WO2008043125A1 - Système sans fil sécurisé de saisie à distance - Google Patents

Système sans fil sécurisé de saisie à distance Download PDF

Info

Publication number
WO2008043125A1
WO2008043125A1 PCT/AU2007/000311 AU2007000311W WO2008043125A1 WO 2008043125 A1 WO2008043125 A1 WO 2008043125A1 AU 2007000311 W AU2007000311 W AU 2007000311W WO 2008043125 A1 WO2008043125 A1 WO 2008043125A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
wiegand
protocol identifier
biometric
secure access
Prior art date
Application number
PCT/AU2007/000311
Other languages
English (en)
Inventor
Perry Andrew Brown
Original Assignee
Microlatch Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2006905707A external-priority patent/AU2006905707A0/en
Application filed by Microlatch Pty Ltd filed Critical Microlatch Pty Ltd
Priority to AU2007306965A priority Critical patent/AU2007306965A1/en
Publication of WO2008043125A1 publication Critical patent/WO2008043125A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/60Indexing scheme relating to groups G07C9/00174 - G07C9/00944
    • G07C2209/62Comprising means for indicating the status of the lock
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present invention relates to secure access systems and, in particular, to systems using wireless transmission of security code information.
  • Fig. 1 shows a prior art arrangement for providing secure access.
  • a user 401 makes a request, as depicted by an arrow 402, directed to a code entry module 403.
  • the module 403 is typically mounted on the external jamb of a secure door.
  • the request 402 is typically a secure code of some type which is compatible with the code entry module 403.
  • the request 402 can be a sequence of secret numbers directed to a keypad 403.
  • the request 402 may be a biometric signal from the user 401 directed to a corresponding biometric sensor 403.
  • a biometric signal is a fingerprint.
  • Other physical attributes that can be used to provide biometric signals include voice, retinal or iris pattern, face pattern, palm configuration and so on.
  • the code entry module 403 conveys the request 402 by sending a corresponding signal, as depicted by an arrow 404, to a controller 405 which is typically situated in a remote or inaccessible place.
  • the controller 405 authenticates the security information provided by the user 401 by interrogating a database 407 as depicted by an arrow 406. If the user 401 is authenticated, and has the appropriate access privileges, then the controller 405 sends an access signal, as depicted by an arrow 408, to a device 409 in order to provide the desired access.
  • the device 409 can, for example, be the locking mechanism of a secure door, or can be an electronic lock on a personal computer (PC) which the user 401 desires to access.
  • PC personal computer
  • a proximity card can also be used to emit the request 402, in which case the code entry module 403 has appropriate functionality.
  • the request 402 can be made secure, either by increasing the number of secret digits or by using a biometric system, the communication infrastructure in Fig. 1 is typically less secure.
  • the infrastructure of the arrangement 400 is generally hardwired, with the code entry module 403 generally being mounted on the outside jamb of a secured door, hi such a situation, the signal path 404 can be over a significant distance in order to reach the controller 405.
  • the path 404 represents one weak point in the security system 400, providing an unauthorised person with relatively easy access to the information being transmitted between the code entry module 403 and the controller 405.
  • Such an unauthorised person can, given this physical access, decipher the communicated information between the code entry module 403 and the controller 405.
  • This captured information can be deciphered, replayed in order to gain the access which rightfully belongs to the user 401, or to enable modification for other subversive purposes.
  • Wiegand serial communication protocol
  • the Wiegand protocol is a simple one-way data protocol.
  • the signal 404 conveyed by the code entry module 403 to the controller 405 comprises a twenty four (24) bit Wiegand protocol identifier.
  • the Wiegand protocol can be modified by increasing or decreasing the bit count to ensure uniqueness of the protocol among different security companies.
  • the Wiegand protocol does not secure the information being sent between the code entry module 403 and the controller 405.
  • the Wiegand protocol provides no protection against interception of the signal 404 nor injection of messages into the signal 404.
  • More advanced protocols are known to overcome the vulnerability of the Wiegand protocol over the long distance route 404.
  • one known arrangement for providing secure access is that distributed by Microchip Technology Inc.
  • the Microchip arrangement comprises multiple transmitters similar to the code entry module 403 and a receiver similar to the controller 405 described above.
  • the code entry modules 403 of the Microchip arrangement typically reside within an insecure environment and the controller 405 resides within a secure environment. Again, authentication is based upon the transmission of a secure code in the form of a radio frequency (RF) signal over an insecure signal path similar to the signal path 404.
  • RF radio frequency
  • each code entry module 403 is assigned a unique Microchip (Keeloq) serial number, which is typically twenty eight (28) bits in length. This serial number is included within each code transmission. Access will be granted by the controller 405, if a correct code is received from the code entry module 403.
  • the controller 405 will only accept a range of sixteen (16) codes from each code entry module's 403 sequence. Following receipt of a valid code, the sixteen code range is adjusted to coincide with the next sixteen (16) codes expected from the particular code entry module 403. This allows up to sixteen (16) transmissions to be damaged/lost before the controller 405 and the code entry module 403 become partially unsynchronised. hi order to recover from a partial synchronisation loss, the controller 405 typically accepts as valid, two - A - consecutive codes from the 2 15 possible codes in advance of the most recently validated code from the code entry module 403.
  • the Microchip arrangement achieves "unpredictability" of its codes by means of a secret "key” (typically sixty four (64) bits in length) which is known by both the code entry module 403 and the controller 405.
  • the code entry module 403 encodes the code for transmission using an invertible encryption algorithm, customised through the application of the secret key and the Microchip (Keeloq) serial number. Accordingly, a simple ascending numerical sequence may be transformed into apparently random, uncorrelated codes, with a code sequence unique for each particular code entry module 403.
  • initial synchronisation has been established between the code entry module 403 and the controller 405 of the Microchip arrangement, by instructing the controller 405 to accept a current transmission unconditionally, without regard to the transmitted code's position within the sequence.
  • This instruction is made through physical operation of a switch or similar mechanism located within the controller 405, while transmission is in progress.
  • This requirement for physical operation is used to demonstrate to the controller 405 that the code entry module 103 has independent credentials for accessing the secure area, thus authorising synchronisation.
  • this conventional method of synchronisation creates a weakness in the Microchip arrangement, which may be exploited by any fraudster who is be able to gain access to the secure environment of the controller 403 and synchronise a code entry module 403.
  • a system for providing secure access to a controlled item comprising: a transmitter subsystem: means for storing a Wiegand protocol identifier; means for receiving a request; means for generating a code from a sequence of codes based on the Wiegand identifier, upon receiving the request; means for encoding the code and the Wiegand protocol identifier; and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier; and a receiver sub-system comprising; means for receiving the transmitted secure access signal; and means for providing conditional access to the controlled item dependent upon said code and said Wiegand protocol identifier.
  • a transmitter sub-system for operating in a system for providing secure access to a controlled item, the system comprising a receiver sub-system comprising means for receiving a secure access signal transmitted by the transmitter sub-system, and means for providing conditional access to the controlled item dependent upon information conveyed in the secure access signal, wherein the transmitter subsystem comprises: means for storing a Wiegand protocol identifier; means for receiving a request; means for generating a code from a sequence of codes based on the Wiegand protocol identifier, upon receiving the request; means for encoding the code and the Wiegand protocol identifier; and means for transmitting said secure access signal comprising the code and the encoded Wiegand protocol identifier embedded therein.
  • a receiver sub-system for operating in a system for providing secure access to a controlled item, the system comprising transmitter subsystem comprising means for storing a
