EP0627713B1 - Monitoring and controlling device of the differential access to at least two separate sections provided in an enclosed space - Google Patents

Monitoring and controlling device of the differential access to at least two separate sections provided in an enclosed space Download PDF

Info

Publication number
EP0627713B1
EP0627713B1 EP94201452A EP94201452A EP0627713B1 EP 0627713 B1 EP0627713 B1 EP 0627713B1 EP 94201452 A EP94201452 A EP 94201452A EP 94201452 A EP94201452 A EP 94201452A EP 0627713 B1 EP0627713 B1 EP 0627713B1
Authority
EP
European Patent Office
Prior art keywords
compartment
actuator
central unit
access
piggy bank
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP94201452A
Other languages
German (de)
French (fr)
Other versions
EP0627713A1 (en
Inventor
Serge Barbe
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Schlumberger SA
Original Assignee
Schlumberger SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Schlumberger SA filed Critical Schlumberger SA
Publication of EP0627713A1 publication Critical patent/EP0627713A1/en
Application granted granted Critical
Publication of EP0627713B1 publication Critical patent/EP0627713B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F5/00Coin-actuated mechanisms; Interlocks
    • G07F5/26Interlocks, e.g. for locking the doors of compartments other than that to be used
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1058PIN is checked locally
    • G07F7/1066PIN data being compared to data on card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/02Devices for alarm or indication, e.g. when empty; Advertising arrangements in coin-freed apparatus
    • G07F9/026Devices for alarm or indication, e.g. when empty; Advertising arrangements in coin-freed apparatus for alarm, monitoring and auditing in vending machines or means for indication, e.g. when empty
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/06Coin boxes

