U.S. patent application number 15/594786 was filed with the patent office on 2018-03-15 for architecture for access management.
This patent application is currently assigned to Tyco Integrated Security, LLC. The applicant listed for this patent is Richard Campero, Sean Davis, Graeme Jarvis, Terezinha Rumble. Invention is credited to Richard Campero, Sean Davis, Graeme Jarvis, Terezinha Rumble.
Application Number | 20180075677 15/594786 |
Document ID | / |
Family ID | 60805282 |
Filed Date | 2018-03-15 |
United States Patent
Application |
20180075677 |
Kind Code |
A1 |
Campero; Richard ; et
al. |
March 15, 2018 |
Architecture for Access Management
Abstract
Described are techniques for security access and control. The
techniques use a system that includes a card reader system
including a processor and memory. The card reader system is
configured to execute a security application that configures the
card reader system to receive an embedded electronic credential
from an access badge, with the embedded electronic credential
carried by the access badge and being associated with a user,
determine whether the credential indicates an authorized access,
generate a message according to a result of the determination, and
send the message to a distributed ledger that logs the result in
the distributed ledger.
Inventors: |
Campero; Richard; (Gilroy,
CA) ; Davis; Sean; (San Jose, CA) ; Jarvis;
Graeme; (Marblehead, MA) ; Rumble; Terezinha;
(Jensen Beach, FL) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Campero; Richard
Davis; Sean
Jarvis; Graeme
Rumble; Terezinha |
Gilroy
San Jose
Marblehead
Jensen Beach |
CA
CA
MA
FL |
US
US
US
US |
|
|
Assignee: |
Tyco Integrated Security,
LLC
Boca Raton
FL
|
Family ID: |
60805282 |
Appl. No.: |
15/594786 |
Filed: |
May 15, 2017 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
62385387 |
Sep 9, 2016 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
G06F 21/31 20130101;
G07F 7/0826 20130101; G06F 21/34 20130101; G06F 21/6263 20130101;
G08B 13/19682 20130101; H04L 9/0825 20130101; H04L 9/06 20130101;
H04L 51/38 20130101; G06F 21/6218 20130101; G06F 17/142 20130101;
G07C 9/28 20200101; H04W 12/08 20130101; H04L 63/083 20130101; H04W
12/0804 20190101; H04L 9/08 20130101; H04L 63/18 20130101; H04W
12/0608 20190101; H04L 63/0853 20130101; H04W 12/0609 20190101;
G06F 16/27 20190101; G06Q 20/3674 20130101; G07C 9/00 20130101;
G06F 21/45 20130101; G06Q 20/363 20130101; G07C 9/00182 20130101;
H04W 4/021 20130101; G06F 9/451 20180201; H04L 9/32 20130101; H04L
63/102 20130101; H04L 63/20 20130101; H04L 63/0823 20130101; H04L
63/101 20130101; H04L 63/107 20130101; G06Q 20/389 20130101; H04L
63/0428 20130101; H04L 63/0861 20130101; H04W 12/06 20130101; G06Q
2220/00 20130101; H04L 9/3213 20130101; H04L 9/3242 20130101; H04L
9/30 20130101 |
International
Class: |
G07C 9/00 20060101
G07C009/00 |
Claims
1. A system comprises: a security access card reader system
including a processor and memory, the security access card reader
system configured to execute a security application that produces
an electronic signal to unlock an electronic lock upon
authenticating an access card, and the security application
configures the security access card reader system to: receive an
embedded electronic credential from an access badge, with the
embedded electronic credential carried by the access badge and
being associated with a user; determine whether the credential
indicates an authorized access; generate a message according to a
result of the determination; and send the message to a distributed
ledger that logs the result in the distributed ledger.
2. The system of claim 1 further comprising, the distributed ledger
system that is a sequential transaction database that comprises
plural distributed database systems that store transaction
records.
3. The system of claim 2 wherein the distributed ledger system
stores transaction records corresponding to personally identifiable
information.
