公开(公告)号：US09621644B2

公开(公告)日：2017-04-11

申请号：US14028059

申请日：2013-09-16

Applicant: Axis AB

Inventor： Mathias Bruce

IPC: G06F15/167 ,  H04L29/08 ,  G06F9/48 ,  G06F11/14 ,  G06F11/18 ,  G06F17/30

CPC classification number: H04L67/104 ,  G06F9/4806 ,  G06F11/1415 ,  G06F11/182 ,  G06F17/30206 ,  G06F17/30209

Abstract: A method may include a device joining a distributed database in a distributed physical access control system. The method may include storing first data in a first memory area of a memory. The first memory area may be designated to store data for a consensus-based distributed database (DB). The first data is to be added to the consensus-based distributed DB that is distributed among other devices in a network. The method may include copying the first data to a second memory area of the memory of the device and adding the device to the network, receiving data from the other devices in the network and adding the received data to the consensus-based distributed DB by storing the received data in the first memory area, and adding the first data to the consensus-based distributed DB by copying the first data from the second memory area to the first memory area.

公开(公告)号：US20150081831A1

公开(公告)日：2015-03-19

申请号：US14028059

申请日：2013-09-16

Applicant: Axis AB

Inventor： Mathias Bruce

IPC: H04L29/08

CPC classification number: H04L67/104 ,  G06F9/4806 ,  G06F11/1415 ,  G06F11/182 ,  G06F17/30206 ,  G06F17/30209

Abstract: A method may include a device joining a distributed database in a distributed physical access control system. The method may include storing first data in a first memory area of a memory. The first memory area may be designated to store data for a consensus-based distributed database (DB). The first data is to be added to the consensus-based distributed DB that is distributed among other devices in a network. The method may include copying the first data to a second memory area of the memory of the device and adding the device to the network, receiving data from the other devices in the network and adding the received data to the consensus-based distributed DB by storing the received data in the first memory area, and adding the first data to the consensus-based distributed DB by copying the first data from the second memory area to the first memory area.

Abstract translation: 方法可以包括在分布式物理访问控制系统中连接分布式数据库的设备。 该方法可以包括将第一数据存储在存储器的第一存储器区域中。 可以指定第一存储器区域来存储用于基于共识的分布式数据库（DB）的数据。 第一个数据将被添加到在网络中的其他设备之间分发的基于共识的分布式DB。 该方法可以包括将第一数据复制到设备的存储器的第二存储器区域，并将设备添加到网络中，从网络中的其他设备接收数据，并将接收到的数据添加到基于共识的分布式DB中，通过存储 在第一存储器区域中接收的数据，并且通过将第一数据从第二存储区域复制到第一存储区域将第一数据添加到基于共识的分布式DB。

公开(公告)号：US09686161B2

公开(公告)日：2017-06-20

申请号：US14028243

申请日：2013-09-16

Applicant: Axis AB

Inventor： Mathias Bruce ,  Olle Blomgren

IPC: G06F15/16 ,  H04L12/26 ,  G06F9/50 ,  G06F11/14 ,  G07C9/00 ,  G06F21/55 ,  G06F17/30 ,  G06F11/20

CPC classification number: H04L43/065 ,  G06F9/5061 ,  G06F11/142 ,  G06F11/20 ,  G06F15/16 ,  G06F17/30 ,  G06F21/554 ,  G06F2209/505 ,  G07C9/00 ,  H04L43/0811 ,  H04L43/0823

Abstract: A device may correspond to a physical access controller in a distributed physical access control system. A method, performed by the device in a distributed system, may include detecting that another device in the distributed system has become unavailable; determining that a loss of consensus has occurred in the distributed system based on detecting that the other device has become unavailable; generating a list of available devices in the distributed system; and sending an alarm message to an administrative device, wherein the alarm message indicates the loss of consensus and wherein the alarm message includes the list of available devices.

