WO2008136031A1 - Device for handling small safe deposit boxes - Google Patents
Device for handling small safe deposit boxes Download PDFInfo
- Publication number
- WO2008136031A1 WO2008136031A1 PCT/IT2007/000824 IT2007000824W WO2008136031A1 WO 2008136031 A1 WO2008136031 A1 WO 2008136031A1 IT 2007000824 W IT2007000824 W IT 2007000824W WO 2008136031 A1 WO2008136031 A1 WO 2008136031A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- safe deposit
- safe
- handling small
- deposit boxes
- customer
- Prior art date
Links
- 238000009826 distribution Methods 0.000 claims abstract description 7
- 238000012423 maintenance Methods 0.000 claims description 11
- 238000000151 deposition Methods 0.000 claims description 3
- 239000003638 chemical reducing agent Substances 0.000 claims description 2
- 230000000694 effects Effects 0.000 claims description 2
- 238000012544 monitoring process Methods 0.000 claims description 2
- 238000007747 plating Methods 0.000 claims description 2
- 238000009434 installation Methods 0.000 claims 1
- 238000000034 method Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 239000007789 gas Substances 0.000 description 2
- 238000007789 sealing Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 208000027418 Wounds and injury Diseases 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 238000005303 weighing Methods 0.000 description 1
Classifications
-
- E—FIXED CONSTRUCTIONS
- E05—LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
- E05G—SAFES OR STRONG-ROOMS FOR VALUABLES; BANK PROTECTION DEVICES; SAFETY TRANSACTION PARTITIONS
- E05G1/00—Safes or strong-rooms for valuables
- E05G1/06—Safes or strong-rooms for valuables having provision for multiple compartments
-
- E—FIXED CONSTRUCTIONS
- E05—LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
- E05Y—INDEXING SCHEME ASSOCIATED WITH SUBCLASSES E05D AND E05F, RELATING TO CONSTRUCTION ELEMENTS, ELECTRIC CONTROL, POWER SUPPLY, POWER SIGNAL OR TRANSMISSION, USER INTERFACES, MOUNTING OR COUPLING, DETAILS, ACCESSORIES, AUXILIARY OPERATIONS NOT OTHERWISE PROVIDED FOR, APPLICATION THEREOF
- E05Y2600/00—Mounting or coupling arrangements for elements provided for in this subclass
-
- E—FIXED CONSTRUCTIONS
- E05—LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
- E05Y—INDEXING SCHEME ASSOCIATED WITH SUBCLASSES E05D AND E05F, RELATING TO CONSTRUCTION ELEMENTS, ELECTRIC CONTROL, POWER SUPPLY, POWER SIGNAL OR TRANSMISSION, USER INTERFACES, MOUNTING OR COUPLING, DETAILS, ACCESSORIES, AUXILIARY OPERATIONS NOT OTHERWISE PROVIDED FOR, APPLICATION THEREOF
- E05Y2600/00—Mounting or coupling arrangements for elements provided for in this subclass
- E05Y2600/60—Mounting or coupling members; Accessories therefor
-
- E—FIXED CONSTRUCTIONS
- E05—LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
- E05Y—INDEXING SCHEME ASSOCIATED WITH SUBCLASSES E05D AND E05F, RELATING TO CONSTRUCTION ELEMENTS, ELECTRIC CONTROL, POWER SUPPLY, POWER SIGNAL OR TRANSMISSION, USER INTERFACES, MOUNTING OR COUPLING, DETAILS, ACCESSORIES, AUXILIARY OPERATIONS NOT OTHERWISE PROVIDED FOR, APPLICATION THEREOF
- E05Y2800/00—Details, accessories and auxiliary operations not otherwise provided for
-
- E—FIXED CONSTRUCTIONS
- E05—LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
- E05Y—INDEXING SCHEME ASSOCIATED WITH SUBCLASSES E05D AND E05F, RELATING TO CONSTRUCTION ELEMENTS, ELECTRIC CONTROL, POWER SUPPLY, POWER SIGNAL OR TRANSMISSION, USER INTERFACES, MOUNTING OR COUPLING, DETAILS, ACCESSORIES, AUXILIARY OPERATIONS NOT OTHERWISE PROVIDED FOR, APPLICATION THEREOF
- E05Y2800/00—Details, accessories and auxiliary operations not otherwise provided for
- E05Y2800/69—Permanence of use
- E05Y2800/692—Temporary use, e.g. removable tools
Definitions
- the present invention relates to a distributor for safe deposit boxes otherwise known as a device for handling small safe deposit boxes.
- the present invention comprises a device which enables the handling, with the maximum simplicity and guaranteeing the maximum security, safe deposit boxes, that is, those small boxes used to deposit valuables in banks and safe deposits in general.
- the device according to the present invention comprises a machine which enables the fully automated handling of safe deposit boxes and enables users to withdraw and re-deposit their individual boxes using a special electronic card provided for this purpose.
- the system according to the present invention comprises an automatic distributor protected by an armoured structure comprising a safe with a high level of protection.
- the automatic distributor module is designed to ensure easy maintenance and offers the possibility of removing the module completely from the safe for the purposes of major maintenance operations.
- the present invention relates mainly to the field of banking services but can also be used for security purposes in general. Examples of other applications of the invention would be cupboards with lockable deposit boxes in supermarkets and gyms, small safes for hotels and post boxes for exchanging the keys of holiday homes.
- banks offer safe deposit box services whereby users can deposit items of value in special strong boxes in special premises which are usually only available in the larger bank branches.
- the management of safe deposit box services is complex.
- the boxes must be located in a special vault or strong room, usually underground, a facility not available in many bank branches.
- the service also has to be managed by specially trained bank personnel.
