WO1994023163A1 - System and method for activating a device - Google Patents

System and method for activating a device Download PDF

Info

Publication number
WO1994023163A1
WO1994023163A1 PCT/GB1994/000597 GB9400597W WO9423163A1 WO 1994023163 A1 WO1994023163 A1 WO 1994023163A1 GB 9400597 W GB9400597 W GB 9400597W WO 9423163 A1 WO9423163 A1 WO 9423163A1
Authority
WO
WIPO (PCT)
Prior art keywords
signals
signal
unit
transmitted
triggering
Prior art date
Application number
PCT/GB1994/000597
Other languages
French (fr)
Inventor
John Arthur Howard
Original Assignee
John Arthur Howard
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB939306447A external-priority patent/GB9306447D0/en
Application filed by John Arthur Howard filed Critical John Arthur Howard
Priority to EP94910012A priority Critical patent/EP0760046A1/en
Publication of WO1994023163A1 publication Critical patent/WO1994023163A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/10Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device
    • B60R25/1003Alarm systems characterised by arm or disarm features
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00388Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • G07C2009/00793Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by Hertzian waves

Definitions

  • the present invention relates to a system for triggering a device in which the triggering can occur only when initiated by a separate unit controlled e.g. by an authorised user of the device. It also relates to a method of triggering a device.
  • the present invention is applicable to remote triggering of a vehicle security system or to the triggering of transactions within a bank account.
  • a vehicle locking system In order to trigger a vehicle locking system remotely, it is well known for the owner of the vehicle to carry a transmitter which transmits a signal to the vehicle which causes the locking system of the vehicle to activate, either to lock or unlock the vehicle. Normally, a data signal is transmitted which is unique to the transmitter, and which is recognised by the locking system of the vehicle so that the locking system is only activated when the appropriate signal is received.
  • a signal be transmitted from the device to a separate unit, which may be carried by the user. That signal is then modified by the unit, and re-transmitted. Since the modification of the re-transmitted signal by the unit was pre-determined, it was then possible for the device to check whether the signal it received was a valid one, with the device being triggered only when a valid signal was received.
  • the system Since the signal transmitted from the device was fixed in GB-A-2051442, and if the operation carried out on that signal by the unit (the same operation being carried out by the device itself) was also fixed, then the system would have low security. It would be more secure than known vehicle locking systems, in the sense that there need be no visible indication that the system was being activated by an authorised user since the unit is not activated by the user, but by the transmission from the device, and therefore could be concealed. However, if an unauthorised third party recorded the signal transmitted from the unit, they could activate the device.
  • the present invention proposes that the device generates a plurality of signals, and selects one of those signals for transmission to the unit (either automatically or in response to an initiation signal), with the selection of that signal varying with time. Since the device knows at any time which signal it has transmitted, the return signal from the unit varies with time in a way predictable to the device. However, if an unauthorised third party records the signal transmitted from the unit, and subsequently tries to trigger the device, the change in the transmitted signal from the device will mean that the signal transmitted to the device from the third party no longer is a valid one, since it corresponds with a previous signal from the device, rather than the signal now being transmitted from the device. Preferably, the time variation in the selection of the signal transmitted from the device is a random variation.
  • a method of triggering a device comprising: generating a plurality of first signals at the device; selecting one of said plurality of first signals and transmitting the selected one of the plurality of first signals to a separate unit; performing at least one operation on said selected one of said first signals at both said device and said separate unit, thereby to generate at least one second signal at both said device and said separate unit; transmitting said at least one second signal from the separate unit to the device as a transmitted signal; comparing transmitted signal with said at least one second signal at said device; and triggering said device when said transmitted signal corresponds to said at least one second signal; wherein the selecting of said one of said plurality of signals varies with time, whereby different ones of said plurality of first signals are transmitted by the device at different times.
  • the transmission of the selected one of the plurality of signals, and possibly the generation of that plurality of signals and the election of one of that plurality of signals, occurs only in response to a initiation signal from a user.
  • a initiation signal may be generated by activation of a door handle if the vehicle, or by inserting a key in a lock.
  • the selection and transmission of signals for the device may be continuous with the triggering of the device being dependent on a unit coming within the range of the device, but this is not preferred both from power consumption considerations, and from the risk of interference due to the continuous transmission.
  • the operation that is carried out on the signal that is transmitted from the device, both at the device itself and at the unit, may be affected by a code input by a user to both the device and the unit.
  • the operation may depend on a PIN number.
  • the device could be re-programmed to prevent the unit from triggering the device.
  • a change in the PIN number at the unit and the device would immediately alter the signals in both directions, thereby returning the system to its initial level of security.
  • a third possibility is for the operation that is carried out by the unit in order to generate a signal transmitted therefrom to vary with time.
  • Such variation could be random, or could be in a predetermined pattern, which pattern is known by the device. Then, if the device carries out different operations at different times in synchronism with the unit, it is again not possible to record a signal from the unit and subsequently trigger the device using the recorded signal, since the time variation in the operation will mean that the signal transmitted by the unit no longer corresponds to the signal which is generated within the device itself.
  • the present invention may also provide a triggering system having a device to be triggered and a separate unit for activating the triggering of the device; wherein the device comprises; means for generating a plurality of first signals; means for selecting one of said plurality of first signals, wherein said means for selecting said one of said plurality of first signals being arranged to vary said selection thereof with time; means for transmitting said selected one of said plurality of first signals to said unit; means for performing at least one operation on said selected one of said first signals thereby to generate at least one second signal at said device; means for receiving a transmitted signal from said separate unit; means for comparing said transmitted signal with said at least one second signal; and means for triggering said device when said transmitted signal corresponds to said at least one second signal; and wherein said unit comprises: means for receiving said selected one of said plurality of first signals from
  • the present invention is applicable to triggering of many different types of devices.
  • the application of the present invention to vehicle locking systems, and to automated teller systems has been mentioned above, but a wide variety of other applications is possible.
  • the present invention may be used to permit authorised access to a building or other location, to ensuring valid transmission of messages by e.g. facsimile or data line, or to any other system in which one device needs to be triggered by a user of the device.
  • Fig 1 is a flow-chart showing the operation of a device to be triggered, and a separate unit, in accordance with the present invention
  • Fig 2 shows the structure of a unit useable in the present invention
  • Fig 3 shows part of a device to be triggered in accordance with the present invention
  • Fig 4 shows schematically the application of the present invention to a vehicle locking system
  • Fig 5 shows schematically the application of the present invention to an automated teller system.
  • Fig 1 the operational steps listed on the left-hand side of the Figure represent events occurring in a device to be triggered, and the operational steps occurring on the right-hand side of the Figure represent events occurring in a separate unit which may be carried by a user who is authorised to trigger the device.
  • Both the device and the unit store a common initial code (steps 100,200) which may be e.g. a PIN.
  • the same code is stored by both the device and unit and may be fixed or may be alterable by a user or by remote programming.