4. The system of claim 1 wherein the card reader is configured to:
send a request to the distributed ledger for information regarding
the credential; and generate the message according to a
determination based on data received from the distributed ledger
and the received credential.
5. The system of claim 1 wherein upon determination that access
should be granted, the card reader system is configured to generate
the electronic control signal to control an electronic locking
device to grant access.
6. The system of claim 1 wherein upon determination that access
should not be granted, the card reader system is configured to:
generate the message that is sent to the distributed ledger, which
message is generated with an indication that access was denied.
7. The system of claim 1 further comprising: the access badge that
includes the embedded electronic credential that is associated with
the user.
8. A method comprises: configuring a security access card reader
system including a processor and memory to execute a security
application that produces an electronic control signal to unlock an
electronic lock upon authenticating an access card, with the
security application configures the card reader system to:
receiving by the security access card reader system, an electronic
credential embedded in a given access badge, with the embedded
electronic credential carried by the given access badge and being
associated with a given user; determining whether the credential
indicates an authorized access; generating a message according to a
result of the determination; and sending the message to a
distributed ledger that logs the result in the distributed
ledger.
9. The method of claim 8 further comprising, sending a request to
the distributed ledger for information regarding the credential;
and generating the message according to a determination based on
data received from the distributed ledger and the received
credential.
10. The method of claim 8 further comprising: generating the
electronic control message that controls an electronic locking
device to grant access in response to the determination that access
should be granted.
11. The method of claim 8 further comprising: generating the
message that is sent to the distributed ledger with an indication
that access was denied in response to the determination that access
should not be granted.
Description
CLAIM OF PRIORITY
[0001] This application claims priority under 35 U.S.C.
.sctn.119(e) to provisional U.S. Patent Application 62/385,387,
filed on Sep. 9, 2016, entitled: "Architecture for Access
Management," the entire contents of which are hereby incorporated
by reference.
BACKGROUND
[0002] This description relates to operation of networks for
dissemination of information.
[0003] Access control systems commonly employ access cards that
include corresponding embedded electronic credentials that are read
by a corresponding card reader. For a given access card, a read
credential is typically compared to an access control list that is
stored in an access control system. If the credential matches to an
approved entry in the access control list, a cardholder in
possession of the access card is allowed certain privileges such
as, for example, access to a locked door. Such systems are widely
deployed in commercial businesses.
[0004] It is common for computer systems to gather information,
such as proprietary data on individuals other entities such as
businesses etc., as well on operational data from other systems.
One type of information is proprietary data such as "personally
identifiable information" commonly referred to as "PII." PII is
information of a sensitive, personal nature that is generally
associated with individuals and is often protected by privacy laws
in many jurisdictions. PII is information that can identify or
contact or locate a single person or to identify an individual in
context. Examples of PII include name, social security number, date
and place of birth, mother's maiden name, biometric records and
information that is linkable to an individual, such as medical,
educational, financial, and employment information, as well as a
user's device IP address used in a communication service
broker.
[0005] Another type of information is proprietary data such as
Machine Identifiable Information or "MII," such as in the context
of the "Internet of Things." That is, other information that is
collected includes operational information such as information used
to control access control systems, intrusion detection systems and
integrated security/alarm systems. For different reasons each of
these types of information may have a sensitive nature that should
limit the ubiquitous retention of such information in disparate
systems.
[0006] Considering PII, modern information technology and the
Internet have made it easier to collect PII and MII through various
mechanisms leading to various problems such as aiding of criminal
acts, identity theft, etc. For example, there have been numerous
reports of security breaches of commercial, governmental and
private systems having databases storing the PII information of
many thousands or millions of individuals.
SUMMARY
[0007] According to an aspect, a system a card reader system
including a processor and memory, the card reader system configured
to execute a security application that configures the card reader
system to receive an embedded electronic credential from an access
badge, with the embedded electronic credential carried by the
access badge and being associated with a user, determine whether
the credential indicates an authorized access, generate a message
according to a result of the determination, and send the message to
a distributed ledger that logs the result in the distributed
ledger.
