| 主权项 |
1. A system comprising:
a plurality of network resources distributed throughout a site, the network resources comprising proprietary and Internet Protocol (IP) enabled security system components including sensors, actuators, alarms and monitoring devices, utilizing physical and Information Technology (IT) security data, wherein each sensor of the sensors is configured to generate a signal in response to a defined event, and in accordance with a proprietary data format defined specifically for a device by a respective manufacturer of the device; a single integration layer component that is configured to receive signals from each of the plurality of network resources in the proprietary data format of a respective security component and integrate disparate proprietary data formats for aggregation and processing in other components; the network resources comprising HVAC, lighting, building, video, alarms, identity management, and event security system components; a central network device security management processor coupled to the plurality of network resources, configured to receive signals from the integration layer by extracting security data and events from network traffic and the security system components to build a continually updated security state of the entire system through a physical security state engine, and a daemon process to generate active access lists and states for physical access control systems, wherein the active access lists define at runtime access privileges for individuals or groups of individuals defined within the system, and further wherein the alarm event messages are generated by a protocol defined trap message and log further wherein the daemon process aggregates all states and event messages; a normalization component in the central network device security management processor normalizing the signal data from the integration layer component in accordance with a defined data mapping scheme to transform the received signals from the proprietary data format to a corresponding Extensible Markup Language (XML) document configured to describe system policies through the use of virtual objects that comprise components of executable rules, and conforming to a schema that represents relationships between the virtual objects and corresponding devices, objects and processes, wherein the schema defines one or more attributes of the executable rules including inputs from the system components, actions to be taken based on the input, addresses of system components performing the actions, and states to be maintained by the coupled network resources; a rules definition component defining actionable events definitions and responses to actionable events, physical security policies comprising definitional rules consisting of the virtual objects representing network devices and physical security states used by the plurality of network resources; a policy manager component defining policies that control a data flow in accordance with the executable rules that are organized into types of policies comprising system, user, and sensor state related policies, and wherein the policies reference the attributes of data objects for each security system component; a communication integration interface integrating the security data with information technology (IT) data of an entity deploying the system; and a signal processing component applying the executable rules to the normalized signal data and physical security states to generate control signals that invoke the defined responses to the actionable events and to control the security system components in accordance with policies established for entity personnel defined by the integrated security data and access control rules, and transmitting the control signals to the security system components in the respective proprietary format in order to effect network access, data flow and application security and update the security state of the system. |
