KR101025298B1 - Portable access device - Google Patents

Abstract

To control access to other security systems, such as systems that protect computers and secure premises, to provide information provided by the person attempting to access the system and the system to which the prospective user attempts to access. Portable devices, methods, and systems are disclosed for controlling access to a given system by processing the data supplied by the device to determine whether access by that person should be granted or enabled. In one embodiment, the present invention provides an apparatus 100 for providing code that can be used to access a computer or security system 600. The device includes an output device 104 and at least one processor 105. The processor processes the data indicative of the biometric characteristics of the expected user of the system and the signal provided by the system and, depending on the processing result, provides code to the output device that can be used to access the system. .

Security Systems, Portable Devices, Access Devices, Access Codes, Biometrics

Description

Portable Access Device {PORTABLE ACCESS DEVICE}

<Copyright and Legal Notice>

Portions of this patent document contain copyrighted material. The copyright owner has no objection to the copying of this patent document or patent specification as it appears in the Patent and Trademark Office patent file or record, but otherwise all rights reserved.

The present invention provides an apparatus, method, and system for controlling access to a security system. In particular, the present invention provides apparatus, methods, and systems for controlling access to computers and other security systems using portable access devices.

Apparatuses for controlling access to the system are described in US Pat. Nos. 5,432,851 and 6,490,680 to Scheidt et al .; US Patent 5,272,754 to Boerbert; US Patent 6,463,537 to Tello; And US Pat. No. 5,347,580 to Molva et al.

<Start of invention>

The present invention is intended to control access to systems such as computers and systems that control access to secure facilities or premises, and to provide information provided by a person attempting to access the system. , And an apparatus, method, and system for controlling access to a system by determining whether access by that person should be allowed, using information provided by that system to which the person is attempting to access. . The information provided by the person attempting to access identifies that person. The information provided by the system becomes available at the location where the information provided by the person attempting access is entered into the system.

In preferred embodiments, the information provided by a person attempting access may be provided only in the presence of that person, for example, biometric data obtained directly from that person. In such embodiments, the person attempting to access is physically associated with a device (also referred to as an "access device") that receives information provided by the system at the location of the system to which the information is to be entered to provide its own information. It must exist. The person attempting to access and the information from the system is then used to determine whether to grant the person access to the system at an input location of that system. If it is determined that the person attempting access is authorized, in various embodiments, a signal or code is provided that can be tested, for example, by the system in order to determine whether access should be provided.

If, as a result of the processing of the information received from the system and the person attempting to access, it is determined that access by that person is not permitted, no code may be provided, or an invalid code, warning, and access denied. Notification, or other suitable signal (s) may be provided.

In preferred embodiments, the access device according to the present invention uses the person attempting to access and the information supplied by the system and provides the person with a signal or code, which the person then uses by the person. Either provide it to the system to which access is being attempted, or provide a signal or code directly to the system. In one embodiment, the portable device provides a code to a person attempting access, who enters the code into the system, and the system provides access if the code is found to be authorized. In another embodiment, the access device provides the coded signal directly to the system.

Since information is provided by both the person attempting to access and the system to which access is being attempted, the access device must be present at a system location to receive the code or coded signal provided by the device, and the person must Be in the position and provide your information to the access device. In a preferred embodiment, the person's information is based on biometrics, so that person must be present at that system location when the system provides its information.

The access device may comprise on-board devices, which receive information provided by the person and the system, or signals from those devices that are not onboard but connected to the portable device. do.

In one embodiment, the present invention provides a portable access device for providing a coded or coded signal that can be tested to determine whether to provide access to a system. In a preferred embodiment, such a device comprises an output device and at least one processor. The processor processes the information provided by the system and the person attempting access and, depending on the processing result, provides the output device with code that can be used to access the system, or does not do so according to the information provided.

As mentioned, information indicative of the biometric characteristics of the person attempting to access the system is identified with sufficient certainty in view of the purpose and needs of the system to which the access is being attempted, and that person is authorized to access. Contains information indicative of any physical characteristic of a prospective user that can be used to uniquely identify. Such information may include, for example, data representing fingerprint patterns or finger images, retinal scans, or DNA samples, and may be obtained by any suitable device and / or portable access, such as one or more biometric sensors. Provided to the processor (s) of the device. Methods and sensors, such as, for example, fingerprint and retina scanners, for obtaining and processing a number of and various suitable biometric features, and information representing them, are known and are constantly being developed. In view of the purpose and need of systems to be protected by controlled access, an apparatus and method for identifying appropriate biometric features, and for obtaining and processing information indicative thereof are those of ordinary skill in the art. Is within the power of.

In preferred embodiments of the present invention, information indicative of biometric features of prospective users is read or sampled directly from the person attempting access. Thus, in some embodiments, the access device includes one or more sensors suitable for obtaining information indicative of the biometric features of the person attempting to access and access the system to the person from whom the information is obtained. And provide to one or more processors used to determine whether to grant permission to do so.

