US20230380087A1 - Data center security systems and devices - Google Patents
Data center security systems and devices Download PDFInfo
- Publication number
- US20230380087A1 US20230380087A1 US18/230,408 US202318230408A US2023380087A1 US 20230380087 A1 US20230380087 A1 US 20230380087A1 US 202318230408 A US202318230408 A US 202318230408A US 2023380087 A1 US2023380087 A1 US 2023380087A1
- Authority
- US
- United States
- Prior art keywords
- key
- housing
- data drive
- latch
- lockable enclosure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 41
- 230000004044 response Effects 0.000 claims description 3
- 238000012546 transfer Methods 0.000 description 91
- 238000004891 communication Methods 0.000 description 60
- 230000001939 inductive effect Effects 0.000 description 57
- 230000007246 mechanism Effects 0.000 description 38
- 239000000523 sample Substances 0.000 description 30
- 238000012806 monitoring device Methods 0.000 description 17
- 230000003287 optical effect Effects 0.000 description 17
- 230000005540 biological transmission Effects 0.000 description 16
- 230000006378 damage Effects 0.000 description 12
- 239000004020 conductor Substances 0.000 description 11
- 238000004804 winding Methods 0.000 description 11
- 230000004913 activation Effects 0.000 description 10
- 238000001994 activation Methods 0.000 description 10
- 230000006698 induction Effects 0.000 description 9
- 238000013475 authorization Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 229910000859 α-Fe Inorganic materials 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000000717 retained effect Effects 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 2
- 239000003990 capacitor Substances 0.000 description 2
- QVFWZNCVPCJQOP-UHFFFAOYSA-N chloralodol Chemical compound CC(O)(C)CC(C)OC(O)C(Cl)(Cl)Cl QVFWZNCVPCJQOP-UHFFFAOYSA-N 0.000 description 2
- 230000001010 compromised effect Effects 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 230000001815 facial effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000035699 permeability Effects 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 238000003466 welding Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000005520 cutting process Methods 0.000 description 1
- 230000000994 depressogenic effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012432 intermediate storage Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 229920000515 polycarbonate Polymers 0.000 description 1
- 239000004417 polycarbonate Substances 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
-
- H—ELECTRICITY
- H05—ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
- H05K—PRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
- H05K5/00—Casings, cabinets or drawers for electric apparatus
- H05K5/02—Details
- H05K5/0217—Mechanical details of casings
- H05K5/0221—Locks; Latches
-
- H—ELECTRICITY
- H05—ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
- H05K—PRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
- H05K5/00—Casings, cabinets or drawers for electric apparatus
- H05K5/02—Details
- H05K5/0256—Details of interchangeable modules or receptacles therefor, e.g. cartridge mechanisms
- H05K5/0286—Receptacles therefor, e.g. card slots, module sockets, card groundings
- H05K5/0291—Receptacles therefor, e.g. card slots, module sockets, card groundings for multiple cards
-
- H—ELECTRICITY
- H05—ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
- H05K—PRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
- H05K7/00—Constructional details common to different types of electric apparatus
- H05K7/14—Mounting supporting structure in casing or on frame or rack
- H05K7/1485—Servers; Data center rooms, e.g. 19-inch computer racks
- H05K7/1487—Blade assemblies, e.g. blade cases or inner arrangements within a blade
-
- H—ELECTRICITY
- H05—ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
- H05K—PRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
- H05K7/00—Constructional details common to different types of electric apparatus
- H05K7/14—Mounting supporting structure in casing or on frame or rack
- H05K7/1485—Servers; Data center rooms, e.g. 19-inch computer racks
- H05K7/1488—Cabinets therefor, e.g. chassis or racks or mechanical interfaces between blades and support structures
Definitions
- Embodiments of the present invention relates generally to access management, electronic locks, systems, devices, lockable enclosures, and methods for data centers.
- Data centers utilize a variety of media to transfer and store various information. Because the media may contain sensitive or confidential information, it is desirable to ensure that the media is secure and that there is an adequate chain of custody for anyone accessing the media.
- Embodiments of the present invention are directed towards a lockable enclosure for a data drive.
- the lockable enclosure comprises a housing configured to house a first data drive, the first data drive configured to be removed from the housing.
- the lockable enclosure also includes a latch contained within the housing and configured to receive a second data drive, wherein the latch is configured to move within the housing for dispensing the first data drive from the housing while the second data drive remains secured therein.
- a lockable enclosure for a data drive in another embodiment, includes a housing configured to contain a first data drive, the first data drive configured to be removed from the housing.
- the housing is configured to receive a second data drive, and the first data drive is only configured to be removed from the housing when the second data drive is secured therein.
- a method for securing and dispensing data drives includes providing a housing containing a first data drive, the first data drive configured to be removed from the housing. The method further includes inserting a second data drive within the housing and dispensing the first data drive from the housing only when the second data drive is secured within the housing.
- a security system for a data center includes a plurality of electronic keys and a plurality of media drives configured to be removably connected to a respective electrical component of a server rack, each of the media drives configured to communicate with any one of the electronic keys for enabling the media drive to communicate with the component.
- each of the media drives is a USB drive with a USB connector.
- each of the media drives is the same size and configuration as an SSD drive.
- each of the media drives comprises a connector configured to move between a retracted position and an extended position relative to the media drive, and the connector is configured to be removably connected to the electrical component.
- the security system also includes one or more remote devices configured to communicate with the plurality of electronic keys and/or the media drives in a cloud network.
- each of the media devices comprises a unique identifier
- each of the electronic keys is configured to obtain the unique identifier from the media device when the media device is enabled.
- each of the media drives is configured to be disabled upon removal from the respective electrical component.
- each of the media drives has a disabled mode whereby the media drive is incapable of communicating with the component, and each of the media drives is configured to communicate with one of the electronic keys in the disabled mode for enabling the media drive to communicate with the respective component.
- a security device for a data center comprises a media drive configured to be removably connected to a component of a server rack, the media drive having a disabled mode whereby the media drive is incapable of communicating with the component, the media drive is configured to communicate with a key in the disabled mode for enabling the media drive to communicate with the component.
- the media drive is a USB drive with a USB connector.
- the media drive is the same size and configuration as an SSD drive.
- the media drive comprises a connector configured to move between a retracted position and an extended position relative to the media drive, and wherein the connector is configured to be removably connected to the component.
- FIG. 1 A shows an embodiment of a security system and method including a programmable electronic key, a security device, a programming station and a charging station according to an embodiment of the invention.
- FIG. 1 B is an enlarged view showing the programmable electronic key of FIG. 1 A positioned on the programming station of FIG. 1 A to be programmed with a security code.
- FIG. 2 further shows the system and method of FIG. 1 A with the programmable electronic key positioned to operate the security device.
- FIG. 3 A further shows the system and method of FIG. 1 A with the programmable electronic key disposed on the charging station.
- FIG. 3 B is an enlarged view showing the programmable electronic key of FIG. 1 A positioned on the charging station of FIG. 1 A to recharge a power source disposed within the key.
- FIG. 4 is an enlarged view showing the security device of the system and method of FIG. 1 A .
- FIG. 5 is an enlarged view showing the programmable electronic key of the system and method of FIG. 1 A in greater detail.
- FIG. 6 is an exploded view of the programmable electronic key of FIG. 5 .
- FIG. 7 A is a perspective view of the programmable electronic key of FIG. 5 .
- FIG. 7 B is an end view of the programmable electronic key of FIG. 5 .
- FIG. 8 is a perspective view showing a lengthwise cross-section of the programmable electronic key of FIG. 5 .
- FIG. 9 A is a top view showing the charging station of the system and method of FIG. 1 A .
- FIG. 9 B is a perspective view showing a diagonal cross-section of the charging station of FIG. 9 A taken along the line 9 B- 9 B.
- FIG. 10 shows another embodiment of a security system and method including a programmable electronic key, a security device, a programming station and a charging station according to an embodiment of the invention.
- FIG. 11 is an enlarged view showing the programmable electronic key of FIG. 10 positioned on the charging station of FIG. 10 to recharge a power source disposed within the key.
- FIG. 12 is an enlarged view showing the security device of the system and method of FIG. 10 .
- FIG. 13 is an enlarged view showing the programmable electronic key of the system and method of FIG. 10 in greater detail.
- FIG. 14 is a perspective view showing a pair of matched coils for use with the programmable electronic key and the security device of FIG. 10 .
- FIG. 15 A is a perspective view of the programmable electronic key of FIG. 13 .
- FIG. 15 B is an end view of the programmable electronic key of FIG. 13 .
- FIG. 16 is a perspective view showing a lengthwise cross-section of the programmable electronic key of FIG. 13 .
- FIG. 17 A is a top view showing the charging station of the system and method of FIG. 10 .
- FIG. 17 B is a perspective view showing a diagonal cross-section of the charging station of FIG. 17 A taken along the line 17 B- 17 B.
- FIG. 18 illustrates a system comprising a server rack and a lock according to an embodiment of the invention.
- FIG. 19 illustrates a system comprising a server rack and a lock configured to communicate with a remote device according to an embodiment of the invention.
- FIG. 20 is a perspective view of a lockable enclosure and a secure bin according to one embodiment.
- FIG. 21 are perspective views of the lockable enclosure shown in FIG. 20 showing the sequence of securing the media in the lockable enclosure according to one embodiment.
- FIG. 22 are perspective views of the lockable enclosure and media shown in FIG. 20 .
- FIG. 23 is a front view of the lockable enclosure and media shown in FIG. 20 .
- FIG. 24 is a front view of the lockable enclosure shown in FIG. 20 and a remote device prior to securing the media according to one embodiment.
- FIG. 25 is a front view of the lockable enclosure shown in FIG. 20 prior to locking the media therein according to one embodiment.
- FIG. 26 is a front view of the lockable enclosure shown in FIG. 20 and a remote device prior to locking the lockable enclosure according to one embodiment.
- FIG. 27 is a front view of the lockable enclosure FIG. 20 with the media locked therein according to one embodiment.
- FIG. 28 is a front view of the lockable enclosure shown in FIG. 20 and a remote device after locking the lockable enclosure according to one embodiment.
- FIG. 29 is another front view of the lockable enclosure shown in FIG. 20 .
- FIG. 30 is a front view of the lockable enclosure shown in FIG. 20 and a remote device after detecting a tamper attempt according to one embodiment.
- FIG. 31 is a perspective view of a USB drive according to one embodiment.
- FIG. 32 are perspective views of the USB drive shown in FIG. 31 in different states.
- FIG. 33 are perspective views of the USB drive shown in FIG. 31 prior to removal of the USB connector according to one embodiment.
- FIG. 34 is a perspective view of the USB drive shown in FIG. 31 in communication with an electronic key according to one embodiment.
- FIG. 35 show perspective views of a lockable enclosure according to another embodiment.
- FIG. 36 are perspective views of the lockable enclosure shown in FIG. 35 showing the sequence of securing the media in the lockable enclosure according to one embodiment.
- FIG. 37 are side views of the lockable enclosure shown in FIG. 35 .
- FIG. 38 are perspective views of the lockable enclosure shown in FIG. 35 showing the sequence of securing the media in the lockable enclosure according to one embodiment.
- FIG. 39 is an elevation view of a lockable enclosure according to one embodiment.
- FIG. 40 is a side view of a lockable enclosure according to one embodiment.
- FIG. 41 is an elevation view of a lockable enclosure with a latch in a first position according to one embodiment.
- FIG. 42 is an elevation view of the lockable enclosure shown in FIG. 41 with the latch in a second position.
- FIG. 43 is an elevation view of the lockable enclosure shown in FIG. 41 with the latch in a first position and housing a new media drive.
- FIG. 44 is an elevation view of the lockable enclosure shown in FIG. 41 with the latch in a first position and after receiving an old media drive.
- FIG. 45 is an elevation view of the lockable enclosure shown in FIG. 41 with the latch in a second position for dispensing the old media drive.
- FIG. 46 is an elevation view of the lockable enclosure shown in FIG. 41 with the latch in the second position and housing the old media drive.
- FIG. 47 are perspective views of a lockable enclosure in a first position and a second position for dispensing a new media drive according to one embodiment.
- FIG. 48 are perspective views of a lockable enclosure in a first position and a second position for dispensing a new media drive according to one embodiment.
- FIG. 49 are perspective views of a lockable enclosure in a first position and a second position for dispensing a new media drive according to one embodiment.
- FIG. 50 are perspective views of a lockable enclosure in a first position and a second position for securing a data drive according to one embodiment.
- the system and method include an electronic key and a security device.
- Security devices suitable for use with the electronic keys include, but are not limited to, security devices for various types of fixtures, such as server racks for storing various types and quantities of computer and/or network equipment or components, such as for example, servers, computers, hard drives, media storage, routers, hubs, network switches, etc.
- the server rack may define an enclosure that is configured to secure various computer and/or network equipment or components that is only configured to be accessed by authorized personnel, such as described in the following embodiments.
- embodiments of the present invention are applicable to any number of security devices for securing various items from theft, including those other than with respect to data centers.
- Embodiments of the present invention may provide security devices for protecting equipment from theft in a data center environment that may include valuable data as well as providing various data regarding accesses or attempted accesses to the equipment.
- some embodiments disclosed herein are directed to use of security devices with cabinets, it is understood that any variety of fixtures may be used that are configured to house or otherwise secure items to be secured.
- FIGS. 1 A- 9 B An embodiment of a system and method according to the invention is illustrated in FIGS. 1 A- 9 B .
- the embodiment of the security system and method depicted comprises a programmable electronic key 20 , which is also referred to herein as a security key or an electronic key, and a security device 40 that is configured to be operated by the key.
- the system and method may further comprise an optional programming or authorization station, indicated generally at 60 , that is operable for programming the key 20 with a security code, which is also referred to herein as a Security Disarm Code (SDC).
- SDC Security Disarm Code
- SDC is not intended to be limiting, as it may be any code configured to be used to determine whether the key 20 is authorized to control the security device 40 .
- the system and method may further comprise an optional charging station, indicated generally at 80 , that is operable for initially charging and/or subsequently recharging a power source disposed within the key 20 .
- security key 20 and security device 40 may each be programmed with the same SDC into a respective permanent memory.
- the security key 20 may be provisioned with a single-use (e.g., non-rechargeable) power source, such as a conventional or extended-life battery, or alternatively, the key may be provisioned with a multiple-use (e.g., rechargeable) power source, such as a conventional capacitor or rechargeable battery.
- the power source may be permanent, semi-permanent (e.g., replaceable), or rechargeable, as desired.
- charging station 80 is provided to initially charge and/or to subsequently recharge the power source provided within the security key 20 .
- key 20 and/or security device 40 may be provided with only a transient memory, such that the SDC must be programmed (or reprogrammed) at predetermined time intervals.
- programming station 60 is provided to initially program and/or to subsequently reprogram the SDC into the key 20 .
- key 20 is operable to initially program and/or to subsequently reprogram the security device 40 with the SDC. Key 20 is then further operable to operate the security device 40 using power transferred to the security device and/or data communicated with the device, as will be described.
- programmable electronic key 20 is configured to be programmed with a unique SDC by the programming station 60 .
- a programming station 60 suitable for use with the present invention is shown and described in detail in the commonly owned U.S. Pat. No. 7,737,844 entitled PROGRAMMING STATION FOR A SECURITY SYSTEM FOR PROTECTING MERCHANDISE, the disclosure of which is incorporated herein by reference in its entirety.
- the key 20 is presented to the programming station 60 and communication therebetween is initiated, for example by pressing a control button 22 provided on the exterior of the key.
- Communication between the programming station 60 and the key may be accomplished directly, for example, by one or more electrical contacts, or indirectly, for example by wireless communication. Any form of wireless communication capable of transferring data between the programming station 60 and key 20 is also possible, including without limitation optical transmission, acoustic transmission, or magnetic induction. In the embodiments shown and described herein, communication between programming station 60 and key 20 is accomplished by wireless optical transmission, and more particularly, by cooperating infrared (IR) transceivers provided in the programming station and the key. The components and method of IR communication between programming station 60 and key 20 is described in greater detail in the aforementioned U.S. Pat. No. 7,737,844, and accordingly, will not be repeated here.
- IR infrared
- the programming station comprises at least a logic control circuit for generating or being provided with a SDC, a memory for storing the SDC, and a communications system suitable for interacting with the programmable electronic key 20 in the manner described herein to program the key with the SDC.
- programming station 60 comprises a housing 61 configured to contain the logic control circuit that generates the SDC, the memory that stores the SDC, and a communications system, namely an optical transceiver, for wirelessly communicating the SDC to a cooperating optical transceiver disposed within the key 20 .
- the logic control circuit generates the SDC, which may be a predetermined (e.g., “factory preset”) security code, a serial number, or which may be a security code that is randomly generated by the logic control circuit of the programming station 60 at the time a first key 20 is presented to the station for programming.
- the logic control circuit further comprises a random number generator for producing the unique SDC.
- a series of visual indicators for example light-emitting diodes (LEDs) 67 may be provided on the exterior of the housing 61 for indicating the operating status of the programming station.
- Use of the programming station 60 may further require authorization, such as with a mechanical lock mechanism, for example, a conventional key and tumbler lock 68 , for preventing use of the programming station by an unauthorized person.
- the programming station 60 may require various other forms of authentication, such as a pin code, biometric identification, facial recognition, etc. in order to activate the key 20 or otherwise gain access to the key.
- the programming station 60 may be operatively connected to an external power source by a power cord 70 having at least one conductor.
- the programming station 60 may comprise an internal power source, for example an extended-life replaceable battery or a rechargeable battery, for providing power to the logic control circuit and the LEDs 67 .
- the logic control circuit of the programming station 60 performs an electronic exchange of data with a logic control circuit of the key 20 , commonly referred to as a “handshake communication protocol.”
- the handshake communication protocol determines whether the key is an authorized key that has not been programmed previously, or is an authorized key that is being presented to the programming station a subsequent time to refresh the SDC. In the event that the handshake communication protocol fails, the programming station 60 will not provide the SDC to the unauthorized device attempting to obtain the SDC, for example an infrared reader on a counterfeit key.
- programming station 60 permits the SDC randomly generated by the logic control circuit and/or stored in the memory of the station to be transmitted by the optical transceiver to the cooperating optical transceiver disposed within the key 20 .
- the SDC may be transmitted from the programming station 60 to the security key 20 alternatively by any other suitable means, including without limitation, electrical contacts or electromechanical, electromagnetic or magnetic conductors, as desired.
- the security key 20 programmed with the SDC is then positioned to operatively engage the security device 40 .
- the security device is a conventional cabinet lock that has been modified to be unlocked by the programmable electronic key 20 .
- the security device 40 is a “passive” device.
- the term passive is intended to mean that the security device 40 does not have an internal power source sufficient to perform any functions (e.g., lock and/or unlock a mechanical lock mechanism).
- Significant cost savings are obtained by a retailer when the security device 40 is passive since the expense of an internal power source is confined to the security key 20 , and one such key is able to operate multiple security devices.
- the security device 40 may also be provided with a temporary power source (e.g., capacitor or limited-life battery) having sufficient power to activate an alarm, for example a piezoelectric audible alarm, that is actuated by a sensor, for example a contact, proximity or limit switch, in response to a security breach.
- the temporary power source may also be sufficient to communicate data, for example a SDC, from the security device 40 to the security key 20 to authenticate the security device and thereby authorize the key to provide power to the security device.
- the mechanical lock mechanism is operated by electrical power that is transferred from the key 20 to the security device 40 via electrical contacts, as will be described.
- the security device 40 further comprises a logic control circuit, similar to the logic control circuit disposed within the key 20 , adapted to perform a handshake communication protocol with the logic control circuit of the key in essentially the same manner as that between the programming station 60 and the key.
- the logic control circuit of the key 20 and the logic control circuit of the security device 40 communicate with each other to determine whether the security device is an authorized device that does not have a security code, or is a device having a proper (e.g., matching) SDC.
- the key 20 may be configured to initially transfer power to the security device 40 in the event the security device is a passive device to allow the security device to communicate with the key.
- the key 20 will not program the device 40 with the SDC, and consequently, the security device will not operate. If the security device 40 was previously programmed with a different SDC, the device will no longer communicate with the security key 20 .
- the security key 20 permits the SDC stored in the key to be transmitted by the optical transceiver disposed within the key to a cooperating optical transceiver disposed within the security device 40 to program the device with the SDC.
