CA2461366A1 - Integrated card reader and bar code scanner system for controlling access to assets - Google Patents
Integrated card reader and bar code scanner system for controlling access to assets Download PDFInfo
- Publication number
- CA2461366A1 CA2461366A1 CA002461366A CA2461366A CA2461366A1 CA 2461366 A1 CA2461366 A1 CA 2461366A1 CA 002461366 A CA002461366 A CA 002461366A CA 2461366 A CA2461366 A CA 2461366A CA 2461366 A1 CA2461366 A1 CA 2461366A1
- Authority
- CA
- Canada
- Prior art keywords
- data
- computer
- input
- access
- bar code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a system for controlling access to controlled or secure assets That includes a card reader and a bar code scanner. The card reader and the bar code scanner are both in communication with a host communication device that converts signals from the reader and the scanner to a data format suitable for input to a computer. The computer includes a translation and validation host with information specifying authorization of individuals to access secure assets, computer software and the like. Further, the computer has a processor for performing tasks such as comparing formatted data received from the host communication device with access authorization data stored in the validation host, to determine the access rights of any individual presenting his or her encoded card to the card reader or to the bar code scanner.
Description
INTEGRATED CARD READER AND BAR CODE SCANNER SYSTEM FOR
CONTROLLING ACCESS TO ASSETS
Cop~r~~ht Notice [0001] ~ 2001 Epic Data. A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. 37 CFR ~ 1.71 (d).
Technical Field [0002] The invention relates to the field of access control to information and property (assets) by individuals, more particularly, the invention provides a system that incorporates bar code scanning and encoded card technology to control access.
Background of the Invention [0003] It has become increasingly important to control access of individuals to certain assets, such as information available via a computer, that might be sensitive.
Access control systems have been developed by various vendors to permit access only to those parties who are authorized. However, in almost all cases these systems have been developed and installed separately, so that an individual who requires access to certain assets (whether real property or software) may be required to have several devices for authentication and authorization to gain access.
CONTROLLING ACCESS TO ASSETS
Cop~r~~ht Notice [0001] ~ 2001 Epic Data. A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. 37 CFR ~ 1.71 (d).
Technical Field [0002] The invention relates to the field of access control to information and property (assets) by individuals, more particularly, the invention provides a system that incorporates bar code scanning and encoded card technology to control access.
Background of the Invention [0003] It has become increasingly important to control access of individuals to certain assets, such as information available via a computer, that might be sensitive.
Access control systems have been developed by various vendors to permit access only to those parties who are authorized. However, in almost all cases these systems have been developed and installed separately, so that an individual who requires access to certain assets (whether real property or software) may be required to have several devices for authentication and authorization to gain access.
[0004] In the case of access to computer software, it is common practice to protect access to authorized users by requiring each user to have a "password"
that is unique. However, such passwords can be defeated, if for example an absent employee provides hislher password to a colleague who can then use it to access software, input changes, and even record a "presence" of the absent employee via these activities.to imply that this employee was present and carried out the tasks. As a consequence, some large corporations have started using control cards for authorizing access to assets, such as software. These cards may include magnetic stripe cards (with data encoded on a magnetic tape), proximity cards (with data in a radio frequency transmitter embedded in the card) and the like.
that is unique. However, such passwords can be defeated, if for example an absent employee provides hislher password to a colleague who can then use it to access software, input changes, and even record a "presence" of the absent employee via these activities.to imply that this employee was present and carried out the tasks. As a consequence, some large corporations have started using control cards for authorizing access to assets, such as software. These cards may include magnetic stripe cards (with data encoded on a magnetic tape), proximity cards (with data in a radio frequency transmitter embedded in the card) and the like.
[0005] Cards (and other encoded devices) are used for reasons other than securing access as well. For example, on a computer use of a card can initiate or terminate a time clock, and can therefore be used to track employee presence and use of computer software or other facilities of the organization that require card access. Occasionally, employees learn the card "signature" that might be displayed on a video display unit when a card is read. This signature can be passed on to others who can use the signature, inappropriately, to access software and input data.
Thus, the system can fail due to deliberate human intervention intended to defeat it.
Thus, the system can fail due to deliberate human intervention intended to defeat it.
[0006] With a heightened awareness of security, a greater need to protect sensitive corporate and other information, the need to improve employee productivity through tracking presence and controlled assets utilization, and the need to constantly improve product quality through better monitoring of computer-aided designed changes, the number of secure access cards and other devices that an individual may be required to carry can only be expected to increase in the future.
