Patent Grant
6856237
This invention relates to an improved apparatus and method for secure entry systems, characterized by using a rotating electronic security code or equivalent technology with an automatic self-learning receiver. The invention is especially useful in multi-user applications, where many persons can individually operate or activate a single gate or door, for example. It can also be beneficial for smaller numbers of users, although single users or individual homeowners might find it easier and slightly more secure to use conventional systems (such as those described herein) that require manual “learning”.
A wide range of “keyless” security systems exist, including remote controlled gate operators and the like for residential, industrial, and/or business installations. Depending on the installation and circumstances, a large number of users may need to pass through a given entry on a regular basis. Similarly, in certain circumstances, there may be a substantial turnover or addition to the number or identity of users needing access (or having authorized access) during any given period of time. For example, employment changes, expansion, and similar factors can affect the number and identity of persons needing access through a particular company's entry gate, door, barrier arm, turnstile, or any other access control point.
In many applications, such systems include multiple transmitters (one is given to each authorized user), each of which activates a single receiver. Transmitters can take many forms, including (without limitation) cards, handheld electronic keys, RF or other frequency button activated devices, etc. The receiver is typically located at or near the controlled gate or door and, upon receiving an appropriate signal from any such transmitter, the receiver activates (typically opens or unlocks) the gate or door.
Security of such entries is improved by providing user-specific remote controls a unique, identifiable transmitter/controller for each user. That improved security normally comes at some cost, in that such user-specific controls can be burdensome to program, use, and administer, if they are available at all.
Such systems vary widely in their complexity and consequent degree of security. For example, transmitters commonly range from 256 code combinations (using eight DIP switches) to 65,536 code combinations (using 16 bit keys).
Criminals or other persons have attacked security system technologies with technologies of their own. Among other things, these counter-efforts include code breakers such as code scanners (signal-generating devices that can generate a massive series of signals, one of which may be the “correct” signal that activates the security system's receiver), and code grabbers (which can surreptitiously record a signal as it is generated by an authorized user, and can subsequently re-emit that identical signal). Such counter-efforts can seriously compromise the security of certain systems.
Later generation security systems attempted to address those counter-technologies. One such effort was to utilize 32-bit keys to increase the number of code combinations. However, this increase in bit keys only added to the number to combinations that a code scanner had to try before the right combination was “cracked.” Against a code grabber, this increase provided no additional protection.
Rotating code or code hopping security systems address the problem by utilizing code generators to produce different signals each time a transmitter emits a signal. With the addition of encryption and a 64-bit transmission length, such systems have substantially improved security. “Unique” identifying information is typically “burned” into each transmitter's internal chips or circuitry, and that information can be used within the security system not only to control which transmitters are “authorized” to open a gate (by way of example), but even to track and log which transmitters were in fact used at which time(s). Examples of such improved technology are discussed in U.S. Pat. Nos. 5,517,187 and 5,686,904. Commonly, that “unique” information is part of the signal that is transmitted to the receiver in order to activate the gate, door, etc.
Typically, for these systems to be-effective, the system administrator has to control and track the distribution of the transmitters, but that commonly involves only two actions: an initial “check-out” (when the transmitter is given to the user/tenant) and subsequent “check-in” (such as when the tenant turns in his or her keys/controllers/etc. upon terminating their lease). In the event of some intervening problem, however, such control and tracking of users and their respective transmitters can enable the manager/owner to “disable” the transmitter (even though it has not been returned to the manager/owner) by removing its “identification” from the list of authorized users within the receiver. This “authorized list” is a control level that is independent of the “learning” process required for each transmitter. Even if a transmitter is “learned” into the receiver, this further control can override and prevent activation of the gate or door based on that “unique” identification information in the transmitter.
Newer 64-bit technology has now raised the number of unique code combinations into the billions, and is further secured when combined with the aforementioned rotating code and encryption technologies. Against such systems, contemporary code scanners and code grabbers are ineffective, and at least currently, this type of security system is extremely difficult (or even virtually impossible) to “crack”. Foreseeably, further advances in computer technology and manufacture will increase those combinations even further and may add additional “security” aspects to the technology.