- This type of safe deposit box is opened using two keys, one held by the user and the other held by the bank.
- a bank official must always be present together with the user to identify the user and open the safe deposit box.
- the object of the present invention is that of providing a distributor for safe deposit boxes, otherwise known as a device for handling small safe deposit boxes, which eliminates or at least reduces the drawbacks described above.
- the present invention provides a safe deposit box distributor which completely eliminates the problems relating to space, special banking premises, the presence of banking staff and access restricted to bank opening hours .
- the handling system according to the present invention substantially comprises a fully automated distributor consisting of a safe, which can also be assembled on-site, comprising a plurality of compartments containing the various safe deposit boxes.
- the safe deposit boxes are handled by a dedicated automated robot and a handling system connected to a console on the user side of the equipment designed to receive and check the identity cards presented by individual users when withdrawing and depositing their individual safe deposit boxes .
- the handling device according to the present invention solves the problems described by making it possible to provide a more widely available service thus providing more services and benefits for banks and customers .
- the system according to the present invention comprises the following parts:
- a distributor robot which handles the boxes and makes the safe deposit cells available to the user.
- An armour plated system guaranteeing the security of the valuables deposited. This part of the system is optional and can be adjusted to meet requirements .
- a user authentication system designed to accurately identify the user. This authentication system can use biometric identification methods.
- a user interface system consisting of a monitor, a touch screen and a keypad. The software and hardware architecture are designed to guarantee protection against fraud and the illegal recording of activities. Instructions are given to the user by an intelligent interface.
- FIG. 1 shows a side view of the device for handling small safe deposit boxes.
- Figure 3 shows the safe deposit box drawer-type holder in the closed and open positions.
- FIG. 4 shows the safe deposit box distributor with a rotary distribution drum used to withdraw and deposit the boxes.
- Figure 1 shows the magazine 11 comprising a plurality of cells 13 arranged in multiple consecutive sectors.
- a robot mechanism 15 moves on two axes between the magazine cells.
- the robot mechanism 15 comprises a telescopic gripper which travels along the guides 16 and can be positioned in front of each cell so that any safe deposit box can be withdrawn from and deposited in its corresponding cell.
- the robot 15 operates a drum 17 located behind the console 18 which acts as the interface between the device and the user.
- Figure 4 shows the drum 17 mounted on a self- aligning bearing 19 and driven in a rotary direction by a reducer motor 20 mounted to the side.
- the drum also has a microswitch 21 used to detect excess weight.
- a proximity sensor 22 is installed at the console 18.
- the console 18 is fitted with a vertically sliding door 23 which has to be held in the raised position with one hand when withdrawing and depositing boxes; for reasons of safety the drum can only rotate when the door is in the lowered position.
- the hardware architecture is designed to use a fanless industrial computer and a dedicated automation card.
- the operating system and the application software are stored on a flash drive.
- the database for managing the authentication process and the operating log is stored on a RAIDl type hard disk.
- the security management electronics are independent.
- the system also has logic control over the operating flows, the protection sensors and the monitoring of the functional states of the safe.
- the system has an encrypted serial interfacing with the system management electronics.
- the safe has armour plating rated to EN 1143-1 Grade V level with two doors for accessing the distributor during maintenance.
- the drum or cylinder 17 is also armour plated and is power driven to enable consignment of the box to the final user.
- the cylinder 17 has a microswitch 21 whose function is to check the weight of the box and ensure that objects of excessive weight are not inserted.
- the security systems used include:
- a main mechanical key lock rated to EN 1300 Level B. 0 A secondary, electronically-controlled lock with microchip key recognition for identifying the operator and programming access periods and/or opening delays .
- a gas protection system for automatically suppressing any explosive gases inserted in the system.
- Event log recording • System for closing and sealing the internal boxes to prevent access to valuables during maintenance operations (optional kit).
- the system uses a RFID DesFlRE card and to authenticate the user it employs biometric testing of a digital fingerprint.
- the fingerprint template is stored on the identification card so as not to raise privacy issues.
- the containers 14 are made from a plastic material with approximate internal dimensions of 138 x 184 x 51 and approximate external dimensions of 140 x 195 x 53 and closed by a hinged cover. Customers can insert their valuables in a sealable plastic envelope keeping the counterfoil as proof of ownership. The code printed on the envelope is read by the system and used as documentary proof.
- the containers can be filled with objects weighing up to approximately two kilograms.
- the system traces the path of the container by means of a video recording or by means of an RFID system which detects the passage of the container.
- the customer requires a MIFARE DESFire contactless card issued by the bank at the time of subscribing to the service.
- the card contains an authentication key and the digital fingerprint template used to verify the user's identify.
- the system will handle situations where one customer has several safe deposit boxes and cases where one safe deposit box is shared by multiple users each with their own identification cards.
- Step 1 Initialization of the safe.
- the safe In order to be able to encrypt communications with the MIFARE DESFire card, the safe needs encryption codes, that is, a series of bits enabling encryption according to DES or 3-DES algorithms.
- the program checks that the dongle has been initialized. It does this by checking one of the bytes on the dongle. The byte will have the value 0 if the dongle has not yet been initialized or will have the value 1 if the dongle has already been - -
- the program will start as normal. If the dongle has not been initialized the program will initialize it by writing, in a portion of the dongle memory, a dozen randomly-generated encryption codes. In this way only the PC inside the safe can know the contents of the dongle. The encryption codes generated in this way will be used in subsequent communications with the MIFARE DESFire cards.
- Step 2 Initialization of the customer's MIFARE DESFire card. The customer goes to the bank and asks to use the safe deposit box service.
