Access control system
Abstract
A device is described that includes a first microprocessor configured for interfacing with a digital access control backend, and a second microprocessor configured for dedicated communications with an access control manager device backend. The first microprocessor is a master device that controls the operation of the second microprocessor as a secondary device. The proposed device is configured for operation of the first microprocessor and the second microprocessor at low clock speeds and to maintain a hash segregation between locally received data sets and data sets transmitted to an external authentication system.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A device for controlling access to one or more protected resources, the device comprising:
a secondary microprocessor coupled to a physical access control device, the secondary microprocessor configured for receiving and decoding authentication electrical pulses from a user credential reader as when a user credential interacts with the user credential reader to generate corresponding user identifier data values, and the secondary microprocessor configured for transmitting electrical pulse signals to an access control management device that provisions access to the one or more protected resources; a master microprocessor coupled to an external authentication server and the secondary microprocessor, the master microprocessor configured to:
receive the corresponding user identifier data values;
transform the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server;
receive an access provisioning signal from the external authentication server; and
transmit an instruction signal to the secondary microprocessor to control the secondary microprocessor to provision access to the one or more protected resources;
wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader; and wherein said user credential is associated with an entity, and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader.
2 . The device of claim 1 , wherein the user credential is a local credential that is not provided to or accessible directly by the external authentication server.
3 . The device of claim 2 , wherein the cryptographic function used to transform the local credential is a private symmetric key.
4 . The device of claim 2 , wherein the cryptographic function used to transform the local credential is an asymmetric key.
5 . The device of claim 2 , wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets.
6 . The device of claim 1 , wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation.
7 . The device of claim 6 , wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time.
8 . The device of claim 6 , wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information.
9 . The device of claim 6 , wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential.
10 . The device of claim 1 , wherein the one or more protected resources include one or more access-controlled cabinets that are connected to at least one of the master microprocessor and the secondary microprocessor.
11 . A method for controlling access to one or more protected resources, the method comprising:
receiving and decoding, at a secondary microprocessor coupled to a physical access control device, authentication electrical pulses from a user credential reader generated when a user credential interacts with the user credential reader to generate corresponding user identifier data values, the secondary microprocessor configured for transmitting electrical pulse signals to an access control management method that provisions access to the one or more protected resources; receiving the corresponding user identifier data values at a master microprocessor coupled to an external authentication server and the secondary microprocessor; transforming the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server; receiving an access provisioning signal from the external authentication server; and transmitting an instruction signal to the secondary microprocessor to control the secondary microprocessor to provision access to the one or more protected resources; wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling uni-directional communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader; and wherein said user credential is associated with an entity, and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader.
12 . The method of claim 11 , wherein the user credential is a local credential that is not provided to or accessible directly by the external authentication server.
13 . The method of claim 12 , wherein the cryptographic function used to transform the local credential is a private symmetric key.
14 . The method of claim 12 , wherein the cryptographic function used to transform the local credential is an asymmetric key.
15 . The method of claim 13 , wherein the user credential is locally authenticated using a cryptographic function that uses one or more private pre-shared keys and one or more rolling secrets.
16 . The method of claim 11 , wherein the user credential is combined with an additional authentication element that is combined with the user credential for generating the transformed representation.
17 . The method of claim 16 , wherein the additional authentication element is requested only for access attempts occurring during a designated duration of time.
18 . The method of claim 16 , wherein the additional authentication element includes at least one of a declaration in respect of recent travel, wellness checks, temperature readings, or recent location information.
19 . The method of claim 16 , wherein the additional authentication element is requested during a security level increase or a detected first usage of the user credential.
20 . A non-transitory computer readable medium, storing machine interpretable instructions which when executed, cause a processor to perform a method for controlling access to one or more protected resources, the method comprising:
receiving and decoding, at a secondary microprocessor coupled to a physical access control device, authentication electrical pulses from a user credential reader generated when a user credential interacts with the user credential reader to generate corresponding user identifier data values, the secondary microprocessor configured for transmitting electrical pulse signals to an access control management method that provisions access to the one or more protected resources; receiving the corresponding user identifier data values at a master microprocessor coupled to an external authentication server and the secondary microprocessor, transforming the user identifier data values using a cryptographic function to generate a transformed representation for communication to the transformed representation to the external authentication server; receiving an access provisioning signal from the external authentication server; and transmitting an instruction signal to the secondary microprocessor to control the secondary microprocessor to provision access to the one or more protected resources; wherein the secondary microprocessor and the master microprocessor are coupled to one another across a message bus connection and a separate signal path, the signal path enabling uni-directional communication from the secondary microprocessor to the master microprocessor for indicating when the user credential interacts with the user credential reader; and wherein said user credential is associated with an entity, and wherein receiving said access provisioning signal from said external authentication server is based on whether a mobile communication device associated with said entity is within a threshold distance of said user credential reader when said user credential interacts with said user credential reader.Join the waitlist — get patent alerts
Track US2023353551A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.