Despite their advantages, conventional rotating code or code hopping security systems have some shortcomings. Among other things, they can be difficult or burdensome to administer when there are multiple users and/or there is turnover among the users. This difficulty arises at least in part from the fact that each transmitter (with its “unique” identifying code or other unique information) typically must be “learned” into the receiver (see, e.g., U.S. Pat. No. 5,686,904) before the transmitter is operational. In this “learn” process, a button or several buttons on the receiver are manually pushed, which switches the receiver from normal operation to “learn” mode. While the receiver is in that “learn” mode, the transmitter that is to be “learned” is then aimed towards the receiver and its transmit button pushed. The transmitter emits and the receiver receives a 64-bit or other signal which contains various sub-signals or information (such as a synchronization signal, a button signal, facility code signal, etc.). Once that transmitter's signal is received, compared, and processed, the transmitter is “activated” and available for future use (in effect, the receiver side of the system will thereafter recognize that unique transmitter and its signals as “authorized”). This “learning” process must be repeated for each other transmitter before those other transmitters will activate the receiver.
Consequently, and as indicated above, despite the benefits of this rotating code or code hopping technology, it can be cumbersome to administer in a large user situation. For example, if such a system is used in an apartment or business complex, each tenant's transmitter must be “manually” learned or programmed before the tenant can use it. Such transmitters are used, for example, to open a common gate that permits entry into an apartment complex parking or common areas. Under this scenario, either each tenant must be taught how to program or “learn” his transmitter into the receiver, or the management/owner of the complex must do so for each tenant/transmitter. If there is a power failure, the “learning” can be lost from the receiver (unless flash memory, emergency backup power sources, permanent memory, or similar technology is provided), which requires that all transmitters to be relearned. Even if permanent memory is used, however, other failure of the receiver or access control system can require that all the transmitters be relearned into the replacement equipment. During any such period of inoperability (not only during the power outage itself, but during any period of time required to “relearn” the transmitters), access to the complex can either be precluded (even for tenants that are authorized to enter) or uncontrolled (such as if the gate is left open to prevent a massive number of frustrated tenants from not being able to enter the complex).
Other problems can occur in such multi-user systems, such as when one tenant or user tries to enter through the gate while another transmitter is being “learned”. Also, if the apartment manager or owner programs in or “learns” all the transmitters himself, he could be programming hundreds or even thousands of transmitters, a very daunting task.
It is, therefore, an object of the present invention to provide an improved security system that provides the heightened security of technology such as rotating code or code hopping, without the administrative burdens currently associated with that technology. The invention is especially useful for installations involving a large user population, although single or small user populations can benefit from the invention as well.
Another object of the invention is the provision of a system of the aforementioned character that has the ability to automatically or remotely “learn” some or most transmitters, such as at least being able to “automatically” learn all transmitters after the first transmitter is “manually” learned.
A further object of the invention is the provision of a security system method and apparatus of the aforementioned character, that automatically learns in new transmitters without the users necessarily realizing that their transmitters are being “learned”.
Some of the objects of the invention incorporate aspects of existing technology, such as requiring multiple signal transmissions from any given transmitter before the transmitter is “learned” (this is known within “manually” learned systems). Similarly, although alternative embodiments of the invention could be modified using existing “manual learning” technology to learn via a single transmission (or by more than two transmissions), the preferred embodiment of the invention requires two signals from any given transmitter, thereby taking advantage of the rotating code or code hopping technology. Under anticipated usage, this double press would be relatively transparent to a user, so that the user would not necessarily even realize that he or she was in the “learn” mode.
Yet another object of the invention is providing a security method and system having the ability to manually preprogram (or “teach” or learn into) a receiver the codes or similar information to identify and function with one or more transmitters, so that all transmitters that correspond to such preprogrammed information (including even the first transmitter used) will be automatically “learned” into the receiver upon pressing the transmitter button, thereby avoiding the need to manually learn even the first such transmitter.
A still further object of the present invention is the providing a security system improvement that is compatible with, and has the ability to operate within, a multitude of prior art access control systems (including, by way of example and not by way of limitation, Weigand controllers, computers, and telephone systems).
An additional object of the present invention is the provision of a security system of the aforementioned character, in which the automatic learning of transmitters can occur at any suitable location within the system, or via cooperation of various portions of the system. By way of example, preferred control logic or circuitry of the receiver can be positioned within the actual access control system (such as Weigand or other controllers, an associated telephone or telephone system, an associated computer, etc.) or at any other suitable location capable of interacting with the corresponding transmitters and the rest of the security system.