Accordingly, it may be expected that the cost of security, already a significant business cost, will increase in the future.
Summary of the Invention [0007] The invention provides a system, with the potential for using a single encoded access device, for controlling access to assets, such as real estate and software applications stored on a computer, and also for controlling the ability to input data to software applications on a computer. The system may use secure identifiers and encryption techniques, and may include the capability to detect attempted inappropriate human intervention, and to defeat such attempts.
Accordingly, it may be expected that the cost of security, already a significant business cost, will increase in the future.
Summary of the Invention [0007] The invention provides a system, with the potential for using a single encoded access device, for controlling access to assets, such as real estate and software applications stored on a computer, and also for controlling the ability to input data to software applications on a computer. The system may use secure identifiers and encryption techniques, and may include the capability to detect attempted inappropriate human intervention, and to defeat such attempts.
[0008] In accordance with one aspect of the invention, there is provided a system for controlling access to controlled or secure assets that includes a card reader, such as a reader that can be used with magnetic cards or "proximity" cards, that use radio frequency identification. The system also includes a bar code scanner, such as a laser wand that is typically used to scan a bar code to read encrypted information.
The bar code may be imprinted on the encoded card, to reduce the number of devices the user must carry. The control card reader and the bar code scanner are both in communication with a host communication device that converts signals from the reader and the scanner to a data format suitable for input to a computer.
The computer includes a translation and validation host with information relating to authorization of individuals for access to the controlled assets, for example, a building, garage, floor on a building, computer software, data input to software applications, and the like. Further, the computer has a database with applications software that authorized users must access. It also has a processor for performing tasks, such as comparing formatted data received from the host communication device with access control data stored in the translation and validation host, to determine the access rights of any individual presenting his or her encoded card to the card reader or to the bar code scanner.
The bar code may be imprinted on the encoded card, to reduce the number of devices the user must carry. The control card reader and the bar code scanner are both in communication with a host communication device that converts signals from the reader and the scanner to a data format suitable for input to a computer.
The computer includes a translation and validation host with information relating to authorization of individuals for access to the controlled assets, for example, a building, garage, floor on a building, computer software, data input to software applications, and the like. Further, the computer has a database with applications software that authorized users must access. It also has a processor for performing tasks, such as comparing formatted data received from the host communication device with access control data stored in the translation and validation host, to determine the access rights of any individual presenting his or her encoded card to the card reader or to the bar code scanner.
[0009] In another aspect, the invention provides a host communication device that is interposed between data readers and an input means of a personal computer, such as a keyboard. The device typically has at least two inputs, one for receiving input from the encoded card reader, and the second for receiving input from a bar code reader, of any kind. In one embodiment, the card reader is an integral part of the host communication device, thereby reducing the number of separate components needed. The device also includes means for formatting input received from the card reader and the scanner into a data format suitable for input to a computer. Further, the device includes means for encrypting the formatted data prior to communicating this data to the computer, and means for communicating the encrypted data to the computer, preferably through a wired connection.
[0010] As an optional and additional security check, the invention also provides for the addition of a source identifier to formatted data being forwarded to the computer. This source identifier permits the computer to check whether the source is valid, and to deny access to the requester if the source identifier is not valid.
[0011] Further, the invention provides optional technology to determine whether the formatted data being sent to the computer is human generated, or read by a card reader or bar code scanner. Typically, the card readers and bar code scanners provide data virtually instantaneously, in a fraction of a second. Human input of data necessarily requires typing the information on a keyboard, for example, that takes much more time. Accordingly, the system of the invention detects, using an algorithm based on measuring the time delays between parts of the data input (for example between alpha numeric figures typed in), whether the input is being provided by human intervention, or being read from an encoded card or bar code. if human intervention is detected, this indicates an attempt to circumvent the system, and access is denied. Once it has been determined that the secure identifier is valid, and there is no human intervention (assuming the system is configured to require both options), then according to the invention, the encrypted formatted data is translated and the translated data is compared with authorizing data stored in a in a validation host. When the comparison shows a match, access is granted. If no match is found, access is denied. The invention permits partial access; thus, permission might be granted to accept input into certain authorized software applications and not others, when data is read in from a source.
[0012] The invention provides the possibility of reducing the number of cards or other access devices that an individual must carry in order to access secured or controlled assets, whether in the workplace, universities or schools, in the military, or in other environments. The invention also eliminates the need for a multiplicity of secure access systems that must each be installed and maintained at significant cost. In accordance with the invention. The single card embodiment of the invention can be retrofitted to replace many systems currently in use at modest cost.