  • Wiegand protocol identifier means for receiving a request, means for generating a code from a sequence of codes based on said Wiegand identifier, upon receiving the request, means for encoding the code and the Wiegand identifier, and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier, wherein the receiver sub-system comprises: means for receiving the transmitted secure access signal comprising the code and the encoded Wiegand protocol identifier; and means for providing conditional access to the controlled item dependent upon said code and said Wiegand protocol identifier.
  • a method for providing secure access to a controlled item comprising the steps of: receiving a request; generating a code from a sequence of codes based on a Wiegand identifier, upon receiving the request; encoding the code and the Wiegand protocol identifier; transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier to a controller of said controlled item; and providing conditional access to the controlled item dependent upon said code and said Wiegand identifier.
  • a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to provide secure access to a controlled item
  • said computer program product comprising: code for receiving a request; code for generating a code from a sequence of codes based on a Wiegand identifier, upon receiving the request; code for encoding the code and the Wiegand protocol identifier; code for transmitting a secure access signal comprising the code and the Wiegand encoded protocol identifier to a controller of said controlled item, wherein said controller provides conditional access to the controlled item dependent upon said code and said Wiegand identifier.
  • a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to transmit a secure access signal in a system for providing secure access to a controlled item
  • said computer program product comprising: code for receiving a request; code for generating a code from a sequence of codes based on a Wiegand identifier, upon receiving the request; code for encoding the code and the Wiegand protocol identifier; and code for transmitting said secure access signal comprising the code and the encoded Wiegand protocol identifier to a controller of said controlled item, wherein said controller provides conditional access to the controlled item dependent upon said code and said Wiegand identifier.
  • a method of enrolling a biometric signature into a database of biometric signatures in a system for providing secure access to a controlled item comprising said database of biometric signatures, a transmitter subsystem comprising means for storing a Wiegand protocol identifier, means for receiving a request, means for generating a code from a sequence of codes based on the Wiegand identifier, means for encoding the code and the Wiegand protocol identifier, and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier, and a receiver subsystem comprising means for receiving the transmitted secure access signal, and means for providing conditional access to the controlled item dependent upon said code and said Wiegand protocol identifier, said method comprising the steps of: receiving a biometric signal; and storing a biometric signature in the database, as a representation of the biometric signal, if the database of biometric signatures is empty; and classifying the stored biometric signature as an administrator
  • an apparatus for enrolling a biometric signature into a database of biometric signatures in a system for providing secure access to a controlled item comprising said database of biometric signatures, a transmitter subsystem comprising means for storing a
  • Wiegand protocol identifier means for receiving a request, means for generating a code from a sequence of codes based on the Wiegand identifier, means for encoding the code and the Wiegand protocol identifier, and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier, and a receiver subsystem comprising means for receiving the transmitted secure access signal, and means for providing conditional access to the controlled item dependent upon said code and said Wiegand protocol identifier, said apparatus comprising: receiving means for receiving a biometric signal; and storage means for storing the biometric signature in the database, as a representation of the biometric signal, if the database of biometric signatures is empty; and classification means for classifying the stored biometric signature as an administrator, thereby enrolling the received biometric signature.
  • a computer program product having a computer readable medium having a computer program recorded therein for enrolling a biometric signature into a database of biometric signatures in a system for providing secure access to a controlled item, the system comprising said database of biometric signatures, a transmitter subsystem comprising means for storing a Wiegand protocol identifier, means for receiving a request, means for generating a code from a sequence of codes based on the Wiegand identifier, means for encoding the code and the Wiegand protocol identifier, and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier, and a receiver sub-system comprising means for receiving the transmitted secure access signal, and means for providing conditional access to the controlled item dependent upon said code and said Wiegand protocol identifier, said program comprising: code for receiving a biometric signal representing a biometric signature; and code for storing the biometric signature in the database, as a representation of the biometric signal
  • Fig. 1 shows a prior art arrangement for providing secure access
  • Fig. 2 is a functional block diagram of an arrangement for providing secure access according to the present disclosure
  • Fig. 3 shows an example of a method of operation of a sub-system of Fig. 2 comprising a code entry module, according to one embodiment
  • Fig. 4 shows an example of a method of operation of the (fixed) control device of Fig. 2;
  • Fig. 5 is a schematic block diagram of the arrangement in Fig. 2; and Fig. 6 shows a method of operation of the sub-system of Fig. 2 comprising the code entry module, according to another embodiment;
  • Fig. 7 shows an access process relating to the example of Fig. 6;
  • Fig. 8 shows one enrolment process relating to the example of Fig. 6;
  • Fig. 9 shows another enrolment process relating to the example of Fig. 6.
  • Fig. 2 is a functional block diagram of an arrangement 100 for providing secure access according to the present disclosure.
  • the arrangement 100 may also be referred to as a system comprising sub-systems 116 and 117.
  • the arrangement of Fig. 2 comprises a code entry module 103.
  • the code entry module 103 is preferably a Microchip (Keeloq) code entry module, as described above, which is modified as described below.
  • Keeloq Microchip
  • a user 101 makes a request, as depicted by an arrow 102, to a controller/transmitter 107 configured within a code entry module 103.
  • the code entry module 103 comprises a button 121 and the request 102 takes the form of a button press.
  • a signal, as depicted by arrow 106, generated by the button press is sent to the controller/transmitter 107.
  • the controller/transmitter 107 Upon receiving the signal 106, the controller/transmitter 107 is configured to generate a code.
  • the controller/transmitter 107 is configured to generate one of the 2 32 different codes. However, the controller/transmitter 107 may be configured to generate any suitable number of different codes.
  • the code entry module 103 will generate one of these codes from a distinct sequence, advancing progressively through the sequence on each request 102 being received.
  • the sequence of codes is unique for each code entry module 103.
  • the controller/transmitter 107 checks, as depicted by an arrow 112, the current code in a database 113. The controller 107 then generates a new code in the sequence of codes for the code entry module 103.
  • each code entry module 103 of the present disclosure is assigned a different serial number, hi the described arrangement, the Microchip (Keeloq) serial number, which is typically twenty eight (28) bits in length, is replaced by a Wiegand protocol identifier.
  • the Wiegand protocol identifier is typically twenty four (24) bits in length. Each code entry module 103 has a different Wiegand protocol identifier. Prior to replacing the Microchip (Keeloq) serial number with the Wiegand identifier, the Wiegand protocol identifier is encoded using an invertible twenty four (24) bit encryption algorithm. Examples of encryption algorithms that may be used to encode the Wiegand protocol identifier include the Rivest, Shamir, & Adleman (RSA) algorithm, the Public Key Infrastructure (PKI) algorithm, the Data Encryption Standard (DES), Blowfish and the International Data Encryption Algorithm (IDEA).
  • RSA Rivest, Shamir, & Adleman
  • PKI Public Key Infrastructure
  • DES Data Encryption Standard
  • Blowfish the International Data Encryption Algorithm
  • the encryption algorithm used to encode the Wiegand protocol identifier is known only to the code entry module 103 and to a receiver 118, as seen in Fig. 2, which will be described below.
  • the encoded Wiegand protocol identifier is inserted into bits zero (0) to twenty three (23) of the normal Microchip (Keeloq) serial number address space for the code entry module 103.