- the bank official takes a new MIFARE DESFire card and, using a special program loaded on a bank PC (Windows program, using TCP/IP to communicate with the distributor PC), initializes the MIFARE DESFire card using a card reader/writer.
- the PC is equipped with a biometric device for reading the fingerprint template assigned to the customer .
- the MIFARE DESFire card is identified by a unique serial number (UID) of seven bytes which can only be written to the card during the card production process.
- UID unique serial number
- the initialization process is as follows:
- UID of the MIFARE DESFire card assigned. These values together with the customer's name, tax code and type are communicated via TCP/IP to the safe. The number of the safe deposit box to be assigned to the customer is also communicated when the number of the cells available are known. There are no connections to the database present on the distributor. All information is exchanged via TCP/IP on the only software port open on the distributor's PC. 2.
- the software of the safe assigns the UID received to a cell which has not yet been initialized and creates a record in the relations table and another record in the customer's table. In the case of multiple cells, the procedure will create multiple records in the relations table and will modify the state of multiple cells.
- the "Record state" field will take the value "To be initialized”.
- a CRC is calculated from the template and saved in the customer's record for use in another verification procedure in the subsequent steps.
- the safe creates a randomly generated encrypted key (Kl) which is saved in the "First communication encrypted key” field of the customer's record.
- Kl randomly generated encrypted key
- Step 2.1 Initialization of the MIFARE DESFire by the provider or the person responsible.
- management cards which have the following functions:
- Step 3 First access of customer to the safe.
- a customer uses his/her MIFARE DESFire card for the first time at the safe: 1.
- the safe uses the key Kl to encrypt the data received and transmitted and then loads the encryption keys (step 1 , point 2 ) to the MIFARE DESFire card; these keys will be used in the future dialogs between the card and the PC. 2.
- Customer identification is performed (see step
- Step 4 Customer access to safe. The customer goes to the safe and presents his/her MIFARE DESFire card.
- the safe checks the MIFARE DESFire and initializes encrypted communications by selecting a encryption key stored on the dongle and on the MIFARE DESFire card.
- the customer is asked to present a finger for biometric identification.
- the program also checks that there are no blocks in progress and that the CRC saved on the database corresponds to the fingerprint template transmitted by the card.
- Step 5 Cancellation of a customer.
- the customer decides that he/she no longer wishes to use the service.
- Any bank worker inside the bank could re-assign a card to the customer's safe deposit box and could access that safe deposit box.
- the bank manager or a person assigned this task uses the Super ⁇ ser card to access the management menu.
- the SuperUser scrolls through the list of customer names (or tax codes) to find the customer's cell. 4) The SuperUser selects the cell to be cancelled. Only one cell at a time can be selected even though the customer might have multiple boxes .
- the safe informs the SuperUser that he/she is about to perform an operation that will block the safe and that in order to restart the safe it will be necessary to open it first.
- the SuperUser opens the safe (in the presence of a member of security staff and a public notary) and removes the safe deposit box from the gripper. 8 ) The SuperUser empties the safe deposit box and returns it to the gripper.
- the management software checks that there is an object in the gripper. If this is the case it returns the safe deposit box to its cell and sets the record state to "not initialized". If the customer has multiple boxes, the program restarts from point 4) above. If the customer has no more boxes, the program cancels customer records and the system returns to normal operation. If the procedure is interrupted for any reason (e.g. the Super ⁇ ser decides not to continue), the customer's records will not be cancelled and the cancellation procedure can be continued at a later time.
- the management program will permit the Super ⁇ ser to perform "Load box” operations if it detects that a cell has been blocked as described in the previous point. This means that the Super ⁇ ser can insert boxes in the empty cells.
- Step 6 Maintenance.
- the procedure for starting maintenance on the safe is as follows: 1 ) The Superuser uses the card and biometric identification to access the safe menu and then selects the "Maintenance" function.
- the safe switches the gripper to the stand-by mode.
- the software stops.
- the program can only be restarted by moving the Superuser card close to the reading antenna and performing the fingerprint identification.
- the program can only be closed using the keyboard connected to the PC; this can only be done when the safe is open.
- the technician connects up to the external socket of the safe and downloads the data indicating the state of the safe (state of the locks, alarm events recorded previously, ).
- the safe is opened in the presence of a security guard, the technician and the branch manager using their respective microchips keys and the mechanical key. 5) If the safe is equipped with the optional cell sealing with sliding panels, the panels are closed to seal the cells and the technician can continue to work on the inside of the safe without the continuous supervision of the security guard or the bank official.
- the technician can work in the following ways: a) The technician needs to check the moving parts of the safe. In this case the technician connects a keyboard and a monitor to the internal connectors of the safe PC and then runs the test programs. To do this the technician needs to close the main management program. This means that customers cannot use the safe, the touch screen or their MIFARE cards. b) The technician needs to check the control cards of the safe (locks, etc.) In this case the technician connects up to the safe cards. Customers cannot use the safe because the main software is waiting for a Super ⁇ ser card so that it can restart. 7 )At the end of maintenance operations the technician must restart the main program if it was closed previously. The program restarts and checks that the safe has been closed. If the safe is not closed, the program waits until it is properly closed. When the safe is closed, it starts normally and waits for the MIFARE card. Card management.
- Access to the database is restricted to the distributor PC and the database cannot be accessed from any other PC on the local network.
- the counter program can therefore only be used to create cards. Operations such as cancelling cards (when customers cancel the service) and database searches are only possible from the safe program.
- the counter program consists of a single screen page or window where:
- the person responsible records the template and starts the procedure for initializing a MIFARE DESFire card.
- the commands sent via TCP/IP to the safe PC in this procedure create, on the safe database, the records needed to identify the new customer and his/her box or boxes.
