Patent Grant
8707414
The present application is a non-provisional application of Australian Patent Application No. 2010900052, filed Jan. 7, 2010, entitled, “SYSTEMS AND METHODS FOR LOCATION AWARE ACCESS CONTROL MANAGEMENT,” which is incorporated herein by reference.
The present invention relates to access control, and more particularly to systems and methods for location aware access control management. Embodiments of the invention have been particularly developed for providing additional functionalities in access control environments (that is, access control systems) having both connected and disconnected access control devices, and the present disclosure is primarily focused accordingly. Although the invention is described hereinafter with particular reference to such applications, it will be appreciated that the invention is applicable in broader contexts.
Any discussion of the prior art throughout the specification should in no way be considered as an admission that such prior art is widely known or forms part of common general knowledge in the field.
It is known to use a large number of access control devices in an access control environment. It is also known for such an environment to include:
The manner in which disconnected access control devices operate in the context of an access control environment creates various challenges. It follows that there is a need in the art for improved systems and methods for access control management.
It is an object of the present invention to overcome or ameliorate at least one of the disadvantages of the prior art, or to provide a useful alternative.
One embodiment provides an access control device for operation in an access control system including a central server, one or more disconnected access control devices, and one or more connected access control devices, the device including:
an interface for interacting with an access control token for the purposes of an access transaction;
a processor and associated memory configured for processing data received from the access control token in relation to the access transaction thereby to selectively allow or deny access; and a receiver for determining geographical positional information for the access transaction.
One embodiment provides a method for operating an access control device, wherein the access control device is part of an access control system including a central server, one or more disconnected access control devices, and one or more connected access control devices, the method including:
interacting with an access control token for the purposes of an access transaction;
processing data received from the access control token in relation to the access transaction thereby to selectively allow or deny access; and
determining, based on data derived by a receiver, geographical positional information for the access transaction.
One embodiment provides an access control system including:
a central server;
one or more connected access control devices that are in communication with the central server via a network; and
one or more disconnected access control devices that are not in communication with the central server via the network, wherein the disconnected devices are configured to propagate information back to the central server by writing data to access control tokens presented by users;
wherein at least one disconnected access control device includes a receiver for determining geographical positional information and is configured for writing to an access control token data indicative of the geographical positional information associated with an access transaction.
Reference throughout this specification to “one embodiment” or “an embodiment” or “some embodiments” means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases “in one embodiment” or “in an embodiment” or “in some embodiments” in various places throughout this specification are not necessarily all referring to the same embodiment, but may. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner, as would be apparent to one of ordinary skill in the art from this disclosure, in one or more embodiments.
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
Described herein are systems and methods for access control management, these generally being directed towards location aware access control management. Embodiments of the invention have been particularly developed for providing additional functionalities in access control systems having both connected devices and disconnected devices, and the present disclosure is primarily focused accordingly. For example, embodiments include access control devices configured to operate in conjunction with a GPS receiver or other source of geographical positional information, and methods associated with the use of such devices.
Access Control Environment
Although server 110 is schematically illustrated as a single component, in some cases it is defined by a plurality of distributed networked components.
For the sake of the present disclosure, it is assumed that each of access control devices 102 to 107 include similar hardware and software components, and that each device is configured to progress between a connected state and a disconnected state depending on whether or not a connection to network 108 and central administration server 110 is available. However, in other embodiments a variety of different access control devices are used. For example, in some embodiments the access control devices are designed, from a hardware perspective, to allow/deny control to a variety of different locations or functionalities.
In the context of the present disclosure, the term “access control device” refers generally to any device having an “access control” functionality. That is, any device with which a user interacts to gain access to a physical region or virtual functionality. An access control device includes hardware and software components. Common examples include devices that control locking mechanisms on doors or other barriers. However, access control devices are also used for purposes such as activating lighting in a room, controlling access to a vehicle (for example verifying a person is permitted to board a bus), and so on.
In the examples below, particular reference is made to an access control device that is mounted in a vehicle, such as a bus. Such an access control device is configured to operate as a disconnected device in an access control environment (i.e. in an environment that also includes devices that open doors and the like). There is particular mention in the present disclosure of an access control device for operation in an access control system including a central server, one or more disconnected access control devices, and one or more connected access control devices. This compatibility distinguishes an access control device from an alternate form of device (for example a traditional ticket machine located on a bus or the like) in the sense that all devices are configured through a common system for complementary interaction and functionality.
Access Control Device
Access control device 201 includes a processor 202 coupled to a memory module 203. Memory module 203 carries software instructions 204 which, when executed on processor 202, allow access control device 201 to perform various methods and functionalities described herein.
In the present example, access control device 201 is configured for selectively granting access to a controlled functionality. In particular, processor 201 is coupled to a controlled functionality actuator 209. In the present example actuator 209 is coupled to a controlled external device 208. For example, in one embodiment actuator 209 locks and/or unlocks an external device in the form of a door. In another example the controlled functionality is notional, such as permission to board a bus. In one such example, the controlled functionality actuator provides a tone and/or light to indicate that access is granted.
A user wishing to gain access to the controlled functionality presents an access token to device 201. In the present example, the token takes the form of a smartcard, which is presented to a smartcard reader 210, which is also coupled to processor 201. Upon presentation of the smartcard, processor 201 performs an authorization/authentication process to determine whether or not access should be granted. In the event that the authorization/authentication process is successful, actuator 209 grants access. If the process is unsuccessful, actuator 209 denies access (achieved optionally either by inactivity or positive action).
The process whereby a user presents a smartcard (or other token), and the token is read and data processed, is presently referred to as an access transaction.
The nature of card reader present varies between embodiments depending on the nature of access card that is used in a given access control environment. In the embodiment of
Access control device 201 is presently configured to operate as a connected access control device or a disconnected access control device, depending on whether a connection to a central administration server is available. To this end, in the present embodiment, device 201 includes a network interface 212 (such as a Ethernet or other wired/wireless network interface) coupled to processor 202 for allowing access control device 201 to communicate over a network (such as network 108 of
Device 201 includes a receiver 220 for determining geographical positional information. In the present embodiment receiver 220 takes the form of a GPS module, although other components may be used. Module 220 is configured for determining geographical positional information in relation to access transactions that occur. For example, data indicative of positional information is associated with data indicative of an access transaction, thereby to allow subsequent analysis of the access transaction based on the location at which device 201 was located when the transaction occurred. In this manner, the inclusion of receiver 220 allows for location aware access control management. Various functionalities stemming from location awareness are discussed further below.
Device 201 additionally includes, at least in some embodiments, a remote communications interface 221, such as a GSM module (or other cellular communications interface) GPS-based communications interface (for example a GPSFlight module). This allows device 201 to provide messages to remote devices (for example via SMS or another messaging protocol). Interface 221 is not used to allow connected operation of device 201; even with an operable interface 221 device 201 remains in a disconnected state. Generally speaking, interface 221 is included only in embodiments where its functionality is required, for example in the context of examples discussed further below.
Location Aware Access Transactions
Step 301 includes interacting with an access control token for the purposes of an access transaction. This presently includes reading a smartcard presented to the access control device for the purpose of an access transaction. The access transaction is then processed at step 302, including processing data received from the access control token in relation to the access transaction thereby to selectively allow or deny access to a controlled functionality.
Step 303 includes determining, based on data derived by receiver 220, geographical positional information for the access transaction. This data is then associated with the access transaction. The present method includes writing GPS/transaction data to the smartcard at 304, such that the smartcard carries data indicative of the transaction and the location of device 201 at the time of the transaction. This data is subsequently propagated back to the central server at 305.
In the present embodiment, the data indicative of geographical positional information associated with the access transaction is propagated back to the central server by subsequent interaction between the access control token and a connected access control device of the access control system. That is, a user subsequently presents his/her smartcard to a connected device in the access control environment, and data read from that card is communicated to the central server.
In other embodiments, rather than using smartcard based back-propagation, GPS/transaction data is stored at device 201 until such a time as device 201 is configured for communication with the central server (for example by connecting to a network and operating as a connected access control device). A particular example of this is discussed further below in a section entitled “location aware network connectivity”.
Transportation Monitoring
In some embodiments, the data indicative of geographical positional information associated with an access transaction is propagated back to the central server for determining transportation information in respect of a holder of the smartcard. For example, one embodiment makes use of access control devices on employee transportation vehicles for the purposes of monitoring (and optionally monetizing) employee transportation. Exemplary methods directed towards such an embodiment are provided in
At step 401, the employee boards the bus. Then, at 402, the employee presents his/her smartcard to an access control device positioned on the bus. This initiates an access transaction at 403, and it is assumed for the present purposes that this transaction results in approval (meaning the employee is admitted to travel on the bus). Step 402 includes writing GPS and transaction data to the smartcard. The employee presents the card once again at 405 when preparing to exit the bus (at 408), resulting in a further access transaction at 406 and GPS/transaction data write process at 407.
In terms of the GPS/transaction data written to the smartcard at 404 and 407, in each case a portion of information is defined on the smartcard which is indicative of the access transaction and the location of the access transaction, and optionally other details such as the time, nature, card holder, and the like. The precise nature of information is dependent on data requirements of a server procedure that utilizes the data, for example in the context of monetizing employee transportation costs.
At 409, the employee presents his/her smartcard to a connected access control device belonging to the same access control environment at the on-bus access control device. That connected device reads the GPS/transaction data from the smartcard at 410, and communicates that data to the central server at 411. The connected device optionally deletes the data after it is read. The server then processes the data at 412, presently for the purposes of determining employee travel data history. For example, travel costs are optionally determined based on the distance covered by the employee (calculated based on location data for sequential access transactions).
As noted above, in some embodiments approaches other than smartcard back-propagation are used to communicate data back to a central server. In some embodiments travel data (i.e. data associating a cardholder, one or more transactions, and one or more locations) is maintained at the on-bus device until such a time as that device shifts operation to function as a connected device (for instance as discussed in the following section).
Location Aware Network Connectivity
As noted above, in some embodiments device 201 includes a wireless network interface 212 (for example am 802.11 type wireless network card or the like for connecting to a wireless LAN). The combination of this with a GPS module as presently considered is leveraged to provide for location aware network connectivity. In overview, the access control device local memory maintains geographical positional information indicative of one or more connectivity zones. The device is configured such that the wireless network interface is actuated responsive to the GPS module indicating that the device is within one or more of the connectivity zones.
The general notion is to define connectivity zones that correspond to regions where a wireless network is available, being a wireless network over which device 201 is able to communicate with the central server of the access control environment, and hence progress into a connected mode of operation. In some cases, the connectivity zone is defined by reference to GPS coordinates of a home location for the vehicle, optionally in combination with a location size parameter. In other cases GPS coordinates are used to define zones bounded by known points or the like (for example using a polygon-based mapping approach).
Using this technology, whenever a bus reaches an office or home location, the wireless on the disconnected device can be turned on automatically (based on location information pre-configured in reader) for either uploading access data to central server or downloading configuration changes from central server. This is particularly useful in reducing security risks of keeping the wireless interface open on the device throughout the duration of the journey.
At step 501, the wireless network interface is disabled. This is somewhat of an arbitrary starting point, as the method could alternately commence at a point where the interface is enabled (see step 504). The general crux is that steps 501 and 504 respectively define states where the wireless interface is disabled and enabled. If, upon reaching one of these steps, the device is in the incorrect state, the step includes a process of activating or deactivating the network interface (whichever is appropriate in the circumstances). If, upon reaching one of these steps, the device is in the correct state, the step may include little or no activity.
Step 502 includes monitoring positional data from the GPS module, and combines with decision 503 which assesses whether the GPS module indicates that the device is within a predetermined connectivity zone. In the case that the GPS module does not indicate that the device is within a predetermined connectivity zone, the method loops to step 502. In the case that the GPS module indicates that the device is within a predetermined connectivity zone, the method progresses to 504 thereby to enable the wireless interface. A further monitoring/decision process is performed at 505 and 506. In the case that the GPS module indicates that the device is within a predetermined connectivity zone, the method loops from 506 to 505, and the wireless interface remains enabled. In the case that the GPS module does not indicate that the device is within a predetermined connectivity zone, the method loops to 501, and the wireless interface is disabled.
Various alternate approaches are optionally implemented to replace the second monitoring/decision process of 505 and 506, including time-based activation of the wireless network interface, and automated de-activation upon loss of wireless network connectivity.
Location Aware Remote Alert Functionality
As noted above, in some embodiments device 201 includes a remote communications interface 221, such as a GSM module (or other cellular communications interface) GPS-based communications interface (for example a GPSFlight module). This allows device 201 to provide messages to remote devices (for example via SMS or another messaging protocol). Interface 221 is not used to allow connected operation of device 201; even with an operable interface 221 device 201 remains in a disconnected state.
In some embodiments, interface 221 is used for providing location aware remote alert functionalities. In general terms, the device is configured to operate such that a signal is provided via the telecommunications interface responsive to an access transaction when predefined conditions are met by reference to geographical positional data. For example, a signal may be provided responsive to an access transaction involving a specified token that takes place at a specified location (or alternately at a location other than a specified location).
Location aware remote alert functionalities are described below by reference to a safety application for the transportation of students on buses (for example school buses), shown in
Referring to
Steps 602 and 603 respectively include defining configuration data indicative of student travel data (which may serve to update existing student travel data at a device), and deploying that data to one or more devices (connected and/or disconnected) thereby to configure those devices to function based on the travel data. The deployment of configuration data to disconnected devices may be achieved via various methods, including the use of smartcards, portable manual update devices, and the like. In other embodiments configuration data for each student is stored on the students' respective smartcards, such that a device is configured to upload a given student's travel data upon that student interacting with the device.
The configuration data is applied by an on-bus access control device at 604. At a later point in time, that device reads a student smartcard at 605 upon the student entering the bus. This essentially informs the device that a particular student is on the bus. Travel data for that student is then identified at 606, and alerts raised at 607 based on rules defined in the configuration data. For example, the alerts are raised based on a relationship between GPS data and student travel data. In some cases the alerts are SMS alerts sent to a specified addressee, such as a particular student's parent or guardian. SMS alerts of this nature are optionally provided in any one or more of the following ways:
Alerts are also raised in the event that deviations from expected travel arrangements are observed, for example to prevent students from exiting the bus at other than a specified location, and so on.
It will be appreciated that such location based aware alerts are particularly useful in the context of monitoring the movement of cardholders in a region controlled by one or more disconnected devices, both for the purposes of monitoring safety and other issues.
Conclusions
It will be appreciated that the present disclosure provides for various systems and methods for managing access control devices (particularly disconnected devices), which are advantageous in light of what is known in the art. In particular, the use of smartcards for delivering configuration data to disconnected readers presents a time and cost effective approach, and this is further improved by the ability to obtain the relevant configuration data from any connected access control device.
Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as “processing,” “computing,” “calculating,” “determining”, analyzing” or the like, refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulate and/or transform data represented as physical, such as electronic, quantities into other data similarly represented as physical quantities.
In a similar manner, the term “processor” may refer to any device or portion of a device that processes electronic data, e.g., from registers and/or memory to transform that electronic data into other electronic data that, e.g., may be stored in registers and/or memory. A “computer” or a “computing machine” or a “computing platform” may include one or more processors.