Definitions

  • the present invention relates to a device capable of controlling and controlling access, according to a given hierarchy, to at least first and second compartments delimited inside an enclosure.
  • the invention is more particularly applicable to a distributor of products and / or services, such as consumable products, or transport tickets, or even a parking meter.
  • dispensers generally include an enclosure in which are arranged the devices capable of enabling the dispenser to operate, said enclosure being generally divided so as to delimit at least one first compartment containing the means of operation of the dispenser, such as for example the means of conveying the currency, the means of issuing a ticket corresponding to the requested service, the means of printing the ticket, or any other device necessary for the operation of the dispenser.
  • the enclosure also includes a second compartment called to contain the values, and in particular the sums in cash introduced by the user. Said second compartment forms what is commonly called the piggy bank compartment.
  • the latter can for example contain a "coin piggy bank” and a "bank notes piggy bank”.
  • Each compartment has its own access door.
  • Access to the first compartment in which the various devices and operating systems of the dispenser are located is not regulated in the same way as access to the piggy bank.
  • the people having to intervene inside the distributor for reasons of maintenance or upkeep do not normally have to intervene inside the piggy bank, access to which is reserved only for persons authorized to withdraw the funds resulting from the transactions carried out.
  • Known distributors include locks making it possible to block access to the first compartment, and also to the second compartment (piggy bank compartment).
  • each person called upon to intervene inside the distributor is the holder of a key.
  • the persons in charge of maintenance and upkeep have a key giving access to the first compartment, while the persons authorized to withdraw the sums contained in the piggy bank, hold two keys, one for the first compartment and the another for the piggy bank.
  • Devices have been proposed to try to control and regulate access to the piggy bank, and in particular to know its content.
  • devices in particular in the field of parking meters, comprising a collection center, associated with a memory card, and also associated with portable computer means capable of interacting on the one hand, with the collection and on the other hand, with each parking meter, in encrypted language, in particular with a view to knowing the content of the sums contained inside the piggy bank of the parking meter questioned.
  • This device provides relative control of access to the piggy bank.
  • access to the piggy bank is always carried out by means of a conventional key, with the resulting limitations mentioned above.
  • this device is satisfactory, it is capable of being improved, and it is precisely the object of the invention to provide a device making it possible to control and command differential access to at least two compartments delimited inside. of an enclosure, so as to identify the person seeking to intervene inside the device, and to check that it is indeed the person empowered in this regard.
  • the device of the invention also aims to ensure the security of the device allowing the opening of the piggy bank, in an encrypted manner, without it being possible, for a person not authorized by a fraudulent operation inside the first compartment (maintenance) to cause the opening of the piggy bank.
  • said central unit is able to communicate in an encrypted manner by the first means of dialogue with the recognition means and by second means of dialogue with said actuator, with a view to controlling the latter, and comprises means capable of generating an encrypted message using a mother key, specific to the central unit, said actuator having means capable of decrypting said message to find said mother key, the latter thus becoming the key daughter likely to be used to generate at least one communication message between the actuator and the central unit and vice versa.
  • said mother key consists of a random number generated by the central unit.
  • said object introduced by the operator is a memory card and the recognition means include a memory card reader (LCAM).
  • LCAM memory card reader
  • the dialogue means include an encryption algorithm, of the preference type, D.E.S (DATA ENCRYPTION STANDARD).
  • the recognition means are also able to control a code specific to the holder of the memory card in order to control, in addition to the key (CAM), the identity of the card holder and therefore to ensure that the holder is the authorized person.
  • CAM key
  • the device also includes a memory capable of recording all of the operations carried out, and the identity of the participants.
  • the distributor of products or services such as for example a distributor of transport tickets, bearing the general reference 1, consists of a box 2 which is rectangular and delimits inside an enclosure itself divided into a first compartment 3 and a second compartment 4.
  • the second compartment 4 is delimited with respect to the first compartment 3 by partitions referenced 5.
  • the second compartment 4 is of the armored type, and is called upon to contain the sums collected in exchange for the service provided to users of such a distributor.
  • the second compartment 4 is commonly called the piggy bank compartment.
  • the cash stored inside the piggy bank is symbolically represented and bears a general reference 6.
  • the dispenser comprises inside the first compartment 3 a central unit represented by the functional block 7 and intended for the command and control of the set of devices and systems necessary and specific to the operation of the ticket dispenser.
  • the central unit controls and monitors the progress of the operation of the coin selector and the routing of the coin either to the piggy bank or to the coin return; the central unit also makes it possible to control the opening and closing systems of the interior doors of the device; also, the central unit is associated with software management systems and comprising memories called to contain information specific to the operations carried out inside the dispenser.
  • the piggy bank 4 is disposed inside the dispenser, and is accessible by a door of its own.
  • the dispenser itself has a door allowing access to the first compartment 3, it being understood that access to the piggy bank is not possible directly since the latter is provided with a clean door actuated by a lock disposed at the interior.
  • the piggy bank includes an actuator 8 capable of acting on a lock 9 capable of allowing the opening of the door (not shown) of the piggy bank 4.
  • the actuator is connected to the central unit by connections symbolically represented by line 10 .
  • LCAM memory card reader 11
  • FIG. 1 symbolically, the hand 13 of a user carrying a memory card 14, and moreover the hand 13A of this same user in the process of striking keys 14 of a keyboard 16 arranged on one of the exterior walls of the dispenser.
  • a ticket 17 represents the counterpart, in the form of a service, of the cash introduced by the user / customer.
  • One of the aims of the device of the invention is to allow access to the interior of the dispenser to authorized persons only, and this, moreover, in the form of a specific hierarchy according to the authorization of these the latter, certain persons being authorized to intervene inside the apparatus, in the first compartment 3, to carry out maintenance and / or repair operations there, while other persons, different from the first, will be authorized to have access to the interior of the piggy bank.
  • the person called upon to intervene is symbolically represented by the hand 13 and carrying a memory card 14, of known type and comprising storage means and electronic means capable of enabling dialogue with the memory card reader "(LCAM).
  • the card 14 is inserted by the user into a slot provided for this purpose and associated with LCAM) 11. This corresponds to functional block 18 of the Figure 2 (the memory card being referenced as CAM).
  • the first operation carried out by LCAM is to check whether the CAM introduced complies with the type of CAM expected and suitable for the interventions to be carried out in the dispenser (see function block 19). Verification gives rise to either a negative or a positive response. If the CAM does not comply (answer no), LCAM 11 delivers information to the user, in the form of a return of the card inserted (functional block 20). This constitutes a first security step insofar as this avoids the introduction of false cards or cards which are manipulated or which do not comply with the use for which they are intended, in the context for example of the maintenance of this type of distributor.
  • the device of the invention proceeds to a second verification step, namely the identification of the wearer. Indeed, it is not enough that the CAM introduced is a compliant card, but it is also appropriate that the person who introduced this card is among those who are authorized to work inside the dispenser.
  • the holder of the card (block 21), the latter, as shown diagrammatically in FIG. 1, indicates on the keyboard 16 arranged on an external face of the device, a code which is specific to it, by typing on the corresponding keys 15 of the keyboard 16.
  • the transaction is rejected, and therefore the card is returned to the user (block 22), or the transaction is validated, the carrier being identified. as being a suitable carrier; the device then proceeds to a third step (block 23) aimed at determining what type of operations are to be carried out, in other words, determining the identity of the person and in particular the type of intervention which he requests and that '' it is authorized to carry out (maintenance and / repair, or withdrawal of the sums disposed in the piggy bank).
  • the functional block 23 offers, in the example shown, three possibilities, namely a so-called first level maintenance intervention, a so-called maintenance intervention second level, and a so-called collection intervention, that is to say access to the piggy bank in order to collect the cash it contains. These three possibilities are represented by way of example by the functional blocks of FIG. 2 referenced 24, 25 and 26.
  • Access to the various possibilities is carried out by the operator who, depending on the code he has introduced at the start, or depending on the card inserted, which itself carries information specific to the operation that is capable of carrying out the service provider, thus chooses the corresponding functional block (24, 25 or 26).
  • the operator wishes a so-called first level maintenance operation (that is to say on only some of the devices contained in the distributor and / or for the consultation of certain computer files, or repair )
  • it should be checked once again that this is possible taking into account the nature of the card introduced, the holder, and / or other information such as the advisability of a maintenance operation and / or repair, and depending for example on the date of the last intervention or any other factual element, such as a breakdown requiring intervention.
  • Blocks 27, 28 and 29 correspond to these last verification steps.
  • blocks 30, 31 and 32 symbolizing the unlocking of the corresponding door, namely for blocks 30 and 31, unlocking the main door for operations maintenance and / or repair, and for block 32, unlocking of the piggy bank compartment door.
  • the card holder and card identification verification operations and requested operations make it possible to ensure, by memorizing this information, in the central unit during the course of the latter, that the persons intervening are the right ones people, but also that for example the person responsible for collecting, is indeed an authorized person. It is also ensured that the latter does not intervene to carry out maintenance and / or repair operations which would exceed its function and / or its capacities.
  • FIG. 3 shows, in more detail, the means which allow the dialogue between the various elements of the invention, and in particular between the LCAM, the central unit, the actuator and the lock of the piggy bank.
  • the central unit 7 is connected, symbolically for the convenience of understanding the invention, to a means capable of generating a random number, reference 40, and a memory 41 containing a mother key in the form of a numerical value. These numerical values (random number and mother key) are used to encrypt the information which is conveyed between the central unit and the actuator, by the communication line 10.
  • the encryption means are known in themselves, on the hardware level, and for example may call, in the form of software, a known algorithm, such as an algorithm of the DES (DATA ENCRYPTION STANDARD) type. These algorithms are known in themselves and are not described below in more detail.
  • the encryption / decryption means are symbolically represented by the block.
  • the central unit 7 receives from the functional block 32 (corresponding to the functional block 32 of FIG. 2) a request to unlock the access door to the piggy bank, with a view to collection.
  • the actuator 8 is associated with the mother key from the block 41, and also with means for encryption / decryption referenced 43.
  • the actuator is capable of controlling, by a command line in bold line and bearing the reference 44, the lock 9 capable of opening the door of the piggy bank 4.
  • the central unit upon receipt of a request to open the door of the piggy bank 4, draws a random number from block 40 and encrypts this value by means 42, using the mother key of block 41
  • This encrypted value of the random value is addressed by the communication line 10 to the actuator 8.
  • the actuator in turn, by its own decryption means 43, knowing the mother key of block 41, is able to find said random number.
  • the latter then becomes the daughter key which will encrypt the communication between the central unit 7 and the actuator 8.
  • the encryption may be carried out as indicated above using an algorithm of the known type such as call to a DES function.
  • the communication between the central unit and the actuator is carried out in encrypted form, in an inviolable manner, since the daughter key used to encrypt the message is a random number which is known only to the central unit and the actuator. It is therefore not possible to intervene at the level of communication, by fraudulent maneuvers of simulation, display or detection of the commands or orders communicated, to actuate the actuator with a view to the opening of the piggy bank 4
  • the link 44 between the actuator and the lock is a so-called power link since the lock is essentially an electrical-mechanical device which requires electrical power, in particular significant power.
  • the device of the invention makes it possible to isolate the actuator part inside the piggy bank, and thus to prevent any direct action on the lock, by means of power relatively easy to duplicate.
  • the device includes means for memorizing the characteristics of the operations carried out, such as the number of operations, the identity of the people involved and also the memorization of the characteristics of valid memory cards but which have been lost and then found by an unauthorized person and fraudulently introduced into the dispenser. This allows from the start of operations to identify any fraudulent maneuver.
  • the system of the invention also makes it possible to ensure security of access to the maintenance compartment which can hold, in the form of pre-printed transport tickets, very important values.
  • the actuator and the encryption system of the invention control the opening of the two doors of the two compartments "piggy bank” and "maintenance".
  • a person authorized for maintenance who has opened the maintenance door, must not have access to the closing system of this same door; otherwise, he could fraudulently block the actuator and thus intervene later on a machine without "defense".

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Lock And Its Accessories (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)
  • Vending Machines For Individual Products (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Description

La présente invention concerne un dispositif susceptible de contrôler et commander l'accès, selon une hiérarchie donnée, à au moins un premier et un second compartiments délimités à l'intérieur d'une enceinte. L'invention est plus particulièrement applicable à un distributeur de produits et/ou services, tel que produits consommables, ou de tickets de transport, ou encore un horodateur.The present invention relates to a device capable of controlling and controlling access, according to a given hierarchy, to at least first and second compartments delimited inside an enclosure. The invention is more particularly applicable to a distributor of products and / or services, such as consumable products, or transport tickets, or even a parking meter.

On sait que de tels distributeurs comportent généralement une enceinte dans lequel sont disposés les appareils aptes à permettre le fonctionnement du distributeur, ladite enceinte étant généralement divisée de manière à délimiter au moins un premier compartiment contenant les moyens de fonctionnement du distributeur, tels que par exemple les moyens d'acheminement de la monnaie, les moyens de délivrance d'un ticket correspondant au service demandé, les moyens d'impression du ticket, ou tout autre appareil nécessaire au fonctionnement du distributeur. L'enceinte comporte également un second compartiment appelé à contenir les valeurs, et notamment les sommes en numéraire introduites par l'utilisateur. Ledit second compartiment forme ce qu'on appelle communément le compartiment tirelire. Ce dernier peut contenir par exemple une "tirelire pièces" et une "tirelire billets".We know that such dispensers generally include an enclosure in which are arranged the devices capable of enabling the dispenser to operate, said enclosure being generally divided so as to delimit at least one first compartment containing the means of operation of the dispenser, such as for example the means of conveying the currency, the means of issuing a ticket corresponding to the requested service, the means of printing the ticket, or any other device necessary for the operation of the dispenser. The enclosure also includes a second compartment called to contain the values, and in particular the sums in cash introduced by the user. Said second compartment forms what is commonly called the piggy bank compartment. The latter can for example contain a "coin piggy bank" and a "bank notes piggy bank".