- the person responsible (using the MIFARE DESFire card) searches for a customer to modify that customer's personal details. It is not possible to modify the template once the card has been initialized. To modify the template, the person responsible must cancel the customer and then create a new customer.
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Vending Machines For Individual Products (AREA)
- Automatic Tape Cassette Changers (AREA)
Abstract
A device for handling small safe deposit boxes comprising at least one magazine (11) housed inside an armoured structure (12) and where the magazine (11) comprises a plurality of cells (13) with a robot mechanism (15) fitted with a gripper which can move between the cells and into position in front of any cell so that a safe deposit box can be withdrawn from and deposited in its corresponding cell. The robot (15) operates a distribution device (17) behind a console (18) which acts as the interface proper between the device and the user. The device is also fitted with a means (21) for detecting excess weight.
Description
"DEVICE FOR HANDLING SMALL SAFE DEPOSIT BOXES"
TECHNICAL FIELD
The present invention relates to a distributor for safe deposit boxes otherwise known as a device for handling small safe deposit boxes.
In particular the present invention comprises a device which enables the handling, with the maximum simplicity and guaranteeing the maximum security, safe deposit boxes, that is, those small boxes used to deposit valuables in banks and safe deposits in general.
The device according to the present invention comprises a machine which enables the fully automated handling of safe deposit boxes and enables users to withdraw and re-deposit their individual boxes using a special electronic card provided for this purpose.
The system according to the present invention comprises an automatic distributor protected by an armoured structure comprising a safe with a high level of protection.
The automatic distributor module is designed to ensure easy maintenance and offers the possibility of removing the module completely from the safe for the purposes of major maintenance operations. The present invention relates mainly to the field of banking services but can also be used for security purposes in general. Examples of other applications of the invention would be cupboards with lockable deposit boxes in supermarkets and gyms, small safes for hotels and post boxes for exchanging the keys of holiday homes.
BACKGROUND OF THE INVENTION
According to the conventional art, banks offer safe deposit box services whereby users can deposit items of
value in special strong boxes in special premises which are usually only available in the larger bank branches.
The management of safe deposit box services is complex. The boxes must be located in a special vault or strong room, usually underground, a facility not available in many bank branches. The service also has to be managed by specially trained bank personnel.
This type of safe deposit box is opened using two keys, one held by the user and the other held by the bank. When a box has to be opened, a bank official must always be present together with the user to identify the user and open the safe deposit box.
The current method for managing the service presents a variety of significant problems. The service requires a considerable amount of space and special banking premises. Bank staff must always be present during opening. Access to safe deposit boxes is restricted to bank opening hours. These and other problems make the handling of current services both difficult and costly.
DESCRIPTION OF THE INVENTION
The object of the present invention is that of providing a distributor for safe deposit boxes, otherwise known as a device for handling small safe deposit boxes, which eliminates or at least reduces the drawbacks described above.
The present invention provides a safe deposit box distributor which completely eliminates the problems relating to space, special banking premises, the presence of banking staff and access restricted to bank opening hours .
This is achieved by means of a machine designed to handle small safe deposit boxes whose characteristics are described in the main claim.
The dependent claims describe preferred embodiments of the present invention.
The main advantages of this solution, in addition to those which derive from the very simple, yet secure way of handling boxes, principally concern the fact the handling system according to the invention does not require a special vault or strong room and makes it possible for customers to use the service 24 hours a day.
The handling system according to the present invention substantially comprises a fully automated distributor consisting of a safe, which can also be assembled on-site, comprising a plurality of compartments containing the various safe deposit boxes. The safe deposit boxes are handled by a dedicated automated robot and a handling system connected to a console on the user side of the equipment designed to receive and check the identity cards presented by individual users when withdrawing and depositing their individual safe deposit boxes . The handling device according to the present invention solves the problems described by making it possible to provide a more widely available service thus providing more services and benefits for banks and customers . The system according to the present invention comprises the following parts:
1. A distributor robot which handles the boxes and makes the safe deposit cells available to the user. 2. An armour plated system guaranteeing the security of the valuables deposited. This part of the system is optional and can be adjusted to meet requirements .
3 . A user authentication system designed to
accurately identify the user. This authentication system can use biometric identification methods. 4. A user interface system consisting of a monitor, a touch screen and a keypad. The software and hardware architecture are designed to guarantee protection against fraud and the illegal recording of activities. Instructions are given to the user by an intelligent interface.
BRIEF DESCRIPTION OF THE DRAWINGS
Further features and advantages of the invention will become apparent from the description of an example embodiment which follows with reference to the annexed drawings, given purely by way of a non-limiting example, in which:
- Figure 1 shows a side view of the device for handling small safe deposit boxes.
- Figure 2 shows a top view of the same.
Figure 3 shows the safe deposit box drawer-type holder in the closed and open positions.
- Figure 4 shows the safe deposit box distributor with a rotary distribution drum used to withdraw and deposit the boxes.
- Figures 5 to 11 are block diagrams.
DESCRIPTION OF AN EXAMPLE EMBODIMENT
The following description refers to the annexed figures showing a device for handling small safe deposit boxes, indicated generally with the numeral 10 and substantially comprising a magazine 11 housed inside an armoured structure 12.
Figure 1 shows the magazine 11 comprising a plurality of cells 13 arranged in multiple consecutive sectors.
A robot mechanism 15 moves on two axes between the magazine cells. In the embodiment shown, the robot mechanism 15 comprises a telescopic gripper which travels along the guides 16 and can be positioned in front of each cell so that any safe deposit box can be withdrawn from and deposited in its corresponding cell.
