Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/20—Individual registration on entry or exit involving the use of a pass
  • G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/20—Individual registration on entry or exit involving the use of a pass
  • G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
  • G07C9/23—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/20—Individual registration on entry or exit involving the use of a pass
  • G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
  • G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
  • G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Definitions

• the present invention is related to access devices to provide physical access to a secured area and, in particular, to access devices compatible with current access control systems while providing higher levels of security.
• U.S. Patent 5,679,945 discloses an access system that provides an "intelligent" card reader in order to replace existing magnetic stripe readers, bar code readers and Wiegand readers without the need for retrofitting of existing computer systems, which are coupled to the existing readers.
• readers that utilize a standard signal for communication into a secured area are easily attacked by those seeking unauthorized access to the secured area.
• access systems utilizing readers that provide standard signals do not provide a high level of security because those signals are more susceptible to, for example, replay attacks.
• Replay attacks in a conventional access control system can be accomplished by an intruder gaining access to the communication wires. By capturing the data sent on a valid data transfer, the attacker can later replay the same data and gain unauthorized entrance. [006] Therefore, there is a strong need, especially in a highly security conscious environment, to provide access systems with high levels of security against unauthorized access.
• an access system includes an input device accessible to a user and capable of reading authentication and/or identification information provided by the user, and a standard control panel coupled to the input device for evaluation of the information provided by the user.
• the standard control panel can be located in a secure area remote from the input device and can accept input signals compatible with those from standard signal readers that read traditional access cards, such as, for example, magnetic strip (Mag Stripe) cards, Wiegand cards, bar-code cards, etc.
• the input device can, for example, be a device that reads smart cards or memory cards, either contact or contactless.
• the input device can also read inputted information from the user (user information) or data regarding the user (e.g., biometric data such as fingerprints).
• An access system can include an input device that is accessible to a user and capable of reading authentication and/or identification information provided by the user; a standard signal control panel coupled to the input device for evaluation of the information provided by the user, the control panel being located in a secure area remote from the input device; and a signal processor coupled between the input device and the standard signal control panel, the signal processor being located in the secure area, wherein the input device provides data in a secured communication channel to the signal processor; and the signal processor, in response to the data provided by the input device, provides the data to the standard signal control panel utilizing a standard signal.
• Figure 1 shows a block diagram illustrating an access system according to the prior art.
• Figure 2 shows a block diagram of an embodiment of an access system according to the present invention.
• Figure 3 is shows a block diagram of embodiment of an access system according to the present invention.
• Figure 4 shows a block diagram of an embodiment of an access system according to the present invention.
• Figure 5 shows a block diagram of an embodiment of an access system according to the present invention that utilizes encrypted or signed, self-clocked data transmission.
• Figures 6 A and 6B illustrate uni-directional and bi-directional data transmission, respectively.
• Figure 7 illustrates sample wave shapes for Wiegand signals, Mag- Stripe signals, and self-clocked di-phase signals.
• Figure 8 illustrates sample timing diagrams for self-clocked di-phase communication on Transmit and Receive data.
• Figure 9 shows a block diagram of a signal processor according to the present invention.
• Figure 10 shows a security system according to the present invention.
• Figure 11 illustrates relative security level based on combinations of various inputs requested of a user attempting to gain access.
• Figure 12 illustrates a three-factor card reader.
• Figure 13 illustrates other card readers. [022] In the figures, elements having the same designation have the same or similar functions.
• Embodiments of the present invention provide an access system with an extremely high level of security.
• Embodiments of the invention include a signal processor coupled between the input device and the control device.
• the input devices in some embodiments can include encryption to encrypt information obtained from the user (i.e., from a memory or smart card, from input to a keypad, and/or from user data — for example fingerprints).