- the SDC may be transmitted from the security key 20 to the security device 40 alternatively by any other suitable means, including without limitation, via one or more electrical contacts, or via electromechanical, electromagnetic or magnetic conductors, as desired. Furthermore, the SDC may be transmitted by inductive transfer of data from the programmable electronic key 20 to the programmable security device 40 .
- the mechanical lock mechanism of the security device 40 may operate using power from the key 20 , either power that had been previously transferred by the key and stored by the security device and/or by power transmitted by the key to the security device.
- electrical contacts disposed on the security key 20 electrically couple with cooperating electrical contacts on the security device 40 to transfer power from the internal battery of the key to the security device. Power may be transferred directly to the mechanical lock mechanism, or alternatively, may be transferred to a power circuit disposed within the security device 40 that operates the mechanical lock mechanism of the security device and may be configured to store the power for subsequent operation of the lock mechanism.
- the cabinet lock 40 is affixed to one of the pair of adjacent and overlapping sliding doors 102 of a conventional cabinet 100 .
- the cabinet 100 typically contains various types of equipment 110 .
- the doors 102 overlap medially between the ends of the cabinet 100 and the cabinet lock 40 is secured on an elongate locking arm 104 of a lock bracket 105 affixed to the inner door.
- the key 20 transfers power to an electric motor, such as a DC stepper motor, solenoid, or the like, that unlocks the lock mechanism of the cabinet lock 40 so that the cabinet lock can be removed from the arm 104 of the bracket 105 and the doors moved (e.g., slid) relative to one another to access the equipment 110 stored within the cabinet 100 .
- an electric motor such as a DC stepper motor, solenoid, or the like
- the arm 104 of the bracket 105 is provided with one-way ratchet teeth 106 and the cabinet lock 40 is provided with a complimentary ratchet pawls (not shown) in a conventional manner so that the key 20 is not required to lock the cabinet lock 40 onto the inner door 102 of the cabinet 100 .
- the cabinet lock 40 can be configured to require use of the key 20 to both unlock and lock the cabinet lock.
- the cabinet lock illustrated herein is but one of numerous types of passive security devices 40 that can be configured to be operated by a programmable electronic key 20 according to the present invention.
- the security device 40 may further comprise an electronic lock mechanism, such as a conventional proximity, limit or contact switch, including an associated monitoring circuit that activates an alarm in response to the switch being actuated or the integrity of a sense loop monitored by the monitoring circuit being compromised.
- the security device 40 comprises a logic control circuit, or the equivalent, including a memory for storing a SDC, and a communication system for initially receiving the SDC from the security key 20 and subsequently communicating with the key to authenticate the SDC of the key.
- the security system and method further comprises charging station 80 for initially charging and subsequently recharging a rechargeable battery disposed within the security key 20 .
- the charging station 80 comprises at least one charging port 82 sized and shaped to receive a key 20 to be charged or recharged.
- each charging port 82 comprises at least one magnet 85 for securely positioning and retaining the key 20 within the charging port 82 in electrical contact with the charging station 80 .
- the charging station 80 may comprise an internal power source, for example, an extended-life replaceable battery or a rechargeable battery, for providing power to up to four keys 20 positioned within respective charging ports 82 .
- charging station 80 may be operatively connected to an external power source by a power cord 90 having at least one conductor.
- the programming station 60 and charging station 80 may be integrated into a single component.
- the electronic key 20 , 120 may include additional authentication requirements prior to being used by a user, which may be useful for chain of custody.
- the electronic key 20 , 120 may require various other forms of authentication, such as a pin code, biometric identification, button presses, facial recognition, etc. in order to activate the key or otherwise gain access to the key.
- the authentication using the key 20 , 120 itself may be used in combination with authentication of the key using the programming station 60 .
- a keycode entered by the user at the programming station 60 may be used to initially check out a key 20 , 120 .
- the user may be further required to present his or her fingerprint to the key 20 , 120 (or other authentication using the key itself) before the key is capable of being used to control or communicate with a security device 40 .
- the user may be required to present his or her fingerprint to the key 20 , 120 within a predetermined time window in order to authorize the key for use. Otherwise, the user may be required to return to the programming station 60 to start the check out process over.
- the key 20 , 120 may be configured to store the user's fingerprint in memory and/or access attempts for auditing purposes. The data could be communicated to one or more remote devices 250 in some embodiments.
- key 20 , 120 may be configured to detect and/or record unauthorized access attempts based on another user attempting to use the key that does not match the stored fingerprint.
- biometric identification In lieu of biometric identification, other forms of authentication could be used, such as for example, a “morse code” number of button presses on the key 20 , 120 . Thus, the user is able to use the key 20 , 120 only if the button presses matches a predetermined sequence stored by the key.
- a plurality of keys 20 , 120 may be required in order to control or communicate with a security device 40 .
- the security device 40 may include different modes of operation, e.g., (i) a single mode where a single key 20 , 120 is needed to operate a single security device or (ii) a dual mode where more than one key is needed to operate a single security device.
- the security device 40 may be hardcoded with the desired mode of operation, while in other cases mechanical switches or the like could be used to change the mode of operation of the security device.
- the key 20 , 120 is configured to provide information regarding the mode of operation regardless of the type of security device 40 .
- the key 20 , 120 may be configured to communicate the desired mode to the security device 40 .
- the key 20 , 120 may communicate a dual-mode operation to the security device 40 , which would require more than one user to present an authorized key to the security device before the security device may be operated.
- a user identification code and an SDC is needed prior to controlling the security device 40 using a key 20 , 120 .
- a user may be required to check out a key 20 , 120 using a programming station 60 , which would then program the key with the required modes of operation and security devices 40 that the user is able to access.
- the dual-mode setting overrides any single mode of operation. Namely, a key 20 , 120 required to operate in dual mode would override any single mode setting in the lock and vice versa.
- multiple security devices 40 may be configured to secure a single fixture.
- safety or additional authorization may be required prior to granting access to a fixture.
- a hasp for securing access to circuit breakers where the hasp is configured to be used with a plurality of security devices 40 , such as padlocks configured to operate with key 20 , 120 .
- a plurality of security devices 40 may be desired to be used to ensure safety of the technicians, since all security devices would need to be unlocked prior to granted access to the fixture.
- technicians have no awareness of when the security device 40 has been removed or added.
- using keys 20 , 120 would allow for sequencing and recording of accesses to the security devices 40 .
- access to the fixture may be combined with other authorization techniques disclosed herein, such as biometric identification on the key 20 , 120 and/or multiple modes of operation of the security device and/or key.
- various levels of alerts may be configured to be provided to the technicians, such as via remote devices 250 , to the technician's keys 20 , 120 and/or other portable device.
- the logic control circuit of the programmable electronic key 20 may include a time-out function. More particularly, the ability of the key 20 to transfer data and power to the security device 40 is deactivated after a predetermined time period. By way of example, the logic control circuit may be deactivated after about eight hours from the time the key was programmed or last refreshed by the programming station 60 . Thus, an authorized sales associate typically must program or refresh the key 20 assigned to him at the beginning of each work shift. Furthermore, the charging station 80 may be configured to deactivate the logic control circuit of the key 20 (and thereby prevent use of the SDC) when the key is positioned within a charging port 82 .
- the charging station 80 can be made available to an authorized sales associate in an unsecured location without risk that a charged key 20 could be removed from the charging station and used to maliciously disarm and/or unlock a security device 40 .
- the security key 20 would then have to be programmed or refreshed with the SDC by the programming station 60 , which is typically monitored or maintained at a secure location, in order to reactivate the logic control circuit of the key.
- the charging station 80 may alternatively require a matching handshake communication protocol with the programmable electronic key 20 in the same manner as the security device 40 and the key.
- FIG. 4 is an enlarged view showing the embodiment of the security device 40 in greater detail.
- a security device 40 may utilize electrical power to lock and/or unlock a mechanical lock mechanism, and optionally, further includes an electronic lock mechanism, such as an alarm or a security “handshake.”
- the security device 40 must be a passive device in the sense that it does not have an internal power source sufficient to operate (e.g., actuate the mechanical lock mechanism).
- the security device 40 must be configured to receive at least power, and in some cases, both power and data from an external source, such as the security key 20 shown and described herein.
- the cabinet lock 40 is a cabinet lock 40 configured to be securely affixed to the locking arm 104 of a conventional cabinet lock bracket 105 , as previously described.
- the cabinet lock 40 comprises a logic control circuit for performing a security handshake communication protocol with the logic control circuit of the security key 20 and for being programmed with the SDC by the key.
- the cabinet lock 40 may be configured to transmit the SDC to the security key 20 to authenticate the security device and thereby authorize the key to transfer power to the cabinet lock.
- the data e.g., handshake communication protocol and SDC
- the cabinet lock 40 comprises a housing 41 sized and shaped to contain a logic control circuit (not shown) and an internal mechanical lock mechanism (not shown).
- a transfer port 42 formed in the housing 41 is sized and shaped to receive a transfer probe of the security key 20 , as will be described.
- At least one magnet 45 is disposed within the transfer port 42 for securely positioning and retaining the transfer probe of the key 20 in electrical contact with electrical contacts of the mechanical lock mechanism, and if desired, in electrical contact with the logic control circuit of the cabinet lock 40 .
- data is transferred from the security key 20 to the cabinet lock 40 by wireless communication, such as by infrared (IR) optical transmission, as shown and described in the commonly owned U.S. Pat. No.
- Power is transferred from the security key 20 to the cabinet lock 40 through electrical contacts disposed on the transfer probe of the key and corresponding electrical contacts disposed within the transfer port 42 of the cabinet lock.
- the transfer port 42 may comprise a metallic outer ring 46 that forms one electrical contact, while at least one of the magnets 45 form another electrical contact to complete an electrical circuit with the electrical contacts disposed on the transfer probe of the key 20 .
- electrical contacts transfer power from the key 20 to the mechanical lock mechanism disposed within the housing 41 .
- the power transferred from the key 20 is used to operate the mechanical lock mechanism, for example utilizing an electric motor, DC stepper motor, solenoid, or the like, to unlock the mechanism so that the cabinet lock 40 can be removed from the locking arm 104 of the lock bracket 105 .
- FIGS. 5 - 8 show an embodiment of a security key, also referred to herein as a programmable electronic key, 20 according to the present invention.
- the security key 20 is configured to transfer both data and power to a security device 40 that comprises an electronic lock mechanism and a mechanical lock mechanism, as previously described.
- the programmable electronic key 20 must be an “active” device in the sense that it has an internal power source sufficient to operate the mechanical lock mechanism of the security device 40 .
- the programmable electronic key 20 may be configured to transfer both data and power from an internal source disposed within the key, for example a logic control circuit and a battery.
- FIGS. 5 show an embodiment of the programmable electronic key 20 according to the present invention.
- the programmable electronic key 20 comprises a logic control circuit for performing a handshake communication protocol with the logic control circuit of the programming station 60 and for receiving the SDC from the programming station, as previously described.
- the logic control circuit of the programmable electronic key 20 further performs a handshake communication protocol with the logic control circuit of the security device 40 and transfers the SDC to the device or permits operation of the device, as previously described.
- the data e.g., handshake communication protocol and SDC
- the programmable electronic key 20 comprises a housing 21 and an outer sleeve 23 that is removably disposed on the housing.
- the housing 21 contains the internal components of the key 20 , including without limitation the logic control circuit, memory, communication system and battery, as will be described.
- a window 24 may be formed through the outer sleeve 23 for viewing indicia 24 A that uniquely identifies the key 20 , or alternatively, indicates a particular server rack for use with the key.
- the outer sleeve 23 is removably disposed on the housing 21 so that the indicia 24 A may be altered or removed and replaced with different indicia.
- the programmable electronic key 20 may further comprise a detachable “quick-release” type key chain ring 30 .
- An opening 26 ( FIG. 8 ) is formed through the outer sleeve 23 and a key chain ring port 28 is formed in the housing 21 for receiving the key chain ring 30 .
- the programmable electronic key 20 further comprises a transfer probe 25 located at an end of the housing 21 opposite the key chain ring port 28 for transferring data and power to the security device 40 , as previously described.
- the transfer probe 25 also transmits and receives the handshake communication protocol and the SDC from the programming station 60 , as previously described, and receives power from the charging station 80 , as will be described in greater detail with reference to FIG. 9 A and FIG. 9 B .
- an internal battery 31 and a logic control circuit, or printed circuit board (PCB) 32 are disposed within the housing 21 of the programmable electronic key 20 .
- Battery 31 may be a conventional extended-life replaceable battery, but preferably, is a rechargeable battery suitable for use with the charging station 80 .
- the logic control circuit 32 is operatively coupled and electrically connected to a switch 33 that is actuated by the control button 22 provided on the exterior of the key 20 through the outer sleeve 23 .
- Control button 22 in conjunction with switch 33 controls certain operations of the logic control circuit 32 , and in particular, transmission of the data to the security device 40 .
- the logic control circuit 32 is further operatively coupled and electrically connected to a communication system 34 for transmitting and receiving the handshake communication protocol and SDC data.
- the communication system 34 is a wireless infrared (IR) transceiver for optical transmission of data between the programmable electronic key 20 and the programming station 60 , as well as between the key 20 and the security device 40 .
- the transfer probe 25 of the key 20 is provided with an optically transparent or translucent filter window 35 for emitting and collecting optical transmissions between the key 20 and the programming station 60 , or alternatively, between the key 20 and the security device 40 , as required.
- Transfer probe 25 further comprises a pair of bi-directional power transfer electrical contacts 36 , 38 made of an electrically conductive material for transferring power to the security device 40 and for receiving power from the charging station 80 , as required. Accordingly, electrical contacts 36 , 38 are electrically connected to battery 31 , and are operatively coupled and electrically connected to logic control circuit 32 in any suitable manner, for example by conductive insulated wires or plated conductors.
- An important aspect of a programmable electronic key 20 according to the present invention, especially when used for use in conjunction with a security device 40 as described herein, is that the key does not require a physical force to be exerted by a user on the key to operate the mechanical lock mechanism of the security device. By extension, no physical force is exerted by the key on the mechanical lock mechanism. As a result, the key cannot be unintentionally broken off in the lock, as often occurs with conventional mechanical key and lock mechanisms. Furthermore, neither the key nor and the mechanical lock mechanism suffer from excessive wear as likewise often occurs with conventional mechanical key and lock mechanisms. In addition, there is no required orientation of the transfer probe 25 of the programmable electronic key 20 relative to the charging port 82 of the charging station 80 or the transfer port 42 of the security device 40 .
- any wear of the electrical contacts on the transfer probe 25 , the charging port 82 or the transfer port 42 is minimized.
- an authorized person is not required to position the transfer probe 25 of the programmable electronic key 20 in a particular orientation relative to the transfer port 42 of the security device 40 and thereafter exert a compressive and/or torsional force on the key to operate the mechanical lock mechanism of the device.
- FIG. 9 A and FIG. 9 B show charging station 80 in greater detail.
- the charging station 80 recharges the internal battery 31 of the programmable electronic key 20 , and if desired, deactivates the data transfer and/or power transfer capability of the key until the key is reprogrammed with the SDC by the programming station 60 .
- the charging station 80 comprises a housing 81 for containing the internal components of the charging station.
- the exterior of the housing 81 has at least one, and preferably, a plurality of charging ports 82 formed therein that are sized and shaped to receive the transfer probe 25 of the security key 20 , as previously described.
- At least one magnet 85 is disposed within each charging port 82 for securely positioning and retaining the transfer probe 25 in electrical contact with the charging station 80 .
- the electrical contacts 36 , 38 of the key 20 are retained within the charging port 82 in electrical contact with the magnets 85 and a resilient “pogo” pin 86 made of a conductive material to complete an electrical circuit between the charging station 80 and the battery 31 of the key.
- housing 81 is sized and shaped to contain a logic control circuit, or printed circuit board (PCB) 92 that is operatively coupled and electrically connected to the magnets 85 and the pogo pin 86 of each charging port 82 .
- the pogo pin 86 is depressible to complete an electrical circuit as the magnets 85 position and retain the electrical contacts 36 , 38 within the charging port 82 .
- magnets 85 make electrical contact with the outer ring electrical contact 36 of the transfer probe 25 of key 20
- pogo pin 86 makes electrical contact with inner ring electrical contact 38 of the transfer probe.
- charging station 80 may comprise an internal power source, for example, an extended-life replaceable battery or a rechargeable battery, for providing power to the key(s) 20 positioned within the charging port(s) 82 .
- the logic control circuit 92 of the charging station 80 is electrically connected to an external power source by a power cord 90 having at least one conductor.
- logic control circuit 92 may be operable for deactivating the data transfer and power transfer functions of the programmable electronic key 20 , or alternatively, for activating the “time-out” feature of the key until it is reprogrammed or refreshed by the programming station 60 .
- FIGS. 10 - 17 B show another embodiment of a security system and method including a programmable key, a security device, a programming station, and a charging station according to various embodiments of the present invention.
- the system and method comprise at least a programmable electronic key (also referred to herein as a security key) with inductive transfer, indicated generally at 120 , and a security device with inductive transfer, indicated generally at 140 , that is operated by the key 120 .
- the programmable electronic key 120 is useable with any security device or locking device, such as various types of server racks as discussed above, with inductive transfer capability that requires power transferred from the key to the device by induction, or alternatively, requires data transferred between the key and the device and power transferred from the key to the device by induction.
- the electronic key 120 may include the same or similar functionality of the key 20 discussed herein.
- the security system and method may further comprise a charging station 180 for initially charging and subsequently recharging a rechargeable battery disposed within the security key 120 via inductive transfer.
- the charging station 180 comprises at least one charging port 182 sized and shaped to receive a security key 120 .
- each charging port 182 may comprise mechanical or magnetic means for properly positioning and securely retaining the key 120 within the charging port.
- at least one, and preferably, a plurality of magnets may be provided for positioning and retaining the key 120 within the charging port 182 of the charging station 180 .
- a plurality of magnets may be provided for positioning and retaining the key 120 within the charging port 182 of the charging station 180 .
- the inductive transceiver of the security key 120 is sufficiently aligned with the corresponding inductive transceiver of the charging station 180 over a generally planar surface within the charging port 182 .
- magnets are not required (as with charging station 80 ) to position, retain and maintain electrical contacts provided on the security key 120 in electrical contact with corresponding electrical contacts provided on the charging station 180 .
- the charging station 180 may comprise an internal power source, for example, an extended-life replaceable battery or a rechargeable battery, for providing power to the key(s) 120 positioned within the charging port(s) 182 .
- charging station 180 may be operatively connected to an external power source by a power cord 190 having at least one conductor in a conventional manner.
- FIG. 12 shows the security device 140 with inductive transfer in greater detail.
- a security device 140 with inductive transfer according to the invention may both receive electrical power from the security key 120 and communicate (e.g., transmit/receive) the SDC with the key by magnetic induction.
- the cabinet lock 140 comprises a housing 141 sized and shaped to contain a logic control circuit (not shown) and an internal mechanical lock mechanism (not shown).
- a transfer port 142 formed in the housing 141 is sized and shaped to receive a transfer probe of the security key 120 , as will be described.
- the transfer port 142 may comprise mechanical or magnetic means for properly positioning and securely retaining the key 120 within the transfer port.
- at least one, and preferably, a plurality of magnets may be provided for positioning and retaining the key 120 within the transfer port 142 of the cabinet lock 140 .
- the inductive transceiver of the security key 120 is sufficiently aligned with the corresponding inductive transceiver of the cabinet lock 140 over a generally planar surface within the transfer port 42 . Therefore, magnets are not required to position, retain and maintain electrical contacts provided on the security key 120 in electrical contact with corresponding electrical contacts provided on the cabinet lock 140 .
- data is transferred from the security key 120 to the cabinet lock 140 by wireless communication, such as infrared (IR) optical transmission as shown and described in the aforementioned U.S. Pat. No. 7,737,843.
- IR infrared
- Power is transferred from the security key 120 to the cabinet lock 140 by induction across the transfer port 142 of the cabinet lock using an inductive transceiver disposed within a transfer probe of the key that is aligned with a corresponding inductive transceiver disposed within the cabinet lock.
- the transfer probe of the security key 120 may comprise an inductive transceiver coil that is electrically connected to the logic control circuit of the key to provide electrical power from the internal battery of the key to an inductive transceiver coil disposed within the cabinet lock 140 .
