US20090282461A1 - Method of and system for controlling access to an automated media library - Google Patents

Method of and system for controlling access to an automated media library Download PDF

Info

Publication number
US20090282461A1
US20090282461A1 US12/116,801 US11680108A US2009282461A1 US 20090282461 A1 US20090282461 A1 US 20090282461A1 US 11680108 A US11680108 A US 11680108A US 2009282461 A1 US2009282461 A1 US 2009282461A1
Authority
US
United States
Prior art keywords
access
media
import
door
library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/116,801
Inventor
Nils Haustein
Frank Krick
Daniel J. Winarski
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US12/116,801 priority Critical patent/US20090282461A1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HAUSTEIN, NILS, KRICK, FRANK, WINARSKI, DANIEL J.
Priority to US12/355,383 priority patent/US8230501B2/en
Publication of US20090282461A1 publication Critical patent/US20090282461A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/33Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/14With a sequence of inputs of different identification information

Definitions

  • the present invention relates in general to the field of physical security of computer storage media, and more particularly to a method of and system for controlling access to an automated media library.
  • Automated media libraries provide a convenient and efficient means of storing and accessing large amounts of data.
  • the data are stored on movable media, such as magnetic tape cartridges.
  • the movable media are stored in racks or slots in a cabinet.
  • a robotic media handler moves the media back and forth between the racks are slots and one or more media drives in the cabinet.
  • the media drives are connected to a network.
  • Media can be imported to or exported from the automated media library through an import/export station.
  • the robotic media handler moves media back and forth between the library and the import export station. Additionally, doors are provided in the cabinet so that service or maintenance technicians can have access to the various mechanical and electrical components within the library cabinet.
  • Automated media libraries are typically located in rooms that provide various levels of physical access control. At smaller installations, the media library may be located in a normal office. At larger installations, media libraries may be located in special dedicated rooms. The special dedicated rooms are typically locked and require a badge or the like to enter the room. Some organizations require that people requesting access to a media library be accompanied by a guard or other security personnel.
  • the present invention provides a method of and a system for controlling access to an automated media library.
  • the method receives a request for access to the library from an individual having an identity.
  • Access may include importing media to the library, exporting media from the library, and opening a locked door to a cabinet containing the library. If the access includes the importing media, the method moves a robotic media handler to a locked import/export station. If the access includes exporting media, the method moves the requested media to the locked import/export station. If the access includes the opening the door, the method takes a first inventory of the media in the library.
  • the method authenticates the identity of the individual and determines an access level associated with the individual. If the access level is insufficient for the requested access, the method denies the requested access and issues an alert.
  • the method determines if the requested access requires a second authentication. If a second authentication is required, the method prompts the individual to perform the second authentication. If the second authentication is verified, the method logs the access by the individual and grants the access. If the access is granted and the access is importing or exporting media, the method unlocks the import/export station. If the access is granted and the access is opening the door, the method unlocks the door. The method closes and locks the import/export station a predetermined length of time after unlocking the import/export station. The method locks the door a predetermined length of time after unlocking the door and takes a second inventory of the media. The method issues an alert if the second inventory differs from the first inventory.
  • FIG. 1 is a perspective view of an embodiment of an automated media library according to the present invention
  • FIG. 2 is a block diagram of an embodiment of automated media library access control system according to the present invention.
  • FIGS. 3A-FIG . 3 C comprise a flow chart an embodiment of automated media library access control processing according to the present invention.
  • FIG. 4A-FIG . 3 C comprises a flow chart of an embodiment of automated media library access control authentication processing according to the present invention.
  • media library 100 is an automated tape library; however, those skilled in the art will recognize that media library 100 may be adapted for use with other media.
  • Media library 100 is housed in a cabinet 101 .
  • Cabinet 101 is accessible from the outside through a front door 103 and the back door 105 .
  • Front door 103 is normally secured by an electronically operated lock 107 .
  • back door 105 is normally secured by an electronically operated lock 109 .
  • Cabinet 101 houses the mechanical and electrical components of media library 100 as well as the media itself.
  • Media library 100 includes a plurality of tape drives 111 .
  • Media library 100 also includes storage slots for tape cartridges, such as tape cartridge 113 .
  • a robot 115 is mounted for movement inside cabinet 101 to transport tape cartridges back and forth between the storage slots and the tape drives.
  • Robot 115 may also include a barcode reader (not shown in FIG. 1 ) for inventorying tape cartridges in the library.
  • Robot 115 is also operable to move tape cartridges back and forth between an import/export station 117 positioned in front door 103 .
  • Import/export station is normally secured by an electronically operated lock (not shown in FIG. 1 ).
  • Embodiments of the present invention control access to the interior of cabinet 101 by authenticating the identity of persons seeking access.
  • authentication may be provided through a combination of user ID and password authentication and biometric authentication.
  • a touch screen 119 is positioned in front door 103 .
  • Touch screen 119 is adapted to display prompts and soft keys, or the like, to receive user input.
  • a person seeking access to the interior of cabinet 101 may be prompted to enter a user ID, or the like, and password using touch screen 119 .
  • the biometric authentication devices include an iris or retina scanner 121 and the hand or fingerprint scanner 123 . Processing and control of media library 100 is performed by a controller 125 , which may be a personal computer.
  • the embodiment of the access control system of FIG. 1 is illustrated a block diagram form in FIG. 2 .
  • Media handling robot 115 , cabinet front door lock 107 , touch screen 119 , and cabinet back door lock 109 are all in communication with controller 125 .
  • communication may be over a network based on Ethernet and the TCP/IP protocol within automated media library 100 .
  • the access control system also includes an electronically operated import/export station lock 201 in communication with controller 125 .
  • a barcode reader 203 is also in communication with controller 125 .
  • Iris/retina scanner 121 and hand/fingerprint scanner 123 are coupled to a multimodal biometric engine 205 , which is in communication with controller 125 .