[0013] Additional aspects and advantages of this invention will be apparent from the following detailed description of preferred embodiments, which proceeds with reference to the accompanying drawings.
Brief Description of the Drawings [0014] FIG. 1 is a schematic representation of a prior art access control system;
Brief Description of the Drawings [0014] FIG. 1 is a schematic representation of a prior art access control system;
[0015] FIG. 2 is a diagrammatic depiction of an embodiment in accordance with the invention;
[0016] FIG. 3 is a diagrammatic representation of an embodiment of the host communication device of the invention, shown as a block diagram;
[0017] FIG. 4 is a schematic representation of an embodiment of the invention;
and [0018] FIG. 5 is a flowchart depicting a portion of the logic of an embodiment in accordance with the invention that includes encryption and a feature to determine whether the input is by human hand.
Detailed Description of Preferred Embodiments [0019] The invention provides a system that can be used to control access to assets that are secure or where use must be monitored for other purposes. For example, the invention finds use in determining whether an individual has access to an asset such as a software program which might contain sensitive information, and is therefore termed a "secure asset." The invention controls access based on an authorization code encoded on a card, or other device, issued to the individual user.
In other instances, the invention may also be used to control and monitor user activity, such as time of entry into the building and time of departure from it, time of access to software, modifications to data performed by the user, and the like.
For purposes of management control, it may be desirable, for instance, to know which employees are accessing the Internet during working hours, and the duration of the Internet sessions. Thus, if access to the Internet or other software requires use of the invention, these statistics would be readily available to the management for each employee with an access device. The system also defeats efforts by an employee to represent that he/she is another employee, who might be absent at that time through its human intervention detection feature. It might also be desirable to control access to certain software applications that contain sensitive material or trade secrets (both secure assets), and use of the invention will prevent unauthorized access, and may also substantially reduce the chances of "hacking" into the software. The system can also be configured to accept input from readersJscanners to only certain software applications, and not others, and to accept input from only a designated source (e.g. bar codes only) or sources. , [0020) The term "access to software" includes the ability through authorization to provide input data to the software. For example, if an engineer accessed software to modify a computer-based design, he would input data and such input is herein defined as a "level of access." On the. other hand he might have more limited access rights to only "view" the design but not input data to the software. This is also "access", but at a lower level. The invention can accommodate levels of access by appropriate configuration of the validation host, as discussed below.
[0021 ] Before commencing a more detailed description of aspects of the invention, it is useful to consider the prior art. FIG. 1 is an illustration of a prior art system, obtainable from Epic Data of Richmond, British Columbia, Canada, for example. In accordance with this system, a wedge device 10 is located at an engineering workstation, for instance, and is in communication with a bar code reader 12, that reads a bar code 14 that may be imprinted on a card, employee badge, or any other object. The wedge device 10 is also in communication with a computer 16, through an input socket for the keyboard 18. Thus, the wedge 10 is interposed in the communication line between the keyboard 18 and the computer 16.
In this prior art system, information scanned by the bar code reader 12 is translated by the wedge 10 into a format suitable for input to the computer 16 through the keyboard input socket. Accordingly, to the computer 16 it would appear that information is coming in from the keyboard 14. The information may or may not be displayed on video monitor 19. The computer 16 includes a translator and validation host with a table listing authorized users by individual assigned code. The computer 16 compares the input from the wedge 10 with the table to determine whether a user is authorized. !f authorized, access is permitted. If the user is not authorized, access is denied.
[0022] These systems may be used within organizations to control access to computer applications by permitting only those who have the appropriate authorization through a bar code encoded device personal to the user to gain access to certain software applications loaded on the computer 16. Clearly, the system is fairly flexible, and can be used in other applications as well.
[0023] Turning now to the invention, FIG. 2 is an illustration of an embodiment of a system in accordance with the invention. A host communication device 100 includes a built in card reader and an external bar code reader, such as a laser wand 104. The term "built in" means that the card reader shares a common housing with the other host communication device circuitry. The card reader may be of any kind, that is able to read an encoded card. While it could be a separate unit finked to the host communication device 100, it is preferably incorporated into the host communication device for purposes of efficiency. Encoded cards 106 may include cards with magnetic stripes coded with information, proximity cards with embedded radio frequency identification ("RFID") devices, and the like. Preferably only one card type is used with compatible readers. The preferred, but not only card, is the proximity card. This card permits ease of integration of the card reader into the host communication device, to provide a single device 101, thereby reducing the amount of desk surtace clutter. When there is a separate card reader, data read by the card reader (not shown) from any card 106 are transmitted to host communication device 100. Likewise, any data from bar codes scanned by laser wand 104 are communicated to the host communication device 100. The host communication device 100 is preferably, but not necessarily, linked to computer 108 through the keyboard input socket of the computer. Other connections may also be used, such as a Universal System Bus ("USB") input port to the computer. As shown, host communication device 100 is interposed between the keyboard 110 and the computer 108. The converter 100 reformats data received from built in card reader and laser wand 104 into a data format suitable for input to the appropriate input socket of the computer 108. The data is then processed in the computer, as will be explained below, in order to grant or deny access.