公开(公告)号：US20150082033A1

公开(公告)日：2015-03-19

申请号：US14028236

申请日：2013-09-16

Applicant: Axis AB

Inventor： Mathias Bruce ,  Marcus Johansson

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  G06F9/54 ,  G06F2221/2141 ,  H04L63/08 ,  H04L63/20

Abstract: A controller device may correspond to a physical access controller in a distributed physical access control system. The controller device may include logic configured to obtain access to a global database that include access control information for a plurality of controller devices. The logic may be further configured to derive a local access rules table from the global database, wherein the local access rules table relates users to access rules, and wherein the local access rules table is encrypted with a local access rules key; and derive a local credentials table from the global database, wherein the local credentials table relates hashed credentials to users, wherein the local credentials table stores, for a user, the local access rules key encrypted with unhashed credentials associated with the user, wherein the unhashed credentials are not stored in the controller device.

Abstract translation: 控制器设备可以对应于分布式物理访问控制系统中的物理访问控制器。 控制器设备可以包括被配置为获得对包括多个控制器设备的访问控制信息的全局数据库的访问的逻辑。 逻辑可以被进一步配置为从全局数据库导出本地访问规则表，其中本地访问规则表将用户与访问规则相关联，并且其中本地访问规则表用本地访问规则密钥加密; 并且从全局数据库导出本地凭证表，其中本地凭证表将哈希凭证与用户相关联，其中本地凭证表存储用户使用与该用户相关联的未清除凭证加密的本地访问规则密钥，其中未捣毁 凭证不存储在控制器设备中。

公开(公告)号：US20150081737A1

公开(公告)日：2015-03-19

申请号：US14028230

申请日：2013-09-16

Applicant: Axis AB

Inventor： Mathias Bruce ,  Robert Rosengren

IPC: G06F21/62

CPC classification number: G06F21/6227 ,  G06F9/4806 ,  G06F11/182 ,  G07C9/00

Abstract: A device may correspond to a physical access controller in a distributed physical access control system. The device in a distributed system may include logic configured to detect a request from an application to access an application dataset, wherein the application dataset corresponds to a distributed dataset and determine whether the application dataset exists in the distributed system. The logic may be further configured to generate the application dataset in the distributed system, in response to determining that the application dataset does not exist in the distributed system, and send, to other devices in the distributed system, a request to join a dataset group that includes devices associated with the application dataset, in response to determining that the application dataset exists in the distributed system.

Abstract translation: 设备可以对应于分布式物理访问控制系统中的物理访问控制器。 分布式系统中的设备可以包括被配置为检测来自应用程序以访问应用数据集的请求的逻辑，其中应用数据集对应于分布式数据集并且确定应用数据集是否存在于分布式系统中。 响应于确定应用数据集不存在于分布式系统中并且向分布式系统中的其他设备发送加入数据集组的请求，逻辑可被进一步配置为在分布式系统中生成应用数据集 响应于确定应用数据集存在于分布式系统中，其包括与应用数据集相关联的设备。

公开(公告)号：US11196661B2

公开(公告)日：2021-12-07

申请号：US16731895

申请日：2019-12-31

Applicant: Axis AB

Inventor： Jon Malmquist ,  Johan Rönnåker ,  Emil Selinder ,  Mathias Bruce ,  Marcus Johansson

IPC: H04L12/733 ,  H04W76/12 ,  H04W76/11 ,  G07C9/27 ,  H04L12/46 ,  H04L12/709 ,  H04L29/06 ,  H04L29/08 ,  H04W4/021 ,  H04W88/04 ,  G07C9/00

Abstract: A device may include a memory storing instructions and a processor configured to execute the instructions to identify a communication link between a first domain object and a second domain object; identify a first endpoint associated with the first domain object and a second endpoint associated with the second domain object; and determine a location relationship between the first endpoint and the second endpoint. The processor may be further configured to select a communication mechanism based on the determined location relationship; instruct the first endpoint to communicate with the second endpoint using the selected communication mechanism; and instruct the second endpoint to communicate with the first endpoint using the selected communication mechanism.

