In many businesses, organizations or public areas, security systems are employed to control access to the physical facilities or resources, and to safeguard authorized and unauthorized visitors. Security risks may be managed by controlling access by specified individuals based upon a specific set of criteria, such as time of day or day of the week.
In a typical physical-access controlled environment, a physical security system may include one or more physical devices, such as: entry lock mechanisms; entry open/close sensors; video surveillance cameras; microphones; credentials, such as some form of electronic or physical identification of a device or individual; credential identification input devices, such as a badge reader, PIN number keypad or biometric detector; communication and connectivity devices, such as door control panels; credential verification devices; policy-based access control devices, such as access control panels; credential and policy creation servers; a monitoring, event logging, and alarm reporting server; and a permission database defining which users have access to which facility, and when.
The control panel is typically located in close proximity to an entrance. Many control panels used in a typical physical-access controlled environment have a full or partial credential list. As facilities have multiple entrance points, each often with a corresponding control panel, it requires considerable work to ensure that all control panels are up to date. There are some access control systems that offer centralization of the data that would otherwise be distributed in multiple control panels. In these systems, the control panels pass credential information on to a central device such as a server for credential verification and policy enforcement. The server, if granting access, will then send an ‘access granted’ signal to the appropriate control panel, which would then forward a signal to a relay for controlling the opening of a door.
It is common for access control devices, such as badge or card readers, electro-mechanical locks, and door sensors, to be connected by a serial Wiegand or RS-485 connection to a door control panel. The functional devices typically communicate via a simple signaling protocol, which in many cases is specific to a single vendor.
Many other security devices and other physical devices and systems also need passwords, key codes, biometric data or other inputs to allow a user to control or access such a device or system. Such devices and systems also often have a local control panel or proprietary control software that is run on a local computer or web server. Some devices may be IP devices that connect to an Ethernet or the Internet, and others that communicate using the RS-485 protocol may be connected to the Internet via a gateway or bridge which converts the data between the RS-485 and TCP/IP formats. Each device or system has its own hardware or software control interface. As a result of the disparate control means and separate methods for granting permissions, it is often inconvenient for a user or administrator to access, program and control each security device or system efficiently. Furthermore, self-contained, on-site security systems or devices can be compromised or malfunction without being able to issue notification to an interested party. Also, it is onerous for an administrator or building manager to set and change the permissions.
Referring to the prior art shown in FIG. 1, physical devices 1, 2 may be locally connected to, and managed by, a control panel 4 or dedicated computer 6. Permissions P1 and P2 for the users allowed access to each device are stored in local databases 5, 7 within, or connected to, the control panel 4 or dedicated computer 6. The control panel 4 and/or the dedicated computer 6 may be connected to an Ethernet or the Internet 8, allowing users to optionally access the databases and devices via a personal or other computer terminal 9.
The current convergence of technologies may mean that multiple different devices and systems may be connected to, and operated from, the same computer 9 or network 8. A user of such a computer, however, faces the problem that each device or system needs to be accessed separately, each with its own software interface, name/password combination and method for managing permissions. Furthermore, existing physical security systems are considered to be much less secure than IT security systems.
In the field of computer networks, systems exist for managing access to network resources such as computers, printers, files, etc. Such a system may be, for example, an Active Directory as provided by Microsoft. An Active Directory is a central location for network administration. It provides access to objects representing all network users, computing devices, and resources and the ability to group objects together to facilitate management and permission setting. For example, a single sign-on allows users access to many network resources. A user's name and password combination may form a user identity, which is valid throughout the network, which might span a building, a city, or several sites across the world.