Chaque compartiment possède sa propre porte d'accès.Each compartment has its own access door.

L'accès au premier compartiment dans lequel se trouvent les différents appareils et systèmes de fonctionnement du distributeur n'est pas réglementé de la même manière que l'accès à la tirelire. En d'autres termes, les personnes ayant à intervenir à l'intérieur du distributeur pour des raisons de maintenance ou d'entretien, n'ont pas, normalement, à intervenir à l'intérieur de la tirelire, dont l'accès est réservé aux seules personnes habilitées à prélever les fonds résultants des transactions effectuées.Access to the first compartment in which the various devices and operating systems of the dispenser are located is not regulated in the same way as access to the piggy bank. In other words, the people having to intervene inside the distributor for reasons of maintenance or upkeep, do not normally have to intervene inside the piggy bank, access to which is reserved only for persons authorized to withdraw the funds resulting from the transactions carried out.

Les distributeurs connus comportent des serrures permettant de bloquer l'accès au premier compartiment, et également, au second compartiment (compartiment tirelire) Ainsi, chaque personne appelée à intervenir à l'intérieur du distributeur est détenteur d'une clé. Les personnes chargées de la maintenance et de l'entretien possèdent une clé permettant d'accéder au premier compartiment, tandis que les personnes habilitées à prélever les sommes contenues dans la tirelire, détiennent deux clés, l'une pour le premier compartiment et l'autre pour la tirelire.Known distributors include locks making it possible to block access to the first compartment, and also to the second compartment (piggy bank compartment). Thus, each person called upon to intervene inside the distributor is the holder of a key. The persons in charge of maintenance and upkeep have a key giving access to the first compartment, while the persons authorized to withdraw the sums contained in the piggy bank, hold two keys, one for the first compartment and the another for the piggy bank.

Ce système de clés soulève des difficultés. La première est que les clés sont susceptibles d'être dupliquées relativement facilement, et il est donc possible de faire circuler ces clés ou de les donner à d'autres personnes que celles habilitées. Il est certain également que les personnes à intervenir dans ces appareils peuvent être tentées d'effectuer des manoeuvres frauduleuses à l'intérieur des distributeurs. Par ailleurs, des contraintes de simplification de gestion conduisent à prévoir des clés identiques pour un grand nombre de distributeurs. Cependant, ce faisant, on augmente les risques de tentative de fraude.This key system raises difficulties. The first is that the keys are likely to be duplicated relatively easily, and it is therefore possible to circulate these keys or to give them to people other than those authorized. It is also certain that the people involved in these devices may be tempted to carry out fraudulent maneuvers inside the dispensers. In addition, management simplification constraints lead to the provision of identical keys for a large number of distributors. However, doing so increases the risk of attempted fraud.

Egalement, du point de vue de la gestion d'un parc de distributeurs de ce type, il est important pour le gestionnaire de connaître avec le plus d'exactitude possible, la nature des opérations effectuées ainsi que leur fréquence, et également l'identité des personnes intervenues à cette occasion et ceci est particulièrement important en ce qui concerne les personnes chargées du prélèvement des sommes contenues dans la tirelire.Also, from the point of view of the management of a fleet of distributors of this type, it is important for the manager to know with as much accuracy as possible, the nature of the operations carried out as well as their frequency, and also the identity of persons intervened on this occasion and this is particularly important with regard to the persons responsible for collecting the sums contained in the piggy bank.

En conclusion, il est souhaitable de déterminer, à chaque intervention à l'intérieur du distributeur, l'identité de la personne effectuant cette intervention, afin de contrôler si la personne cherchant à intervenir est une personne habilitée. Il est évident qu'un système de serrures à clé classique ne permet pas d'assurer ce contrôle, puisque les clés peuvent être dupliquées et le détenteur d'une clé n'est pas forcément une personne habilitée.In conclusion, it is desirable to determine, at each intervention inside the distributor, the identity of the person carrying out this intervention, in order to check whether the person seeking to intervene is an authorized person. It is obvious that a conventional key lock system does not allow this control, since the keys can be duplicated and the holder of a key is not necessarily an authorized person.

On a proposé des dispositifs pour tenter de contrôler et réglementer l'accès à la tirelire, et notamment pour connaître son contenu. Il existe ainsi des dispositifs, notamment dans le domaine des horodateurs, comportant un centre de collecte, associé à une carte à mémoire, et également associé à des moyens informatiques portables susceptibles de dialoguer d'une part, avec le centre de collecte et d'autre part, avec chaque horodateur, en langage crypté, en vue notamment de connaître le contenu des sommes contenues à l'intérieur de la tirelire de l'horodateur interrogé. Ce dispositif assure un contrôle relatif de l'accès à la tirelire. Cependant, l'accès à la tirelire est toujours réalisé par l'intermédiaire d'une clé classique, avec les limitations qui en résultent et mentionnées précédemment.Devices have been proposed to try to control and regulate access to the piggy bank, and in particular to know its content. There are thus devices, in particular in the field of parking meters, comprising a collection center, associated with a memory card, and also associated with portable computer means capable of interacting on the one hand, with the collection and on the other hand, with each parking meter, in encrypted language, in particular with a view to knowing the content of the sums contained inside the piggy bank of the parking meter questioned. This device provides relative control of access to the piggy bank. However, access to the piggy bank is always carried out by means of a conventional key, with the resulting limitations mentioned above.

On connaît de la demande internationale n° W0-85/01139 un dispositif pour contrôler et commander l'accès différentiel à au moins un premier et un second compartiments délimités à l'intérieur d'une enceinte d'un distributeur de produits et/ou services, de manière à empêcher l'accès au second compartiment, tout en permettant l'accès au premier compartiment, ledit dispositif comportant :

  • des moyens de reconnaissance d'un objet d'identification d'un intervenant et introduit depuis l'extérieur,
  • une unité centrale avec laquelle lesdits moyens de reconnaissance sont aptes à communiquer par des premiers moyens de dialogue,
  • un actionneur disposé à l'intérieur du second compartiment et susceptible de permettre l'ouverture/fermeture d'une serrure associée audit second compartiment,
There is known from international application No. W0-85 / 01139 a device for controlling and controlling differential access to at least first and second compartments delimited inside an enclosure of a product distributor and / or services, so as to prevent access to the second compartment, while allowing access to the first compartment, said device comprising:
  • means of recognizing an object of identification of a stakeholder and introduced from the outside,
  • a central unit with which said recognition means are able to communicate by first means of dialogue,
  • an actuator arranged inside the second compartment and capable of allowing the opening / closing of a lock associated with said second compartment,

Bien que ce dispositif donne satisfaction, il est susceptible d'être amélioré, et c'est précisément l'objet de l'invention de proposer un dispositif permettant de contrôler et commander l'accès différentiel à au moins deux compartiments délimités à l'intérieur d'une enceinte, de façon à identifier la personne cherchant à intervenir à l'intérieur de l'appareil, et à contrôler que celle-ci est bien la personne habilitée à cet égard. Le dispositif de l'invention a également pour but d'assurer la sécurité du dispositif permettant l'ouverture de la tirelire, de manière cryptée, sans qu'il soit possible, pour une personne non autorisée par une manoeuvre frauduleuse à l'intérieur du premier compartiment (maintenance) de provoquer l'ouverture de la tirelire.Although this device is satisfactory, it is capable of being improved, and it is precisely the object of the invention to provide a device making it possible to control and command differential access to at least two compartments delimited inside. of an enclosure, so as to identify the person seeking to intervene inside the device, and to check that it is indeed the person empowered in this regard. The device of the invention also aims to ensure the security of the device allowing the opening of the piggy bank, in an encrypted manner, without it being possible, for a person not authorized by a fraudulent operation inside the first compartment (maintenance) to cause the opening of the piggy bank.