  • Multimodal biometric engine 125 may be a software component of controller 125 .
  • Controller 125 is in communication with an administrator computer 207 . Communication between controller 125 and administrator computer 207 may be over a network. Administrator computer 207 may be located in an office or the like separated from automated media library 100 . Administrator computer 207 is adapted to receive access log information and alerts from controller 125 .
  • FIG. 3A-FIG . 3 C comprise a flow chart of an embodiment of access control processing according to the present invention.
  • Controller 125 waits for user input, as indicated at block 301 .
  • the user specifies the operation which might be an import, export or open door request.
  • the user input might be initiated by the user via administrative computer 207 or via the touch screen 119 of the automated library 101 . If, as determined at decision block 303 , the user input is import, controller 125 actuates robot 115 to move to import/export station 117 , as indicated at block 305 . If, as determined at decision block 307 , the user input is export, controller 125 prompts the user to identify the media to be exported, as indicated at block 309 .
  • the identification of the tape cartridge is based on the volume serial number which uniquely identifies each tape cartridge in an automated library.
  • the prompts and identification of media may be made using touch screen 119 or via administrative computer 207 depending from where the request in step 301 came.
  • controller 125 actuates robot 115 to move the identified media to import/export station 117 , as indicated at block 311 . If, as determined at decision block 313 , the user input is open a door, controller 125 actuates robot 115 and barcode reader 203 to inventory the media in the library, as indicated at block 315 . If the user input is other than import, export, or open door, controller 125 performs other processing, as indicated generally at block 317 and subsequently the process ends.
  • controller 125 After determining the type of access requested, controller 125 loads the systems authentication policy, as indicated at block 319 .
  • the authentication policy provides access authority and authentication levels for various registered users. For example, some requesters (users), such as delivery or mailroom personnel, may have authority to import media to, but not to export media from, the library. Others, such as service or maintenance technicians, may have authority to open the doors of the library cabinet but not to remove media from the library. Also, requesters requesting certain actions may be required to provide higher levels of authentication.
  • controller 125 After loading the authentication policy, controller 125 performs authentication, as indicated generally at block 321 , and described in detail with reference to FIGS. 4A-4C . Referring to FIG. 3B , after authentication, controller 125 determines, at decision block 323 if access is granted.
  • controller 125 determines, at decision block 325 , if the requested access is import or export. If not, the requested access is to unlock a door and processing continues on FIG. 3C . If the requested access is import or export, controller 125 actuates lock 201 to unlock import/export station 117 , as indicated at block 327 .
  • Controller 125 also starts a timer, as indicated at block 327 . Then, controller 125 waits for import/export station 117 to be closed, as determined at block decision block 329 , or the timer to time out, as determined at decision block 331 . If the timer times out before station 117 is closed, controller 125 issues an alert, as indicated at block 333 , and actuates lock 201 to lock import/export station 117 , as indicated at block 335 . Then controller 125 logs access completed, as indicated at block 337 . The determination whether the import/export station is opened or closed may be done through sensors associated with the import/export station (not shown).
  • controller 125 if access has been granted to open the door, controller 125 operates a door lock 107 and/or 109 , thereby allowing door 103 and/or door 105 to be opened, and starts a timer, as indicated at block 339 . Then, controller 125 waits for the door to be closed, as determined at block decision block 341 , or the timer to time out, as determined at decision block 343 . If the timer times out before the door is closed, controller 125 issues an alert, as indicated at block 345 , and actuates locks 107 and/or 109 to lock the door or doors, as indicated at block 347 . The determination whether the door is opened or closed may be done through sensors associated with the door (not shown).
  • controller 125 After locking the door or doors, controller 125 actuates robot 115 and barcode reader 203 to perform a second inventory of the media library, as indicated at block 349 . Then, controller 125 compares the starting inventory to the ending inventory, as indicated at block 351 . If, as determined at decision block 353 , starting inventory is not equal to the ending inventory, controller 125 issues an alert, as indicated at block 355 , and logs access complete and the inventory difference, at block 357 . If, as determined at decision block 353 , the starting inventory equals the ending inventory, controller 125 logs access complete, at block 359 , and processing ends.
  • FIGS. 4A-4C comprise a flow chart of an embodiment of authentication according to the present invention.
  • Controller 125 receives a first authentication key, as indicated at block 401 .
  • First authentication key may be a user ID and password provided by the user from administrative computer 207 or touch panel 119 of library 101 .
  • Controller 125 determines, at decision block 403 , if the first authentication key is verified. If not, controller 125 increments an unauthorized access counter, as indicated at block 405 . If, as determined at decision block 407 , the count is less than or equal to a maximum number of retries, controller 125 prompts the requester (user) to retry, as indicated at block 409 , and the process returns to decision block 403 .
  • the process proceeds to FIG. 4B , where the process logs the date, time, name and requested access, as indicated at block 425 , sends an alert, at block 427 , and zeros the unauthorized access counter, at block 429 . Then, the process returns access denied.
  • the alert sent at block 427 may an audio or visual alarm, a text message or the like to an administrator or security official, or any other alert.
  • controller 125 compares the requested access to the access-security level from the authentication policy, as indicated at block 411 . If, as determined at decision block 413 , the requested access is not authorized to the requester, processing proceeds to FIG. 4B . If access is authorized, controller 125 determines, at decision block 415 , if a second key is required. If not, processing proceeds to FIG. 4C where controller 125 logs the date, time, name, and requested access, at block 431 , and zeros the unauthorized access counter, at block 433 . The process then returns access granted.
  • controller 125 prompts the requester to enter the second key, as indicated at block 417 .
  • the second key may be one or more biometric identifiers. If, as determined at decision block 419 , the second key is verified, processing proceeds to FIG. 4C . If the second key is not verified, controller 125 increments the unauthorized access counter, as indicated at block 421 . If, as determined at decision block 423 , the count is less than or equal to a maximum number of retries, controller 125 prompts the requester to retry, as indicated at block 424 , and the process returns to decision block 419 . If the count is greater than the maximum number of retries, the process proceeds to FIG. 4B .

