Distribution of user credentials

摘要

A method relates to distributing user credentials in a distributed physical access control system, and more generally to distributing user credentials in a distributed system. A method may include storing a user credential database (DB), a first transformed credential DB and a second transformed credential DB for authenticating users to access a first and a second service provided by the device. The method may include generating the first transformed credential DB and the second transformed credential DB based on the user credential DB and comparing a credential received from a user to the first or the second transformed credential DB to determine whether to grant access to the first or the second service. The method may include distributing the user credential DB to a plurality of other devices connected in a network for the other devices to generate transformed credential DBs for authenticating users to access services.

主权项

1. A device including:
a memory to store a user credential database (DB) for storing untransformed credentials, a first transformed credential DB for authenticating users for accessing a first service provided by the device, and a second transformed credential DB for authenticating users for accessing a second service provided by the device; a communication interface to receive an untransformed credential; a processor to:
update the first transformed credential DB and the second transformed credential DB based on the user credential DB,transform the received untransformed credential to generate a transformed received credential, andcompare the transformed received credential to a first transformed credential stored in the first transformed credential DB to determine whether the received untransformed credential is correct or not correct to complete authentication of a user to access the first service or compare the transformed received credential to a second transformed credential stored in the second transformed credential DB to determine whether the received untransformed credential is correct or not correct to complete authentication of the user to access the second service; and wherein the communication interface is configured to:
distribute the user credential DB to a plurality of other devices connected in a peer-to-peer network for the other devices to generate transformed credential DB s for authenticating users to access services provided by the other devices, andreceive the user credential DB from the other devices in the peer-to-peer network.