The methodologies described herein are, in one embodiment, performable by one or more processors that accept computer-readable (also called machine-readable) code containing a set of instructions that when executed by one or more of the processors carry out at least one of the methods described herein. Any processor capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken are included. Thus, one example is a typical processing system that includes one or more processors. Each processor may include one or more of a CPU, a graphics processing unit, and a programmable DSP unit. The processing system further may include a memory subsystem including main RAM and/or a static RAM, and/or ROM. A bus subsystem may be included for communicating between the components. The processing system further may be a distributed processing system with processors coupled by a network. If the processing system requires a display, such a display may be included, e.g., an liquid crystal display (LCD) or a cathode ray tube (CRT) display. If manual data entry is required, the processing system also includes an input device such as one or more of an alphanumeric input unit such as a keyboard, a pointing control device such as a mouse, and so forth. The term memory unit as used herein, if clear from the context and unless explicitly stated otherwise, also encompasses a storage system such as a disk drive unit. The processing system in some configurations may include a sound output device, and a network interface device. The memory subsystem thus includes a computer-readable carrier medium that carries computer-readable code (e.g., software) including a set of instructions to cause performing, when executed by one or more processors, one of more of the methods described herein. Note that when the method includes several elements, e.g., several steps, no ordering of such elements is implied, unless specifically stated. The software may reside in the hard disk, or may also reside, completely or at least partially, within the RAM and/or within the processor during execution thereof by the computer system. Thus, the memory and the processor also constitute computer-readable carrier medium carrying computer-readable code.
Furthermore, a computer-readable carrier medium may form, or be includes in a computer program product.
In alternative embodiments, the one or more processors operate as a standalone device or may be connected, e.g., networked to other processor(s), in a networked deployment, the one or more processors may operate in the capacity of a server or a user machine in server-user network environment, or as a peer machine in a peer-to-peer or distributed network environment. The one or more processors may form a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
Note that while some diagrams only show a single processor and a single memory that carries the computer-readable code, those in the art will understand that many of the components described above are included, but not explicitly shown or described in order not to obscure the inventive aspect. For example, while only a single machine is illustrated, the term “machine” or “device” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
At least one embodiment of each of the methods described herein is in the form of a computer-readable carrier medium carrying a set of instructions, e.g., a computer program that are for execution on one or more processors, e.g., one or more processors that are part an information system. Thus, as will be appreciated by those skilled in the art, embodiments of the present invention may be embodied as a method, an apparatus such as a special purpose apparatus, an apparatus such as a data processing system, or a computer-readable carrier medium, e.g., a computer program product. The computer-readable carrier medium carries computer readable code including a set of instructions that when executed on one or more processors cause the processor or processors to implement a method. Accordingly, aspects of the present invention may take the form of a method, an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of carrier medium (e.g., a computer program product on a computer-readable storage medium) carrying computer-readable program code embodied in the medium.
The software may further be transmitted or received over a network via a network interface device. While the carrier medium is shown in an exemplary embodiment to be a single medium, the term “carrier medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. In some cases the carrier medium is a non-transitory storage medium. The term “carrier medium” shall also be taken to include any medium that is capable of storing, encoding or carrying a set of instructions for execution by one or more of the processors and that cause the one or more processors to perform any one or more of the methodologies of the present invention. A carrier medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical, magnetic disks, and magneto-optical disks. Volatile media includes dynamic memory, such as main memory. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise a bus subsystem. Transmission media also may also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications. For example, the term “carrier medium” shall accordingly be taken to included, but not be limited to, solid-state memories, a computer product embodied in optical and magnetic media, a medium bearing a propagated signal detectable by at least one processor of one or more processors and representing a set of instructions that when executed implement a method, a carrier wave bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions a propagated signal and representing the set of instructions, and a transmission medium in a network bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions.
It will be understood that the steps of methods discussed are performed in one embodiment by an appropriate processor (or processors) of a processing (i.e., computer) system executing instructions (computer-readable code) stored in storage. It will also be understood that the invention is not limited to any particular implementation or programming technique and that the invention may be implemented using any appropriate techniques for implementing the functionality described herein. The invention is not limited to any particular programming language or operating system.
Similarly it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
Furthermore, while some embodiments described herein include some but not other features included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention, and form different embodiments, as would be understood by those in the art. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Furthermore, some of the embodiments are described herein as a method or combination of elements of a method that can be implemented by a processor of a computer system or by other means of carrying out the function. Thus, a processor with the necessary instructions for carrying out such a method or element of a method forms a means for carrying out the method or element of a method. Furthermore, an element described herein of an apparatus embodiment is an example of a means for carrying out the function performed by the element for the purpose of carrying out the invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
As used herein, unless otherwise specified the use of the ordinal adjectives “first”, “second”, “third”, etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
In the claims below and the description herein, any one of the terms comprising, comprised of or which comprises is an open term that means including at least the elements/features that follow, but not excluding others. Thus, the term comprising, when used in the claims, should not be interpreted as being limitative to the means or elements or steps listed thereafter. For example, the scope of the expression a device comprising A and B should not be limited to devices consisting only of elements A and B. Any one of the terms including or which includes or that includes as used herein is also an open term that also means including at least the elements/features that follow the term, but not excluding others. Thus, including is synonymous with and means comprising.
