Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
SYSTEM AND METHOD FOR EFFICIENT CREDENTIALING
Document Type and Number:
WIPO Patent Application WO/2015/006815
Kind Code:
A1
Abstract:
A method of providing an individual with a credential profile for accessing an access-controlled environment. A first device is associated with an authorised entity, the authorised entity having the authority to issue, change and/or revoke credentials of individuals in relation to the access controlled-environment. The first device carries a credential profile defining a desired credential set of an individual. A secure communications connection is established between the first device and a second device, the second device being associated with the individual who is to be conferred with the desired credential set. The credential profile is transferred from the first device to the second device in a secure manner so that the second device and the credential profile it carries can then be used to effect access to access-controlled resources in the access- controlled environment in a manner defined by the credential profile.

Inventors:
MRAKAS CHRIS (AU)
Application Number:
PCT/AU2014/000735
Publication Date:
January 22, 2015
Filing Date:
July 18, 2014
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
GREENBOX IP PTY LTD (AU)
International Classes:
H04K1/00; H04L9/00
Foreign References:
US20060149970A12006-07-06
US20030005333A12003-01-02
Attorney, Agent or Firm:
MONKS IP (Blackheath, New South Wales 2785, AU)
Download PDF:
Claims:
CLAIMS:

1. A method of providing an individual with a credential profile for accessing an access- controlled environment, the method comprising:

providing a first device associated with an authorised entity, the authorised entity having the authority to issue, change and/or revoke credentials of individuals in relation to the access controlled-environment, and the first device carrying a credential profile defining a desired credential set of an individual;

establishing a secure communications connection between the first device and a second device associated with the individual; and

transferring the credential profile from the first device to the second device in a secure manner whereby the second device and the credential profile it carries can be used to effect access to access-controlled resources in the access-controlled environment in a manner defined by the credential profile.

2. The method of claim 1, wherein establishing a secure communications connection between the first device and a second device comprises a wired cable connection between the first and second devices.

3. The method of claim 1, wherein establishing a secure communications connection between the first device and a second device comprises a wireless connection between the first and second devices.

4. The method of any one of claims 1 to 3 wherein the communications connection is secured by use of a public key infrastructure (PKI) technique.

5. The method of any one of claims 1 to 3 wherein the communications connection is secured by username and password protection on one or both devices.

6. The method of any one of claims 1 to 5 wherein the credential profile is transferred following establishment of an inter-device digital handshake.

7. The method of any one of claims 1 to 6 wherein a one-directional connection is established by detecting when the first device is moved so as to come into contact with the second device while it is substantially stationary.

8. The method of any one of claims 1 to 6 wherein a primary-to-secondary connection is established by detecting when the first device is moved so as to come into contact with the second device while it is substantially stationary.

9. The method of claim 7 or claim 8 wherein the detecting comprises detecting a deceleration of the first device simultaneously with an acceleration of the second device.

10. The method of any one of claims 1 to 9, further comprising providing for controlled dissemination of credential profiles by issuing one or more licenses with each credential profile.

11. The method of claim 10 wherein the license contains distribution control information

12. The method of claim 10 or claim 11 wherein the license contains a lease expiry time.

13. The method of any one of claims 10 to 12 wherein the license contains version information to permit credential profile version control.

14. A computer program product comprising computer program code means to make a computer execute a procedure for providing an individual with a credential profile for accessing an access-controlled environment, the computer program product comprising computer program code means for carrying out the method of any one of claims 1 to 13.

15. A system for providing an individual with a credential profile for accessing an access- controlled environment; the system comprising:

a site controller for disseminating site information of an access controlled-environment to credentialed devices;

at least one administrator device configured to issue, change and/or revoke credential profiles of individuals in relation to the access controlled-environment, and the first device carrying a credential profile defining a desired credential set of an individual; and

a second device associated with the individual;

wherein the first device and second device are configured to establish a secure communications connection between the first device and a second device and to transfer the credential profile from the first device to the second device in a secure manner whereby the second device and the credential profile it carries can be used to effect access to access- controlled resources in the access-controlled environment in a manner defined by the credential profile.

Description:
SYSTEM AND METHOD FOR EFFICIENT CREDENTIALING Cross-Reference To Related Applications

[0001] This application claims the benefit of Australian Provisional Patent Application No. 2013902685 filed 19 July 2013, which is incorporated herein by reference.

Technical Field

[0002] The present invention relates to issuing and controlling credentials to individuals or entities, and in particular relates to a system and method for establishing and controlling credentials to a plurality of resources and potentially a large number of resources in an efficient manner.

Background of the Invention

[0003] In work environments, information systems and access-controlled environments, credentials are widely used to control access by individuals to information or other resources. In computing (IT) environments, a user name and a secret password is a widely-used means of evidencing an individual's credentials to access an IT account. Other access-controlled environments might evidence an individual's credentials using any of a large number of techniques such as fingerprints, voice recognition, retinal scans, X.509 public key infrastructure, and so on.

[0004] However, considerable overhead can exist in establishing, altering or revoking a user's credentials, and configuring access-control systems to allow or deny resource access in accordance with the most up-to-date credentials of the individual. In organisations with staff turnover, or having a large number of worksites or access-controlled resources, and/or desiring finely differentiated credentials from one individual to the next, the overhead in defining individuals' credentials can be prohibitive and can discourage the provision of any sophisticated access control at all.

[0005] Any discussion of documents, acts, materials, devices, articles or the like which has been included in the present specification is solely for the purpose of providing a context for the present invention. It is not to be taken as an admission that any or all of these matters form part of the prior art base or were common general knowledge in the field relevant to the present invention as it existed before the priority date of each claim of this application. [0006] Throughout this specification the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps.

[0007] In this specification, a statement that an element may be "at least one of a list of options is to be understood that the element may be any one of the listed options, or may be any combination of two or more of the listed options.

Summary of the Invention

[0008] According to a first aspect the present invention provides a method of providing an individual with a credential profile for accessing an access-controlled environment, the method comprising:

providing a first device associated with an authorised entity, the authorised entity having the authority to issue, change and/or revoke credentials of individuals in relation to the access controlled-environment, and the first device carrying a credential profile defining a desired credential set of an individual;

establishing a secure communications connection between the first device and a second device associated with the individual; and

transferring the credential profile from the first device to the second device in a secure manner whereby the second device and the credential profile it carries can be used to effect access to access-controlled resources in the access-controlled environment in a manner defined by the credential profile.

[0009] Establishing a secure communications connection between the first device and a second device may comprise any suitable technique, including a wired cable connection between the first and second devices or a wireless connection. The communications connection may be secured by use of suitable public key infrastructure techniques, username and password protection on one or both devices, or any other suitable technique. In another example the credential profile may be transferred following establishment of an inter-device digital handshake in accordance with the teachings of US Patent No. 8,429,407 or the completion of a "bump" in accordance with the teachings of US Patent Application No. US 2011/0191823. [0010] Moreover, some embodiments may establish a one-directional connection, or primary- to-secondary connection, by detecting when the first device is moved so as to come into contact with the second device while it is substantially stationary, so as to effect a nudge. Such embodiments may detect a deceleration of the first device simultaneously with an acceleration of the second device of substantially the same magnitude, in order to determine the occurrence of a nudge.

[0011] Preferred embodiments provide for controlled dissemination of credential profiles, by issuing licenses with each credential profile including distribution control information, lease expiry times, and version information to permit credential profile version control.

[0012] According to another aspect the present invention provides a computer program product comprising computer program code means to make a computer execute a procedure for providing an individual with a credential profile for accessing an access-controlled environment, the computer program product comprising computer program code means for carrying out the method of the first aspect.

[0013] According to a further aspect, the present invention provides a system for providing an individual with a credential profile for accessing an access-controlled environment; the system comprising:

a site controller for disseminating site information of an access controlled-environment to credentialed devices;

at least one administrator device configured to issue, change and/or revoke credential profiles of individuals in relation to the access controlled-environment, and the first device carrying a credential profile defining a desired credential set of an individual

a second device associated with the individual

wherein the first device and second device are configured to establish a secure communications connection between the first device and a second device and to transfer the credential profile from the first device to the second device in a secure manner whereby the second device and the credential profile it carries can be used to effect access to access- controlled resources in the access-controlled environment in a manner defined by the credential profile.

[0014] It is to be appreciated that in referring to a credential profile, the present specification is directed to acts which a person is permitted to perform, such as the person obtaining access a restricted site or the person being given control over a restricted-access control system and the like.

Brief Description of the Drawings

[0015] An example of the invention will now be described with reference to the

accompanying drawings, in which:

Figure 1 illustrates a first embodiment of the present invention implemented in an access controlled environment;

Figure 2 generally illustrates an intelligent remote control device suitable for implementation of the present invention;

Figures 3a, 3b and 3c illustrate the motion, velocity profiles and acceleration profiles, respectively, consistent with a nudge performed to effect transfer of a credential profile; and

Figure 4 is a flowchart illustrating the method for dissemination of a credential profile in accordance with an embodiment of the present invention.

Description of the Preferred Embodiments

[0016] An embodiment of the present invention will now be described with reference to a building automation and energy management system 200. In this embodiment, smartphones and/or tablets 202, 204 are used to undertake monitoring and control of the smart environment 250 controlled by the system. The overall master control functionality of this system is in an on- site smart meter controller 210 such as, by way of non-limiting example, in the manner set out in WO 2010/091450 by the present applicant, the contents of which are incorporated herein by reference. In other embodiments the server 210 may instead be in the cloud running on a server, for example. The smart box 210 holds information regarding the reticulation network for utilities at the site (schematics) as well as the control and monitoring style and rules. The smart box 210 is responsible for synchronizing any changes to the credential profile of a newly credentialed IRD 204 and these changes are one directional from smart box 210 to IRD 204.

[0017] In this embodiment, the smartphones 202, 204 are used as they are suitable for use as intelligent remote control devices with displays, referred to herein as IRD. Smartphones 202, 204 are used to visualize key information and to invoke command and control of the site 250. An advantage of using an IRD instead of a purpose built control device, is that smartphones and other IRDs have the ability to reconfigure the user interface displayed by the device, for example to incorporate changes in the manner in which monitoring and control can be undertaken. [0018] The IRDs 202, 204 can be configured to allow an individual to perform tasks such as switching lights 252 on or off, adjusting settings of an air conditioner 254 or heater whether temporarily or to reprogram the ongoing operation thereof, gaining read only (playback) or full edit access to a media store 256 holding photos or videos, and access secure areas within the building such as a utilities basement or server room 258. These access-controlled environments 252, 254, 256, 258 are simply by way of example and a considerably larger number of such devices and areas may be selectively controlled in accordance with the present invention. For example the credential profile may enable access to statistics and data for the site 250, or be used to provide access to the control of specific devices like air conditioning or general area lighting programs.

[0019] The present embodiment recognises that with increasingly smart buildings and/or increasing requirements for finely gradated access control to sites, there are many challenges for access controlled sites in providing for command and control of the site, and granting access to the site. For example, to give control and access credentials by conventional means is complex, and typically unique to the site and devices in question. Authentication and permissions for the user of the IRD need to be setup, including how long these permissions would apply. To repeat this process if a second device is to be credentialed for control and access is laborious. This is particularly problematic when considering day visitors to work sites, short term contractors, or guests at a domestic site, who often must be given use of the smart infrastructure at the site and/or access credentials to access-controlled areas at considerable effort but only for a very short period of time.

[0020] Further, the control capability provided in the IRD needs to reflect the particular environment, for example heating parameters vary considerably depending on the heater, building layout, thermal retention, occupancy, and so on. These parameters are complex and should therefore be accounted for by the IRD function. However, should any of these parameters change, this necessitates further updates to the IRD and its control credentials.

[0021] For large sites, a single administrator of credentialing is impractical, and it becomes necessary to facilitate the distribution of the credential profile which configures the IRD to other third parties, however controlling such distribution is problematic. Moreover, as system operational refinements occur whether to meet user preferences or for other reasons, it again becomes necessary to update the IRD credential profile to a latest version. [0022] Accordingly, the present embodiment provides for the configuration, sharing and controlled distribution of credential profiles for IRDs.

[0023] Referring to Figure 4, in this embodiment a credential profile is created by or otherwise loaded into an administrator device at 402. Using suitable application software running in the administrator device and secondary device, such as an app, a primary-to- secondary transfer is effected as illustrated in Figure 3a. Both devices are placed on a flat table or surface, and the user of the secondary device leaves their on the surface without holding or touching it. At time 302 primary device 202 is moved by its user, with velocity vector 304, while secondary device 204 remains stationary. At time 312 primary device 202 is moving more quickly, with velocity vector 314, approaching stationary secondary device 204. At about time 322 primary device 202 is caused to collide with secondary device 204. With a certain amount of elasticity in the collision, this causes a quick drop in velocity 324 as compared to 314 of the primary device, and a quick increase in velocity of secondary device 204 as indicated by vector 326. Secondary device slides a short distance, gradually slowing under friction as indicated by vector 336 at time 332, until it stops. Allowing for typical variations between users, this nudge process gives rise to velocity and acceleration profiles of the type shown in Figures 3b and 3c.

[0024] Velocity profile 352 of device 202 increases slowly, at a rate defined by normal human motion. However, the velocity decreases rapidly at the time of the collision with the secondary device. At the same time, the velocity 354 of the secondary device increases suddenly from zero, then reduces gradually under friction. Correspondingly, the acceleration 362 of device 202 is small, and positive, initially. At the time of the collision the device 202 undergoes a sudden negative acceleration at the moment of the collision. At the same time, secondary device 204 suddenly accelerates 364 before gradually decelerating after the collision. These acceleration and/or velocity profiles allow a typical nudge characteristic to be detected, and used by the app in each device to confirm the intention of the users to update the credential profile of device 204.

[0025] Thus the nudge between the devices 202, 204 is monitored by the respective accelerometer of the device (Figure 2), and is recorded then dispatched to a server. By comparing the signature of each device's collision, and confirming that the devices are in proximity using GPS location services, the server can validate that the transfer between the devices 202, 204 is authorized. Then the transfer of the credential profile is commenced between the two devices 202, 204 indirectly via the server.

[0026] The user of the primary device 202 is prompted by the app to separately confirm whether the required credential profile update is a clone (resulting in two credentialed devices) or transfer (in which the originating device is de-credentialed), the lease timeframe, whether the receiver is permitted to further distribute the credential profile, the security level the receiver can have, whether the nudge is limited in number (eg 1) or unlimited nudges are permitted, and in the case of a transfer the lease stipulates whether the IRD configuration reverts or lapses.

[0027] The individual associated with the secondary device 204 is prompted by the app o confirm that they wish to accept the credential profile update.

[0028] Once the receiver and the originator respond to these prompts, these are then sent to the smart box 210 at the site to effect the clone or transfer.

[0029] The smart box 210 then undertakes a clone of the site schematics and control information to the secondary device 204. This is used by the IRD 204 as the local knowledge of the site. It also configures the IRD 204 so as to enable monitoring and control according to credential profile. As will be appreciated, automated transfer of the credential profile and the site specific information can be effected in substantially less time than is the case for current manual control and configuration solutions, while nevertheless maintain user authentication control.

[0030] Where the nudge was a credential profile transfer, then once complete the smart box 210 revokes the lease certificate for the originator IRD 202 and the parties involved in the nudge are advised that the IRD was transferred.

[0031] In this embodiment, once a credential profile transfer occurs it cannot be revoked, except by the authorized account holder. Where a credential profile has been cloned, revocation of that credential profile results in that profile being revoked from all users having a clone of that profile.

[0032] In this embodiment, the credential profile also provides the device 204 with access via a website to view command and control for the site 250. [0033] This process thus provides for a very simple and efficient means to establish a credential profile in the secondary device 204, the credential profile having finely gradated credentialing information for a large range of site parameters, but without the need to laboriously configure the device for all such parameters.

[0034] The administrator device 202, being associated with the person who already has monitoring/control authority over the site, may store and/or disseminate one or more

configurations for a single site, such as a guest credential profile, employee credential profile, maintenance staff credential profile, super-user credential profile, read-only (use but not change/delete/reconfigure any settings or information) credential profile, and so on. The device 202 may further provide such credential profiles for more than one access-controlled site or environment, including for example the person's home and work. The device 202 may be a primary administrator device in one environment, such as that user's home, while simultaneously being a secondary device for another environment, such as the user's workplace, or a gym or club.

[0035] In this embodiment, the credential profile which configures the secondary device 204 to be an IRD for environment 250 has a lease certificate that specifies whether the credential profile can be further distributed by the secondary device 204 to another device. In this embodiment, where further distribution is permitted, the lease certificate also specifies a location within which further distribution can occur, such as within the physical area of the site 250. The lease certificate further specifies a time-window for which the credential profile is current, after which the app deactivates the credential profile in the secondary device 204.

[0036] Updates to the credential profile of device 204 may be made as required from time to time. For example, the credential profile can be changed, and tailored in terms of functionality, for example so that the display visualization of the remote control dashboard can be altered, as well as the manner in which devices 252 etc are controlled. This adaptation is also monitored by the administrator device 202 by way of suitable status reports issued by the app of device 204 and/or smart box 210.

[0037] The provision of versioning information with the credential profile enables the recipient 204 to later receive another version of a credential profile and undertake version control. In this embodiment, the initial cloned or transferred credential profile will be deactivated or revoked and the new version will become the active credential profile. Persistent policies associated with the first credential profile may be maintained and applied in respect of second and subsequent credential profiles. In this way the originating (ancestor) party of generations of updated descendant credential profiles is able to observe which credential profile is the dominant current version.

[0038] The present embodiment of the invention therefore allows authorized users to easily and with minimal effort transfer a credential profile to IRD 204 of a third party, using a natural gesture of pushing one IRD into another. This automated data transfer, version control and so on, minimizes errors of setting up the configuration for an IRD.

[0039] By reducing the complexity of issuing credential profiles, the present embodiment allows visitors to sites to obtain credentials and also to obtain the ability to monitor and control a site. This can be done efficiently even for only temporary site visitors, so that after a period of time or when the visitor leaves the site the credential profile is revoked.

[0040] It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.