The present invention relates to access control, and more particularly to systems and methods for managing access control devices. In particular, some embodiments include access control devices themselves, and/or software operable on access control devices or other devices.
Embodiments of the invention have been particularly developed for allowing the efficient implementation of a threat level across an access control environment. Although the invention is described hereinafter with particular reference to such applications, it will be appreciated that the invention is applicable in broader contexts.
Any discussion of the prior art throughout the specification should in no way be considered as an admission that such prior art is widely known or forms part of common general knowledge in the field.
It is known to use a large number of access control devices in an access control environment. Before each individual access control device is able to function as part of the access control environment, those individual devices need to be commissioned and configured. Commissioning refers to a process whereby the devices are initialized to operate within a common access control environment. Configuration refers to a process whereby configuration data is downloaded to the individual devices, thereby to allow those devices to function appropriately. For example, configuration data affects how a device will respond to an access request from a user.
From time-to-time, there may be a desire to modify configuration data on some or all of the access control devices within an access control environment and, in this regard, there are various known approaches for transferring new configuration data to those devices. For example, it is often possible to transfer such configuration data from a central server to the individual devices via a network, such as a TCP/IP network. Other approaches include the use of portable computers and the like.
Transferring configuration data can be a time and resource intensive task, and this can lead to complications in situations where there is a desire to make a change across an entire access control environment on an expeditious basis.
It follows that there is a need in the art for improved systems and methods for managing access control devices.
It is an object of the present invention to overcome or ameliorate at least one of the disadvantages of the prior art, or to provide a useful alternative.
One embodiment provides an access control device including: a processor for allowing the execution of software instructions, including software instructions for processing data indicative of access requests on the basis of an applied set of configuration data and selectively allowing or denying the respective requests; a memory module coupled to the processor, the memory module storing data indicative of the software instructions and configuration data, wherein the configuration data stored by the device includes a plurality of uniquely applicable sets of configuration data, wherein each set, when applied, causes the device to function in accordance with a respective mode of operation; and a communications interface that is configured for receiving data indicative of a command to change modes of operation, wherein in response to the command the software instructions cause the device to cease applying a current set of configuration data and commence applying a different set of configuration data identified by the command.
One embodiment provides a method performable by an access control device, the method including: applying a first set of configuration data stored locally at the access control device, the first set of configuration data, when applied, causing the device to function in a first mode of operation; whilst functioning in the first mode of operation, processing data indicative of access requests on the basis of the first set of configuration data; receiving data indicative of a command to change to a second mode of operation; in response to the command, ceasing application of the first set of configuration data and commencing application of a second set of configuration data, wherein the second set of configuration data is also stored locally at the access control device, the second set of configuration data, when applied, causing the device to function in the second mode of operation; and whilst functioning in the second mode of operation, processing data indicative of access requests on the basis of the second set of configuration data.
One embodiment provides access control system including: a plurality of access control devices as described herein; and a central server in communication with the plurality of access control devices via a network, wherein the central server is configured to provide to the plurality of devices data indicative of a command to change modes of operation, wherein in response to the command, the devices each cease applying a current set of configuration data and commence applying a different set of configuration data identified by the command.
One embodiment provides a method for controlling an access control environment, wherein the access control environment includes a plurality of access control devices as described herein, the method including providing to the devices data indicative of a command to change modes of operation, wherein in response to the command the software instructions cause the device to cease applying a current set of configuration data and commence applying a different set of configuration data identified by the command, wherein the different set of configuration data is locally stored at the devices.
One embodiment provides a hardware component configured device configured to perform a method as described herein.
One embodiment provides a computer program product configured device configured to perform a method as described herein.
One embodiment provides a carrier medium carrying computer executable code that, when executed on one or more processors, cause the performance of a method as described herein.
Reference throughout this specification to “one embodiment” or “an embodiment” or “some embodiments” means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases “in one embodiment” or “in an embodiment” or “in some embodiments” in various places throughout this specification are not necessarily all referring to the same embodiment, but may. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner, as would be apparent to one of ordinary skill in the art from this disclosure, in one or more embodiments.
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
Described herein are systems and methods for managing access control devices. In overview, an access control device is configured to function on the basis of an applied set of configuration data. For example, the manner in which the device processes an access request is dependent on the configuration data. A device according to an embodiment of the present invention is configured to locally maintain a plurality of uniquely applicable sets of configuration data. Each set, when applied, causes the device to function in accordance with a respective mode of operation. The device is configured to change which set of configuration data is applied in response to a predetermined command, thereby allowing the device to shift between modes of operation relatively quickly and without the need to download additional configuration data. In some cases, the modes of operation correspond to threat levels, and the use of such access control devices allows a change in threat level to be applied across an access control environment quickly and with minimal bandwidth requirements.
Although examples considered herein are focused on access control devices, in other embodiments implementation occurs in respect of other devices, such as other devices in a broader security system (e.g. control systems configured for intrusion detection and/or video surveillance).
Access Control Environment
An administration server 110 is also connected to network 108, and the connected access control devices are able to communicate with this administration server over the network. In this manner, server 110 is able to communicate with connected devices 105 to 107.
Although server 110 is schematically illustrated as a single component, in some cases it is defined by a plurality of distributed networked components.
For the sake of the present disclosure, it is assumed that each of access control devices 102 to 107 include similar hardware and software components, and each that device is configured to progress between a connected state and a disconnected state depending on whether or not a connection to network 108 and central server is available. However, in other embodiments a variety of different access control devices are used. For example, in some embodiments the access control devices are designed, from a hardware perspective, to allow/deny control to a variety of different locations or functionalities.