Similarly, it is to be noticed that the term coupled, when used in the claims, should not be interpreted as being limitative to direct connections only. The terms “coupled” and “connected,” along with their derivatives, may be used. It should be understood that these terms are not intended as synonyms for each other. Thus, the scope of the expression a device A coupled to a device B should not be limited to devices or systems wherein an output of device A is directly connected to an input of device B. It means that there exists a path between an output of A and an input of B which may be a path including other devices or means. “Coupled” may mean that two or more elements are either in direct physical or electrical contact, or that two or more elements are not in direct contact with each other but yet still co-operate or interact with each other.
Thus, while there has been described what are believed to be the preferred embodiments of the invention, those skilled in the art will recognize that other and further modifications may be made thereto without departing from the spirit of the invention, and it is intended to claim all such changes and modifications as fall within the scope of the invention. For example, any formulas given above are merely representative of procedures that may be used. Functionality may be added or deleted from the block diagrams and operations may be interchanged among functional blocks. Steps may be added or deleted to methods described within the scope of the present invention.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2010900052 | Jan 2010 | AU | national |
| Number | Name | Date | Kind |
|---|---|---|---|
| 3753232 | Sporer | Aug 1973 | A |
| 3806911 | Pripusich | Apr 1974 | A |
| 3857018 | Stark et al. | Dec 1974 | A |
| 3860911 | Hinman et al. | Jan 1975 | A |
| 3866173 | Moorman et al. | Feb 1975 | A |
| 3906447 | Crafton | Sep 1975 | A |
| 4095739 | Fox et al. | Jun 1978 | A |
| 4146085 | Wills | Mar 1979 | A |
| 4148012 | Baump et al. | Apr 1979 | A |
| 4161778 | Getson, Jr. et al. | Jul 1979 | A |
| 4213118 | Genest et al. | Jul 1980 | A |
| 4283710 | Genest et al. | Aug 1981 | A |
| 4298946 | Hartsell et al. | Nov 1981 | A |
| 4332852 | Korklan et al. | Jun 1982 | A |
| 4336902 | Neal | Jun 1982 | A |
| 4337893 | Flanders et al. | Jul 1982 | A |
| 4353064 | Stamm | Oct 1982 | A |
| 4373664 | Barker et al. | Feb 1983 | A |
| 4379483 | Farley | Apr 1983 | A |
| 4462028 | Ryan et al. | Jul 1984 | A |
| 4525777 | Webster et al. | Jun 1985 | A |
| 4538056 | Young et al. | Aug 1985 | A |
| 4556169 | Zervos | Dec 1985 | A |
| 4628201 | Schmitt | Dec 1986 | A |
| 4646964 | Parker et al. | Mar 1987 | A |
| 4685615 | Hart | Aug 1987 | A |
| 4821177 | Koegel et al. | Apr 1989 | A |
| 4847839 | Hudson, Jr. et al. | Jul 1989 | A |
| 5070468 | Niinomi et al. | Dec 1991 | A |
| 5071065 | Aalto et al. | Dec 1991 | A |
| 5099420 | Barlow et al. | Mar 1992 | A |
| 5172565 | Wruck et al. | Dec 1992 | A |
| 5204663 | Lee | Apr 1993 | A |
| 5227122 | Scarola et al. | Jul 1993 | A |
| 5259553 | Shyu | Nov 1993 | A |
| 5271453 | Yoshida et al. | Dec 1993 | A |
| 5361982 | Liebl et al. | Nov 1994 | A |
| 5404934 | Carlson et al. | Apr 1995 | A |
| 5420927 | Micali | May 1995 | A |
| 5449112 | Heitman et al. | Sep 1995 | A |
| 5465082 | Chaco | Nov 1995 | A |
| 5479154 | Wolfram | Dec 1995 | A |
| 5481481 | Frey et al. | Jan 1996 | A |
| 5526871 | Musser et al. | Jun 1996 | A |
| 5541585 | Duhame et al. | Jul 1996 | A |
| 5591950 | Imedio-Ocana | Jan 1997 | A |
| 5604804 | Micali | Feb 1997 | A |
| 5610982 | Micali | Mar 1997 | A |
| 5631825 | van Weele et al. | May 1997 | A |
| 5640151 | Reis et al. | Jun 1997 | A |
| 5644302 | Hana et al. | Jul 1997 | A |
| 5663957 | Dent | Sep 1997 | A |
| 5666416 | Micali | Sep 1997 | A |
| 5717757 | Micali | Feb 1998 | A |
| 5717758 | Micall | Feb 1998 | A |