Other objects and advantages of the invention will be apparent from the foregoing, as well as from the following specification and the drawings.
A preferred embodiment of the invention is illustrated in the Figures, which include flowcharts of interactions between a first transmitter, a second transmitter and a receiver. The preferred method and apparatus can utilize any suitable code hopping encoder and decoder, such as the model HCS301 available from Microchip Technology Incorporated (“Microchip”). Examples of suitable hopping code technology are provided in Microchip's HCS301 product catalog and U.S. Pat. No. 5,686,904, the latter of which is hereby incorporated by reference herein regarding, among other things, its teachings of encryption and decryption algorithms and synchronization or hop code technology.
In a preferred embodiment, a single receiver may be used with hundreds to several thousand transmitters, with the number of transmitters limited only by the receiver memory. As indicated above, the invention is especially useful in applications involving a large number of users (such as in a large apartment complex, a business, or a factory). Persons of ordinary skill in the art will understand, however, that many of the benefits of the invention can be experienced in applications involving a smaller number of users.
Only the first transmitter and the second transmitter are illustrated in the Figures. Persons of ordinary skill in the art will understand, however, that the preferred method and apparatus can include third and subsequent transmitters that are learned and that operate similarly to the second transmitter.
In a preferred embodiment, the receiver is factory programmed with a 12-bit reference discrimination code. This reference discrimination information is unique and contains 12 bits of information that enables the receiver to identify and discriminate authorized from unauthorized transmitters. Authorized transmitters are similarly factory programmed with the same discrimination code.
As indicated above, preferred transmitters can take any suitable form, including (without limitation) cards, handheld electronic keys, RF or other frequency button activated devices, etc. In the preferred embodiment, the receiver first manually learns the characteristics of the first transmitter (similarly to the manual learning required with prior art systems).
The first transmitter is similar to the second transmitter, except the second transmitter has a different transmitter identification signal. By virtue of coordinated programming between the receiver (typically programmed by the installing company) and the transmitters (typically programmed or “burned” in by a manufacturer), the receiver can recognize each transmitters as belonging to an “authorized” group of transmitters. Accordingly, the “first” transmitter can be any of the authorized group of transmitters provided for a particular installation.
Furthermore, because each transmitter is typically programmed or burned with a distinct transmitter identification signal, each individual transmitter can be singled out for different security clearances or similar control processes. For example, tenants might be charged an additional fee each month for access to their complex's pool hall and gym, and their individual transmitter's code can be authorized to allow them entry through gates or doors for those areas of the complex. If they choose to not continue to pay, that code control can be changed by the landlord or manager to remove that user from the “authorized list” for that gate or door, without requiring any changes to the user's transmitter.
With regard to the preferred embodiment generally, and referring to the figures, all transmitters pass through the logic of FIG. 1. Depending on whether the signal is emitted for the first time, the second time, the third time or third time with some problem with aspects of the signal, four different paths, represented by different portions of the figures, will be encountered. Those various paths are discussed in greater detail below, but a general overview is set forth here.
If the receiver is being manually programmed for the first time, the logic proceeds from
In a preferred embodiment of the invention, only the first transmitter has to be manually “learned” in. Once “learned” in, all subsequent transmitters are “automatically learned.” That is, subsequent transmitters are initialized without first pressing the learn button on the receiver. Turning now to the logic or circuitry illustrated in
In this “housekeeping” mode, the receiverlooks for the programming switch to be pressed 30. To “learn” the first transmitter, the receiver preferably is manually placed in “learn” mode (such as by pushing a button on the receiver) and the first transmitter is activated to send its signal (typically accomplished by the user pushing a button on the transmitter, indicated by block GC 38 in FIG. 5). The first signal is thereby emitted from the first transmitter and processed by the receiver. In
In the preferred embodiment, the first transmitter may be provided with multiple buttons that can be programmed in various ways, including requiring a user to press a left button, a right button, or both in order to communicate with the receiver. Persons of ordinary skill in the art will understand that, as indicated above, any suitable transmitter device can be utilized within the scope of the invention.