The robot 15 operates a drum 17 located behind the console 18 which acts as the interface between the device and the user. Figure 4 shows the drum 17 mounted on a self- aligning bearing 19 and driven in a rotary direction by a reducer motor 20 mounted to the side.
The drum also has a microswitch 21 used to detect excess weight. A proximity sensor 22 is installed at the console 18.
The console 18 is fitted with a vertically sliding door 23 which has to be held in the raised position with one hand when withdrawing and depositing boxes; for reasons of safety the drum can only rotate when the door is in the lowered position.
The hardware architecture is designed to use a fanless industrial computer and a dedicated automation card. The operating system and the application software are stored on a flash drive. The database for managing the authentication process and the operating log is stored on a RAIDl type hard disk.
The security management electronics are independent. The system also has logic control over the operating flows, the protection sensors and the monitoring of the functional states of the safe. The system has an encrypted serial interfacing with the system management electronics.
The safe has armour plating rated to EN 1143-1 Grade
V level with two doors for accessing the distributor during maintenance. The drum or cylinder 17 is also armour plated and is power driven to enable consignment of the box to the final user. The cylinder 17 has a microswitch 21 whose function is to check the weight of the box and ensure that objects of excessive weight are not inserted.
The security systems used include:
• A main mechanical key lock rated to EN 1300 Level B. 0 A secondary, electronically-controlled lock with microchip key recognition for identifying the operator and programming access periods and/or opening delays .
• A gas protection system for automatically suppressing any explosive gases inserted in the system.
• Seismic sensors, movement sensors and control microswitches .
• Event log recording. • System for closing and sealing the internal boxes to prevent access to valuables during maintenance operations (optional kit).
To identify the user, the system uses a RFID DesFlRE card and to authenticate the user it employs biometric testing of a digital fingerprint.
The fingerprint template is stored on the identification card so as not to raise privacy issues.
The containers 14 are made from a plastic material with approximate internal dimensions of 138 x 184 x 51 and approximate external dimensions of 140 x 195 x 53 and closed by a hinged cover. Customers can insert their valuables in a sealable plastic envelope keeping the counterfoil as proof of ownership. The code printed on the envelope is read by the system and used as
documentary proof.
The containers can be filled with objects weighing up to approximately two kilograms.
The system traces the path of the container by means of a video recording or by means of an RFID system which detects the passage of the container.
The following section describes the operation of the system, its components and its security characteristics.
In order to be able to use the system, the customer requires a MIFARE DESFire contactless card issued by the bank at the time of subscribing to the service. The card contains an authentication key and the digital fingerprint template used to verify the user's identify.
The system will handle situations where one customer has several safe deposit boxes and cases where one safe deposit box is shared by multiple users each with their own identification cards.
Step 1: Initialization of the safe.
In order to be able to encrypt communications with the MIFARE DESFire card, the safe needs encryption codes, that is, a series of bits enabling encryption according to DES or 3-DES algorithms.
These codes are stored as static values on a hardware key, hereinafter called a dongle, which is connected to the USB port of the PC inside the safe.
The initialization process of these keys is as follows:
1. When the operating software of the safe is started for the first time and at each successive startup, the program checks that the dongle has been initialized. It does this by checking one of the bytes on the dongle. The byte will have the value 0 if the dongle has not yet been initialized or will have the value 1 if the dongle has already been
- -
initialized.
2. If the dongle is already initialized the program will start as normal. If the dongle has not been initialized the program will initialize it by writing, in a portion of the dongle memory, a dozen randomly-generated encryption codes. In this way only the PC inside the safe can know the contents of the dongle. The encryption codes generated in this way will be used in subsequent communications with the MIFARE DESFire cards.
3. The software will now generate, if it has not already been created, a support database containing the following data structures:
CELLS
USERS
RELATIONS
STATE
Step 2: Initialization of the customer's MIFARE DESFire card. The customer goes to the bank and asks to use the safe deposit box service.
The bank official takes a new MIFARE DESFire card and, using a special program loaded on a bank PC (Windows program, using TCP/IP to communicate with the distributor PC), initializes the MIFARE DESFire card using a card reader/writer. The PC is equipped with a biometric device for reading the fingerprint template assigned to the customer .
The MIFARE DESFire card is identified by a unique serial number (UID) of seven bytes which can only be written to the card during the card production process.
The initialization process is as follows:
1. Taking of the customer's template and reading of the
UID of the MIFARE DESFire card assigned. These values together with the customer's name, tax code and type are communicated via TCP/IP to the safe. The number of the safe deposit box to be assigned to the customer is also communicated when the number of the cells available are known. There are no connections to the database present on the distributor. All information is exchanged via TCP/IP on the only software port open on the distributor's PC.
2. The software of the safe assigns the UID received to a cell which has not yet been initialized and creates a record in the relations table and another record in the customer's table. In the case of multiple cells, the procedure will create multiple records in the relations table and will modify the state of multiple cells. The "Record state" field will take the value "To be initialized". A CRC is calculated from the template and saved in the customer's record for use in another verification procedure in the subsequent steps.
3. The safe creates a randomly generated encrypted key (Kl) which is saved in the "First communication encrypted key" field of the customer's record. The safe sends this key back to the workstation PC so that it can be written on the customer's card.
4. The key Kl is stored on the MIFARE DESFire card and will be used for the first communication and for activating the card. Step 2.1: Initialization of the MIFARE DESFire by the provider or the person responsible.
At this point it is necessary to initialize management cards which have the following functions:
1. Cancellation of customers who no longer wish to use the safe deposit boxes.
2. Cancellation of deceased customers.
3. Other functions to be defined.
This type of card cannot be used to make automatic withdrawals of safe deposit boxes held inside the safe. They are not therefore "risky" cards and can be created in unlimited numbers.
Users with these special functions are known as Superusers and are registered following the same
procedure used to register standard cards with the only difference that it is necessary to indicate that these cards are destined for superuser functions. In this way the management program of the safe knows that it does not have to assign a cell to this UID and will only create a record in the customers table.
Step 3: First access of customer to the safe. When a customer uses his/her MIFARE DESFire card for the first time at the safe: 1. The safe uses the key Kl to encrypt the data received and transmitted and then loads the encryption keys ( step 1 , point 2 ) to the MIFARE DESFire card; these keys will be used in the future dialogs between the card and the PC. 2. Customer identification is performed (see step
4 for details) .
3. The "Record state" of both the cell (or cells assigned to that UID) and the customer is set to 2 ("Initialization"). At this point it will no longer be possible to make updates .
For a more detailed description, see the flow diagram.
Step 4: Customer access to safe. The customer goes to the safe and presents his/her MIFARE DESFire card.
1 .The safe checks the MIFARE DESFire and initializes encrypted communications by selecting a encryption key stored on the dongle and on the MIFARE DESFire card.
2. The customer is asked to present a finger for biometric identification.
3.The customer places his/her finger on the biometric reader, is identified and then
allowed access to the safe functions. The program also checks that there are no blocks in progress and that the CRC saved on the database corresponds to the fingerprint template transmitted by the card.
For a more detailed description, see the flow diagram.
Step 5: Cancellation of a customer.
When a customer stops using the service it will be necessary to free the safe deposit box used by that customer.
There are two possible cases: l.The customer decides that he/she no longer wishes to use the safe deposit box service. 2. The customer can no longer go to the safe.
The customer decides that he/she no longer wishes to use the service.
The cancellation procedure for these two cases is as follows: l)When a customer no longer wishes to use the safe deposit box service they have to go to the bank and notify the bank official responsible.
2) The bank official ascertains the identity of the customer by requesting the customer' identify document and asks the customer to sign a cancellation contract where the customer certifies that there are no longer any valuables in the safe deposit boxes or boxes assigned to him/her. 3 )The bank of f ic ial starts the cance l lation procedure :
a ) The bank official goes to the safe with the superuser card and accompanied by the
customer. b) The bank official 'shows' his/her MIFARE superuser to the safe. The safe program verifies the superuser 's finger print and then permits access to the user cancellation menu. The cancellation procedure proper starts here. c) The customer is asked to present his/her card and fingerprint for identification. When identification has been successfully completed the card is disabled and the cells assigned to that customer in the safe database are freed and set to the "Not initialized" state. In the case where an individual customer has multiple safe deposit boxes, the program will ask the user which box to cancel or if it should cancel all the boxes held in the customer's name. If the customer cancels all his/her boxes, the corresponding records (customers and relations) are cancelled. A customer loses his/her card.
In the event of card loss or theft, or if the customer cannot use a particular fingerprint because of injury or if a customer dies, it is highly risky to assign a new card allowing the customers to regain access to their safety deposit boxes. The reasons for this are as follows :
1 ) Any bank worker inside the bank could re-assign a card to the customer's safe deposit box and could access that safe deposit box.
2 ) If we wanted to assign a new card to the safe deposit box using the CRC of the customer's template saved in the safe's memory, this operation would be
unsuccessful because the template saved each time on the safe depends on how the finger is positioned on the fingerprint reader with the result that the resulting CRC would be different for each acquisition.
The procedure for cancelling a card in the event of loss, theft or any of the other situations described above is as follows:
1) The bank manager or a person assigned this task uses the Superϋser card to access the management menu.
2 ) On the management menu the SuperUser selects the "Cancel cell" function.
3 ) The SuperUser scrolls through the list of customer names (or tax codes) to find the customer's cell. 4) The SuperUser selects the cell to be cancelled. Only one cell at a time can be selected even though the customer might have multiple boxes .
5 ) At this point, the safe informs the SuperUser that he/she is about to perform an operation that will block the safe and that in order to restart the safe it will be necessary to open it first.
6) If the SuperUser confirms the operation, the safe will check that the safe deposit box is present and then retrieve it. The management program will now interrupt all the other operations possible on the safe.
7 ) The SuperUser opens the safe (in the presence of a member of security staff and a public notary) and removes the safe deposit box from the gripper. 8 ) The SuperUser empties the safe deposit box and returns it to the gripper.
9 ) When the safe is closed, the management software checks that there is an object in the gripper. If this is the case it returns the safe deposit box to
its cell and sets the record state to "not initialized". If the customer has multiple boxes, the program restarts from point 4) above. If the customer has no more boxes, the program cancels customer records and the system returns to normal operation. If the procedure is interrupted for any reason (e.g. the Superϋser decides not to continue), the customer's records will not be cancelled and the cancellation procedure can be continued at a later time.
10) If the box is not in the gripper when the safe is closed, the program will indicate that the box has not been returned to its original position and will block the corresponding cell setting the record state to 3. In this case the program assumes that the safe deposit box has been emptied and proceeds to cancel the customer's data as described in point 9 ) above .
11) The management program will permit the Superϋser to perform "Load box" operations if it detects that a cell has been blocked as described in the previous point. This means that the Superϋser can insert boxes in the empty cells.
Step 6: Maintenance.
To start maintenance on the safe it is necessary to switch the safe to a state where:
• No customer can gain access to the safe during maintenance operations . • The technician can work behind the safe and at the same time has the possibility of checking all its functions.
The procedure for starting maintenance on the safe is as follows:
1 )The Superuser uses the card and biometric identification to access the safe menu and then selects the "Maintenance" function.