• the signal processor which can be placed in a secured location, can convert the encrypted information into a standard signal that can be sent to the standard control device, for example a standard Wiegand signal, magnetic strip signal, or strip-chart signal.
• Embodiments of the present invention can be highly versatile because they can, for example, be utilized with Wiegand control panels without being restricted to Wiegand readers as input devices and without transmitting insecure Wiegand signals from the reader to a secured area.
• the signal processor located in a secured location, for example at or near the control panel, the risk of interference with the data by those attempting to gain unauthorized access can be significantly reduced.
• a higher level of security can be guaranteed with regard to the data transfer from the input device to the control panel because it is not possible to intercept and abuse the authentication/identification information provided by the user if it is encrypted until it reaches the signal processor, especially if the signal processor and the control panel are located in a secure area which is not accessible from an unsecured area, and if a dynamic element is used in the data transfer.
• a second communication channel between the input device and the securely located signal processor can be provided.
• the input device can include a smart card reader into which a secure output can be implemented, for example an RS422, an RS485 or a TCP/IP output protocol can be implemented in some embodiments.
• An access system may further include a host computer coupled to the input device and located remotely from the input device.
• the host computer may also be coupled to the control panel and the signal processor. Data may be transmitted between the input device and the host computer utilizing, for example, an RS485 or a TCP/IP protocol
• Figure 1 shows a block diagram of a prior art access system that includes a standard Wiegand reader 10 and a Wiegand control panel 12 adapted to retrieve data from standard Wiegand reader 10.
• the Control panel 12 is located in a secure area 14 remote from Wiegand reader 10, which is accessible to a user attempting to obtain access to a secure area.
• the user inserts his Wiegand card (not shown), which contains authentication and, if required, identification information, into the Wiegand reader 10.
• the information is transmitted from the reader 10 to the control panel 12 where the information is evaluated.
• the control panel 12 either performs a security relevant operation, e.g. unlocking a door or the like, to grant the user the requested access, or it denies access.
• the weak point in an access system such as that illustrated in Figure 1 is the link between Wiegand reader 10 and control panel 12.
• the Wiegand data lines are susceptible to replay attacks, i.e. data can be intercepted at the wiring going into secured area 14 and replayed to gain unauthorized entrance.
• FIG. 2 shows an embodiment of an access system according to the present invention.
• a reader 16 is coupled to a signal processor 18.
• Signal processor 18 receives signals from reader 18 and converts these signals to standard signals that can be transmitted to control panel 12.
• signal processor 18 and control panel 12 are physically located in a secured area 14.
• control panel 12 can be a Wiegand control panel. It should be understood that the term "Wiegand control panel" is not restricted to a particular hardware configuration but rather includes any suitable control panel, which is capable of processing data signals in a Wiegand format by using corresponding signal processing or software.
• Wiegand control signal formats can also be utilized, for example magnetic strip (Mag Stripe) formats or bar-code formats.
• the standard Wiegand reader 10 shown in Figure 1 is replaced by another input device, for example a smart card reader 16 into which a smart card (not shown) containing authentication/identification information can be inserted (for contact reading) or otherwise interfaced with (for example for contactless reading).
• Reader 16 can include an encryption circuit that encrypts the information read from the smart card and an output port, for example an RS422, an RS485 or a TCP/IP output port, for outputting data to signal processor 18.
• card reader 16 can include a contactless reader for reading a contactless smart card.
• card reader 16 can include contactless smart card readers, contact smart card readers, memory card readers, a user input device such as a keypad on which a user can input authentication/identification data, biometric devices such as a fingerprint or retinal scan reader for directly evaluating the identity of the user, and other signaling devices for communicating with the user.
• the user inserts a smart card into smart card reader 16, or in the case of a contactless smart card brings the smart card in close proximity to reader 16.
• the information on the smart card is read by reader 16.
• the information from the smart card can be encrypted in reader 16.
