[특허]Decentralized access control framework

Decentralized access control framework 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-021/00 G06F-007/04 H04L-009/32 G06K-019/00
출원번호	US-0545149 (2006-10-10)
등록번호	US-8166532 (2012-04-24)
발명자 / 주소	Chowdhury, Atish Datta Chaturvedi, Namit Balasubramanian, Meenakshi Ganesh, Arul
출원인 / 주소	Honeywell International Inc.
대리인 / 주소	Schiff Hardin LLP
인용정보	피인용 횟수 : 21 인용 특허 : 50

초록 ▼

A functional architecture is provided for decentralizing the authorization function of an access control system that incorporates user carried access devices, such as smart cards, and door controllers that interact so as to make access decisions. Access to individual rooms is guarded by parameters p

대표청구항 ▼

1. A decentralized access control system whereby access authorization decision making is decentralized, the system comprising: at least one access controlling device, wherein the access controlling device provides a first parameter that enables a decision relating to access authorization of a user; and,at least one user carried device carried by the user and interacting with the access controlling device, wherein the user carried device stores a second parameter that enables the decision relating to the access authorization of the user at the instance of presenting the user carried device to the access controlling device, wherein the decision is made as a function of both the first parameter and the second parameter, and wherein at least the second parameter relates to an access control policy that provides at least one condition under which access is permitted or denied. 2. The system of claim 1 wherein the at least one access controlling device comprises at least one reader and at least one controller, wherein the at least one reader interacts with the at least one user carried device, wherein the at least one controller interacts with the at least one reader, and wherein the at least one controller provides the first parameter. 3. The system of claim 2 further comprising a plurality of the readers and a plurality of the controllers, wherein each of the plurality of the controllers interacts with a corresponding one of the plurality of the readers. 4. The system of claim 2 further comprising a plurality of the readers and a plurality of the controllers, wherein each of the plurality of the controllers interacts with a corresponding group of the plurality of the readers, and wherein each group comprises at least two of the plurality of the readers. 5. The system of claim 1 wherein the first parameter is system context dependent, and wherein the second parameter is specific to the user of the at least one user carried device. 6. The system of claim 5 wherein the context is dynamic. 7. The system of claim 1 wherein the at least one access controlling device causes the decision to be logged in a log file. 8. The system of claim 1 wherein the first parameter is system context dependent, wherein the system context and the access decisions are abstracted as discrete events. 9. The system of claim 1 further comprising a plurality of the controllers, wherein the plurality of the controllers share an interconnect, wherein the interconnect includes an administrator that supplies special system contexts to the controllers, and wherein the special system contexts are in addition to any system contexts detected by the plurality of the controllers. 10. The system of claim 1 wherein a plurality of access controlling devices collaboratively decide on a system context using an interconnect in addition to detecting system context individually, wherein the interconnect interconnects the access controlling devices. 11. The system of claim 1 wherein a plurality of access controlling devices are interconnected by an interconnect, and wherein the system can tolerate a limited disconnection in the interconnect so long as the access controlling devices that need to collaborate to decide on a system context, if any, stay connected. 12. The system of claim 1 further comprising an administrator, wherein the administrator includes in the second parameter a role of the user and assigns the user to the role. 13. The system of claim 1 wherein the second parameter includes a user-specific authorization policy, wherein the system further comprises a system controller, and wherein the system controller extracts a precise representation of the user-specific authorization policy and provides information on how to compute the decision for the user based on the user-specific authorization policy and the first parameter. 14. The system of claim 1 further including a terminal that changes the second parameter stored on the at least one user carried device. 15. The system of claim 1 wherein the access controlling device is instructed to change the second parameter stored on the user carried device when the user carried device interacts with the access controlling device. 16. The system of claim 1 wherein the access controlling device and/or user carried device is not reconfigured when an administrator modifies access controlling policies. 17. The system of claim 1 wherein the policy comprises a policy unrelated to verification that a user possess a valid user carried device. 18. A smart card useful in a decentralized access control system whereby access authorization decision making is decentralized, the smart card comprising: a memory storing policy rules that provide conditions under which access is permitted or denied, wherein the policy rules enable decisions to be made at instances of presenting the smart card to an access controller controlling access to a restricted area, and wherein the decisions relate to access to the restricted area by a user of the smart card; and,a processor coupled to the memory and arranged to enable the decisions based upon the policy rules and a system context transmitted to the smart card, wherein the system context is based on an environment relating to the restricted area. 19. The smart card of claim 18 wherein the policy rules include at least one policy rule that is specific to the user. 20. The smart card of claim 18 wherein the memory stores history of activities specific to an user.

이 특허에 인용된 특허 (50)

Wheeler, Henry Lynn; Wheeler, Anne M., ABDS system and verification status for authenticating entity access.
상세보기
Ozer Richard (Brookline MA) DeSantis Edward (Boston MA) Tomlinson Brett (Brighton MA), Access control system having centralized/distributed control.
상세보기
Numao, Masayuki; Kudoh, Michiharu; Amano, Tomio, Access control system, access control method, storage medium and program transmission apparatus.
상세보기
Gould,Stephen; Barrie,Robert Matthew; Williams,Darren; de Jong,Nicholas, Apparatus and method for memory efficient, programmable, pattern matching finite state machine hardware.
상세보기
Micali Silvio, Certificate issue lists.
상세보기
Micali Silvio, Certificate revocation system.
상세보기
Micali Silvio, Certificate revocation system.
상세보기
Micali Silvio, Certificate revocation system.
상세보기
Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Certificate revocation system.
상세보기
Micali, Silvio, Certificate revocation system.
상세보기
Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Compact certification with threshold signatures.
상세보기
Sehr Richard Peter, Computerized voting information system having predefined content and voting templates.
상세보기
Dzoba,Jonathan; Gingrich,Paul; Sim,Edmund, Configurable debug system with dynamic menus.
상세보기
Libin, Phil; Micali, Silvio; Engberg, David; Sinelnikov, Alex, Controlling access using additional data.
상세보기
Chen,Jay C., Cryptographic system and method for electronic transactions.
상세보기
Helland Patrick James ; Limprecht Rodney ; Al-Ghosein Mohsen ; Reed David R. ; Devlin William D., Declarative and programmatic access control of component-based server applications using roles.
상세보기
Steeves, Wayne E., Distributed tag reader system and method.
상세보기
Silvio Micali, Efficient certificate revocation.
상세보기
Park,Min Gun; Lee,Jin Yub, Flash memory system capable of inputting/outputting sector data at random.
상세보기
Benton William M. (Ft. Lauderdale FL), Funds transfer system using optically coupled, portable modules.
상세보기
Micali Silvio (459 Chestnut Hill Rd. Brookline MA 02146), Ideal electronic negotiations.
상세보기
Sumino, Toru, Individual authentication system performing authentication in multiple steps.
상세보기
Ito, Hideto; Iwasa, Naoki; Sakuma, Haruhisa; Kawasaki, Makoto; Harada, Yoshihisa, Information processing apparatus and authentication program storage medium.
상세보기
Fox, Christopher Wayne, Legacy access control security system modernization apparatus.
상세보기
Joseph Francis McCarthy ; Theodore Dean Anagnost, Member preference control of an environment.
상세보기
Rosner,Stephan; Winkler,J철rg; Flemming,Ralf; Novak,Stephen T., Method and apparatus for accessing memories having a time-variant response over a PCI bus by using two-stage DMA transfers.
상세보기
Bilich James ; Brown Alan E., Method and apparatus for automatically implementing computer power on and logon functions using encoded ID card.
상세보기
Micali Silvio, Method for certifying public keys in a digital signature scheme.
상세보기
Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Method for certifying public keys in a digital signature scheme.
상세보기
Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Method for certifying public keys in a digital signature scheme.
상세보기
Futral William T., Method for multiple independent processes controlling access to I/O devices in a computer system.
상세보기
Wagner Ferdinand H. (24 Sterling Cir. ; Apt. 211 Wheaton IL 60187), Method of and apparatus for constructing a control system and control system created thereby.
상세보기
Kamani Sanjay ; Lusaka Patrick ; Pepin Ronald R., Monitoring of elevator door reversal data.
상세보기
Briel Mark C. ; Wynhamer P. Frank, Multi-port switching system and method for a computer bus.
상세보기
Edwards,Christopher Paul, Multi-stage authorisation system.
상세보기
Atalla Martin M. (Atherton CA), Multilevel security apparatus and method.
상세보기
Arbuckle Thomas R. (Bedford TX) Williams Marvin L. (Lewisville TX 4), Multimedia context-sensitive real-time-help mechanism for use in a data processing system.
상세보기
Kim Young-Il,KRX, Personal computer using chip-in card to prevent unauthorized use.
상세보기
Tsujii,Shigeo; Kasahara,Masao, Secret key generation method, encryption method, cryptographic communications method, common key generator, cryptographic communications system, and recording media.
상세보기
Novozhenets,Yuri; Regelski,Michael, Security system for access control using smart cards.
상세보기
Carta,David R.; Kelly,Guy M.; Ravenis, II,Joseph V J, Smart card access control system.
상세보기
Rasmussen,Brian, Smart card security for computer system.
상세보기
Ikegami,Fumihiko; Murai,Shinya; Yamaguchi,Shogo; Horiguchi,Takeo, System and apparatus for information display.
상세보기
Chan Alfred ; Kekicheff Marc B. ; Weise Joel M. ; Wentker David C., System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card.
상세보기
Satoh, Masakazu, System and method for authentication of a hardware token.
상세보기
Lin,Paul; Hon,Henry; Cheng,Fred, System and method for controlling access to multiple public networks and for controlling access to multiple private networks.
상세보기
Micali Silvio, Tree-based certificate revocation system.
상세보기
Micali Silvio, Tree-based certificate revocation system.
상세보기
Yu Ju-Yeol,KRX ; Chung Ho-Suk,KRX ; Moon Soon-Il,KRX, User authentication system for authenticating an authorized user of an IC card.
상세보기
Micall Silvio, Witness-based certificate revocation system.
상세보기