[0024] Usually, but not necessarily, the "computer" is in networked communication with a video display unit 112, so that a manager, supervisor or other authorized individual may be able to view data pertaining to access and card use, and generate reports. It should be understood that in a networked embodiment, the functions required of the "computer" may be performed by a remote server, for reasons of efficiency, and that this is incorporated into the invention. Thus, the term "computer" as used in the invention must be construed in the broadest sense to include all networked computers in a closed system such as an intranet.
[0025] The host communication device 100 performs a number of functions, and these are shown schematically in the embodiment of FIG. 3. The host communication device 100 has an input 120 for signals from the bar code reader 104, and a card reader 122 that sends signals to an input 122. In the embodiment shown, the card reader is integrated into the host communication device, so that circuitry is also present in the device. These signals are communicated to a control program 126, which performs several functions, and that may use techniques common in the art in performing these functions. The control program 126 converts the input signals into a data format suitable for input to a personal computer, or other server. The control program.126 can also encrypt the information, before the information is transmitted to the computer or server. The host communication device 100 also includes a keyboard (or "USB") interface 128, via which the information is transmitted to the computer 108.
[0026) Turning now to FIG. 4, this schematically illustrates certain functions of an embodiment of a computer 108 useful in the invention. Signals received from bar code reader, that might be a laser wand 104, are formatted to be suitable for input to computer 108. Signals from the built in card reader of device 100 are likewise reformatted. In the embodiment of the invention of FIG. 4, the host communication device 100 adds a secure identifier to the formatted data, and also encrypts the data before communicating the data to the computer 108. The steps of adding a secure identifier and encryption are both optional, and the decision to use either is not dependent upon the decision to use or not use one. Process 130 of the computer 108 includes functionality to read the optional secure identifier, and to translate the secure identifier through communication with the translation and a validation host 136. Further, process 130 communicates with database 134 that includes a number of applications programs 132 that users may want to use. Based on a user's identity, as determined by data read at the card reader andlor bar code reader, the user may be authorized to have access to none, only some, or all of the software applications 132. Thus, the system provides for selective access by a specific user in certain instances, while denying access to other assets.
[0027] The operation of the system of FIG. 4 may be better understood with reference to FIG. 5. As shown in FIG. 5, the host communication device 100 reads input in process 150 from the bar code reader 104 and the built in card reader, encrypts the information in process 152, and adds a secure identifier in process 154.
The encrypted data, in a format suitable for computer input, is then communicated to the computer 108. In a first check, the computer ( or in the case of a networked system, a server in the network linked to the computer and configured for this purpose, that is deemed part of the "computer", as discussed above) determines in process 156 whether the data includes a secure identifier, which might have been added as a prefix or suffix to a string of data as read from a card or bar code, after formatting and encryption. If the secure identifier is not present, the system discards the information and denies access, if it is configured to require such an identifier. On the other hand, if the secure identifier is present, in a system configured to require one, then process 158 contains techniques to determine whether the formatted data was supplied by a human, through typing on a keyboard, or if it was read from a card. A variety of algorithms may be used and these may take into account a range of variables that are relevant to the distinctions between human data input and input from a reader. For example, these variables may include the time interval between "key strokes" (longer for human), the variation between time intervals (machine read is consistent, human is not), a maximum time length for completing input (might be too short a time for a human to key data in), the value of the secure identifier (if one is used), pre and post tags to the inputs from bar and code readers, and the like. If data is analyzed as supplied by a human, access is denied. If it is determined that the data was supplied by reading an encoded device, the computer then checks at process 160 whether the current application that the user is seeking to access is authorized. if not authorized, the request is discarded and denied. On the other hand, if access to the application is authorized, the data is then processed in 162 to determine if the data was encrypted and secure translation is needed. If the data was encrypted, the computer then accesses the translation and validation host in process 164. The translation host decrypts the information, and the validation host compares the decrypted information with information relating to authorized users, in process 166. If the access code supplied corresponds to a valid code, then the user has access to the application sought. If not, the request is discarded at this stage, and access is denied.