[0008] Aspects also include systems and methods. Additional
features of the computer program product, systems and methods
include other features disclosed herein.
[0009] One or more of the above aspects may provide one or more of
the following advantages.
[0010] The new architecture employs distributed ledger technologies
that allow an access reader to validate information (a token)
presented via the identity "card", which token is relevant to the
identity of the card holder. Because the information is stored in a
distributed ledger format (i.e., copies of the information to be
validated are stored in numerous locations), the access system has
a higher level of security since it would be extremely difficult to
hack every instance of that information. Moreover, if a hack of the
system was attempted, and the attempt to hack was unsuccessful with
respect to even one instance of the validation information, the
validation would fail and the person's identity would not be
validated, thus maintaining secure access control.
[0011] The details of one or more embodiments of the invention are
set forth in the accompanying drawings and the description below.
Other features, objects, and advantages of the invention is
apparent from the description and drawings, and from the
claims.
DESCRIPTION OF DRAWINGS
[0012] FIG. 1 is a schematic diagram of an exemplary system for
securing PII information.
[0013] FIG. 2 is a block diagram of a distributed ledger.
[0014] FIG. 3 is a block diagram of a broker system.
[0015] FIG. 4 is a block diagram of a facility with access
control.
[0016] FIG. 4A is a blown up view of a portion of FIG. 4.
[0017] FIG. 5 is a block diagram of an example of an access control
system.
[0018] FIG. 6 is a block diagram of an access system using an
access card.
[0019] FIG. 7 is a flow diagram of an access process for the system
of FIG. 6.
[0020] FIG. 8 is a block diagram of an exemplary device/system.
DETAILED DESCRIPTION
[0021] Described herein is a set of techniques that provide a
solution using a distributed ledger optionally with a private
service broker for dissemination between two or more electronic
devices of information such as credential (as well as other
confidential information such as PII), which dissemination occurs
in a controlled, secure and confidential manner. The system
described uses a combination of an access badge with an embedded
credential, which access badge is carried by a user, an access card
reader associated with a security system that has a security system
wallet, a distributed ledger that manages proxies for PII (as well
as other confidential information), along with a service broker
system that securely manages data transmissions and verifications
of the data without actually having the security system wallet
directly access the distributed ledger. In other implementations
the service broker is not used and the security system wallet
directly accesses the distributed ledger.
[0022] Referring now to FIG. 1, an exemplary distributed network
system 10 for access control is shown. In the system 10, several
approaches are feasible as disclosed in the incorporated by
reference provisional application. One such approach discussed in
detail in below uses access badges 12a, 12b, each with embedded
credentials 13a, 13b in conjunction with a distributed ledger 14
back-end that replaces the typical centralized database (not
shown). The access badges 12a, 12b are used with access card
readers 15, in which a user will swipe or otherwise allow the card
readers to read the credential on the user's badge. In some
implementations, the access card reader 15 makes determinations
regarding access. The access badge/distributed ledger approach
provides enhanced user experience, security, compliance and so
forth, as discussed below. The access badge is a physical security
badge. Various form factors can be used as an access badge.
[0023] In the discussion below, the badges 12a, 12b hold users'
credentials 13a, 13b that are needed for access to a facility using
system 10. Also, in the discussion below, the focus will be on
badge 12a and credential 13a.
[0024] The system 10 also includes a distributed ledger system 14.
The distributed ledger system 14 is a sequential transaction
database. An example of a sequential transaction database is the
so-called "Blockchain" that operates with cryptocurrencies, such as
"bitcoin".RTM. (bitcoin project.org). The distributed ledger 14
rather than being dedicated to managing cryptocurrencies, manages
PII transactional records and serves as the backend for a
distributed access system. The distributed ledger system 14
interacts with a security system, e.g., a third party system 18 to
allow access to users to otherwise locked facilities. While sharing
some similarities to the Blockchain as well as other known types of
sequential transaction databases, the distributed ledger 14 has
some significant differences.