이 특허를 인용한 특허 (21)

Radhakrishnan, Rakesh, Apparatus and method for performing session validation.
상세보기
Radhakrishnan, Rakesh, Apparatus and method for performing session validation to access confidential resources.
상세보기
Goel, Parveen Kumar, Authorization system and a method of authorization.
상세보기
Haviv, Yinnon Avraham; Hay, Roee; Pistoia, Marco; Sharabani, Adi; Tateishi, Takaaki; Tripp, Omer; Weisman, Omri, Eliminating false reports of security vulnerabilities when testing computer software.
상세보기
Haviv, Yinnon A.; Hay, Roee; Pistoia, Marco; Sharabani, Adi; Tateishi, Takaaki; Tripp, Omer; Weisman, Omri, Identifying security vulnerability in computer software.
상세보기
Haviv, Yinnon A.; Hay, Roee; Pistoia, Marco; Segal, Ory; Sharabani, Adi; Tateishi, Takaaki; Tripp, Omer; Weisman, Omri, Injection context based static analysis of computer software applications.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for emergency session validation.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for network session validation.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for object security session validation.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for object transaction session validation.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for session validation to access from uncontrolled devices.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for session validation to access mainframe resources.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for session validation to access third party resources.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for subject recognition session validation.
상세보기
Radhakrishnan, Rakesh, Method and apparatus for third party session validation.
상세보기
Das, Sudeep; Sharma, Pramod; Vashisth, Sumant, Premises aware security.
상세보기
Reusch, Matthias; Petzold, Karsten; Kling, Michael; Schips, Patrick; Banzhaf, Bernd; Stanko, Florian; Walter, Herbert; Nawratil, Timo, Safety controller and method for controlling an automated installation.
상세보기
Haviv, Yinnon Avraham; Pistoia, Marco; Tabuchi, Naoshi; Tateishi, Takaaki, System, method, and program for determining validity of string.
상세보기
Worrill, Joshua; Laycock, Graeme, Systems and methods configured to enable content sharing between client terminals of a digital video management system.
상세보기
Worrill, Joshua; Laycock, Graeme; Masters, Amelia; Flannery, Mark, Systems and methods for managing video data.
상세보기
Flannery, Mark, Systems and methods for presenting digital video management system information via a user-customizable hierarchical tree interface.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Decentralized access control framework 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (50)

이 특허를 인용한 특허 (21)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Decentralized access control framework 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (50)

이 특허를 인용한 특허 (21)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트