2 ) The safe switches the gripper to the stand-by mode. The software stops. The program can only be restarted by moving the Superuser card close to the reading antenna and performing the fingerprint identification. The program can only be closed using the keyboard connected to the PC; this can only be done when the safe is open.
3 )The technician connects up to the external socket of the safe and downloads the data indicating the state of the safe (state of the locks, alarm events recorded previously, ...).
4 )The safe is opened in the presence of a security guard, the technician and the branch manager using their respective microchips keys and the mechanical key. 5) If the safe is equipped with the optional cell sealing with sliding panels, the panels are closed to seal the cells and the technician can continue to work on the inside of the safe without the continuous supervision of the security guard or the bank official.
6) The technician can work in the following ways: a) The technician needs to check the moving parts of the safe. In this case the technician connects a keyboard and a monitor to the internal connectors of the safe PC and then runs the test programs. To do this the technician needs to close the main management program. This means that customers cannot use the safe, the
touch screen or their MIFARE cards. b) The technician needs to check the control cards of the safe (locks, etc.) In this case the technician connects up to the safe cards. Customers cannot use the safe because the main software is waiting for a Superϋser card so that it can restart. 7 )At the end of maintenance operations the technician must restart the main program if it was closed previously. The program restarts and checks that the safe has been closed. If the safe is not closed, the program waits until it is properly closed. When the safe is closed, it starts normally and waits for the MIFARE card. Card management.
This section examines in more detail the characteristics of the program to be installed on the bank worker PC used to create the cards, hereafter called the "counter program" to distinguish it from the program run on the PC of the safe otherwise known as the "safe program" .
Access to the database is restricted to the distributor PC and the database cannot be accessed from any other PC on the local network. The counter program can therefore only be used to create cards. Operations such as cancelling cards (when customers cancel the service) and database searches are only possible from the safe program.
The counter program consists of a single screen page or window where:
• In the case of a cancellation, the person responsible enters the customer data needed to perform a search (last name, first name, tax code or ID code, notes, box number assigned to the customer,
card type — normal or superuser); the UID of the card is read by the read/write device but cannot be modified in any way.
• The person responsible records the template and starts the procedure for initializing a MIFARE DESFire card. The commands sent via TCP/IP to the safe PC in this procedure create, on the safe database, the records needed to identify the new customer and his/her box or boxes. • The person responsible (using the MIFARE DESFire card) searches for a customer to modify that customer's personal details. It is not possible to modify the template once the card has been initialized. To modify the template, the person responsible must cancel the customer and then create a new customer.
The invention as described above refers to a preferred embodiment. Naturally, while the principle of the invention remains the same, the details of construction and the embodiments may widely vary with respect to what has been described and illustrated purely by way of the example, without departing from the scope of the present invention.
Claims
1. A device for handling small safe deposit boxes comprising at least one magazine (11) housed inside an armoured structure ( 12 ) characterised in that the magazine (11) comprises a plurality of cells (13) and a robot mechanism (15) equipped with a gripper and moving between the magazine cells which can move into position in front of any cell so that a safe deposit box can be withdrawn from and deposited in its corresponding cell and characterised in that the robot (15) operates a distribution device (17) located behind the console (18) acting as the interface proper between the device and the user, and characterised in that the device also includes a device (21) for detecting excess weight.
2. A device for handling small safe deposit boxes according to the previous claim characterised in that the distribution device (17) comprises a drum mounted on a self-aligning bearing (19) and driven in a rotary direction by a reducer motor (20) mounted to the side.
3. A device for handling small safe deposit boxes according to one of the foregoing claims characterised in that the console (18) has provisions for the installation of a proximity sensor (22).
4. A device for handling small safe deposit boxes according to one of the foregoing claims characterised in that the console (18) is equipped with a vertically sliding door (23) which has to be held in the raised position with one hand when withdrawing and depositing boxes and characterised in that, for reasons of safety, the distribution device (17) can only be actuated when the door is in the lowered position.
5. A device for handling small safe deposit boxes according to one of the foregoing claims characterised in that the security management electronics are independent and characterised in that the system has logic control over the operating flows, the protection sensors and the monitoring of the functional states of the safe and characterised in that the system has encrypted serial interfacing with the system management electronics and also records the activities performed by the user.
6. A device for handling small safe deposit boxes according to one of the foregoing claims characterised in that the safe has armour plating rated to EN 1143-1 Grade V level with two doors providing access to the distributor during maintenance .
7. A device for handling small safe deposit boxes according to one of the foregoing claims characterised in that the distribution device (17) is armour plated and power driven to enable consignment of the box to the final user.
8. A device for handling small safe deposit boxes according to one of the foregoing claims characterised in that the distribution device (17) has a sensor (21) whose function is to check the weight of the box and ensure that objects of excessive weight are not inserted.
9. A device for handling small safe deposit boxes according to one of the foregoing claims characterised in that the user is identified by means of an identification card.