A cette fin, selon l'invention, ladite unité centrale est apte à communiquer de manière cryptée par les premiers moyens de dialogue avec les moyens de reconnaissance et par des seconds moyens de dialogue avec ledit actionneur, en vue de commander ce dernier, et comporte des moyens aptes à engendrer un message crypté à l'aide d'une clé-mère, propre à l'unité centrale, ledit actionneur possédant des moyens aptes à décrypter ledit message pour retrouver ladite clé-mère, cette dernière devenant ainsi la clé-fille susceptible d'être utilisée pour engendrer au moins un message de communication entre l'actionneur et l'unité centrale et inversement.To this end, according to the invention, said central unit is able to communicate in an encrypted manner by the first means of dialogue with the recognition means and by second means of dialogue with said actuator, with a view to controlling the latter, and comprises means capable of generating an encrypted message using a mother key, specific to the central unit, said actuator having means capable of decrypting said message to find said mother key, the latter thus becoming the key daughter likely to be used to generate at least one communication message between the actuator and the central unit and vice versa.

De manière avantageuse, ladite clé- mère est constituée d'un nombre aléatoire engendré par l'unité centrale.Advantageously, said mother key consists of a random number generated by the central unit.

Selon une forme préférée de réalisation, ledit objet introduit par l'intervenant est une carte à mémoire et les moyens de reconnaissance incluent un lecteur de carte à mémoire (LCAM).According to a preferred embodiment, said object introduced by the operator is a memory card and the recognition means include a memory card reader (LCAM).

Les moyens de dialogue incluent un algorithme de cryptage, du type de préférence, D.E.S (DATA ENCRYPTION STANDARD).The dialogue means include an encryption algorithm, of the preference type, D.E.S (DATA ENCRYPTION STANDARD).

Les moyens de reconnaissance sont également aptes à contrôler un code propre au porteur de la carte à mémoire en vue de contrôler, en plus de la clé (CAM), l'identité du porteur de la carte et donc de s'assurer que le porteur est bien la personne autorisée.The recognition means are also able to control a code specific to the holder of the memory card in order to control, in addition to the key (CAM), the identity of the card holder and therefore to ensure that the holder is the authorized person.

Le dispositif comporte également une mémoire apte à enregistrer l'ensemble des opérations effectuées, et l'identité des intervenants.The device also includes a memory capable of recording all of the operations carried out, and the identity of the participants.

L'invention sera bien comprise à la lumière de la description qui suit, se rapportant à un exemple illustratif mais non limitatif, en référence aux dessins annexés dans lequel:

  • la figure 1 montre de façon schématique un distributeur, en coupe longitudinale, et incluant les moyens de l'invention;
  • la figure 2 est un schéma synoptique du fonctionnement du dispositif de l'invention; et
  • la figure 3, montre de manière schématique, le dialogue entre l'unité centrale et l'actionneur.
The invention will be clearly understood in the light of the description which follows, referring to an illustrative but nonlimiting example, with reference to the appended drawings in which:
  • Figure 1 schematically shows a distributor, in longitudinal section, and including the means of the invention;
  • Figure 2 is a block diagram of the operation of the device of the invention; and
  • Figure 3 shows schematically the dialogue between the central unit and the actuator.

Comme montré sur la figure 1, le distributeur de produits ou services, tel que par exemple un distributeur de tickets de transport, portant la référence générale 1, est constitué d'un caisson 2 parallélipipédique et délimitant à l'intérieur une enceinte elle-même divisée en un premier compartiment 3 et un second compartiment 4. Le second compartiment 4 est délimité par rapport au premier compartiment 3 par des cloisons référencées 5. Le second compartiment 4 est du type blindé, et est appelé à contenir les sommes perçues en échange du service procuré aux utilisateurs d'un tel distributeur. Le deuxième compartiment 4 est communément appelé compartiment tirelire. Le numéraire stocké à l'intérieur de la tirelire est symboliquement représenté et porte une référence générale 6. Le distributeur comporte à l'intérieur du premier compartiment 3 une unité centrale représentée par le bloc fonctionnel 7 et destinée à la commande et au contrôle de l'ensemble des appareils et systèmes nécessaires et propres au fonctionnement du distributeur de tickets. Par exemple, l'unité centrale commande et surveille le déroulement du fonctionnement du sélecteur de monnaie et l'acheminement de la monnaie soit vers la tirelire, soit vers le rendu monnaie; l'unité centrale permet également de commander les systèmes d'ouverture et de fermeture des portes intérieures du dispositif; également, l'unité centrale est associée à des systèmes de gestion par logiciel et comportant des mémoires appelées à contenir des informations propres aux opérations effectuées à l'intérieur du distributeur.As shown in FIG. 1, the distributor of products or services, such as for example a distributor of transport tickets, bearing the general reference 1, consists of a box 2 which is rectangular and delimits inside an enclosure itself divided into a first compartment 3 and a second compartment 4. The second compartment 4 is delimited with respect to the first compartment 3 by partitions referenced 5. The second compartment 4 is of the armored type, and is called upon to contain the sums collected in exchange for the service provided to users of such a distributor. The second compartment 4 is commonly called the piggy bank compartment. The cash stored inside the piggy bank is symbolically represented and bears a general reference 6. The dispenser comprises inside the first compartment 3 a central unit represented by the functional block 7 and intended for the command and control of the set of devices and systems necessary and specific to the operation of the ticket dispenser. For example, the central unit controls and monitors the progress of the operation of the coin selector and the routing of the coin either to the piggy bank or to the coin return; the central unit also makes it possible to control the opening and closing systems of the interior doors of the device; also, the central unit is associated with software management systems and comprising memories called to contain information specific to the operations carried out inside the dispenser.

La tirelire 4 est disposée à l'intérieur du distributeur, et est accessible par une porte qui lui est propre. Le distributeur comporte lui-même une porte permettant d'accéder au premier compartiment 3, étant entendu que l'accès à la tirelire n'est pas possible directement puisque cette dernière est munie d'une porte propre actionnée par une serrure disposée à l'intérieur.The piggy bank 4 is disposed inside the dispenser, and is accessible by a door of its own. The dispenser itself has a door allowing access to the first compartment 3, it being understood that access to the piggy bank is not possible directly since the latter is provided with a clean door actuated by a lock disposed at the interior.

La tirelire comporte un actionneur 8 apte à agir sur une serrure 9 susceptible de permettre l'ouverture de la porte (non représentée) de la tirelire 4. L'actionneur est relié à l'unité centrale par des liaisons symboliquement représentées par la ligne 10.The piggy bank includes an actuator 8 capable of acting on a lock 9 capable of allowing the opening of the door (not shown) of the piggy bank 4. The actuator is connected to the central unit by connections symbolically represented by line 10 .