In the context of the present disclosure, the term “access control device” refers generally to any device having an access control functionality. That is, any device with which a user interacts to gain access to a physical region or virtual functionality. Common examples include devices that control locking mechanisms on doors or other barriers. An access control device includes either or both of hardware and software components.
Access Control Device
In the present example, device 201 is configured for selectively granting access through a door 207 having a locking mechanism 208. When in a locked state, this mechanism prevents access through the door, and when in an unlocked state, permits access through the door. To this end, processor 201 is coupled to an access signal interface 209 which selectively provides to locking mechanism 208 signals for unlocking and/or unlocking the door (in some cases the door retunes to a default locked state automatically, without need for an explicit “lock” signal). Whether or not the locked state is default depends on the configuration data applied at a particular point in time, although for the present example it is considered that the locked state is default, and unlocking of the door requires allowance of an access request.
A user wishing to gain access through door 207 makes an access request via device 201. For the sake of this example, this access request is initiated when the user presents (indicated by arrow 211) an access card to a card reader 210, which is also coupled to processor 201. Upon presentation of the access card, processor 202 performs an authentication/authorization process, influenced by configuration data, to determine whether or not access should be granted (i.e. the access request allowed). In the event that the authentication/authorization process is successful, interface 209 provides to mechanism 208 a signal thereby to progress mechanism 208 to the unlocked state for a predefined period of time, typically the order of a few seconds, before returning to the locked state. If the authentication process is unsuccessful, mechanism 208 remains in the locked state, and access is denied.
The nature of card reader 210 varies between embodiments depending on the nature of access card that is used in a given access control environment. In the embodiment of
Device 201 additionally includes a communications interface 212, such as a wired or wireless Ethernet networking interface, or the like. This allows device 201 to communicate with remote components, such as a central server (at least when the device operates in a connected state). In this regard, device 201 is configured to receive a control signal 213 from a central server, or other networked component.
Configuration Data
An access control device operates on the basis of configuration data. That is, the manner in which the device operates is dependent on the configuration data applied at a given point in time. For example, software instructions 204 include software instructions for processing data indicative of access requests, and this processing is performed on the basis of an applied set of configuration data. A given access request might be allowed based on one applied set of configuration data, but denied were another set of configuration data to be applied. This configuration data also influences other functionalities of the access control device.
Typically, an access control device maintains only a single set of configuration data. In known situations, such configuration data is downloaded during an initial configuration of a device, and updated configuration data is downloaded to the device over time as required. However, in accordance with the present embodiments, multiple sets of configuration data are downloaded to a device, with one being applied and the others remaining dormant in memory. This allows for a change in device configuration without a need to download new configuration data; the applied set is simply interchanged for one of the dormant sets.
A set of configuration data includes a plurality of aspects of data, optionally including one or more of the aspects of data outlined below:
In the case of device 201, memory module 203 stores configuration data including a plurality of uniquely applicable sets of configuration data. In this sense, the term “plurality” refers to “two or more”. That is, there may be two sets of configuration data, or more than two sets of configuration data.
In the context of
Sets of configuration data are “uniquely applicable” in the sense that only one set is able to be applied at any given time, with other stored sets remaining dormant in memory. Although
Each set of configuration data, when applied, causes the device to function in accordance with a respective mode of operation. In terms of the language presently used, the configuration data includes an nth set of configuration data that, when applied, causes the device to function in an nth mode of operation. For example:
Communications interface 212 is configured for receiving data indicative of a command to change modes of operation. In response to such a command, software instructions 104 cause device 201 to cease applying a current set of configuration data and commence applying a different set of configuration data identified by the command. For example, when the device is functioning in a first mode of operation, the communications interface is configured for receiving data indicative of a command to change to a second mode of operation, and in response to the command the software instructions cause the device to cease applying the first set of configuration data and commence applying the second set of configuration data. In the context of
The nature of “data indicative of a command to change modes of operation” varies between embodiments. In some cases this data references a mode of operation to be adopted, in other cases it references a set of configuration data to be applied, and in other cases it refers to a threat level (or other criteria) to be applied. The data is in some embodiments transmitted over the network to connected access control devices as a TCP/IP signal or the like.
Application to Threat Levels
Embodiments are described below by reference to a situation where each set of configuration data corresponds to a respective “threat level”. The term “threat level” is used to describe a high-level security assessment. For example, the US Department of Homeland Security implements a “threat level” system via their Homeland Security Advisory System. This system uses the following criteria:
In general terms, the Homeland Security Advisory System is a color-coded terrorism threat advisory scale. The different levels trigger specific actions by federal agencies and state and local governments, and they affect the level of security at some airports and other public facilities. In this regard, there is often a link between the System and the manner in which access control environments should be implemented. For example, an escalation in threat levels might have a practical consequence in that greater access control scrutiny is applied in, say, regions of an airport. For example, a particular class of employee may be able to access a particular area under one threat level, but not under another.
Different threat level systems are used in other jurisdictions and/or for other purposes, including UK Threat Levels, and Vigipirate in France. The present disclosure should not be limited to any such system in isolation, and the use of the term “threat level” is descriptive only, relating to the general concept of a tiered system whereby security or other concerns are categorized at a high-level and in an objective manner.
In the present embodiments, a set of configuration data is defined for each threat level, and the resulting sets of configuration data downloaded to the individual access control devices. At any given time, one set of configuration data is applied (preferably corresponding to the current threat level) and the other sets remain dormant in memory.