• the information can then be transmitted to signal processor 18 using a secured, for example RS422, RS485 or TCP/IP protocol, output port. Data transfer between smart card reader 16 and signal processor 18, then, can be regarded as a "secure channel.”
• Signal processor 18 converts the information received from reader 16 into a standard signal (e.g., a Wiegand signal, a bar code signal, or a magnetic stripe signal) that can be received by control panel 12.
• a standard signal e.g., a Wiegand signal, a bar code signal, or a magnetic stripe signal
• Control panel 12 is able to evaluate the standard signal and, based on access protocols, decides whether to allow or to deny access to the user.
• Figure 3 shows another embodiment of access system according to the present invention.
• the embodiment shown in Figure 3 includes reader 16, signal processor 18 and control panel 12 as was previously discussed with Figure 2.
• a host computer 20 can be coupled to one or more of control panel 12, signal processor 18, and reader 16.
• Remote host computer 20 can be located outside secure area 14 and is coupled to reader 16 and to control panel 12. Communication between host computer 20 and reader 16 can be provided by a further secure channel, for example data can be transferred using an RS485 or a TCP/IP protocol.
• the operation of the embodiment of the access system of Figure 3 to gain access is similar to that described above with respect to Figure 2.
• the embodiment of access system shown in Figure 3 can easily be adapted to various requirements.
• the secure channel between remote host computer 20 and reader 16 can be used to change the configuration of reader 16 on command from host computer 20 in a comfortable and secure manner.
• differing levels of security can be implemented by sending commands to reader 16 and control panel 12 from host computer 20.
• host computer 20 can be used to define the type of input devices from which correct identification data is obtained that are required to gain access.
• Suitable input devices that can be included in reader 16 include a contactless smart card reader, a contact smart card reader, PLN pads (or keypads), biometric devices (for example fingerprint or retinal readers), and combinations thereof.
• the input devices from which data is required in order to gain access can be changed as a function of security threat level, day of week, time of day, or other conditions.
• the coupling between host computer 20 and control panel 12 allows checking as to whether a control panel operation has been successfully executed. Further, host computer 20 can be used to identify a possible malfunction of control panel 12 by utilizing test signals.
• reader 16 may include user-interface (for example a data screen or set of LED displays) for communicating information to a user.
• the LED signals may originate from control panel 12 and be transmitted through the secured channel between signal processor 18 and reader 16 as is indicated in Figure 3. Further, the secured channel between signal processor 18 and reader 16 may be bidirectional as is shown in Figure 3.
• control panel 12 may transmit data and instructions to reader 16, for example regarding security levels and such, over a bi-directional secured line. Additionally, LED display data may be transmitted between control panel 12 and reader 16 over separate lines or through the bi-direction secured line. Control panel 12 may also communicate system status to reader 16 for display to a user directly without communicating through signal processor 18.
• Figure 4 illustrates an access system similar to that illustrated in Figure 3, except that the secured channel between reader 16 and signal processor 18 is a unidirectional line. Reader 16, then, cannot receive data from control panel 12 through the secured channel.
• status information can be communicated between control panel 12 and reader 16 using a separate line. Status information can be displayed in reader 16 through LCD displays, LED lights, or audible tones, for example.
• setup information can be transmitted to reader 16 separately.
• Setup information can include for example, which of the various input devices of reader 16 are activated in order to collect the appropriate information from the user to meet the current level of security.
• Figure 5 illustrates another embodiment of an access system according to the present invention.
• reader 16 is typically located in a non-secure area on the outside of a locked entranceway.
• Reader 16 can include interfaces for smart cards, contactless smart cards, biometric readers (e.g. fingerprint readers), PLN pads, and/or other user interface devices.
• Reader 16 transmits data which may be encrypted and/or digitally signed, extracted from a smart card or other input device to signal processor 18, which is located in secure area 14.
• signal processor 18 can be located near or possibly in standard signal control panel 12.
• Digital signatures may be used to authenticate the information being sent to the control panel to ensure that it originated with the card or device that actually sent the information, and to ensure that the transmitted information was not altered after the information being transmitted was digitally signed.
• Digital Signature Algorithm which may be used by a signatory to generate a digital signature on data and by a verifier to verify the authenticity of the signature. Each signatory has a public and private key. The private key is used in the signature generation process and the public key is used in the signature verification process.
• the Digital Signature Algorithm uses parameters denoted by p, q, g, and x, which are defined below: p is an -bit prime p, where 512 ⁇ L > 1024, and L is divisible by 64; q is a 160-bit prime q, such that q is a factor of p - 1, i.e.
• the Public Key is and the Private Key is x.
• the algorithm also makes use of a one-way hash function, SHA(m), such as, for example, the Secure Hash Algorithm, and a randomly generated number k, where 0 ⁇ k ⁇ q. Parameter k is regenerated for each time a signature is generated.
• SHA(m) such as, for example, the Secure Hash Algorithm
• p, q, g and the sender's public key y and identity are made available to verifiers. These parameters may be publicly distributed. Additionally, the Digital Signature (r, s) is also made available along with its associated message M to potential verifiers. [044] To verify the signature, the verifier first checks to see that 0 ⁇ r ⁇ q and 0 ⁇ s ⁇ q; if either condition is violated, the signature is invalid.
• signal processor 18 converts the data received from reader 16 into a standard format signal, such as, for example, Wiegand, Mag Stripe, or bar code that is recognizable by standard signal control panel 12.
• a host computer 20 can communicate with signal processor 18 and with reader 16 through signal processor 18. As discussed above, host computer 20 can, for example, vary the level of security or alter the action or display setup of reader 16.
• a security module or processor is located in each of reader 16 and signal processor 18 to allow for the secure transfer of data between reader 16 and signal processor 18, either through encryption or digitally signing the data.
• a dynamic element can be used in the data transmission process to ensure that a replay attack cannot be used to gain unauthorized access to an entrance portal through reader 16.
• Replay attacks in a conventional access control system can be accomplished by an intruder gaining access to the communication wires, between the output terminal of reader 10 ( Figure 1) and the control panel 12. By capturing the data sent on a valid data transfer, the attacker can later replay the same data and gain unauthorized entrance.
• the dynamic element could include date and time information corresponding to the date and time when the reader was accessed. The date and time information can be sent to the signal processor, which can then check the received information with the current date and time to ensure that the information sent is not a replay attack.
• the secured communication channel between reader 16 and signal processor 18 can utilize the wiring that may be in place when replacing a conventional access system, for example the Wiegand wiring.
• the existing two wires can be used for data and clock for one-way communication between reader 16 and signal processor 18 or bi-directional communication can be established using self-clocked data, for example non-return to zero (NRZ) or Di-phase communications.
• NRZ non-return to zero
• Di-phase communications Di-phase communications.
• the data between reader 16 and signal processor 18 may be out of synchronization by only a few, for example one, clock cycle of the higher frequency clock.
• Di-phase communication can be used to further improve communication between reader 16 and signal processor 18.
• the state of the data is changed on every data bit time period. If the data were in a high state it would be changed to a low state, and vice versa.
• a data 'one' is in the same state for the entire bit period.
• a data 'zero' changes state at the half-bit time. The value of the data bit is determined by comparing the state of the data bit during the first half of the data bit period and the second half of the data bit period.
• reader 16 can change configuration on request from a host computer via a communications channel or from control panel 12 through status lines.
• data signal processor 18 can receive configuration information from host computer 20 or from standard signal control panel 12 and can transmit the configuration data to reader 16 via the bi-directional data lines between signal processor 18 and reader 16.
• An example of configuration information being sent to reader 16 is a requirement for additional user inputs, such as card and PLN pad data; card, PLN pad and biometric data; or other combinations.
• Figures 6A and 6B illustrate uni-directional and self-clocked bidirectional data lines, respectively.
• Figure 6A shows how the Data out-0 line from the reader, such as from exemplary reader 16, is sent to the Signal Processor across the data channel interface.
• a signal arriving on the Data out-0 or DO lines, at the Signal Processor is always interpreted as a "0".
• Figure 6B shows transmission of data using a self-clocked bi-directional line for the Data in-1 signal, across the data channel interface. Data transmitted by the Reader is buffered and sent to the Signal Processor. Similarly, data transmitted by the Signal Processor is buffered and sent to the Reader.
• FIG. 7 illustrates sample wave shapes for Wiegand (DO, Dl), Mag Stripe (Clock and Data), and self-clocked Di-phase.
