Controlling physical access to secure areas via client devices in a network environment

US 9,438,635 B2
Filed: 09/14/2015
Issued: 09/06/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium encoded with executable instructions that, when executed, cause at least one computing device to at least:

identify a request to receive a physical access credential, wherein the request comprises at least one user access credential associated with the mobile device and at least one physical access point identifier, the at least one physical access point identifier being associated with a physical lock actuator;

authenticate the at least one user access credential;

determine whether the mobile device is in compliance with at least one compliance rule, the at least one compliance rule comprising a mobile device management restriction and a hardware restriction, the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system and the hardware restriction comprising a requirement that the mobile device includes particular computer hardware components; and

when the at least one user access credential is authenticated and the mobile device is in compliance with the at least one compliance rule;

authorize the mobile device to receive the physical access credential through the computer network, andauthorize the mobile device to transmit the physical access credential to the physical lock actuator associated with the at least one physical access point identifier to cause the physical lock actuator to be in an unlocked state.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for providing physical access credentials to a client device. The method may include receiving a request for a physical access credential, where the first request includes at least one user access credential and at least one physical access point identifier. The method may also include determining whether the request should be granted based at least in part on the at least one user access credential. The method may further include, in response to determining that the request should be granted, sending the physical access credential associated with the physical access point.

150 Citations

19 Claims

1. A non-transitory computer-readable medium encoded with executable instructions that, when executed, cause at least one computing device to at least:
- identify a request to receive a physical access credential, wherein the request comprises at least one user access credential associated with the mobile device and at least one physical access point identifier, the at least one physical access point identifier being associated with a physical lock actuator;
  
  authenticate the at least one user access credential;
  
  determine whether the mobile device is in compliance with at least one compliance rule, the at least one compliance rule comprising a mobile device management restriction and a hardware restriction, the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system and the hardware restriction comprising a requirement that the mobile device includes particular computer hardware components; and
  
  when the at least one user access credential is authenticated and the mobile device is in compliance with the at least one compliance rule;
  
  authorize the mobile device to receive the physical access credential through the computer network, andauthorize the mobile device to transmit the physical access credential to the physical lock actuator associated with the at least one physical access point identifier to cause the physical lock actuator to be in an unlocked state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the at least one user access credential is obtained by a sensor associated with the mobile device.
  - 3. The non-transitory computer-readable medium of claim 1, the instructions further causing the at least one computing device to at least:
    - requesting at least one additional user credential from the mobile device;
      
      authenticating the at least one additional user access credential; and
      
      if the at least one additional user access credential is authenticated, authorizing the mobile device to receive the physical access credential through the computer network.
  - 4. The non-transitory computer-readable medium of claim 3, wherein the additional user credential comprises a biometric identifier representative of a biometric characteristic of a user associated with the user access credential.
  - 5. The non-transitory computer-readable medium of claim 1, the instructions further causing the at least one computing device to at least:
    - if the at least one user access credential is not authenticated or the mobile device is not in compliance with the at least one compliance rule, refusing to authorize the mobile device to receive the physical access credential through the computer network.
  - 6. The non-transitory computer-readable medium of claim 1, the instructions further causing the at least one computing device to at least:
    - if the at least one user access credential is not authenticated or the mobile device is not in compliance with the at least one compliance rule, revoking the physical access credential.
  - 7. The non-transitory computer-readable medium of claim 1, the instructions further causing the at least one computing device to at least:
    - determining whether the at least one user access credential is associated with a particular user group; and
      
      sending the physical access credential to the physical lock actuator in response to determining that the particular user group is an authorized user group.

