CH630191A5 - Apparatus for the protected initiation of one of a plurality of switching operations - Google Patents

Description

The invention relates to a device for securely triggering one of several switching operations by a user authorized for this, according to the preamble of patent claim 1.

Such a device has already been proposed in CH-PS 594 939. This older device represents a personal identification device, which enables the checking of the authorization of a person to carry out certain business transactions by machine and, in particular, by remote control, in which case the process to be triggered then involves automatic cash or goods delivery, the opening of a door or a barrier , the establishment of a telephone or data transmission connection or simply the issuance of a signal which indicates the positive or negative result of a remote-controlled authorization test.

This proposed device has the advantage that it offers a particularly high level of security against misuse, in that the secret keyword can be freely chosen by the authorized user and can also be kept secret from the service provider. This is achieved above all by constructing the encryption device used, for example in the form of a multiple feedback shift register, in such a way that an irreversible (i.e. non-deterministic) logical combination is technically implemented in it. Since simply trying out the various options with such a link quickly leads to a solution time that increases to astronomical values, even with knowledge of the result, namely the password formed, the respective encryption method cannot be inferred and therefore cannot be understood without authorization.

With such a facility, however, there is a certain difficulty that usually a large number of service companies use this security system together, so that there is a risk of interferences between the code words of the individual companies.

The invention is therefore based on the object of creating a device common to several users for the reliable triggering of switching processes, in which no such repercussions can occur between the companies using the same system and in which it is ensured that a business process is only between two very specific ones Parties can be raised.

The inventive solution to this problem is defined by claim 1.

The device according to the invention "has the advantage that a service provider can, with the same degree of security with which an authorized user has sole access to his switching operation, force it to be used only with him.

In a further embodiment of the invention, a second encryption device connected to the second and the third input device and to the encryption device can be provided, in which the output signals of the third input device corresponding to the internal secret control word are passed on before encryption to the first encryption device by encryption with the secret keyword output signals of the second input device corresponding to the respective user can be modified. This can further increase security against possible misuse.

Further refinements of the invention can be found in the following description, in which the invention is described and explained in more detail with reference to the exemplary embodiments shown in the drawing. 1 shows a logic flowchart to show the mode of operation of an exemplary embodiment of the present invention, FIG. 2 shows a flowchart to show the mode of operation of another exemplary embodiment of the present invention, and FIG. 3 shows a circuit diagram according to an embodiment of the present invention in a schematic representation .

Referring to Figures 1 and 2, there are shown logical flow diagrams which illustrate the relationship between the various code word inputs in the operation of the present invention. In one embodiment, the identity code word (e.g., social security number, account number, driver's license number, etc., or combinations thereof) can be entered for an individual using a suitable code word input device 31, such as a keyboard, card reader, or the like. Similarly, a secret code word can be used by the individual through this

2nd

5

10th

15

20th

25th

30th

35

40

45

50

55

60

65

can be entered using the same or another suitable code word input device 33 of the type mentioned above.

These code words are converted into digital signals, which may or may not be buffered or temporarily stored in a device 35, and then fed to an encoder in a selected order regardless of the order in which the code words are received by the individual.

According to the present invention, the coding of the person's own identity code and his secret code is further changed in accordance with a coding scheme or determined by introducing a control code word 39 which is unique or unique in a special device or in a special data connection in a device. The encoder output is a compiled or converted code word, which can have a fixed word length (for example always digits, regardless of the length of the code words 31, 32 entered). This converted code word can be recorded for subsequent retrieval and comparison with a converted code word prepared in the same way for an individual attempting to complete an operation secured by the present invention. The converted code word can also be viewed as the relevant data and transmitted for remote processing together with other data (for example inventory numbers, price information, etc.).

3 shows a simplified diagram of an exemplary embodiment of the present invention, in which the identity code word and the secret code word for an individual or an individual are entered in a selected order using the same hand-held keyboard input device 2. The individual keys 11 of the keyboard 2 can be individually connected to an earthed collecting line 12 by pressing or other actuation. An output of each of the keys 11 is fed to the corresponding input of a NAND gate 13 for generating an output signal which triggers a monostable multivibrator 14 to generate a negative pulse on a line 15. Each of the individual buttons 11 is also connected to a corresponding input of a 12-bit switch 16, which is formed, for example, by three model 9322 integrated circuits. Thus, whenever a key 11 is pressed, a line connected to the keys provides a 0 (low) signal to both the 12-bit switch 16 and the NAND gate 13.

The output of the NAND gate 13 excites the monostable multivibrator 14, which then generates a negative pulse at the parallel control or enable input 15 of a 12-bit UP binary counter 17 to the contents of the 12-bit switch 16 in enter the 12-bit UP binary counter 17. Initially, the 12-bit UP binary counter 17 remains in a one state overall, i. that is, the count output is "high" which, when inverted by an inverter 18, provides a "low" state to the count enable pulse input terminal of the 12-bit binary counter 17 to turn the binary counter 17 off. Binary counter 17 includes, for example, three Model 9316 integrated circuits.

