
  - 4. The non-transitory computer-readable medium of claim 1, the software further operable to:
    - request at least one additional user credential.
  - 5. The computer-readable medium of claim 1, the software further operable to:
    - determine whether the mobile device associated with at least one additional compliance rule; and
      
      in response to determining that the mobile device associated with at least one additional compliance rule, determine whether the mobile device satisfies the at least one additional compliance rule.
  - 6. The non-transitory computer-readable medium of claim 5, wherein:
    - the physical access credential associated with the physical lock actuator is further sent in response to determining that the mobile device satisfies the at least one additional compliance rule.
  - 7. The non-transitory computer-readable medium of claim 5, wherein:
    - in response to determining that the mobile device does not satisfy the at least one additional compliance rule, deny the request to provide the physical access credential associated with the physical lock actuator.
  - 8. The non-transitory computer-readable medium of claim 5, wherein:
    - in response to determining that the mobile device does not satisfy the at least one additional compliance rule, transmitting a command to the mobile device or the physical lock actuator revoking the physical access credential associated with the physical lock actuator.
  - 9. The non-transitory computer-readable medium of claim 1, the software further operable to:
    - determine that the at least one user access credential is associated with a first grouping of user access credentials; and
      
      identify the physical access credentials associated with the first grouping of user access credentials.
  - 10. The non-transitory computer-readable medium of claim 1, the software further operable to:
    - determine a plurality of physical lock actuators to which the at least one user access credential is entitled access;
      
      determine a plurality of security identifiers associated with the plurality of physical lock actuators, wherein each security identifier is associated with a different physical lock actuator; and
      
      create a new physical access credential which includes the plurality of security identifiers.
  - 11. The non-transitory computer-readable medium of claim 1, wherein:
    - the physical access credential comprises a hash of at least one security identifier; and
      
      the hash is decodable by a combination of the at least one user access credential and a security identifier associated with the physical lock actuator.
  - 12. The non-transitory computer-readable medium of claim 1, wherein:
    - the at least one user access credential further includes a device identifier.
  - 13. The non-transitory computer-readable medium of claim 1, the software further operable to:
    - store a log of requests received and physical access credentials issued.
  - 14. The non-transitory computer-readable medium of claim 13, the software further operable to:
    - determine whether the request should be granted is further based at least in part on the log of requests received and physical access credentials issued.

15. A method comprising:
- receiving, from a sensor, a device identifier from a client device;
  
  sending, to a remote server, the device identifier and a security identifier associated with a physical lock actuator;
  
  in response to sending the device identifier and the security identifier, receiving an unlock instruction from the remote server in response to an authentication of the device identifier based at least in part on at least one user access credential and a determination that the client device is in compliance with a plurality of compliance rules, the compliance rules comprising at least a hardware restriction and a mobile device management restriction, the hardware restriction comprising a requirement that the client device include a particular hardware capability, the particular hardware capability comprising;
  
  a Bluetooth capability, a camera, and a wireless communications capability, and the mobile device management restriction comprising a requirement that the client device be enrolled with a mobile device management system; and
  
  in response to receiving the unlock instruction, actuating an unlocking function of the physical lock actuator associated with the security identifier.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, further comprising:
    - receiving, from the sensor, a user access credential from the client device;
      
      sending, to the remote server, the user access credential;
      
      wherein receiving the unlock instruction from the remote server is further in response to sending the user access credential.
  - 17. The method of claim 15, further comprising:
    - receiving, from the sensor, a device profile from the client device, the device profile comprising data associated with the hardware restriction and the mobile device management restriction;
      
      sending, to the remote server, the device profile;
      
      wherein receiving the unlock instruction from the remote server is further in response to sending the device profile.

18. A system comprising:
- a server device comprising;
  
  a communication system configured to;
  
  recognize, using a sensor coupled to the communication system, the presence of a wireless signal received from a mobile device;
  
  in response to recognizing the presence of a wireless signal, transmit a request for at least one physical access credential associated with the wireless signal, wherein the request includes a user access credential; and
  
  receive the at least one physical access credential associated with an area where the wireless signal is present; and
  
  a transceiver configured to;
  
  send at least one physical access credential to a physical access point to actuate a physical lock actuator associated with a security identifier in response to an authentication of the user access credential and a determination that the mobile device is in compliance with a plurality of compliance rules, the compliance rules comprising at least a hardware restriction and a mobile device management restriction, the hardware restriction comprising a requirement that the mobile device include a particular hardware capability, the particular hardware capability comprising;
  
  a Bluetooth capability, a camera, and a wireless communications capability, and the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system;
  
  wherein the physical access point is configured to actuate an unlocking function of the physical lock actuator associated with the security identifier.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 18, wherein the wireless signal comprises at least one of:
    - a public wireless network signal;
      
      a private wireless network signal;
      
      a near field communication signal;
      
      a radio frequency identification (RFID) signal; and
      
      a cellular phone network signal.
  - 20. The apparatus of claim 18, wherein:
    - the physical access point is associated with the area where the wireless signal is present.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Tse, Kar Fai
Primary Examiner(s)
Shaw, Yin-Chen
Assistant Examiner(s)
King, John B

Application Number

US13/840,156
Publication Number

US 20140282929A1
Time in Patent Office

928 Days
Field of Search

726 2- 21, 726 26- 29
US Class Current

1/1
CPC Class Codes

G07C 2009/00769   with data transmission perf...

G07C 2009/0088   centrally

G07C 9/00309   operated with bidirectional...

G07C 9/00571   operated by interacting wit...

G07C 9/257   electronically G07C9/26 tak...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Controlling physical access to secure areas via client devices in a networked environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

160 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling physical access to secure areas via client devices in a networked environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links