Some embodiments of the present invention process signals provided by the system to which access is being attempted, in addition to biometric information associated with the person attempting to access, as part of the process of determining whether access should be granted. The use of the information provided by the system to which access is to be attempted makes it possible, in particular, to determine whether access should be granted in a variety of ways depending on the situation. For example, from a person attempting to access a computer system from a user station, designated as a primary entry station where access by the person attempting access is conditionally pre-granted or partially pre-granted. Processing associated with the request of may proceed in a different manner than processing involving a request from the same person attempting to access the same computer system from a user station not designated as the primary.

The information provided by the system to which access is attempted for processing by the access device may be provided to the access device in any suitable manner. Many systems, devices, and methods for signal transmission are known and will be developed in the future. For example, in some embodiments of the present invention, the access device includes one or more sensors for receiving signals from the system to be accessed. Such sensors, alone or in combination, are used to receive visible, infrared, or other electromagnetic, audio, or other stimuli suitable for carrying information, by wired or wireless means, and delivered to the processor. Can be. The choice of suitable systems, apparatuses, and methods for providing such signals to a processor will, in light of this specification, be well within the capabilities of those of ordinary skill in the art.

One or more processors for processing biometric information provided by the person attempting access and the information provided by the system may include any suitable hardware, firmware, and software suitable for the purposes described herein. Data and signal processors. In some embodiments of the present invention such processors include one or more application specific semiconductors (ASICs) and associated devices and software. Depending on the biometric information and the information provided by the system being accessed, the process for determining whether to provide the output device with code that can be used to access the system is handled entirely by processors included in the portable device, Or in a data sharing or shared processing manner, partially processed by the processors included in the portable device and partially by the processors included in the system to be accessed, or performed in other suitable manner consistent with the purpose disclosed herein. have.

In some embodiments, using the biometric information and the information provided by the system to be accessed, the process for determining whether to provide the output device with a code that can be used to access the system includes information indicative of the biometric characteristic. And conditional code provision to the output device in accordance with the correlation between the stored biometric information and the stored biometric information. For example, the biometric information obtained by the biometric sensor and provided to the processor (s) is compared with the stored biometric information and a determination is made as to whether the correlation between the provided information and the stored information is satisfied. If a satisfactory correlation is established, the processor provides the output device with a code that can be used to access the system. The establishment and evaluation of correlations between information obtained from prospective system users and stored biometric information is known and is within the capabilities of those of ordinary skill in the art.

Embodiments of an access device according to the present invention are biometrics used to determine whether to provide an output device with an access code that can be used to access the security system, or otherwise enable access to the security system. It may include a memory for storing information. In other embodiments, such stored biometric information may be stored in a memory associated with the system to be accessed, and information and / or processing for determining whether to provide available code is shared between the access device and the system to be accessed. .

Output devices that provide code that processors can use to access the security system are suitable for providing the expected user with a code suitable for accessing the system, such as, for example, a human readable sequence of alphanumeric or other characters. It may be of any type. For example, display devices such as LEDs, LCDs, CRTs, or printing and audio devices may be used. In a preferred embodiment, small LCD displays are used to reduce the physical size and power requirements of the portable access device.

In some embodiments, an access device according to the present invention includes a housing for supporting a sensor, a processor, and other items integrated by a portable device, the housing for identifying users or others of the access device. Useful devices, such as one or more surfaces for having photographic images, electromagnetic strips, and / or other devices for storing and / or providing access to identification information or other information. Surfaces having such a device are, for example, suitable for making the access device portable with relatively compact components, such as the access device, and suitable for the housing to function as an identification card. It is useful in the case of including relatively small components configured to form casings of size and shape. Such embodiments may further include electromagnetic strips and other devices for storing and / or providing access to identification information and other data.

In other embodiments, the present invention provides a method for providing codes used to access systems of the type described herein, and other components including a suitable processor and software. Such methods are preferably performed by portable access devices and process information received from a biometric sensor associated with the portable access device to establish a correlation between the received biometric information and stored biometric information, and if the correlation If the relationship satisfies the correlation criteria, provide the output device of the portable access device with an access code that can be used to access the system, and if not, output the code that can be used to access the system. Includes that do not provide to. If an access code is provided, the access code is determined using the signal received by the signal sensor associated with the portable access device from the signal generator associated with the system to be accessed. The access code that can be used to access the system is preferably session-specific. Providing a session specific access code helps, for example, to ensure that a specific authorized user attempting to access that system is physically present at the time of access to the system.

In still other embodiments, the present invention provides a method for providing codes used to access systems of the type described herein and a suitable processor and other components, wherein the codes and whether to provide them The determination of may be made according to a plurality of processing schemes, and the scheme used in a given case is determined by the situation of the access request. For example, a signal received by a signal sensor of a portable access device from a signal generator associated with a system to be accessed may be generated using an input device conditionally pre-authorized by a person attempting to access that system (eg, May be processed to determine whether it has received information indicating that it is attempting to access the system. If it is determined that this person is attempting to access the system using a conditionally pre-authorized input device, it will be used to access the system regardless of the biometric information received from the biometric sensor of the portable access device. An access code is provided to the output device. If not, an access that can be used to access the system only by determining that a correlation criterion or criteria is satisfied by biometric information received from a biometric sensor and biometric information otherwise accessed by the access device. Code is provided.

The invention also provides systems for working with portable access devices according to the invention, including all suitable software, processors, memory devices and the like.

1 is a schematic perspective view of a preferred embodiment of a portable access device according to the present invention.

2 is a schematic front view of a preferred embodiment of a portable access device according to the present invention.

3 is a schematic rear view of a preferred embodiment of a portable access device according to the present invention.

4 is a schematic functional block diagram of a preferred embodiment of a portable access device according to the present invention.

5 is a circuit diagram of a processor and related components suitable for use in a portable access device in accordance with the present invention.

6 is a schematic diagram of the use of a portable access device according to a preferred embodiment of the present invention.

7-9 are schematic process flow diagrams in accordance with a preferred embodiment of the present invention.

DESCRIPTION OF THE PREFERRED EMBODIMENT A preferred embodiment of a method, system and apparatus according to the present invention will be described with reference to the drawings.

1 to 3 show a preferred embodiment of the portable access device 100 according to the present invention. Although the description in the figures and in the discussion below relates to a portable access device, the invention is not so limited and may be implemented in other devices than the portable device. For example, all or part of the information provided by the person wishing to access the system may be processed by the system. In that case, the access device does not necessarily need to be portable.

The portable access device 100 is useful for facilitating access to a computer or other system and includes a housing 101; A signal sensor 102 (FIG. 3) receiving a signal (having the above-described information) from a signal generator associated with the computer system; Obtain information (also referred to as "data") representing the biometric characteristics of the person (or "user" or "expected user") 200 (see FIG. 6) who wishes to access the computer, A biometric sensor 103 that uniquely identifies the mutual location of the biometric sensor 103; Output device 104; And at least one processor 105 (FIGS. 4 and 5) for processing the acquired biometric data and signals and providing the output device with an access code determined using the biometric data and signals.

The device 100 also includes a plurality of surfaces 107 that include edges of the housing suitable for housing user identification devices, such as the photographic image 106 (not shown for brevity). The housing 101 is of a size convenient to function not only as an access device but also as an identification card. In this embodiment, the device 100 has a length 120 of about 57 mm, a width 121 of about 35 mm, and a depth 122 of about 2-6 mm. Accordingly, the device 100 has a size similar to a standard credit card or an electronic identification card such as an automatic bank card, and fits comfortably in the hands of most people as well as fits easily in a pocket or purse. Each of the related components can be operated conveniently and efficiently. The device 100 shown in FIGS. 1-3 may also include a yard, cord or other device that facilitates possession and / or restraint of the access device, for example by surrounding the code around the neck of the device user. It includes a slot 115 suitable for use by attaching.

The shape of the device 100, in particular the external shape, may depend not only on functional considerations but also on aesthetic or non-functional considerations. For example, as well as the selection of a generally rectangular shape, the shape and size of the slot 115, length 120, width 121, depth 122 may also be influenced or determined by functional and aesthetic considerations. Likewise, the location of the various components in the device may depend on aesthetic considerations. For example, the placement of the biometric sensor 103 on the first surface 125 of the access device and the signal sensor 126 on the second surface 126 facilitate the use and manipulation of the access device, but is also described herein. As shown, in the example shown in the embodiment shown in Figs. 1 to 3, it may be greatly influenced by aesthetic considerations. It will be appreciated that a wide variety of forms or sizes are useful and suitable for the various applications and applications in which the present invention is expected to be applied. Selection of a suitable size or shape for a device for use in various applications will be well within the capabilities of those of ordinary skill in the art, in light of the disclosure herein.

The portable access device 100 shown in FIGS. 1-3 also includes a cover (not shown) for covering the biometric sensor 103. The cover includes a switch including a mechanical interlock to selectively rotate the cover to an open position where the biometric sensor 103 is exposed and to a closed position where the sensor is obscured and protected from impact or other harmful contact by external objects. 109), eg open or closed by selectively operating a mechanical switch. The switch 109 also includes or selectively activates one or more switches (eg, the electrical switches 142, 143 of FIG. 4), such as by activating the one or more batteries 144 and the power source 141 to access the access device. Activate processor 105 and other components of 100.

The cover and activation switch may also be provided to the signal sensor 102, output device 104 and / or other components as required or suggested by the intended use of the access device 100 and the environment in which the device is expected to be used. Can be.

4 is a functional block diagram of a preferred embodiment of a portable access device according to the present invention, illustrating the functional arrangement of the components of the device. 4 illustrates a plurality of signal sensors 102, a biometric sensor 103, an output device 104, a processor 105, a battery 144, a power source 141, switches 142 and 143, and a memory 147. 148, 149 and functional connections between the other components.

In the embodiment shown in FIG. 4, the access device 100 includes a plurality of signal sensors 102 including a visible light sensor 131 and an infrared transceiver 133. Providing a plurality of signal sensors increases the usability of the portable access device by allowing the portable access device to operate with various security systems under a wider range of operating conditions. For example, an access device that includes a visible light sensor 131 and an infrared sensor 133, as described herein, receives data based on visible light transmitted by a display screen or other device, or from an infrared light generator. It can be used to transmit and receive data using the infrared signal of. An access device according to the present invention including a plurality of signal sensors may include a processor, processing logic, software, and the like suitable for operation of an access device having various types of signal generators. Although the sensors 131 and 133 enable wireless operation, the access device is connected to the system by wire, which in the case of a portable access device is disconnected, through which the system provides information to the access device.

