EP-4738212-A1 - DYNAMIC ACCESS CONTROL AND INTRUSION DETECTION FOR SECURITY SYSTEMS

Abstract

A security system managing access to a site. The security system comprising a computing system adapted to obtain an augmented topology map of the site, the augmented topology map defining a plurality of spaces included in the site; identify respective space attribute values for each space included in the plurality of spaces; receive a request for an object to access a first space included in the plurality of spaces; determine a route from a starting location of the object to the first space based in part on the respective space attribute values identified for each space included in the plurality of spaces and an identity of the object, the route including at least one monitoring device disposed between the starting location and the first space; and permit the object to traverse the route monitored by the at least one monitoring device based in part on the identity of the object.

Inventors

• RIOUX, Frederick
• LENOT, David
• RACZ, PIERRE

Assignees

• Genetec Inc.

Dates

Publication Date

20260506

Application Date

20251030

Claims (15)

1. A security system managing access to a site, comprising: a computing system adapted to obtain an augmented topology map of the site, the augmented topology map defining a plurality of spaces included in the site; the computing system adapted to identify respective space attribute values for each space included in the plurality of spaces; the computing system adapted to receive a request for an object to access a first space included in the plurality of spaces; the computing system adapted to determine a route from a starting location of the object to the first space based in part on the respective space attribute values identified for each space included in the plurality of spaces and an identity of the object, the route including at least one monitoring device disposed between the starting location and the first space; and the computing system adapted to permit the object to traverse the route monitored by the at least one monitoring device based in part on the identity of the object.
2. The security system of claim 1, wherein to determine the route, the computing system is adapted to identify at least one second space in the plurality of spaces through which the object is permitted to transit; and the computing system adapted to add the at least one second space to the route.
3. The security system of claim 2, wherein the identity of the object comprises one or more object attribute values that define the object; and to identify the at least one second space in the plurality of spaces through which the object is permitted to transit, the computing system is adapted to compare the object attribute values to the respective space attribute values identified for each space included in the plurality of spaces; and the computing system adapted to determine, based on the comparison of the object attribute values to the respective space attribute values, that transiting through the at least one second space is in compliance with one or more active policies associated with the site.
4. The security system of any one of claims 1 to 3, wherein to determine the route, the computing system is adapted to identify at least one third space in the plurality of spaces through which the object is not permitted to transit; and the computing system adapted to determine not to add the at least one third space the route.
5. The security system of claim 4, wherein the identity of the object comprises one or more object attribute values that define the object; and to identify the at least one third space in the plurality of spaces through which the object is not permitted to transit, the computing system is adapted to compare the object attribute values to the respective space attribute values identified for each space included in the plurality of spaces; and the computing system adapted to determine, based on the comparison of the object attribute values to the respective space attribute values, that transiting through the at least one second space is not in compliance with one or more active policies associated with the site.
6. The security system of any one of claims 1 to 5, wherein to permit the object to traverse the route, the computing system is adapted to push configuration parameters to one or more access control devices included in the security system; and wherein at least one access control device included in the one or more access control devices is disposed on the route and adapted to permit the object to transit past the at least one access control device based in part on the configuration parameters.
7. The security system of any one of claims 1 to 6, wherein to permit the object to traverse the route, the computing system is adapted to unlock an access control device that is disposed along the route; wherein the access control device includes an electronic door lock included in the security system; wherein the computing system is adapted to display, via a display device, the route on the augmented topology map; and wherein the computing system is adapted to store, via a database, the route in association with the identity of the object.
8. The security system of any one of claims 1 to 7, wherein to determine the route from the starting location to the first space, the computing system is adapted to identify a plurality of routes through the site between the starting location of the object and the first space, the plurality of routes including the route; wherein a second route included in the plurality of routes comprises passage through a second space; wherein the identity of the object comprises one or more object attribute values that define the object that are not in compliance with one or more active policies associated with the second space; and wherein the computing system is adapted to select the route instead of the second route based in part on the one or more active policies associated with the second space.
9. A method comprising: obtaining an augmented topology map of a site, the augmented topology map defining a plurality of spaces in the site; identifying respective space attribute values for each space included in the plurality of spaces; receiving a request for an object to access a first space included in the plurality of spaces; determining a route from a starting location of the object to the first space based in part on the respective space attribute values identified for each space included in the plurality of spaces and an identity of the object, the route including at least one security device disposed between the starting location and the first space; and permitting the object to traverse the route monitored by the at least one security device based in part on the identity of the object.
10. A security system managing access to a site that includes a plurality of spaces, comprising: at least one security device adapted to generate security data associated with a first space included in the plurality of spaces; a computing system including one or more processors in electronic communication with the at least one security device via a network; the computing system adapted to obtain an augmented topology map of the site, the augmented topology map comprising a data structure that defines the plurality of spaces in the site; the computing system adapted to implement a security model associated with the site, the security model comprising a data structure that defines space attribute values associated with each space in the plurality of spaces, a plurality of objects existing within the plurality of spaces, and object attribute values assigned to each object included in the plurality of objects; the computing system adapted to receive the security data from the at least one security device, the security data indicative of a first object included in the plurality of objects existing in the first space included in the plurality of spaces; the computing system adapted to update, based on the security data, at least one of a first object attribute value associated with the first object and a first space attribute value associated with the first space; the computing system adapted to determine, based in part on the at least one of the first object attribute value and the first space attribute value, a permission of the first object to exist in the first space; and responsive to determining a negative permission for the first object to exist in the first space, the computing system adapted to update an attribute value associated with the first object to indicate an anomalous presence of the first object.
11. The security system of claim 10, wherein the at least one security device is adapted to generate second security data associated with a second object included in the plurality of objects, the second object existing in the first space; the at least one security device adapted to update, based in part on the second security data, at least one object attribute value assigned to the second object; the at least one security device adapted to transmit, to the computing system, the at least one object attribute value assigned to the second object; and the computing system adapted to update the security model based on the at least one object attribute value assigned to the second object.
12. The security system of claim 10 or 11, wherein the computing system is adapted to determine a confidence score for an identity of the first object based in part on the first object attribute value and at least one additional object attribute value associated with the first object; wherein the confidence score for the first object indicates how likely a detected identity of the first object matches an actual identity of the first object; wherein an actual identity of the first object comprises a plurality of object attribute values that define the first object.
13. The security system of any one of claims 10 to 12, wherein the computing system is adapted to determine an updated confidence score for the updated value of the first object attribute value detected in the security data; and wherein the updated confidence score indicates how likely the updated value of the first object attribute value is to match an actual value of the first object attribute value.
14. The security system of any one of claims 10 to 13, wherein the security data includes at least one of video data, audio data, biometric data, or user credentials.
15. The security system of any one of claims 10 to 14, wherein responsive to determining a negative permission for the first object to exist in the first space, the computing system is adapted to perform one or more responsive actions; wherein performance of the one or more responsive actions restricts the first object from entering a second space in the plurality of spaces.

