Author
Dominique Louis Joseph Fedronic
Bio: Dominique Louis Joseph Fedronic is an academic researcher. The author has contributed to research in topics: Authentication & RADIUS. The author has an hindex of 1, co-authored 2 publications receiving 48 citations.
Papers
More filters
•
[...]
22 Dec 2004
TL;DR: In this paper, an integrated security system incorporating a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes.
Abstract: An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module. These transactions allow for the updating, replacement, deletion and creation of critical security parameters, cryptographic keys, user data and applications used by the secure access module and/or security token. In another embodiment of the invention a security access module associated with the security controller locally performs local authentication transactions which are recorded in a local access list used to update a master access list maintained by the authentication server.
47 citations
•
10 Oct 2012
TL;DR: In this paper, a procedure for controlar fisicamente el acceso a un lugar protegido is presented, which comprende las etapas siguientes: establecer una conexion de comunicaciones segura a traves of una red entre un controlador de seguridad (110) and por lo menos un servidor de autenticacion (105), acoplar funcionalmente un testigo de segidad (75) a dicho controlador
Abstract: Procedimiento para controlar fisicamente el acceso a un lugar protegido, que comprende las etapas siguientes:- establecer una conexion de comunicaciones segura a traves de una red entre un controlador de seguridad (110)y por lo menos un servidor de autenticacion (105),- acoplar funcionalmente un testigo de seguridad (75) a dicho controlador de seguridad,- enviar un parametro critico de seguridad desde dicho testigo de seguridad hasta dicho controlador de seguridadpara su autenticacion,- enviar dicho parametro critico de seguridad por lo menos a dicho servidor de autenticacion por medio de dichaconexion de comunicaciones segura,- realizar, mediante dicho servidor de autenticacion, una transaccion de autenticacion para dicho parametro criticode seguridad,- enviar un resultado de dicha transaccion de autenticacion desde dicho servidor de autenticacion hasta dichocontrolador de seguridad por medio de dicha conexion de comunicaciones segura, y- activar un circuito electromecanico (130) controlado por dicho controlador de seguridad si dicho resultadoconfirma que dicha transaccion de autenticacion se ha realizado con exito,caracterizado porque dicha activacion de dicho circuito electromecanico esta limitada a una duracion preestablecidaespecifica para dicho testigo de seguridad
1 citations
Cited by
More filters
•
03 Nov 2008
TL;DR: In this article, a storage device contains a smart-card device and a memory device, which is connected to a controller, which includes a security engine that uses critical security parameters stored in, and received from, the smartcard device.
Abstract: A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.
46 citations
•
28 Oct 2005
TL;DR: In this article, the authors present a secure deployment of software applications on transaction terminals using keys (330, 332) and certificates (320) using a terminal key management server (TKMS).
Abstract: Embodiments of the present invention relate to secure deployment of software applications on transaction terminals (210)using keys (330, 332) and certificates (320). In one embodiment, a method for electronically certifying an application for installation at a transaction terminal (210) is accomplished at a terminal key management server (204) by receiving an application along with a request to certify the application (302), comparing the application to one or more terminal constraints (304, 306), issuing a certificate that corresponds to the application (310), digitally signing the certificate (312), and making the digitally signed certificate and the encrypted application available to the transaction terminal. In another embodiment (316), a method for validating a certified application for installation on the transaction terminal is accomplished by receiving a notification (402), downloading an encrypted version of the application (404), downloading a digitally signed certificate (406), decrypting the application (408), verifying the digital signature of the certificate (410), and installing the application on the transaction terminal (416).
44 citations
•
25 Apr 2007
TL;DR: A security management system that includes a hierarchical security platform, converged IT and physical security management, unified credentialing, credential issuance and incident(s) management is presented in this paper.
Abstract: A security management system that includes a hierarchical security platform, converged IT and physical security management, unified credentialing, credential issuance and incident(s) management. An exemplary aspect of the invention also relates to physical and logical security management and information technology/network security management, with a credential issuance and integrity checking system as well as associated readers and printers of the credential. Still further aspects of the invention relate to obtaining, assembling and analyzing one or more of data, video information, image information, biometric information, sensor information, terrorist information, profile information, and/or other types of information to provide a comprehensive platform for all aspects of security management. A toolkit is also provided that allows complete management, integration, scalability, interoperability and centralized control of all aspects of security including personnel credentialing, personnel management, personnel tracking, task management, security system integration, security information exchange and scalability.
39 citations
•
01 Feb 2011TL;DR: In this paper, a local access module caches endpoint security information maintained by a remote server, and when a user attempts to access a network resource through an endpoint device, the endpoint device sends authentication information and health information to the local access node.
Abstract: In general, the principles of this invention are directed to techniques of locally caching endpoint security information. In particular, a local access module caches endpoint security information maintained by a remote server. When a user attempts to access a network resource through an endpoint device, the endpoint device sends authentication information and health information to the local access module. When the local access module receives the authentication information and the health information, the local access module controls access to the network resource based on the cached endpoint security information, the authentication information, and a security state of the endpoint device described by the health information.
36 citations
•
12 Mar 2010TL;DR: In this article, the authors describe a system and methods for managing access control devices, where an access control device is configured to function on the basis of an applied set of configuration data.
Abstract: Described herein are systems and methods for managing access control devices. In overview, an access control device is configured to function on the basis of an applied set of configuration data. For example, the manner in which the device processes an access request is dependent on the configuration data. A device according to an embodiment of the present invention is configured to locally maintain plurality of uniquely applicable sets of configuration data. Each set, when applied, causes the device to function in accordance with a respective mode of operation. The device is configured to change which set of configuration data is applied in response to a predetermined command, thereby allowing the device to shift between modes of operation relatively quickly and without the need to download additional configuration data. In some cases, the modes of operation correspond to threat levels, and the use of such access control devices allows a change in threat level to be applied across an access control environment quickly and with minimal bandwidth requirements.
35 citations