• the data being transmitted shown in the Data row of Figure 7 is the 9-bit binary stream "110100101".
• transmission of this data using Wiegand (DO, Dl) depicted as W-D0 and W- Dl uses 9 clock cycles. Whenever a "0" is being transmitted during a clock cycle, the W-DO line is asserted. If a "1" is being transmitted during a clock cycle, the W-Dl line is asserted.
• the W-Dl line is asserted during the first two clock cycles corresponding to the first two binary digits "11" of the 9-bit stream being transmitted.
• the W-DO line is asserted corresponding to the third digit ("0") of the binary stream.
• the Data line is asserted for "l's” and negated for "O's”.
• the Data line is asserted for the first two clock cycles and then negated during the third clock cycle corresponding to the initial "110" data sequence of the 9-bit stream.
• Figure 9 shows an embodiment of signal processor 18.
• the embodiment of signal processor 18 shown in Figure 9 includes a microprocessor 21 coupled to a reader communications switch 20 and a control panel data line switch 22. Further, microprocessor 21 may be coupled to a communications channel interface 23 for communications with host computer 20 and to a security access module (SAM) 24.
• SAM security access module
• Reader communications switch 20 can be coupled to one or more readers 16 of differing types through, for example, a bi-directional data communications channel. Further, data regarding each of the readers can be communicated to control panel 12 through control panel line switch 22.
• data regarding the readers could include data regarding the status of the readers, such as whether they are active, inactive or malfunctioning.
• Conversion of data from reader 16 to a standard signal for standard signal control panel 12 can be accomplished in software operating on microprocessor 21 and stored in memory.
• software operating on microprocessor 21 and stored in memory could implement portions of a digital signature verification and authentication algorithm.
• SAM 24 stores and implements encryption codes and, in some embodiments, can be removable using a "SAM lock".
• Figure 10 shows an example of a security system according to the present invention.
• a security system according to the present invention includes one or more access systems according to the present invention.
• host computer 20 may include one or more workstations, such as an access control station, badging station, and guard workstation.
• control panel 12 communicates, through signal processor 18, with reader 16 and can open an appropriate door 30 once access is approved.
• various levels of security may be programmed into control panel 12 and reader 16. For example, security levels may be classified with regard to threat level, for example low, guarded, significant, high, and severe. The level of authentication/identification required for each threat level may be different. For example, in a low threat security environment access may be gained with a contactless card.
• the access system may be set to require both a contactless card and that the user input a personal identification number (PLN) into a keypad.
• PPN personal identification number
• a contact card and a PLN may be required.
• a contact card and some biometric input e.g., fingerprint
• three inputs — a contact card, a PLN, and a biometric input — may be requested of a user attempting to gain access.
• Figure 11 illustrates the relative security level with respect to various inputs and combinations of inputs requested of the user in a security system.
• a single smart card may be configured to provide both contactless and contact connection with reader 16.
• Figure 12 illustrates a card reader that can be utilized in embodiments of the present invention.
• the embodiment of card reader shown in Figure 12 includes an LCD display, a keypad for accepting PLN information, a smart card reader, a contactless reader, and a fingerprint sensor. A series of LEDs can indicate security level. Further, an acoustic alarm may be included.
• Figure 13 illustrates other types of card readers that may be utilized with embodiments of the present invention.
• the contact card readers may be ISO 7816 card readers and the contactless cards may be ISO 14443, parts 1-4 with a FIPS 140-2 approved algorithm.
• the card reader can be programmable, for example in order to extract SEIWG-12 data strings or other ID strings from a smart card.
• the Security Equipment Integration Working Group has issued a specification on September 30, 2002: "Development of a specification for SEIWG -compliant Access Control Components; a study by the Security Equipment Integration Working Group," September 30, 2002, which is herein incorporated by reference in its entirety and made a part of this disclosure.

Landscapes

• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Lock And Its Accessories (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=34468034

Family Applications (1)

Country Status (2)

Families Citing this family (7)

Family Cites Families (7)

• 2004
  • 2004-10-15 EP EP04795127A patent/EP1680768A1/de not_active Withdrawn
  • 2004-10-15 WO PCT/US2004/033926 patent/WO2005038729A1/en active Application Filing

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events