| 5717759 | Micali | Feb 1998 | A |
| 5732691 | Maiello et al. | Mar 1998 | A |
| 5778256 | Darbee | Jul 1998 | A |
| 5793868 | Micali | Aug 1998 | A |
| 5914875 | Monta et al. | Jun 1999 | A |
| 5915473 | Ganesh et al. | Jun 1999 | A |
| 5927398 | Maciulewicz | Jul 1999 | A |
| 5930773 | Crooks et al. | Jul 1999 | A |
| 5960083 | Micali | Sep 1999 | A |
| 5973613 | Reis et al. | Oct 1999 | A |
| 6072402 | Kniffin et al. | Jun 2000 | A |
| 6097811 | Micali | Aug 2000 | A |
| 6104963 | Cebasek et al. | Aug 2000 | A |
| 6119125 | Gloudeman et al. | Sep 2000 | A |
| 6141595 | Gloudeman et al. | Oct 2000 | A |
| 6149065 | White et al. | Nov 2000 | A |
| 6154681 | Drees et al. | Nov 2000 | A |
| 6167316 | Gloudeman et al. | Dec 2000 | A |
| 6233954 | Mehaffey et al. | May 2001 | B1 |
| 6241156 | Kline et al. | Jun 2001 | B1 |
| 6249755 | Yemini et al. | Jun 2001 | B1 |
| 6260765 | Natale et al. | Jul 2001 | B1 |
| 6292893 | Micali | Sep 2001 | B1 |
| 6301659 | Micali | Oct 2001 | B1 |
| 6318137 | Chaum | Nov 2001 | B1 |
| 6324854 | Jayanth | Dec 2001 | B1 |
| 6334121 | Primeaux et al. | Dec 2001 | B1 |
| 6347374 | Drake et al. | Feb 2002 | B1 |
| 6366558 | Howes et al. | Apr 2002 | B1 |
| 6369719 | Tracy et al. | Apr 2002 | B1 |
| 6374356 | Daigneault et al. | Apr 2002 | B1 |
| 6393848 | Roh et al. | May 2002 | B2 |
| 6394359 | Morgan | May 2002 | B1 |
| 6424068 | Nakagishi | Jul 2002 | B2 |
| 6453426 | Gamache et al. | Sep 2002 | B1 |
| 6453687 | Sharood et al. | Sep 2002 | B2 |
| 6483697 | Jenks et al. | Nov 2002 | B1 |
| 6487658 | Micali | Nov 2002 | B1 |
| 6490610 | Rizvi et al. | Dec 2002 | B1 |
| 6496575 | Vasell et al. | Dec 2002 | B1 |
| 6516357 | Hamann et al. | Feb 2003 | B1 |
| 6518953 | Armstrong | Feb 2003 | B1 |
| 6546419 | Humpleman et al. | Apr 2003 | B1 |
| 6556899 | Harvey et al. | Apr 2003 | B1 |
| 6574537 | Kipersztok et al. | Jun 2003 | B2 |
| 6604023 | Brown et al. | Aug 2003 | B1 |
| 6615594 | Jayanth et al. | Sep 2003 | B2 |
| 6628997 | Fox et al. | Sep 2003 | B1 |
| 6647317 | Takai et al. | Nov 2003 | B2 |
| 6647400 | Moran | Nov 2003 | B1 |
| 6658373 | Rossi et al. | Dec 2003 | B2 |
| 6663010 | Chene et al. | Dec 2003 | B2 |
| 6665669 | Han et al. | Dec 2003 | B2 |
| 6667690 | Durej et al. | Dec 2003 | B2 |
| 6741915 | Poth | May 2004 | B2 |
| 6758051 | Jayanth et al. | Jul 2004 | B2 |
| 6766450 | Micali | Jul 2004 | B2 |
| 6789739 | Rosen | Sep 2004 | B2 |
| 6796494 | Gonzalo | Sep 2004 | B1 |
| 6801849 | Szukala et al. | Oct 2004 | B2 |
| 6801907 | Zagami | Oct 2004 | B1 |
| 6826454 | Sulfstede | Nov 2004 | B2 |
| 6851621 | Wacker et al. | Feb 2005 | B1 |
| 6871193 | Campbell et al. | Mar 2005 | B1 |
| 6886742 | Stoutenburg et al. | May 2005 | B2 |
| 6895215 | Uhlmann | May 2005 | B2 |
| 6910135 | Grainger | Jun 2005 | B1 |
| 6967612 | Gorman et al. | Nov 2005 | B1 |
| 6969542 | Klasen-Memmer et al. | Nov 2005 | B2 |
| 6970070 | Juels et al. | Nov 2005 | B2 |
| 6973410 | Seigel | Dec 2005 | B2 |
| 6983889 | Alles | Jan 2006 | B2 |
| 6989742 | Ueno et al. | Jan 2006 | B2 |
| 7004401 | Kallestad | Feb 2006 | B2 |
| 7019614 | Lavelle et al. | Mar 2006 | B2 |
| 7032114 | Moran | Apr 2006 | B1 |
| 7055759 | Wacker et al. | Jun 2006 | B2 |
| 7124943 | Quan et al. | Oct 2006 | B2 |
| 7130719 | Ehlers et al. | Oct 2006 | B2 |
| 7183894 | Yui et al. | Feb 2007 | B2 |
| 7203962 | Moran | Apr 2007 | B1 |
| 7205882 | Libin | Apr 2007 | B2 |
| 7216007 | Johnson | May 2007 | B2 |
| 7216015 | Poth | May 2007 | B2 |
| 7218243 | Hayes et al. | May 2007 | B2 |
| 7222800 | Wruck | May 2007 | B2 |
| 7233243 | Roche et al. | Jun 2007 | B2 |
| 7243001 | Janert et al. | Jul 2007 | B2 |
| 7245223 | Trela | Jul 2007 | B2 |
| 7250853 | Flynn | Jul 2007 | B2 |
| 7274676 | Cardei et al. | Sep 2007 | B2 |
| 7313819 | Burnett et al. | Dec 2007 | B2 |
| 7321784 | Serceki et al. | Jan 2008 | B2 |
| 7337315 | Micali | Feb 2008 | B2 |
| 7343265 | Andarawis et al. | Mar 2008 | B2 |
| 7353396 | Micali et al. | Apr 2008 | B2 |
| 7362210 | Bazakos et al. | Apr 2008 | B2 |
| 7376839 | Carta et al. | May 2008 | B2 |
| 7379997 | Ehlers et al. | May 2008 | B2 |
| 7380125 | Di Luoffo et al. | May 2008 | B2 |
| 7383158 | Krocker et al. | Jun 2008 | B2 |
| 7397371 | Martin et al. | Jul 2008 | B2 |
| 7505914 | McCall | Mar 2009 | B2 |
| 7542867 | Steger et al. | Jun 2009 | B2 |
| 7574734 | Fedronic et al. | Aug 2009 | B2 |
| 7586398 | Huang et al. | Sep 2009 | B2 |
| 7600679 | Kshirsagar et al. | Oct 2009 | B2 |
| 7661603 | Yoon et al. | Feb 2010 | B2 |
| 7735145 | Kuehnel et al. | Jun 2010 | B2 |
| 7794536 | Roy et al. | Sep 2010 | B2 |
| 7818026 | Hartikainen et al. | Oct 2010 | B2 |
| 7853987 | Balasubramanian et al. | Dec 2010 | B2 |
| 7907753 | Wilson et al. | Mar 2011 | B2 |
| 7937669 | Zhang et al. | May 2011 | B2 |
| 7983892 | Anne et al. | Jul 2011 | B2 |
| 7995526 | Liu et al. | Aug 2011 | B2 |
| 8045960 | Orakkan | Oct 2011 | B2 |
| 8095889 | DeBlaey et al. | Jan 2012 | B2 |
| 20020011923 | Cunningham et al. | Jan 2002 | A1 |
| 20020022991 | Sharood et al. | Feb 2002 | A1 |
| 20020046337 | Micali | Apr 2002 | A1 |
| 20020118096 | Hoyos et al. | Aug 2002 | A1 |
| 20020121961 | Huff | Sep 2002 | A1 |
| 20020165824 | Micali | Nov 2002 | A1 |
| 20030033230 | McCall | Feb 2003 | A1 |
| 20030174049 | Beigel et al. | Sep 2003 | A1 |
| 20030208689 | Garza | Nov 2003 | A1 |
| 20030233432 | Davis et al. | Dec 2003 | A1 |
| 20040062421 | Jakubowski et al. | Apr 2004 | A1 |
| 20040064453 | Ruiz et al. | Apr 2004 | A1 |
| 20040087362 | Beavers | May 2004 | A1 |
| 20040205350 | Waterhouse et al. | Oct 2004 | A1 |
| 20050138380 | Fedronic et al. | Jun 2005 | A1 |
| 20060059557 | Markham et al. | Mar 2006 | A1 |
| 20070109098 | Siemon et al. | May 2007 | A1 |
| 20070132550 | Avraham et al. | Jun 2007 | A1 |
| 20070171862 | Tang et al. | Jul 2007 | A1 |
| 20070268145 | Bazakos et al. | Nov 2007 | A1 |
| 20070272744 | Bantwal et al. | Nov 2007 | A1 |
| 20080086758 | Chowdhury et al. | Apr 2008 | A1 |
| 20080173709 | Ghosh | Jul 2008 | A1 |
| 20080272881 | Goel | Nov 2008 | A1 |
| 20090018900 | Waldron et al. | Jan 2009 | A1 |
| 20090080443 | Dziadosz | Mar 2009 | A1 |
| 20090086692 | Chen | Apr 2009 | A1 |
| 20090121830 | Dziadosz | May 2009 | A1 |
| 20090167485 | Birchbauer et al. | Jul 2009 | A1 |
| 20090168695 | Johar et al. | Jul 2009 | A1 |
| 20090258643 | McGuffin | Oct 2009 | A1 |
| 20090266885 | Marcinowski et al. | Oct 2009 | A1 |
| 20090292524 | Anne et al. | Nov 2009 | A1 |
| 20090292995 | Anne et al. | Nov 2009 | A1 |
| 20090292996 | Anne et al. | Nov 2009 | A1 |
| 20090328152 | Thomas et al. | Dec 2009 | A1 |
| 20090328203 | Haas | Dec 2009 | A1 |
| 20100036511 | Dongare | Feb 2010 | A1 |
| 20100148918 | Gerner et al. | Jun 2010 | A1 |
| 20100164720 | Kore | Jul 2010 | A1 |
| 20100269173 | Srinivasa et al. | Oct 2010 | A1 |
| 20110038278 | Bhandari et al. | Feb 2011 | A1 |
| 20110071929 | Morrison | Mar 2011 | A1 |
| 20110112717 | Resner | May 2011 | A1 |
| 20110115602 | Bhandari et al. | May 2011 | A1 |
| 20110133884 | Kumar et al. | Jun 2011 | A1 |
| 20110153791 | Jones et al. | Jun 2011 | A1 |
| 20110181414 | G. et al. | Jul 2011 | A1 |
| 20120096131 | Bhandari et al. | Apr 2012 | A1 |
| 20120106915 | Palmer | May 2012 | A1 |
| 20120121229 | Lee | May 2012 | A1 |
| 20120133482 | Bhandari et al. | May 2012 | A1 |
| Number | Date | Country |
|---|---|---|
| 2240881 | Dec 1999 | CA |
| 1265762 | Sep 2000 | CN |
| 19945861 | Mar 2001 | DE |
| 0043270 | Jan 1982 | EP |
| 0122244 | Oct 1984 | EP |
| 0152678 | Aug 1985 | EP |
| 0629940 | Dec 1994 | EP |
| 0858702 | Apr 2002 | EP |
| 1339028 | Aug 2003 | EP |
| 1630639 | Mar 2006 | EP |
| 2251266 | Jul 1992 | GB |
| 2390705 | Jan 2004 | GB |
| 6019911 | Jan 1994 | JP |
| 2003074942 | Mar 2003 | JP |
| 2003240318 | Aug 2003 | JP |