10.A device for handling small safe deposit boxes according to one of the foregoing claims characterised in that the user is authenticated by means of a biometric identification system.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| ITVR2007A000064 | 2007-05-02 | ||
| ITVR20070064 ITVR20070064A1 (en) | 2007-05-02 | 2007-05-02 | DEVICE FOR THE MANAGEMENT OF SMALL CASSETTE FOR DEPOSIT OF VALUES AND GOODS |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2008136031A1 true WO2008136031A1 (en) | 2008-11-13 |
Family
ID=39185769
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/IT2007/000824 WO2008136031A1 (en) | 2007-05-02 | 2007-11-26 | Device for handling small safe deposit boxes |
Country Status (2)
| Country | Link |
|---|---|
| IT (1) | ITVR20070064A1 (en) |
| WO (1) | WO2008136031A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014080393A1 (en) * | 2012-11-25 | 2014-05-30 | Antopolsky Eliahu | A system for meetings documentation that enables access to the documentation only by the consent of the participants |
| US10354058B1 (en) * | 2018-11-21 | 2019-07-16 | Capital One Services, Llc | Systems and methods for safely storing an object |
| CN111341008B (en) * | 2020-03-06 | 2021-10-15 | 中国建设银行股份有限公司 | Automatic financial object delivery method and edge server |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0148697A2 (en) * | 1983-12-27 | 1985-07-17 | COMPAGNIE EUROPEENNE DE SECURITE ET DE SERVICES Société dite: | Strongroom arrangement for banks |
| FR2585153A1 (en) * | 1985-07-17 | 1987-01-23 | Desgorces Jean | Method of control of sequential operations by presentation of fingerprints, and its application to strongrooms |
| US4792270A (en) * | 1983-03-16 | 1988-12-20 | Itoki Co., Ltd. | Automatic rental safe-depositing box system |
| FR2630492A1 (en) * | 1988-04-22 | 1989-10-27 | Haffner Cie Sa P | Robotized strongbox |
| FR2669313A1 (en) * | 1991-02-15 | 1992-05-22 | Haffner Tech Sa | Storage device with standardised containers with automated or robotised removals and replacements, particularly a strong room |
| EP1739267A2 (en) * | 2005-06-29 | 2007-01-03 | Stahl S.r.l. | Night safe |
-
2007
- 2007-05-02 IT ITVR20070064 patent/ITVR20070064A1/en unknown
- 2007-11-26 WO PCT/IT2007/000824 patent/WO2008136031A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4792270A (en) * | 1983-03-16 | 1988-12-20 | Itoki Co., Ltd. | Automatic rental safe-depositing box system |
| EP0148697A2 (en) * | 1983-12-27 | 1985-07-17 | COMPAGNIE EUROPEENNE DE SECURITE ET DE SERVICES Société dite: | Strongroom arrangement for banks |
| FR2585153A1 (en) * | 1985-07-17 | 1987-01-23 | Desgorces Jean | Method of control of sequential operations by presentation of fingerprints, and its application to strongrooms |
| FR2630492A1 (en) * | 1988-04-22 | 1989-10-27 | Haffner Cie Sa P | Robotized strongbox |
| FR2669313A1 (en) * | 1991-02-15 | 1992-05-22 | Haffner Tech Sa | Storage device with standardised containers with automated or robotised removals and replacements, particularly a strong room |
| EP1739267A2 (en) * | 2005-06-29 | 2007-01-03 | Stahl S.r.l. | Night safe |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014080393A1 (en) * | 2012-11-25 | 2014-05-30 | Antopolsky Eliahu | A system for meetings documentation that enables access to the documentation only by the consent of the participants |
| US9710660B2 (en) | 2012-11-25 | 2017-07-18 | Eliahu Antopolsky | System for meetings documentation that enables access to the documentation only by the consent of the participants |
| US10354058B1 (en) * | 2018-11-21 | 2019-07-16 | Capital One Services, Llc | Systems and methods for safely storing an object |
| EP3657453A1 (en) * | 2018-11-21 | 2020-05-27 | Capital One Services, LLC | Systems and methods for safely storing an object |
| US10789349B2 (en) | 2018-11-21 | 2020-09-29 | Capital One Services, Llc | Systems and methods for safely storing an object |
| US11429705B2 (en) | 2018-11-21 | 2022-08-30 | Capital One Services, Llc | Systems and methods for safely storing an object |
| US11768927B2 (en) | 2018-11-21 | 2023-09-26 | Capital One Services, Llc | Systems and methods for safely storing an object |
| CN111341008B (en) * | 2020-03-06 | 2021-10-15 | 中国建设银行股份有限公司 | Automatic financial object delivery method and edge server |
Also Published As
| Publication number | Publication date |
|---|---|
| ITVR20070064A1 (en) | 2008-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101052970B (en) | Access control system and access control method | |
| RU2145378C1 (en) | Electronic safety system | |
| CN1116652C (en) | Electronic money storing apparatus and IC card control method | |
| US20180091503A1 (en) | Networked storage system and method | |
| US6129029A (en) | Method and apparatus for accessing safe deposit box | |
| JPH11280317A (en) | Access control system and access control method | |
| JP5064663B2 (en) | Document management system | |
| JPH0239819B2 (en) | ||
| CN102213041A (en) | Centralized key management system based on pressure-sensitivity fingerprint identification and use method | |
| WO2010114840A1 (en) | Secure atm deposit | |
| WO2011033839A1 (en) | Asset management system | |
| JP3527693B2 (en) | Article storage and article management system | |
| US20060010069A1 (en) | Transaction support method and system using same | |
| CN105320859A (en) | Right control method and apparatus | |
| WO2008136031A1 (en) | Device for handling small safe deposit boxes | |
| CN111472642B (en) | Remote on-duty management system of intelligent tail cabinet of bank | |
| JPH092621A (en) | Data management information system | |
| JP2003232154A (en) | Fingerprint confirmation control system | |
| CN110930559A (en) | Control system of intelligent automatic interaction equipment | |
| CN110363889B (en) | Work ticket storage system and method | |
| JP2007070010A (en) | Machine and system for depositing important item | |
| CN212535431U (en) | Remote on-duty management system of intelligent tail cabinet of bank | |
| CN213683669U (en) | Stagnant business library | |
| CN212302664U (en) | High security performance intelligence paper money case | |
| KR100840611B1 (en) | Apparatus for storing with memory component and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07849766 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 07849766 Country of ref document: EP Kind code of ref document: A1 |