Browse Prior Art Database

System and Method of Controlling Physical Access to Data Centres using Mobile Phone

IP.com Disclosure Number: IPCOM000235009D
Publication Date: 2014-Feb-24
Document File: 3 page(s) / 63K

Publishing Venue

The IP.com Prior Art Database

Abstract

This article describes an approach to controlling physical and logical access to IT facilities and components. The approach describes the use of a mobile phone with NFC or similar protocol support as the access method with permissions delegated automatically by an enterprise's Change Management system. The user is therefore able to gain unsupervised access to their company's or a third party's data centre by using their phone as an access method, with that access governed and controlled by the details that are entered into the Change Record; for example, only allowing access within certain times of the day when the change is scheduled to occur or only being allowed access to discrete components.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 37% of the total text.

Page 01 of 3

System and Method of Controlling Physical Access to Data Centres using Mobile Phone

Controlling physical access to data centre assets and resources, such as caged areas, racks and individual servers, is typically addressed through a combination of process controls -- such as change management -- and physical controls, such as locks and the use of security guards and escorts. It is both critical that unauthorised access is prevented as well as ensuring that access to controlled areas only occurs under the auspices of a Change Request. In some facilities, a person will present their credentials to a security guard who will, upon checking they have appropriate authorisation, either escort them to the area where they need to perform their work or will assign access to a proximity card that allows them to enter the restricted area

where they are to perform their work. The person may then need to use alternative forms of authentication, such as physical keys or user IDs and passwords, to traverse the other layers of physical protection -- such as racks and server logons -- before being able to carry out their tasks.

    The disadvantages of all these approaches is that there exists a disconnect between the process controls that govern a persons access to a given area or resource and the physical controls; existing methods require multiple modes of authentication and are typically not integrated (e.g. the single-sign on used to access a server is managed separately to the proximity card used to access a floor or cage); and all methods require a significant amount of manual effort whether through the assigning of access or the physical escort of a person to the area they are to perform their work.

    The core of the invention is to a) enable the use of a person's mobile phone as a physical access control device; b) integrate the change management system for the facility with permissions assigned to the device so that all access is governed by the change record; and c) enable the use of the same device as a means of authentication at each control point in the data centre.

    A person would be assigned work as part of a Change Request in a Change Management system. Upon the assignment of work, if physical access to a Data Centre component is required, the Change Management system will provision to the Mobile Phone credentials allowing the user to authenticate and gain access to the various control points within the data centre. These credentials -- a virtual key or set of keys -- would be stored within the Secure Element on the phone's SIM. The phone, which is Near Field Communications (NFC) enabled, would be swiped

against a the door to gain access to the data centre. Upon swiping, their key would be checked and if there is a valid change and the swipe event occurs within the change window they will be granted access. They then use the device to gain access to a floor before accessing a particular cage. Once inside the cage, their access to the rac...