In general terms, an access control device according to the present embodiment stores in memory:
Such an embodiment is schematically illustrated in
When the central server receives data indicative of a change in threat level, it provides a signal to all connected access control devices 303 with which it compatibly interacts. In the illustrated example, there are “n” access control devices 303, and each maintains configuration data for at least three threat levels, being set 304A for “threat level A”, set 304B for “threat level B”, and set 304C for “threat level C”.
In the context of
It is not necessary that configuration data sets be identical among devices. For example, data set 304A might differ between devices, for example where those devices behave differently for a given threat level. For example, one device might control access to an area that is restricted to certain personnel during a given threat level, whilst another device might control access to an area that is restricted to other certain personnel during that same threat level. This is optionally managed via system wide configuration, as described below.
System Wide Configuration
From an implementation perspective, one embodiment provides a threat level configuration module 310, being a software-based component allowing a user to define configuration data corresponding to threat levels. This module is, as illustrated, operable on central server 302. However, in another embodiment it is operable on a machine in communication with server 302. In some embodiments the module executes on a processor of server 302, although a user interface is presented on a remote terminal via a browser-based implementation or the like.
For the sake of the present examples, it is considered that module 310 provides a user interface for allowing a user to select between a plurality of threat levels, and adjust various parameters for each of those threat levels. For example, a user is able to select a GUI object corresponding to a particular threat level, and via that object access various menus and options for allowing modification of parameters for that threat level. The threat levels are optionally provided with default parameters.
In overview, module 310 allows a user to set up configuration data for a plurality of threat levels on a system-wide level. That is, rather than manually defining individual sets of configuration data for each individual access control device, module 310 provides an interface for defining the meaning of threat levels on a system wide basis, and from that automatically defines the actual sets of configuration data for the individual devices.
At step 401 the configuration module presents an initial user interface, which allows a user to select between one of a plurality of threat levels. These may be predefined, or available for user creation. A user selects a threat level at step 402, and the configuration module presents a modification interface for that threat level at step 403. For example, the modification interface provides various prompts, menus and/or and fields for allowing the user to modify various parameters for a threat level. The presently considered parameters are:
The user decides which parameter to modify at step 404, and optionally modifies name and description at 405 (leading to a name/description update at 406), behavior parameters at 407 (leading to a behavior parameter update at 408), or access right parameters at 409 (leading to a access right parameter update at 410). Whichever of these is selected, the method progresses to decision 411, where the user decides whether or not to modify other parameters, based on which the method either loops to step 404, or progresses to decision 412. At decision 412, the user decides whether configuration is complete, and either selects another threat level at 402, or provides and indication (explicit or implicit) that configuration is complete.
Following step 413, the configuration module defines configuration data for download to the individual control devices at step 414. This is downloaded to the devices at step 415, using one of the various known methodologies for downloading configuration data to access control devices. For example, this may include network transfer, download to portable media for provision to disconnected devices, and so on.
Once the configuration data is downloaded, the devices initially adopt a specified default threat level. It will be appreciated that a simple command is all that is required to progress the devices to a different threat level.
Applying Threat Level Changes to Disconnected Devices
As noted above, an access control environment often includes disconnected devices, being access control devices that are not connected to the central server via a network. The above disclosure deals with a situation where threat level changes are communicated via a command provided via the network. It will be appreciated that other approaches are required to communicate such a command to disconnected devices. Some exemplary approaches for achieving that goal are discussed below.
A relatively rudimentary approach is to simply manually deliver the command to disconnected devices, for example by presenting a smartcard or other carrier substrate (e.g. USB device) to the individual devices, or by connecting a portable computational platform (e.g. notebook computer, PDA, smartphone or the like) and uploading the command directly.
A more advanced (and less resource intensive) approach is to use ordinary user interactions to propagate a command. In the context of the present example, smartcards are used for the purpose of providing access requests. In overview, timestamped threat level information is maintained on smartcards, and devices are configured to read from each smartcard timestamped data indicative of a threat level. Subject to a predetermined authentication/authorization procedure (and other predefined constraints) the device selectively either:
It will be appreciated that such an approach is particularly effective for propagating threat level changes throughout an access control environment having disconnected devices, in a relatively unobtrusive and resource conscious manner.
In some cases threat levels cause devices to make additional modifications to smartcards. For example, various categories of user may have their cards cancelled, so that they can not be used in future.
It will be appreciated that the above disclosure provides various systems and methods for managing access control devices, these methods and systems providing distinct advantages and technical contributions over what was previously known in the art. For example, the storage of multiple sets of configuration data locally at individual devices allows substantial modification to device configuration/operation to be effected quickly and efficiently by way of a simple command signal. This is especially significant in respect of disconnected readers, noting that the simple nature of the command signal allows it to be effected by data carried by a conventional access card (in spite of inherent information storage constraints of such access cards) for convenient delivery to disconnected access control devices.
Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as “processing,” “computing,” “calculating,” “determining”, “analyzing” or the like, refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulate and/or transform data represented as physical, such as electronic, quantities into other data similarly represented as physical quantities.
In a similar manner, the term “processor” may refer to any device or portion of a device that processes electronic data, e.g., from registers and/or memory to transform that electronic data into other electronic data that, e.g., may be stored in registers and/or memory. A “computer” or a “computing machine” or a “computing platform” may include one or more processors.