   The selection of a particular component for use in an access device in accordance with the present invention is contemplated by the particular application (s) to which the device is to be applied, the environment (s) in which the device is expected to be performed, and many others that may be versed in the related art. It will depend on the factors. Examples for the embodiment shown in FIGS. 1 to 4 and 6 are described below. Recognition of existing or designed suitable components for a particular application (eg ASICs) for the system according to the present invention will be within its capabilities once skilled in the art is familiar with the specification.

An example of a suitable visible light sensor is the LX1970 visible light detector available from Microsemi Corporation, Irvine, California. This component includes, for example, an automatic brightness control that can extend battery operation and extend the life of a large screen liquid crystal display component and can operate in a temperature range of -40 ° C to + 85 ° C. It has an 8-pin MSOP surface mount package that is about 3 × 3 mm, which helps to minimize the size of the access device. Sharp also produces some suitable visible light sensors.

There are a variety of suitable infrared light sensors and they are constantly being developed. In some embodiments infrared transceivers are used so that data may be transmitted and received by the portable device 100. For example, an Infrared Data Association (IrDA) compliant device may be used for communication by a device with an infrared sensor to upload software updates or modifications, as well as for a security system, such as code seed or access codes. Send and receive data related to access.

One example of a suitable biometric sensor is the AES3000 series of finger scanners, particularly of Melbourne, USA, USA, connected to the appropriate ASIC via an 8-bit parallel bus, an asynchronous serial interface, and / or other suitable connection as described below. AES3500 EntrePad ^® from Authentec (www.authentec.com). In the example shown in FIGS. 1-3 and 6, the finger scanner is disposed within the housing 101 to be accessible by the pad of the user's finger or thumb with the access device 100 held in the user's hand. The housing 101 includes a guide ridge 181 that helps the user to direct a finger or thumb to a location, relative to the scanner, to facilitate quick and effective scanning of the pad surface. For example, when the user's finger or thumb is in a position for quick and effective scanning, the guide 181 may be positioned such that its position corresponds to a joint between the first finger joint and the fingertip of the user's finger or thumb. Can be.

One example of a suitable output device is a dot-matrix LCD that provides display elements in a 16x48 array. Such a display is suitable for providing various warning and command messages and access codes from 0 to 12 alphanumeric or other characters, or more. Alternatively or additionally, audio, line printing, and other types of apparatus may be used.

Processor 105 may include an ASIC as functionally illustrated in FIGS. 4 and 5. The ASICs of Figures 4 and 5 are installed around the ARM940T core. 4 and 5 include appropriate interfaces for input and output interfacing and control with the ARM9 processor, static RAM, and other components that make up the access device. Application programming to achieve access processes as described herein is stored in off-chip FLASH memory 147. When the access device is activated, such as, for example, activating the switch 142 by opening the cover for the biometric sensor 103 using the switch 109, the processor 105 may load the application into the FLASH memory 147. To on-chip RAM 148. Application processing updates may be provided via infrared sensor interface 133 or other suitable interface. In the embodiments shown in FIGS. 1-3 and 6, the processor 105 has an operating temperature in the range of 0 degrees Celsius to 70 degrees Celsius, and an operating voltage of 1.8 V ± 10%. The ARM940T processor is available from Cambridge, England, 110 Fullbone Road, ARM Ltd.

Battery 144 may include a Nickel Metal Hydride (NiMH) cell that has a lifespan of three years or more in a predicted working environment and provides approximately 450 mAh at 1.8V. Power supply 141 provides a 100 mA output at 1.8 V. A wide variety of suitable batteries, power supplies, switches, and other components are commercially available from many manufacturers.

The housing 101 is made of any suitable material having sufficient strength, firmness, durability, damage durability, and corrosion and water resistance, consistent with the objectives described herein. In the example of the handheld device described herein, a combination of plastic and metal components may be used. In some embodiments, safety is enhanced by an access device 100 housed in a housing 101, such as sealed and potted, such that the device can be accessed by any user without causing the device to become inoperable. It may be open or its components may not be accessed.

5 is a circuit diagram of a processor 105 suitable for use in a portable access device according to the present invention. The processor 105 includes an integrated circuit core 311 including an ARM940T processor as described above, and memory 147, 148, 149 and biometric sensor 103, an optical sensor 102, and a display 104. It includes a bus interface 312 having a connection to other components, including.

In addition to storing application programming instructions, FLASH memory 147, and / or MROM 149 and SPSRAM 148 may be, for example, one or more permissions of one or more secure computers or other systems and devices 100. Additional information, such as data indicative of biometric features of prospective users, may be stored. The storage of such biometric data may be, for example, biometric data acquired from biometric sensor 103 by processor 105, alone or in combination with one or more processors associated with a security system that requires access. It is useful for determining whether there is a correlation between the acquired data and the stored biometric data by processing.

The connectivity and interoperability between the individual components shown in FIGS. 4 and 5 can be made in a known manner. Many suitable components are known or may be developed later for specific applications. The selection or development of appropriate components, for appropriate connections to facilitate its operation in the manner described herein, is within the ability of those skilled in the art, in view of the present disclosure.