  • the device From that initial code, the device generates a plurality of signals (step 101), and then carries out a selection operation to select one of the signals, which selection operation varies with time.
  • a selection operation to select one of the signals, which selection operation varies with time.
  • one of the signals generated at step 101 is selected and is then transmitted (step 102) from the device.
  • Such transmission may be of radio frequency signals or by any other suitable transmission methods.
  • the device In addition to transmitting this selected signal, the device generates a plurality of further signals (second signals) using the transmitted signal and e.g. the initial code and stores each of the plurality of second signals.
  • the device then waits for a signal to be received from an associated, but separate, unit. If no signal is received after a predetermined time (because there is no unit within range of the transmission of the signal by the device) it is determined at step 104 that no signal has been received, and the device returns to step 102 and selects a further signal for transmission. If, however, there is a suitable unit within range, it will receive the signal from the device (at step 201) and generate a plurality of signals (second signals) using the received signal and the stored initial code (step 202). The plurality of signals thus generated are identical to those generated at step 103 in the device. The unit then selects one of those plurality of second signals and transmits it back to the device (step 203).
  • step 104 If any signal is received by the device, it is detected at step 104.
  • Fig 1 assumes that the signal has been received from a unit, but the device will also detect if any other signal is received.
  • the received signal is compared with the plurality of second signals generated at step 103 (comparison step 105). If the received signal does not correspond to one of the plurality of second signals, so that there is lack of agreement (step 106), the device knows that it has received an invalid signal and is therefore not triggered (step 107). The device returns to step 102. If, however, the received signal agrees with one of the stored second signals (step 106) the device knows that it has received a valid signal and is triggered. Again, processing then returns to step 102.
  • a unit which is separate from the device to be triggered also stores the initial code (PIN) at step 200. That initial code (PIN) is the same as the initial code (PIN) stored by the device at step 100.
  • the unit When the device transmits the selected signal at step 102, it is received by the unit at step 201. Using the received signal, the unit generates a plurality of signals (second signals) using the received signal and the initial code (PIN). As has previously been stated, the operation or operations used by the unit at step 202 are the same as those used by the device at step 103, so that, at that time, the same second signals exist in both the device and unit, so that transmission of one of those second signals can be determined to be a valid signal by the device, since it agrees with one of the second signals generated and stored by the device itself. Since the selection of a signal at step 102 by the device is repeated after a predetermined time interval, and the selection of that signal varies with time (e.g. randomly), then different sets of second signals will be generated at different times in the device and the unit. When the system is operating correctly, two sets of second signals will always correspond. Hence, any signal transmitted by the unit will be identified as a valid one.
  • the unit since the generation of the plurality of second signals is the same at step 103 and 202 in the device and unit respectively, the unit must transmit one of the signals stored in the device. Since the device thus knows all possible responses that the unit may transmit, it can readily determine if the signal is valid or not. There are several ways in which such a system provides security of triggering, so that the device can be triggered only by a unit which is arranged to trigger it. As has previously been mentioned, the selection of the signal at step 102 varies with time. Preferably, this variation is random.
  • the plurality of second signals which are generated at steps 103 and 202 will themselves vary with time and therefore a signal received by the device which would be determined as valid if received at one time will be determined as invalid if received at a different time, when a different signal has been selected (at step 102) and transmitted by the device.
  • a signal received by the device which would be determined as valid if received at one time will be determined as invalid if received at a different time, when a different signal has been selected (at step 102) and transmitted by the device.
  • the time variation particularly if random, therefore imposes a major restriction on unauthorised triggering.
  • the unit generates a plurality of signals at step 202 and then selects one of those signals at step 203. If that selection step varies with time (either randomly or in a fixed way), then there will not be a fixed relationship between the signal transmitted by the device in step 102 and the signal transmitted from the unit at step 203. Hence, it will be more difficult for interception of those signals to permit determination of the relationship therebetween. This is particularly true if the selection of the signal for transmission by the unit at step 203 is on a random basis.
  • both the device and unit depend for their operation on the initial code stored at steps 100,200. If that initial code is varied, all subsequent signals will be changed and thus it is possible readily to re-program the system. It is possible for the device to operate in a mode in which the return of processing to step 102 from steps 107 or 108 automatically causes the device to select a further signal and transmit it. The device then operates in a "continuous broadcast" mode, so that the device will be triggered when an appropriate unit comes within range and the unit transmits a valid signal to the device. However, such a "continuous broadcast” mode is not preferred, both because of power considerations and because of- the risk of interference. This problem would be particularly acute for a vehicle locking system where a continuous broadcast mode would result in a large number of signals being transmitted at e.g. a location where many vehicles were parked.
  • initiation step 109 may initiate not only the transmission of the selected signal, but the selection of that signal from the plurality of signals generated, or even the generation of the signals themselves. In this way, the device need operate in the way shown in Fig 1 only when initiated.
  • the initiation signal may be any suitable signal input by a user.
  • that initiation step 109 may involve the activation of a door handle of the vehicle, or the insertion of a vehicle key in a lock. If the present invention is applied to an automated teller system, then that initiation step 109 may occur by insertion of a suitable card into the automated teller system in the way that cards are currently inserted or by activating a key of the automated teller system.
  • the structure of a unit suitable for use in the present invention is shown in Fig 2.
  • the key element of the unit 300 is a processor (SSS Chip) 301 which stores the code (PIN) (step 200), generates the plurality of second signals (step 202) and selects one of those second signals (step 203).
  • the unit 300 also has a RF Transmitter/Receiver 302 which permits signals to be received (from the device at step 201) and also permits signals to be transmitted (e.g. to the device), which signals originate in the processor 301.
  • the unit 300 has a power source (Chip Battery) 303 which may be rechargeable via a charger 304. That charger may itself derive power from the signals transmitted by the device, via a power loop 305. The operations of such a power loop to activate a charger is known.
  • the RF power loop 305 may be replaced by e.g. a solar panel to provide power to the chip battery charger 304.
  • the unit 300 is provided with a keyboard 306 which may also have a LCD display in which the input code may be visible to the user. Any new code input is passed to the processor 301 for use in generating the plurality of second signals.
  • transmission between the device and the unit 300 is by RF signals, and the signals must therefore correspond to accepted standards for such transmissions.
  • these are in the 25 to 1000 MHz band. Other bands are, however, possible.
  • the processor 301 and the RF Transmitter/Receiver 302 into a single chip such as in the RF ID ASIC chips produced by e.g. Atmel Corporation.
  • the use of such chips enables the size of the unit 300 to be kept small and thus it may be e.g. concealed on the person of the authorised user. Since the user does not have to activate the unit, in order to trigger the device, it is not necessary for the user to e.g. hold the unit 300 when activating the device. This is useful because there is then no visible indication that the device is being triggered, and therefore it is less likely that an unauthorised third party will attempt to intercept signals between the device and unit. Furthermore, since the user does not have to trigger the unit, the user's hands are free for any other action that needs to be carried out.