[0025] The distributed ledger 14 can have a structure as set out in
FIG. 2. A service broker system 16 is included in some
implementations of the distributed ledger 14. In some
implementations, the service broker 16 interfaces between the card
reader 15 and the distributed ledger 14. In other implementations,
the service broker system 16 is not needed and the card reader 15
will interface directly with the distributed ledger 15.
[0026] The system 10 also includes a third party system 18. The
third party system 18 can be any electronic system (or device) and
is the system/device that seeks some aspect of the PII or other
confidential information of a user that can be obtained from the
security badge 12a, associated with the user. In the examples
discussed below the third party systems are or are aspects of
access systems, both physical access as well as logical access. By
physical access is meant access to physical locations, e.g.,
facilities, whereas logical access relates to access to logical
structures such as electronic devices or applications/data
accessible via electronic devices. The examples discussed below are
in relation to physical access control systems. In the processes
discussed below, some or all of the aforementioned badge 12a,
distributed ledger 14, optionally service broker 16 and third party
access system 18 are used.
[0027] Referring now to FIG. 2, the distributed ledger system 14 is
shown. As mentioned, the distributed ledger system 14 is a
sequential transaction database. The distributed ledger system 14
thus includes distributed databases 32a-32n that are typically
existing in the "Cloud." The distributed database comprise storage
devices 34a-34n that are attached to different interconnected
computers 36a-36n. The distributed databases are controlled by a
distributed database management system that controls storage of
data over a network 38 of the interconnected computers and execute
corresponding replication and duplication processes. Replication
software (not shown) detects changes in the distributed database
contents and once the changes have been detected, replicates the
changes to have all the databases the same. Duplication software
(not shown) identifies one database (not shown) as a master and
then duplicates that database across other databases. Replication
and duplication keep the data current in all distributed storage
locations.
[0028] The distributed databases 32a-32n that form the distributed
ledger system 14 each store encrypted information records. An
exemplary record 40 is shown below. The record 40 is stored in each
of the distributed databases 32a-32n that form the distributed
ledger system 14, which stores the record 40 in an encrypted form
in the distributed ledger system 14. Record 40 has a structure that
includes an attribute type, a hashed and encrypted value of the
attribute, an attester's digital signature of the hashed and
encrypted value and the attester's address.
[0029] An exemplary record format is set out in table below, where
the attribute could be something as simple as the credential
13a.
TABLE-US-00001 User Hashed and Attester Attribute Encrypted Value
Attester Signature Address Attribute encrypt(attribute) Signature
of encrypt(value) Address
[0030] Referring now to FIG. 3, the broker system 16 is shown. The
broker system 16 includes a computer system and executes software
that handshakes between the user system 12 and a vetting agent or
attester. Rather, than the third party device, e.g., access readers
15a, 15b (or more generally the third party system 18) accessing
the distributed ledger 14 directly, all requests for transactions
between the third party device and the requesting device occur
through the broker system 16. In other embodiments, the third party
device, e.g., access readers 15a, 15b (or more generally the third
party system 18) directly access the distributed ledger system
14.
[0031] As shown in FIG. 3, the broker system 16 can be a
compilation of many such broker systems 16a-16n. Each of the broker
systems 16a-16n can comprise computer systems and associated
distributed databases. The broker systems 16a-16n are distributed
over a network of servers that act together to manage the
distributed ledger 14. All attribute hashed values, attester
information, etc. are stored in the distributed ledger 14 and as
the flow diagram below will show the broker systems 16a-n are
configured to access the distributed ledger 14 to obtain and
validate such information.
[0032] Note that in the context of a private distributed ledger
environment, for an enterprise, it may be desirable to not have a
query sent to the attester database for each transaction. Rather, a
business rule could be established that once a validation event has
occurred, then it is good for a period of time, until the attester
database is updated etc., so as to reduce latency.