As indicated above, the preferred transmitter signal includes 64 bits of information, although persons of ordinary skill in the art will understand that a wide variety of signals can be utilized effectively with the invention. The preferred 64-bit signal preferably contains encrypted and non-encrypted portions of the signal, including a button signal, a facility code signal, the aforementioned unique “burned-in” transmitter identification signal (these three portions preferably constitute a first subset of the entire signal) and a 32-bit hop code signal. In the preferred embodiment, the first subset of the signal uses 4 bits for the button information or signal, 12 bits for the facility code information or signal, and 16 bits for the transmitter ID information or signal. Preferably, the 32-bit hop code is encrypted and the others portions of the signal are not. The preferred 32-bit hop code is decrypted into the same 4-bit button information or signal as in the first subset, 12-bit discrimination signal and a 16-bit synchronization signal. As illustrated in
As indicated above, in the preferred embodiment, if the discrimination signal matches the reference discrimination code at block 46, then the receiver searches its EE memory at step 130 for the same information as the emitted information. When “learning” the first transmitter, the first time that first transmitter's button is pushed, no similar information will be found in the receiver's EE memory bank (unless it has been previously programmed, as discussed in connection with alternative embodiments discussed below). In a preferred embodiment, the receiver then stores 132 in its EE memory the 4-bit button signal, the 12-bit facility code signal, the 16-bit first transmitter identification signal, and the 16-bit sync signal. Persons of ordinary skill in the art will understand that, in alternative embodiments, less than all of this information can be stored in the receiver's EE memory for later verification, use, and processing. The amount of information stored in the EE memory corresponds to a selection by the owner/manager of a balance between (1) a higher or lower level of security (more information stored corresponds to higher security) and (2) a varying degree of flexibility in terms of checking one or more signals before a subsequent transmitter is recognized and processed. In alternative embodiments, the first transmitter can be manually “learned” in at the factory. In such embodiments, when a user pushes the first transmitter button for the first time, he does not have to manually push the receiver's “learn” button.
Once the first transmitter is “learned” in the receiver, the receiver automatically recognizes other transmitters without manual intervention. In a preferred embodiment, this is accomplished by the receiver returning to housekeeping/normal operation mode after learning in the first transmitter. In this condition, there is no output signal unless the first transmitter is pressed a second time. In a preferred embodiment, all transmitters are checked two times before they are initiated, although existing technology can set this to require only one or more than two times. When the first transmitter is pushed a second time, as before, the receiver looks to see that all incoming 64 bits of information/signal is “good” (see
Persons of ordinary skill in the art will understand that, in alternative embodiments, other signals instead of or in addition to the discrimination signal could be used to validate the transmitters. To clarify, in the preferred embodiment, the first transmitter is “learned” in after the first manual push of the receiver as explained above and shown in FIG. 5. However, there is no output unless the first transmitter is pressed a second time. In contrast, subsequent transmitters are “learned” in when they are pushed twice within a 10 second time span.
If the discrimination signal condition is satisfied (if there is a match at 46), the receiver verifies at 48/50 whether other components of the 64 bits of signal information from the transmitter are already in EE memory. If the result of verification 48/50 is “yes”, the circuit/logic continues through connection “C” (which is used in the figures to indicate a flow path connection of the logic rather than any action at that point) on
In passing, and unless the context indicates otherwise, the abbreviations in the Figures should be interpreted as follows: FAC=Facility code; TRANS=Transmitter; CKMORE=Check more; 4 BUT=4-bit Button code; WIGOUT=Weigand controller output.
Persons of ordinary skill in the art will understand that this checking at 48/50 is performed to determine whether the first transmitter is already “learned” or stored in the receiver. If it is already in memory and this is the “second” check, the second check satisfies the multiple check requirement of the receiver. However, since this is the first check, the logic continues with further verification.
In alternative embodiments, and as indicated above, the option shown in the block “FAC MATCH MODE?”, in
In the exercise of “manually learning” the first transmitter, then, the logic proceeds through point D,
If the 4-bit button information is on the “authorized” list (such as via outcomes “Y” below elements 304 or 306, FIG. 3), the circuit sets the “ADD” FLAG record function 312 and at 314 saves the 4-bit BUT code, the FAC code, and the Transmitter number to RAM or other usable memory. The circuit saves the 16-bit SYNC code to RAM at 316, sets up a 10-second timer at 318, and returns to the CKCK transmitter click 12 (also shown at the top of FIG. 1). Persons of ordinary skill in the art will understand that these steps 312, 314, 316, and 318 can be performed in a variety of orders.