Egalement à l'intérieur du distributeur est disposé un lecteur de carte à mémoire 11 (LCAM), lui-même relié à l'unité centrale par une liaison 12.Also inside the distributor is a memory card reader 11 (LCAM), itself connected to the central unit by a link 12.

Sont également représentées sur la figure 1, de manière symbolique, la main 13 d'un utilisateur portant une carte à mémoire 14, et par ailleurs la main 13A de ce même utilisateur en train de frapper des touches 14 d'un clavier 16 disposé sur une des parois extérieures du distributeur.Also shown in FIG. 1, symbolically, the hand 13 of a user carrying a memory card 14, and moreover the hand 13A of this same user in the process of striking keys 14 of a keyboard 16 arranged on one of the exterior walls of the dispenser.

Un ticket 17 représente la contrepartie, sous forme d'un service, du numéraire introduit par l'utilisateur/client.A ticket 17 represents the counterpart, in the form of a service, of the cash introduced by the user / customer.

Un des buts du dispositif de l'invention est de permettre l'accès à l'intérieur du distributeur aux seules personnes autorisées et ce, de plus, sous forme d'une hiérarchie spécifique en fonction de l'habilitation de ces dernières, certaines personnes étant autorisées à intervenir à l'intérieur de l'appareil, dans le premier compartiment 3, pour y effectuer des opérations de maintenance et/ou de réparation, tandis que d'autres personnes, différentes des premières, seront habilitées à avoir accès à l'intérieur de la tirelire.One of the aims of the device of the invention is to allow access to the interior of the dispenser to authorized persons only, and this, moreover, in the form of a specific hierarchy according to the authorization of these the latter, certain persons being authorized to intervene inside the apparatus, in the first compartment 3, to carry out maintenance and / or repair operations there, while other persons, different from the first, will be authorized to have access to the interior of the piggy bank.

En référence aux figures 1 et 2, la personne appelée à intervenir (pour maintenance ou accès à la tirelire) est symboliquement représentée par la main 13 et porteuse d'une carte à mémoire 14, de type connu et comportant des moyens de mémorisation et des moyens électroniques aptes à permettre un dialogue avec le lecteur de carte à mémoire" (LCAM). La carte 14 est introduite par l'utilisateur dans une fente prévue à cet effet et associée au LCAM) 11. Ceci correspond au bloc fonctionnel 18 de la figure 2 (la carte à mémoire étant référencée comme CAM).With reference to FIGS. 1 and 2, the person called upon to intervene (for maintenance or access to the piggy bank) is symbolically represented by the hand 13 and carrying a memory card 14, of known type and comprising storage means and electronic means capable of enabling dialogue with the memory card reader "(LCAM). The card 14 is inserted by the user into a slot provided for this purpose and associated with LCAM) 11. This corresponds to functional block 18 of the Figure 2 (the memory card being referenced as CAM).

La première opération qu'effectue le LCAM est de vérifier si la CAM introduite est conforme au type de CAM attendu et propre aux interventions à effectuer dans le distributeur (voir bloc fonctionnel 19). La vérification donne lieu à une réponse soit négative, soit positive. Si la CAM n'est pas conforme (réponse non) le LCAM 11 délivre une information à l'utilisateur, sous forme du renvoi de la carte introduite (bloc fonctionnel 20). Ceci constitue une première étape de sécurité dans la mesure où on évite ainsi l'introduction de fausses cartes ou de cartes manipulées ou qui ne seraient pas conformes à l'utilisation à laquelle elles sont destinées, dans le cadre par exemple de la maintenance de ce type de distributeur.The first operation carried out by LCAM is to check whether the CAM introduced complies with the type of CAM expected and suitable for the interventions to be carried out in the dispenser (see function block 19). Verification gives rise to either a negative or a positive response. If the CAM does not comply (answer no), LCAM 11 delivers information to the user, in the form of a return of the card inserted (functional block 20). This constitutes a first security step insofar as this avoids the introduction of false cards or cards which are manipulated or which do not comply with the use for which they are intended, in the context for example of the maintenance of this type of distributor.

Dans l'hypothèse ou la CAM a été reconnue comme conforme, le dispositif de l'invention procède à une seconde étape de vérification, à savoir l'identification du porteur. En effet, il ne suffit pas que la CAM introduite soit une carte conforme, mais il convient également que la personne ayant introduit cette carte soit bien parmi celles qui sont autorisées à intervenir à l'intérieur du distributeur. Afin d'identifier le porteur de la carte (bloc 21), ce dernier, comme représenté schématiquement sur la figure 1, indique sur le clavier 16 disposé sur une face extérieure de l'appareil, un code qui lui est propre, en tapant sur les touches 15 correspondantes du clavier 16.In the event that the CAM has been recognized as compliant, the device of the invention proceeds to a second verification step, namely the identification of the wearer. Indeed, it is not enough that the CAM introduced is a compliant card, but it is also appropriate that the person who introduced this card is among those who are authorized to work inside the dispenser. In order to identify the holder of the card (block 21), the latter, as shown diagrammatically in FIG. 1, indicates on the keyboard 16 arranged on an external face of the device, a code which is specific to it, by typing on the corresponding keys 15 of the keyboard 16.

Là encore, en fonction du résultat de cette vérification, on aboutit soit au rejet de l'opération, et donc au renvoi de la carte vers l'utilisateur (bloc 22), soit à la validation de l'opération, le porteur étant identifié comme étant un porteur approprié; le dispositif procède alors à une troisième étape (bloc 23) visant à déterminer quel type d'opérations sont à effectuer, en d'autres termes, déterminer l'identité de la personne et notamment le type d'intervention qu'elle sollicite et qu'elle est autorisée à effectuer (maintenance et/réparation, ou prélèvement des sommes disposées dans la tirelire).Again, depending on the result of this verification, either the transaction is rejected, and therefore the card is returned to the user (block 22), or the transaction is validated, the carrier being identified. as being a suitable carrier; the device then proceeds to a third step (block 23) aimed at determining what type of operations are to be carried out, in other words, determining the identity of the person and in particular the type of intervention which he requests and that '' it is authorized to carry out (maintenance and / repair, or withdrawal of the sums disposed in the piggy bank).

Les éléments qui précèdent relatifs au fonctionnement du dispositif en relation avec la figure 2, ont été réalisés par un dialogue entre le LCAM 11 et l'unité centrale, par la liaison 12 (figure 1). Les vérifications de la conformité de la carte, de la conformité du porteur, et la détermination de la nature de l'intervention à effectuer sont réalisées par l'unité centrale.The above elements relating to the operation of the device in relation to FIG. 2, were produced by a dialogue between the LCAM 11 and the central unit, by the link 12 (FIG. 1). The verifications of the conformity of the card, of the conformity of the bearer, and the determination of the nature of the intervention to be carried out are carried out by the central unit.

En ce qui concerne la détermination de la nature de l'intervention demandée par l'utilisateur, le bloc fonctionnel 23 offre, dans l'exemple représenté, trois possibilités, à savoir une intervention de maintenance dite de premier niveau, une intervention de maintenance dite de second niveau, et une intervention dite de collecte, c'est-à-dire d'accès à la tirelire en vue de prélever le numéraire qu'elle contient. Ces trois possibilités sont représentées à titre d'exemple par les blocs fonctionnels de la figure 2 référencés 24, 25 et 26.As regards the determination of the nature of the intervention requested by the user, the functional block 23 offers, in the example shown, three possibilities, namely a so-called first level maintenance intervention, a so-called maintenance intervention second level, and a so-called collection intervention, that is to say access to the piggy bank in order to collect the cash it contains. These three possibilities are represented by way of example by the functional blocks of FIG. 2 referenced 24, 25 and 26.