6 is a structural diagram of a portable access device according to one preferred embodiment of the present invention used to access a computer or other security system in accordance with the process described herein. The user 200 holds the access device 100 with the finger 193 on the scanning surface of the biometric sensor 103, and an image or fingerprint of the pad of the user's finger 193 is scanned, User 200 may use an access code available to access the computer, or other system, which may include any other computer or other security system communicatively linked to computer 600 and / or computer 600. Data representing the fingerprint or image used by the processor 105 as biometric data to determine whether or not to display on the output device 104 is obtained. For example, computer 600 may be linked to one or more security computers or other security systems through a public network, such as the Internet, or a private local or wide area network, to function as an entry port to another security system. Can be. Thus, the computer 600 and / or any computer or system communicatively linked to the computer 600 may include a security system accessed by the user 200 or function as an entry port for such systems. .

As shown in FIG. 6, the user 200 may be exposed to, or receive signal signals from, the signal sensor 102 to receive signals emitted by the portion 603 of the display screen 601 of the computer 600. Hold device 100 to be in the position for. In some embodiments of the invention, signals are required to access by having a portion 603 of the display screen, which may include all or part of the screen 601, flashes on and off in a series of lights representing data. Generated by the system. As such, screen portion 603 functions as a signal generator or light source. The intermittent flash of light generated by the screen portion 603 and sensed by the signal sensor 102 is provided to the processor 105, and by the processor 105 or any other processor linked to the processor 105, It is interpreted as representing data that may be used to provide code such as session-unique, human readable code, etc. to output device 104. Signal portion 603 may provide any suitable coded optical signal. For example, the entire screen portion 603 may be modulated to provide an optical signal coded according to, for example, Manchester code. This approach is suitable for allowing sufficient technical displays, such as CRTs, LCDs, plasmas, etc., to emit coded optical signals. Other modulation schemes can also be used, which are known to those skilled in the art.

In other embodiments, the access device 100 may be inserted by infrared or other wireless devices, such as the infrared transceiver 609 of the keyboard 611 linked to the computer 600, or with appropriate port communication devices. Signals are generated by port 613. Signals generated by the system requiring access may also be transmitted to the device 100 by wire.

7 is a schematic process flow diagram according to one preferred embodiment of the present invention. The process shown in FIG. 7 can be used to initialize an access device in accordance with the present invention.

In an uninitialized or unregistered state in which the system cannot recognize any user or provide an access code available to any user, by an operator of the system requiring access or by an operator's designee 100) may be provided.

Referring to FIG. 7, a prospective user of a security system receives an access device 100 at 1011. At 1105 a prospective user accesses a screen for initialization, registration, or registration for the system, such as using an input device associated with the system, such as, for example, keyboard 611 of system 600 of FIG. For example, a user who wants to access the BLOOMBERG PROFESSIONAL ^® service provided by Bloomberg LP can use the input prompts displayed on the keyboard and screen 601 to access the system home or startup page and to use the command ENROLL <GO>. Enter to access the system registration page.

Upon receiving a prospective user's registration request, eg, an ENROLL <GO> command, at 1109, the security system prompts the user for an entry of an identifier uniquely associated with the access device 100. For example, the system may display a screen on the display 601 to enter a serial number provided on the housing 101 of the access device, for example by typing on a keyboard or other input device associated with the system 600. Prompt the user for input, as in

Once the system has received a valid identifier entered by the prospective user, at 1113 the system prompts the prospective user with instructions to present this feature to the biometric sensor for data acquisition indicating such as a biometric characteristic. For example, the system displays instructions that direct a prospective user to place their thumb on the fingerprint sensor of biometric sensor 103 or to put their eyes on for retinal scanning by biometric sensor 103. These instructions may be presented at the display 601 of the system 600, at the output device 104, or at another suitable location. In 1117, the user submits biometric features to biometric sensor 103 in response to these instructions, which sensor 103 scans the presented finger or retina, or otherwise displays data indicative of biometric features. Acquire. If necessary to activate the sensor, the prospective user activates the access device 1400 by turning on the access device 1400, for example by operating a switch associated with the power supply, for example switch 109.

At 1121, the system is satisfied that the biometric data acquired from the prospective user, i.e. biometric data indicative of the biometric characteristics of the prospective user, is used to compare the currently acquired data with the data to be acquired by future sampling. It is then determined whether there is a correlation suitable for identifying the expected user and allowing the presentation of an access code that can be used to access the security system. The determination as to whether the obtained sample is satisfactory for use for comparison may be accessed by one or more processors associated with the computer 600 by the processor (s) 105 of the access device 100. By the processors otherwise associated with the system, or by any suitable combination of such processors. The criteria and processes used to make these determinations are known and many new suitable criteria and processes are constantly being developed. The establishment and implementation of such criteria and processes will depend, among other things, on the biometric features to be used, the degree of certainty desired in this correlation, and other factors, and are within the capabilities of those skilled in the art.