If the receiver instead verifies “yes” at 48/50 (such as a second or subsequent push of the receiver), the circuit can check the parts of the signal in a variety of combinations and orders (similar to the description of elements 302, 304, 306 above regarding FIG. 3). As illustrated, the Facility Code portion of the signal is checked first at 55, followed by the button signal (such as at 56 or 57, depending on the result of the check at 55). Persons of ordinary skill in the art will understand that the logic through this area of the circuit can be configured to provide higher or lower levels of security (both the FAC and 4 BUT have to match or only the 4 BUT has to match, etc.). In the preferred embodiment illustrated in
When the first transmitter is pressed a second time, algorithm circuitry in the transmitter increases the sync number of its second signal above the sync signal of its original signal, this is designated as a second-second sync signal. In the preferred embodiment, the transmitter's sync number increases by one each time a button is pushed. Although persons of ordinary skill in the art will understand that larger increments may also work and will satisfy the same criteria (i.e., that the transmitter's subsequent sync signal be larger than its previous signal). Once a check against the receiver memory for similar information is performed and satisfied (such as illustrated by the “Y” result coming from blocks 56 or 57,
In situations where the first transmitter is accidentally pressed while it is carried in a purse or a pocket, the sync number in the transmitter increases the same number of times as the number of accidental pressing. If this number is 129 or larger, the next time the receiver receives a signal from this first transmitter, the receiver will not generate an output. If it is 128 or less, the receiver and transmitter go off without further verification (see
The process is initiated by setting the “SYNC OFF FLAG” 67. A person of ordinary skill in the art will understand that a 16,000 limit is arbitrary and that other numbers will suffice, limited only by the receiver memory. In a preferred embodiment, if the new received sync signal is above 16,000, the receiver ignores the 64 bit information and resets itself to housekeeping mode. A sync signal outside of this range cannot be verified and is assumed to come from an illegal transmitter. Likewise, if the 64 bit information and the 12 bits discrimination signal do not match, then the transmitter cannot be verified and is assumed to be from an illegal transmitter. Where a new 64 bit information with a sync signal between 129 and 16,000 of the prior sync signal is received, the first transmitter is “auto learned” as if transmitted for the first time. In this case, on the logic moves to “SET ADD” 69 and the button signal, facility code signal, first transmitter signal and new sync signal or second-second sync signal are written to random access memory (“RAM”) (
During the verification process for a sync number that is out of range, the logic proceeds first by verifying that the new sync number is in the range of the one previously stored 72, FIG. 4. Since it is, because this is a second signal emitted within 10 seconds, the receiver moves the logic to block 86 and stores the first-second subset including the 4 bit BUT signal, 12 bit FAC code signal and 16 bit first transmitter identification signal and 16 bits sync signal, or first-second sync signal, in EE memory 86. The receiver then clears the “ADD” flag 88 and sends a WIGOUT signal 68. In a preferred embodiment, the second sync signal, must be within 2 of the first sync number that was just stored in RAM. However, a person of ordinary skill in the art will understand that other higher increments may also serve the same purpose.
If the new sync number is not the same as the previous sync number 72, the old sync number in the receiver is increased 74, and a second check of the old sync number against the new sync number takes place. This logic verifies that when a new signal is emitted within 10 seconds of the old signal, the new sync number is 2 of the old sync number. Once verified, it then stores the first-second subset as described above.
In real life situation, if a user encounters the above scenario wherein the user presses his transmitter button and nothing happens, he will undoubtedly press it again, probably within 10 seconds. In doing so, he will gain access to whatever location or thing he desires without having to manually reset the receiver. This is the case described above.