[0028] In other scenarios, the user does not seek access, but might need to send data to a software application. Such data might include, for example, parts numbers, work order numbers, etc. This information might have to be directed to specific application software, and not to others. Thus, the system may be configured to allow such selected input of the data to only those programs desired. Also, in certain software applications, the system can be configured to permit input only via one source, bar code for example, to minimize possibility of human intervention and enhance input data integrity to the software.
[0029] From the foregoing, it can be seen that the invention provides a host communication device able to accept input from at least two sources, an encoded card reader and a bar code reader, and that is able to format these input signals to data suitable for input to a computer, such as a personal computer.
Optionally, the host communication device might also add a secure identifier to the formatted data, and may encrypt the data before transmission to the computer. The system also provides features that may not be found in prior art systems. Accordingly, the system can be installed as a retrofit to certain existing installations, is less costly to install, less costly to update, and less costly to maintain. Further, the system is more secure, especially when optional features such as the secure identifier addition, data encryption and "human intervention" detection features are added.
[0030) It will be obvious to those having skill in the art that many changes may be made to the details of the above-described embodiments without departing from the underlying principles of the invention. The scope of the present invention should, therefore, be determined only by the following claims.
and [0018] FIG. 5 is a flowchart depicting a portion of the logic of an embodiment in accordance with the invention that includes encryption and a feature to determine whether the input is by human hand.
Detailed Description of Preferred Embodiments [0019] The invention provides a system that can be used to control access to assets that are secure or where use must be monitored for other purposes. For example, the invention finds use in determining whether an individual has access to an asset such as a software program which might contain sensitive information, and is therefore termed a "secure asset." The invention controls access based on an authorization code encoded on a card, or other device, issued to the individual user.
In other instances, the invention may also be used to control and monitor user activity, such as time of entry into the building and time of departure from it, time of access to software, modifications to data performed by the user, and the like.
For purposes of management control, it may be desirable, for instance, to know which employees are accessing the Internet during working hours, and the duration of the Internet sessions. Thus, if access to the Internet or other software requires use of the invention, these statistics would be readily available to the management for each employee with an access device. The system also defeats efforts by an employee to represent that he/she is another employee, who might be absent at that time through its human intervention detection feature. It might also be desirable to control access to certain software applications that contain sensitive material or trade secrets (both secure assets), and use of the invention will prevent unauthorized access, and may also substantially reduce the chances of "hacking" into the software. The system can also be configured to accept input from readersJscanners to only certain software applications, and not others, and to accept input from only a designated source (e.g. bar codes only) or sources. , [0020) The term "access to software" includes the ability through authorization to provide input data to the software. For example, if an engineer accessed software to modify a computer-based design, he would input data and such input is herein defined as a "level of access." On the. other hand he might have more limited access rights to only "view" the design but not input data to the software. This is also "access", but at a lower level. The invention can accommodate levels of access by appropriate configuration of the validation host, as discussed below.
[0021 ] Before commencing a more detailed description of aspects of the invention, it is useful to consider the prior art. FIG. 1 is an illustration of a prior art system, obtainable from Epic Data of Richmond, British Columbia, Canada, for example. In accordance with this system, a wedge device 10 is located at an engineering workstation, for instance, and is in communication with a bar code reader 12, that reads a bar code 14 that may be imprinted on a card, employee badge, or any other object. The wedge device 10 is also in communication with a computer 16, through an input socket for the keyboard 18. Thus, the wedge 10 is interposed in the communication line between the keyboard 18 and the computer 16.
In this prior art system, information scanned by the bar code reader 12 is translated by the wedge 10 into a format suitable for input to the computer 16 through the keyboard input socket. Accordingly, to the computer 16 it would appear that information is coming in from the keyboard 14. The information may or may not be displayed on video monitor 19. The computer 16 includes a translator and validation host with a table listing authorized users by individual assigned code. The computer 16 compares the input from the wedge 10 with the table to determine whether a user is authorized. !f authorized, access is permitted. If the user is not authorized, access is denied.
[0022] These systems may be used within organizations to control access to computer applications by permitting only those who have the appropriate authorization through a bar code encoded device personal to the user to gain access to certain software applications loaded on the computer 16. Clearly, the system is fairly flexible, and can be used in other applications as well.
