Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

GRANTING PHYSICAL ACCESS BASED ON AUTHENTICATED SESSION INFORMATION

IP.com Disclosure Number: IPCOM000243710D
Publication Date: 2015-Oct-14
Document File: 4 page(s) / 329K

Publishing Venue

The IP.com Prior Art Database

Related People

Ramesh Nampelly: AUTHOR [+2]

Abstract

Mechanisms and systems are provided to grant authorized users access to physical resources Examples of physical resources are structures such as buildings and labs or unauthenticated devices such as computers printers etc Access is granted based on contextual information of related authenticated sessions on authenticated devices such as authenticated laptops or smartphones that are different from the unauthenticated devices or physical resources to which the user wishes access to be granted

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 40% of the total text.

Page 01 of 4

GRANTING PHYSICAL ACCESS BASED ON AUTHENTICATED SESSION INFORMATION

AUTHORS:

Ramesh Nampelly
Pok Wong

CISCO SYSTEMS, INC.

ABSTRACT

    Mechanisms and systems are provided to grant authorized users access to physical resources. Examples of physical resources are structures such as buildings and labs or unauthenticated devices such as computers, printers, etc. Access is granted based on contextual information of related authenticated sessions on authenticated devices such as authenticated laptops or smartphones that are different from the unauthenticated devices or physical resources to which the user wishes access to be granted.

DETAILED DESCRIPTION

    The mechanisms and systems for granting access to physical resources described herein use identity information such as user names, MAC addresses, and/or certificates that uniquely identify a user or a device.

    To avoid password typing and the possibility of the system being key logged, traditional systems for granting access to physical resources use login methods that show a Quick Response (QR) code on a login page on a computer screen, for example. A registered user scans the QR code with a verified smartphone and is automatically logged into the physical resource (a computer for example). In addition, existing systems may use QR Codes as tokens but none of these systems utilizes authenticated network sessions as a basis to generate and validate the token.

    Other traditional systems grant a user's access to physical resources through access badges. Access badges use various technologies to identify the holder of the badge to an access control system. In all existing badge-based technologies, the holder needs to carry the badge at all time to gain access to the physical resource. There are

Copyright 2015 Cisco Systems, Inc.

1


Page 02 of 4

several occasions where users may forget carrying these badges while holding various devices such as corporate provided laptops or smart phones through which the user could be authenticated to gain the access.

    The mechanisms and systems for granting access to physical resources based on authenticated session information described herein do not require any type of access badges. Instead, the main components used for these methods and systems are: the end user and the devices, the physical infrastructure where the user connects to access physical resources, and policy control points that make governance decisions by enforcing policies across the infrastructure including the communication network as well as other physical infrastructure.

    According to an aspect, when the user makes a request to enter a building through a door using a registered wearable or handheld device, the server sends a dynamic QR code to the user. The QR code is shown on the screen of the wearable or handheld device. The code is presented by the user to a camera that scans the code and a valid code permits entry though the door.

    Identity information such as user names, MAC addresses, and/...