  • the unit of Fig 2 may be similar in shape and size to a credit card.
  • Fig 3 shows an example of the structure of part of a device 400 for use in the present invention.
  • the device comprises a control unit 401 which is generally the same as the unit 300, except that the RF power loop 305 is omitted. Instead, the control unit 401 is connected to a power source 402. Furthermore, since the RF Transmitter/Receiver 302 in the unit 300 transmits at low powers, it is important that the device 400 transmits signals at a higher power.
  • the output of the control unit 401 is passed to a RF amplifier 403, which amplifies the transmitted signals. That RF amplifier 403 will also amplify signals received from the unit 300, before passing them to the control unit 401.
  • control unit 401 contains a processor similar to the processor 301 of the unit 300, it will be able to carry out the operation of storing the initial code (PIN) so the generation of the plurality of second signals which occur in the unit 300.
  • that processor in the control unit 401 also needs to generate the plurality of signals from the code and randomly select one of those signals for transmission (steps 101,201 in Fig 1).
  • the control unit 401 will be connected to the parts of the device 400 which are to be triggered (those parts not being shown in Fig 3). In order to prevent electrical interference between those parts and the control unit 401, in either direction, an input isolator 404 and output isolator 405 are provided between the control unit 401 and the output 406 from the control unit 401 to other parts of the device.
  • Fig 3 shows a further modification of this embodiment of the present invention.
  • the device if an invalid signal is received, the device is not triggered (step 107 in Fig 1). If a signal is received which is invalid, this can indicate an attempt to activate the device improperly, and this may then trigger an alarm. That alarm may be a standard one, and is therefore not shown in Fig 3, but a further isolator 407 may be provided between the alarm and the control unit 401 to prevent electrical contamination therebetween.
  • control unit 401 corresponds generally to the unit 300, it will have a keyboard corresponding to the keyboard 306.
  • PIN initial code
  • the same initial code (PIN) will need to be input to the control unit.
  • the unit 300 is lost by an authorised user, that authorised user can immediately prevent activation of the device by the lost unit 300 by changing the initial code (PIN) stored in the control unit 401.
  • this will then vary the plurality of signals generated at step 101, and will then vary the plurality of signals generated at step 101, and will also vary the plurality of second signals generated at step 103 since that step 103 also makes use of the initial code (PIN).
  • the plurality of second signals generated at the device will not correspond to the plurality of signals generated at step 202 by the unit, since the unit has a different initial code (PIN) therein.
  • PIN initial code
  • the device 400 may be connected to e.g. a remote controller which permits the code (PIN) therein to be changed.
  • PIN code
  • the transmission of signals between the device and unit is by radio frequency power.
  • the unit it is also possible within the present invention for the unit to be electrically connectable (and removable) from the device e.g. by plugging the unit into an appropriate socket connected to the device.
  • Such an arrangement would, however, have the disadvantage that the user would have to bring the unit to the socket, which then removes the advantage of the triggering of the device by the unit requiring no action on the part of the user.
  • a user will know that the device is only validly to be triggered at specific times, or within a predetermined time range.
  • the present invention proposes that the user is able to program times which the valid triggering may occur into the processor 301 in the unit 302, and into the corresponding processor in the control unit 401, so that no triggering will occur outside those valid times.
  • Fig 4 shows schematically the application of the embodiment of Figs 1 to 3 to a vehicle locking system.
  • the device 400 of Fig 3 is connected to locks 501,502,503 of a vehicle 500, and may also be connected to an alarm 504 and the engine 506 of the vehicle 500.
  • the device 400 will trigger the locks 501,502 and 503 either to lock or unlock them, enabling the user of the unit 30,0 to get access or prevent access, to the vehicle 500.
  • the unit 300 may be carried on the person of an authorised user.
  • the device 400 may be connected to an alarm 504 and also possibly to the engine 506 of the vehicle, to trigger that alarm 504 and/or disable the engine 506.
  • the detailed structure of the interconnection of the device 400 and the locks 501,502,503, and also to the alarm 504 and the engine 506 may be conventional, and indeed the device 400 may be connected to a known locking arrangement.
  • the present invention provides a different way of triggering the device 400 from the conventional ones.
  • the transmission of signals by the device 400 is preferably not continuous, but occurs in response to a suitable initiation signal.
  • movement of a door handle 507 of the vehicle 500 may generate a signal to the device 400 which causes the transmission of the signal to the device.
  • the user approaches the vehicle and moves the door handle 507 to open the vehicle.
  • the device 400 generates a signal which is received by the unit 300 carried by the user, which returns a selected one of the second signals and (assuming that signal is valid) triggers the lock 501 to 503 of the vehicle permitting the door to be opened.
  • the present invention may also be applied to an automated teller system as shown schematically in Fig 5.
  • An automated teller unit 600 is connected to the main computer 601 of e.g. a bank or other financial organisation, and a user may carry out transactions on an account held by the main computer 200 via a keyboard 602 of the automated teller 600.
  • a display 603 is normally provided at the automated teller 600.
  • the general configuration of the automated teller 600 and the central computer 601 may be conventional, and therefore the details of the transaction processing will not be discussed in detail.
  • the present invention affects the activation of the automated teller 600 to permit transactions to be carried out.
  • a user inserts an appropriate card into the automated teller 600, and enters a code number (PIN number).
  • the automated teller 600 transmits signals from a device 400, corresponding to the device of Fig 3, and authorised users carry units 300 corresponding to the unit 300 shown in Fig 2. Then, when an authorised user approaches the automated teller 600, the signals transmitted from the device 400 will be received by the unit 300 and a return signal will be generated as previously described. Once the unit 400 detects that a valid signal has been received, then the keyboard 602 and screen 603 may be activated, then enabling transactions to occur in the conventional way.
  • the transmission of the signals from the device 400 may be continuous, but is preferably initiated by a suitable input by the user, e.g. the insertion of an identity card into a slot 604 in the automated teller 600, or by activation of an appropriate key of keyboard 602.
  • the device stores a multiplicity of initial codes (PIN) to enable different types of users to trigger the device in different ways.
  • PIN initial codes
  • the initiation signal generated at initiation step 109 in Fig 1 may need to be different for different users, and in such circumstances the different initiation steps would initiate the generation of different pluralities of signals, based on the different initial codes, and then the selection and transmission of a corresponding one of those signals.
  • the device 400 may store information relating to the vehicle (such as chassis number, etc) and e.g.
  • the triggering of the device may then trigger the transmission of a signal corresponding to the vehicle identification, e.g. to enable the police to check for stolen vehicles. Then, it is important that such information cannot tampered with, even by a person who is authorised to activate the vehicle locking system.
  • the installers of the vehicle locking system may have a different initial code from that of the authorised user, permitting that installer to have access to the device in a way not permitted to the user, e.g. to set or alter the vehicle identification.
  • the provision of multiple initial codes may enable different parts of the system to be triggered independently.
  • the device 400 may one initial code which, when a valid signal has been received by the unit 300, triggers the locks 501 to 503 but does not enable the engine 506 so that such a user has access to the vehicle, but cannot drive it. A user with a different initial code could then be permitted to activate both the locks 501 and 503 and the engine 506.
  • the engine 506 and some of the locks 501 to 503 of the vehicle may be initiated by a user with one initial code, to permit the vehicle to be driven, but a different initial code may trigger the lock permitting access to the contents of the vehicle.
  • different levels of security for different users may be provided by storage of a multiplicity of initial codes.