公开(公告)号：US20210203590A1

公开(公告)日：2021-07-01

申请号：US16731895

申请日：2019-12-31

Applicant: Axis AB

Inventor： Jon Malmquist ,  Johan Rönnåker ,  Emil Selinder ,  Mathias Bruce ,  Marcus Johansson

IPC: H04L12/733 ,  H04L12/46 ,  H04L12/709 ,  H04W88/04 ,  H04L29/08 ,  H04W4/021 ,  H04L29/06 ,  H04W76/11 ,  H04W76/12 ,  G07C9/27

Abstract: A device may include a memory storing instructions and a processor configured to execute the instructions to identify a communication link between a first domain object and a second domain object; identify a first endpoint associated with the first domain object and a second endpoint associated with the second domain object; and determine a location relationship between the first endpoint and the second endpoint. The processor may be further configured to select a communication mechanism based on the determined location relationship; instruct the first endpoint to communicate with the second endpoint using the selected communication mechanism; and instruct the second endpoint to communicate with the first endpoint using the selected communication mechanism.

公开(公告)号：US09860216B2

公开(公告)日：2018-01-02

申请号：US14028236

申请日：2013-09-16

Applicant: Axis AB

Inventor： Mathias Bruce ,  Marcus Johansson

IPC: H04L29/06 ,  G06F9/54

CPC classification number: H04L63/0428 ,  G06F9/54 ,  G06F2221/2141 ,  H04L63/08 ,  H04L63/20

Abstract: A controller device may correspond to a physical access controller in a distributed physical access control system. The controller device may include logic configured to obtain access to a global database that include access control information for a plurality of controller devices. The logic may be further configured to derive a local access rules table from the global database, wherein the local access rules table relates users to access rules, and wherein the local access rules table is encrypted with a local access rules key; and derive a local credentials table from the global database, wherein the local credentials table relates hashed credentials to users, wherein the local credentials table stores, for a user, the local access rules key encrypted with unhashed credentials associated with the user, wherein the unhashed credentials are not stored in the controller device.

公开(公告)号：US09641335B2

公开(公告)日：2017-05-02

申请号：US14028208

申请日：2013-09-16

Applicant: Axis AB

Inventor： Mathias Bruce ,  Niklas Hansson

IPC: H04L9/32 ,  G06F9/46 ,  G06F21/41 ,  H04L29/06

CPC classification number: H04L9/32 ,  G06F9/468 ,  G06F21/41 ,  H04L63/08 ,  H04L63/083

Abstract: A method relates to distributing user credentials in a distributed physical access control system, and more generally to distributing user credentials in a distributed system. A method may include storing a user credential database (DB), a first transformed credential DB and a second transformed credential DB for authenticating users to access a first and a second service provided by the device. The method may include generating the first transformed credential DB and the second transformed credential DB based on the user credential DB and comparing a credential received from a user to the first or the second transformed credential DB to determine whether to grant access to the first or the second service. The method may include distributing the user credential DB to a plurality of other devices connected in a network for the other devices to generate transformed credential DBs for authenticating users to access services.

公开(公告)号：US09619668B2

公开(公告)日：2017-04-11

申请号：US14028230

申请日：2013-09-16

Applicant: Axis AB

Inventor： Mathias Bruce ,  Robert Rosengren

IPC: G06F17/30 ,  G06F21/62 ,  G06F9/48 ,  G06F11/18 ,  G07C9/00

CPC classification number: G06F21/6227 ,  G06F9/4806 ,  G06F11/182 ,  G07C9/00

Abstract: A device may correspond to a physical access controller in a distributed physical access control system. The device in a distributed system may include logic configured to detect a request from an application to access an application dataset, wherein the application dataset corresponds to a distributed dataset and determine whether the application dataset exists in the distributed system. The logic may be further configured to generate the application dataset in the distributed system, in response to determining that the application dataset does not exist in the distributed system, and send, to other devices in the distributed system, a request to join a dataset group that includes devices associated with the application dataset, in response to determining that the application dataset exists in the distributed system.