When a second user with a second transmitter is pressed for the first time, like before, the second transmitter emits a 64 bit signal which includes 4 bit button signal, 12 bit facility code signal, 16 bit second transmitter signal and 32 bit hop code signal (block 42, FIG. 1). The receiver decrypts the signal and verifies that the 12 bit discrimination signal matches the 12 bit reference discrimination code 46. The receiver then processes the other information and determines whether the second transmitter is already in memory 50. Since this second transmitter has not been entered, no “SET FLAG” has been set 300, so the receiver proceeds to verify whether there it is in a “FAC MATCH MODE” 302. If so, both the 4 BUT and FAC are verified, if not, only the 4 BUT signal is verified 304. Once satisfied, the logic proceeds with setting the “ADD FLAG” 312 and stores the BUT, FAC and TRANS signals to RAM 314.
As with the first transmitter, the logic will not emit an output unless the second transmitter is verified a second time. Thus, a 10 second timer is set 318 and the logic looks for a second signal 12. If the transmitter is pressed again within 10 seconds, the 64 bit signal is checked 42, the receiver decrypts 44 the signal and the discrimination signal is verified 46 (FIG. 1).
Since this second transmitter is not in EE memory, the logic proceeds to “ADD FLAG SET?” 300 of FIG. 3. In determining that it is set, because this is a second emission within 10 seconds of the first, and the flag was set during the first emission, the logic moves to block 61, FIG. 4. The receiver then verifies that the second signal from the second transmitter has a same second-second subset signal (which include the button signal, facility code signal and second transmitter signal) as the ones previously emitted and stored in RAM 61. The new sync signal, also known as a second-second sync signal is then verified and stored in memory if it is 2 of the previous sync signal. The receiver performs this functions by increasing the previously saved sync number 70. The logic then determines whether the saved sync (with the increase 70) equals the newly emitted sync 72. If they are equal, the logic moves to block 80 “SYNC OFF FLAG SET?”. Since the flag is set, it writes the button signal, facility signal, transmitter identification signal and new sync number to EE memory 86, clears the “ADD” flag 88 and sends an output signal 68.
If the second transmitter is pressed a third time and emits a second-third signal, that signal is processed through the logic of FIG. 1 and
In an alternative embodiment, the logic just described does not have to be located in a separate receiver. Instead, a receiver could be a phone system and the phone system itself may determine admittance, not a weigand controller. Alternatively, the logic may reside in a computer or some other device that is capable of making a final determination. Still another alternative, the logic may reside in a device but that device does not make a final determination. A person of ordinary skill in the art will understand that the logic described in the foregoing permits automatic learning in a security system and that ultimate clearance determination could be performed by a multitude of device currently in the prior art. As such, the receiver could be any one of those devices or a separate device connected to one of those controllers.
In an alternative embodiment, all button signals, facility code signals and a range of transmitter identification signals are manually programmed into the receiver (see FIG. 9). When the first transmitter is then used for the first time, it must be pushed twice within 10 seconds in order to validate the first transmitter. If so, only the sync signal of the first transmitter is written to EE memory. Referring to
In this alternative embodiment, as before, the receiver keeps house by continually updating a 10 second timer,
Back in
Since this is a first emission, the “SET SYNC OFF FLAG” is set (see
When the first transmitter is pressed a second time, emitting a first-second signal, and within 10 seconds, the 64 bits signal (including a first-second subset signal) is checked,
If the signals matched the logic moves back to
The receiver is now reset to housekeeping (“CKCK”
In some of the many alternative embodiments of the invention, a valid time zone can operate a relay for the clearance output. In addition, all clearance output or transactions can be saved to a transaction buffer, for printing, record-keeping, or other purposes.
While the preferred embodiment and method of the invention has been described with some specificity, the description and drawings set forth herein are not intended to be delimiting, and persons of ordinary skill in the art will understand that various modifications may be made to the embodiments and methods discussed herein without departing from the scope of the invention, and all such changes and modifications are intended to be encompassed within the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4638433 | Schindler | Jan 1987 | A |
| 4750118 | Heitschel et al. | Jun 1988 | A |
| 5517187 | Bruwer et al. | May 1996 | A |
| RE35364 | Heitschel et al. | Oct 1996 | E |
| 5949349 | Farris et al. | Sep 1999 | A |
| 6049289 | Waggamon et al. | Apr 2000 | A |
| RE36703 | Heitschel et al. | May 2000 | E |
| 6166650 | Bruwer | Dec 2000 | A |
| 6167137 | Marino et al. | Dec 2000 | A |