Abstract

In order to trigger a device for example a vehicle locking system or an automated teller system, the device generates signals from a code (e.g. a PIN) (101) and selects one of those signals for transmission (102), different signals being selected at different times. The selection is normally random. A separate unit, carried by an authorised user, receives the signal (201) from the device and generates further signals (202) (second signals) from that initial signal, and a code (e.g. the PIN) stored in the unit. One of the second signals is then selected by the unit (300) and transmitted (203). The device also generates the plurality of second signals using the signal that it has transmitted and the initial code (103). Therefore, it can compare a received signal with the stored signals (105). If they agree, then the device determines that it has received a valid signal, and is triggered (108). If the device receives any other signal, it will not correspond to one of the plurality of second signals and thus the signal received will be determined as invalid (107). Hence, the security of the system is high.

Description

SYSTEM AND METHOD FOR ACTIVATING A DEVICE BACKGROUND OF THE INVENTION FIELD OF THE INVENTION
The present invention relates to a system for triggering a device in which the triggering can occur only when initiated by a separate unit controlled e.g. by an authorised user of the device. It also relates to a method of triggering a device. For example, the present invention is applicable to remote triggering of a vehicle security system or to the triggering of transactions within a bank account. SUMMARY OF THE PRIOR ART
In order to trigger a vehicle locking system remotely, it is well known for the owner of the vehicle to carry a transmitter which transmits a signal to the vehicle which causes the locking system of the vehicle to activate, either to lock or unlock the vehicle. Normally, a data signal is transmitted which is unique to the transmitter, and which is recognised by the locking system of the vehicle so that the locking system is only activated when the appropriate signal is received.
However, it has been found that such a system can be rendered non-secure because devices have been developed which are capable of recording the transmitted signal and subsequently re-transmitting it. Thus, it is possible for an intruder to "grab" the transmitted signal when the owner activates the locking system and for that intruder subsequently to re-activate the locking signal without authority.
Secure access is also needed to bank accounts. It is now very common for bank accounts to be accessed via automated teller systems, in which access for the bank account is given by a card which is fed to the automatic teller system, together with a PIN number. Such a system is secure if the PIN number is known only to someone who is authorised to access the bank account, since theft of the card will not enable the thief to access the bank account without the PIN number. However, it has been found that PIN numbers are not kept with sufficient security, and therefore unauthorised access to the bank account may then result.
In GB-A-2051442 it was proposed that a signal be transmitted from the device to a separate unit, which may be carried by the user. That signal is then modified by the unit, and re-transmitted. Since the modification of the re-transmitted signal by the unit was pre-determined, it was then possible for the device to check whether the signal it received was a valid one, with the device being triggered only when a valid signal was received. SUMMARY OF THE PRESENT INVENTION
Since the signal transmitted from the device was fixed in GB-A-2051442, and if the operation carried out on that signal by the unit (the same operation being carried out by the device itself) was also fixed, then the system would have low security. It would be more secure than known vehicle locking systems, in the sense that there need be no visible indication that the system was being activated by an authorised user since the unit is not activated by the user, but by the transmission from the device, and therefore could be concealed. However, if an unauthorised third party recorded the signal transmitted from the unit, they could activate the device.
Therefore, the present invention proposes that the device generates a plurality of signals, and selects one of those signals for transmission to the unit (either automatically or in response to an initiation signal), with the selection of that signal varying with time. Since the device knows at any time which signal it has transmitted, the return signal from the unit varies with time in a way predictable to the device. However, if an unauthorised third party records the signal transmitted from the unit, and subsequently tries to trigger the device, the change in the transmitted signal from the device will mean that the signal transmitted to the device from the third party no longer is a valid one, since it corresponds with a previous signal from the device, rather than the signal now being transmitted from the device. Preferably, the time variation in the selection of the signal transmitted from the device is a random variation.
Thus, according to a first aspect of the present invention there is provided a method of triggering a device comprising: generating a plurality of first signals at the device; selecting one of said plurality of first signals and transmitting the selected one of the plurality of first signals to a separate unit; performing at least one operation on said selected one of said first signals at both said device and said separate unit, thereby to generate at least one second signal at both said device and said separate unit; transmitting said at least one second signal from the separate unit to the device as a transmitted signal; comparing transmitted signal with said at least one second signal at said device; and triggering said device when said transmitted signal corresponds to said at least one second signal; wherein the selecting of said one of said plurality of signals varies with time, whereby different ones of said plurality of first signals are transmitted by the device at different times.
It should be noted that although above the discussion of the present invention requires that the device carry out the or each operation on the signal that it transmits, it is possible for the device to carry out the operation or operations on all the signals (including the one transmitted) and then check for receipt of a valid signal against all operations carried out on all signals. This, however, is less secure and is not therefore preferred.
Moreover, it is preferable that the transmission of the selected one of the plurality of signals, and possibly the generation of that plurality of signals and the election of one of that plurality of signals, occurs only in response to a initiation signal from a user. For example, when the present invention is applied to a vehicle locking system, that initiation signal may be generated by activation of a door handle if the vehicle, or by inserting a key in a lock. It is possible for the selection and transmission of signals for the device to be continuous with the triggering of the device being dependent on a unit coming within the range of the device, but this is not preferred both from power consumption considerations, and from the risk of interference due to the continuous transmission. The operation that is carried out on the signal that is transmitted from the device, both at the device itself and at the unit, may be affected by a code input by a user to both the device and the unit. For example, the operation may depend on a PIN number. Then, if the unit was lost by the user, the device could be re-programmed to prevent the unit from triggering the device. Moreover, if the user thought that signals to or from the unit had been intercepted by an unauthorised third party, a change in the PIN number at the unit and the device would immediately alter the signals in both directions, thereby returning the system to its initial level of security. A third possibility is for the operation that is carried out by the unit in order to generate a signal transmitted therefrom to vary with time. Such variation could be random, or could be in a predetermined pattern, which pattern is known by the device. Then, if the device carries out different operations at different times in synchronism with the unit, it is again not possible to record a signal from the unit and subsequently trigger the device using the recorded signal, since the time variation in the operation will mean that the signal transmitted by the unit no longer corresponds to the signal which is generated within the device itself.
There is a further advantage in the carrying out of one of a plurality of operations at the unit, with the operation being carried out varying with time. If the operation carried out was fixed, it may be possible for a third party to derive that operation from study of signals transmitted from the device and the corresponding signals transmitted from the unit. If the operation carried out by the unit varies, particularly if it varies randomly, it is not then possible to derive the plurality of operations that are carried out by the unit. In such an arrangement, the device will know all the possible operations that can be carried out by the unit, so that it can generate all possible replies to the signal it transmits, and therefore determine when it has received a valid reply.
Although the present invention has been discussed above in relation to a method of triggering a device, the present invention also relates to a system for triggering the device, and this represents an independent aspect of the present invention. Thus, the present invention may also provide a triggering system having a device to be triggered and a separate unit for activating the triggering of the device; wherein the device comprises; means for generating a plurality of first signals; means for selecting one of said plurality of first signals, wherein said means for selecting said one of said plurality of first signals being arranged to vary said selection thereof with time; means for transmitting said selected one of said plurality of first signals to said unit; means for performing at least one operation on said selected one of said first signals thereby to generate at least one second signal at said device; means for receiving a transmitted signal from said separate unit; means for comparing said transmitted signal with said at least one second signal; and means for triggering said device when said transmitted signal corresponds to said at least one second signal; and wherein said unit comprises: means for receiving said selected one of said plurality of first signals from said device; means for performing said at least one operation on said selected one of said first signals, thereby to generate said at least one second signal at said unit; and means for transmitting said at least one second signal to said device as said transmitted signal.
There are many other features which may be incorporated into the present invention further to increase the security of the resulting system. For example, it may be possible for the user to program the device so that the device will not be triggered except at particular times. Thus, taking the example of a vehicle locking system, the user may know that the vehicle will not be needed during normal working hours, and the device could then be programmed to prevent triggering of the device except within the times when the vehicle is needed. A further development, where a device is to be triggered at different times by different users, would make it possible for the operation or operations carried out by the unit to vary with each type of user. Then, the device could identify not only that a valid signal has been received (since the device would know the valid transmitted signals from all authorised users), but also would be able to identify the type of user. The present invention is applicable to triggering of many different types of devices. The application of the present invention to vehicle locking systems, and to automated teller systems has been mentioned above, but a wide variety of other applications is possible. The present invention may be used to permit authorised access to a building or other location, to ensuring valid transmission of messages by e.g. facsimile or data line, or to any other system in which one device needs to be triggered by a user of the device.
BRIEF DESCRIPTION OF THE DRAWING
An embodiment of the present invention will now be described in detail, by way of example, with reference to the accompanying drawings, in which: Fig 1 is a flow-chart showing the operation of a device to be triggered, and a separate unit, in accordance with the present invention;
Fig 2 shows the structure of a unit useable in the present invention;
Fig 3 shows part of a device to be triggered in accordance with the present invention;
Fig 4 shows schematically the application of the present invention to a vehicle locking system; and
Fig 5 shows schematically the application of the present invention to an automated teller system. DETAILED DESCRIPTION
The basic principles of operation of an embodiment of the present invention will be described first, with reference to Fig 1. In Fig 1, the operational steps listed on the left-hand side of the Figure represent events occurring in a device to be triggered, and the operational steps occurring on the right-hand side of the Figure represent events occurring in a separate unit which may be carried by a user who is authorised to trigger the device.
Both the device and the unit store a common initial code (steps 100,200) which may be e.g. a PIN. The same code is stored by both the device and unit and may be fixed or may be alterable by a user or by remote programming. From that initial code, the device generates a plurality of signals (step 101), and then carries out a selection operation to select one of the signals, which selection operation varies with time. Thus, at a given time, one of the signals generated at step 101 is selected and is then transmitted (step 102) from the device. Such transmission may be of radio frequency signals or by any other suitable transmission methods.
In addition to transmitting this selected signal, the device generates a plurality of further signals (second signals) using the transmitted signal and e.g. the initial code and stores each of the plurality of second signals. The device then waits for a signal to be received from an associated, but separate, unit. If no signal is received after a predetermined time (because there is no unit within range of the transmission of the signal by the device) it is determined at step 104 that no signal has been received, and the device returns to step 102 and selects a further signal for transmission. If, however, there is a suitable unit within range, it will receive the signal from the device (at step 201) and generate a plurality of signals (second signals) using the received signal and the stored initial code (step 202). The plurality of signals thus generated are identical to those generated at step 103 in the device. The unit then selects one of those plurality of second signals and transmits it back to the device (step 203).
If any signal is received by the device, it is detected at step 104. Fig 1 assumes that the signal has been received from a unit, but the device will also detect if any other signal is received. In order to check whether the received signal is a valid one (i.e. comes from a unit which is to trigger the device), the received signal is compared with the plurality of second signals generated at step 103 (comparison step 105). If the received signal does not correspond to one of the plurality of second signals, so that there is lack of agreement (step 106), the device knows that it has received an invalid signal and is therefore not triggered (step 107). The device returns to step 102. If, however, the received signal agrees with one of the stored second signals (step 106) the device knows that it has received a valid signal and is triggered. Again, processing then returns to step 102.
As shown in the right-hand side of Fig 1, a unit which is separate from the device to be triggered also stores the initial code (PIN) at step 200. That initial code (PIN) is the same as the initial code (PIN) stored by the device at step 100.
When the device transmits the selected signal at step 102, it is received by the unit at step 201. Using the received signal, the unit generates a plurality of signals (second signals) using the received signal and the initial code (PIN). As has previously been stated, the operation or operations used by the unit at step 202 are the same as those used by the device at step 103, so that, at that time, the same second signals exist in both the device and unit, so that transmission of one of those second signals can be determined to be a valid signal by the device, since it agrees with one of the second signals generated and stored by the device itself. Since the selection of a signal at step 102 by the device is repeated after a predetermined time interval, and the selection of that signal varies with time (e.g. randomly), then different sets of second signals will be generated at different times in the device and the unit. When the system is operating correctly, two sets of second signals will always correspond. Hence, any signal transmitted by the unit will be identified as a valid one.
Thus, since the generation of the plurality of second signals is the same at step 103 and 202 in the device and unit respectively, the unit must transmit one of the signals stored in the device. Since the device thus knows all possible responses that the unit may transmit, it can readily determine if the signal is valid or not. There are several ways in which such a system provides security of triggering, so that the device can be triggered only by a unit which is arranged to trigger it. As has previously been mentioned, the selection of the signal at step 102 varies with time. Preferably, this variation is random. The effect of this variation is that the plurality of second signals which are generated at steps 103 and 202 will themselves vary with time and therefore a signal received by the device which would be determined as valid if received at one time will be determined as invalid if received at a different time, when a different signal has been selected (at step 102) and transmitted by the device. Thus, it is not possible simply to record a signal from a unit and subsequently transmit that recorded signal to the device in order to trigger it. The time variation, particularly if random, therefore imposes a major restriction on unauthorised triggering.
Furthermore, there is the fact that the unit generates a plurality of signals at step 202 and then selects one of those signals at step 203. If that selection step varies with time (either randomly or in a fixed way), then there will not be a fixed relationship between the signal transmitted by the device in step 102 and the signal transmitted from the unit at step 203. Hence, it will be more difficult for interception of those signals to permit determination of the relationship therebetween. This is particularly true if the selection of the signal for transmission by the unit at step 203 is on a random basis.
Thirdly, both the device and unit depend for their operation on the initial code stored at steps 100,200. If that initial code is varied, all subsequent signals will be changed and thus it is possible readily to re-program the system. It is possible for the device to operate in a mode in which the return of processing to step 102 from steps 107 or 108 automatically causes the device to select a further signal and transmit it. The device then operates in a "continuous broadcast" mode, so that the device will be triggered when an appropriate unit comes within range and the unit transmits a valid signal to the device. However, such a "continuous broadcast" mode is not preferred, both because of power considerations and because of- the risk of interference. This problem would be particularly acute for a vehicle locking system where a continuous broadcast mode would result in a large number of signals being transmitted at e.g. a location where many vehicles were parked.
Therefore, it is preferable that at least the transmission of the selected signal occurs in response to an initiation step 109. Indeed, that initiation step 109 may initiate not only the transmission of the selected signal, but the selection of that signal from the plurality of signals generated, or even the generation of the signals themselves. In this way, the device need operate in the way shown in Fig 1 only when initiated. The initiation signal may be any suitable signal input by a user. For example, where the present invention is applied to a vehicle locking system, that initiation step 109 may involve the activation of a door handle of the vehicle, or the insertion of a vehicle key in a lock. If the present invention is applied to an automated teller system, then that initiation step 109 may occur by insertion of a suitable card into the automated teller system in the way that cards are currently inserted or by activating a key of the automated teller system.
The structure of a unit suitable for use in the present invention is shown in Fig 2. The key element of the unit 300 is a processor (SSS Chip) 301 which stores the code (PIN) (step 200), generates the plurality of second signals (step 202) and selects one of those second signals (step 203). The unit 300 also has a RF Transmitter/Receiver 302 which permits signals to be received (from the device at step 201) and also permits signals to be transmitted (e.g. to the device), which signals originate in the processor 301. The unit 300 has a power source (Chip Battery) 303 which may be rechargeable via a charger 304. That charger may itself derive power from the signals transmitted by the device, via a power loop 305. The operations of such a power loop to activate a charger is known.
It may also be noted that the RF power loop 305 may be replaced by e.g. a solar panel to provide power to the chip battery charger 304.
As has previously been mentioned, it is possible for the user to vary the code (PIN) stored in the unit. For this purpose, the unit 300 is provided with a keyboard 306 which may also have a LCD display in which the input code may be visible to the user. Any new code input is passed to the processor 301 for use in generating the plurality of second signals.
In this embodiment, transmission between the device and the unit 300 is by RF signals, and the signals must therefore correspond to accepted standards for such transmissions. Typically, these are in the 25 to 1000 MHz band. Other bands are, however, possible.
It may be noted that it may be possible to combine the processor 301 and the RF Transmitter/Receiver 302 into a single chip such as in the RF ID ASIC chips produced by e.g. Atmel Corporation. The use of such chips enables the size of the unit 300 to be kept small and thus it may be e.g. concealed on the person of the authorised user. Since the user does not have to activate the unit, in order to trigger the device, it is not necessary for the user to e.g. hold the unit 300 when activating the device. This is useful because there is then no visible indication that the device is being triggered, and therefore it is less likely that an unauthorised third party will attempt to intercept signals between the device and unit. Furthermore, since the user does not have to trigger the unit, the user's hands are free for any other action that needs to be carried out.
The unit of Fig 2 may be similar in shape and size to a credit card.
Fig 3 shows an example of the structure of part of a device 400 for use in the present invention. The device comprises a control unit 401 which is generally the same as the unit 300, except that the RF power loop 305 is omitted. Instead, the control unit 401 is connected to a power source 402. Furthermore, since the RF Transmitter/Receiver 302 in the unit 300 transmits at low powers, it is important that the device 400 transmits signals at a higher power.
Therefore, the output of the control unit 401 is passed to a RF amplifier 403, which amplifies the transmitted signals. That RF amplifier 403 will also amplify signals received from the unit 300, before passing them to the control unit 401.
Since the control unit 401 contains a processor similar to the processor 301 of the unit 300, it will be able to carry out the operation of storing the initial code (PIN) so the generation of the plurality of second signals which occur in the unit 300. In addition, that processor in the control unit 401 also needs to generate the plurality of signals from the code and randomly select one of those signals for transmission (steps 101,201 in Fig 1).
The control unit 401 will be connected to the parts of the device 400 which are to be triggered (those parts not being shown in Fig 3). In order to prevent electrical interference between those parts and the control unit 401, in either direction, an input isolator 404 and output isolator 405 are provided between the control unit 401 and the output 406 from the control unit 401 to other parts of the device.
Fig 3 shows a further modification of this embodiment of the present invention. As was mentioned in Fig 1, if an invalid signal is received, the device is not triggered (step 107 in Fig 1). If a signal is received which is invalid, this can indicate an attempt to activate the device improperly, and this may then trigger an alarm. That alarm may be a standard one, and is therefore not shown in Fig 3, but a further isolator 407 may be provided between the alarm and the control unit 401 to prevent electrical contamination therebetween.
Since the control unit 401 corresponds generally to the unit 300, it will have a keyboard corresponding to the keyboard 306. When a new initial code (PIN) is input to the unit 300 via the keyboard 306, the same initial code (PIN) will need to be input to the control unit. Moreover, if the unit 300 is lost by an authorised user, that authorised user can immediately prevent activation of the device by the lost unit 300 by changing the initial code (PIN) stored in the control unit 401. As will be appreciated from Fig 1, this will then vary the plurality of signals generated at step 101, and will then vary the plurality of signals generated at step 101, and will also vary the plurality of second signals generated at step 103 since that step 103 also makes use of the initial code (PIN). The result is that the plurality of second signals generated at the device will not correspond to the plurality of signals generated at step 202 by the unit, since the unit has a different initial code (PIN) therein. Hence, when a signal is transmitted from the unit to the device, and compared at step 105, the received signal will be judged as invalid.
In a further variation of this, the device 400 may be connected to e.g. a remote controller which permits the code (PIN) therein to be changed. This would be useful, for example, in transaction processing where a central organisation, such as a bank, could cancel a valid code, thereby invalidating a stolen unit. In the above embodiment, it has been assumed that the transmission of signals between the device and unit is by radio frequency power. Other transmission systems are possible, and it is also possible within the present invention for the unit to be electrically connectable (and removable) from the device e.g. by plugging the unit into an appropriate socket connected to the device. Such an arrangement would, however, have the disadvantage that the user would have to bring the unit to the socket, which then removes the advantage of the triggering of the device by the unit requiring no action on the part of the user.
In some cases, a user will know that the device is only validly to be triggered at specific times, or within a predetermined time range. In such circumstances, the present invention proposes that the user is able to program times which the valid triggering may occur into the processor 301 in the unit 302, and into the corresponding processor in the control unit 401, so that no triggering will occur outside those valid times.
Fig 4 shows schematically the application of the embodiment of Figs 1 to 3 to a vehicle locking system. The device 400 of Fig 3 is connected to locks 501,502,503 of a vehicle 500, and may also be connected to an alarm 504 and the engine 506 of the vehicle 500. When valid signals are transmitted from a unit 300 to the device 400, in response to signals generated from the device 400 itself, the device 400 will trigger the locks 501,502 and 503 either to lock or unlock them, enabling the user of the unit 30,0 to get access or prevent access, to the vehicle 500. As has previously been mentioned, the unit 300 may be carried on the person of an authorised user.
If an invalid signal is received by the device 400, this may indicate an attempt to tamper with the vehicle 500, and therefore the device 400 may be connected to an alarm 504 and also possibly to the engine 506 of the vehicle, to trigger that alarm 504 and/or disable the engine 506. The detailed structure of the interconnection of the device 400 and the locks 501,502,503, and also to the alarm 504 and the engine 506 may be conventional, and indeed the device 400 may be connected to a known locking arrangement. The present invention provides a different way of triggering the device 400 from the conventional ones. As has previously been mentioned, the transmission of signals by the device 400 is preferably not continuous, but occurs in response to a suitable initiation signal. Thus, for example, movement of a door handle 507 of the vehicle 500 may generate a signal to the device 400 which causes the transmission of the signal to the device. In this case, the user approaches the vehicle and moves the door handle 507 to open the vehicle. The device 400 generates a signal which is received by the unit 300 carried by the user, which returns a selected one of the second signals and (assuming that signal is valid) triggers the lock 501 to 503 of the vehicle permitting the door to be opened.
The present invention may also be applied to an automated teller system as shown schematically in Fig 5. An automated teller unit 600 is connected to the main computer 601 of e.g. a bank or other financial organisation, and a user may carry out transactions on an account held by the main computer 200 via a keyboard 602 of the automated teller 600. A display 603 is normally provided at the automated teller 600. The general configuration of the automated teller 600 and the central computer 601 may be conventional, and therefore the details of the transaction processing will not be discussed in detail.
The present invention, however, affects the activation of the automated teller 600 to permit transactions to be carried out. In existing systems, a user inserts an appropriate card into the automated teller 600, and enters a code number (PIN number). With the present invention, however, the automated teller 600 transmits signals from a device 400, corresponding to the device of Fig 3, and authorised users carry units 300 corresponding to the unit 300 shown in Fig 2. Then, when an authorised user approaches the automated teller 600, the signals transmitted from the device 400 will be received by the unit 300 and a return signal will be generated as previously described. Once the unit 400 detects that a valid signal has been received, then the keyboard 602 and screen 603 may be activated, then enabling transactions to occur in the conventional way. Again, the transmission of the signals from the device 400 may be continuous, but is preferably initiated by a suitable input by the user, e.g. the insertion of an identity card into a slot 604 in the automated teller 600, or by activation of an appropriate key of keyboard 602.
In a further development of the present invention, the device stores a multiplicity of initial codes (PIN) to enable different types of users to trigger the device in different ways. In such circumstances, the initiation signal generated at initiation step 109 in Fig 1 may need to be different for different users, and in such circumstances the different initiation steps would initiate the generation of different pluralities of signals, based on the different initial codes, and then the selection and transmission of a corresponding one of those signals. There are several circumstances in which such an arrangement may be necessary. For example, in the case of the application of the present invention to a vehicle locking system, the device 400 may store information relating to the vehicle (such as chassis number, etc) and e.g. the triggering of the device may then trigger the transmission of a signal corresponding to the vehicle identification, e.g. to enable the police to check for stolen vehicles. Then, it is important that such information cannot tampered with, even by a person who is authorised to activate the vehicle locking system. In such cases, the installers of the vehicle locking system may have a different initial code from that of the authorised user, permitting that installer to have access to the device in a way not permitted to the user, e.g. to set or alter the vehicle identification. Alternatively, the provision of multiple initial codes may enable different parts of the system to be triggered independently. For example, the device 400 may one initial code which, when a valid signal has been received by the unit 300, triggers the locks 501 to 503 but does not enable the engine 506 so that such a user has access to the vehicle, but cannot drive it. A user with a different initial code could then be permitted to activate both the locks 501 and 503 and the engine 506. In a further development of this idea, applicable to e.g. haulage, the engine 506 and some of the locks 501 to 503 of the vehicle may be initiated by a user with one initial code, to permit the vehicle to be driven, but a different initial code may trigger the lock permitting access to the contents of the vehicle. Thus, different levels of security for different users may be provided by storage of a multiplicity of initial codes.

Claims

1. A method of triggering a device comprising: generating a plurality of first signals at the device; selecting one of said plurality of first signals and transmitting the selected one of the plurality of first signals to a separate unit; performing at least one operation on said selected one of said first signals at both said device and said separate unit, thereby to generate at least one second signal at both said device and said separate unit; transmitting said at least one second signal from the separate unit to the device as a transmitted signal; comparing transmitted signal with said at least one second signal at said device; and triggering said device when said transmitted signal corresponds to said at least one second signal; wherein the selecting of said one of said plurality of signals varies with time, whereby different ones of said plurality of first signals are transmitted by the device at different times.
2. A method according to claim 1, wherein the selecting of said one of said plurality of signals varies randomly with time.
3. A method according to claim 1 or claim 2, wherein a plurality of operations are performed on said selected one of said first signals at said device and said separate unit, thereby to generate a plurality of second signal at both said device and said separate unit, and said unit transmits a selected one of said plurality of second signals on said transmitted signal.
4. A method according to claim 3, wherein the selecting of the selected one of the plurality of second signals by the unit varies with time, whereby different ones of said plurality of second signals are transmitted by the unit as said transmitted signals at different times.
5. A method according to claim 4, wherein the selecting of the selected one of the plurality of second signals by the unit varies randomly with time.
6. A method according to claim 4, wherein the selecting of the selected one of the plurality of second signals by the unit varies in a known way with time.
7. A method according to claim 1, wherein said at least one operation involves use of a user-selectable code input by a user to said device and to said separate unit.
8. A triggering system having a device to be triggered and a separate unit for activating the triggering of the device; wherein the device comprises; means for generating a plurality of first signals ; means for selecting one of said plurality of first signals, wherein said means for selecting said one of said plurality of first signals is arranged to vary said selection thereof with time; means for transmitting said selected one of said plurality of first signals to said unit; means for performing at least one operation on said selected one of said first signals thereby to generate at least one second signal at said device; means for receiving a transmitted signal from said separate unit; means for comparing said transmitted signal with said at least one second signal; and means for triggering said device when said transmitted signal corresponds to said at least one second signal; and wherein said unit comprises: means for receiving said selected one of said plurality of first signals from said device; means for performing said at least one operation on said selected one of said first signals, thereby to generate said at least one second signal at said unit; and means for transmitting said at least are second signal to said device on said transmitted signal.
9. A system according to claim 8, wherein said means for performing said at least one operation of said device and said unit are arranged to perform a plurality of operations on said selected one of said first signals to generate a plurality of said second signals.
10. A system according to claim 8, wherein said unit further includes means for selecting one of said plurality of second signals for transmission on said transmitted signal.
11. A system according to claim 8, wherein said means for selecting said one of said plurality of second signals is arranged to vary said selection thereof with time.
12. A triggering system according to claim 8, wherein the device is a locking system for a vehicle.
13. A triggering system according to claim 8, wherein the device is an automated teller of a transaction processing apparatus.
PCT/GB1994/000597 1993-03-27 1994-03-23 System and method for activating a device WO1994023163A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP94910012A EP0760046A1 (en) 1994-03-23 1994-03-23 System and method for activating a device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB939306447A GB9306447D0 (en) 1993-03-27 1993-03-27 Automatic user identification device
GB939323750A GB9323750D0 (en) 1993-03-27 1993-11-18 Automatic user identification device

Publications (1)

Publication Number Publication Date
WO1994023163A1 true WO1994023163A1 (en) 1994-10-13

Family

ID=26302666

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1994/000597 WO1994023163A1 (en) 1993-03-27 1994-03-23 System and method for activating a device

Country Status (1)

Country Link
WO (1) WO1994023163A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0856624A1 (en) * 1997-01-31 1998-08-05 Valeo Electronique Safety device for motor vehicle and learning method therefor
EP1046558A1 (en) * 1998-01-14 2000-10-25 Toyota Jidosha Kabushiki Kaisha On-vehicle remote controller
GB2361208A (en) * 2000-04-14 2001-10-17 Rover Group A smart card with keypad for use with a vehicle
EP1330583B1 (en) * 2000-10-23 2006-10-18 Volvo Technology Corporation A method for controlling authorization to an object and a computer program product for the authorization control
WO2008044093A1 (en) * 2006-10-11 2008-04-17 Renault Trucks Customer identification device, keyless access system for vehicle, vehicle sharing system including such a device and methods using such a device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0212046A2 (en) * 1985-08-21 1987-03-04 VDO Adolf Schindling AG System for locking and/or unlocking a security device
WO1990015211A1 (en) * 1989-06-02 1990-12-13 Tls Technologies Pty. Ltd. Security system
EP0492692A2 (en) * 1990-12-20 1992-07-01 Delco Electronics Corporation Remote accessing system
EP0521547A1 (en) * 1991-07-01 1993-01-07 Medardo Reggiani Passive action antitheft device
GB2265412A (en) * 1992-03-27 1993-09-29 Ian Francis Deviny Electronic key and lock

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0212046A2 (en) * 1985-08-21 1987-03-04 VDO Adolf Schindling AG System for locking and/or unlocking a security device
WO1990015211A1 (en) * 1989-06-02 1990-12-13 Tls Technologies Pty. Ltd. Security system
EP0492692A2 (en) * 1990-12-20 1992-07-01 Delco Electronics Corporation Remote accessing system
EP0521547A1 (en) * 1991-07-01 1993-01-07 Medardo Reggiani Passive action antitheft device
GB2265412A (en) * 1992-03-27 1993-09-29 Ian Francis Deviny Electronic key and lock

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0856624A1 (en) * 1997-01-31 1998-08-05 Valeo Electronique Safety device for motor vehicle and learning method therefor
FR2759189A1 (en) * 1997-01-31 1998-08-07 Valeo Electronique IMPROVEMENT IN SAFETY SYSTEMS FOR MOTOR VEHICLES AND METHOD FOR PUTTING INTO LEARNING MODE SUCH A SYSTEM
EP1046558A1 (en) * 1998-01-14 2000-10-25 Toyota Jidosha Kabushiki Kaisha On-vehicle remote controller
EP1046558A4 (en) * 1998-01-14 2003-04-23 Toyota Motor Co Ltd On-vehicle remote controller
US6700476B1 (en) 1998-01-14 2004-03-02 Toyota Jidosha Kabushiki Kaisha On-Vehicle remote controller
GB2361208A (en) * 2000-04-14 2001-10-17 Rover Group A smart card with keypad for use with a vehicle
EP1330583B1 (en) * 2000-10-23 2006-10-18 Volvo Technology Corporation A method for controlling authorization to an object and a computer program product for the authorization control
WO2008044093A1 (en) * 2006-10-11 2008-04-17 Renault Trucks Customer identification device, keyless access system for vehicle, vehicle sharing system including such a device and methods using such a device

Similar Documents

Publication Publication Date Title
US8322608B2 (en) Using promiscuous and non-promiscuous data to verify card and reader identity
US4390968A (en) Automated bank transaction security system
US6130621A (en) Method and apparatus for inhibiting unauthorized access to or utilization of a protected device
EP0924656B1 (en) Personal identification FOB
EP0809171B1 (en) Apparatus and method to provide security for a keypad processor of a transaction terminal
US5012074A (en) Apparatus for securing an IC-card issuing station
US6466780B1 (en) Method and apparatus for securing digital communications
EP0924657B1 (en) Remote idendity verification technique using a personal identification device
EP1755061B1 (en) Protection of non-promiscuous data in an RFID transponder
US6594765B2 (en) Method and system for embedded, automated, component-level control of computer systems and other complex systems
WO1990015211A1 (en) Security system
WO1994023163A1 (en) System and method for activating a device
EP0970287B1 (en) Automatic resynchronization for remote keyless entry systems
EP0760046A1 (en) System and method for activating a device
JP3427717B2 (en) Card with shock detection function
JP3210100B2 (en) How to register remote control signals
JP3122237B2 (en) Security medium abuse prevention method and theft abuse prevention system
AU633106B2 (en) Security system
US6538562B1 (en) Pulse number identification
JPH1069532A (en) Ic card terminal and ic card system
KR20040020207A (en) Apparatus for preventing using a card by stealth in an Automatic Teller Machine
JPH0860910A (en) Information processing method
WO2000004513A1 (en) Theft deterrent repository for security controlled devices
KR20010046493A (en) The method preventing theft using by password in which used credit cards
JPH02284291A (en) Lock device for cash transaction device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA GB JP US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: CA

WWE Wipo information: entry into national phase

Ref document number: 1994910012

Country of ref document: EP

ENP Entry into the national phase

Ref country code: US

Ref document number: 1996 718424

Date of ref document: 19961231

Kind code of ref document: A

Format of ref document f/p: F

WWP Wipo information: published in national office

Ref document number: 1994910012

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1994910012

Country of ref document: EP