- the inductive transceiver coil of the cabinet lock 140 then transfers the electrical power from the internal battery of the key 120 to the mechanical lock mechanism disposed within the housing 141 of the cabinet lock.
- the power transferred from the key 120 is used to unlock the mechanical lock mechanism, for example utilizing an electric motor, DC stepper motor, solenoid, or the like, so that the cabinet lock 140 can be removed from the arm 104 of the lock bracket 105 .
- FIGS. 13 - 16 show the programmable electronic key 120 with inductive transfer in greater detail.
- the key 120 is configured to transfer both data and power to a security device 140 that comprises an electronic lock mechanism and a mechanical lock mechanism.
- the programmable electronic key 120 must be an active device in the sense that it has an internal power source sufficient to operate the mechanical lock mechanism of the security device 140 .
- the programmable electronic key 120 may be configured to transfer both data and power from an internal source, such as a logic control circuit and a battery disposed within the key.
- the embodiment of the programmable electronic key 120 depicted herein is a security key with inductive transfer capability configured to be received within the transfer port 145 of the cabinet lock 140 shown in FIG.
- the programmable electronic key 120 comprises a logic control circuit for performing a handshake communication protocol with the logic control circuit of the programming station 60 and for receiving the SDC from the programming station, as previously described.
- the logic control circuit of the programmable electronic key 120 further performs a handshake communication protocol with the logic control circuit of the security device 140 and transfers the SDC to the security device, as previously described.
- a security key 120 with inductive transfer may both transfer electrical power to a security device 140 and communicate the SDC with the security device by magnetic induction.
- the programmable electronic key 120 comprises a housing 121 having an internal cavity or compartment that contains the internal components of the key, including without limitation the logic control circuit, memory, communication system and battery, as will be described. As shown, the housing 121 is formed by a lower portion 123 and an upper portion 124 that are joined together after assembly, for example by ultrasonic welding. The programmable electronic key 120 further defines an opening 128 at one end for coupling the key to a key chain ring, lanyard or the like. As previously mentioned, the programmable electronic key 120 further comprises a transfer probe 125 located at an end of the housing 121 opposite the opening 128 for transferring data and power to the security device 140 .
- the transfer probe 125 is also operable to transmit and receive the handshake communication protocol and the SDC from the programming station 60 , as previously described, and to receive power from the charging station 180 , as will be described in greater detail with reference to FIG. 17 A and FIG. 17 B .
- FIG. 14 shows an embodiment of an inductive coil 126 having high magnetic permeability that is adapted to be disposed within the housing 121 of the electronic key 120 adjacent the transfer probe 125 .
- the inductive coil 126 comprises a highly magnetically permeable ferrite core 127 surrounded by a plurality of inductive core windings 129 .
- the inductive core windings 129 consist of a length of a conductive wire that is wrapped around the ferrite core. As is well known, passing an alternating current through the conductive wire generates, or induces, a magnetic field around the inductive core 127 .
- FIG. 14 further shows an inductive coil 146 having high magnetic permeability that is adapted to be disposed within the housing 141 of the security device (e.g., cabinet lock) 140 adjacent the transfer port 142 .
- the inductive coil 146 comprises a highly magnetically permeable ferrite core 147 surrounded by a plurality of inductive core windings 149 consisting of a length of a conductive wire that is wrapped around the ferrite core.
- an internal battery 131 and a logic control circuit, or printed circuit board (PCB) 132 are disposed within the housing 121 of the programmable electronic key 120 .
- Battery 131 may be a conventional extended-life replaceable battery, but preferably, is a rechargeable battery suitable for use with the charging station 180 .
- the logic control circuit 132 is operatively coupled and electrically connected to a switch 133 that is actuated by the control button 122 provided on the exterior of the key 120 through the housing 121 .
- Control button 122 in conjunction with switch 133 controls certain operations of the logic control circuit 132 , and in particular, transmission of the data (e.g., handshake communication protocol and SDC) between the key and the programming station 60 , as well as between the key and the security device 140 .
- the logic control circuit 132 is further operatively coupled and electrically connected to a communication system 134 for transferring the handshake communication protocol and SDC data.
- the communication system 134 is a wireless infrared (IR) transceiver for optical transmission of data between the programmable electronic key 120 and the programming station 60 , and between the key and the security device 140 .
- IR wireless infrared
- the transfer probe 125 of the key 120 is provided with an optically transparent or translucent filter window 135 for emitting and collecting optical transmissions between the key 120 and the programming station 60 , or between the key and the security device 140 , as required.
- Transfer probe 125 further comprises inductive coil 126 ( FIG. 14 ) comprising inductive core 127 and inductive core windings 129 for transferring electrical power to the security device 140 and/or receiving electrical power from the charging station 180 to charge the internal battery 131 , as required.
- the leads 129 A and 129 B ( FIG.
- the inductive coil 126 are electrically connected to the logic control circuit 132 , which in turn is electrically connected to the battery 131 , in a suitable manner, for example by conductive insulated wires or plated conductors.
- the optical transceiver 134 may be eliminated and data transferred between the programmable electronic key 120 and the security device 140 via magnetic induction through the inductive coil 126 .
- a programmable electronic key 120 is that the key does not require a physical force to be exerted by a user on the key to operate the mechanical lock mechanism of the security device.
- an authorized person is not required to position the transfer probe 125 of the programmable electronic key 120 in a particular orientation relative to the transfer port 142 of the security device 140 and thereafter exert a compressive and/or torsional force on the key to operate the mechanical lock mechanism of the device.
- FIG. 17 A and FIG. 17 B show charging station 180 with inductive transfer capability in greater detail.
- the charging station 180 recharges the internal battery 131 of the security key 120 .
- the charging station 180 also deactivates the data transfer and/or power transfer capability of the key 120 until the key has been reprogrammed with the SDC by the programming station 60 .
- the charging station 180 comprises a housing 181 for containing the internal components of the charging station.
- the exterior of the housing 181 has at least one charging port 182 formed therein that are sized and shaped to receive the transfer probe 125 of a programmable electronic key 120 .
- mechanical or magnetic means may be provided for properly positioning and securely retaining the transfer probe 125 within the charging port 182 such that the inductive coil 126 is in alignment with a corresponding inductive coil 186 ( FIG. 17 B ) disposed within the housing 181 of the charging station 180 adjacent the charging port.
- the inductive coil 186 adjacent the charging port 182 of the charging station 180 generates, or induces, an alternating current in the conductive wire of the inductive core windings 129 of inductive coil 126 that in turn provides DC power (for example, via a bridge rectifier on the logic control circuit 132 ) to charge the battery 131 of the programmable electronic key 120 .
- housing 181 is sized and shaped to contain a logic control circuit, or printed circuit board (PCB) 192 that is electrically connected and operatively coupled to an inductive coil 186 adjacent each of the charging ports 182 .
- PCB printed circuit board
- each inductive coil 186 comprises an inductive core 187 surrounded by a plurality of inductive core windings 189 formed by a conductive wire having a pair of leads (not shown).
- charging station 180 may comprise an internal power source, for example, an extended-life replaceable battery or a rechargeable battery, for providing power to the key(s) 120 positioned within the charging port(s) 182 .
- logic control circuit 192 of the charging station 180 is electrically connected to an external power source by a power cord 190 having at least one conductor. Furthermore, logic control circuit 192 may be operable for deactivating the data transfer and/or power transfer functions of the programmable electronic key 120 , or alternatively, for activating the “timing out” feature of the key until it is reprogrammed or refreshed by the programming station 60 .
- each electronic key 20 , 120 is configured to store various types of data.
- each key 20 , 120 may store a serial number of one or more security devices 40 , 140 , the data and time of activation of the key, a user of the key, a serial number of the key, number of key activations, a type of activation (e.g., “naked” activation, activation transferring only data, activation transferring power, activation transferring data and power), and/or various events (e.g., a security device has been locked or unlocked).
- a type of activation e.g., “naked” activation, activation transferring only data, activation transferring power, activation transferring data and power
- various events e.g., a security device has been locked or unlocked.
- This information may be transmitted to a remote location or device (e.g., a backend computer) upon each activation of the key 20 , 120 or at any other desired period of time, such as upon communication with a programming station 60 or other back-end device.
- a remote location or device e.g., a backend computer
- the data transfer may occur in predetermined time intervals or in real time or automatically in some embodiments.
- the programming station 60 may be configured to store the data and transfer the data to a remote location or device.
- Authorized personnel may use this data to take various actions, such as to audit and monitor key user activity, audit security devices 40 , 140 (e.g., ensure the security devices are locked), etc.
- such information may be requested and obtained on demand, such as from the programming station 60 and/or a remote device.
- the electronic key 20 , 120 is configured to obtain data from a security device 40 , 140 .
- the security device 40 , 140 may store various data regarding past communication with a electronic key 20 , 120 (e.g., key identification, time of communication, etc.), and when a subsequent electronic key communicates with the same security device, the data is transferred to the electronic key.
- the security device 40 , 140 may include a memory for storing such data.
- the security device 40 , 140 includes a power source for receiving and storing the data, while in other cases, the power provided by the electronic key 20 , 120 is used for allowing the merchandise security device to store the data.
- the electronic key 20 , 120 may then communicate the data for collection and review, such as at a remote location or device.
- communication between the electronic key 20 , 120 and the programming station 60 may allow data to be pulled from the electronic key and communicated, such as to a remote location or device.
- the electronic key 20 , 120 may be configured to obtain data from security devices 40 , 140 , such as an identification of the security device, identification of the items contained within or by the security device, and/or the system health of the security device and/or the items.
- the electronic key 20 , 120 may store the data and provide the data to a remote location or device upon communication with the programming station 60 .
- the electronic keys 20 , 120 may be a useful resource for obtaining various types of data from the merchandise security devices 40 , 140 without the need for wired connections or complex wireless networks or systems.
- the security devices 40 , 140 themselves may include wireless communication capability to allow for transmission of the data to a remote device or location.
- each electronic key 20 , 120 may include a security code and a serial number for one or more security devices 40 , 140 .
- a key 20 , 120 may only be able to lock or unlock a security device 40 , 140 where the security codes and the serial numbers match one another.
- each serial number is unique to a security device 40 , 140 and could be programmed at the time of manufacture or by the retailer.
- Individual electronic keys 20 , 120 may then be assigned particular serial numbers for authorized security devices 40 , 140 (e.g., user 1 includes serial numbers 1, 2, 3; user 2 includes serial numbers 1, 4, 5).
- Each of the electronic keys 20 , 120 may be programmed with the same security code using a programming station 60 .
- the electronic key 20 , 120 may communicate with a particular security device and determine whether the security codes and the serial numbers match. If the codes match, the electronic key 20 , 120 then locks or unlocks the security device 40 , 140 .
- FIG. 18 illustrates a system 200 comprising a server rack 202 and a lock 240 .
- the server rack 202 includes a cabinet 204 and a door 206 pivotably attached to the cabinet, although other types of server racks and fixtures may be used.
- the lock 240 is configured to lock the door 206 to the cabinet 204 such that the door is incapable of being opened when the lock is locked but is able to be opened when the lock is unlocked.
- the lock 240 may includes a latch that is configured to engage the cabinet 204 to prevent the door 206 from opening when locked.
- the latch may be any suitable mechanism configured to move between an engaged position with the cabinet 204 and a disengaged position whereby the latch is no longer in engagement with the cabinet.
- the lock 240 is configured to operate according to the various embodiments discussed above for the security devices 40 , 140 .
- the lock 240 may be an electronic lock configured to be controlled by a key 20 , 120 using power and/or data communication using various communication protocols.
- the lock 240 may include a transfer port 242 that is configured to facilitate communication with a key 20 , 120 as disclosed above.
- the lock 240 may be configured to be operated using a combination of electrical and mechanical interaction.
- the key 20 , 120 may be used for ensuring chain of custody.
- the key 20 , 120 may be configured to scan the rack or hardware contained within the rack (e.g., servers or hard drives).
- each drive could have an NFC label attached thereto (or any other of a number of devices to be identified), and the key 20 , 120 may be configured to read data on the NFC label. Scanning the NFC label may result in the key 20 , 120 storing information stored on the label which may in turn be stored in the key for auditing purposes.
- the technician opens the door 206 they may also be required to scan the drive they are removing, which could likewise be stored on the key 20 , 120 .
- the key 20 , 120 may also be configured to scan the drives at the destruction point for storing additional audit data.
- the key 20 , 120 can facilitate acquiring more data about when and who accessed a drive, leading to a chain of custody for that drive.
- the system 200 may include a security device to detect unauthorized access to a server rack 202 .
- the security device may be configured to detect removal of a drive contained within the server rack 202 .
- the security system 200 may include wireless communications for facilitating communication between its various components (e.g., electronic locks 254 , programming stations, and/or keys 20 , 120 ) and/or one or more remote devices 250 .
- FIG. 19 shows that the security system may include a monitoring device 252 configured to communicate with one or more electronic locks, keys, and a remote device 250 .
- the monitoring device 252 may be any device (e.g., a controller, hub, gateway, computer, server, and/or cloud device) configured to communicate with one or more electronic locks and/or keys.
- the monitoring device 252 may be a hub configured to communicate with a plurality of electronic locks and/or keys.
- the monitoring device 252 may be a computer (e.g., tablet, laptop, or desktop computer) that is configured to communicate with one or more electronic locks and/or keys and/or one or more hubs 256 to facilitate data transfer. It is understood that any number of monitoring devices 252 may be employed in the system.
- the electronic locks, keys, and/or the monitoring device 252 may include wireless communications circuitry for communicating with one another using any desired communications protocol (e.g., Bluetooth, LoRa, Wi-Fi, radiofrequency, etc.).
- the electronic locks, keys, and monitoring device 252 may be located remotely from one another (e.g., the electronic locks may be located in a data center, while the monitoring device may be at a location that is not in the data center).
- the monitoring device 252 may be located at some fixed location in proximity to one or more electronic locks (e.g., attached to a server rack). In other instances, the electronic locks and/or keys and the monitoring device 252 may communicate over a cloud network. In some embodiments, the electronic locks and the monitoring device 18 are electrically connected via hard wiring, and the monitoring device may have wireless communications circuitry for communicating with other monitoring devices or remote devices 250 .
- the monitoring device 252 may further be configured to facilitate communication with one or more remote devices 250 (e.g., a smartphone or tablet) for providing notification regarding various events and/or providing data.
- data such as a time, date, server ID, lock ID, key ID, user, etc. of access may be stored by the locks and/or keys and communicated between the electronic locks, keys, and/or monitoring devices to the remote device 250 (e.g., an authorized access attempt). Such communication could occur, for instance, over one or more wireless communication protocols.
- a private local network may be used to facilitate communication between the electronic locks, keys, and a monitoring device 18 (e.g., via the LoRa network), and a public network could be used for communication with the remote device 250 (e.g., via a cloud network).
- the electronic locks and/or the monitoring device 252 may be configured to generate an alarm signal should an unauthorized access attempt be detected.
- reports may be generated at the remote device 250 which may be used to collect and manage data regarding each of the electronic locks and/or keys.
- data centers may use data or media drives (e.g., USB, SD, Compact Flash, or SSD) to transfer software, firmware, code and other digital data between computer systems including various components.
- data or media drives e.g., USB, SD, Compact Flash, or SSD
- These drives are often one-time use in that they are destroyed at the end of the process so that there is minimum opportunity for the data on them to be intercepted by nefarious actors.
- data drives are often small and not suited to be used in the destruction devices used on typical hard drives.
- the hard drive may be placed on a conveyor belt for purposes of drive destruction that may have gaps that a data drive could fall through.
- the hard drives have a bar code or QR code that is scanned to confirm destruction.
- a data drive is small and may not have sufficient space for a code that is easily read by the scanners. Also, intermediate storage, such as from the server rack to the destruction machine, might be set up to accommodate typical hard drive sizes, but not smaller data drives. Thus, there exists a need for a data drive to work within the parameters of these existing destruction systems.
- FIGS. 31 - 34 show various embodiments of a USB drive 300 .
- the size of the USB drive 300 (or other media device or drive) matches the size of a typical solid-state drive (SSD) drive, which is the most commonly used in rack systems and destruction machines. These SSD cases are approximately 100 ⁇ 70 ⁇ 15 (mm), but other sizes could be viable depending on the machine in use.
- the USB drive 300 may include a case or housing that is the same or substantially similar to the size of a conventional SSD drive. Ensuring that the USB drive 300 is the same size as an SSD case allows the USB drive to be handled in the same manner as SSD drives are typically handled and with at least the same level of security.
- the USB drive 300 may be housed or integrated with an SSD case in order to maintain the ability to plug the USB connector into a wide variety of devices. It may not be viable to simply put a connector on the side of this SSD case, although this may be done in some cases.
- a USB connector 302 is coupled to the USB drive 300 , such as via a short cable having a connector extending from the case.
- this connector 302 may be configured to be removably engaged with the drive 300 such that it does not increase the overall dimensions of the case.
- the USB drive 300 may include a slot or other recess 304 configured to receive the connector 302 and associated cable therein (e.g., compare FIG. 31 to FIG. 33 ).
- the USB connector 302 may be configured to move relative to the SSD case between a retracted position relative to the case and an extended position relative to the case to thereby allow connection to the computer system.
- the USB electronic components are disposed inside the USB drive, not on the outside of the case or in the connector at the end of the cable.
- USB drives Another possible issue with current techniques for use of USB drives is data security of USB drives while in the possession of a technician performing maintenance at the data center.
- a USB drive is very easily plugged into any computer system, and there are even small handheld devices that can copy the data of a USB drive easily.
- the USB drive would be inaccessible by anyone other than the technician, and the technician would also be tracked as to when he/she was moving data to and from the drive.
- the USB drive 300 may be mechanically disabled. This can be done by preventing the USB connector 302 from communicating to the USB components inside the SSD case. This may be accomplished by a cutting device on a slider that the technician could use once the job is complete. The slider could cut anywhere along the electric path from the USB connector the PCB inside the case thereby eliminating any communication between the USB connector and the PCB. The cutter could also cut through a pathway on the PCB to break the connection. Finally, the slider may be configured to move into contact with a location on the circuit board to create a short and thereby render the USB drive useless. The slider may have a one-way latch or mechanism that once moved into position, it could not be physically moved back to its initial position.
- USB connector 302 could be configured to connect to a special device that delivers high current through the connector.
- power could be delivered wirelessly from a device (e.g., through a pick-up coil).
- a two-factor intent would be beneficial. For example, pushing a button on the USB drive 300 or other actuator while presenting the voltage injection could be used for such a purpose.
- the USB drive 300 is incapable of being used by the technician until the USB drive is successfully activated or otherwise authenticated.
- a security key may be used to activate a USB drive.
- a mechanical key could be used in some cases, but an electronic key may have additional benefits.
- the electronic key may take many different forms such as those discussed above, as well as an RFID badge, an NFC reader, a device with IR transceivers, etc.
- an NFC reader is configured to communicate an activation signal. This activation signal could be writing a bit to the NFC tag, or a wireless or wireless signal delivered directly to the USB components within the USB drive.
- each USB drive may have an NFC tag with a unique serial number or other identifier.
- the key may be electronic key 20 , 120 .
- the electronic key 20 , 120 may be authenticated for the particular user using various authentication techniques, which would grant the user permissions to use the USB drives 300 .
- the USB drive defaults to a disabled mode. Once the USB drive 300 is plugged into a port of the server component and receives power, the electronic key 20 , 120 may be used to authenticate the user and then enable the drive, such as via a socket on the USB drive housing. The USB drive 300 may then latch “ON” so long as it remains powered.
- FIG. 32 shows various modes of operation where the USB drive is disabled, then authenticated for use, and then subsequently disabled.
- the key 20 , 120 may be presented to the USB drive 300 prior to connection with the port of the server component in order to enable the USB drive.
- the USB drive 300 When the USB drive 300 is unplugged from the USB port, it may be configured to automatically return to a disabled mode.
- the technician would be required to authenticate the USB drive 300 at every computer component the drive is connected into.
- the electronic key 20 , 120 may be configured to read the NFC tag (or another identifier 308 such as a UPC code) from the drive and then deliver that information along with the identity of the key owner to a remote device 250 . In this way, the user of the drive 300 can be tracked and audited at every usage.
- the USB drive 300 may include a seal 306 or the like that is configured to be removed prior to use and accessing the connector 302 (see, e.g., FIG. 33 ) so that the technician knows that the USB drive is unused. Because the computer systems within the data center are also connected, the USB connection can be confirmed on both sides of the transaction (i.e., by the electronic key 20 , 120 and also by the server component the drive 300 was plugged into). Thus, any nefarious behavior can quickly be discovered. If, for example, an electronic key 20 , 120 reported that a drive 300 was authenticated and in use, but the component did not report being connected to the drive, the implication is that the drive was plugged into an unauthorized device and thus the data may have been compromised.
- the electronic key 20 , 120 may be configured to provide power to the USB drive which allows the USB drive to communicate with the component of the server rack.
- the USB drive 300 may include a transfer port 42 , 142 similar to that described above to facilitate communication with an electronic key 20 , 120 .
- various components within a data center may be destroyed to prevent authorized access to such components and data stored thereon.
- conventional destruction may occur by physically destroying the components.
- destruction may not be required since the USB drive is unusable without a key.
- chain of custody may be improved by employing lockable enclosures 400 or secure sleeves for enclosing media 410 and that may include an identifier 402 (e.g., QR code) (see, e.g., FIGS. 20 - 30 ).
- an identifier 402 e.g., QR code
- the lockable enclosures 400 may have a one-way latch 404 that prevents the enclosures from being unlocked after the latch is moved to a latched position.
- the one-way latch 404 may take many forms, such as that shown in FIGS. 35 - 38 , or alternatively any number of engagement members (e.g., one-way snaps, detents, or the like) that prevent media 410 from being removed once received by the lockable enclosure 400 .
- the one-way latch 404 may include one or more engagement members 408 configured to engage with one another when the latch is closed, such as by rotating relative to one another from an open position to a closed, engaged position.
- the lockable enclosure 400 may be configured to receive the media 410 in such a way that the media cannot be removed without damaging or destroying the lockable enclosure and/or media.
- the identifier 402 may also take many forms, such as a label with a QR or UPC code, which may be placed over the one-way latch (see, e.g., FIG. 37 ). Thus, identifier may be located in such a way that attempting to open the one-way latch 404 may damage the identifier.
- the identifier 402 may only be accessible when the lockable enclosure 400 is successfully latched in some embodiments (e.g., compare FIG. 26 to FIG. 27 ). In other cases, a key 20 , 120 may be used to lock the enclosure, or a remote device 250 in other embodiments.
- the identifier 402 of each of the lockable enclosure 400 and the media 410 may then be required to be scanned or photographed together before the lockable enclosure is confirmed as being secure and ready to be destroyed (see, e.g., FIG. 28 ). If the media 410 is moved to a different lockable enclosure 400 , scanning the enclosure's identifier 402 and the media's identifier 402 may reveal that a possible tamper has taken place (see, e.g., FIG. 30 ). In one embodiment, the lockable enclosures 400 may be required to be inserted within a secure bin 406 (see, e.g., FIG. 20 ).
- This secure bin 406 may include access control as well, such as to log when a particular lockable enclosure 400 is inserted therein.
- the lockable enclosures 400 are single use and may be destroyed along with the media 410 .
- the lockable enclosures 400 may be “smart” and reusable, such as where the enclosures are configured to communicate with an electronic key 20 , 120 .
- the lockable enclosure 400 may be configured to be unlocked to remove the media 410 at the time of destroying the media.
- a scanner station may be used to unlock the lockable enclosure 400 , remove the media 410 , and destroy the media.
- FIG. 39 illustrates another embodiment of a lockable enclosure 500 , sometimes referred to as a secure sleeve or case.
- the lockable enclosure 500 is configured to retain a new data or media drive prior to the old data drive being discarded with the lockable enclosure.
- the old data drive 504 may be a drive removed from a server rack that is to be replaced with a new data drive 506 .
- the lockable enclosure 500 may be configured to operate in a one-in-one-out fashion such that a new data drive cannot be accessed until the old data drive is secured within the enclosure.
- the new data drive cannot be dispensed until the old data drive is secure.
- FIG. 39 illustrates that the lockable enclosure 500 includes a housing that contains a latch 502 configured to slide or otherwise move within the housing.
- the lockable enclosure 500 may house the latch 502 therein such that the latch is unable to be removed.
- the lockable enclosure 500 may be formed of a clear polymeric material (e.g., polycarbonate) and may be formed of one or more components, such as an upper housing and a lower housing that are attached to one another, such as in a permanent manner (e.g., via ultrasonic welding). Comparing FIGS. 41 and 42 (a portion of the housing has been removed for illustration), it is shown that the latch 502 may be configured to slide between a first position for receiving a data drive and a second position within the lockable enclosure 500 for dispensing a data drive.
- a clear polymeric material e.g., polycarbonate
- the latch 502 may be configured to receive an old data drive 504 therein (see FIG. 44 ), and the lockable enclosure 500 may be configured to house a new data drive 506 therein (see FIG. 43 ).
- the lockable enclosure 500 may include a new data drive 506 that is already present, which may for example be provided during manufacturing and assembly of the lockable enclosure.
- the latch 502 may include one or more flexible members 508 (e.g., a pair) configured to be biased or flexed when the old data drive 504 is inserted therein.
- the flexible members 508 may include tines or like engagement members 510 at a free end thereof that are configured to align with and engage one or more corresponding slots or channels 512 defined in the lockable enclosure 500 .
- the engagement members 510 are configured to slide within the slots 512 .
- the engagement members 510 may be incapable of engaging the slots 512 until a data drive has been inserted within the latch 502 .
- the latch 502 may be incapable of sliding within the lockable enclosure 500 until a data drive is inserted.
- insertion of an old data drive 504 within the latch 502 may cause the flexible members 508 to bias outwardly to align the engagement members 510 with the slots 512 when a data drive with the appropriate width is inserted therein.
- the latch 502 may be capable of sliding in only one direction and cannot be slid in an opposite direction.
- the lockable enclosure 500 may include one or more ribs 514 that are configured to block the latch 502 from sliding in an opposite direction.
- embodiments of the present invention may provide features that make defeating the lockable enclosure 500 difficult, such as attempted picking of the lockable enclosure.
- two tools would be needed to engage the flexible members 508 so as to align them with the slots 5120 to defeat the lockable enclosure 500 which may be difficult to accomplish.
- FIG. 43 shows an example of a new data drive 506 positioned within the lockable enclosure 500 .
- the lockable enclosure 500 may define an opening 516 configured to receive an old data drive 504 therein.
- the opening 516 may be defined in a top surface of the lockable enclosure 500 and sized to receive the old data drive 504 and facilitate engagement with the latch 502 .
- a user is able to push the latch 502 in a direction towards the new data drive 506 .
- the new data drive 506 is pushed out of an opening 522 defined in the lockable enclosure (see. FIG. 45 ).
- the end of the lockable enclosure 500 may define an opening 522 that is sized to allow the new data drive 506 to fit through the opening.
- the latch 502 cannot be reversed and moved in an opposite direction.
- the latch 502 may be configured to surround the data drive 504 such that any electrical contacts or pins on the data drive are incapable of being accessed once the data drive is inserted therein. In this way, the contacts of the data drive 504 cannot be accessed by an unauthorized person.
- the new data drive 506 has been removed (see FIG. 46 )
- the old data drive 504 is retained within the lockable enclosure 500 and cannot be removed without damaging the enclosure. In some cases, the lockable enclosure 500 and old data drive 504 retained therein may be destroyed as discussed above.
- the old data drive 504 may be held in place within the lockable enclosure 500 by any number of means, such as for example, a friction fit, crush ribs, breakable tines or any other means that prevents the data drive from being removed.
- the old data drive 504 may be recessed into the lockable enclosure 500 , and the lockable enclosure may have a tight fit around the data drive such that it is difficult to access or remove the data drive using tools or fingers or by impact to the outside of the enclosure.
- sliding the latch 502 from the first position to the second position may reveal a UPC, QR, barcode, serial number, or like identifier 518 for identifying the lockable enclosure 500 (see FIG. 46 ) and in some cases correlating the lockable enclosure with the old data drive 506 for chain of custody, as described above.
- FIG. 40 shows an embodiment of a lockable enclosure 500 that employs a cam 520 configured to rotate.
- the latch may be a cam or other rotatable mechanism.
- the cam 520 may be configured to rotate by the act of inserting the old data drive 504 , and the rotation would cause the new data drive 506 to be dispensed.
- a latch with engagement members may be configured to prevent the cam from rotating unless a data drive with the correct width is inserted into the lockable enclosure.
- FIG. 40 illustrates that rather than an old data drive and a new data drive being positioned end-to-end to one another, the drives could be configured to be placed such that one data drive overlies the other data drive or that the drives are configured to slide relative to one another in an overlying manner.
- FIGS. 47 - 50 illustrate additional embodiments of the present invention.
- FIG. 47 shows an embodiment of a lockable enclosure suitable for a compact flash drive
- FIG. 48 shows an embodiment of a lockable enclosure suitable for an SD card
- FIG. 49 shows an embodiment of a lockable enclosure suitable for a SSD drive
- FIG. 50 shows an embodiment of a lockable enclosure suitable for an USB drive.
- FIGS. 47 - 48 include features similar to the lockable enclosure 500 described above with respect to the embodiments of FIGS. 41 - 46 .
- embodiments of lockable enclosures are configured to use with any number of desired media.
- FIG. 49 illustrates an alternative embodiment for a lockable enclosure 600 .
- the lockable enclosure 600 may also operate similar to that described above (i.e., one-in-one out) but is configured for use with larger data drives without necessarily increasing the size of the lockable enclosure.
- the latch 602 may be configured to engage one or more engagement members 604 on the data drive 506 itself (e.g., holes defined on opposite sides of an SSD drive).
- the latch 602 may include engagement members 606 that are configured to engage the engagement members 604 of the data drive 506 .
- the latch 602 is configured to move within the housing to dispense the new data drive 506 .
- the latch 602 includes a pair of movable members 608 that are configured to move when an old data drive 504 is inserted within the housing.
- the movable members 608 may be spring biased towards an engaged position with the data drive 506 in some instances.
- the engagement members 606 may be operably engaged with the movable members 608 such that as the old data drive 504 is inserted within the housing, the movable members move to disengage the engagement members 604 , 606 from one another.
- the new data drive 506 may be configured to be partially displaced from the housing while the engagement members 604 , 606 are still engaged with one another.
- the latch 602 may be configured to engage the engagement members 604 of the data drive 504 when the data drive is inserted within the housing so that the old data drive is incapable of being backed out or otherwise removed from the housing.
- the movable members 608 may be configured to pivot between engaged and disengaged positions with the new data drive 506 , such as via sliding of the latch 602 relative to the housing as the old data drive 506 is inserted within the housing. In other embodiments, the movable members 608 may be flexible and configured to flex between engaged and disengaged positions.
- FIG. 50 shows an embodiment of a lockable enclosure 700 .
- the data drive 702 may be configured to be housed within the housing in a first position in which the data drive is able to be removed. Thus, a user is able to freely remove the data drive 702 for use.
- the data drive 702 may be tethered to the housing, such as via a cable 704 , wire, or the like.
- a cable 704 may be attached to the data drive 702 at one end and attached to the housing at an opposite end.
- the data drive 702 is configured to be reinserted within the housing in a second position.
- the second position may be a different position than the first position, e.g., the data drive may sit lower within the housing in the second position compared to the first position.
- a latch 706 is configured to be moved to secure the data drive 702 within the housing.
- the latch 706 is incapable of being moved relative to the housing when the data drive 702 is in the first position.
- the data drive 702 may be incapable of being removed from the housing without damaging the lockable enclosure 700 or the data drive.
- the latch 706 may be a one-way latch that is incapable of being moved back to reveal the data drive 702 once in the second position.
- Embodiments of the present invention may utilize similar technology as that disclosed in PCT Publication No. WO 2020/227513, U.S. Pat. No. 11,361,635, PCT Publication No. WO 2022/027021, U.S. Publ. No. 2022/0166785, International Appl. No. PCT/US2021/064837, U.S. Provisional Appl. No. 63/059,280, U.S. Provisional Appl. No. 63/187,747, and U.S. Provisional Appl. No. 63/131,887, the contents of which are each hereby incorporated by reference in their entirety herein.
Landscapes
- Engineering & Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
Abstract
Embodiments of the present invention are directed to systems, devices, lockable enclosures, and methods for data centers. In one example, a lockable enclosure for a data drive is provided. The lockable enclosure includes a housing configured to retain a first data drive and a latch contained within the housing and configured to receive a second data drive, wherein the latch is configured to move within the housing for dispensing the first data drive from the housing while the second data drive remains secured therein.
Description
- This application is a continuation of U.S. application Ser. No. 18/093,582, filed on Jan. 5, 2023, which is a continuation of U.S. application Ser. No. 17/845,075, filed Jun. 21, 2022, and claims the benefit of priority to U.S. Provisional Application No. 63/213,538, filed Jun. 22, 2021, U.S. Provisional Application No. 63/216,255, filed on Jun. 29, 2021, U.S. Provisional Application No. 63/229,126, filed on Aug. 4, 2021 and U.S. Provisional Application No. 63/237,400, filed on Aug. 26, 2021, the entire contents of each of which are hereby incorporated by reference.
- Embodiments of the present invention relates generally to access management, electronic locks, systems, devices, lockable enclosures, and methods for data centers.
- Data centers utilize a variety of media to transfer and store various information. Because the media may contain sensitive or confidential information, it is desirable to ensure that the media is secure and that there is an adequate chain of custody for anyone accessing the media.
- Embodiments of the present invention are directed towards a lockable enclosure for a data drive. The lockable enclosure comprises a housing configured to house a first data drive, the first data drive configured to be removed from the housing. The lockable enclosure also includes a latch contained within the housing and configured to receive a second data drive, wherein the latch is configured to move within the housing for dispensing the first data drive from the housing while the second data drive remains secured therein.
- In another embodiment, a lockable enclosure for a data drive is provided. The lockable enclosure includes a housing configured to contain a first data drive, the first data drive configured to be removed from the housing. The housing is configured to receive a second data drive, and the first data drive is only configured to be removed from the housing when the second data drive is secured therein.
- In another embodiment, a method for securing and dispensing data drives. The method includes providing a housing containing a first data drive, the first data drive configured to be removed from the housing. The method further includes inserting a second data drive within the housing and dispensing the first data drive from the housing only when the second data drive is secured within the housing.
- In some embodiments, a security system for a data center is provided. The security system includes a plurality of electronic keys and a plurality of media drives configured to be removably connected to a respective electrical component of a server rack, each of the media drives configured to communicate with any one of the electronic keys for enabling the media drive to communicate with the component. In aspects of the security system, each of the media drives is a USB drive with a USB connector. In other aspects, each of the media drives is the same size and configuration as an SSD drive. In some cases, each of the media drives comprises a connector configured to move between a retracted position and an extended position relative to the media drive, and the connector is configured to be removably connected to the electrical component. In other cases, the security system also includes one or more remote devices configured to communicate with the plurality of electronic keys and/or the media drives in a cloud network. In one aspect, each of the media devices comprises a unique identifier, and each of the electronic keys is configured to obtain the unique identifier from the media device when the media device is enabled. In another aspect, each of the media drives is configured to be disabled upon removal from the respective electrical component. In yet another aspect, each of the media drives has a disabled mode whereby the media drive is incapable of communicating with the component, and each of the media drives is configured to communicate with one of the electronic keys in the disabled mode for enabling the media drive to communicate with the respective component.
- In another embodiment, a security device for a data center is provided. The security device comprises a media drive configured to be removably connected to a component of a server rack, the media drive having a disabled mode whereby the media drive is incapable of communicating with the component, the media drive is configured to communicate with a key in the disabled mode for enabling the media drive to communicate with the component. In some aspects, the media drive is a USB drive with a USB connector. In another aspect, the media drive is the same size and configuration as an SSD drive. In one example, the media drive comprises a connector configured to move between a retracted position and an extended position relative to the media drive, and wherein the connector is configured to be removably connected to the component.
-
FIG. 1A shows an embodiment of a security system and method including a programmable electronic key, a security device, a programming station and a charging station according to an embodiment of the invention. -
FIG. 1B is an enlarged view showing the programmable electronic key ofFIG. 1A positioned on the programming station ofFIG. 1A to be programmed with a security code. -
FIG. 2 further shows the system and method ofFIG. 1A with the programmable electronic key positioned to operate the security device. -
FIG. 3A further shows the system and method ofFIG. 1A with the programmable electronic key disposed on the charging station. -
FIG. 3B is an enlarged view showing the programmable electronic key ofFIG. 1A positioned on the charging station ofFIG. 1A to recharge a power source disposed within the key. -
FIG. 4 is an enlarged view showing the security device of the system and method ofFIG. 1A . -
FIG. 5 is an enlarged view showing the programmable electronic key of the system and method ofFIG. 1A in greater detail. -
FIG. 6 is an exploded view of the programmable electronic key ofFIG. 5 . -
FIG. 7A is a perspective view of the programmable electronic key ofFIG. 5 . -
FIG. 7B is an end view of the programmable electronic key ofFIG. 5 . -
FIG. 8 is a perspective view showing a lengthwise cross-section of the programmable electronic key ofFIG. 5 . -
FIG. 9A is a top view showing the charging station of the system and method ofFIG. 1A . -
FIG. 9B is a perspective view showing a diagonal cross-section of the charging station ofFIG. 9A taken along theline 9B-9B. -
FIG. 10 shows another embodiment of a security system and method including a programmable electronic key, a security device, a programming station and a charging station according to an embodiment of the invention. -
FIG. 11 is an enlarged view showing the programmable electronic key ofFIG. 10 positioned on the charging station ofFIG. 10 to recharge a power source disposed within the key. -
FIG. 12 is an enlarged view showing the security device of the system and method ofFIG. 10 . -
FIG. 13 is an enlarged view showing the programmable electronic key of the system and method ofFIG. 10 in greater detail. -
FIG. 14 is a perspective view showing a pair of matched coils for use with the programmable electronic key and the security device ofFIG. 10 . -
FIG. 15A is a perspective view of the programmable electronic key ofFIG. 13 . -
FIG. 15B is an end view of the programmable electronic key ofFIG. 13 . -
FIG. 16 is a perspective view showing a lengthwise cross-section of the programmable electronic key ofFIG. 13 . -
FIG. 17A is a top view showing the charging station of the system and method ofFIG. 10 . -
FIG. 17B is a perspective view showing a diagonal cross-section of the charging station ofFIG. 17A taken along the line 17B-17B. -
FIG. 18 illustrates a system comprising a server rack and a lock according to an embodiment of the invention. -
FIG. 19 illustrates a system comprising a server rack and a lock configured to communicate with a remote device according to an embodiment of the invention. -
FIG. 20 is a perspective view of a lockable enclosure and a secure bin according to one embodiment. -
FIG. 21 are perspective views of the lockable enclosure shown inFIG. 20 showing the sequence of securing the media in the lockable enclosure according to one embodiment. -
FIG. 22 are perspective views of the lockable enclosure and media shown inFIG. 20 . -
FIG. 23 is a front view of the lockable enclosure and media shown inFIG. 20 . -
FIG. 24 is a front view of the lockable enclosure shown inFIG. 20 and a remote device prior to securing the media according to one embodiment. -
FIG. 25 is a front view of the lockable enclosure shown inFIG. 20 prior to locking the media therein according to one embodiment. -
FIG. 26 is a front view of the lockable enclosure shown inFIG. 20 and a remote device prior to locking the lockable enclosure according to one embodiment. -
FIG. 27 is a front view of the lockable enclosureFIG. 20 with the media locked therein according to one embodiment. -
FIG. 28 is a front view of the lockable enclosure shown inFIG. 20 and a remote device after locking the lockable enclosure according to one embodiment. -
FIG. 29 is another front view of the lockable enclosure shown inFIG. 20 . -
FIG. 30 is a front view of the lockable enclosure shown inFIG. 20 and a remote device after detecting a tamper attempt according to one embodiment. -
FIG. 31 is a perspective view of a USB drive according to one embodiment. -
FIG. 32 are perspective views of the USB drive shown inFIG. 31 in different states. -
FIG. 33 are perspective views of the USB drive shown inFIG. 31 prior to removal of the USB connector according to one embodiment. -
FIG. 34 is a perspective view of the USB drive shown inFIG. 31 in communication with an electronic key according to one embodiment. -
FIG. 35 show perspective views of a lockable enclosure according to another embodiment. -
FIG. 36 are perspective views of the lockable enclosure shown inFIG. 35 showing the sequence of securing the media in the lockable enclosure according to one embodiment. -
FIG. 37 are side views of the lockable enclosure shown inFIG. 35 . -
FIG. 38 are perspective views of the lockable enclosure shown inFIG. 35 showing the sequence of securing the media in the lockable enclosure according to one embodiment. -
FIG. 39 is an elevation view of a lockable enclosure according to one embodiment. -
FIG. 40 is a side view of a lockable enclosure according to one embodiment. -
FIG. 41 is an elevation view of a lockable enclosure with a latch in a first position according to one embodiment. -
FIG. 42 is an elevation view of the lockable enclosure shown inFIG. 41 with the latch in a second position. -
FIG. 43 is an elevation view of the lockable enclosure shown inFIG. 41 with the latch in a first position and housing a new media drive. -
FIG. 44 is an elevation view of the lockable enclosure shown inFIG. 41 with the latch in a first position and after receiving an old media drive. -
FIG. 45 is an elevation view of the lockable enclosure shown inFIG. 41 with the latch in a second position for dispensing the old media drive. -
FIG. 46 is an elevation view of the lockable enclosure shown inFIG. 41 with the latch in the second position and housing the old media drive. -
FIG. 47 are perspective views of a lockable enclosure in a first position and a second position for dispensing a new media drive according to one embodiment. -
FIG. 48 are perspective views of a lockable enclosure in a first position and a second position for dispensing a new media drive according to one embodiment. -
FIG. 49 are perspective views of a lockable enclosure in a first position and a second position for dispensing a new media drive according to one embodiment. -
FIG. 50 are perspective views of a lockable enclosure in a first position and a second position for securing a data drive according to one embodiment. - Referring now to the accompanying drawing figures wherein like reference numerals denote like elements throughout the various views, one or more embodiments of a security system and method for data centers are shown. In the embodiments shown and described herein, the system and method include an electronic key and a security device. Security devices suitable for use with the electronic keys include, but are not limited to, security devices for various types of fixtures, such as server racks for storing various types and quantities of computer and/or network equipment or components, such as for example, servers, computers, hard drives, media storage, routers, hubs, network switches, etc. The server rack may define an enclosure that is configured to secure various computer and/or network equipment or components that is only configured to be accessed by authorized personnel, such as described in the following embodiments. Of course, embodiments of the present invention are applicable to any number of security devices for securing various items from theft, including those other than with respect to data centers. Embodiments of the present invention may provide security devices for protecting equipment from theft in a data center environment that may include valuable data as well as providing various data regarding accesses or attempted accesses to the equipment. Moreover, although some embodiments disclosed herein are directed to use of security devices with cabinets, it is understood that any variety of fixtures may be used that are configured to house or otherwise secure items to be secured.
- An embodiment of a system and method according to the invention is illustrated in
FIGS. 1A-9B . The embodiment of the security system and method depicted comprises a programmableelectronic key 20, which is also referred to herein as a security key or an electronic key, and asecurity device 40 that is configured to be operated by the key. The system and method may further comprise an optional programming or authorization station, indicated generally at 60, that is operable for programming the key 20 with a security code, which is also referred to herein as a Security Disarm Code (SDC). The term SDC is not intended to be limiting, as it may be any code configured to be used to determine whether the key 20 is authorized to control thesecurity device 40. In addition toprogramming station 60, the system and method may further comprise an optional charging station, indicated generally at 80, that is operable for initially charging and/or subsequently recharging a power source disposed within the key 20. For example,security key 20 andsecurity device 40 may each be programmed with the same SDC into a respective permanent memory. Thesecurity key 20 may be provisioned with a single-use (e.g., non-rechargeable) power source, such as a conventional or extended-life battery, or alternatively, the key may be provisioned with a multiple-use (e.g., rechargeable) power source, such as a conventional capacitor or rechargeable battery. In either instance, the power source may be permanent, semi-permanent (e.g., replaceable), or rechargeable, as desired. In the latter instance, chargingstation 80 is provided to initially charge and/or to subsequently recharge the power source provided within thesecurity key 20. Furthermore, key 20 and/orsecurity device 40 may be provided with only a transient memory, such that the SDC must be programmed (or reprogrammed) at predetermined time intervals. In this instance,programming station 60 is provided to initially program and/or to subsequently reprogram the SDC into the key 20. As will be described, key 20 is operable to initially program and/or to subsequently reprogram thesecurity device 40 with the SDC.Key 20 is then further operable to operate thesecurity device 40 using power transferred to the security device and/or data communicated with the device, as will be described. - In one embodiment of the system and method illustrated in
FIGS. 1A-9B , programmableelectronic key 20 is configured to be programmed with a unique SDC by theprogramming station 60. Aprogramming station 60 suitable for use with the present invention is shown and described in detail in the commonly owned U.S. Pat. No. 7,737,844 entitled PROGRAMMING STATION FOR A SECURITY SYSTEM FOR PROTECTING MERCHANDISE, the disclosure of which is incorporated herein by reference in its entirety. As illustrated inFIG. 1A and best shown in enlargedFIG. 1B , the key 20 is presented to theprogramming station 60 and communication therebetween is initiated, for example by pressing acontrol button 22 provided on the exterior of the key. Communication between theprogramming station 60 and the key may be accomplished directly, for example, by one or more electrical contacts, or indirectly, for example by wireless communication. Any form of wireless communication capable of transferring data between theprogramming station 60 and key 20 is also possible, including without limitation optical transmission, acoustic transmission, or magnetic induction. In the embodiments shown and described herein, communication betweenprogramming station 60 and key 20 is accomplished by wireless optical transmission, and more particularly, by cooperating infrared (IR) transceivers provided in the programming station and the key. The components and method of IR communication betweenprogramming station 60 and key 20 is described in greater detail in the aforementioned U.S. Pat. No. 7,737,844, and accordingly, will not be repeated here. For the purpose of describing the present invention, it is sufficient that the programming station comprises at least a logic control circuit for generating or being provided with a SDC, a memory for storing the SDC, and a communications system suitable for interacting with the programmable electronic key 20 in the manner described herein to program the key with the SDC. - As shown in
FIG. 1B ,programming station 60 comprises ahousing 61 configured to contain the logic control circuit that generates the SDC, the memory that stores the SDC, and a communications system, namely an optical transceiver, for wirelessly communicating the SDC to a cooperating optical transceiver disposed within the key 20. In use, the logic control circuit generates the SDC, which may be a predetermined (e.g., “factory preset”) security code, a serial number, or which may be a security code that is randomly generated by the logic control circuit of theprogramming station 60 at the time a first key 20 is presented to the station for programming. In the latter instance, the logic control circuit further comprises a random number generator for producing the unique SDC. A series of visual indicators, for example light-emitting diodes (LEDs) 67 may be provided on the exterior of thehousing 61 for indicating the operating status of the programming station. Use of theprogramming station 60 may further require authorization, such as with a mechanical lock mechanism, for example, a conventional key andtumbler lock 68, for preventing use of the programming station by an unauthorized person. Alternatively, theprogramming station 60 may require various other forms of authentication, such as a pin code, biometric identification, facial recognition, etc. in order to activate the key 20 or otherwise gain access to the key. As shown herein, theprogramming station 60 may be operatively connected to an external power source by apower cord 70 having at least one conductor. Alternatively, theprogramming station 60 may comprise an internal power source, for example an extended-life replaceable battery or a rechargeable battery, for providing power to the logic control circuit and theLEDs 67. - In one example embodiment, the logic control circuit of the
programming station 60 performs an electronic exchange of data with a logic control circuit of the key 20, commonly referred to as a “handshake communication protocol.” The handshake communication protocol determines whether the key is an authorized key that has not been programmed previously, or is an authorized key that is being presented to the programming station a subsequent time to refresh the SDC. In the event that the handshake communication protocol fails, theprogramming station 60 will not provide the SDC to the unauthorized device attempting to obtain the SDC, for example an infrared reader on a counterfeit key. When the handshake communication protocol succeeds,programming station 60 permits the SDC randomly generated by the logic control circuit and/or stored in the memory of the station to be transmitted by the optical transceiver to the cooperating optical transceiver disposed within the key 20. As will be readily apparent to those skilled in the art, the SDC may be transmitted from theprogramming station 60 to thesecurity key 20 alternatively by any other suitable means, including without limitation, electrical contacts or electromechanical, electromagnetic or magnetic conductors, as desired. - As illustrated in
FIG. 2 , thesecurity key 20 programmed with the SDC is then positioned to operatively engage thesecurity device 40. In the embodiments shown and described herein, the security device is a conventional cabinet lock that has been modified to be unlocked by the programmableelectronic key 20. Preferably, thesecurity device 40 is a “passive” device. As used herein, the term passive is intended to mean that thesecurity device 40 does not have an internal power source sufficient to perform any functions (e.g., lock and/or unlock a mechanical lock mechanism). Significant cost savings are obtained by a retailer when thesecurity device 40 is passive since the expense of an internal power source is confined to thesecurity key 20, and one such key is able to operate multiple security devices. If desired, thesecurity device 40 may also be provided with a temporary power source (e.g., capacitor or limited-life battery) having sufficient power to activate an alarm, for example a piezoelectric audible alarm, that is actuated by a sensor, for example a contact, proximity or limit switch, in response to a security breach. The temporary power source may also be sufficient to communicate data, for example a SDC, from thesecurity device 40 to thesecurity key 20 to authenticate the security device and thereby authorize the key to provide power to the security device. With this embodiment of the present invention, the mechanical lock mechanism is operated by electrical power that is transferred from the key 20 to thesecurity device 40 via electrical contacts, as will be described. - The
security device 40 further comprises a logic control circuit, similar to the logic control circuit disposed within the key 20, adapted to perform a handshake communication protocol with the logic control circuit of the key in essentially the same manner as that between theprogramming station 60 and the key. In essence, the logic control circuit of the key 20 and the logic control circuit of thesecurity device 40 communicate with each other to determine whether the security device is an authorized device that does not have a security code, or is a device having a proper (e.g., matching) SDC. The key 20 may be configured to initially transfer power to thesecurity device 40 in the event the security device is a passive device to allow the security device to communicate with the key. In the event the handshake communication protocol fails (e.g., the device is not authorized or the device has a non-matching SDC), the key 20 will not program thedevice 40 with the SDC, and consequently, the security device will not operate. If thesecurity device 40 was previously programmed with a different SDC, the device will no longer communicate with thesecurity key 20. In the event the handshake communication protocol is successful, the security key 20 permits the SDC stored in the key to be transmitted by the optical transceiver disposed within the key to a cooperating optical transceiver disposed within thesecurity device 40 to program the device with the SDC. As will be readily apparent to those skilled in the art, the SDC may be transmitted from thesecurity key 20 to thesecurity device 40 alternatively by any other suitable means, including without limitation, via one or more electrical contacts, or via electromechanical, electromagnetic or magnetic conductors, as desired. Furthermore, the SDC may be transmitted by inductive transfer of data from the programmable electronic key 20 to theprogrammable security device 40. - On the other hand, when the handshake communication protocol is successful and the
security device 40 is an authorized device having the same (e.g., matching) SDC, the mechanical lock mechanism of thesecurity device 40 may operate using power from the key 20, either power that had been previously transferred by the key and stored by the security device and/or by power transmitted by the key to the security device. In the embodiment ofFIGS. 1A-9B , electrical contacts disposed on thesecurity key 20 electrically couple with cooperating electrical contacts on thesecurity device 40 to transfer power from the internal battery of the key to the security device. Power may be transferred directly to the mechanical lock mechanism, or alternatively, may be transferred to a power circuit disposed within thesecurity device 40 that operates the mechanical lock mechanism of the security device and may be configured to store the power for subsequent operation of the lock mechanism. In the embodiment ofFIGS. 1A-9B , thecabinet lock 40 is affixed to one of the pair of adjacent and overlapping slidingdoors 102 of aconventional cabinet 100. Thecabinet 100 typically contains various types ofequipment 110. Thedoors 102 overlap medially between the ends of thecabinet 100 and thecabinet lock 40 is secured on anelongate locking arm 104 of alock bracket 105 affixed to the inner door. In the illustrated example, the key 20 transfers power to an electric motor, such as a DC stepper motor, solenoid, or the like, that unlocks the lock mechanism of thecabinet lock 40 so that the cabinet lock can be removed from thearm 104 of thebracket 105 and the doors moved (e.g., slid) relative to one another to access theequipment 110 stored within thecabinet 100. As shown, thearm 104 of thebracket 105 is provided with one-way ratchet teeth 106 and thecabinet lock 40 is provided with a complimentary ratchet pawls (not shown) in a conventional manner so that the key 20 is not required to lock thecabinet lock 40 onto theinner door 102 of thecabinet 100. If desired, however, thecabinet lock 40 can be configured to require use of the key 20 to both unlock and lock the cabinet lock. - It will be readily apparent to those skilled in the art that the cabinet lock illustrated herein is but one of numerous types of
passive security devices 40 that can be configured to be operated by a programmable electronic key 20 according to the present invention. In any of the aforementioned embodiments, thesecurity device 40 may further comprise an electronic lock mechanism, such as a conventional proximity, limit or contact switch, including an associated monitoring circuit that activates an alarm in response to the switch being actuated or the integrity of a sense loop monitored by the monitoring circuit being compromised. In such embodiments thesecurity device 40 comprises a logic control circuit, or the equivalent, including a memory for storing a SDC, and a communication system for initially receiving the SDC from thesecurity key 20 and subsequently communicating with the key to authenticate the SDC of the key. - As illustrated in
FIG. 3A and shown enlarged inFIG. 3B , the security system and method further comprises chargingstation 80 for initially charging and subsequently recharging a rechargeable battery disposed within thesecurity key 20. The chargingstation 80 comprises at least one chargingport 82 sized and shaped to receive a key 20 to be charged or recharged. As will be described in greater detail with reference toFIGS. 9A and 9B , each chargingport 82 comprises at least onemagnet 85 for securely positioning and retaining the key 20 within the chargingport 82 in electrical contact with the chargingstation 80. If desired, the chargingstation 80 may comprise an internal power source, for example, an extended-life replaceable battery or a rechargeable battery, for providing power to up to fourkeys 20 positioned within respective chargingports 82. Alternatively, and as shown herein, chargingstation 80 may be operatively connected to an external power source by apower cord 90 having at least one conductor. In some embodiments theprogramming station 60 and chargingstation 80 may be integrated into a single component. - In some embodiments, the
electronic key electronic key programming station 60. For example, a keycode entered by the user at theprogramming station 60 may be used to initially check out a key 20, 120. However, the user may be further required to present his or her fingerprint to the key 20, 120 (or other authentication using the key itself) before the key is capable of being used to control or communicate with asecurity device 40. The user may be required to present his or her fingerprint to the key 20, 120 within a predetermined time window in order to authorize the key for use. Otherwise, the user may be required to return to theprogramming station 60 to start the check out process over. The key 20, 120 may be configured to store the user's fingerprint in memory and/or access attempts for auditing purposes. The data could be communicated to one or moreremote devices 250 in some embodiments. In addition, key 20, 120 may be configured to detect and/or record unauthorized access attempts based on another user attempting to use the key that does not match the stored fingerprint. In lieu of biometric identification, other forms of authentication could be used, such as for example, a “morse code” number of button presses on the key 20, 120. Thus, the user is able to use the key 20, 120 only if the button presses matches a predetermined sequence stored by the key. - According to other embodiments, a plurality of
keys security device 40. In this regard, thesecurity device 40 may include different modes of operation, e.g., (i) a single mode where asingle key security device 40 may be hardcoded with the desired mode of operation, while in other cases mechanical switches or the like could be used to change the mode of operation of the security device. In some embodiments, the key 20, 120 is configured to provide information regarding the mode of operation regardless of the type ofsecurity device 40. For example, the key 20, 120 may be configured to communicate the desired mode to thesecurity device 40. In this way, the key 20, 120 may communicate a dual-mode operation to thesecurity device 40, which would require more than one user to present an authorized key to the security device before the security device may be operated. There may bemaster keys security devices 40 that require multiple user authentication. In one embodiment, a user identification code and an SDC is needed prior to controlling thesecurity device 40 using a key 20, 120. For instance, a user may be required to check out a key 20, 120 using aprogramming station 60, which would then program the key with the required modes of operation andsecurity devices 40 that the user is able to access. In some cases, the dual-mode setting overrides any single mode of operation. Namely, a key 20, 120 required to operate in dual mode would override any single mode setting in the lock and vice versa. - In other embodiments,
multiple security devices 40 may be configured to secure a single fixture. For example, in some applications, safety or additional authorization may be required prior to granting access to a fixture. One example of this is a hasp for securing access to circuit breakers where the hasp is configured to be used with a plurality ofsecurity devices 40, such as padlocks configured to operate with key 20, 120. In this instance, a plurality ofsecurity devices 40 may be desired to be used to ensure safety of the technicians, since all security devices would need to be unlocked prior to granted access to the fixture. Typically, technicians have no awareness of when thesecurity device 40 has been removed or added. However, usingkeys security devices 40. For instance, the time stamp of the time thesecurity device 40 was accessed and by whom could be recorded. Moreover, access to the fixture may be combined with other authorization techniques disclosed herein, such as biometric identification on the key 20, 120 and/or multiple modes of operation of the security device and/or key. In some cases, various levels of alerts may be configured to be provided to the technicians, such as viaremote devices 250, to the technician'skeys - An available feature of a security system and method according to the invention is that the logic control circuit of the programmable electronic key 20 may include a time-out function. More particularly, the ability of the key 20 to transfer data and power to the
security device 40 is deactivated after a predetermined time period. By way of example, the logic control circuit may be deactivated after about eight hours from the time the key was programmed or last refreshed by theprogramming station 60. Thus, an authorized sales associate typically must program or refresh the key 20 assigned to him at the beginning of each work shift. Furthermore, the chargingstation 80 may be configured to deactivate the logic control circuit of the key 20 (and thereby prevent use of the SDC) when the key is positioned within a chargingport 82. In this manner, the chargingstation 80 can be made available to an authorized sales associate in an unsecured location without risk that a charged key 20 could be removed from the charging station and used to maliciously disarm and/or unlock asecurity device 40. Thesecurity key 20 would then have to be programmed or refreshed with the SDC by theprogramming station 60, which is typically monitored or maintained at a secure location, in order to reactivate the logic control circuit of the key. If desired, the chargingstation 80 may alternatively require a matching handshake communication protocol with the programmable electronic key 20 in the same manner as thesecurity device 40 and the key. -
FIG. 4 is an enlarged view showing the embodiment of thesecurity device 40 in greater detail. As previously mentioned, asecurity device 40 according to the present invention may utilize electrical power to lock and/or unlock a mechanical lock mechanism, and optionally, further includes an electronic lock mechanism, such as an alarm or a security “handshake.” At the same time, thesecurity device 40 must be a passive device in the sense that it does not have an internal power source sufficient to operate (e.g., actuate the mechanical lock mechanism). As a result, thesecurity device 40 must be configured to receive at least power, and in some cases, both power and data from an external source, such as thesecurity key 20 shown and described herein. The embodiment of the security device depicted inFIG. 4 is acabinet lock 40 configured to be securely affixed to thelocking arm 104 of a conventionalcabinet lock bracket 105, as previously described. Thecabinet lock 40 comprises a logic control circuit for performing a security handshake communication protocol with the logic control circuit of thesecurity key 20 and for being programmed with the SDC by the key. In other embodiments, thecabinet lock 40 may be configured to transmit the SDC to thesecurity key 20 to authenticate the security device and thereby authorize the key to transfer power to the cabinet lock. As previously mentioned, the data (e.g., handshake communication protocol and SDC) may be transferred (e.g., transmitted and received) by electrical contacts, optical transmission, acoustic transmission or magnetic induction, for example. - The
cabinet lock 40 comprises a housing 41 sized and shaped to contain a logic control circuit (not shown) and an internal mechanical lock mechanism (not shown). Atransfer port 42 formed in the housing 41 is sized and shaped to receive a transfer probe of thesecurity key 20, as will be described. At least onemagnet 45 is disposed within thetransfer port 42 for securely positioning and retaining the transfer probe of the key 20 in electrical contact with electrical contacts of the mechanical lock mechanism, and if desired, in electrical contact with the logic control circuit of thecabinet lock 40. In the embodiment shown and described inFIGS. 1A-9B , data is transferred from thesecurity key 20 to thecabinet lock 40 by wireless communication, such as by infrared (IR) optical transmission, as shown and described in the commonly owned U.S. Pat. No. 7,737,843 entitled PROGRAMMABLE ALARM MODULE AND SYSTEM FOR PROTECTING MERCHANDISE, the disclosure of which is incorporated herein by reference in its entirety. Power is transferred from thesecurity key 20 to thecabinet lock 40 through electrical contacts disposed on the transfer probe of the key and corresponding electrical contacts disposed within thetransfer port 42 of the cabinet lock. For example, thetransfer port 42 may comprise a metallicouter ring 46 that forms one electrical contact, while at least one of themagnets 45 form another electrical contact to complete an electrical circuit with the electrical contacts disposed on the transfer probe of the key 20. Regardless, electrical contacts transfer power from the key 20 to the mechanical lock mechanism disposed within the housing 41. As previously mentioned, the power transferred from the key 20 is used to operate the mechanical lock mechanism, for example utilizing an electric motor, DC stepper motor, solenoid, or the like, to unlock the mechanism so that thecabinet lock 40 can be removed from the lockingarm 104 of thelock bracket 105. -
FIGS. 5-8 show an embodiment of a security key, also referred to herein as a programmable electronic key, 20 according to the present invention. As previously mentioned, thesecurity key 20 is configured to transfer both data and power to asecurity device 40 that comprises an electronic lock mechanism and a mechanical lock mechanism, as previously described. Accordingly, the programmable electronic key 20 must be an “active” device in the sense that it has an internal power source sufficient to operate the mechanical lock mechanism of thesecurity device 40. As a result, the programmable electronic key 20 may be configured to transfer both data and power from an internal source disposed within the key, for example a logic control circuit and a battery. The embodiment of the programmable electronic key 20 depicted inFIGS. 5-8 is a security key configured to be received within thetransfer port 42 of thecabinet lock 40 shown inFIG. 4 , as well as within theprogramming port 62 of the programming station 60 (FIG. 2 ;FIG. 3A ) and the chargingport 82 of the charging station 80 (FIG. 3B ;FIG. 9A ;FIG. 9B ). The programmableelectronic key 20 comprises a logic control circuit for performing a handshake communication protocol with the logic control circuit of theprogramming station 60 and for receiving the SDC from the programming station, as previously described. The logic control circuit of the programmable electronic key 20 further performs a handshake communication protocol with the logic control circuit of thesecurity device 40 and transfers the SDC to the device or permits operation of the device, as previously described. As previously mentioned, the data (e.g., handshake communication protocol and SDC) may be transferred by direct electrical contacts, optical transmission, acoustic transmission or magnetic induction. - As illustrated in
FIG. 6 , the programmableelectronic key 20 comprises ahousing 21 and anouter sleeve 23 that is removably disposed on the housing. Thehousing 21 contains the internal components of the key 20, including without limitation the logic control circuit, memory, communication system and battery, as will be described. Awindow 24 may be formed through theouter sleeve 23 forviewing indicia 24A that uniquely identifies the key 20, or alternatively, indicates a particular server rack for use with the key. Theouter sleeve 23 is removably disposed on thehousing 21 so that theindicia 24A may be altered or removed and replaced with different indicia. The programmable electronic key 20 may further comprise a detachable “quick-release” typekey chain ring 30. An opening 26 (FIG. 8 ) is formed through theouter sleeve 23 and a keychain ring port 28 is formed in thehousing 21 for receiving thekey chain ring 30. The programmable electronic key 20 further comprises atransfer probe 25 located at an end of thehousing 21 opposite the keychain ring port 28 for transferring data and power to thesecurity device 40, as previously described. Thetransfer probe 25 also transmits and receives the handshake communication protocol and the SDC from theprogramming station 60, as previously described, and receives power from the chargingstation 80, as will be described in greater detail with reference toFIG. 9A andFIG. 9B . - As best shown in
FIG. 8 , aninternal battery 31 and a logic control circuit, or printed circuit board (PCB) 32 are disposed within thehousing 21 of the programmableelectronic key 20.Battery 31 may be a conventional extended-life replaceable battery, but preferably, is a rechargeable battery suitable for use with the chargingstation 80. Thelogic control circuit 32 is operatively coupled and electrically connected to aswitch 33 that is actuated by thecontrol button 22 provided on the exterior of the key 20 through theouter sleeve 23.Control button 22 in conjunction withswitch 33 controls certain operations of thelogic control circuit 32, and in particular, transmission of the data to thesecurity device 40. In that regard, thelogic control circuit 32 is further operatively coupled and electrically connected to acommunication system 34 for transmitting and receiving the handshake communication protocol and SDC data. In the embodiment shown and described herein, thecommunication system 34 is a wireless infrared (IR) transceiver for optical transmission of data between the programmableelectronic key 20 and theprogramming station 60, as well as between the key 20 and thesecurity device 40. As a result, thetransfer probe 25 of the key 20 is provided with an optically transparent ortranslucent filter window 35 for emitting and collecting optical transmissions between the key 20 and theprogramming station 60, or alternatively, between the key 20 and thesecurity device 40, as required.Transfer probe 25 further comprises a pair of bi-directional power transfer electrical contacts 36, 38 made of an electrically conductive material for transferring power to thesecurity device 40 and for receiving power from the chargingstation 80, as required. Accordingly, electrical contacts 36, 38 are electrically connected tobattery 31, and are operatively coupled and electrically connected tologic control circuit 32 in any suitable manner, for example by conductive insulated wires or plated conductors. - An important aspect of a programmable electronic key 20 according to the present invention, especially when used for use in conjunction with a
security device 40 as described herein, is that the key does not require a physical force to be exerted by a user on the key to operate the mechanical lock mechanism of the security device. By extension, no physical force is exerted by the key on the mechanical lock mechanism. As a result, the key cannot be unintentionally broken off in the lock, as often occurs with conventional mechanical key and lock mechanisms. Furthermore, neither the key nor and the mechanical lock mechanism suffer from excessive wear as likewise often occurs with conventional mechanical key and lock mechanisms. In addition, there is no required orientation of thetransfer probe 25 of the programmable electronic key 20 relative to the chargingport 82 of the chargingstation 80 or thetransfer port 42 of thesecurity device 40. Accordingly, any wear of the electrical contacts on thetransfer probe 25, the chargingport 82 or thetransfer port 42 is minimized. As a further advantage, an authorized person is not required to position thetransfer probe 25 of the programmable electronic key 20 in a particular orientation relative to thetransfer port 42 of thesecurity device 40 and thereafter exert a compressive and/or torsional force on the key to operate the mechanical lock mechanism of the device. -
FIG. 9A andFIG. 9B show charging station 80 in greater detail. As previously mentioned, the chargingstation 80 recharges theinternal battery 31 of the programmableelectronic key 20, and if desired, deactivates the data transfer and/or power transfer capability of the key until the key is reprogrammed with the SDC by theprogramming station 60. Regardless, the chargingstation 80 comprises ahousing 81 for containing the internal components of the charging station. The exterior of thehousing 81 has at least one, and preferably, a plurality of chargingports 82 formed therein that are sized and shaped to receive thetransfer probe 25 of thesecurity key 20, as previously described. At least onemagnet 85 is disposed within each chargingport 82 for securely positioning and retaining thetransfer probe 25 in electrical contact with the chargingstation 80. More particularly, the electrical contacts 36, 38 of the key 20 are retained within the chargingport 82 in electrical contact with themagnets 85 and a resilient “pogo”pin 86 made of a conductive material to complete an electrical circuit between the chargingstation 80 and thebattery 31 of the key. - As best shown in
FIG. 9B ,housing 81 is sized and shaped to contain a logic control circuit, or printed circuit board (PCB) 92 that is operatively coupled and electrically connected to themagnets 85 and thepogo pin 86 of each chargingport 82. Thepogo pin 86 is depressible to complete an electrical circuit as themagnets 85 position and retain the electrical contacts 36, 38 within the chargingport 82. In particular,magnets 85 make electrical contact with the outer ring electrical contact 36 of thetransfer probe 25 ofkey 20, whilepogo pin 86 makes electrical contact with inner ring electrical contact 38 of the transfer probe. When thepogo pin 86 is depressed and the electrical circuit between the chargingstation 80 and the key 20 is completed, the charging station recharges theinternal battery 31 of the key. As previously mentioned, chargingstation 80 may comprise an internal power source, for example, an extended-life replaceable battery or a rechargeable battery, for providing power to the key(s) 20 positioned within the charging port(s) 82. Alternatively, and as shown herein, thelogic control circuit 92 of the chargingstation 80 is electrically connected to an external power source by apower cord 90 having at least one conductor. Furthermore,logic control circuit 92 may be operable for deactivating the data transfer and power transfer functions of the programmableelectronic key 20, or alternatively, for activating the “time-out” feature of the key until it is reprogrammed or refreshed by theprogramming station 60. -
FIGS. 10-17B show another embodiment of a security system and method including a programmable key, a security device, a programming station, and a charging station according to various embodiments of the present invention. In this embodiment, the system and method comprise at least a programmable electronic key (also referred to herein as a security key) with inductive transfer, indicated generally at 120, and a security device with inductive transfer, indicated generally at 140, that is operated by the key 120. The programmableelectronic key 120 is useable with any security device or locking device, such as various types of server racks as discussed above, with inductive transfer capability that requires power transferred from the key to the device by induction, or alternatively, requires data transferred between the key and the device and power transferred from the key to the device by induction. Moreover, theelectronic key 120 may include the same or similar functionality of the key 20 discussed herein. - As illustrated in
FIG. 11 , the security system and method may further comprise a chargingstation 180 for initially charging and subsequently recharging a rechargeable battery disposed within thesecurity key 120 via inductive transfer. The chargingstation 180 comprises at least one chargingport 182 sized and shaped to receive asecurity key 120. If desired, each chargingport 182 may comprise mechanical or magnetic means for properly positioning and securely retaining the key 120 within the charging port. By way of example and without limitation, at least one, and preferably, a plurality of magnets (not shown) may be provided for positioning and retaining the key 120 within the chargingport 182 of the chargingstation 180. However, as will be described further with reference toFIG. 17B , it is only necessary that the inductive transceiver of thesecurity key 120 is sufficiently aligned with the corresponding inductive transceiver of the chargingstation 180 over a generally planar surface within the chargingport 182. Thus, magnets are not required (as with charging station 80) to position, retain and maintain electrical contacts provided on thesecurity key 120 in electrical contact with corresponding electrical contacts provided on the chargingstation 180. If desired, the chargingstation 180 may comprise an internal power source, for example, an extended-life replaceable battery or a rechargeable battery, for providing power to the key(s) 120 positioned within the charging port(s) 182. Alternatively, and as shown herein, chargingstation 180 may be operatively connected to an external power source by apower cord 190 having at least one conductor in a conventional manner. -
FIG. 12 shows thesecurity device 140 with inductive transfer in greater detail. In a particular embodiment, asecurity device 140 with inductive transfer according to the invention may both receive electrical power from thesecurity key 120 and communicate (e.g., transmit/receive) the SDC with the key by magnetic induction. - The
cabinet lock 140 comprises ahousing 141 sized and shaped to contain a logic control circuit (not shown) and an internal mechanical lock mechanism (not shown). Atransfer port 142 formed in thehousing 141 is sized and shaped to receive a transfer probe of thesecurity key 120, as will be described. If desired, thetransfer port 142 may comprise mechanical or magnetic means for properly positioning and securely retaining the key 120 within the transfer port. By way of example and without limitation, at least one, and preferably, a plurality of magnets (not shown) may be provided for positioning and retaining the key 120 within thetransfer port 142 of thecabinet lock 140. However, as previously described with respect to thesecurity key 120 and the chargingport 182 of the chargingstation 180, it is only necessary that the inductive transceiver of thesecurity key 120 is sufficiently aligned with the corresponding inductive transceiver of thecabinet lock 140 over a generally planar surface within thetransfer port 42. Therefore, magnets are not required to position, retain and maintain electrical contacts provided on thesecurity key 120 in electrical contact with corresponding electrical contacts provided on thecabinet lock 140. In the particular embodiment shown and described herein, data is transferred from thesecurity key 120 to thecabinet lock 140 by wireless communication, such as infrared (IR) optical transmission as shown and described in the aforementioned U.S. Pat. No. 7,737,843. Power is transferred from thesecurity key 120 to thecabinet lock 140 by induction across thetransfer port 142 of the cabinet lock using an inductive transceiver disposed within a transfer probe of the key that is aligned with a corresponding inductive transceiver disposed within the cabinet lock. For example, the transfer probe of thesecurity key 120 may comprise an inductive transceiver coil that is electrically connected to the logic control circuit of the key to provide electrical power from the internal battery of the key to an inductive transceiver coil disposed within thecabinet lock 140. The inductive transceiver coil of thecabinet lock 140 then transfers the electrical power from the internal battery of the key 120 to the mechanical lock mechanism disposed within thehousing 141 of the cabinet lock. As previously mentioned, the power transferred from the key 120 is used to unlock the mechanical lock mechanism, for example utilizing an electric motor, DC stepper motor, solenoid, or the like, so that thecabinet lock 140 can be removed from thearm 104 of thelock bracket 105. -
FIGS. 13-16 show the programmableelectronic key 120 with inductive transfer in greater detail. As previously mentioned, the key 120 is configured to transfer both data and power to asecurity device 140 that comprises an electronic lock mechanism and a mechanical lock mechanism. Accordingly, the programmableelectronic key 120 must be an active device in the sense that it has an internal power source sufficient to operate the mechanical lock mechanism of thesecurity device 140. As a result, the programmableelectronic key 120 may be configured to transfer both data and power from an internal source, such as a logic control circuit and a battery disposed within the key. The embodiment of the programmableelectronic key 120 depicted herein is a security key with inductive transfer capability configured to be received within the transfer port 145 of thecabinet lock 140 shown inFIG. 12 , as well as theprogramming port 62 of the programming station 60 (FIG. 2 ) and the chargingport 182 of the charging station 180 (FIG. 11 ). The programmableelectronic key 120 comprises a logic control circuit for performing a handshake communication protocol with the logic control circuit of theprogramming station 60 and for receiving the SDC from the programming station, as previously described. The logic control circuit of the programmableelectronic key 120 further performs a handshake communication protocol with the logic control circuit of thesecurity device 140 and transfers the SDC to the security device, as previously described. In a particular embodiment, asecurity key 120 with inductive transfer according to the invention may both transfer electrical power to asecurity device 140 and communicate the SDC with the security device by magnetic induction. - The programmable
electronic key 120 comprises ahousing 121 having an internal cavity or compartment that contains the internal components of the key, including without limitation the logic control circuit, memory, communication system and battery, as will be described. As shown, thehousing 121 is formed by alower portion 123 and anupper portion 124 that are joined together after assembly, for example by ultrasonic welding. The programmableelectronic key 120 further defines anopening 128 at one end for coupling the key to a key chain ring, lanyard or the like. As previously mentioned, the programmableelectronic key 120 further comprises atransfer probe 125 located at an end of thehousing 121 opposite theopening 128 for transferring data and power to thesecurity device 140. Thetransfer probe 125 is also operable to transmit and receive the handshake communication protocol and the SDC from theprogramming station 60, as previously described, and to receive power from the chargingstation 180, as will be described in greater detail with reference toFIG. 17A andFIG. 17B . -
FIG. 14 shows an embodiment of aninductive coil 126 having high magnetic permeability that is adapted to be disposed within thehousing 121 of theelectronic key 120 adjacent thetransfer probe 125. As shown herein, theinductive coil 126 comprises a highly magneticallypermeable ferrite core 127 surrounded by a plurality of inductive core windings 129. Theinductive core windings 129 consist of a length of a conductive wire that is wrapped around the ferrite core. As is well known, passing an alternating current through the conductive wire generates, or induces, a magnetic field around theinductive core 127. The alternating current in theinductive core windings 129 may be produced by connecting theleads electronic key 120 through the logic control circuit.FIG. 14 further shows aninductive coil 146 having high magnetic permeability that is adapted to be disposed within thehousing 141 of the security device (e.g., cabinet lock) 140 adjacent thetransfer port 142. As shown herein, theinductive coil 146 comprises a highly magneticallypermeable ferrite core 147 surrounded by a plurality ofinductive core windings 149 consisting of a length of a conductive wire that is wrapped around the ferrite core. Placing thetransfer probe 125 of theelectronic key 120 into thetransfer port 142 of thecabinet lock 140 and passing an alternating current through theinductive core windings 129 of theinductive core 126 generates a magnetic field within the transfer port of the cabinet lock in the vicinity of theinductive coil 146. As a result, an alternating current is generated, or induced, in the conductive wire of theinductive core windings 149 ofinductive coil 146 havingleads 149A and 149B connected to the logic control circuit of thecabinet lock 140. The alternating current induced in theinductive coil 146 of thecabinet lock 140 is then transformed into a direct current in a known manner, such as via a bridge rectifier on the logic control circuit, to provide direct current (DC) power to the cabinet lock. The DC power generated in thecabinet lock 140 by theinductive coil 126 of theelectronic key 120, may be used, for example, to unlock a mechanical lock mechanism disposed within thehousing 141 of the cabinet lock. - As best shown in
FIG. 16 , aninternal battery 131 and a logic control circuit, or printed circuit board (PCB) 132 are disposed within thehousing 121 of the programmableelectronic key 120.Battery 131 may be a conventional extended-life replaceable battery, but preferably, is a rechargeable battery suitable for use with the chargingstation 180. Thelogic control circuit 132 is operatively coupled and electrically connected to aswitch 133 that is actuated by thecontrol button 122 provided on the exterior of the key 120 through thehousing 121.Control button 122 in conjunction withswitch 133 controls certain operations of thelogic control circuit 132, and in particular, transmission of the data (e.g., handshake communication protocol and SDC) between the key and theprogramming station 60, as well as between the key and thesecurity device 140. In that regard, thelogic control circuit 132 is further operatively coupled and electrically connected to acommunication system 134 for transferring the handshake communication protocol and SDC data. As shown and described herein, thecommunication system 134 is a wireless infrared (IR) transceiver for optical transmission of data between the programmableelectronic key 120 and theprogramming station 60, and between the key and thesecurity device 140. As a result, thetransfer probe 125 of the key 120 is provided with an optically transparent ortranslucent filter window 135 for emitting and collecting optical transmissions between the key 120 and theprogramming station 60, or between the key and thesecurity device 140, as required.Transfer probe 125 further comprises inductive coil 126 (FIG. 14 ) comprisinginductive core 127 andinductive core windings 129 for transferring electrical power to thesecurity device 140 and/or receiving electrical power from the chargingstation 180 to charge theinternal battery 131, as required. Accordingly, theleads FIG. 14 ) of theinductive coil 126 are electrically connected to thelogic control circuit 132, which in turn is electrically connected to thebattery 131, in a suitable manner, for example by conductive insulated wires or plated conductors. Alternatively, theoptical transceiver 134 may be eliminated and data transferred between the programmableelectronic key 120 and thesecurity device 140 via magnetic induction through theinductive coil 126. - As noted above, one aspect of a programmable
electronic key 120 according to the present invention, especially when used for use in conjunction with asecurity device 140 as described herein, is that the key does not require a physical force to be exerted by a user on the key to operate the mechanical lock mechanism of the security device. In addition, there is no required orientation of thetransfer probe 125 of the programmableelectronic key 120 relative to the chargingport 182 of the chargingstation 180 or thetransfer port 142 of thesecurity device 140. Accordingly, any wear of the electrical contacts on thetransfer probe 125, the chargingport 182 or thetransfer port 142 is minimized. As a further advantage, an authorized person is not required to position thetransfer probe 125 of the programmableelectronic key 120 in a particular orientation relative to thetransfer port 142 of thesecurity device 140 and thereafter exert a compressive and/or torsional force on the key to operate the mechanical lock mechanism of the device. -
FIG. 17A andFIG. 17B show charging station 180 with inductive transfer capability in greater detail. As previously mentioned, the chargingstation 180 recharges theinternal battery 131 of thesecurity key 120. In certain instances, the chargingstation 180 also deactivates the data transfer and/or power transfer capability of the key 120 until the key has been reprogrammed with the SDC by theprogramming station 60. Regardless, the chargingstation 180 comprises ahousing 181 for containing the internal components of the charging station. The exterior of thehousing 181 has at least one chargingport 182 formed therein that are sized and shaped to receive thetransfer probe 125 of a programmableelectronic key 120. As previously described, mechanical or magnetic means may be provided for properly positioning and securely retaining thetransfer probe 125 within the chargingport 182 such that theinductive coil 126 is in alignment with a corresponding inductive coil 186 (FIG. 17B ) disposed within thehousing 181 of the chargingstation 180 adjacent the charging port. As will be readily understood and appreciated, theinductive coil 186 adjacent the chargingport 182 of the chargingstation 180 generates, or induces, an alternating current in the conductive wire of theinductive core windings 129 ofinductive coil 126 that in turn provides DC power (for example, via a bridge rectifier on the logic control circuit 132) to charge thebattery 131 of the programmableelectronic key 120. - As best shown in
FIG. 17B ,housing 181 is sized and shaped to contain a logic control circuit, or printed circuit board (PCB) 192 that is electrically connected and operatively coupled to aninductive coil 186 adjacent each of the chargingports 182. In the manner previously described with respect toinductive coli 126 andinductive coil 146, eachinductive coil 186 comprises aninductive core 187 surrounded by a plurality ofinductive core windings 189 formed by a conductive wire having a pair of leads (not shown). When an alternating current is passed through the conductive wire of theinductive core windings 189 with thetransfer probe 125 of the programmableelectronic key 120 disposed in the chargingport 182 of the chargingstation 180, theinductive coil 186 generates a magnetic field that induces an alternating current in the conductive wire of theinductive core windings 129 of theinductive coil 126 of the key. The alternating current in theinductive coil 126 is then transformed into DC power to charge theinternal battery 131 of the programmableelectronic key 120. As previously mentioned, chargingstation 180 may comprise an internal power source, for example, an extended-life replaceable battery or a rechargeable battery, for providing power to the key(s) 120 positioned within the charging port(s) 182. Alternatively, and as shown herein, thelogic control circuit 192 of the chargingstation 180 is electrically connected to an external power source by apower cord 190 having at least one conductor. Furthermore,logic control circuit 192 may be operable for deactivating the data transfer and/or power transfer functions of the programmableelectronic key 120, or alternatively, for activating the “timing out” feature of the key until it is reprogrammed or refreshed by theprogramming station 60. - In some embodiments, each
electronic key more security devices programming station 60 or other back-end device. Thus, the data transfer may occur in predetermined time intervals or in real time or automatically in some embodiments. In some cases, theprogramming station 60 may be configured to store the data and transfer the data to a remote location or device. Authorized personnel may use this data to take various actions, such as to audit and monitor key user activity,audit security devices 40, 140 (e.g., ensure the security devices are locked), etc. Moreover, such information may be requested and obtained on demand, such as from theprogramming station 60 and/or a remote device. - In other embodiments, the
electronic key security device security device electronic key 20, 120 (e.g., key identification, time of communication, etc.), and when a subsequent electronic key communicates with the same security device, the data is transferred to the electronic key. Thus, thesecurity device security device electronic key electronic key electronic key programming station 60 may allow data to be pulled from the electronic key and communicated, such as to a remote location or device. In other cases, theelectronic key security devices electronic key programming station 60. As such, theelectronic keys merchandise security devices security devices - In another embodiment, each
electronic key more security devices security device security device electronic keys security devices 40, 140 (e.g.,user 1 includesserial numbers user 2 includesserial numbers 1, 4, 5). Each of theelectronic keys programming station 60. In order to lock or unlock amerchandise security device electronic key electronic key security device - According to another embodiment,
FIG. 18 illustrates asystem 200 comprising aserver rack 202 and alock 240. In this example, theserver rack 202 includes acabinet 204 and adoor 206 pivotably attached to the cabinet, although other types of server racks and fixtures may be used. Thelock 240 is configured to lock thedoor 206 to thecabinet 204 such that the door is incapable of being opened when the lock is locked but is able to be opened when the lock is unlocked. In this embodiment, thelock 240 may includes a latch that is configured to engage thecabinet 204 to prevent thedoor 206 from opening when locked. The latch may be any suitable mechanism configured to move between an engaged position with thecabinet 204 and a disengaged position whereby the latch is no longer in engagement with the cabinet. - In some embodiments, the
lock 240 is configured to operate according to the various embodiments discussed above for thesecurity devices lock 240 may be an electronic lock configured to be controlled by a key 20, 120 using power and/or data communication using various communication protocols. In the illustrated embodiment, thelock 240 may include atransfer port 242 that is configured to facilitate communication with a key 20, 120 as disclosed above. In other embodiments, thelock 240 may be configured to be operated using a combination of electrical and mechanical interaction. - In other embodiments, the key 20, 120 may be used for ensuring chain of custody. For example, the key 20, 120 may be configured to scan the rack or hardware contained within the rack (e.g., servers or hard drives). For example, each drive could have an NFC label attached thereto (or any other of a number of devices to be identified), and the key 20, 120 may be configured to read data on the NFC label. Scanning the NFC label may result in the key 20, 120 storing information stored on the label which may in turn be stored in the key for auditing purposes. When the technician opens the
door 206, they may also be required to scan the drive they are removing, which could likewise be stored on the key 20, 120. In the event the server drives are to be destroyed, the key 20, 120 may also be configured to scan the drives at the destruction point for storing additional audit data. Thus, the key 20, 120 can facilitate acquiring more data about when and who accessed a drive, leading to a chain of custody for that drive. - In additional embodiments, the
system 200 may include a security device to detect unauthorized access to aserver rack 202. In one example, the security device may be configured to detect removal of a drive contained within theserver rack 202. - In some embodiments, the
security system 200 may include wireless communications for facilitating communication between its various components (e.g.,electronic locks 254, programming stations, and/orkeys 20, 120) and/or one or moreremote devices 250. For example,FIG. 19 shows that the security system may include amonitoring device 252 configured to communicate with one or more electronic locks, keys, and aremote device 250. Themonitoring device 252 may be any device (e.g., a controller, hub, gateway, computer, server, and/or cloud device) configured to communicate with one or more electronic locks and/or keys. For instance, themonitoring device 252 may be a hub configured to communicate with a plurality of electronic locks and/or keys. In other cases, themonitoring device 252 may be a computer (e.g., tablet, laptop, or desktop computer) that is configured to communicate with one or more electronic locks and/or keys and/or one ormore hubs 256 to facilitate data transfer. It is understood that any number ofmonitoring devices 252 may be employed in the system. The electronic locks, keys, and/or themonitoring device 252 may include wireless communications circuitry for communicating with one another using any desired communications protocol (e.g., Bluetooth, LoRa, Wi-Fi, radiofrequency, etc.). The electronic locks, keys, andmonitoring device 252 may be located remotely from one another (e.g., the electronic locks may be located in a data center, while the monitoring device may be at a location that is not in the data center). In some cases, themonitoring device 252 may be located at some fixed location in proximity to one or more electronic locks (e.g., attached to a server rack). In other instances, the electronic locks and/or keys and themonitoring device 252 may communicate over a cloud network. In some embodiments, the electronic locks and the monitoring device 18 are electrically connected via hard wiring, and the monitoring device may have wireless communications circuitry for communicating with other monitoring devices orremote devices 250. - The
monitoring device 252 may further be configured to facilitate communication with one or more remote devices 250 (e.g., a smartphone or tablet) for providing notification regarding various events and/or providing data. For example, data such as a time, date, server ID, lock ID, key ID, user, etc. of access may be stored by the locks and/or keys and communicated between the electronic locks, keys, and/or monitoring devices to the remote device 250 (e.g., an authorized access attempt). Such communication could occur, for instance, over one or more wireless communication protocols. For instance, a private local network may be used to facilitate communication between the electronic locks, keys, and a monitoring device 18 (e.g., via the LoRa network), and a public network could be used for communication with the remote device 250 (e.g., via a cloud network). In other embodiments, the electronic locks and/or themonitoring device 252 may be configured to generate an alarm signal should an unauthorized access attempt be detected. In some embodiments, reports may be generated at theremote device 250 which may be used to collect and manage data regarding each of the electronic locks and/or keys. - It is generally understood that data centers may use data or media drives (e.g., USB, SD, Compact Flash, or SSD) to transfer software, firmware, code and other digital data between computer systems including various components. These drives are often one-time use in that they are destroyed at the end of the process so that there is minimum opportunity for the data on them to be intercepted by nefarious actors. There are several current issues with this process, one of which is that data drives are often small and not suited to be used in the destruction devices used on typical hard drives. For example, the hard drive may be placed on a conveyor belt for purposes of drive destruction that may have gaps that a data drive could fall through. Often the hard drives have a bar code or QR code that is scanned to confirm destruction. A data drive is small and may not have sufficient space for a code that is easily read by the scanners. Also, intermediate storage, such as from the server rack to the destruction machine, might be set up to accommodate typical hard drive sizes, but not smaller data drives. Thus, there exists a need for a data drive to work within the parameters of these existing destruction systems.
-
FIGS. 31-34 show various embodiments of aUSB drive 300. In some embodiments, the size of the USB drive 300 (or other media device or drive) matches the size of a typical solid-state drive (SSD) drive, which is the most commonly used in rack systems and destruction machines. These SSD cases are approximately 100×70×15 (mm), but other sizes could be viable depending on the machine in use. Thus, theUSB drive 300 may include a case or housing that is the same or substantially similar to the size of a conventional SSD drive. Ensuring that theUSB drive 300 is the same size as an SSD case allows the USB drive to be handled in the same manner as SSD drives are typically handled and with at least the same level of security. In some cases, theUSB drive 300 may be housed or integrated with an SSD case in order to maintain the ability to plug the USB connector into a wide variety of devices. It may not be viable to simply put a connector on the side of this SSD case, although this may be done in some cases. In one embodiment, aUSB connector 302 is coupled to theUSB drive 300, such as via a short cable having a connector extending from the case. In one example, thisconnector 302 may be configured to be removably engaged with thedrive 300 such that it does not increase the overall dimensions of the case. For instance, theUSB drive 300 may include a slot orother recess 304 configured to receive theconnector 302 and associated cable therein (e.g., compareFIG. 31 toFIG. 33 ). In other cases, theUSB connector 302 may be configured to move relative to the SSD case between a retracted position relative to the case and an extended position relative to the case to thereby allow connection to the computer system. In one embodiment, the USB electronic components are disposed inside the USB drive, not on the outside of the case or in the connector at the end of the cable. - Another possible issue with current techniques for use of USB drives is data security of USB drives while in the possession of a technician performing maintenance at the data center. A USB drive is very easily plugged into any computer system, and there are even small handheld devices that can copy the data of a USB drive easily. In an ideal implementation, the USB drive would be inaccessible by anyone other than the technician, and the technician would also be tracked as to when he/she was moving data to and from the drive.
- Data security of the USB drives can be addressed in different ways. In one embodiment, the
USB drive 300 may be mechanically disabled. This can be done by preventing theUSB connector 302 from communicating to the USB components inside the SSD case. This may be accomplished by a cutting device on a slider that the technician could use once the job is complete. The slider could cut anywhere along the electric path from the USB connector the PCB inside the case thereby eliminating any communication between the USB connector and the PCB. The cutter could also cut through a pathway on the PCB to break the connection. Finally, the slider may be configured to move into contact with a location on the circuit board to create a short and thereby render the USB drive useless. The slider may have a one-way latch or mechanism that once moved into position, it could not be physically moved back to its initial position. - In other embodiments, techniques may be used destroy the USB drive's 300 circuit with electricity. For instance, a fuse could be used on one of the circuit lines on the PCB of the USB drive that will blow when a high voltage is applied to it. Alternately, voltage that is above specification could be applied directly to the pins of a microchip, causing it to burn up. There are several ways this power could be applied. The
USB connector 302 could be configured to connect to a special device that delivers high current through the connector. Alternately, power could be delivered wirelessly from a device (e.g., through a pick-up coil). In order to not have accidental destruction, a two-factor intent would be beneficial. For example, pushing a button on theUSB drive 300 or other actuator while presenting the voltage injection could be used for such a purpose. - In another embodiment of the invention, the
USB drive 300 is incapable of being used by the technician until the USB drive is successfully activated or otherwise authenticated. In one example, a security key may be used to activate a USB drive. A mechanical key could be used in some cases, but an electronic key may have additional benefits. The electronic key may take many different forms such as those discussed above, as well as an RFID badge, an NFC reader, a device with IR transceivers, etc. In one example, an NFC reader is configured to communicate an activation signal. This activation signal could be writing a bit to the NFC tag, or a wireless or wireless signal delivered directly to the USB components within the USB drive. In this example, each USB drive may have an NFC tag with a unique serial number or other identifier. - As noted above, the key may be electronic key 20, 120. The
electronic key USB drive 300 is plugged into a port of the server component and receives power, theelectronic key USB drive 300 may then latch “ON” so long as it remains powered.FIG. 32 shows various modes of operation where the USB drive is disabled, then authenticated for use, and then subsequently disabled. Alternatively, the key 20, 120 may be presented to theUSB drive 300 prior to connection with the port of the server component in order to enable the USB drive. When theUSB drive 300 is unplugged from the USB port, it may be configured to automatically return to a disabled mode. Thus, the technician would be required to authenticate theUSB drive 300 at every computer component the drive is connected into. In addition to authentication, theelectronic key identifier 308 such as a UPC code) from the drive and then deliver that information along with the identity of the key owner to aremote device 250. In this way, the user of thedrive 300 can be tracked and audited at every usage. In some cases, theUSB drive 300 may include aseal 306 or the like that is configured to be removed prior to use and accessing the connector 302 (see, e.g.,FIG. 33 ) so that the technician knows that the USB drive is unused. Because the computer systems within the data center are also connected, the USB connection can be confirmed on both sides of the transaction (i.e., by theelectronic key drive 300 was plugged into). Thus, any nefarious behavior can quickly be discovered. If, for example, anelectronic key drive 300 was authenticated and in use, but the component did not report being connected to the drive, the implication is that the drive was plugged into an unauthorized device and thus the data may have been compromised. Various forms of authentication between theUSB drive 300 and theelectronic key electronic key USB drive 300 may include atransfer port electronic key - As noted above, various components within a data center may be destroyed to prevent authorized access to such components and data stored thereon. For instance, conventional destruction may occur by physically destroying the components. However, there is no definitive way to confirm that the components have indeed been destroyed and what happened prior to destruction since it is a technician who is tasked with destroying the components without any accurate chain of custody. In the embodiments discussed where a key is required to enable a USB drive for use, destruction may not be required since the USB drive is unusable without a key. In other embodiments, chain of custody may be improved by employing
lockable enclosures 400 or secure sleeves for enclosingmedia 410 and that may include an identifier 402 (e.g., QR code) (see, e.g.,FIGS. 20-30 ). For example, thelockable enclosures 400 may have a one-way latch 404 that prevents the enclosures from being unlocked after the latch is moved to a latched position. It is understood that the one-way latch 404 may take many forms, such as that shown inFIGS. 35-38 , or alternatively any number of engagement members (e.g., one-way snaps, detents, or the like) that preventmedia 410 from being removed once received by thelockable enclosure 400. For example, the one-way latch 404 may include one ormore engagement members 408 configured to engage with one another when the latch is closed, such as by rotating relative to one another from an open position to a closed, engaged position. In other examples, thelockable enclosure 400 may be configured to receive themedia 410 in such a way that the media cannot be removed without damaging or destroying the lockable enclosure and/or media. - Moreover, the
identifier 402 may also take many forms, such as a label with a QR or UPC code, which may be placed over the one-way latch (see, e.g.,FIG. 37 ). Thus, identifier may be located in such a way that attempting to open the one-way latch 404 may damage the identifier. Theidentifier 402 may only be accessible when thelockable enclosure 400 is successfully latched in some embodiments (e.g., compareFIG. 26 toFIG. 27 ). In other cases, a key 20, 120 may be used to lock the enclosure, or aremote device 250 in other embodiments. Theidentifier 402 of each of thelockable enclosure 400 and the media 410 (e.g., SSD or USB drive) may then be required to be scanned or photographed together before the lockable enclosure is confirmed as being secure and ready to be destroyed (see, e.g.,FIG. 28 ). If themedia 410 is moved to a differentlockable enclosure 400, scanning the enclosure'sidentifier 402 and the media'sidentifier 402 may reveal that a possible tamper has taken place (see, e.g.,FIG. 30 ). In one embodiment, thelockable enclosures 400 may be required to be inserted within a secure bin 406 (see, e.g.,FIG. 20 ). Thissecure bin 406 may include access control as well, such as to log when a particularlockable enclosure 400 is inserted therein. In some instances, thelockable enclosures 400 are single use and may be destroyed along with themedia 410. In other cases, thelockable enclosures 400 may be “smart” and reusable, such as where the enclosures are configured to communicate with anelectronic key lockable enclosure 400 may be configured to be unlocked to remove themedia 410 at the time of destroying the media. In some cases, a scanner station may be used to unlock thelockable enclosure 400, remove themedia 410, and destroy the media. -
FIG. 39 illustrates another embodiment of alockable enclosure 500, sometimes referred to as a secure sleeve or case. In general, thelockable enclosure 500 is configured to retain a new data or media drive prior to the old data drive being discarded with the lockable enclosure. For example, the old data drive 504 may be a drive removed from a server rack that is to be replaced with a new data drive 506. Thelockable enclosure 500 may be configured to operate in a one-in-one-out fashion such that a new data drive cannot be accessed until the old data drive is secured within the enclosure. Thus, in some embodiments, the new data drive cannot be dispensed until the old data drive is secure. This one-in-one-out configuration may also allow the technician to easily determine which data drive is old and which is new.FIG. 39 illustrates that thelockable enclosure 500 includes a housing that contains alatch 502 configured to slide or otherwise move within the housing. Thelockable enclosure 500 may house thelatch 502 therein such that the latch is unable to be removed. Thelockable enclosure 500 may be formed of a clear polymeric material (e.g., polycarbonate) and may be formed of one or more components, such as an upper housing and a lower housing that are attached to one another, such as in a permanent manner (e.g., via ultrasonic welding). ComparingFIGS. 41 and 42 (a portion of the housing has been removed for illustration), it is shown that thelatch 502 may be configured to slide between a first position for receiving a data drive and a second position within thelockable enclosure 500 for dispensing a data drive. - In one embodiment, the
latch 502 may be configured to receive anold data drive 504 therein (seeFIG. 44 ), and thelockable enclosure 500 may be configured to house a new data drive 506 therein (seeFIG. 43 ). Thus, thelockable enclosure 500 may include a new data drive 506 that is already present, which may for example be provided during manufacturing and assembly of the lockable enclosure. Thelatch 502 may include one or more flexible members 508 (e.g., a pair) configured to be biased or flexed when the old data drive 504 is inserted therein. Theflexible members 508 may include tines or likeengagement members 510 at a free end thereof that are configured to align with and engage one or more corresponding slots orchannels 512 defined in thelockable enclosure 500. In this way, theengagement members 510 are configured to slide within theslots 512. In some cases, theengagement members 510 may be incapable of engaging theslots 512 until a data drive has been inserted within thelatch 502. Thus, thelatch 502 may be incapable of sliding within thelockable enclosure 500 until a data drive is inserted. For example, insertion of anold data drive 504 within thelatch 502 may cause theflexible members 508 to bias outwardly to align theengagement members 510 with theslots 512 when a data drive with the appropriate width is inserted therein. In certain aspects, thelatch 502 may be capable of sliding in only one direction and cannot be slid in an opposite direction. Thelockable enclosure 500 may include one ormore ribs 514 that are configured to block thelatch 502 from sliding in an opposite direction. As such, embodiments of the present invention may provide features that make defeating thelockable enclosure 500 difficult, such as attempted picking of the lockable enclosure. In this example, two tools would be needed to engage theflexible members 508 so as to align them with the slots 5120 to defeat thelockable enclosure 500 which may be difficult to accomplish. -
FIG. 43 shows an example of a new data drive 506 positioned within thelockable enclosure 500. Thelockable enclosure 500 may define anopening 516 configured to receive anold data drive 504 therein. As shown, theopening 516 may be defined in a top surface of thelockable enclosure 500 and sized to receive the old data drive 504 and facilitate engagement with thelatch 502. When the old data drive 504 is inserted, a user is able to push thelatch 502 in a direction towards the new data drive 506. As thelatch 502 progresses within thelockable enclosure 500, the new data drive 506 is pushed out of anopening 522 defined in the lockable enclosure (see.FIG. 45 ). For instance, as shown, the end of thelockable enclosure 500 may define anopening 522 that is sized to allow the new data drive 506 to fit through the opening. As noted above, thelatch 502 cannot be reversed and moved in an opposite direction. Moreover, thelatch 502 may be configured to surround the data drive 504 such that any electrical contacts or pins on the data drive are incapable of being accessed once the data drive is inserted therein. In this way, the contacts of the data drive 504 cannot be accessed by an unauthorized person. Once the new data drive 506 has been removed (seeFIG. 46 ), the old data drive 504 is retained within thelockable enclosure 500 and cannot be removed without damaging the enclosure. In some cases, thelockable enclosure 500 and old data drive 504 retained therein may be destroyed as discussed above. The old data drive 504 may be held in place within thelockable enclosure 500 by any number of means, such as for example, a friction fit, crush ribs, breakable tines or any other means that prevents the data drive from being removed. In some instances, the old data drive 504 may be recessed into thelockable enclosure 500, and the lockable enclosure may have a tight fit around the data drive such that it is difficult to access or remove the data drive using tools or fingers or by impact to the outside of the enclosure. In some embodiments, sliding thelatch 502 from the first position to the second position may reveal a UPC, QR, barcode, serial number, or likeidentifier 518 for identifying the lockable enclosure 500 (seeFIG. 46 ) and in some cases correlating the lockable enclosure with the old data drive 506 for chain of custody, as described above. - Although embodiments of the present invention describe a
latch 502 that is configured to slide within thelockable enclosure 500, it is understood that different configurations may be employed utilizing a one-in-one-out feature. For example,FIG. 40 shows an embodiment of alockable enclosure 500 that employs acam 520 configured to rotate. Thus, in some cases, the latch may be a cam or other rotatable mechanism. In this design, thecam 520 may be configured to rotate by the act of inserting theold data drive 504, and the rotation would cause the new data drive 506 to be dispensed. Similar to the embodiments disclosed above, a latch with engagement members may be configured to prevent the cam from rotating unless a data drive with the correct width is inserted into the lockable enclosure. Moreover, it is understood that any number of types and sizes of data drives may be used in different embodiments. For instance,FIG. 40 illustrates that rather than an old data drive and a new data drive being positioned end-to-end to one another, the drives could be configured to be placed such that one data drive overlies the other data drive or that the drives are configured to slide relative to one another in an overlying manner. -
FIGS. 47-50 illustrate additional embodiments of the present invention. In this regard,FIG. 47 shows an embodiment of a lockable enclosure suitable for a compact flash drive,FIG. 48 shows an embodiment of a lockable enclosure suitable for an SD card,FIG. 49 shows an embodiment of a lockable enclosure suitable for a SSD drive, andFIG. 50 shows an embodiment of a lockable enclosure suitable for an USB drive.FIGS. 47-48 include features similar to thelockable enclosure 500 described above with respect to the embodiments ofFIGS. 41-46 . Thus, embodiments of lockable enclosures are configured to use with any number of desired media. -
FIG. 49 illustrates an alternative embodiment for alockable enclosure 600. In this embodiment, thelockable enclosure 600 may also operate similar to that described above (i.e., one-in-one out) but is configured for use with larger data drives without necessarily increasing the size of the lockable enclosure. Thelatch 602 may be configured to engage one ormore engagement members 604 on the data drive 506 itself (e.g., holes defined on opposite sides of an SSD drive). Thus, thelatch 602 may includeengagement members 606 that are configured to engage theengagement members 604 of the data drive 506. As before, when anold data drive 504 is inserted within the housing, thelatch 602 is configured to move within the housing to dispense the new data drive 506. In some cases, thelatch 602 includes a pair ofmovable members 608 that are configured to move when anold data drive 504 is inserted within the housing. Themovable members 608 may be spring biased towards an engaged position with the data drive 506 in some instances. Theengagement members 606 may be operably engaged with themovable members 608 such that as the old data drive 504 is inserted within the housing, the movable members move to disengage theengagement members engagement members latch 602 and the housing. In some embodiments, thelatch 602 may be configured to engage theengagement members 604 of the data drive 504 when the data drive is inserted within the housing so that the old data drive is incapable of being backed out or otherwise removed from the housing. In some cases, themovable members 608 may be configured to pivot between engaged and disengaged positions with the new data drive 506, such as via sliding of thelatch 602 relative to the housing as the old data drive 506 is inserted within the housing. In other embodiments, themovable members 608 may be flexible and configured to flex between engaged and disengaged positions. - Moreover,
FIG. 50 shows an embodiment of alockable enclosure 700. In this embodiment, the data drive 702 may be configured to be housed within the housing in a first position in which the data drive is able to be removed. Thus, a user is able to freely remove the data drive 702 for use. In addition, the data drive 702 may be tethered to the housing, such as via acable 704, wire, or the like. For example, acable 704 may be attached to the data drive 702 at one end and attached to the housing at an opposite end. When the data drive 702 is ready to be discarded, the data drive 702 is configured to be reinserted within the housing in a second position. The second position may be a different position than the first position, e.g., the data drive may sit lower within the housing in the second position compared to the first position. In the second position, alatch 706 is configured to be moved to secure the data drive 702 within the housing. In some cases, thelatch 706 is incapable of being moved relative to the housing when the data drive 702 is in the first position. Thus, in the second position, the data drive 702 may be incapable of being removed from the housing without damaging thelockable enclosure 700 or the data drive. Moreover, in some cases, thelatch 706 may be a one-way latch that is incapable of being moved back to reveal the data drive 702 once in the second position. - Embodiments of the present invention may utilize similar technology as that disclosed in PCT Publication No. WO 2020/227513, U.S. Pat. No. 11,361,635, PCT Publication No. WO 2022/027021, U.S. Publ. No. 2022/0166785, International Appl. No. PCT/US2021/064837, U.S. Provisional Appl. No. 63/059,280, U.S. Provisional Appl. No. 63/187,747, and U.S. Provisional Appl. No. 63/131,887, the contents of which are each hereby incorporated by reference in their entirety herein.
- The foregoing has described several embodiments of systems, devices, locks, keys, devices, lockable enclosures, computer storage mediums, and methods. Although embodiments of the present invention have been shown and described, it will be apparent to those skilled in the art that various modifications thereto can be made without departing from the spirit and scope of the invention. Accordingly, the foregoing description is provided for the purpose of illustration only, and not for the purpose of limitation.
Claims (22)
1. A lockable enclosure for a data drive, the lockable enclosure comprising:
a housing; and
a latch contained within the housing and configured to engage a first data drive in a first position, wherein the latch is configured to move within the housing to a second position for securing the first data drive within the housing such that the first data drive is incapable of being removed from the housing in the second position.
2. The lockable enclosure of claim 1 , wherein the latch is configured to slide within the housing from the first position to the second position.
3. The lockable enclosure of claim 1 , wherein the latch is configured to move in only one direction within the housing.
4. The lockable enclosure of claim 1 , wherein the latch is configured to move within the housing only when the latch is engaged the first data drive.
5. The lockable enclosure of claim 1 , wherein the latch is configured to receive the first data drive for moving the first data drive within the housing.
6. The lockable enclosure of claim 5 , wherein the latch comprises at least one flexible member configured to be biased in response to receiving the first data drive.
7. The lockable enclosure of claim 6 , wherein the at least one flexible member comprises an engagement member, and wherein the housing comprises at least one slot configured to align with the engagement member when the latch receives the first data drive therein.
8. The lockable enclosure of claim 7 , wherein the latch comprises a pair of flexible members and associated engagement members, and wherein the housing comprises a pair of corresponding slots.
9. The lockable enclosure of claim 1 , wherein the latch is configured to rotate within the housing.
10. The lockable enclosure of claim 1 , wherein the first data drive is incapable of being removed from the housing in the second position without damaging or destroying the housing.
11. The lockable enclosure of claim 1 , wherein the first data drive comprises a solid-state drive.
12. The lockable enclosure of claim 1 , further comprising an identifier for identifying the lockable enclosure, and wherein the identifier is only visible when the latch has been moved to the second position.
13. The lockable enclosure of claim 1 , wherein the housing is configured to house a second data drive while the latch is in the first position, and wherein the latch is configured to move within the housing for dispensing the second data drive from the housing while the first data drive remains secured therein.
14. The lockable enclosure of claim 13 , wherein the housing defines a second opening, and wherein the second data drive is configured to be dispensed from the housing through the second opening.
15. The lockable enclosure of claim 13 , wherein in the first position, the second data drive is inaccessible, and wherein in the second position, the second data drive is accessible.
16. The lockable enclosure of claim 13 , wherein the second data drive is secured within the housing prior to the latch engaging the first data drive.
17. The lockable enclosure of claim 1 , wherein the latch is configured to at least partially surround the first data drive.
18. The lockable enclosure of claim 1 , wherein the latch comprises a pair of flexible members each configured to engage the first data drive.
19. The lockable enclosure of claim 1 , further comprising one or more ribs provided on the housing configured to block the latch from sliding from the second position to the first position.
20. A method for securing and dispensing data drives, the method comprising:
providing a housing containing a latch;
inserting a first data drive within the housing such that the latch engages the first data drive in a first position; and
moving the latch within the housing to a second position for securing the first data drive within the housing such that the first data drive is incapable of being removed from the housing in the second position.
21. The method of claim 20 , where providing comprises providing the housing containing a second data drive.
22. The method of claim 21 , wherein moving comprises moving the latch within the housing for dispensing the second data drive from the housing while the first data drive remains secured therein.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US18/230,408 US20230380087A1 (en) | 2021-06-22 | 2023-08-04 | Data center security systems and devices |
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202163213538P | 2021-06-22 | 2021-06-22 | |
US202163216255P | 2021-06-29 | 2021-06-29 | |
US202163229126P | 2021-08-04 | 2021-08-04 | |
US202163237400P | 2021-08-26 | 2021-08-26 | |
US17/845,075 US11758669B2 (en) | 2021-06-22 | 2022-06-21 | Data center security systems and devices |
US18/093,582 US11864335B2 (en) | 2021-06-22 | 2023-01-05 | Data center security systems and devices |
US18/230,408 US20230380087A1 (en) | 2021-06-22 | 2023-08-04 | Data center security systems and devices |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/093,582 Continuation US11864335B2 (en) | 2021-06-22 | 2023-01-05 | Data center security systems and devices |
Publications (1)
Publication Number | Publication Date |
---|---|
US20230380087A1 true US20230380087A1 (en) | 2023-11-23 |
Family
ID=84489647
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/845,075 Active US11758669B2 (en) | 2021-06-22 | 2022-06-21 | Data center security systems and devices |
US18/093,582 Active 2042-08-09 US11864335B2 (en) | 2021-06-22 | 2023-01-05 | Data center security systems and devices |
US18/230,408 Pending US20230380087A1 (en) | 2021-06-22 | 2023-08-04 | Data center security systems and devices |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/845,075 Active US11758669B2 (en) | 2021-06-22 | 2022-06-21 | Data center security systems and devices |
US18/093,582 Active 2042-08-09 US11864335B2 (en) | 2021-06-22 | 2023-01-05 | Data center security systems and devices |
Country Status (2)
Country | Link |
---|---|
US (3) | US11758669B2 (en) |
WO (1) | WO2022271653A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11849561B2 (en) | 2021-12-22 | 2023-12-19 | In Vue Security Products Inc. | Data center security systems and devices |
US11790954B1 (en) * | 2022-09-26 | 2023-10-17 | ZT Group Int'l, Inc. | Carrier for hard drive |
Family Cites Families (51)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SE506232C2 (en) | 1993-11-29 | 1997-11-24 | Mw Trading Aps | anti-theft |
US5509528A (en) | 1994-11-16 | 1996-04-23 | Alpha Enterprises, Inc. | Display package |
US5598728A (en) | 1995-03-03 | 1997-02-04 | Autronic Plastics, Inc. | Security case |
GB9605175D0 (en) | 1996-03-12 | 1996-05-15 | Entertainment Uk Ltd | Improvements in or relating to securing apparatus |
US5636737A (en) | 1996-07-26 | 1997-06-10 | Alpha Enterprises, Inc. | Video cassette shipping container |
US5782350A (en) | 1997-02-19 | 1998-07-21 | Alpha Enterprises, Inc. | Magnetic locking mechanism for a security package |
US5762187A (en) | 1997-08-05 | 1998-06-09 | Alpha Enterprises, Inc. | Security container |
US6672455B2 (en) | 1998-01-29 | 2004-01-06 | Nexpak Corporation | Lockable media storage box with lock and key |
PL190461B1 (en) | 1998-01-29 | 2005-12-30 | Necchi Srl | Theft preventing display case in particular for displaying compact discs, video cassettes, magnetic sound recording tape cassettes and the like |
US6601701B1 (en) | 1998-01-29 | 2003-08-05 | Nexpak Corporation | Lockable media storage box with lock and key |
US6598742B1 (en) | 1998-01-29 | 2003-07-29 | Nexpak Corporation | Lockable media storage box with lock and key |
US6474470B2 (en) | 1998-01-29 | 2002-11-05 | Nexpak Corporation | Lockable media storage box with lock and key |
US6354435B1 (en) | 1998-04-01 | 2002-03-12 | Nexpak Corporation | Storage container for recorded media |
US6196384B1 (en) | 1998-04-01 | 2001-03-06 | Alpha Enterprises, Inc. | Storage container for recorded media |
GB9908080D0 (en) | 1999-04-09 | 1999-06-02 | Broadhead Robert M | Apparatus |
AU8034900A (en) | 1999-08-27 | 2001-03-26 | Alpha Security Products, Inc. | Security container having mechanical and magnetic locking mechanism |
US7257971B2 (en) | 2000-07-31 | 2007-08-21 | Autronics Plastics Inc. | Case with internal lock |
US6561347B1 (en) | 1999-11-02 | 2003-05-13 | Autronic Plastics, Inc. | Case and lock with improved disc protection |
WO2002002895A2 (en) | 2000-06-30 | 2002-01-10 | Alpha Security Products, Inc. | Security storage container |
AU2001280614A1 (en) | 2000-07-18 | 2002-01-30 | Nexpak Corporation | Storage container for recorded media |
US6688463B2 (en) | 2000-11-07 | 2004-02-10 | Nexpak Corporation | Disc storage container |
EP1361989B1 (en) | 2001-02-20 | 2007-10-03 | Nexpak Corporation | Storage container for recorded media |
US7320235B2 (en) | 2001-12-05 | 2008-01-22 | Nexpak Corporation | Lockable media storage container |
SE524194C2 (en) | 2002-06-04 | 2004-07-06 | Mw Security Ab | Anti-theft device |
US6758340B1 (en) | 2002-07-17 | 2004-07-06 | Display Technologies, Inc. | Display box with sleeve |
WO2004064070A1 (en) | 2003-01-07 | 2004-07-29 | Nexpak Corporation | Storage container for recorded media |
US7610782B2 (en) | 2003-02-07 | 2009-11-03 | Viva Onetime Limited | Lockable container having an integral and internal locking mechanism and methods of use |
US7194879B2 (en) | 2003-02-21 | 2007-03-27 | Alpha Security Products, Inc. | Security container with linked primary and secondary security features |
AU2004225488B2 (en) | 2003-03-26 | 2009-04-23 | Autronic Plastics, Inc. | Denial system for securing an asset within a container and methods of use |
US7665603B2 (en) | 2003-12-10 | 2010-02-23 | Autronic Plastics, Inc. | Storage container with locking device for recorded media |
US7380711B2 (en) | 2004-07-23 | 2008-06-03 | Checkpoint Systems, Inc. | Self-check system and method for protecting digital media |
US7737844B2 (en) * | 2005-12-23 | 2010-06-15 | Invue Security Products Inc. | Programming station for a security system for protecting merchandise |
US7737843B2 (en) | 2005-12-23 | 2010-06-15 | Invue Security Products Inc. | Programmable alarm module and system for protecting merchandise |
US7598861B2 (en) | 2006-01-06 | 2009-10-06 | Checkpoint Systems, Inc. | Security storage container having an internal alarm |
EP1970511A1 (en) | 2007-03-13 | 2008-09-17 | MW Security AB | Security device |
US7999672B1 (en) | 2008-04-22 | 2011-08-16 | Display Technologies, Inc. | Anti-theft box and method of making same |
US7963131B2 (en) | 2008-09-30 | 2011-06-21 | Checkpoint Systems, Inc. | Security container with rearward facing lock |
TWM350781U (en) | 2008-10-14 | 2009-02-11 | Quanta Comp Inc | Hard disk securing apparatus |
US8054620B2 (en) * | 2009-04-29 | 2011-11-08 | Hewlett-Packard Development Company, L.P. | Stacked drives for a blade system |
US8286565B2 (en) | 2009-11-17 | 2012-10-16 | Southern Imperial, Inc. | Security lock box |
US8887907B2 (en) | 2010-10-08 | 2014-11-18 | Checkpoint Systems, Inc. | Security container with replaceable faceplate |
US9328538B2 (en) | 2011-03-09 | 2016-05-03 | Checkpoint Systems, Inc. | Security container for small articles |
EP2964856A4 (en) * | 2013-03-08 | 2016-07-06 | Sentrilock Llc | Electronic key lockout control in lockbox system |
US10192589B2 (en) * | 2017-01-09 | 2019-01-29 | Quanta Computer Inc. | Compact tool-less hard drive disk carrier |
TWI674495B (en) | 2017-10-02 | 2019-10-11 | 仁寶電腦工業股份有限公司 | Lifting mechanism and electronic device |
TWM555054U (en) | 2017-10-06 | 2018-02-01 | 勤誠興業股份有限公司 | Disk loading device and its multi-unit receiving mechanism |
WO2020225713A1 (en) | 2019-05-03 | 2020-11-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods to monitor, configure, manage and signal synchronization for integrated access backhaul (iab) links |
JP2022533494A (en) | 2019-05-07 | 2022-07-25 | インビュー・セキュリティ・プロダクツ・インコーポレイテッド | Merchandise display security system and method |
EP4190134A4 (en) | 2020-07-28 | 2024-08-07 | Invue Security Products Inc | Electronic locks for server racks |
US20220166785A1 (en) | 2020-11-20 | 2022-05-26 | Invue Security Products Inc. | Data center security system |
WO2022146821A1 (en) | 2020-12-30 | 2022-07-07 | Invue Security Products Inc. | Access management for server racks |
-
2022
- 2022-06-21 WO PCT/US2022/034273 patent/WO2022271653A1/en active Application Filing
- 2022-06-21 US US17/845,075 patent/US11758669B2/en active Active
-
2023
- 2023-01-05 US US18/093,582 patent/US11864335B2/en active Active
- 2023-08-04 US US18/230,408 patent/US20230380087A1/en active Pending
Also Published As
Publication number | Publication date |
---|---|
US20220408576A1 (en) | 2022-12-22 |
US20230145820A1 (en) | 2023-05-11 |
US11864335B2 (en) | 2024-01-02 |
US11758669B2 (en) | 2023-09-12 |
WO2022271653A1 (en) | 2022-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11864335B2 (en) | Data center security systems and devices | |
US10329798B2 (en) | Method for monitoring lockout procedures | |
US20200234522A1 (en) | Merchandise display security systems and methods | |
US20160078702A1 (en) | Electronic key for merchandise security device | |
US20240119773A1 (en) | Access management for server racks | |
US20130307668A1 (en) | Cabinet lock key with audio indicators | |
US20230177902A1 (en) | Electronic locks for server racks | |
US11849561B2 (en) | Data center security systems and devices | |
US20200279143A1 (en) | Medicinal dosage storage and method for combined electronic inventory data and access control | |
US20150370745A1 (en) | System and method for communication port based asset management | |
WO2023122159A2 (en) | Data center security systems and devices | |
WO2023122162A1 (en) | Data center security systems and devices | |
GB2315804A (en) | Programmable key and lock | |
WO2019071418A1 (en) | Intelligent internet accessible door lock and working method therefor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INVUE SECURITY PRODUCTS INC., NORTH CAROLINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FAWCETT, CHRISTOPHER J.;GRANT, JEFFREY A.;BERGLUND, DAVID N.;SIGNING DATES FROM 20220624 TO 20220712;REEL/FRAME:064504/0558 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |