Physical access control
Abstract
A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D 1 . C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method to for an entity A to control the access of at least one user U to at least one disconnected door D having means to determine the current time, comprising the steps of:
for each time interval d of a sequence of dates, having A produce a digital signature SIGUDd, indicating that user U can access door D during time interval d; causing U to receive SIGUDd during time interval d for presentation to door D in order to pass through D; having U present SIGUDd to door D; and having D open after verifying that (i) SIGUDd indeed is a digital signature of A indicating that U can access door D at time interval d, and (ii) that the current time is indeed within time interval d.
2 . The method of claim 1 , wherein U has a user card and D has a card reader coupled with an electromechanical lock, and wherein U receives SIGUDd by storing it into his card, and presents SIGUDd to D by having his card read by D's card reader.
3 . The method of claim 1 , wherein A cause SIGUDd to be received by U during time interval d by posting SIGUDd into a database accessable by U.
4 . The method of claim 1 , wherein SIGUDd is a public-key signature, and wherein D stores the public-key of A.
5 . The method of claim 1 , wherein D also verifies identity information about U.
6 . The method of claim 1 , wherein the identity information about U consist of at least one of: a PIN and the answer to a challenge of D.
7 . In an access control system with an entity A, at least one disconnected door, and users possessing user cards to access doors, a method for a disconnected door D to indicate to A that a given user U tried to access D, comprising the steps of:
having D receive from U information IU indicating that U wishes to access door D; having D at least temporarily store IU; and for at least one subsequent user V, having D cause V to at least temporarily store IU in V's card for presentation to entity A.
8 . The method of claim 7 , wherein V presents IU to A by transferring IU to a database accessible by A or transmitting information to A.
9 . The method of claim 7 , wherein IU includes at least one of: (i) information provided to U for accessing door D and (ii) information generated by U to access D.
10 . The method of claim 7 , wherein IU includes a digital signature generated by U.
11 . The method of claim 7 , wherein IU includes a digital signature of U.
12 . A method of controlling physical access, comprising:
reviewing real time credentials, wherein the real time credentials include a first part that is fixed and a second part that is modified on a periodic basis, wherein the second part provides a proof that the real time credentials are current; verifying validity of the real time credentials by performing an operation on the first part and comparing the result to the second part; and allowing physical access only if the real time credentials are verified as valid.
13 . A method, according to claim 12 , wherein the first part is digitally signed by an authority.
14 . A method, according to claim 13 , wherein the authority provides the second part.
15 . A method, according to claim 14 , wherein the second part is provided by an entity other than the authority.
16 . A method, according to claim 12 , wherein the real time credentials are provided on a smart card.
17 . A method, according to claim 12 , wherein a user obtains the second part of the real time credentials at a first location.
18 . A method, according to claim 17 , wherein the user is allowed access to a second location different and separate from the first location.
19 . A method, according to claim 12 , wherein at least a portion of the first part of the real time credentials represents a one-way hash applied plurality of times to a portion of the second portion of the real time credentials.
20 . A method, according to claim 19 , wherein the plurality of times corresponds to an amount of time elapsed since the first part of the real time credentials were issued.
21 . A method, according to claim 12 , wherein controlling physical access includes controlling access through a door.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.