Abstract

A method of controlling access to an automated media library receives a request for access to the library from an individual having an identity. Access may include importing media to the library, exporting media from the library, and opening a locked door to a cabinet containing the library. If the access includes the importing media, the method moves a robotic media handler to a locked import/export station. If the access includes exporting media, the method moves the requested media to the locked import/export station. If the access includes the opening the door, the method takes a first inventory of the media in the library. The method authenticates the identity of the individual and determines an access level associated with the individual. If the access level is insufficient for the requested access, the method denies the requested access and issues an alert. If the access level is sufficient for the requested access, the method determines if the requested access requires a second authentication. If a second authentication is required, the method prompts the individual to perform the second authentication. If the second authentication is verified, the method logs the access by the individual and grants the access. If the access is granted and the access is importing or exporting media, the method unlocks the import/export station. If the access is granted and the access is opening the door, the method unlocks the door. The method closes and locks the import/export station a predetermined length of time after unlocking the import/export station. The method locks the door a predetermined length of time after unlocking the door and takes a second inventory of the media. The method issues an alert if the second inventory differs from the first inventory.

Description

    BACKGROUND OF THE INVENTION
  • 1. Technical Field
  • The present invention relates in general to the field of physical security of computer storage media, and more particularly to a method of and system for controlling access to an automated media library.
  • 2. Description of the Related Art
  • Automated media libraries provide a convenient and efficient means of storing and accessing large amounts of data. The data are stored on movable media, such as magnetic tape cartridges. The movable media are stored in racks or slots in a cabinet. A robotic media handler moves the media back and forth between the racks are slots and one or more media drives in the cabinet. The media drives are connected to a network.
  • Media can be imported to or exported from the automated media library through an import/export station. The robotic media handler moves media back and forth between the library and the import export station. Additionally, doors are provided in the cabinet so that service or maintenance technicians can have access to the various mechanical and electrical components within the library cabinet.
  • Automated media libraries are typically located in rooms that provide various levels of physical access control. At smaller installations, the media library may be located in a normal office. At larger installations, media libraries may be located in special dedicated rooms. The special dedicated rooms are typically locked and require a badge or the like to enter the room. Some organizations require that people requesting access to a media library be accompanied by a guard or other security personnel.
  • Despite the security measures currently in place, there still is a possibility that persons having access to media libraries may take media without proper authority. For example, a person may have authority to enter a media library room for certain purposes. However, once in the room, the person may improperly take media from a library and the room.
  • Data theft is a serious issue. It poses a risk for the intellectual property of the company. Additionally, organizations are required by law to protect certain employee records. Financial, product, business plans, trade secrets, and other confidential data must be protected from falling into unauthorized hands.
    • SUMMARY OF THE INVENTION
  • The present invention provides a method of and a system for controlling access to an automated media library. The method receives a request for access to the library from an individual having an identity. Access may include importing media to the library, exporting media from the library, and opening a locked door to a cabinet containing the library. If the access includes the importing media, the method moves a robotic media handler to a locked import/export station. If the access includes exporting media, the method moves the requested media to the locked import/export station. If the access includes the opening the door, the method takes a first inventory of the media in the library. The method authenticates the identity of the individual and determines an access level associated with the individual. If the access level is insufficient for the requested access, the method denies the requested access and issues an alert. If the access level is sufficient for the requested access, the method determines if the requested access requires a second authentication. If a second authentication is required, the method prompts the individual to perform the second authentication. If the second authentication is verified, the method logs the access by the individual and grants the access. If the access is granted and the access is importing or exporting media, the method unlocks the import/export station. If the access is granted and the access is opening the door, the method unlocks the door. The method closes and locks the import/export station a predetermined length of time after unlocking the import/export station. The method locks the door a predetermined length of time after unlocking the door and takes a second inventory of the media. The method issues an alert if the second inventory differs from the first inventory.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The novel features believed characteristic of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further purposes and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, where:
  • FIG. 1 is a perspective view of an embodiment of an automated media library according to the present invention;
  • FIG. 2 is a block diagram of an embodiment of automated media library access control system according to the present invention;
  • FIGS. 3A-FIG. 3C comprise a flow chart an embodiment of automated media library access control processing according to the present invention; and,
  • FIG. 4A-FIG. 3C comprises a flow chart of an embodiment of automated media library access control authentication processing according to the present invention.
    •  DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
  • Referring now to drawings, and first to FIG. 1, an embodiment of an automated media library according to the present invention is designated generally by the numeral 100. In the illustrated embodiment, media library 100 is an automated tape library; however, those skilled in the art will recognize that media library 100 may be adapted for use with other media.
  • Media library 100 is housed in a cabinet 101. Cabinet 101 is accessible from the outside through a front door 103 and the back door 105. Front door 103 is normally secured by an electronically operated lock 107. Similarly, back door 105 is normally secured by an electronically operated lock 109.
  • Cabinet 101 houses the mechanical and electrical components of media library 100 as well as the media itself. Media library 100 includes a plurality of tape drives 111. Media library 100 also includes storage slots for tape cartridges, such as tape cartridge 113. A robot 115 is mounted for movement inside cabinet 101 to transport tape cartridges back and forth between the storage slots and the tape drives. Robot 115 may also include a barcode reader (not shown in FIG. 1) for inventorying tape cartridges in the library. Robot 115 is also operable to move tape cartridges back and forth between an import/export station 117 positioned in front door 103. Import/export station is normally secured by an electronically operated lock (not shown in FIG. 1).
  • Embodiments of the present invention control access to the interior of cabinet 101 by authenticating the identity of persons seeking access. In the embodiment of FIG. 1, authentication may be provided through a combination of user ID and password authentication and biometric authentication. A touch screen 119 is positioned in front door 103. Touch screen 119 is adapted to display prompts and soft keys, or the like, to receive user input. A person seeking access to the interior of cabinet 101 may be prompted to enter a user ID, or the like, and password using touch screen 119. In the illustrated embodiment, the biometric authentication devices include an iris or retina scanner 121 and the hand or fingerprint scanner 123. Processing and control of media library 100 is performed by a controller 125, which may be a personal computer.
  • The embodiment of the access control system of FIG. 1 is illustrated a block diagram form in FIG. 2. Media handling robot 115, cabinet front door lock 107, touch screen 119, and cabinet back door lock 109 are all in communication with controller 125. In some embodiments, communication may be over a network based on Ethernet and the TCP/IP protocol within automated media library 100. The access control system also includes an electronically operated import/export station lock 201 in communication with controller 125. A barcode reader 203 is also in communication with controller 125. Iris/retina scanner 121 and hand/fingerprint scanner 123 are coupled to a multimodal biometric engine 205, which is in communication with controller 125. Multimodal biometric engine 125 may be a software component of controller 125.
  • Controller 125 is in communication with an administrator computer 207. Communication between controller 125 and administrator computer 207 may be over a network. Administrator computer 207 may be located in an office or the like separated from automated media library 100. Administrator computer 207 is adapted to receive access log information and alerts from controller 125.
  • FIG. 3A-FIG. 3C comprise a flow chart of an embodiment of access control processing according to the present invention. Controller 125 waits for user input, as indicated at block 301. The user specifies the operation which might be an import, export or open door request. The user input might be initiated by the user via administrative computer 207 or via the touch screen 119 of the automated library 101. If, as determined at decision block 303, the user input is import, controller 125 actuates robot 115 to move to import/export station 117, as indicated at block 305. If, as determined at decision block 307, the user input is export, controller 125 prompts the user to identify the media to be exported, as indicated at block 309. The identification of the tape cartridge is based on the volume serial number which uniquely identifies each tape cartridge in an automated library. The prompts and identification of media may be made using touch screen 119 or via administrative computer 207 depending from where the request in step 301 came. After user has identified the media, controller 125 actuates robot 115 to move the identified media to import/export station 117, as indicated at block 311. If, as determined at decision block 313, the user input is open a door, controller 125 actuates robot 115 and barcode reader 203 to inventory the media in the library, as indicated at block 315. If the user input is other than import, export, or open door, controller 125 performs other processing, as indicated generally at block 317 and subsequently the process ends.