[0023] Turning now to the invention, FIG. 2 is an illustration of an embodiment of a system in accordance with the invention. A host communication device 100 includes a built in card reader and an external bar code reader, such as a laser wand 104. The term "built in" means that the card reader shares a common housing with the other host communication device circuitry. The card reader may be of any kind, that is able to read an encoded card. While it could be a separate unit finked to the host communication device 100, it is preferably incorporated into the host communication device for purposes of efficiency. Encoded cards 106 may include cards with magnetic stripes coded with information, proximity cards with embedded radio frequency identification ("RFID") devices, and the like. Preferably only one card type is used with compatible readers. The preferred, but not only card, is the proximity card. This card permits ease of integration of the card reader into the host communication device, to provide a single device 101, thereby reducing the amount of desk surtace clutter. When there is a separate card reader, data read by the card reader (not shown) from any card 106 are transmitted to host communication device 100. Likewise, any data from bar codes scanned by laser wand 104 are communicated to the host communication device 100. The host communication device 100 is preferably, but not necessarily, linked to computer 108 through the keyboard input socket of the computer. Other connections may also be used, such as a Universal System Bus ("USB") input port to the computer. As shown, host communication device 100 is interposed between the keyboard 110 and the computer 108. The converter 100 reformats data received from built in card reader and laser wand 104 into a data format suitable for input to the appropriate input socket of the computer 108. The data is then processed in the computer, as will be explained below, in order to grant or deny access.
[0024] Usually, but not necessarily, the "computer" is in networked communication with a video display unit 112, so that a manager, supervisor or other authorized individual may be able to view data pertaining to access and card use, and generate reports. It should be understood that in a networked embodiment, the functions required of the "computer" may be performed by a remote server, for reasons of efficiency, and that this is incorporated into the invention. Thus, the term "computer" as used in the invention must be construed in the broadest sense to include all networked computers in a closed system such as an intranet.
[0025] The host communication device 100 performs a number of functions, and these are shown schematically in the embodiment of FIG. 3. The host communication device 100 has an input 120 for signals from the bar code reader 104, and a card reader 122 that sends signals to an input 122. In the embodiment shown, the card reader is integrated into the host communication device, so that circuitry is also present in the device. These signals are communicated to a control program 126, which performs several functions, and that may use techniques common in the art in performing these functions. The control program 126 converts the input signals into a data format suitable for input to a personal computer, or other server. The control program.126 can also encrypt the information, before the information is transmitted to the computer or server. The host communication device 100 also includes a keyboard (or "USB") interface 128, via which the information is transmitted to the computer 108.
[0026) Turning now to FIG. 4, this schematically illustrates certain functions of an embodiment of a computer 108 useful in the invention. Signals received from bar code reader, that might be a laser wand 104, are formatted to be suitable for input to computer 108. Signals from the built in card reader of device 100 are likewise reformatted. In the embodiment of the invention of FIG. 4, the host communication device 100 adds a secure identifier to the formatted data, and also encrypts the data before communicating the data to the computer 108. The steps of adding a secure identifier and encryption are both optional, and the decision to use either is not dependent upon the decision to use or not use one. Process 130 of the computer 108 includes functionality to read the optional secure identifier, and to translate the secure identifier through communication with the translation and a validation host 136. Further, process 130 communicates with database 134 that includes a number of applications programs 132 that users may want to use. Based on a user's identity, as determined by data read at the card reader andlor bar code reader, the user may be authorized to have access to none, only some, or all of the software applications 132. Thus, the system provides for selective access by a specific user in certain instances, while denying access to other assets.
[0027] The operation of the system of FIG. 4 may be better understood with reference to FIG. 5. As shown in FIG. 5, the host communication device 100 reads input in process 150 from the bar code reader 104 and the built in card reader, encrypts the information in process 152, and adds a secure identifier in process 154.