If this sample is satisfactory, the data representing this sample may be the processor (s) to be used to correlate one or more of the memories 147, 148, 149 or other memory associated with the system or access device to be accessed. Is stored in an accessible memory, and processing proceeds. If the sample is not satisfactory, for example if the biometric feature is improperly placed relative to the biometric sensor 103, the prospective user is again prompted to present the biometric feature for resampling at 1113. . The user is accessed, for example, by messages displayed on the display 601, by messages displayed on the output device 104, such as 'bad print', or by both. May be prompted by the desired system. Prospective users may be invited to provide a biometric feature a predetermined number of times or proceed according to other suggestions before the system is shut down and, for example, asking the user for administrative assistance. For example, the cycles 1113-1121 may repeat five or another number of times, depending on the objects of the security system and who manages them.

If the biometric data obtained at 1117 is suitable for correlating with future samplings, the prospective user at 1125 is generated by the system in which one or more signal sensor (s) 102 are to be accessed. You are prompted to present the access pad 100 so that it can receive the signals it receives. For example, using the device shown in FIGS. 1-3, the prospective user is prompted to present the device 100 in the manner shown in FIG. 6, such that the photosensors 102, 131 may be positioned on the screen 601. Optical signals may be received from the signal generator 603.

Upon receiving signals from the signal generator 603, at 1129, the processor 105 displays an access code that can be used to access the security system, for example displaying four letter codes on an LED or LCD display. Thereby causing it to be provided at the output device 104.

In some embodiments of the invention, the code provided to the output device 104 is provided only for a limited time period. This is useful, for example, to prevent unauthorized users from gaining access to code and security systems. For example, in some embodiments of the invention, four letter codes may be displayed on the LED display for about 20 seconds. When controlling access to secure computer systems of the type envisioned here, it is short enough to prevent or reduce unauthorized access to the security system, yet allows an authorized user to enter code via the keyboard A suitable time interval for the system to receive and process this code was found to be about 20 seconds.

In preferred embodiments of the present invention, at least processing steps 1109, 1113, 1117, 1121, 1125, and 1129 may be performed in whole or at least in part by the portable access device 100.

8 is a schematic process flow diagram according to a preferred embodiment of the present invention. The process depicted in FIG. 8 may, in any of the multiple modes, control access to the security system by providing an output code 104 that can be used to access the security system in an appropriate situation. It can be used to.

The process of FIG. 8 begins at 2311 when a prospective user accesses an authorization (eg, log-in) function of a security system to be accessed. For example, a user who wants to access the BLOOMBERG PROFESSIONAL ^® service provided by BLOOMBERG LP can enter the input prompts displayed on the keyboard 611 and screen 601 at the system entry port, such as computer 600. To access the system log-in screen.

In response to a request from the entry port, at 2315 the security system prompts the prospective user, such as interactive input fields on the graphical user interface provided on the screens 601, prompts for the prospective user system identification number and password. Should be presented. Entry port 600 forwards the data entry by the prospective user with an identifier of the entry port itself. For example, in a system such as the BLOOMBERG PROFESSIONAL® service, the user's computer terminal or prospective entry port of the subscription (or otherwise authorized) is the user's computer terminal as the entry port for this service. By causing them to act, they are provided with proprietary software to provide an interface to the BLOOMBERG PROFESSIONAL® service. The software residing at the user terminal may include an identifier BLOOMBERG that is used by the system 600 to uniquely identify the user terminal as an (expected) entry port under specified conditions including an attempted login. It is designed to cause sending to PROFESSIONAL ^® service. The BLOOMBERG PROFESSIONAL ^® service keeps a record in memory that associates a user terminal with one or more prospective users. Thus, upon receipt of the expected user's system id, expected user's password, and terminal identifier at 2315, the secure BLOOMBERG system is enabled so that the expected user can access the entry port to which he or she is normally associated. Determines whether an attempt is made to access the system using a port that can be designated as the head entry station.

Upon receiving the expected user's i.d., password, and (if any) identifier of the expected entry port, at 2319, the security system determines if the entry port is defined as the primary entry station for this user.

If the expected entry port is identified as being the primary entry station for the prospective user, then at 2335 the user is presented with a request to provide the additional required information and is granted access to the security system. Access to the security system at 2335 may be conditioned according to additional factors, such as correlation of stored biometric data with data indicative of the biometric characteristics of the prospective user. For example, at a primary entry station, such as a regular workstation / terminal, the prospective user may be provided with a biometric sensor associated with the terminal, such as a sensor integrated into the keyboard 611, with prior authorization, portable In place of or in addition to any data acquired by the sensor on the access device, it may be conditioned according to the correlation of the data obtained by the keyboard sensor with the stored data.

At 2319, a prospective entry port may be a primary entry station for a prospective user, eg, a prospective user from a remote or visitor terminal, or a user's primary terminal or If it is determined that it is not identified as a location attempting to access the security system via a network other than the network, then at 2323, one or more signal sensor (s) 102 may receive signals from the security system, for example, FIG. The sensor 102 is exposed to the light emitted from the signal generator 603 by presenting a command to the user to place the portable access device in the same manner as the signal sensor 102 as shown in FIG. 6. In addition, to simultaneously present a biometric characteristic for scanning by the biometric sensor 103 or other sampling or sensing, such as placing a fingertip as shown in FIG. 6. You can command the prospective user.