The methodologies described herein are, in one embodiment, performable by one or more processors that accept computer-readable (also called machine-readable) code containing a set of instructions that when executed by one or more of the processors carry out at least one of the methods described herein. Any processor capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken are included. Thus, one example is a typical processing system that includes one or more processors. Each processor may include one or more of a CPU, a graphics processing unit, and a programmable DSP unit. The processing system further may include a memory subsystem including main RAM and/or a static RAM, and/or ROM. A bus subsystem may be included for communicating between the components. The processing system further may be a distributed processing system with processors coupled by a network. If the processing system requires a display, such a display may be included, e.g., an liquid crystal display (LCD) or a cathode ray tube (CRT) display. If manual data entry is required, the processing system also includes an input device such as one or more of an alphanumeric input unit such as a keyboard, a pointing control device such as a mouse, and so forth. The term memory unit as used herein, if clear from the context and unless explicitly stated otherwise, also encompasses a storage system such as a disk drive unit. The processing system in some configurations may include a sound output device, and a network interface device. The memory subsystem thus includes a computer-readable carrier medium that carries computer-readable code (e.g., software) including a set of instructions to cause performing, when executed by one or more processors, one of more of the methods described herein. Note that when the method includes several elements, e.g., several steps, no ordering of such elements is implied, unless specifically stated. The software may reside in the hard disk, or may also reside, completely or at least partially, within the RAM and/or within the processor during execution thereof by the computer system. Thus, the memory and the processor also constitute computer-readable carrier medium carrying computer-readable code.
Furthermore, a computer-readable carrier medium may form, or be includes in a computer program product.
In alternative embodiments, the one or more processors operate as a standalone device or may be connected, e.g., networked to other processor(s), in a networked deployment, the one or more processors may operate in the capacity of a server or a user machine in server-user network environment, or as a peer machine in a peer-to-peer or distributed network environment. The one or more processors may form a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
Note that while some diagrams only show a single processor and a single memory that carries the computer-readable code, those in the art will understand that many of the components described above are included, but not explicitly shown or described in order not to obscure the inventive aspect. For example, while only a single machine is illustrated, the term “machine” or “device” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
At least one embodiment of various methods described herein is in the form of a computer-readable carrier medium carrying a set of instructions, e.g., a computer program that are for execution on one or more processors, e.g., one or more processors that are part of building management system. Thus, as will be appreciated by those skilled in the art, embodiments of the present invention may be embodied as a method, an apparatus such as a special purpose apparatus, an apparatus such as a data processing system, or a computer-readable carrier medium, e.g., a computer program product. The computer-readable carrier medium carries computer readable code including a set of instructions that when executed on one or more processors cause the a processor or processors to implement a method. Accordingly, aspects of the present invention may take the form of a method, an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of carrier medium (e.g., a computer program product on a computer-readable storage medium) carrying computer-readable program code embodied in the medium.
The software may further be transmitted or received over a network via a network interface device. While the carrier medium is shown in an exemplary embodiment to be a single medium, the term “carrier medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term “carrier medium” shall also be taken to include any medium that is capable of storing, encoding or carrying a set of instructions for execution by one or more of the processors and that cause the one or more processors to perform any one or more of the methodologies of the present invention. A carrier medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical, magnetic disks, and magneto-optical disks. Volatile media includes dynamic memory, such as main memory. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise a bus subsystem. Transmission media also may also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications. For example, the term “carrier medium” shall accordingly be taken to included, but not be limited to, solid-state memories, a computer product embodied in optical and magnetic media, a medium bearing a propagated signal detectable by at least one processor of one or more processors and representing a set of instructions that when executed implement a method, a carrier wave bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions a propagated signal and representing the set of instructions, and a transmission medium in a network bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions.
It will be understood that the steps of methods discussed are performed in one embodiment by an appropriate processor (or processors) of a processing (i.e., computer) system executing instructions (computer-readable code) stored in storage. It will also be understood that the invention is not limited to any particular implementation or programming technique and that the invention may be implemented using any appropriate techniques for implementing the functionality described herein. The invention is not limited to any particular programming language or operating system.
Similarly it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
Furthermore, while some embodiments described herein include some but not other features included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention, and form different embodiments, as would be understood by those in the art. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Furthermore, some of the embodiments are described herein as a method or combination of elements of a method that can be implemented by a processor of a computer system or by other means of carrying out the function. Thus, a processor with the necessary instructions for carrying out such a method or element of a method forms a means for carrying out the method or element of a method. Furthermore, an element described herein of an apparatus embodiment is an example of a means for carrying out the function performed by the element for the purpose of carrying out the invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
As used herein, unless otherwise specified the use of the ordinal adjectives “first”, “second”, “third”, etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
In the claims below and the description herein, any one of the terms comprising, comprised of or which comprises is an open term that means including at least the elements/features that follow, but not excluding others. Thus, the term comprising, when used in the claims, should not be interpreted as being limitative to the means or elements or steps listed thereafter. For example, the scope of the expression a device comprising A and B should not be limited to devices consisting only of elements A and B. Any one of the terms including or which includes or that includes as used herein is also an open term that also means including at least the elements/features that follow the term, but not excluding others. Thus, including is synonymous with and means comprising.
Similarly, it is to be noticed that the term coupled, when used in the claims, should not be interpreted as being limitative to direct connections only. The terms “coupled” and “connected,” along with their derivatives, may be used. It should be understood that these terms are not intended as synonyms for each other. Thus, the scope of the expression a device A coupled to a device B should not be limited to devices or systems wherein an output of device A is directly connected to an input of device B. It means that there exists a path between an output of A and an input of B which may be a path including other devices or means. “Coupled” may mean that two or more elements are either in direct physical or electrical contact, or that two or more elements are not in direct contact with each other but yet still co-operate or interact with each other.
Thus, while there has been described what are believed to be the preferred embodiments of the invention, those skilled in the art will recognize that other and further modifications may be made thereto without departing from the spirit of the invention, and it is intended to claim all such changes and modifications as fall within the scope of the invention. For example, any formulas given above are merely representative of procedures that may be used. Functionality may be added or deleted from the block diagrams and operations may be interchanged among functional blocks. Steps may be added or deleted to methods described within the scope of the present invention.
Number | Date | Country | Kind |
---|---|---|---|
2009901185 | Mar 2009 | AU | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/IB2010/051067 | 3/12/2010 | WO | 00 | 11/21/2011 |
Publishing Document | Publishing Date | Country | Kind |
---|---|---|---|
WO2010/106474 | 9/23/2010 | WO | A |
Number | Name | Date | Kind |
---|---|---|---|
3753232 | Sporer | Aug 1973 | A |
3806911 | Pripusich | Apr 1974 | A |
3857018 | Stark et al. | Dec 1974 | A |
3860911 | Hinman et al. | Jan 1975 | A |
3866173 | Moorman et al. | Feb 1975 | A |
3906447 | Crafton | Sep 1975 | A |
4095739 | Fox et al. | Jun 1978 | A |
4146085 | Wills | Mar 1979 | A |
4148012 | Baump et al. | Apr 1979 | A |
4161778 | Getson, Jr. et al. | Jul 1979 | A |
4213118 | Genest et al. | Jul 1980 | A |
4283710 | Genest et al. | Aug 1981 | A |
4298946 | Hartsell et al. | Nov 1981 | A |
4332852 | Korklan et al. | Jun 1982 | A |
4336902 | Neal | Jun 1982 | A |
4337893 | Flanders et al. | Jul 1982 | A |
4353064 | Stamm | Oct 1982 | A |
4373664 | Barker et al. | Feb 1983 | A |
4379483 | Farley | Apr 1983 | A |
4462028 | Ryan et al. | Jul 1984 | A |
4525777 | Webster et al. | Jun 1985 | A |
4538056 | Young et al. | Aug 1985 | A |
4556169 | Zervos | Dec 1985 | A |
4628201 | Schmitt | Dec 1986 | A |
4646964 | Parker et al. | Mar 1987 | A |
4685615 | Hart | Aug 1987 | A |
4821177 | Koegel et al. | Apr 1989 | A |
4847839 | Hudson, Jr. et al. | Jul 1989 | A |
5070468 | Niinomi et al. | Dec 1991 | A |
5071065 | Aalto et al. | Dec 1991 | A |
5099420 | Barlow et al. | Mar 1992 | A |
5172565 | Wruck et al. | Dec 1992 | A |
5204663 | Lee | Apr 1993 | A |
5227122 | Scarola et al. | Jul 1993 | A |
5259553 | Shyu | Nov 1993 | A |
5271453 | Yoshida et al. | Dec 1993 | A |
5361982 | Liebl et al. | Nov 1994 | A |
5404934 | Carlson et al. | Apr 1995 | A |
5420927 | Micali | May 1995 | A |
5449112 | Heitman et al. | Sep 1995 | A |
5465082 | Chaco | Nov 1995 | A |
5479154 | Wolfram | Dec 1995 | A |
5481481 | Frey et al. | Jan 1996 | A |
5526871 | Musser et al. | Jun 1996 | A |
5541585 | Duhame et al. | Jul 1996 | A |
5591950 | Imedio-Ocana | Jan 1997 | A |
5594429 | Nakahara | Jan 1997 | A |
5604804 | Micali | Feb 1997 | A |
5610982 | Micali | Mar 1997 | A |
5631825 | van Weele et al. | May 1997 | A |
5640151 | Reis et al. | Jun 1997 | A |
5644302 | Hana et al. | Jul 1997 | A |
5663957 | Dent | Sep 1997 | A |
5666416 | Micali | Sep 1997 | A |
5717757 | Micali | Feb 1998 | A |
5717758 | Micali | Feb 1998 | A |
5717759 | Micali | Feb 1998 | A |
5732691 | Maiello et al. | Mar 1998 | A |
5774058 | Henry et al. | Jun 1998 | A |
5778256 | Darbee | Jul 1998 | A |
5793868 | Micali | Aug 1998 | A |
5914875 | Monta et al. | Jun 1999 | A |
5915473 | Ganesh et al. | Jun 1999 | A |
5923817 | Nakamura | Jul 1999 | A |
5927398 | Maciulewicz | Jul 1999 | A |
5930773 | Crooks et al. | Jul 1999 | A |
5960083 | Micali | Sep 1999 | A |
5973613 | Reis et al. | Oct 1999 | A |
5992194 | Baukholt et al. | Nov 1999 | A |
6072402 | Kniffin et al. | Jun 2000 | A |
6097811 | Micali | Aug 2000 | A |
6104963 | Cebasek et al. | Aug 2000 | A |
6119125 | Gloudeman et al. | Sep 2000 | A |
6141595 | Gloudeman et al. | Oct 2000 | A |
6149065 | White et al. | Nov 2000 | A |
6154681 | Drees et al. | Nov 2000 | A |
6167316 | Gloudeman et al. | Dec 2000 | A |
6233954 | Mehaffey et al. | May 2001 | B1 |
6241156 | Kline et al. | Jun 2001 | B1 |
6249755 | Yemini et al. | Jun 2001 | B1 |
6260765 | Natale et al. | Jul 2001 | B1 |
6268797 | Berube et al. | Jul 2001 | B1 |
6292893 | Micali | Sep 2001 | B1 |
6301659 | Micali | Oct 2001 | B1 |
6318137 | Chaum | Nov 2001 | B1 |
6324854 | Jayanth | Dec 2001 | B1 |
6334121 | Primeaux et al. | Dec 2001 | B1 |
6347374 | Drake et al. | Feb 2002 | B1 |
6366558 | Howes et al. | Apr 2002 | B1 |
6369719 | Tracy et al. | Apr 2002 | B1 |
6374356 | Daigneault et al. | Apr 2002 | B1 |
6393848 | Roh et al. | May 2002 | B2 |
6394359 | Morgan | May 2002 | B1 |
6424068 | Nakagashi | Jul 2002 | B2 |
6453426 | Gamache et al. | Sep 2002 | B1 |
6453687 | Sharood et al. | Sep 2002 | B2 |
6483697 | Jenks et al. | Nov 2002 | B1 |
6487658 | Micali | Nov 2002 | B1 |
6490610 | Rizvi et al. | Dec 2002 | B1 |
6496575 | Vasell et al. | Dec 2002 | B1 |
6516357 | Hamann et al. | Feb 2003 | B1 |
6518953 | Armstrong | Feb 2003 | B1 |
6546419 | Humpleman et al. | Apr 2003 | B1 |
6556899 | Harvey et al. | Apr 2003 | B1 |
6574537 | Kipersztok et al. | Jun 2003 | B2 |
6583712 | Reed et al. | Jun 2003 | B1 |
6604023 | Brown et al. | Aug 2003 | B1 |
6615594 | Jayanth et al. | Sep 2003 | B2 |
6628997 | Fox et al. | Sep 2003 | B1 |
6647317 | Takai et al. | Nov 2003 | B2 |
6647400 | Moran | Nov 2003 | B1 |
6658373 | Rossi et al. | Dec 2003 | B2 |
6663010 | Chene et al. | Dec 2003 | B2 |
6665669 | Han et al. | Dec 2003 | B2 |
6667690 | Durej et al. | Dec 2003 | B2 |
6741915 | Poth | May 2004 | B2 |
6758051 | Jayanth et al. | Jul 2004 | B2 |
6766450 | Micali | Jul 2004 | B2 |
6789739 | Rosen | Sep 2004 | B2 |
6796494 | Gonzalo | Sep 2004 | B1 |
6801849 | Szukala et al. | Oct 2004 | B2 |
6801907 | Zagami | Oct 2004 | B1 |
6826454 | Sulfstede | Nov 2004 | B2 |
6829332 | Farris et al. | Dec 2004 | B2 |
6851621 | Wacker et al. | Feb 2005 | B1 |
6871193 | Campbell et al. | Mar 2005 | B1 |
6886742 | Stoutenburg et al. | May 2005 | B2 |
6895215 | Uhlmann | May 2005 | B2 |
6910135 | Grainger | Jun 2005 | B1 |
6967612 | Gorman et al. | Nov 2005 | B1 |
6969542 | Klasen-Memmer et al. | Nov 2005 | B2 |
6970070 | Juels et al. | Nov 2005 | B2 |
6973410 | Seigel | Dec 2005 | B2 |
6983889 | Alles | Jan 2006 | B2 |
6989742 | Ueno et al. | Jan 2006 | B2 |
7004401 | Kallestad | Feb 2006 | B2 |
7019614 | Lavelle et al. | Mar 2006 | B2 |
7032114 | Moran | Apr 2006 | B1 |
7055759 | Wacker et al. | Jun 2006 | B2 |
7076083 | Blazey | Jul 2006 | B2 |
7117356 | LaCous | Oct 2006 | B2 |
7124943 | Quan et al. | Oct 2006 | B2 |
7130719 | Ehlers et al. | Oct 2006 | B2 |
7183894 | Yui et al. | Feb 2007 | B2 |
7203962 | Moran | Apr 2007 | B1 |
7205882 | Libin | Apr 2007 | B2 |
7216007 | Johnson | May 2007 | B2 |
7216015 | Poth | May 2007 | B2 |
7218243 | Hayes et al. | May 2007 | B2 |
7222800 | Wruck | May 2007 | B2 |
7233243 | Roche et al. | Jun 2007 | B2 |
7243001 | Janert et al. | Jul 2007 | B2 |
7245223 | Trela | Jul 2007 | B2 |
7250853 | Flynn | Jul 2007 | B2 |
7274676 | Cardei et al. | Sep 2007 | B2 |
7280030 | Monaco | Oct 2007 | B1 |
7283489 | Palaez et al. | Oct 2007 | B2 |
7313819 | Burnett et al. | Dec 2007 | B2 |
7321784 | Serceki et al. | Jan 2008 | B2 |
7337315 | Micali | Feb 2008 | B2 |
7340743 | Anural et al. | Mar 2008 | B1 |
7343265 | Andarawis et al. | Mar 2008 | B2 |
7353396 | Micali et al. | Apr 2008 | B2 |
7362210 | Bazakos et al. | Apr 2008 | B2 |
7376839 | Carta et al. | May 2008 | B2 |
7379997 | Ehlers et al. | May 2008 | B2 |
7380125 | Di Luoffo et al. | May 2008 | B2 |
7383158 | Krocker et al. | Jun 2008 | B2 |
7397371 | Martin et al. | Jul 2008 | B2 |
7408925 | Boyle et al. | Aug 2008 | B1 |
7487538 | Mok | Feb 2009 | B2 |
7505914 | McCall | Mar 2009 | B2 |
7542867 | Steger et al. | Jun 2009 | B2 |
7543327 | Kaplinsky | Jun 2009 | B1 |
7574734 | Fedronic et al. | Aug 2009 | B2 |
7576770 | Metzger et al. | Aug 2009 | B2 |
7583401 | Lewis | Sep 2009 | B2 |
7586398 | Huang et al. | Sep 2009 | B2 |
7600679 | Kshirsagar et al. | Oct 2009 | B2 |
7634662 | Monroe | Dec 2009 | B2 |
7661603 | Yoon et al. | Feb 2010 | B2 |
7683940 | Fleming | Mar 2010 | B2 |
7735132 | Brown et al. | Jun 2010 | B2 |
7735145 | Kuehnel et al. | Jun 2010 | B2 |
7796536 | Roy et al. | Sep 2010 | B2 |
7801870 | Oh et al. | Sep 2010 | B2 |
7818026 | Hartikainen et al. | Oct 2010 | B2 |
7839926 | Metzger et al. | Nov 2010 | B1 |
7853987 | Balasubramanian et al. | Dec 2010 | B2 |
7861314 | Serani et al. | Dec 2010 | B2 |
7873441 | Synesiou et al. | Jan 2011 | B2 |
7907753 | Wilson et al. | Mar 2011 | B2 |
7937669 | Zhang et al. | May 2011 | B2 |
7983892 | Anne et al. | Jul 2011 | B2 |
7995526 | Liu et al. | Aug 2011 | B2 |
7999847 | Donovan et al. | Aug 2011 | B2 |
8045960 | Orakkan | Oct 2011 | B2 |
8069144 | Quinlan et al. | Nov 2011 | B2 |
8089341 | Nakagawa et al. | Jan 2012 | B2 |
8095889 | DeBlaey et al. | Jan 2012 | B2 |
8199196 | Klein et al. | Jun 2012 | B2 |
8316407 | Lee et al. | Nov 2012 | B2 |
8474029 | Adams et al. | Jun 2013 | B2 |
8509987 | Resner | Aug 2013 | B2 |
8543684 | Hulusi et al. | Sep 2013 | B2 |
8560970 | Liddington | Oct 2013 | B2 |
8605151 | Bellamy et al. | Dec 2013 | B2 |
20020011923 | Cunningham et al. | Jan 2002 | A1 |
20020022991 | Sharood et al. | Feb 2002 | A1 |
20020046337 | Micali | Apr 2002 | A1 |
20020118096 | Hoyos et al. | Aug 2002 | A1 |
20020121961 | Huff | Sep 2002 | A1 |
20020165824 | Micali | Nov 2002 | A1 |
20020170064 | Monroe et al. | Nov 2002 | A1 |
20030023866 | Hinchliffe et al. | Jan 2003 | A1 |
20030033230 | McCall | Feb 2003 | A1 |
20030071714 | Bayer et al. | Apr 2003 | A1 |
20030174049 | Beigel et al. | Sep 2003 | A1 |
20030208689 | Garza | Nov 2003 | A1 |
20030233432 | Davis et al. | Dec 2003 | A1 |
20040062421 | Jakubowski et al. | Apr 2004 | A1 |
20040064453 | Ruiz et al. | Apr 2004 | A1 |
20040068583 | Monroe et al. | Apr 2004 | A1 |
20040087362 | Beavers | May 2004 | A1 |
20040205350 | Waterhouse et al. | Oct 2004 | A1 |
20050138380 | Fedronic et al. | Jun 2005 | A1 |
20050200714 | Marchese | Sep 2005 | A1 |
20060017939 | Jamieson et al. | Jan 2006 | A1 |
20060059557 | Markham et al. | Mar 2006 | A1 |
20070109098 | Siemon et al. | May 2007 | A1 |
20070132550 | Avraham et al. | Jun 2007 | A1 |
20070171862 | Tang et al. | Jul 2007 | A1 |
20070268145 | Bazakos et al. | Nov 2007 | A1 |
20070272744 | Bantwal et al. | Nov 2007 | A1 |
20080086758 | Chowdhury et al. | Apr 2008 | A1 |
20080173709 | Ghosh | Jul 2008 | A1 |
20080272881 | Goel | Nov 2008 | A1 |
20090018900 | Waldron et al. | Jan 2009 | A1 |
20090080443 | Dziadosz | Mar 2009 | A1 |
20090086692 | Chen | Apr 2009 | A1 |
20090097815 | Lahr et al. | Apr 2009 | A1 |
20090121830 | Dziadosz | May 2009 | A1 |
20090167485 | Birchbauer et al. | Jul 2009 | A1 |
20090168695 | Johar et al. | Jul 2009 | A1 |
20090258643 | McGuffin | Oct 2009 | A1 |
20090266885 | Marcinowski et al. | Oct 2009 | A1 |
20090292524 | Anne et al. | Nov 2009 | A1 |
20090292995 | Anne et al. | Nov 2009 | A1 |
20090292996 | Anne et al. | Nov 2009 | A1 |
20090328152 | Thomas et al. | Dec 2009 | A1 |
20090328203 | Haas | Dec 2009 | A1 |
20100026811 | Palmer | Feb 2010 | A1 |
20100036511 | Dongare | Feb 2010 | A1 |
20100045424 | Kawakita | Feb 2010 | A1 |
20100148918 | Gerner et al. | Jun 2010 | A1 |
20100164720 | Kore | Jul 2010 | A1 |
20100220715 | Cherchali et al. | Sep 2010 | A1 |
20100269173 | Srinvasa et al. | Oct 2010 | A1 |
20110038278 | Bhandari et al. | Feb 2011 | A1 |
20110043631 | Marman et al. | Feb 2011 | A1 |
20110071929 | Morrison | Mar 2011 | A1 |
20110115602 | Bhandari et al. | May 2011 | A1 |
20110133884 | Kumar et al. | Jun 2011 | A1 |
20110153791 | Jones et al. | Jun 2011 | A1 |
20110167488 | Roy et al. | Jul 2011 | A1 |
20110181414 | G et al. | Jul 2011 | A1 |
20120096131 | Bhandari et al. | Apr 2012 | A1 |
20120106915 | Palmer | May 2012 | A1 |
20120121229 | Lee | May 2012 | A1 |
20120133482 | Bhandari et al. | May 2012 | A1 |
Number | Date | Country |
---|---|---|
2240881 | Dec 1999 | CA |
1265762 | Sep 2000 | CN |
19945861 | Mar 2001 | DE |
0043270 | Jan 1982 | EP |
0122244 | Oct 1984 | EP |
0152678 | Aug 1985 | EP |
0629940 | Dec 1994 | EP |
0858702 | Apr 2002 | EP |
1339028 | Aug 2003 | EP |
1630639 | Mar 2006 | EP |
2251266 | Jul 1992 | GB |
2390705 | Jan 2004 | GB |
6019911 | Jan 1994 | JP |
2003074942 | Mar 2003 | JP |
2003240318 | Aug 2003 | JP |
WO 8402786 | Jul 1984 | WO |
WO 9419912 | Sep 1994 | WO |
WO 9627858 | Sep 1996 | WO |
WO 0011592 | Mar 2000 | WO |
0076220 | Dec 2000 | WO |
WO 0142598 | Jun 2001 | WO |
WO 0157489 | Aug 2001 | WO |
WO 0160024 | Aug 2001 | WO |
WO 0232045 | Apr 2002 | WO |
WO 02091311 | Nov 2002 | WO |
WO 03090000 | Oct 2003 | WO |
WO 2004092514 | Oct 2004 | WO |
WO 2005038727 | Apr 2005 | WO |
WO 2006021047 | Mar 2006 | WO |
WO 2006049181 | May 2006 | WO |
2006126974 | Nov 2006 | WO |
2007043798 | Apr 2007 | WO |
WO 2008045918 | Apr 2008 | WO |
WO 2008144803 | Dec 2008 | WO |
2010039598 | Apr 2010 | WO |
WO 2010039598 | Apr 2010 | WO |
2010106474 | Sep 2010 | WO |
Entry |
---|
U.S. Appl. No. 14/129,086, filed Dec. 23, 2013. |
“Keyfast Technical Overview”, Corestreet Ltd., 21 pages, 2004. |
U.S. Appl. No. 13/533,334, filed Jun. 26, 2012. |
“Certificate Validation Choices,” CoreStreet, Inc., 8 pages, 2002. |
“CoreStreet Cuts the PKI Gordian Knot,” Digital ID World, pp. 22-25, Jun./Jul. 2004. |
“Distributed Certificate Validation,” CoreStreet, Ltd., 17 pages, 2006. |
“Identity Services Infrastructure,” CoreStreet Solutions—Whitepaper, 12 pages, 2006. |
“Important FIPS 201 Deployment Considerations,” Corestreet Ltd.—Whitepaper, 11 pages, 2005. |
“Introduction to Validation for Federated PKI,” Corestreet Ltd, 20 pages, 2006. |
“Manageable Secure Physical Access,” Corestreet Ltd, 3 pages, 2002. |
“MiniCRL, Corestreet Technology Datasheet,” CoreStreet, 1 page, 2006. |
“Nonce Sense, Freshness and Security in OCSP Responses,” Corestreet Ltd, 2 pages, 2003. |
“Real Time Credential Validation, Secure, Efficient Permissions Management,” Corestreet Ltd, 5 pages, 2002. |
“The Role of Practical Validation for Homeland Security,” Corestreet Ltd, 3 pages, 2002. |
“The Roles of Authentication, Authorization & Cryptography in Expanding Security Industry Technology,” Security Industry Association (SIA), Quarterly Technical Update, 32 pages, Dec. 2005. |
“Vulnerability Analysis of Certificate Validation Systems,” Corestreet Ltd—Whitepaper, 14 pages, 2006. |
U.S. Appl. No. 13/292,992, filed Nov. 9, 2011. |
Goldman et al., “Information Modeling for Intrusion Report Aggregation,” IEEE, Proceedings DARPA Information Survivability Conference and Exposition II, pp. 329-342, 2001. |
Honeywell, “Excel Building Supervisor-Integrated R7044 and FS90 Ver. 2.0,” Operator Manual, 70 pages, Apr. 1995. |
http://www.tcsbasys.com/products/superstats.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1009.asp, TCS/Basys Controls: Where Buildings Connect With Business, 1 page, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1017a.asp, TCS/Basys Controls: Where Buildings Connect With Business, 1 page, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1017n.asp, TCS/Basys Controls: Where Buildings Connect With Business, 1 page, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1020nseries.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1020series.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1022.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1024.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1030series.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1033.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1035.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1041.asp, TCS/Basys Controls: Where Buildings Connect With Business, 1 page, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1050series.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1051.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://www.tcsbasys.com/products/sz1053.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
http://wwww.tcsbasys.com/products/sz1031.asp, TCS/Basys Controls: Where Buildings Connect With Business, 2 pages, printed Aug. 26, 2003. |
Trane, “System Programming, Tracer Summit Version 14, BMTW-SVP01D-EN,” 623 pages, 2002. |
Number | Date | Country | |
---|---|---|---|
20120133482 A1 | May 2012 | US |