  • the remaining four bits (i.e., bits twenty four (24) to twenty seven (27)) of the Microchip (Keeloq) serial number are set to a predetermined fixed value (e.g., a series of Ts) indicating that the Microchip (Keeloq) serial number has been replaced by an encoded Wiegand protocol identifier.
  • the Wiegand protocol identifier is allocated entirely within a predetermined (1/16 th ) portion of the normal Microchip (Keeloq) code entry module (or transmitter) address space for the code entry module 103.
  • the Wiegand protocol identifier may be inserted into any suitable bits of the normal Microchip (Keeloq) serial number address space for the code entry module 103. Further, any bits may be used to indicate that the Microchip
  • Each code entry module 103 has a Wiegand protocol identifier allocated to the code entry module 103 prior to the code entry module 103 being distributed to the user 101 for use.
  • the Wiegand protocol identifier may be stored in the database 113.
  • the code entry module 103 Prior to the code entry module 103 being distributed to the user 101, the code entry module 103 is also allocated a secret "key" (typically sixty four (64) bits in length) which is known by both the code entry module 403 and the receiver 118.
  • the secret key may be stored in the database 113 on the transmitter sub-system 116.
  • the secret key may also be stored in a database 115 on the receiver sub-system 117.
  • the controller 107 Upon generating the new code in the sequence of codes for the code entry module 103, the controller 107 sends the updated code, this being referred to as an access signal, as depicted by an arrow 108 to the receiver 118.
  • the new code Prior to the new code being sent to the controller 109, the new code is preferably encoded by the controller 107 using one of the encryption algorithms described above with the encryption algorithm being customised through the application of the secret key and the Wiegand protocol identifier.
  • the encoded Wiegand protocol identifier number for the code entry module 103 is also included within the access signal 108.
  • the receiver 118 receives the access signal 108 and firstly determines that the four bit fixed portion of the address space for a Microchip (Keeloq) serial number correctly indicates that the serial number has been replaced by an encoded Wiegand protocol identifier. If the receiver 118 determines that the four bit fixed portion does not indicate that the Microchip (Keeloq) serial number has been replaced by an encoded Wiegand protocol identifier then the receiver 118 rejects the access signal 108. Otherwise, the receiver 118 decodes the code included in the access signal 108, using the encryption algorithm that was used by the code entry module 103 to encode the code.
  • the receiver also decodes the Wiegand protocol identifier using the encryption algorithm that was used by the code entry module 103 to encode the Wiegand protocol identifier.
  • the receiver 118 Based on the decoded Wiegand protocol identifier, the receiver 118 identifies the sequence of codes being used by the code entry module 103 and tests the code received in the access signal 108 against the most recent previously received code for the code entry module 103, this code having been stored in the database 115, this testing being depicted by an arrow 114. As will be described in detail below, the codes are stored in the database 115 in a hash table, or similar data structure. The receiver 118 uses the Wiegand protocol identifier received with the access signal 108 and linear probing for accessing the codes stored in the hash table in order to test the code received in the access signal 108.
  • the receiver 118 If the code within the received access signal 108 is found to be the next code in the sequence for the received Wiegand protocol identifier, then, the receiver 118 provides a signal 120, in Wiegand format, to the controller 109.
  • the signal 120 includes the decoded Wiegand identifier.
  • the controller 109 sends a command, as depicted by an arrow 110, to a controlled item 111.
  • the controlled item 111 may be a door locking mechanism on a secure door, or an electronic key circuit in a personal computer (PC) that is to be accessed by the user 101.
  • PC personal computer
  • the receiver 118 receives the transmitted access signal 108 and converts it into a form that the controller 109 can use, as depicted by the arrow 120.
  • the receiver 118 may be a conventional Microchip (Keeloq) receiver.
  • such a conventional Microchip (Keeloq) receiver is modified so as to use the Wiegand protocol identifier received with the access signal 108 for accessing the codes stored in the hash table.
  • the sub-system 117 maintains a unique sequence of codes for each of the code entry modules that the receiver 118 may encounter.
  • Each of these code entry modules has a unique Wiegand protocol identifier corresponding to one of the sequences.
  • the total number of possible code entry modules, each having a unique Wiegand identifier, and accordingly, the total number of unique code sequences is 2 24 (i.e., more than 16 million). A person skilled in the relevant art would appreciate that more or less code sequences may be possible.
  • Each of these code sequences is stored in the database 115. In order to provide sufficient access for the receiver 118 to the stored codes, the codes are stored in a hash table or similar data structure within the database 115, as described above.
  • the receiver 118 may use a "hash table with linear probing" algorithm, as described above, to access the codes within the data structure. This allows the codes to be stored within a physical storage area of a size proportional to the number of active code entry modules. Such a hash table algorithm also requires the selection of a "hash function.” The 24 bit Wiegand protocol identifier may be used as this hash function.
  • the code entry module 103 may also incorporate at least one mechanism for providing feedback to the user 101.
  • This mechanism may, for example, take the form of one or more Light Emitting Diodes (LEDs) 122 which can provide visual feedback, depicted by an arrow 123 to the user 101.
  • LEDs Light Emitting Diodes
  • the mechanism can take the form of an audio signal provided by an audio transducer 124 providing audio feedback 125.
  • Rolling codes provide a substantially non-replayable, non-repeatable and encrypted radio frequency data communications scheme for secure messaging. These codes use inherently secure protocols and serial number ciphering techniques which in the present disclosure hide the clear text values required for authentication between the key fob (transmitter) sub-system 116 and the receiver/controller 118/109.
  • the rolling codes generated by the code entry module 103 use a different code variant each time the transmission of the access signal 108 occurs. This is achieved by encrypting the data from the controller 107 with an encryption algorithm, as described above, and ensuring that successive transmissions of the access signal 108 are modified using a code and/or a look-up table or hash table known to both the transmitter sub-system 116 and the receiver sub-system 117. Using this approach, successive transmissions are modified, resulting in a non-repeatable data transfer, even if the information from the controller 107 remains the same. The modification of the code in the access signal 108 for each transmission significantly reduces the likelihood that an intruder can access the information and replay the information to thereby gain entry at some later time.
  • the receiver 118 based on the Wiegand protocol identifier, the receiver 118 identifies the sequence of codes being used by the code entry module 103 and tests the code received in the access signal 108 against the most recent previously received code for the code entry module 103, this code having been stored in the database 115, this testing being depicted by the arrow 114. If the incoming code forming the access signal 108 is found "not to be” the next code in the sequence for that code entry module 103, then the receiver 118 stores the Wiegand protocol identifier received in the access signal 108.
  • the receiver 118 also then stores another code which is the next code expected in the sequence (the "expected next code") for the code entry module 103 (i.e., as identified by the Wiegand protocol identifier) after the code that was received in the access signal 108.
  • the receiver 118 also starts a timer for a predetermined time. If another access signal 108 is received from the same code entry module 103 within the predetermined time and the code in the access signal 108 exactly matches the "expected next code" as previously stored, then the receiver 118 provides the signal 120 in the Wiegand format to the controller 109.
  • the receiver 118 also stores a flag in the database 115 indicating that the receiver 118 and the code entry module 103 are "synchronised". Accordingly, the code entry module 103 and the receiver 118 may be synchronised provided the code entry module 103 can generate two consecutive "in sequence" codes.
  • the above method of synchronising the code entry module 103 and the receiver 118 is particularly advantageous over conventional Microchip (Keeloq) secure access arrangements using conventional Microchip (Keeloq) code entry modules (or transmitters), which require physical operation of a switch mechanism in a receiver.