At 2327, the system determines whether the biometric data obtained from the prospective user is sufficiently correlated with data representing the same biometric feature previously acquired and stored. The determination of whether there is an interrelationship between the acquired sample and the stored data may include the processor (s) 105 of the access device 100, one or more processors associated with the computer 600, other processors associated with the system to be accessed, or Implemented by any suitable combination of such processors. Criteria and processes to be used to determine whether such interrelationships are sufficient are known, and many new and appropriate criteria and processes continue to be developed. The establishment and implementation of such criteria and processes will depend, among other things, on the biometric features to be used, the degree of certainty desired in interrelationships, and other factors and will be within the ability of those skilled in the art in the relevant art. .

If the correlation is sufficient, at 2331, the output device 104 has an access code that the prospective user can use to access the security system, such as an alphanumeric code to be entered using the keyboard 611. have. Upon receipt of a valid access code, the security system continues to process by allowing the user access and by providing appropriate graphical user interfaces (GUI) or the like, in accordance with the general rules of the accessed system. The provided access code may be valid only in session specific, i.e. if the prospective user continues to use the access system, opens a controlled door once, etc. It can only be presented to the output device 104 for a time, for example 20 seconds.

In a preferred embodiment of the present invention, at least process steps 2323, 2327 and 2331 are performed in whole or at least partially by the portable access device 100.

9 is a schematic diagram of a process flow for processing signals generated by a security system to provide an access code that may be used to access the security system. The process steps shown on the left side of FIG. 9 are performed by a processor and / or entry station of the access device 100, and the process steps shown on the right side are performed by a processor or processors associated with the security system. .

At 2511, the prospective user, using the keyboard 611 or another input device at the entry station, as described above, invokes the system log-in screen and enters his user id and password, and / or other identifying information. Enter it.

Upon receipt of the user-identifying information, at 2515 a processor associated with the security system generates a signal to be sent to the portable access device 100. Such a signal is generated using system time to define the data content for the signal. The signal may also be based on other data inferred from station i.d. provided by the prospective entry station, for example, as described herein. In the entry station 600, the display unit 601, also called a visual display interface, or VDI, transmits light intermittently, for example, white or other bright colors, and off or black. The signal is transmitted by causing the signal generator 603 to flash between predetermined dark colors, such as. Several suitable methods of using the indicator to generate an optical signal are known and many exist or will be developed later.

At 2519, in portable access device 100, signal sensor 102, such as optical sensor 131, receives a signal from a signal generator and passes it to processor (s) 105. The processor (s) 105 that process the signal and optionally process a serial number or other identifier associated with the access device 100 may, for example, use the keyboard 611 at the entry station to access the security system. Like entering an access code, generate an access code that can be used by the prospective user.

In parallel with the process at 2519, at 2523, the security system uses the same algorithm, or associated algorithm, as used by the portable access device to determine the access code, and preferably to access the security system. The same access code as determined by the access device 100 that can be used by the user is determined.

At 2527, processor (s) 105 provide an access code to output device 104, such as displaying an alphanumeric code on an LED or LCD display panel, for example. A useful four-character code has been found for a system of the type described here, where the prospective user has to read the access code and enter it into the entry station within a limited amount of time, eg 20 seconds. do. Other-length code may be useful in similar or other situations.

Providing an access code to the output device at 2527 may govern the interrelationship of previously stored biometric data and biometric data obtained from the prospective user by the sensor 103.

At 2531, the security system compares the access code received from the entry station with the access code determined by the security system at 3523. If the access codes are the same or are sufficiently relevant according to the specification accepted by the security system, the user's access to the security system is allowed. The system continues the allowed processing, for example, providing an appropriate GUI display and accepting input for further processing according to the system.

If the access codes do not match or are not sufficiently correlated, the system may give the prospective user one or more chances to warn and retry, or recommend that the prospective user seek appropriate administrative or technical help.

Many other processes for generating access codes, including the use of coding seeds, are now known and will reliably be developed thereafter, which are suitable for use with the present application. Adopting any such processes for use in connection with the present application is sufficient within the capabilities of those skilled in the art when practiced in detail in this disclosure.

While described and described in connection with the preferred embodiments herein, it will be apparent to those skilled in the art that many modifications and variations can be made without departing from the spirit and scope of the present application, and therefore, the present application It is not intended to be limited to the precise details of the methodology, and variations and modifications are intended to be included within the scope of the present application. Except as essential or essential to the process, it is implied that there is no particular order in the steps or stages of the method or process described in this disclosure including the drawings. In many cases, the order of process steps may be altered without changing the purpose, effect, or spirit of the described methods.