L'accès aux différentes possibilités est effectué par l'intervenant qui, en fonction du code qu'il a introduit au départ, ou encore en fonction de la carte introduite qui elle-même porte une information propre à l'opération qu'est apte à effectuer l'intervenant, choisit ainsi le bloc fonctionnel correspondant (24, 25 ou 26). Dans l'hypothèse où l'intervenant souhaite une opération de maintenance dite de premier niveau (c'est-à-dire sur certains seulement des appareils contenus dans le distributeur et/ou en vue de la consultation de certains fichiers informatiques, ou de réparation), il convient de s'assurer encore une fois que celle-ci est possible compte tenu de la nature de la carte introduite, du porteur, et/ou d'autres informations telles que l'opportunité d'une opération de maintenance et/ou de réparation, et en fonction par exemple de la date de la dernière intervention ou tout autre élément de fait, tel qu'une panne nécessitant une intervention.Access to the various possibilities is carried out by the operator who, depending on the code he has introduced at the start, or depending on the card inserted, which itself carries information specific to the operation that is capable of carrying out the service provider, thus chooses the corresponding functional block (24, 25 or 26). In the event that the operator wishes a so-called first level maintenance operation (that is to say on only some of the devices contained in the distributor and / or for the consultation of certain computer files, or repair ), it should be checked once again that this is possible taking into account the nature of the card introduced, the holder, and / or other information such as the advisability of a maintenance operation and / or repair, and depending for example on the date of the last intervention or any other factual element, such as a breakdown requiring intervention.

Pour le bloc 24, on aboutit ainsi au bloc 27 symbolisant la dernière étape de vérification consistant à vérifier si l'opération demandée est possible; dans l'affirmative, l'unité centrale provoquera le déverrouillage de la porte de l'ensemble distributeur et permettra ainsi l'accès à l'intérieur de ce dernier (sauf à la tirelire). Dans le cas où l'accès est refusé, le dispositif provoque le retour de l'information vers le menu de maintenance premier niveau.For block 24, this leads to block 27 symbolizing the last verification step consisting in checking whether the requested operation is possible; if so, the central unit will unlock the door to the dispenser assembly and thus allow access to the interior of the latter (except the piggy bank). In the event that access is denied, the device causes the information to return to the first level maintenance menu.

Ainsi, pour chaque type d'opération souhaitée, une vérification est effectuée, aboutissant à un refus ou à une acceptation, qui se traduit par l'ouverture de la porte correspondante ou le maintien fermé de ladite porte (en cas de refus). Les blocs 27, 28 et 29 correspondent à ces dernières étapes de vérification.Thus, for each type of operation desired, a verification is carried out, leading to a refusal or acceptance, which results in the opening of the corresponding door or the keeping of the said door closed (in case of refusal). Blocks 27, 28 and 29 correspond to these last verification steps.

En cas d'acceptation des opérations demandées, on aboutit aux blocs 30, 31 et 32, symbolisant le déverrouillage de la porte correspondante, à savoir pour les blocs 30 et 31, le déverrouillage de la porte principale en vue d'opérations de maintenance et/ou de réparation, et pour le bloc 32, le déverrouillage de la porte du compartiment tirelire.If the requested operations are accepted, it leads to blocks 30, 31 and 32, symbolizing the unlocking of the corresponding door, namely for blocks 30 and 31, unlocking the main door for operations maintenance and / or repair, and for block 32, unlocking of the piggy bank compartment door.

Les opérations de vérification de porteurs de carte et d'identification de carte et d'opérations demandées, permettent de s'assurer, en mémorisant ces informations, dans l'unité centrale lors du déroulement de ces dernières, que les personnes intervenant sont les bonnes personnes, mais également que par exemple la personne amenée à faire la collecte, est bien une personne autorisée. On s'assure également que cette dernière n'intervient pas pour effectuer des opérations de maintenance et/ou de réparation qui dépasserait sa fonction et/ou ses capacités.The card holder and card identification verification operations and requested operations make it possible to ensure, by memorizing this information, in the central unit during the course of the latter, that the persons intervening are the right ones people, but also that for example the person responsible for collecting, is indeed an authorized person. It is also ensured that the latter does not intervene to carry out maintenance and / or repair operations which would exceed its function and / or its capacities.

La figure 3 montre, plus en détail, les moyens qui permettent le dialogue entre les différents éléments de l'invention, et notamment entre le LCAM, l'unité centrale, l'actionneur et la serrure de la tirelire.FIG. 3 shows, in more detail, the means which allow the dialogue between the various elements of the invention, and in particular between the LCAM, the central unit, the actuator and the lock of the piggy bank.

L'unité centrale 7 est reliée, de façon symbolique pour la commodité de la compréhension de l'invention, à un moyen susceptible d'engendrer un nombre aléatoire, référence 40, et une mémoire 41 contenant une clé-mère sous forme d'une valeur numérique. Ces valeurs numériques (nombre aléatoire et clé-mère) sont utilisées pour crypter l'information qui est véhiculée entre l'unité centrale et l'actionneur, par la ligne de communication 10. Les moyens de cryptage sont connus en eux-mêmes, sur le plan matériel, et par exemple peuvent faire appel, sous forme d'un logiciel, à un algorithme connu, tel qu'un algorithme du type DES (DATA ENCRYPTION STANDARD). Ces algorithmes sont connus en eux-mêmes et ne sont pas décrits ci-après plus en détail. Les moyens de cryptage/décryptage sont symboliquement représentés par le bloc.The central unit 7 is connected, symbolically for the convenience of understanding the invention, to a means capable of generating a random number, reference 40, and a memory 41 containing a mother key in the form of a numerical value. These numerical values (random number and mother key) are used to encrypt the information which is conveyed between the central unit and the actuator, by the communication line 10. The encryption means are known in themselves, on the hardware level, and for example may call, in the form of software, a known algorithm, such as an algorithm of the DES (DATA ENCRYPTION STANDARD) type. These algorithms are known in themselves and are not described below in more detail. The encryption / decryption means are symbolically represented by the block.

L'unité centrale 7 reçoit du bloc fonctionnel 32 (correspondant au bloc fonctionnel 32 de la figure 2) une demande de déverrouillage de la porte d'accès à la tirelire, en vue de la collecte. L'actionneur 8 est associé à la clé-mère issue du bloc 41, et également à des moyens de cryptage/décryptage référencés 43. L'actionneur est susceptible de commander, par une ligne de commande en trait gras et portant la référence 44, la serrure 9 apte à ouvrir la porte de la tirelire 4.The central unit 7 receives from the functional block 32 (corresponding to the functional block 32 of FIG. 2) a request to unlock the access door to the piggy bank, with a view to collection. The actuator 8 is associated with the mother key from the block 41, and also with means for encryption / decryption referenced 43. The actuator is capable of controlling, by a command line in bold line and bearing the reference 44, the lock 9 capable of opening the door of the piggy bank 4.

L'unité centrale, au reçu d'une demande d'ouverture de la porte de la tirelire 4, tire un nombre aléatoire du bloc 40 et crypte cette valeur par les moyens 42, à l'aide de la clé-mère du bloc 41. Cette valeur cryptée de la valeur aléatoire est adressée par la ligne de communication 10 vers l'actionneur 8. L'actionneur à son tour, par ses propres moyens de décryptage 43, connaissant la clé-mère du bloc 41, est capable de retrouver ledit nombre aléatoire.The central unit, upon receipt of a request to open the door of the piggy bank 4, draws a random number from block 40 and encrypts this value by means 42, using the mother key of block 41 This encrypted value of the random value is addressed by the communication line 10 to the actuator 8. The actuator in turn, by its own decryption means 43, knowing the mother key of block 41, is able to find said random number.