The encrypted data, in a format suitable for computer input, is then communicated to the computer 108. In a first check, the computer ( or in the case of a networked system, a server in the network linked to the computer and configured for this purpose, that is deemed part of the "computer", as discussed above) determines in process 156 whether the data includes a secure identifier, which might have been added as a prefix or suffix to a string of data as read from a card or bar code, after formatting and encryption. If the secure identifier is not present, the system discards the information and denies access, if it is configured to require such an identifier. On the other hand, if the secure identifier is present, in a system configured to require one, then process 158 contains techniques to determine whether the formatted data was supplied by a human, through typing on a keyboard, or if it was read from a card. A variety of algorithms may be used and these may take into account a range of variables that are relevant to the distinctions between human data input and input from a reader. For example, these variables may include the time interval between "key strokes" (longer for human), the variation between time intervals (machine read is consistent, human is not), a maximum time length for completing input (might be too short a time for a human to key data in), the value of the secure identifier (if one is used), pre and post tags to the inputs from bar and code readers, and the like. If data is analyzed as supplied by a human, access is denied. If it is determined that the data was supplied by reading an encoded device, the computer then checks at process 160 whether the current application that the user is seeking to access is authorized. if not authorized, the request is discarded and denied. On the other hand, if access to the application is authorized, the data is then processed in 162 to determine if the data was encrypted and secure translation is needed. If the data was encrypted, the computer then accesses the translation and validation host in process 164. The translation host decrypts the information, and the validation host compares the decrypted information with information relating to authorized users, in process 166. If the access code supplied corresponds to a valid code, then the user has access to the application sought. If not, the request is discarded at this stage, and access is denied.
[0028] In other scenarios, the user does not seek access, but might need to send data to a software application. Such data might include, for example, parts numbers, work order numbers, etc. This information might have to be directed to specific application software, and not to others. Thus, the system may be configured to allow such selected input of the data to only those programs desired. Also, in certain software applications, the system can be configured to permit input only via one source, bar code for example, to minimize possibility of human intervention and enhance input data integrity to the software.
[0029] From the foregoing, it can be seen that the invention provides a host communication device able to accept input from at least two sources, an encoded card reader and a bar code reader, and that is able to format these input signals to data suitable for input to a computer, such as a personal computer.
Optionally, the host communication device might also add a secure identifier to the formatted data, and may encrypt the data before transmission to the computer. The system also provides features that may not be found in prior art systems. Accordingly, the system can be installed as a retrofit to certain existing installations, is less costly to install, less costly to update, and less costly to maintain. Further, the system is more secure, especially when optional features such as the secure identifier addition, data encryption and "human intervention" detection features are added.
[0030) It will be obvious to those having skill in the art that many changes may be made to the details of the above-described embodiments without departing from the underlying principles of the invention. The scope of the present invention should, therefore, be determined only by the following claims.
Claims (25)
1. A system far controlling access, comprising:
a bar code scanner;
a host communication device comprising an encoded card reader, the device in communication with the bar code scanner, the device converting signals from the reader and scanner to a data format suitable for computer input and the device communicating with a computer;
a computer comprising authorization data relating to user access; and a processor of the computer for performing tasks comprising comparing data from the device with data in the database to determine access rights.
a bar code scanner;
a host communication device comprising an encoded card reader, the device in communication with the bar code scanner, the device converting signals from the reader and scanner to a data format suitable for computer input and the device communicating with a computer;
a computer comprising authorization data relating to user access; and a processor of the computer for performing tasks comprising comparing data from the device with data in the database to determine access rights.
2. The system of Claim 1, wherein the device converts the signals to encrypted data.
3. The system of Claim 2, wherein the device communicates with a keyboard input socket or a Universal System Bus input port of the computer.
4. The system of Claim 2 , wherein the device adds a source identifier to data, before communicating formatted data to the computer.
5. The system of Claim 4, wherein a request for access without a valid source identifier is rejected.
6. The system of Claim 4, wherein the processor accesses the authorization data to determine if the source identifier is valid and if software application access is authorized.
7. The system of Claim 4, wherein the processor translates encrypted data with a valid identifier.
8. The system of Claim 7, wherein the processor compares translated data with authorization data to determine access rights.
9. The system of Claim 4, wherein the processor utilizes an algorithm to determine if the request for access is human generated.
10. A method of access control, comprising:
reading an encoded card or scanning a bar code;
receiving input from the reading and the scanning, if any;
converting input received to a data format suitable for input to a personal computer;
communicating converted input to a computer; and determining right to access based on stored authorization data and the converted input.
reading an encoded card or scanning a bar code;
receiving input from the reading and the scanning, if any;
converting input received to a data format suitable for input to a personal computer;
communicating converted input to a computer; and determining right to access based on stored authorization data and the converted input.
11. The method of Claim 10, further comprising encrypting input data for input to a personal computer
12. The method of Claim 11, further comprising adding a source identifier to the encrypted data, before communicating the data to the computer.
13. The method of Claim 12, further comprising determining whether the source identifier is valid.
14. The method of Claim 12, further comprising translating encrypted data, when the source identifier is determined to be valid.
15. The method of Claim 14, wherein the determining of right to access comprises comparing authorization data with translated data.