  • the arrangement 100 described above can maintain security without the need to demonstrate physical access during synchronisation, since the arrangement 100 guarantees the authenticity of the code entry module 103, and hence the authenticity of the resultant Wiegand protocol identifiers.
  • the sub-system in Fig. 2 falling to the left hand side, as depicted by an arrow 116, of a dashed line 119 may be implemented in a number of different forms.
  • the subsystem 116 may for example be incorporated into a remote fob (which is a small portable device carried by the user 101), or alternately may be mounted in a protected enclosure on the outside jamb of a secured door.
  • the sub-system 116 communicates with the subsystem 117 on the right hand side of the dashed line 119 via the wireless communication channel used by the access signal 108.
  • the sub-system 117 is typically located in an inaccessible area such as a hidden roof space or alternately in a suitable protected area such as an armoured cupboard.
  • the location of the sub-system 117 must of course be consistent with reliable reception of the wireless access signal 108.
  • the communication channel uses a wireless transmission medium
  • the channel used by the access signal 108 may use a wired medium. This is particularly the case when the transmitter sub-system 116 is mounted in an enclosure on the door jamb rather than in a portable key fob.
  • the sub-system 116 is implemented as a remote fob, the combination of the Wiegand identifier and the strongly encrypted wireless communication provides a particularly significant advantage over conventional secure access arrangements.
  • the remote key fob arrangement allows easy installation, since the wired communication path 404 (see Fig. 1) is avoided. Other existing wiring elements of the present systems 400 may be used where appropriate.
  • Fig. 3 shows the method of operation of the sub-system 116 of Fig. 2 comprising the code entry module 103.
  • the process 200 commences with a testing step 201 in which the code entry module 103 checks whether a request 102 is being received. If this is not the case, then the method 200 is directed in accordance with a NO arrow back to the step 201 in a loop. If, on the other hand, the request 102 has been received, then the method 200 is directed in accordance with a YES arrow to a step 202.
  • the controller/transmitter 107 checks, as depicted by an arrow 112, the current code in the database 113. Then at the next step 203, the controller/transmitter 107 generates a new code in the sequence of codes for the code entry module 103 according to the Wiegand protocol identifier allocated to the code entry module 103.
  • the newly generated code is encoded by the controller/transmitter 107 using one of the encryption algorithms described above, with the encryption algorithm being customised through the application of the secret key and the Wiegand protocol identifier.
  • the Wiegand identifier is also encrypted at step 204, using one of the encryption algorithms described above.
  • the controller 107 sends the appropriate access signal 108 to the receiver 109.
  • the access signal comprises the encoded code and the encoded Wiegand protocol identifier.
  • the process 200 is then directed in accordance with an arrow 206 back to the step 201.
  • Fig. 4 shows the method of operation of the control sub-system 117 of Fig. 2.
  • the process 300 commences with a testing step 301 which continuously checks whether the access signal 108 has been received from the controller/transmitter 107.
  • the step 301 is performed by the receiver 118.
  • the process 300 is directed in accordance with a NO arrow in a looping manner back to the step 301.
  • the process 300 is directed from the step 301 by means of a YES arrow to a step 302.
  • the process 300 is directed from the step 302 by means of a YES arrow to a step 303. Otherwise, the process 300 is directed in accordance with a NO arrow in a looping manner back to the step 301.
  • the receiver 118 decodes the code included in the access signal 108, using the encryption algorithm that was used to encode the code.
  • the receiver 118 also decodes the Wiegand protocol identifier included in the signal 108.
  • the receiver 118 identifies the sequence of codes being used by the code entry module 103, based on the Wiegand protocol identifier, and tests the code received in the access signal 108 against the most recent previously received code for the code entry module 103, this code having been stored in the database 115.
  • the process 300 is directed from the step 304 by means of a YES arrow to a step 305.
  • the receiver 118 provides the signal 120 in the Wiegand format to the controller 109.
  • the signal 120 comprises the Wiegand protocol identifier.
  • step 308 the controller 109 sends a control signal 110 to the controlled item 111 (for example opening a secured door).
  • the process 300 is then directed from the step 308 as depicted by an arrow 308 back to the step 301.
  • the process 300 is directed from the step 304 by means of the NO arrow to step 306.
  • the receiver 118 determines what the next code in the sequence corresponding to the Wiegand protocol identifier after the code that was received in the access signal 108 at step 301. This next code is the "next expected code” as described above.
  • the receiver 118 stores the code entry module's 103 Wiegand protocol identifier and the code determined at step 306 (i.e., the next expected code) in the database 115.
  • the receiver 118 also starts a timer to time out for a predetermined time (e.g., ten (10) seconds).
  • a subsequent step 310 if another access signal 108 is received from the same code entry module 103 (i.e., the access signal 108 contains the encoded Wiegand protocol identifier corresponding to the code entry module 103) within the predetermined time, then the process 300 is directed from the step 310 by means of the YES arrow to step 311. Otherwise, the process 300 is directed from the step 310 by means of the NO arrow back to step 301.
  • step 311 if the incoming code included in the access signal 108 received at step 310 is found to be the code stored at step 309 (i.e., the next expected code), then the process 300 is directed from the step 311 by means of a YES arrow to step 307. Otherwise, the process 300 is directed from the step 311 by means of the NO arrow back to step 301. Accordingly, the code entry module 103 and the receiver 118 may be synchronised provided the code entry module 103 can generate two consecutive "in sequence" codes.
  • One of the advantages of the arrangement 100 described above is that security system upgrades may be made without replacing the Wiegand compatible controller 109. Accordingly, existing systems as are described in Fig. 1 may be upgraded by replacing the code entry module 403 and the transmission path 404, leaving the other components of the system 400 (ie., the controller 405, the code database 407, and the controlled item 409, together with existing wiring 408 and 406), largely intact. Minor programming modifications may however be necessary to the receiver 118 so that the receiver 118 uses the Wiegand protocol identifier to interrogate the hash table stored in the database 115.
  • the sub-system 116 may either be used in a remote fob configuration, or may be placed in a secure housing on an external door jamb.
  • the code entry module 103 comprises a button 121 and the request 102 takes the form of a button press.
  • the code entry module 103 may comprise a biometric sensor (not shown), either in place of the button 121 or as well as the buttons 121, and the request 102 may take a form which corresponds to the nature of the biometric sensor in the module 103.
  • the code entry module 103 may comprise a biometric sensor (not shown), either in place of the button 121 or as well as the buttons 121, and the request 102 may take a form which corresponds to the nature of the biometric sensor in the module 103.
  • the button 121 is replaced by a biometric sensor which will be referred to below as the "biometric sensor 121".
  • the biometric sensor 121 in the code entry module 103 is a fingerprint sensor
  • the request 102 typically takes the form of a thumb press on a sensor panel (not shown) on the code entry module 103.
  • the code entry module 103 would interrogate, as depicted by an arrow 104, a user identity database 105.
  • the user database 105 contains biometric signatures for authorised users against which the request 102 can be authenticated.
  • the code entry module 103 sends the signal 106 to the controller/transmitter 107.
  • the controller/transmitter 107 checks, as depicted by the arrow 112, the current code in the database 113.
  • the controller/transmitter 107 then generates a new code in the sequence of codes for the code entry module 103, as at step 203.
  • the newly generated code is encrypted by the controller/transmitter 107 using one of the encryption algorithms described above.
  • the controller 107 then sends the appropriate access signal 108 to the receiver 109, as at step 205.
