Controlling physical access to secure areas via client devices in a networked environment
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G07C-009/00
출원번호
US-0840156
(2013-03-15)
등록번호
US-9148416
(2015-09-29)
발명자
/ 주소
Tse, Kar Fai
출원인 / 주소
AirWatch LLC
대리인 / 주소
Thomas | Horstemeyer, LLP
인용정보
피인용 횟수 :
0인용 특허 :
86
초록▼
A method is disclosed for providing physical access credentials to a client device. The method may include receiving a request for a physical access credential, where the first request includes at least one user access credential and at least one physical access point identifier. The method may also
A method is disclosed for providing physical access credentials to a client device. The method may include receiving a request for a physical access credential, where the first request includes at least one user access credential and at least one physical access point identifier. The method may also include determining whether the request should be granted based at least in part on the at least one user access credential. The method may further include, in response to determining that the request should be granted, sending the physical access credential associated with the physical access point.
대표청구항▼
1. A non-transitory computer-readable medium encoded with software for execution and, when executed, operable to: receive a request for a physical access credential, wherein the request comprises at least one user access credential associated with a mobile device and at least one physical access poi
1. A non-transitory computer-readable medium encoded with software for execution and, when executed, operable to: receive a request for a physical access credential, wherein the request comprises at least one user access credential associated with a mobile device and at least one physical access point identifier, the at least one user access credential obtained by a sensor associated with a physical lock actuator and the at least one physical access point identifier being associated with the physical lock actuator;authenticate the request based at least in part on the at least one user access credential;determine whether the mobile device is in compliance with a plurality of compliance rules, the compliance rules comprising at least a hardware restriction and a mobile device management restriction, the hardware restriction comprising a requirement that the mobile device include a particular hardware capability, the particular hardware capability comprising: a Bluetooth capability, a camera, and a wireless communications capability, and the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system;in response to authenticating the request and determining whether the mobile device is in compliance with the plurality of compliance rules, send the physical access credential associated with the physical lock actuator to the mobile device; andactuate an unlocking function of the physical lock actuator associated with the physical access point identifier. 2. The non-transitory computer-readable medium of claim 1, wherein: the request further comprises an additional user credential; anddetermining whether the request should be granted is further based at least in part on the additional user credential. 3. The non-transitory computer-readable medium of claim 2, wherein: the additional user credential comprises a biometric identifier representative of a biometric characteristic of a user associated with the user access credential. 4. The non-transitory computer-readable medium of claim 1, the software further operable to: request at least one additional user credential. 5. The computer-readable medium of claim 1, the software further operable to: determine whether the mobile device associated with at least one additional compliance rule; andin response to determining that the mobile device associated with at least one additional compliance rule, determine whether the mobile device satisfies the at least one additional compliance rule. 6. The non-transitory computer-readable medium of claim 5, wherein: the physical access credential associated with the physical lock actuator is further sent in response to determining that the mobile device satisfies the at least one additional compliance rule. 7. The non-transitory computer-readable medium of claim 5, wherein: in response to determining that the mobile device does not satisfy the at least one additional compliance rule, deny the request to provide the physical access credential associated with the physical lock actuator. 8. The non-transitory computer-readable medium of claim 5, wherein: in response to determining that the mobile device does not satisfy the at least one additional compliance rule, transmitting a command to the mobile device or the physical lock actuator revoking the physical access credential associated with the physical lock actuator. 9. The non-transitory computer-readable medium of claim 1, the software further operable to: determine that the at least one user access credential is associated with a first grouping of user access credentials; andidentify the physical access credentials associated with the first grouping of user access credentials. 10. The non-transitory computer-readable medium of claim 1, the software further operable to: determine a plurality of physical lock actuators to which the at least one user access credential is entitled access;determine a plurality of security identifiers associated with the plurality of physical lock actuators, wherein each security identifier is associated with a different physical lock actuator; andcreate a new physical access credential which includes the plurality of security identifiers. 11. The non-transitory computer-readable medium of claim 1, wherein: the physical access credential comprises a hash of at least one security identifier; andthe hash is decodable by a combination of the at least one user access credential and a security identifier associated with the physical lock actuator. 12. The non-transitory computer-readable medium of claim 1, wherein: the at least one user access credential further includes a device identifier. 13. The non-transitory computer-readable medium of claim 1, the software further operable to: store a log of requests received and physical access credentials issued. 14. The non-transitory computer-readable medium of claim 13, the software further operable to: determine whether the request should be granted is further based at least in part on the log of requests received and physical access credentials issued. 