  • After determining the type of access requested, controller 125 loads the systems authentication policy, as indicated at block 319. The authentication policy provides access authority and authentication levels for various registered users. For example, some requesters (users), such as delivery or mailroom personnel, may have authority to import media to, but not to export media from, the library. Others, such as service or maintenance technicians, may have authority to open the doors of the library cabinet but not to remove media from the library. Also, requesters requesting certain actions may be required to provide higher levels of authentication. After loading the authentication policy, controller 125 performs authentication, as indicated generally at block 321, and described in detail with reference to FIGS. 4A-4C. Referring to FIG. 3B, after authentication, controller 125 determines, at decision block 323 if access is granted. If not, processing ends. If access is granted, controller 125 determines, at decision block 325, if the requested access is import or export. If not, the requested access is to unlock a door and processing continues on FIG. 3C. If the requested access is import or export, controller 125 actuates lock 201 to unlock import/export station 117, as indicated at block 327.
  • Controller 125 also starts a timer, as indicated at block 327. Then, controller 125 waits for import/export station 117 to be closed, as determined at block decision block 329, or the timer to time out, as determined at decision block 331. If the timer times out before station 117 is closed, controller 125 issues an alert, as indicated at block 333, and actuates lock 201 to lock import/export station 117, as indicated at block 335. Then controller 125 logs access completed, as indicated at block 337. The determination whether the import/export station is opened or closed may be done through sensors associated with the import/export station (not shown).
  • Referring to FIG. 3C, if access has been granted to open the door, controller 125 operates a door lock 107 and/or 109, thereby allowing door 103 and/or door 105 to be opened, and starts a timer, as indicated at block 339. Then, controller 125 waits for the door to be closed, as determined at block decision block 341, or the timer to time out, as determined at decision block 343. If the timer times out before the door is closed, controller 125 issues an alert, as indicated at block 345, and actuates locks 107 and/or 109 to lock the door or doors, as indicated at block 347. The determination whether the door is opened or closed may be done through sensors associated with the door (not shown).
  • After locking the door or doors, controller 125 actuates robot 115 and barcode reader 203 to perform a second inventory of the media library, as indicated at block 349. Then, controller 125 compares the starting inventory to the ending inventory, as indicated at block 351. If, as determined at decision block 353, starting inventory is not equal to the ending inventory, controller 125 issues an alert, as indicated at block 355, and logs access complete and the inventory difference, at block 357. If, as determined at decision block 353, the starting inventory equals the ending inventory, controller 125 logs access complete, at block 359, and processing ends.
  • FIGS. 4A-4C comprise a flow chart of an embodiment of authentication according to the present invention. Controller 125 receives a first authentication key, as indicated at block 401. First authentication key may be a user ID and password provided by the user from administrative computer 207 or touch panel 119 of library 101. Controller 125 determines, at decision block 403, if the first authentication key is verified. If not, controller 125 increments an unauthorized access counter, as indicated at block 405. If, as determined at decision block 407, the count is less than or equal to a maximum number of retries, controller 125 prompts the requester (user) to retry, as indicated at block 409, and the process returns to decision block 403. If the count is greater than the maximum number of retries, the process proceeds to FIG. 4B, where the process logs the date, time, name and requested access, as indicated at block 425, sends an alert, at block 427, and zeros the unauthorized access counter, at block 429. Then, the process returns access denied. The alert sent at block 427 may an audio or visual alarm, a text message or the like to an administrator or security official, or any other alert.
  • Returning to decision block 403, if the first authentication key is verified, controller 125 compares the requested access to the access-security level from the authentication policy, as indicated at block 411. If, as determined at decision block 413, the requested access is not authorized to the requester, processing proceeds to FIG. 4B. If access is authorized, controller 125 determines, at decision block 415, if a second key is required. If not, processing proceeds to FIG. 4C where controller 125 logs the date, time, name, and requested access, at block 431, and zeros the unauthorized access counter, at block 433. The process then returns access granted.
  • If, as determined at decision block 415, a second key is required, controller 125 prompts the requester to enter the second key, as indicated at block 417. The second key may be one or more biometric identifiers. If, as determined at decision block 419, the second key is verified, processing proceeds to FIG. 4C. If the second key is not verified, controller 125 increments the unauthorized access counter, as indicated at block 421. If, as determined at decision block 423, the count is less than or equal to a maximum number of retries, controller 125 prompts the requester to retry, as indicated at block 424, and the process returns to decision block 419. If the count is greater than the maximum number of retries, the process proceeds to FIG. 4B.
  • From the foregoing, it will be apparent to those skilled in the art that systems and methods according to the present invention are well adapted to overcome the shortcomings of the prior art. While the present invention has been described with reference to presently preferred embodiments, those skilled in the art, given the benefit of the foregoing description, will recognize alternative embodiments. Accordingly, the foregoing description is intended for purposes of illustration and not of limitation.

Claims (2)

1. (canceled)
2. An automated media library, which comprises:
a cabinet, said cabinet including a door and an import/export station;
a robotic media handler inside said cabinet;
means for receiving a request for access to said library from an individual having an identity, said access including import of media to said library, export of media from said library, and opening said door;
if said access includes said import of media, means for moving a robotic media handler to said import/export station;
if said access includes said export of media, means for actuating said robotic media handler to move requested media to said import/export station;
if said access includes said opening said door, means for taking a first inventory of the media in said library;
means for authenticating the identity of said individual;
means for determining an access level associated with said individual;
if said access level is insufficient for said requested access, means for denying said requested access and issuing an alert;
if said access level is sufficient for said requested access, means for determining if said requested access requires a second authentication;
if a second authentication is required, means for prompting said individual to perform said second authentication;
if said second authentication is verified, means for logging said access by said individual and granting said access;
if said access is granted and said access is import or export of media, means for opening said import/export station;
if said access is granted and said access is opening said door, means for unlocking said door;
means for closing and locking said import/export station a predetermined length of time after opening said import/export station;
means for locking said door a predetermined length of time after unlocking said door and taking a second inventory of said media; and,
means for issuing an alert if said second inventory differs from said first inventory.
US12/116,801 2008-05-07 2008-05-07 Method of and system for controlling access to an automated media library Abandoned US20090282461A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US12/116,801 US20090282461A1 (en) 2008-05-07 2008-05-07 Method of and system for controlling access to an automated media library
US12/355,383 US8230501B2 (en) 2008-05-07 2009-01-16 Controlling access to an automated media library

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/116,801 US20090282461A1 (en) 2008-05-07 2008-05-07 Method of and system for controlling access to an automated media library