Claims (28)

An apparatus for providing code that can be used to access a system, An output device; Using a first application program to process information indicative of a biometric characteristic of a person attempting to access the system, and using a second application program to process information provided by the system, and At least one processor for providing code to the output device that can be used to access the system, as a result of the processing; A rewritable nonvolatile memory that stores at least one of the application programs; A sensor for sensing the biometric characteristic of the person and providing information indicative of the biometric characteristic of the person used by the first application program; A first input device; And It is configured to include a second input device, Information provided by the system may be wirelessly input to the device by the first input device, Providing, by the second input device, at least one of the application programs, or a modification thereof, or both, can be wirelessly input to the device for storage in the memory. Device. The method of claim 1, And the at least one processor is further configured to restrict providing the code to the output device according to a correlation between the information representing the biometric characteristic and the stored biometric information. The method of claim 2, And the at least one processor is configured to determine whether or not there is a correlation between the information indicative of the biometric characteristic and the stored biometric information. The method of claim 2, And the memory stores the stored biometric information. A portable device providing code that can be used to access a system, At least one sensor and wherein, by the at least one sensor, information provided by the system, and either a first application program or a second application program, or both, or a modification thereof, may be wirelessly input to the portable device. There is; A biometric sensor for obtaining biometric information indicative of a biometric characteristic of a person attempting to access the system; An output device; Process the biometric information using the first application program and process information received from the system using the second application program, and, according to the result of the processing, access code to the output device. At least one processor providing; And a rewritable non-volatile memory storing the first application program, or the second application program, or both. The method of claim 5, And the at least one sensor comprises a photosensor. The method of claim 5, The at least one sensor comprises a plurality of photosensors, at least one of the photosensors is an infrared sensor, and at least one of the photosensors is a visible-spectrum sensor Portable device that provides the code. The method of claim 5, And the output device is a display. A portable device providing code that can be used to access a system, A first sensor and a second sensor, wherein the information provided by the system is wirelessly connected to the portable device by the first sensor and by at least one application program, or a modification thereof, or both, by the second sensor. Can be entered; A biometric sensor for obtaining biometric information indicative of biometric characteristics of a person attempting to access the system; At least one processor for processing information received from the first sensor and the biometric sensor and providing the code in accordance with a result of the processing; And And a common housing for supporting the first sensor, the second sensor, the biometric sensor, and the processor. 10. The method of claim 9, And said housing comprises at least one surface with which said means for identifying said person is associated. The method of claim 10, And the means comprises at least one of a human-readable device and a photograph. The method of claim 10, And said means comprises machine readable coding. The method of claim 10, And the means comprises an electronic device. A method of providing a code used when accessing a system, the method being performed by an access device, Processing a biometric information received from a biometric sensor associated with the access device using a first application program to establish a correlation between the received biometric information and stored biometric information; If the correlation satisfies correlation criteria, using a second application program, providing an access code to a portable output device of the access device that can be used to access the system; The access code is determined using information provided by the system; If the correlation does not satisfy a correlation criterion, then providing no code to the output device that can be used to access the system; Storing at least one of the application programs in a rewritable nonvolatile memory associated with the access device; Receiving information provided by the system at a first input device; And And receiving at the second input device the at least one application program, or a modification thereof, or both. The method of claim 14, And wherein said access code is session-specific. A method of providing code used to access a system, the method being performed by an access device comprising a processor, a signal sensor, and a biometric sensor, By processing a signal received by the signal sensor from a signal generator associated with the system to be accessed, a person attempting to access the system attempts to access the system using a primary entry station. Determining whether the system has received information indicating that there is; If it is determined that the person is attempting to access the system using a primary entry station, then any biometric information received from the biometric sensor of the access device may be used to access the system. Providing an access code to an output device of the access device; If it is determined that the person is not attempting to access the system using a primary entry station, only by determining that a correlation criterion is satisfied by the biometric information and the stored biometric information received from the biometric sensor. Providing the output device with an access code that can be used to access the system. The method of claim 16, And wherein said access code is session specific. The method of claim 1, And an input / output device including the second input device and outputting information on the operation of the device or information processed by the device. The method of claim 18, And the input / output device comprises a transceiver. The method of claim 19, And the transceiver comprises an optical transceiver. 21. The method of claim 20, And the optical transceiver comprises an infrared transceiver. The method of claim 1, And the first input device comprises a wireless input device. The method of claim 1, And the first input device comprises an optical input device. The method of claim 1, And the first input device comprises an optical sensor. An apparatus for providing code that can be used to access a system, An output device; Using a first application program to process information indicative of a biometric characteristic of a person attempting to access the system, and using a second application program to process information provided by the system, and as a result of the processing At least one processor for providing code to the output device that may be used to access the system; A sensor for sensing the biometric characteristic of the person and providing the information indicative of the biometric characteristic of the person used by the first application program; And An optical input device for receiving a modulated visible light signal provided by the system, And the processor decodes a signal provided by an optical input device from the modulated visible light signal to provide information provided by the system. The method of claim 25, Wherein the visible light is modulated according to a Manchester code and the processor decodes the Manchester code. A method of selectively providing code for use in accessing a system such as a computer system, the method being performed by an access device including an output device, a processor, a signal sensor, and a biometric sensor, In response to an attempt to access the system from a primary entry station using an authentication function associated with the system, granting access to the system; If not, in response to the attempt Receiving a signal by the signal sensor from a signal generator associated with the system to be accessed; Generating an access code based on the received signal; And And providing the access code to the output device only by determining a correlation criterion between the biometric information received by the biometric sensor and the stored biometric information from the person attempting to access the system. A method of selectively providing a feature code. The method of claim 27, And wherein said authentication function comprises a system log-in including a username, password, or both.

Images