15. A method comprising: receiving, from a sensor, a device identifier from a client device;sending, to a remote server, the device identifier and a security identifier associated with a physical lock actuator;in response to sending the device identifier and the security identifier, receiving an unlock instruction from the remote server in response to an authentication of the device identifier based at least in part on at least one user access credential and a determination that the client device is in compliance with a plurality of compliance rules, the compliance rules comprising at least a hardware restriction and a mobile device management restriction, the hardware restriction comprising a requirement that the client device include a particular hardware capability, the particular hardware capability comprising: a Bluetooth capability, a camera, and a wireless communications capability, and the mobile device management restriction comprising a requirement that the client device be enrolled with a mobile device management system; andin response to receiving the unlock instruction, actuating an unlocking function of the physical lock actuator associated with the security identifier. 16. The method of claim 15, further comprising: receiving, from the sensor, a user access credential from the client device;sending, to the remote server, the user access credential;wherein receiving the unlock instruction from the remote server is further in response to sending the user access credential. 17. The method of claim 15, further comprising: receiving, from the sensor, a device profile from the client device, the device profile comprising data associated with the hardware restriction and the mobile device management restriction;sending, to the remote server, the device profile;wherein receiving the unlock instruction from the remote server is further in response to sending the device profile. 18. A system comprising: a server device comprising: a communication system configured to: recognize, using a sensor coupled to the communication system, the presence of a wireless signal received from a mobile device;in response to recognizing the presence of a wireless signal, transmit a request for at least one physical access credential associated with the wireless signal, wherein the request includes a user access credential; andreceive the at least one physical access credential associated with an area where the wireless signal is present; anda transceiver configured to: send at least one physical access credential to a physical access point to actuate a physical lock actuator associated with a security identifier in response to an authentication of the user access credential and a determination that the mobile device is in compliance with a plurality of compliance rules, the compliance rules comprising at least a hardware restriction and a mobile device management restriction, the hardware restriction comprising a requirement that the mobile device include a particular hardware capability, the particular hardware capability comprising: a Bluetooth capability, a camera, and a wireless communications capability, and the mobile device management restriction comprising a requirement that the mobile device be enrolled with a mobile device management system; wherein the physical access point is configured to actuate an unlocking function of the physical lock actuator associated with the security identifier. 19. The apparatus of claim 18, wherein the wireless signal comprises at least one of: a public wireless network signal;a private wireless network signal;a near field communication signal;a radio frequency identification (RFID) signal; anda cellular phone network signal. 20. The apparatus of claim 18, wherein: the physical access point is associated with the area where the wireless signal is present.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (86)
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Administration of protection of data accessible by a mobile device.
Bhaskaran,Harikrishnan, Communication system and method for compressing information sent by a communication device to a target portable communication device.
Johnson, David Nephi; Nielson, Dustin Lance; Griffis, Jr., Jerry E.; Beus, David Kent; Jensen, Nathan Blaine; Street, William; Sherman, Paul Erik; Cook, Michael William; Carter, Stephen R, Credential mapping.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R. Stanley, Global server for authenticating access to remote services.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Craft, David John; Dubey, Pradeep K.; Hofstee, Harm Peter; Kahle, James Allan, Method and system for controlled distribution of application code and content data within a computer network.
Maurya, Sanjiv; Tse, Benson Wei-Ming; VanZile, Frank; Bonham, Larry Dean; Peterson, Phil; Friend, John, Method and system for distributing and updating software in wireless devices.
Bruton, III, David Aro; Overby, Jr., Linwood H.; Rodriguez, Adolfo Francisco, Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources.
Lin David Dah-Haur ; Shaheen Amal Ahmed ; Yellepeddy Krishna Kishore, Multiple remote data access security mechanism for multitiered internet computer networks.
Laird,David; Jones,Martin Kelly, Notification systems and methods enabling user entry of notification trigger information based upon monitored mobile vehicle location.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Mann, Dwayne R.; Heard, Robert W.; Burchett, Christopher D.; Gordon, Ian R., Server, computer memory, and method to support security policy maintenance and distribution.
Wolovitz, Lionel; Collins, Tim, Service management system and associated methodology of providing service related message prioritization in a mobile client.
Ng, Mason; Mendez, Daniel J.; Quinlan, Sean Michael, System and method for automatically forwarding email and email events via a computer network to a server computer.
Heard, Robert W.; Mann, Dwayne R.; Burchett, Christopher D.; Gordon, Ian R., System and method for distribution of security policies for mobile devices.
Riggins Mark D. ; Bailes R. Stanley ; Bui Hong O. ; Cowan David I. ; Mendez Daniel I. ; Ng Mason ; Quinlan Sean Michael ; Wagle Prasad ; Ying Christine C. ; Zuleeg Christopher R. ; Aptekar-Strober Jo, System and method for globally accessing computer services.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R., System and method for globally and securely accessing unified information in a computer network.
Mendez,Daniel J.; Riggins,Mark D.; Wagle,Prasad; Bui,Hong Q.; Ng,Mason; Quinlan,Sean Michael; Ying,Christine C.; Zuleeg,Christopher R.; Cowan,David J.; Aptekar Strober,Joanna A.; Bailes,R. Stanley, System and method for globally and securely accessing unified information in a computer network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for securely synchronizing multiple copies of a workspace element in a network.
Ng Mason ; Quinlan Sean Michael ; Ruan Tom ; Mendez Daniel J. ; Zhu Jing ; Cheng ; Jr. Martin ; Williams Matt ; Riggins Mark D., System and method for updating a remote database in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for using a global translator to synchronize workspace elements across a network.
Piccionelli, Greg A.; Rittmaster, Ted R., System and process for limiting distribution of information on a communication network based on geographic location.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.