[0033] Referring now to FIGS. 4, 4A, an implementation of an access
control system is shown. A facility 110 with access control in this
illustrative example, as having two secured rooms 112a and 112b and
a single external entryway 112c. Room 112a has a doorway 113a and
has associated therein an access controller 116a and an ingress
card reader 118a. Room 112b has a doorway 113b and has associated
therein an access controller 116b and two card readers, an ingress
card reader 118b and an egress card reader 118b'. The external
entryway 12c has associated therewith an access controller 116c and
two card readers, an ingress card reader 118c and an egress card
reader 118c'. A detailed view of the external doorway is shown in
FIG. 9A with exemplary door locks 122a, 122b controlled by the
access controller 116c.
[0034] Referring now to FIG. 5, access control system 111 for a
typically facility 110 includes a plurality of access controllers
generally 116. Each of the access controllers 116 can have
designated master controllers (not shown). Conventional techniques
to set up and associate these controllers with a security system
can be used. During installation of an access control system, the
access control system is configured by a technician according to
operational requirements of the facility 110. The system also
includes a gateway 137 that is coupled to the access controllers,
e.g., via master controllers 116a-16c and a LAN, router, modem, to
access the Internet and a firewall, as illustrated, and a server
139 that is coupled to the gateway 137. This is but an illustrative
example. Referring to FIG. 6, a system 150, such as a card reader,
includes a processor 152 and memory 154 and a network interface
card 153 (NIC) in communication with network infrastructure, e.g.,
a router, web server, etc., to access the distributed ledger 14.
The system 150, i.e., card reader 150, is used in conjunction with
a device 156 that includes an embedded electronic credential 158
(e.g., an access badge credential 13a) that is associated with a
user. The card reader 150 executes a security application 160 that
is configured to receive the credential 158 from the device 156 and
determine whether the credential 158 indicates an authorized
access. In FIG. 6, the card reader 150 executing the security
application 160, is further configured to receive credential
information from the distributed ledger 14 and to send transaction
records to the distributed ledger 14.
[0035] Referring now to FIG. 7, in one implementation, a user in
possession of an access badge (e.g., 12a) that includes the
embedded electronic credential 158, e.g., credential 13a, swipes,
or otherwise has the badge accessed by the card reader 150. The
credential embedded in the badge is read 170 by the card reader 150
in a generally conventional manner.
[0036] In one implementation, the processor 152 executing the
security application 156 residing in memory 154 accesses 172 the
distributed ledger 14 to obtain from the distributed ledger a
record corresponding to user's credential. The card reader 150
executing the security application 160 determines or verifies 174
whether the credential 158 that is received from the badge
indicates an authorized access (or other action). The card reader
150 executing the security application 160 sends a request to the
distributed ledger and receives credential information, if any is
found, from the distributed ledger 14. Found credential information
is sent from the distributed ledger 14 to the card reader.
[0037] Verifying 174 by the card reader 150 involves the card
reader determining from the record received from the distributed
ledger 14 some item of information regarding the credential (e.g.,
whether the credential is still valid and if so what access
privileges are associated with the credential, etc.) In other
implementations, either the system, the card reader, the servers
(or both the card readers and servers) analyze the credential
against stored access rules or against other criteria.
[0038] In either case, the card reader 150 generates from the data
received from the distributed ledger 14, a result. The reader
generates a message according to the result. Thus, if the result is
to allow access, the reader generated message is a control message
that grants 176a access, e.g., unlocks an electronic lock on a
door, etc., e.g., the door lock of FIG. 9.
[0039] If the result is to deny access 176b then another action can
occur such as a retry action that is communicated to the user or an
action that is not discernible to the user, but which denies
access.
[0040] With either result (allowing access or denying access) the
card reader sends a corresponding transaction message to the
distributed ledger 14 that logs the result in the distributed
ledger 14. Also, various other access control decisions can be made
based on the result.
[0041] The distributed ledger system stores, among other data,
records of personally identifiable information, as well as, access
transactions. In addition, to the storage of records of PII, the
distributed ledger also include the storage hashes of those records
could be stored instead of or in addition to those records. The
distributed ledger record could record when access was denied or
only when it was successful or could record all transactions
whether access was denied or successful.
[0042] Referring now to FIG. 8, components of system/devices are
shown. Memory stores program instructions and data used by the
processor. The memory may be a suitable combination of random
access memory and read-only memory, and may host suitable program
instructions (e.g. firmware or operating software), and
configuration and operating data and may be organized as a file
system or otherwise. The program instructions stored in the memory
may further store software components allowing network
communications and establishment of connections to the data
network. The software components may, for example, include an
internet protocol (IP) stack, as well as driver components for the
various interfaces. Other software components suitable for
establishing a connection and communicating across network will be
apparent to those of ordinary skill.
[0043] Servers are associated with an IP address and port(s) by
which it communicates with user devices. The server address may be
static, and thus always identify a particular one of monitoring
server to the intrusion detection panels. Alternatively, dynamic
addresses could be used, and associated with static domain names,
resolved through a domain name service. The network interface card
interfaces with the network to receive incoming signals, and may
for example take the form of an Ethernet network interface card
(NIC). The servers may be computers, thin-clients, or the like, to
which received data representative of an alarm event is passed for
handling by human operators. The monitoring station may further
include, or have access to, a subscriber database that includes a
database under control of a database engine. The database may
contain entries corresponding to the various subscriber
devices/processes to panels like the panel that are serviced by the
monitoring station.
[0044] All or part of the processes described herein and their
various modifications (hereinafter referred to as "the processes")
can be implemented, at least in part, via a computer program
product, i.e., a computer program tangibly embodied in one or more
tangible, physical hardware storage devices that are computer
and/or machine-readable storage devices for execution by, or to
control the operation of, data processing apparatus, e.g., a
programmable processor, a computer, or multiple computers. A
computer program can be written in any form of programming
language, including compiled or interpreted languages, and it can
be deployed in any form, including as a stand-alone program or as a
module, component, subroutine, or other unit suitable for use in a
computing environment. A computer program can be deployed to be
executed on one computer or on multiple computers at one site or
distributed across multiple sites and interconnected by a
network.
[0045] Processors suitable for the execution of a computer program
include, by way of example, both general and special purpose
microprocessors, and any one or more processors of any kind of
digital computer. Generally, a processor will receive instructions
and data from a read-only storage area or a random access storage
area or both. Elements of a computer (including a server) include
one or more processors for executing instructions and one or more
storage area devices for storing instructions and data. Generally,
a computer will also include, or be operatively coupled to receive
data from, or transfer data to, or both, one or more
machine-readable storage media, such as mass storage devices for
storing data, e.g., magnetic, magneto-optical disks, or optical
disks.
[0046] Tangible, physical hardware storage devices that are
suitable for embodying computer program instructions and data
include all forms of non-volatile storage, including by way of
example, semiconductor storage area devices, e.g., EPROM, EEPROM,
and flash storage area devices; magnetic disks, e.g., internal hard
disks or removable disks; magneto-optical disks; and CD-ROM and
DVD-ROM disks and volatile computer memory, e.g., RAM such as
static and dynamic RAM, as well as erasable memory, e.g., flash
memory.
[0047] In addition, the logic flows depicted in the figures do not
require the particular order shown, or sequential order, to achieve
desirable results. In addition, other actions may be provided, or
actions may be eliminated, from the described flows, and other
components may be added to, or removed from, the described systems.
Likewise, actions depicted in the figures may be performed by
different entities or consolidated.
[0048] Elements of different embodiments described herein may be
combined to form other embodiments not specifically set forth
above. Elements may be left out of the processes, computer
programs, Web pages, etc. described herein without adversely
affecting their operation. Furthermore, various separate elements
may be combined into one or more individual elements to perform the
functions described herein.
[0049] Other implementations not specifically described herein are
also within the scope of the following claims.
* * * * *