| WO 8402786 | Jul 1984 | WO |
| WO 9419912 | Sep 1994 | WO |
| WO 9627858 | Sep 1996 | WO |
| WO 0011592 | Mar 2000 | WO |
| 0076220 | Dec 2000 | WO |
| WO 0142598 | Jun 2001 | WO |
| WO 0157489 | Aug 2001 | WO |
| WO 0160024 | Aug 2001 | WO |
| WO 0232045 | Apr 2002 | WO |
| WO 02091311 | Nov 2002 | WO |
| WO 03090000 | Oct 2003 | WO |
| WO 2004092514 | Oct 2004 | WO |
| WO 2005038727 | Apr 2005 | WO |
| WO 2006021047 | Mar 2006 | WO |
| 2006126974 | Nov 2006 | WO |
| 2007043798 | Apr 2007 | WO |
| WO 2008045918 | Apr 2008 | WO |
| WO 2008144803 | Dec 2008 | WO |
| WO 2010039598 | Apr 2010 | WO |
| WO 2010106474 | Sep 2010 | WO |
| Entry |
|---|
| “Keyfast Technical Overview,” Corestreet Ltd., 21 pages, 2004. |
| U.S. Appl. No. 13/533,334, filed Jun. 26, 2012. |
| “Certificate Validation Choices,” CoreStreet, Inc., 8 pages, 2002. |
| “CoreStreet Cuts the PKI Gordian Knot,” Digital ID World, pp. 22-25, Jun./Jul. 2004. |
| “Distributed Certificate Validation,” CoreStreet, Ltd., 17 pages, 2006. |
| “Identity Services Infrastructure,” CoreStreet Solutions—Whitepaper, 12 pages, 2006. |
| “Important FIPS 201 Deployment Considerations,” Corestreet Ltd.—Whitepaper, 11 pages, 2005. |
| “Introduction to Validation for Federated PKI,” Corestreet Ltd, 20 pages, 2006. |
| “Manageable Secure Physical Access,” Corestreet Ltd, 3 pages, 2002. |
| “MiniCRL, Corestreet Technology Datasheet,” CoreStreet, 1 page, 2006. |
| “Nonce Sense, Freshness and Security in OCSP Responses,” Corestreet Ltd, 2 pages, 2003. |
| “Real Time Credential Validation, Secure, Efficient Permissions Management,” Corestreet Ltd, 5 pages, 2002. |
| “The Role of Practical Validation for Homeland Security,” Corestreet Ltd, 3 pages, 2002. |
| “The Roles of Authentication, Authorization & Cryptography in Expanding Security Industry Technology,” Security Industry Association (SIA), Quarterly Technical Update, 32 pages, Dec. 2005. |
| “Vulnerability Analysis of Certificate Validation Systems,” Corestreet Ltd—Whitepaper, 14 pages, 2006. |
| U.S. Appl. No. 13/292,992, filed Nov. 9, 2011. |
| Goldman et al., “Information Modeling for Intrusion Report Aggregation,” IEEE, Proceedings DARPA Information Survivability Conference and Exposition II, pp. 329-342, 2001. |
| Honeywell, “Excel Building Supervisor-Integrated R7044 and FS90 Ver. 2.0,” Operator Manual, 70 pages, Apr. 1995. |
| http://www.tcsbasys.com/products/superstats.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1009.asp, TCS/Basys Controls: Where Buildings Connect With Business, 1 page, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1017a.asp, TCS/Basys Controls: Where Buildings Connect With Business, 1 page, printed Aug. 26, 2003. |
| http://www.tcsbasys.corn/products/sz1017n.asp, TCS/Basys Controls: Where Buildings Connect With Business, 1 page, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1020nseries.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1020series.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1022.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1024.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1030series.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1033.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1035.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1041.asp, TCS/Basys Controls: Where Buildings Connect With Business, 1 page, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1050series.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1051.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://www.tcsbasys.com/products/sz1053.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| http://wwww.tcsbasys.com/products/sz1031.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
| Trane, “System Programming, Tracer Summit Version 14, BMTW-SVP01D-EN,” 623 pages, 2002. |
| Number | Date | Country | |
|---|---|---|---|
| 20110167488 A1 | Jul 2011 | US |