8. A system, comprising:
- at least one computing device; and
  
  an application executed by the at least one computing device, the application configured to cause the at least one computing device to at least;
  
  identify a request for a physical access credential, wherein the request comprises at least one user access credential associated with the mobile device and at least one physical access point identifier, the at least one physical access point identifier being associated with a physical lock actuator;
  
  authenticate the at least one user access credential;
  
  determine whether the mobile device is in compliance with at least one compliance rule, the at least one compliance rule comprising a mobile device management restriction and a hardware restriction, the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system and the hardware restriction comprising a requirement that the mobile device includes particular computer hardware components; and
  
  when the at least one user access credential is authenticated and the mobile device is in compliance with the at least one compliance rule;
  
  authorize the mobile device to receive the physical access credential through the computer network, andauthorize the mobile device to transmit the physical access credential to the physical lock actuator associated with the at least one physical access point identifier to cause the physical lock actuator to be in an unlocked state.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the at least one user access credential is obtained by a sensor associated with the mobile device.
  - 10. The system of claim 8, the application further causing the at least one computing device to at least:
    - requesting at least one additional user credential from the mobile device;
      
      authenticating the at least one additional user access credential; and
      
      if the at least one additional user access credential is authenticated, authorizing the mobile device to receive the physical access credential through the computer network.
  - 11. The system of claim 10, wherein the additional user credential comprises a biometric identifier representative of a biometric characteristic of a user associated with the user access credential.
  - 12. The system of claim 8, the application further causing the at least one computing device to at least:
    - if the at least one user access credential is not authenticated or the mobile device is not in compliance with the at least one compliance rule, refusing to authorize the mobile device to receive the physical access credential through the computer network.

13. A method comprising:
- identifying a request to receive a physical access credential, wherein the request comprises at least one user access credential associated with the mobile device and at least one physical access point identifier, the at least one physical access point identifier being associated with a physical lock actuator;
  
  authenticating the at least one user access credential;
  
  determining whether the mobile device is in compliance with at least one compliance rule, the at least one compliance rule comprising a mobile device management restriction and a hardware restriction, the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system and the hardware restriction comprising a requirement that the mobile device includes particular computer hardware components; and
  
  when the at least one user access credential is authenticated and the mobile device is in compliance with the at least one compliance rule;
  
  authorizing the mobile device to receive the physical access credential through the computer network, andauthorizing the mobile device to transmit the physical access credential to the physical lock actuator associated with the at least one physical access point identifier to cause the physical lock actuator to be in an unlocked state.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein the at least one user access credential is obtained by a sensor associated with the mobile device.
  - 15. The method of claim 13, further comprising:
    - requesting at least one additional user credential from the mobile device;
      
      authenticating the at least one additional user access credential; and
      
      if the at least one additional user access credential is authenticated, authorizing the mobile device to receive the physical access credential through the computer network.
  - 16. The method of claim 15, wherein the additional user credential comprises a biometric identifier representative of a biometric characteristic of a user associated with the user access credential.
  - 17. The method of claim 13, further comprising:
    - if the at least one user access credential is not authenticated or the mobile device is not in compliance with the at least one compliance rule, refusing to authorize the mobile device to receive the physical access credential through the computer network.
  - 18. The method of claim 13, further comprising:
    - if the at least one user access credential is not authenticated or the mobile device is not in compliance with the at least one compliance rule, revoking the physical access credential.
  - 19. The method of claim 13, further comprising:
    - determining whether the at least one user access credential is associated with a particular user group; and
      
      sending the physical access credential to the physical lock actuator in response to determining that the particular user group is an authorized user group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Tse, Kar Fai
Primary Examiner(s)
King, John B

Application Number

US14/853,578
Publication Number

US 20160006768A1
Time in Patent Office

358 Days
Field of Search

726 2- 21, 726 26- 29
US Class Current

1/1
CPC Class Codes

G07C 2009/00769   with data transmission perf...

G07C 2009/0088   centrally

G07C 9/00309   operated with bidirectional...

G07C 9/00571   operated by interacting wit...

G07C 9/257   electronically G07C9/26 tak...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Controlling physical access to secure areas via client devices in a network environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

150 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling physical access to secure areas via client devices in a network environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

150 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links