16. The method of Claim 10, wherein the reading of an encoded card comprises reading a signal from a radio frequency identification device.
17. The method of Claim 10, wherein the reading of an encoded card comprises reading data encoded on a magnetic stripe on a card.
18. The method of Claim 12, further comprising, before translating, determining whether the computer input was human generated.
19. The method of Claim 12, further comprising, before determining right to access, determining whether the computer input was human generated.
20. The method of Claim 10, wherein the determining of rights comprises determining rights to input data to a software program.
21. The method of Claim 10, further comprising adding a source identifier to converted data.
22. A system for controlling access, comprising:
means for reading an encoded card;
means for scanning a bar code;
means, in communication with the reading means and the scanning means, for converting read data and scanned data into data formatted for input to a computer;
means of the computer for data storage, the data storage means comprising authorization data relating to access; and means to compare inputted information to data relating to access.
means for reading an encoded card;
means for scanning a bar code;
means, in communication with the reading means and the scanning means, for converting read data and scanned data into data formatted for input to a computer;
means of the computer for data storage, the data storage means comprising authorization data relating to access; and means to compare inputted information to data relating to access.
23. A device for interposing between data readers and an input of a computer, the device comprising means for reading an encoded card;
at least a first means for receiving input from the encoded card reader, and a second means for receiving input from a bar code scanner;
means for formatting received input to a data format suitable for input to a computer;
means for encrypting formatted data prior to communicating the formatted data to a computer; and means for communicating the encrypted data to a computer.
at least a first means for receiving input from the encoded card reader, and a second means for receiving input from a bar code scanner;
means for formatting received input to a data format suitable for input to a computer;
means for encrypting formatted data prior to communicating the formatted data to a computer; and means for communicating the encrypted data to a computer.
24. The device of Claim 23, further comprising means for adding a secure identifier to data communicated to a computer input, from a reader or a scanner.
25. The device of Claim 23, wherein the means for reading a card is a proximity card.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US39444303A | 2003-03-20 | 2003-03-20 | |
| US10/394443 | 2003-03-20 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2461366A1 true CA2461366A1 (en) | 2004-09-20 |
Family
ID=32988381
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002461366A Abandoned CA2461366A1 (en) | 2003-03-20 | 2004-03-19 | Integrated card reader and bar code scanner system for controlling access to assets |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2461366A1 (en) |
-
2004
- 2004-03-19 CA CA002461366A patent/CA2461366A1/en not_active Abandoned
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100419957B1 (en) | Information Security System Inter-working with Entrance Control System and Control Method Thereof | |
| US6480958B1 (en) | Single-use passwords for smart paper interfaces | |
| US6219439B1 (en) | Biometric authentication system | |
| US8275995B2 (en) | Identity authentication and secured access systems, components, and methods | |
| US6910132B1 (en) | Secure system and method for accessing files in computers using fingerprints | |
| US7587608B2 (en) | Method and apparatus for storing data on the application layer in mobile devices | |
| US9246887B1 (en) | Method and apparatus for securing confidential data for a user in a computer | |
| US20070180263A1 (en) | Identification and remote network access using biometric recognition | |
| US20070162739A1 (en) | Biometric identification network security | |
| EP1603003A1 (en) | Flexible method of user authentication | |
| JP2009176408A (en) | Security clearance card, system and method of reading the same | |
| KR950020247A (en) | Information element, element interface, identification element and access approval method | |
| US8683569B1 (en) | Application access control system | |
| CA2417901A1 (en) | Entity authentication in electronic communications by providing verification status of device | |
| KR101809974B1 (en) | A system for security certification generating authentication key combinating multi-user element and a method thereof | |
| AU8888398A (en) | Digital signature generating server and digital signature generating method | |
| US20010048359A1 (en) | Restriction method for utilization of computer file with use of biometrical information, method of logging in computer system and recording medium | |
| EP1445917A2 (en) | Identification system for admission into protected area by means of an additional password | |
| US7412603B2 (en) | Methods and systems for enabling secure storage of sensitive data | |
| KR102160656B1 (en) | Login Method Using Palm Vein | |
| CN107888608A (en) | A kind of encryption system for protecting computer software | |
| RU2311676C2 (en) | Method for providing access to objects of corporate network | |
| JP4885683B2 (en) | Authentication device, authentication method for authentication device, and authentication program for authentication device | |
| US20060129828A1 (en) | Method which is able to centralize the administration of the user registered information across networks | |
| CA2461366A1 (en) | Integrated card reader and bar code scanner system for controlling access to assets |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Discontinued |