  • the biometric signature database 105 is shown in Fig. 2 to be part of the transmitter sub-system 116. However, in an alternate arrangement, the biometric signature database 105 may be located in the receiver sub-system 117, in which case the communication 104 between the code entry module 103 and the signature database 105 may also be performed over a secure wireless communication channel such as the one used by the access signal 108. hi the event that the secure access arrangement 100 is being applied to providing secure access to a PC, then the secured PC may store the biometric signature of the authorised user in internal memory, and the PC may be integrated into the receiver sub-system 117 of Fig. 2.
  • the biometric sensor 121 in the code entry module 103 in conjunction with the controller 107 may also check other access privileges of the user 101. These access privileges may be contained in the database 105 which may be located either locally in the remote key fob, or in the receiver sub-system 117 as previously described. In one example, Tom Smith may firstly be authenticated as Tom Smith using the thumb press by Tom on the biometric sensor panel (not shown).
  • the transmitter sub-system 116 may check if Tom Smith is in fact allowed to use the particular door secured by the device 111 on weekends.
  • the security screening offered by the described arrangement may range from simple authentication of the user's identity, to more comprehensive access privilege screening.
  • the incorporation of the biometric sensor 121 into the code entry module 103 in the form of a remote key fob also means that if the user 101 loses the remote key fob, the user need not be concerned that someone else can use the code entry module 103. Since the finder of the lost key fob will not be able to have his or her biometric signal authenticated by the biometric sensor 121 in the code entry module 103, the lost key fob is useless to anyone apart from the rightful user 101.
  • the transmitter sub-system 116 is preferably fabricated in the form of a single integrated circuit (IC) to reduce the possibility of an authorised person bypassing the biometric sensor 121 in the code entry module 103 and directly forcing the controller 107 to emit the access signal 108.
  • IC integrated circuit
  • the incorporation of the biometric sensor 121 into the code entry module 103, as described above, allows the user 101 to be validated. In this manner, the transmissions of the access signal 108 containing the encrypted code and Wiegand protocol identifier may be limited to occur for only authorised users.
  • Fig. 6 shows another process 700 of operation of the arrangement 100 of Fig. 2 where the code entry module 103 incorporates the biometric sensor 121, in accordance with the further embodiment, hi this further embodiment, the process 700 is performed instead of the process 200 of Fig. 3.
  • the code entry module 103 incorporating the biometric sensor 121 is allocated a range of Wiegand protocol identifiers rather than just one Wiegand protocol identifier as with the first embodiment described above.
  • the Wiegand protocol identifier in this range are distinct from those allocated to other code entry modules sharing the same "secret” key as described above.
  • the Wiegand protocol identifier being used at any particular time is referred to as the "current" Wiegand protocol identifier.
  • the process 700 commences with a step 701 that determines if a biometric signal has been received by the biometric sensor 121 in the code entry module 103. If not, then the process 700 follows a NO arrow back to the step 701. If however a biometric signal has been received, then the process 700 follows a YES arrow to a step 702 that determines if the user ID database 105 in Fig. 2 is empty. This would be the case, for example, if the code entry module is new and has never been used, or if the user 101 has erased all the information in the database 105 (as will be described in detail below).
  • the process 700 is directed by an arrow 703 to 706 in Fig. 8 which depicts a process 800 dealing with the enrolment or the administration function for loading relevant signatures into the database 105. If on the other hand the database 105 is not empty, then the process 700 is directed to a step 704 that determines if the biometric signal that has been received is an administrator's biometric signal.
  • the arrangement 100 comprising the code entry module 103 incorporating the biometric sensor 121 may accommodate at least three classes of user, namely administrators, (ordinary) users, and duress users.
  • the administrators have the ability to amend data stored, for example, in the database 105, while the ordinary users preferably do not have this capability.
  • the first user of the code entry module 103 is automatically categorised as an administrator. This first administrator may direct the arrangement 100 to either accept further administrators, or alternately to only accept further ordinary users.
  • the present description refers to “users”, in fact it is “fingers” which are the operative entities in operation of the arrangement 100 where the biometric sensor 121 is a fingerprint sensor.
  • a single user may enrol two or more of his or her own fingers as separate administrators or (ordinary) users of the arrangement 100, by storing corresponding fingerprints for corresponding fingers in the database 105 via the enrolment process 800 (see Fig. 8).
  • the first administrator may provide control information to the code entry module 103 by providing a succession of finger presses to the biometric sensor 121, providing that these successive presses are of the appropriate duration, the appropriate quantity, and are input within a predetermined time.
  • the control information is encoded by either or both (a) the number of finger presses and (b) the relative duration of the finger presses. If the successive finger presses are provided within this predetermined time, then the controller 107 accepts the presses as potential control information and checks the input information against a stored set of legal control signals.
  • One example of a legal control signal can be expressed as follows: "Enrol an ordinary user” -> dit, dit, dit, dah where "dit” is a finger press of one second's duration (provided by the user 101 in response to the feedback provided by the Amber LED as described below), and “dah” is a finger press of two second's duration.
  • ROM Read Only Memory
  • the code entry module 103 has feedback signalling mechanisms 122, implemented for example by a number of LEDs 122 and an audio transducer 124, implemented by an audio transducer.
  • the LEDs 122 and the audio transducer 124 are used by the controller to signal the state of the code entry module 103 to the user 101, and to direct the administration process.
  • three LEDs, being Red, Amber and Green are provided.
  • the audio transducer 124 emits the "begin enrolment" signal (dit dit dit dit) and the Red LED flashes. Enrolment of a normal user
  • step 704 if the step determines that the biometric signal received is an administrator's signal, then the process 700 is directed by a YES arrow to
  • Fig. 7 shows the access process 600 by which a biometric signal 102 (see Fig. 2) is processed in order to provide access to the controlled item 111, or to take other action. Entering the process at 707 from Fig. 6, the process 600 proceeds to a step 602 that compares the received biometric signal to biometric signatures stored in the database 105. A following step 603 determines if the received signal falls into the "duress" category.
  • Biometric signals in this category indicate that the user 101 is in a coercive situation where, for example, an armed criminal is forcing the user 101 to access the secure facility (such as a bank door). If the step 603 determines that the received biometric signal is in the duress class, then a following step 604 prepares a "duress" bit for incorporation into the code access signal 108. The aforementioned duress bit is an access attribute of the biometric signal 102. Thereafter the process 600 proceeds to a step 605.
  • Modules used in the code entry module for producing the rolling code enable a number of user defined bits to be inserted into the access signal 108, and these bits may be used to effect desired control functions in the receiver sub-system 117.
  • the disclosed arrangement 100 utilises four such user bits, namely (a) to indicate that the user belongs to the duress category, (b) to indicate a "battery low” condition, or other desired system state or “telemetry” variable, for the code entry module 103, (c) to indicate that the biometric signal represents a legitimate user in which case the secure access to the controlled item 111 is to be granted, or (d) to indicate that the biometric signal is unknown, in which case the controller 109 in the receiver sub-system 117 sounds an alert tone using a bell (not shown) or the like.
  • step 603 determines that the biometric signal is not in the duress class
  • the process 600 proceeds according to a NO arrow to the step 605.
  • the step 605 determines if the code entry module 103 has a low battery condition, in which event the process 600 proceeds according to a YES arrow to a step 606 that prepares a telemetry bit for insertion into the access signal 108.
  • the aforementioned telemetry bit is an access attribute of the biometric signal 102.
  • the process proceeds to a step 607.
  • step 605 determines that telemetry signalling is not required, then the process 600 proceeds according to a NO arrow to the step 607.
  • the step 607 checks the biometric signal against the biometric signatures in the database 105. If the received biometric signal matches a legitimate signature in the database 105, then the process 600 is directed to a step 608 that prepares an "access" bit for insertion into the access signal 108. This access bit directs the controller 109 in the receiver sub-system 117 to provide access to the controlled item 111. The aforementioned access bit is an access attribute of the biometric signal 102.
  • the process 600 then proceeds to a step 610.
  • step 607 determines that the biometric input signal does not match any legitimate biometric signatures in the database 105, then the process 600 proceeds according to a NO arrow to a step 609 that prepares an "alert" bit for insertion into the access signal 108.
  • the aforementioned alert bit is an access attribute of the biometric signal 102. This alert bit directs the controller 109 (a) not to provide access to the controlled item 111, and (b) to provide an alert tone, like ringing a chime or a bell (not shown), to alert persomiel in the vicinity of the receiver sub-system 117 that an unauthorised user is attempting to gain access to the controlled item 111.
  • the alert bit may also cause a camera mounted near the controlled item 111 to photograph the unauthorised user for later identification of that person.
  • the camera may be activated if the person attempting to gain access is unauthorised, and also if the person attempting to gain access is authorised but uses a duress signature.
  • An optional additional step may prepare an identification field for insertion into the access signal 108. This sends, to the receiver sub-system 117, E) information that the receiver sub-system 117 may use to construct an audit trail listing which users, having signatures in the database 105, have been provided with access to the controlled item 111.
  • the process 600 is then directed to the step 610, where the controller/transmitter 107 checks, as depicted by an arrow 112 in Fig. 2, the current code in the database 113. Then at the next step 613, the controller/transmitter 107 generates a new code in the sequence of codes for the code entry module 103 according to the current Wiegand protocol identifier. At the next step 615, the newly generated code is encoded by the controller 107 using one of the encryption algorithms described above, with the encryption algorithm being customised through the application of the secret key and the current Wiegand protocol identifier. The Wiegand identifier is also encoded at step 204, using one of the encryption algorithms described above.
  • the controller/transmitter 107 sends the appropriate access signal 108 to the receiver 109.
  • the access signal 108 includes the encoded code and the current encoded Wiegand protocol identifier. Also, in the embodiment of Figs. 7 to 9, the access signal 108 also includes the various user defined bits.
  • the process 200 is then directed in accordance with an arrow 611 to 705 of Fig. 6.
  • Fig. 8 shows a process 800 for implementing various enrolment procedures.
  • the process 800 commences at 706 from Fig. 6 after which a step 801 determines if the biometric signal is a first administrator's signal (which is the case if the database 105 is empty). If this is the case, then the process 800 is directed to a step 802 that stores a biometric signature, representing the received biometric signal, in the database 105. From a terminology perspective, this first administrator, or rather the first administrator's first finger (in the event that the biometric sensor 121 is a fingerprint sensor), is referred to as the "superfmger”. Further administrator's fingers are referred to as admin-fingers, and ordinary users fingers are referred to merely as "fingers”.
  • step 802 the reason that someone would enrol more than one of their own fingers into the system is to ensure that even in the event that one of their enrolled fingers is injured, the person can still operate the system using another enrolled finger.
  • step 802 the steps 805, 807 and 809 involve sequences of finger presses on the biometric sensor 121 in conjunction with feedback signals from the LEDs 122 and/or the audio speaker 124.
  • the process 800 then proceeds to a step 810 that determines if further enrolment procedures are required. If this is the case, then the process 800 proceeds by a YES arrow back to the step 801. If no further enrolment procedures are required, then the process 800 proceeds by a NO arrow to 705 in Fig. 6.
  • the process 800 proceeds by a NO arrow to a step 803.
  • the step 803 determines if a further administrator signature is to be stored. It is noted that all signatures stored in the database are tagged as belonging to one or more of the classes of administrator, ordinary user, and duress users. If a further administrator signature is to be stored, then the process 800 proceeds by a YES arrow to the step 802 that stores the biometric signal as a further administrator's signature.
  • the process 800 proceeds according to a NO arrow to a step 804 that determines if a duress signature is to be stored. If this is the case then the process 800 follows a YES arrow to a step 805 that stores a duress signature. The process 800 then proceeds to the step 810. If however the step 804 determines that a duress signature is not required, then the process 800 proceeds by a NO arrow to step 806. The step 806 determines if a further simple signature (i.e., belonging to an ordinary user) is to be stored.
  • a further simple signature i.e., belonging to an ordinary user
  • the process 800 proceeds by a YES arrow to the step 807 that stores a representation of the received biometric signal as a further ordinary signature. If a further simple signature is not required, then the process 800 proceeds according to a NO arrow to a step 808 that determines if any or all signatures are to be erased from the database 105. The determination of whether all signatures are to be erased from the database 105 at step 808 may be made based on an "erase all" control (not shown) incorporated into the code entry module 103. If any or all signatures are to be erased from the database 105 then the process 800 follows a YES arrow to a step 809 that erases the desired signatures.
  • the controller/transmitter 107 changes the current Wiegand protocol identifier to a previously unused value from the range of Wiegand protocol identifiers allocated to the code entry module 103. If no previously unused values from the range of Wiegand protocol identifiers allocated to the code entry module 103 are available, then the code entry module 103 is completely non-functional and the process 800 concludes at step 809 and will not return to 705 of Fig. 6.
  • the database 115 will be determined to be empty at a subsequent execution of step 702 of the process 700. Further, the code entry module 103 will appear as completely new to the receiver 118 and any existing synchronisation between the code entry module 103 and the receiver 118 will be revoked. That is, the flag in the database 115 indicating that the receiver 118 and the code entry module 103 are "synchronised” will be reset to indicate that the code entry module 103 and the receiver 118 are not synchronised.
  • the code entry module 103 and the receiver 118 may be synchronised provided the code entry module 103 can generate two consecutive "in sequence" codes or through physical operation of a switch mechanism as described above. If the code entry module 103 is still functional (i.e., there are still unused values from the range of Wiegand protocol identifiers allocated to the code entry module 103) following step 809, then the process 800 then proceeds to the step 810.
  • Fig. 9 shows another enrolment process relating to the example of Fig. 6.
  • the process 900 commences at 706 from Fig. 6 after which a step 901 determines if the received biometric signal comes from the first administrator. If this is the case, then the process 900 proceeds according to a YES arrow to a step 902.
  • the step 902 emits an "Enrolment" tone and flashes the green LED once only.
  • a step 905 reads the incoming biometric signal which is provided by the user as directed by the Amber LED. When the Amber LED flashes continuously, this directs the user to "Apply Finger".
  • step 901 if the incoming biometric signal does not belong to the first administrator, then the process 900 proceeds according to a NO arrow to a step 903.
  • the step 903 emits an "Enrolment” tone, and flashes the Red LED in an on-going fashion. Thereafter, the process 900 proceeds according to an arrow 904 to the step 905.
  • a step 906 determines whether the incoming biometric signal is legible. If this is not the case, then the process 900 proceeds according to a NO arrow to a step 907. The step 907 emits a "Rejection" tone, after which the process 900 is directed, according to an arrow 908 to 705 in Fig. 6.
  • the process 900 if the incoming biometric signal is legible, then the process 900 follows a YES arrow to a step 909.
  • the step 909 determines whether the finger press exceeds a predetermined time. If this is not the case, then the process 900 follows a NO arrow to a step 910 which stores a representation of the biometric signal, which in the present case is stored as a fingerprint signature. Thereafter the process 900 follows an arrow 911 to 705 in Fig. 6.
  • step 912 erases any or all relevant signatures depending upon the attributes of the incoming biometric signal.
  • the incoming biometric signal belongs to an ordinary user, then the ordinary user's signature in the database 105 is erased by the step 912.
  • the incoming biometric signal belongs to the first administrator, then all the signatures in the database 105 are erased. Administrators who are not the first administrator may be granted either the same powers as the first administrator in regard to erasure of signatures, or can be granted the same powers as ordinary user in this respect.
  • the determination of whether all signatures are to be erased from the database 105 at step 912 may be made based on an "erase all" control (not shown) incorporated into the code entry module 103. Further, if all of the signatures in the database 115 are erased at step 912, the controller/transmitter 107 changes the current Wiegand protocol identifier to a previously unused value from the range of Wiegand protocol identifiers allocated to the code entry module 103. If no previously unused values from the range of Wiegand protocol identifiers allocated to the code entry module 103 are available, then the code entry module 103 is completely non-functional and the process 900 concludes at step 912 and will not return to 705 of Fig. 6. If the code entry module 103 is still functional (i.e., there are still unused values from the range of Microchip (Keeloq) serial numbers allocated to the code entry module
  • step 912 the process 900 follows an arrow 913 to 705 in Fig. 6.
  • Fig. 5 is a schematic block diagram of the arrangement 100 in Fig. 2.
  • the disclosed secure access methods are preferably practiced using the arrangement 100 in the form of a computer system, such as that shown in Fig. 5 wherein the processes of Figs. 3-
  • the described method steps are effected by instructions in the software that are carried out under direction of the respective controller 107 and controller 109 (and receiver 118) in the transmitter and receiver sub-systems 116 and 117.
  • the instructions may be formed as one or more code modules, each for performing one or more particular tasks.
  • the software may also be divided into two separate parts, in which a first part performs the provision of secure access methods and a second part manages a user interface between the first part and the user.
  • the software may be stored in a computer readable medium, including the storage devices described below, for example.
  • the software is loaded into the transmitter and receiver sub-systems 116 and 117 from the computer readable medium, and then executed under direction of the respective controllers 107 and 109 (and receiver 118).
  • a computer readable medium having such software or computer program recorded on it is a computer program product.
  • the use of the computer program product in the computer preferably effects an advantageous apparatus for provision of secure access.
  • the following description is directed primarily to the transmitter sub-system 116, however the description applies in general to the operation of the receiver sub-system 117.
  • the arrangement 100 is formed, having regard to the transmitter sub-system 116, by the controller module 107, input devices such as the button 121 (or biometric sensor in the case of the further embodiment), output devices including the LED display 122 and the audio device 124.
  • a communication interface/transceiver 1008 is used by the controller module 107 for communicating to and from a communications network 1020.
  • FIG. 2 shows the transmitter sub-system 116 communicating with the receiver sub-system 117 using a direct wireless link for the access signal 108, this link used by the access signal 108 can be effected over the network 1020 forming a tandem link comprising 108-1020-108'.
  • the aforementioned communications capability may be used to effect communications between the transmitter sub-system 116 and the receiver subsystem 117 either directly or via the Internet, and other network systems, such as a Local Area Network (LAN) or a Wide Area Network (WAN).
  • LAN Local Area Network
  • WAN Wide Area Network
  • the controller module 107 typically includes at least one processor unit 1005, and a memory unit 1006, for example formed from semiconductor random access memory (RAM) and read only memory (ROM).
  • the controller module 107 also includes a number of input/output (VO) interfaces including an audio-video interface 1007 that couples to the LED display 122 and audio speaker 124, an I/O interface 1013 for the button 121, and the interface 1008 for communications.
  • the components 1007, 1008, 1005, 1013 and 1006 of the controller module 107 typically communicate via an interconnected bus 1004 and in a manner which results in a conventional mode of operation of the controller 107 known to those in the relevant art.
  • the application program modules for the transmitter sub-system 116 are resident in the memory 1006 iROM, and are read and controlled in their execution by the processor 1005. Intermediate storage of the program and any data fetched from the bio sensor 121 and the network 1020 may be accomplished using the RAM in the semiconductor memory 1006. In some instances, the application program modules may be supplied to the user encoded into the ROM in the memory 1006. Still further, the software modules can also be loaded into the transmitter sub-system 116 from other computer readable media, say over the network 1020.
  • the term "computer readable medium” as used herein refers to any storage or transmission medium that participates in providing instructions and/or data to the transmitter sub-system 116 for execution and/or processing.
  • Examples of storage media include floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the transmitter sub-system 116.
  • Examples of transmission media include radio or infra-red transmission channels as well as a network connection to another computer or networked device, and the Internet or Intranets including e-mail transmissions and information recorded on Websites and the like.
  • the code entry module 103 incorporating the biometric sensor 121 is allocated a range of Wiegand protocol identifiers.
  • the code entry module 103 may comprise a plurality of buttons similar to the button 121 shown in Fig. 2.
  • each of these buttons may have a different Wiegand protocol identifier, with each Wiegand identifier having a unique sequence of codes. Accordingly, pressing different ones of the buttons will result in different codes being sent by the code entry module 103.
  • the encoded Wiegand protocol identifier is inserted into bits zero (0) to twenty three (23) of the normal Microchip (Keeloq) serial number address space for the code entry module 103.
  • the remaining four bits (i.e., bits twenty four (24) to twenty seven (27)) of the Microchip (Keeloq) serial number are set to a predetermined fixed value (e.g., a series of Ts) indicating that the Microchip (Keeloq) serial number has been replaced by an encoded Wiegand protocol identifier.
  • a predetermined fixed value e.g., a series of Ts
  • two or more of the remaining four bits may be may be used to indicate user groups.
  • code entry module 103 will only be accepted by the receiver 118 if the code entry module 103 and the receiver 118 are in the same user group.
  • bits twenty six (26) and twenty seven (27) may be set to 1 V, while the remaining two bits (i.e., bits twenty four (24) and twenty five (25)) are set to a user group number.
  • Code entry modules may also be allocated to different user groups by using a different secret key, as described above, in each of the code entry modules. For example, one or more of the code entry modules may be allocated a particular secret key indicating one user group and one or more other code entry modules may be allocated a different secret key indicating a different user group.
  • the arrangement 100 may also be used to provide authorised access to lighting systems, building control devices, exterior or remote devices such as air compressors and so on.
  • authorised access to lighting systems, building control devices, exterior or remote devices such as air compressors and so on.
  • the concept of "secure access” is thus extendible beyond mere access to restricted physical areas.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un système (100) pour fournir un accès sécurisé à un élément contrôlé (111). Le système (100) comprend un sous-système émetteur (116) qui comprend un moyen pour stocker un identifiant de protocole Wiegand, un moyen pour recevoir une requête, un moyen pour générer un code à partir d'une séquence de codes en fonction d'un identifiant de Wiegand, suite à la réception de la requête, un moyen pour coder le code et l'identifiant du protocole de Wiegand, ainsi qu'un moyen d'émission d'un signal d'accès sécurisé comprenant le code et l'identifiant de protocole de Wiegand codé. Le système (100) comprend également un sous-système récepteur (117) incluant un moyen pour recevoir le signal d'accès sécurisé et un moyen pour fournir un accès conditionnel à l'élément contrôlé (111) en fonction du code et de l'identifiant du protocole de Wiegand.
PCT/AU2007/000311 2006-10-13 2007-03-13 Système sans fil sécurisé de saisie à distance WO2008043125A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2007306965A AU2007306965A1 (en) 2006-10-13 2007-03-13 A secure wireless remote entry system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2006905707A AU2006905707A0 (en) 2006-10-13 A secure wireless remote entry system
AU2006905707 2006-10-13

Publications (1)

Publication Number Publication Date
WO2008043125A1 true WO2008043125A1 (fr) 2008-04-17

Family

ID=39282329

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2007/000311 WO2008043125A1 (fr) 2006-10-13 2007-03-13 Système sans fil sécurisé de saisie à distance

Country Status (2)

Country Link
AU (2) AU2007306965A1 (fr)
WO (1) WO2008043125A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2316180A1 (fr) * 2008-08-11 2011-05-04 Assa Abloy AB Communications par interface wiegand sécurisées
US20140070917A1 (en) * 2012-09-12 2014-03-13 Ford Global Technologies, Llc Apparatus and method for registering users and managing biometric data thereof in a vehicle
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485
US10685353B2 (en) 2007-10-22 2020-06-16 Microlatch Pty Ltd Transmitter for transmitting a secure access signal

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6026165A (en) * 1996-06-20 2000-02-15 Pittway Corporation Secure communications in a wireless system
US6154544A (en) * 1995-05-17 2000-11-28 The Chamberlain Group, Inc. Rolling code security system
US20020034303A1 (en) * 2000-01-21 2002-03-21 The Chamberlain Group, Inc. Rolling code security system
US6484260B1 (en) * 1998-04-24 2002-11-19 Identix, Inc. Personal identification system
WO2004039119A1 (fr) * 2002-10-22 2004-05-06 Anzon Autodoor Limited Systeme de gestion d'acces
WO2005018137A1 (fr) * 2003-08-13 2005-02-24 Securicom (Nsw) Pty Ltd Systeme d'entree a distance
US6882729B2 (en) * 2002-12-12 2005-04-19 Universal Electronics Inc. System and method for limiting access to data
US20050195066A1 (en) * 2004-03-06 2005-09-08 Wayne-Dalton Corp. Operating system and methods for seeding a random serial number for radio frequency control of a barrier operator's accessories
US6956495B2 (en) * 2001-05-22 2005-10-18 oneLINK System and method for remote opening of handicap access doors
US6956460B2 (en) * 2002-01-15 2005-10-18 Tsui Philip Y W Transmitter for operating rolling code receivers
AU2006203768A1 (en) * 2005-08-31 2007-03-15 Assa Abloy Ab Device authentication using a unidirectional protocol

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6154544A (en) * 1995-05-17 2000-11-28 The Chamberlain Group, Inc. Rolling code security system
US6026165A (en) * 1996-06-20 2000-02-15 Pittway Corporation Secure communications in a wireless system
US6484260B1 (en) * 1998-04-24 2002-11-19 Identix, Inc. Personal identification system
US20020034303A1 (en) * 2000-01-21 2002-03-21 The Chamberlain Group, Inc. Rolling code security system
US6956495B2 (en) * 2001-05-22 2005-10-18 oneLINK System and method for remote opening of handicap access doors
US6956460B2 (en) * 2002-01-15 2005-10-18 Tsui Philip Y W Transmitter for operating rolling code receivers
WO2004039119A1 (fr) * 2002-10-22 2004-05-06 Anzon Autodoor Limited Systeme de gestion d'acces
US6882729B2 (en) * 2002-12-12 2005-04-19 Universal Electronics Inc. System and method for limiting access to data
WO2005018137A1 (fr) * 2003-08-13 2005-02-24 Securicom (Nsw) Pty Ltd Systeme d'entree a distance
US20050195066A1 (en) * 2004-03-06 2005-09-08 Wayne-Dalton Corp. Operating system and methods for seeding a random serial number for radio frequency control of a barrier operator's accessories
AU2006203768A1 (en) * 2005-08-31 2007-03-15 Assa Abloy Ab Device authentication using a unidirectional protocol

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10685353B2 (en) 2007-10-22 2020-06-16 Microlatch Pty Ltd Transmitter for transmitting a secure access signal
US10949849B2 (en) 2007-10-22 2021-03-16 CPC Patent Technologies Pty Ltd. Transmitter for transmitting a secure access signal
US12002051B2 (en) 2007-10-22 2024-06-04 CPC Patent Technologies Pty Ltd. Transmitter for transmitting a secure access signal
EP2316180A1 (fr) * 2008-08-11 2011-05-04 Assa Abloy AB Communications par interface wiegand sécurisées
EP2316180A4 (fr) * 2008-08-11 2011-12-28 Assa Abloy Ab Communications par interface wiegand sécurisées
US20130117827A1 (en) * 2008-08-11 2013-05-09 Assa Abloy Ab Secure wiegand communications
US8923513B2 (en) 2008-08-11 2014-12-30 Assa Abloy Ab Secure wiegand communications
US8943562B2 (en) * 2008-08-11 2015-01-27 Assa Abloy Ab Secure Wiegand communications
US20140070917A1 (en) * 2012-09-12 2014-03-13 Ford Global Technologies, Llc Apparatus and method for registering users and managing biometric data thereof in a vehicle
CN103661269A (zh) * 2012-09-12 2014-03-26 福特全球技术公司 用于在车辆中管理用户的生物识别数据的设备和方法
US8937528B2 (en) * 2012-09-12 2015-01-20 Ford Global Technologies, Llc Apparatus and method for registering users and managing biometric data thereof in a vehicle
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485

Also Published As

Publication number Publication date
AU2009100853B4 (en) 2010-04-29
AU2009100853A4 (en) 2009-10-08
AU2007306965A1 (en) 2008-04-17

Similar Documents

Publication Publication Date Title
US9665705B2 (en) Remote entry system
US8112278B2 (en) Enhancing the response of biometric access systems
US11947649B2 (en) Locking device biometric access
US9923884B2 (en) In-circuit security system and methods for controlling access to and use of sensitive data
US8112632B2 (en) Security devices, systems and computer program products
US8232862B2 (en) Biometrically authenticated portable access device
US8183980B2 (en) Device authentication using a unidirectional protocol
US20090282258A1 (en) Password generator
JP2005512204A (ja) データキー作動デバイスにアクセスするための、ポータブルデバイスおよび方法
US9111084B2 (en) Authentication platform and related method of operation
JP2009151528A (ja) 生体情報が格納されたicカードおよびそのアクセス制御方法
AU2009100853B4 (en) A secure wireless remote entry system
WO2008031143A1 (fr) Générateur de mot de passe
AU2005316195A1 (en) Enhancing the response of biometric access systems
JP2011090667A (ja) マイクロ電子工学のメモリロックシステム
KR20040075869A (ko) 데이터 키 작동 디바이스들을 위한 휴대용 디바이스 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07710560

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2007306965

Country of ref document: AU

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2007306965

Country of ref document: AU

Date of ref document: 20070313

Kind code of ref document: A

122 Ep: pct application non-entry in european phase

Ref document number: 07710560

Country of ref document: EP

Kind code of ref document: A1