Description

FIELD The present teachings relate generally to security systems and, more particularly, to dynamic access control and intrusion detection for security systems. BACKGROUND Security systems often include access control devices that are used to restrict and grant access to particular areas within a site (e.g., a building, a premises including one or more other buildings, a campus, a manufacturing facility, opens spaces such as freeways or the like, and/or some other area). For example, access control devices such as doors, electronic door locks, gates, and/or other devices can be used to restrict persons from accessing particular rooms, hallways, or other spaces within a building. However, configuring access control devices and managing which users are able to access the spaces restricted by access control devices can be a painstaking, difficult process. For example, using conventional approaches, operators of a security system (e.g., security officers, IT personnel, etc.) often manually assign access permissions to users, including employees working at a site and visitors visiting a site, for each respective space included in the site. At least one drawback to these conventional approaches for assigning access permission to users is that for instances in which there are many employees (e.g., hundreds, thousands, etc.) working at a site that includes many different spaces restricted by access control devices (e.g., hundreds or even thousands of rooms, hallways, laboratories, etc.), manually assigning access permissions for each user is very time consuming and prone to operator error, and rarely is the assignment done at a granular level, which might reduce security risks. At least another drawback to these conventional approaches for manually assigning access permissions to users is that it can be difficult to update the access permissions of respective users in response to the occurrence of anomalous events (e.g., fires, intrusions, etc.). For example, when an anomalous event occurs within and/or near a particular space in a site, it may be necessary to reassign access permissions to users nearby the anomalous event so that the users can safely transit through the site away from the anomalous event. However, the amount of time required to determine which users are located near the anomalous event, whether those users located near the anomalous event need updated access permissions to safely escape the area, and finally manually reassign access permissions to those in need makes it impractical for operators of the security system to quickly adjust access permissions in response to the occurrence of an anomalous event. Moreover, as mentioned above, manual assignment of access permissions to many users for many respective spaces is prone to human error. In that regard, for instances in which users have mistakenly been granted access permissions to spaces within the site that the users should not be allowed to access, it can be difficult for operators of the security system to identify situations in which users are located within spaces they should not be. In addition to manually assigning permissions to users, with these conventional approaches, operators of a security system (e.g., security officers, IT personnel, etc.) may also have to manually assign attribute values for each respective space included in the site. Similar to the drawbacks of manually assigning permissions to users, at least one drawback to manually assigning attributes to each space included in the site is that for instances in which there are many different spaces (e.g., tens, hundreds, or even thousands) in the site, manually assigning attributes (e.g., a max capacity attribute, a restricted object attribute (for example, no guns allowed in a space), etc.) for each space is very time consuming and prone to operator error. Therefore, it would be beneficial to have alternative systems and methods for dynamic access control and intrusion detection in security systems. SUMMARY The needs set forth herein as well as further and other needs and advantages are addressed by the present embodiments, which illustrate solutions and advantages described below. The present teachings relate to dynamic access control and intrusion detection for a security system. In particular, the present teachings relate to dynamically controlling access of an object to respective spaces in a site based on changing attribute values of the object and the spaces within the site. Moreover, with the present teachings, instances in which an object is located within a space that the object is not permitted to exist can be efficiently and/or automatically detected based in part on the changing attributes of the object, the changing attributes of the space, and security data generated by one or more security devices within the security system. At least one technical advantage of the present teachings relative to existing solutions is that, with the present teachings, access per