As soon as a key 11 is pressed, a set of 12 bits from the switch 16 is input into the binary counter 17 and the counting terminal on the binary counter 17 falls to the low state which, when inverted by the inverter 18, generates a high count enable pulse, which causes the binary counter 17 to count up from the input or loaded state to an overall one state, which brings the counter terminal into the high state. This high state is inverted by the inverter 18 into a low state, which switches off the binary counter 17 to end the counting function. Thus the output of inverter 18 is a high pulse with

630191

a duration which corresponds to the time which the binary counter 17 takes to count clock pulses from the state entered or loaded into the binary counter to a general one-end state. Thus, the operating time of the counter 17 is a function of the bit state which is entered into the binary counter 17, which in turn depends on which of the individual keys 11 has been pressed.

The output of the inverter 18 is also fed to an input of a NAND gate, to which the output of a clock generator 21 is also connected. Thus, the NAND gate 19 is used to control the clock pulses to the input of a 24-bit shift register 22 (gate). The number of clock pulses that are controlled to the shift register 22 gate depends on the duration of the counting of the binary counter 17. For example, the 24-bit shift register 22 may include six Model 9300 integrated circuits.

Thus, the NAND gate 13, the monostable multivibrator 14, the switch 16, the binary counter 17, the clock generator 21, the inverter 18 and the gate 19 serve to perform the key-to-clock (described above with reference to FIG. key-to-clock) to form pulse converter 5. The output of the pulse converter 5 is a pulse train with a number of pulses in each train, which corresponds to the relevant key that was pressed on the alphanumeric keyboard 2.

A multiplicity of exclusive OR gates 23 are hard-wired in the 24-bit shift register 22 in a conventional manner and thus form a multiplicity of feedback paths to the input of the 24-bit feedback shift register 22 for pseudo conversion to a random number or pseudo scatter ( pseudo-randomizing) of the states of the register 22. The 24-bit shift register 22 is initiated in an all-zero-initial state by supplying a reset pulse on an input line 43. In addition, the 24-bit cells of shift register 22 can be selectively preset to the initial conditions determined by the signals on input lines 45 to each bit cell. Thus, the final state of the shift register 22, as determined by the logic states on the output lines 47 from the bit cells after all code words for an individual have been successively entered via the keyboard 2, are determined by the control code supplied to the inputs 45. The output lines 47 can be grouped into any suitable number K of n-bit alphanumeric characters for transmission as data or for display or comparison with similar output signals in the manner described in the above-mentioned US patent or the like. The control code thus greatly expands the combinations of the compiled code words that can be generated as a result of certain code words that are supplied to the code input device. In addition, the control code and the associated coding can also be secured against unauthorized use by modifying the control code according to the secret code word received by the individual, as shown in FIG. 2. In this embodiment, the secret code word can be combined with a control code (e.g., route and pass number of a particular bank) to provide an encoded control code word that can be applied to input 45 of shift register 22, as shown in FIG. 3. This encoding of the control code word with the secret code word can be carried out in any manner, for example by arithmetically adding or subtracting, by multiplying or dividing a number by another or by interdigitizing the digits of a number with the digits of the other number, or the like. Therefore, by selecting their own control codes, the security system of the present invention provides significantly greater security for many facilities that use similar systems.

3rd

5

10th

15

20th

25th

30th

35

40

45

50

55

60

65

G

1 sheet of drawings

Claims (3)

630 191 PATENT CLAIMS 1. Device for securely triggering one of several switching operations by a user authorized for this purpose with (a) a freely accessible first input device for an open identification word characterizing the respective user, (b) a second input device exclusively accessible to the respective user for a secret assigned to this user Key word, (c) an encryption device connected at least to the first and the second input device and operating according to a predetermined, irreversible logical combination, for forming an internal open password by jointly encrypting at least the output signals corresponding to the open identification word and the secret key word of the relevant user first and second input devices, and (d) a comparison connected to the encryption device and a previously formed open password storage device chs device which only allows triggering of the switching process if the password formed in the encryption device matches the password stored in the storage device, characterized in that the encryption device (37; 22, 23) is also connected to a third input device (39) for an internal secret control word that is inaccessible to the users mentioned, and that in the encryption device (37; 22, 23) both the output signals corresponding to the open identification word and the secret keyword of the respective user the first and the second input device (31, 33), as well as the output signals of the third input device (39) corresponding to the internal secret control word can be encrypted according to the predetermined logical link to the internal open password. 2. Device according to claim 1, characterized in that a second encryption device connected to the second and third input devices (31, 39) and to the encryption device (37; 22, 23) is provided, in which the output signals corresponding to the internal secret control word of the third input device (39), before being forwarded to the first encryption device (37; 22, 23), can be modified by encryption with the output signals of the second input device (31) corresponding to the secret key word of the respective user. 3. Device according to claim 1 or 2, characterized in that the first encryption device (37; 22, 23) contains a shift register (22) with a series input and a plurality of parallel outputs, that predetermined of these parallel outputs via a number of logic circuits (23) are fed back to the serial input, and that the shift register (22) can be preset with the entered or modified secret control word and switched sequentially with pulse trains, the number of pulses of which depends on the open identification word or the secret keyword of the respective user.