Ce dernier devient alors la clé-fille qui permettra de crypter la communication entre l'unité centrale 7 et l'actionneur 8. Le cryptage pourra être effectué comme indiqué ci-dessus à l'aide d'un algorithme du type connu tel que faisant appel à une fonction DES.The latter then becomes the daughter key which will encrypt the communication between the central unit 7 and the actuator 8. The encryption may be carried out as indicated above using an algorithm of the known type such as call to a DES function.

Ainsi la communication entre l'unité centrale et l'actionneur est réalisée sous forme cryptée, de manière inviolable, puisque la clé-fille servant à crypter le message est un nombre aléatoire qui n'est connu que de l'unité centrale et de l'actionneur. Il n'est donc pas possible d'intervenir au niveau de la communication, par des manoeuvres frauduleuses de simulation, de visualisation ou de détection des commandes ou ordres communiqués, d'actionner l'actionneur en vue de l'ouverture de la tirelire 4. La liaison 44 entre l'actionneur et la serrure est une liaison dite de puissance puisque la serrure est essentiellement un appareil électricomécanique qui nécessite une puissance électrique, notamment importante. Le dispositif' de l'invention permet d'isoler la partie actionneur à l'intérieur de la tirelire, et ainsi d'empêcher toute action directe sur la serrure, par des moyens de puissance relativement aisés à dupliquer.Thus, the communication between the central unit and the actuator is carried out in encrypted form, in an inviolable manner, since the daughter key used to encrypt the message is a random number which is known only to the central unit and the actuator. It is therefore not possible to intervene at the level of communication, by fraudulent maneuvers of simulation, display or detection of the commands or orders communicated, to actuate the actuator with a view to the opening of the piggy bank 4 The link 44 between the actuator and the lock is a so-called power link since the lock is essentially an electrical-mechanical device which requires electrical power, in particular significant power. The device of the invention makes it possible to isolate the actuator part inside the piggy bank, and thus to prevent any direct action on the lock, by means of power relatively easy to duplicate.

En complément, le dispositif comporte des moyens de mémorisation des caractéristiques des opérations effectuées, telles que le nombre d'opérations, l'identité des personnes intervenant et également de mémorisation des caractéristiques de cartes à mémoire valables mais qui ont été égarées puis retrouvées par une personne non autorisée et introduites dans le distributeur de manière frauduleuse. Ceci permet dès le début des opérations d'identifier toute manoeuvre frauduleuse.In addition, the device includes means for memorizing the characteristics of the operations carried out, such as the number of operations, the identity of the people involved and also the memorization of the characteristics of valid memory cards but which have been lost and then found by an unauthorized person and fraudulently introduced into the dispenser. This allows from the start of operations to identify any fraudulent maneuver.

La description qui précède se réfère à l'aspect sécurité vis-à-vis de la tirelire (monnaie).The above description refers to the security aspect vis-à-vis the piggy bank (money).

Le système de l'invention permet également d'assurer la sécurité d'accès au compartiment maintenance pouvant détenir, sous forme de titres de transport pré-imprimés, des valeurs très importantes.The system of the invention also makes it possible to ensure security of access to the maintenance compartment which can hold, in the form of pre-printed transport tickets, very important values.

En effet, l'actionneur et le système de cryptage de l'invention commandent l'ouverture des deux portes des deux compartiments "tirelire" et "maintenance".Indeed, the actuator and the encryption system of the invention control the opening of the two doors of the two compartments "piggy bank" and "maintenance".

Une personne autorisée pour la maintenance, ayant ouvert la porte maintenance ne doit pas avoir accès au système de fermeture de cette même porte; à défaut, il pourrait frauduleusement bloquer l'actionneur et ainsi intervenir plus tard sur une machine sans "défense".A person authorized for maintenance, who has opened the maintenance door, must not have access to the closing system of this same door; otherwise, he could fraudulently block the actuator and thus intervene later on a machine without "defense".

C'est pourquoi l'ensemble de fermeture complet compartiment maintenance et compartiment tirelire sont situés dans la zone blindée du compartiment tirelire.This is why the complete maintenance compartment and piggy bank closing assembly are located in the shielded zone of the piggy bank compartment.

L'invention n'est pas limitée au mode de réalisation décrit ci-dessus, mais englobe toute variante telle qu'elle apparaît dans les revendications ci-après.The invention is not limited to the embodiment described above, but encompasses any variant as it appears in the claims below.

Claims (7)

  1. A device for controlling and giving differential access to at least a first compartment (3) and a second compartment (4) defined inside an enclosure (1) of a dispenser for goods and/or services, in such a manner as to prevent access to the second compartment (4) while allowing access to the first compartment (3), said device comprising:
    · recognition means (11) for recognizing an identifying object (14) of an intervening person (13), the object being inserted from the outside;
    · a central unit (7) with which said recognition means (11) are adapted to communicate through first dialog means; and
    · an actuator (8) disposed inside the second compartment (4) and adapted to allow opening/closing of a lock (9) associated with said second compartment,
    said device being characterized in that said central unit (7) is adapted to communicate in an encrypted manner through the first dialog means with the recognition means and through second dialog means with said actuator (8), so as to control the actuator, and includes means adapted to generate an encrypted message with the aid of a mother key specific to the central unit (7), said actuator (8) having means (43) adapted to decrypt said message in order to recover said mother key, the latter thus becoming the daughter key adapted to be used to generate at least one communication message between the actuator (8) and the central unit (7) and vice versa.
  2. A device according to claim 1, characterized in that said mother key is formed by a random number generated by the central unit (7).
  3. A device according to claim 1 or 2, characterized in that said object (14) inserted by the intervening person is a memory card (14) and the recognition means (11) include a memory card reader (MCR).
  4. A device according to any one of claims 1 to 3, characterized in that the dialog means include an encrypting algorithm.
  5. A device according to claim 4, characterized in that said encrypting algorithm is a DES (data encryption standard) algorithm.
  6. A device according to any one of claims 3 to 5, characterized in that the recognition means (11) are also adapted to check a code pertaining to the holder of the memory card (14).
  7. A device according to any one of claims 1 to 6, characterized in that it further includes a memory adapted to record the set of operations carried out and the identity of the intervening persons.
EP94201452A 1993-06-02 1994-05-24 Monitoring and controlling device of the differential access to at least two separate sections provided in an enclosed space Expired - Lifetime EP0627713B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR9306589A FR2706058B1 (en) 1993-06-02 1993-06-02 Device for controlling and controlling differential access to at least two compartments inside an enclosure.
FR9306589 1993-06-02

Publications (2)

Publication Number Publication Date
EP0627713A1 EP0627713A1 (en) 1994-12-07
EP0627713B1 true EP0627713B1 (en) 1997-09-24

Family

ID=9447671

Family Applications (1)

Application Number Title Priority Date Filing Date
EP94201452A Expired - Lifetime EP0627713B1 (en) 1993-06-02 1994-05-24 Monitoring and controlling device of the differential access to at least two separate sections provided in an enclosed space

Country Status (6)

Country Link
US (1) US5434399A (en)
EP (1) EP0627713B1 (en)
JP (1) JPH07173959A (en)
DE (1) DE69405811T2 (en)
ES (1) ES2108365T3 (en)
FR (1) FR2706058B1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5614892A (en) * 1995-04-24 1997-03-25 Pom, Inc. Payment slot communicating apparatus for vendng prices
GB9521398D0 (en) * 1995-10-18 1995-12-20 Johnson David B Vending apparatus
GB2338816B (en) * 1995-10-18 2000-03-15 David Brian Johnson Access mechanism for vending apparatus gaming machines and the like
US6823317B1 (en) * 1996-04-02 2004-11-23 Axxian Technologies Inc Urban parking system
US6505774B1 (en) * 1998-12-09 2003-01-14 Miti Manufacturing Company Automated fee collection and parking ticket dispensing machine
US6942144B2 (en) * 2002-11-26 2005-09-13 Neopost Industrie Sa Secure remote access to metering product enclosure
GB0414840D0 (en) * 2004-07-02 2004-08-04 Ncr Int Inc Self-service terminal
WO2007045051A1 (en) * 2005-10-21 2007-04-26 Honeywell Limited An authorisation system and a method of authorisation
AU2011224140B2 (en) 2010-09-27 2015-12-17 Multitrode Pty Ltd Controlling Access to a Control Panel Compartment
DE102011052575A1 (en) * 2011-08-11 2013-02-14 Wincor Nixdorf International Gmbh Device for handling coins
CN109448206A (en) * 2018-12-29 2019-03-08 合肥美的智能科技有限公司 Lock body control method, retail units and storage medium

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4234932A (en) * 1978-09-05 1980-11-18 Honeywell Information Systems Inc. Security system for remote cash dispensers
JPS5936868A (en) * 1982-08-25 1984-02-29 Omron Tateisi Electronics Co Electronic cash register
US4512453A (en) * 1982-09-24 1985-04-23 Umc Industries, Inc. Vendor accountability system
NL8204672A (en) * 1982-12-01 1984-07-02 Nedap Nv Night-safe for bank - uses electronic detector to accept only cash cassettes which respond with authorisation code
US4578567A (en) * 1983-08-25 1986-03-25 Ncr Corporation Method and apparatus for gaining access to a system having controlled access thereto
US4630201A (en) * 1984-02-14 1986-12-16 International Security Note & Computer Corporation On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
DE3433774A1 (en) * 1984-09-14 1986-03-27 Peter 6451 Ronneburg Friedrich Cashless operation of automatic machines of any kind, particularly automatic entertainment, gaming, ticket and vending machines, by data carrier (plastic card or the like)
JPS629470A (en) * 1985-07-05 1987-01-17 Casio Comput Co Ltd Identity collation system for individual identification card
US4730117A (en) * 1986-10-03 1988-03-08 General Signal Corporation Cash box identification system
US4870400A (en) * 1988-01-26 1989-09-26 Yale Security Inc. Electronic door lock key re-sequencing function
FR2649748B1 (en) * 1989-07-17 1991-10-11 Axyval Sa SYSTEM FOR PROTECTING DOCUMENTS OR VALUABLE OBJECTS CONTAINED IN A PHYSICALLY INVIOLABLE CONTAINER, WHICH ELSEWHERE PASSED BY A SUCCESSION OF AUTHENTICATED LOGICAL STATES IN RESTRICTED NUMBERS
US5226080A (en) * 1990-06-22 1993-07-06 Grid Systems Corporation Method and apparatus for password protection of a computer
FR2685113B1 (en) * 1991-12-17 1998-07-24 Gemplus Card Int PROCESS OF INTERVENTION ON A TERMINAL OF GOODS OR SERVICES.

Also Published As

Publication number Publication date
FR2706058A1 (en) 1994-12-09
US5434399A (en) 1995-07-18
DE69405811D1 (en) 1997-10-30
DE69405811T2 (en) 1998-02-26
FR2706058B1 (en) 1995-08-11
JPH07173959A (en) 1995-07-11
ES2108365T3 (en) 1997-12-16
EP0627713A1 (en) 1994-12-07

Similar Documents

Publication Publication Date Title
EP0028965B1 (en) System for the identification of persons requesting access to certain areas
CH633379A5 (en) SECURITY INSTALLATION, PARTICULARLY FOR THE EXECUTION OF BANKING OPERATIONS.
CA2171626C (en) Access control system for restricting access to authorised hours and renewing it using a portable storage medium
CA1289240C (en) Method to authentify external validation data by means of a portable device such as a memory card
KR100389229B1 (en) Transaction Processing System and Transaction Processing Method
EP0617819B1 (en) Device for intervention on a terminal delivering goods or services
EP0426541B1 (en) Method of protection against fraudulent use of a microprocessor card and device for its application
EP0627713B1 (en) Monitoring and controlling device of the differential access to at least two separate sections provided in an enclosed space
WO1982002446A1 (en) Security method and device for three-party communication of confidential data
FR2475254A1 (en) APPARATUS AND METHOD FOR CODING CARDS PROVIDING MULTI-LEVEL SECURITY
FR2471632A1 (en) APPARATUS AND METHOD FOR ENCODING AND DECODING A CARD DELIVERED TO AN INDIVIDUAL BY AN ENTITY
FR2600189A1 (en) METHOD FOR AUTHENTICATING BY A OUTER MEDIUM A PORTABLE OBJECT SUCH AS A MEMORY CARD ACCOUPLED TO THIS MEDIUM
FR2979726A1 (en) Electronic lock for safe utilized for selling e.g. goods, has keyboard actuated by operator, and smart card connected to reader by utilizing modem that is in communication with central server
ES2313872T3 (en) AUTOMATIC CASHIER AND ASSOCIATED METHOD.
US20050197945A1 (en) Optical banking card
WO2001099337A1 (en) Method for secure biometric authentication/identification, biometric data input module and verification module
CA2166895C (en) Method for the production of a key common to two devices for implementing a common cryptographic procedure and associated apparatus
EP0856624B1 (en) Safety device for motor vehicle and learning method therefor
EP0995172A1 (en) Personal computer terminal capable of safely communicating with a computer equipment, and authenticating method used by said terminal
EP1371025B1 (en) Device for limiting access to a confined space
EP1451783A1 (en) Method, system and device for authenticating data transmitted and/or received by a user
KR19990078671A (en) Exchange System by Finger-print Proof
WO2002045031A1 (en) Device for securing access to a content located inside an enclosure
FR2651058A1 (en) SYSTEM AND METHOD FOR CONTROLLING THE COLLECTION OF PREPAID TERMINALS
EP1008115A1 (en) Computer communication for on-site processing of payment issues

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): CH DE ES FR GB IT LI

17P Request for examination filed

Effective date: 19950413

17Q First examination report despatched

Effective date: 19960109

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): CH DE ES FR GB IT LI

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

ITF It: translation for a ep patent filed

Owner name: BARZANO' E ZANARDO MILANO S.P.A.

REG Reference to a national code

Ref country code: CH

Ref legal event code: NV

Representative=s name: A. BRAUN, BRAUN, HERITIER, ESCHMANN AG PATENTANWAE

REF Corresponds to:

Ref document number: 69405811

Country of ref document: DE

Date of ref document: 19971030

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 19971009

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2108365

Country of ref document: ES

Kind code of ref document: T3

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 19980519

Year of fee payment: 5

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 19980524

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed
GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 19980524

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20000131

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20040518

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: CH

Payment date: 20040527

Year of fee payment: 11

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES;WARNING: LAPSES OF ITALIAN PATENTS WITH EFFECTIVE DATE BEFORE 2007 MAY HAVE OCCURRED AT ANY TIME BEFORE 2007. THE CORRECT EFFECTIVE DATE MAY BE DIFFERENT FROM THE ONE RECORDED.

Effective date: 20050524

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20050525

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20050531

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20050531

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: ES

Ref legal event code: FD2A

Effective date: 20050525

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20090512

Year of fee payment: 16

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20101201