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/355,383 Continuation US8230501B2 (en) 2008-05-07 2009-01-16 Controlling access to an automated media library

Publications (1)

Publication Number Publication Date
US20090282461A1 true US20090282461A1 (en) 2009-11-12

Family

ID=41266375

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/116,801 Abandoned US20090282461A1 (en) 2008-05-07 2008-05-07 Method of and system for controlling access to an automated media library
US12/355,383 Expired - Fee Related US8230501B2 (en) 2008-05-07 2009-01-16 Controlling access to an automated media library

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/355,383 Expired - Fee Related US8230501B2 (en) 2008-05-07 2009-01-16 Controlling access to an automated media library

Country Status (1)

Country Link
US (2) US20090282461A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100014179A1 (en) * 2008-07-17 2010-01-21 Quantum Corporation Media library system and method for monitoring changes in inventory of media cartridges
US20120233687A1 (en) * 2011-03-08 2012-09-13 Metivier Pascal Secure method for controlling the opening of lock devices by means of a communicating object such as a mobile phone
US9762394B1 (en) * 2016-02-29 2017-09-12 Facefirst, Inc. Access manager
US20210142084A1 (en) * 2008-07-21 2021-05-13 Facefirst, Inc. Managed notification system

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100295658A1 (en) * 2009-05-21 2010-11-25 Shu-Chin Chen Intelligent lock
US9042607B2 (en) * 2011-05-02 2015-05-26 Omnicell, Inc. System and method for user access of dispensing unit
US20130305353A1 (en) * 2012-05-10 2013-11-14 Rutherford Controls International Corp. Low Power Driver System and Method for Controlling The Same
US9092633B2 (en) 2013-01-17 2015-07-28 International Business Machines Corporation Authorizing removable medium access
CA2911719A1 (en) * 2013-04-16 2014-10-23 Imageware Systems, Inc. Conditional and situational biometric authentication and enrollment
US9916854B2 (en) * 2016-06-06 2018-03-13 Dell Products L.P. Systems and methods for removing media from a sequential media drive
CN107635113A (en) * 2017-09-12 2018-01-26 中山大学 It is a kind of to remind the intelligent anti-theft system locked a door
CN112052346B (en) * 2020-09-11 2022-06-10 讯飞智元信息科技有限公司 Method and device for updating real personnel library, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5377269A (en) * 1992-10-29 1994-12-27 Intelligent Security Systems, Inc. Security access and monitoring system for personal computer
US6286079B1 (en) * 1999-01-11 2001-09-04 International Business Machines Corporation Interruptible inventory of a mass data storage library
US6353581B1 (en) * 1997-11-14 2002-03-05 Overland Data, Inc. Media access in a media library
US20030191971A1 (en) * 1998-12-23 2003-10-09 Worldcom, Inc. Method of and system for controlling internet access
US6865053B2 (en) * 2003-01-13 2005-03-08 International Business Machines Corporation System and method of cleaning an automated tape library with a pass-through cleaning tool using cleaning tape
US20070043958A1 (en) * 2005-08-19 2007-02-22 Fujitsu Limited Method of managing recording medium, library apparatus and information processing apparatus
US7210938B2 (en) * 2001-05-09 2007-05-01 K12.Com System and method of virtual schooling
US20070239569A1 (en) * 2000-03-07 2007-10-11 Michael Lucas Systems and methods for managing assets

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5819309A (en) * 1996-02-09 1998-10-06 Overland Data, Inc. Automated tape cartridge library with accelerated calibration
US6246642B1 (en) * 1999-04-13 2001-06-12 Hewlett-Packard Company Automated optical detection system and method
US6722564B2 (en) * 2001-12-06 2004-04-20 Storage Technology Corporation Method, apparatus, and program for determining correct cartridge orientation in an automated tape library
US7594114B2 (en) * 2002-09-16 2009-09-22 General Electric Company Authentication apparatus and method for universal appliance communication controller
US20050177724A1 (en) * 2004-01-16 2005-08-11 Valiuddin Ali Authentication system and method
US7076327B1 (en) * 2004-06-30 2006-07-11 Emc Corporation Simultaneous processing of media requests

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5377269A (en) * 1992-10-29 1994-12-27 Intelligent Security Systems, Inc. Security access and monitoring system for personal computer
US6353581B1 (en) * 1997-11-14 2002-03-05 Overland Data, Inc. Media access in a media library
US20030191971A1 (en) * 1998-12-23 2003-10-09 Worldcom, Inc. Method of and system for controlling internet access
US6286079B1 (en) * 1999-01-11 2001-09-04 International Business Machines Corporation Interruptible inventory of a mass data storage library
US20070239569A1 (en) * 2000-03-07 2007-10-11 Michael Lucas Systems and methods for managing assets
US7210938B2 (en) * 2001-05-09 2007-05-01 K12.Com System and method of virtual schooling
US6865053B2 (en) * 2003-01-13 2005-03-08 International Business Machines Corporation System and method of cleaning an automated tape library with a pass-through cleaning tool using cleaning tape
US20070043958A1 (en) * 2005-08-19 2007-02-22 Fujitsu Limited Method of managing recording medium, library apparatus and information processing apparatus

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100014179A1 (en) * 2008-07-17 2010-01-21 Quantum Corporation Media library system and method for monitoring changes in inventory of media cartridges
US9343100B2 (en) * 2008-07-17 2016-05-17 Quantum Corporation Media library system and method for monitoring changes in inventory of media cartridges
US11532152B2 (en) * 2008-07-21 2022-12-20 Facefirst, Inc. Managed notification system
US20210142084A1 (en) * 2008-07-21 2021-05-13 Facefirst, Inc. Managed notification system
US20120233687A1 (en) * 2011-03-08 2012-09-13 Metivier Pascal Secure method for controlling the opening of lock devices by means of a communicating object such as a mobile phone
US8793784B2 (en) * 2011-03-08 2014-07-29 Openways Sas Secure method for controlling the opening of lock devices by means of a communicating object such as a mobile phone
US9998283B2 (en) * 2016-02-29 2018-06-12 Facefirst, Inc. Access manager
US20180302225A1 (en) * 2016-02-29 2018-10-18 Facefirst, Inc. Access manager
US10361863B2 (en) * 2016-02-29 2019-07-23 Facefirst, Inc. Access manager
US20190342100A1 (en) * 2016-02-29 2019-11-07 Facefirst, Inc. Access manager
US10797880B2 (en) * 2016-02-29 2020-10-06 Facefirst, Inc. Access manager
US20210021421A1 (en) * 2016-02-29 2021-01-21 Facefirst, Inc. Access manager
US20180013564A1 (en) * 2016-02-29 2018-01-11 Facefirst, Inc. Access manager
US9762394B1 (en) * 2016-02-29 2017-09-12 Facefirst, Inc. Access manager
US11956365B2 (en) * 2016-02-29 2024-04-09 Facefirst, Inc. Access manager

Also Published As

Publication number Publication date
US20090278654A1 (en) 2009-11-12
US8230501B2 (en) 2012-07-24

Similar Documents

Publication Publication Date Title
US8230501B2 (en) Controlling access to an automated media library
US11321978B2 (en) Systems and methods for secure lock systems with redundant access control
US9230380B2 (en) Lockable enclosure having improved access system
US20070188303A1 (en) Method, apparatus and system for controlling access to a storage unit
US20060139148A1 (en) Method, apparatus and system for controlling access to a cabinet
US20030046553A1 (en) Use of biometrics to provide physical and logic access to computer devices
JP5064663B2 (en) Document management system
US20180091503A1 (en) Networked storage system and method
EP1776671A1 (en) Identification with rfid asset locator for entry authorization
US20140320259A1 (en) Biometric security apparatus for access and control of a physical locking storage unit
US20040039920A1 (en) Security cabinet system for controlling with user's id data
CN110677436A (en) Object access authority management background system, device and user terminal
US20200051350A1 (en) Auditable security system for secure enclosures
US20160110530A1 (en) Method and a system for authenticating a user in terms of a cloud based access control system
US10424142B2 (en) Access control system bypass for audit and electronic safe locks
US20060088192A1 (en) Identification system
KR102076352B1 (en) Cash box managmenet system using user terminal
JP2000145219A (en) Lock management system
JP4347138B2 (en) Access control device
JP4647408B2 (en) Entrance / exit management system and management server
JP6496222B2 (en) Room lock management system
US11842587B1 (en) System, comprising a lock unit for a cabinet and at least one portable user terminal
TWM565736U (en) Biometric multi-function locker
US11620460B1 (en) Method and system for issuing and storing key/keycard
TWI476734B (en) Multiple access control method

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HAUSTEIN, NILS;KRICK, FRANK;WINARSKI, DANIEL J.;REEL/FRAME:021221/0085;SIGNING DATES FROM 20080505 TO 20080507

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION