Patent Application
20190156607
Embodiments described herein relate to the field of padlocks, and in particular to padlocks which are unlocked through the use of biometric information.
Various designs of padlocks are presently available. Padlocks generally comprise a removable shackle that locks into a housing and can be removed from the housing when the housing is unlocked through a user action. Such actions resulting in the unlocking of a padlock may include, for example, inserting a physical key into the lock, or entering the correct combination into a combination lock.
A common feature among the above-mentioned lock types is that the user is required to have either knowledge (e.g. knowledge of the combination) or possession (e.g. possession of a physical key) of the unlocking means in order to unlock the padlock. It is commonplace for a user to forget the combination to a lock, or to misplace the key. Likewise, the key to a lock can be stolen, or the combination to a lock can be ascertained by looking over the user's shoulder while they open the lock, which compromises the security and effectiveness of the lock. Moreover, if the user of a combination lock wants to let someone else access the lock temporarily, they can provide the combination to that other person, but there is no way of forcing that other person to forget the combination. Likewise, if a lock owner allows a friend to borrow their key to the lock, the key can be duplicated. Thus, it is not possible to maintain security with third party users without compromising the effectiveness of the lock to at least some degree.
Conventional lock designs are also vulnerable to “shimming”, which is the sliding of additional objects into the channel that accepts the shackle, in order to release the latch which normally prevents the shackle from being withdrawn from the padlock housing.
Accordingly, there is a need for systems and methods for controlling operation of locks which do not require the user to carry a key or memorize additional details, and provide flexibility for granting permission to other users.
There are fingerprint padlocks presently available. These padlocks can be unlocked by scanning authorized fingerprints that were stored during prior setup. The setup phase allows the user to scan and store fingerprints as digital information inside the padlocks to be used at a later time; multiple fingerprints of different users can be stored. However, when the owner decides a user whose fingerprint has already been stored should no longer have access to the lock, the owner must delete all of the fingerprints data stored inside the lock because there is no way to identify which fingerprint belongs to such user; the owner must then setup all of the authorized fingerprints from scratch. There is no way of revoking a user's access without revoking all users' access and causing great inconvenience for the owner. There is also no way to keep track of how many fingerprints have been stored.
There is a need for systems and methods to manage users, their fingerprints and their accesses that allow the owner to add, delete and make changes to authorized users, fingerprints and accesses in a way that is easy, fast and effective.
There is a need for users to track information associated with the fingerprint accesses and uses of the padlock including but not limited to access history, access location and access user identity.
Fingerprint padlocks require electrical components and are vulnerable to water damage. As padlocks have strong use cases in outdoor environments where exposure to water, snow, rain and other environmental toughness is frequent, there is a strong need for systems and methods that allow various components of fingerprint padlocks to survive these environments.
Fingerprint padlocks and other electrical padlocks all require a power source, generally a battery, to function properly. There is a need for power management and systems and methods to prevent power outages and support the functions of the padlock in case a power outage does occur. Padlocks have security vulnerabilities that can be exploited by physically forcing the lock casing to be opened.
In accordance with one aspect, there is provided herein a padlock device comprising a housing; a shackle associated within the housing and having, with respect to the housing, a closed configuration and an open configuration; a latch subsystem associated with the housing for securely retaining the shackle in the closed configuration, the latch subsystem electrically operable to release the shackle; a biometric sensor associated with the housing to electronically sense fingerprint data from a finger being sensed; a control subsystem in the housing in communication with the biometric sensor and the latch subsystem, the control subsystem comprising: internal processor-readable memory configured to store one or more fingerprint records, each fingerprint record comprising authorized fingerprint data associated with a respective fingerprint identifier; processing structure configured to receive sensed fingerprint data from the biometric sensor and to cause the latch subsystem to release the shackle in the event of a release condition requiring at least that the sensed fingerprint data corresponds to authorized fingerprint data in at least one of the fingerprint records; the processing structure configured to present a management interface accessible by an external device in authorized communication with the control system to selectively: store one or more fingerprint records in the internal processor-readable memory; and delete or disable one or more stored fingerprint records in the internal processor-readable memory based at least on one or more respective fingerprint identifiers provided by the external device.
In an embodiment, the processing structure is configured to present the management interface accessible by the external device in authorized communication with the control system to selectively cause the latch subsystem to release the shackle without the control subsystem being in the release condition.
In an embodiment, the processing structure is configured to automatically create and store at least one history record in the internal processor-readable memory each time the shackle is released, each history record comprising a fingerprint identifier. In an embodiment, each history record further comprises at least one of: date/time information and location information.
In an embodiment, the electronic management interface is accessible by the external device in authorized communication with the control system to selectively provide at least a subset of the history records to the authorized external device.
In an embodiment, the padlock device is powered by at least one battery and the electronic management interface is accessible by the external device in authorized communication with the control system to selectively provide information about the at least one battery to the authorized external device.
In an embodiment, the control system comprises a wireless transceiver for wirelessly communicating with an external device.
In an embodiment, at least one fingerprint record is stored in association with one or more authorized time windows, wherein the release condition further requires that a time at which the sensed fingerprint data is sensed by the biometric sensor falls within one of the one or more authorized time windows for the corresponding at least one fingerprint record.
In an embodiment, the release condition further requires that additional sensed fingerprint data be sensed by the biometric sensor and that the additional sensed fingerprint data corresponds to authorized fingerprint data in at least one other of the fingerprint records.
In an embodiment, the processing structure is configured to authorize communications with an external device only in the event that the processing structure confirms both a serial number corresponding to the padlock device provided by the external device and a user key corresponding to an authorized manager of the padlock device provided by the external device.
In accordance with another aspect, there is provided a padlock system comprising the padlock device and a processor-readable medium embodying a computer program for provisioning the external device to conduct authorized communications with the padlock device, the computer program comprising program code for authenticating an authorized manager of the padlock device on the external device; program code for causing the external device to retrieve the serial number of the padlock device from a remote server in the event that the authorized manager is authenticated; and program code for sending the retrieved serial number and a user key corresponding to the authorized manager to the padlock device thereby to request the padlock device to authorize communications with the external device.
In accordance with another aspect, there is provided a padlock system comprising the padlock device and a processor-readable medium embodying a computer program for provisioning the external device to conduct authorized communications with the padlock device, the computer program comprising program code for presenting a user interface on the external device for enabling the authorized manager to conduct managing of fingerprint records for the padlock device; and program code for accessing the management interface of the padlock device in accordance with the managing.
In an embodiment, the program code for accessing the management interface comprises program code for generating a new fingerprint identifier; and program code for sending the new fingerprint identifier to the management interface with an instruction to add a new fingerprint record, the processing structure of the padlock device is configured to create and store a new fingerprint record using the new fingerprint identifier and fingerprint data coincidentally electronically sensed by the biometric sensor of the padlock device.
In an embodiment, the program code for accessing the management interface comprises program code for generating a new fingerprint identifier and capturing fingerprint data using the external device; and program code for sending the new fingerprint identifier and the captured fingerprint data to the management interface with an instruction to add a new fingerprint record, wherein the processing structure of the padlock device is configured to create and store a new fingerprint record using the new fingerprint identifier and fingerprint data sent from the external device.
In an embodiment, the program code for accessing the management interface comprises program code for enabling the authorized manager to select a fingerprint identifier; and program code for sending the selected fingerprint identifier to the management interface with an instruction to delete or disable a corresponding fingerprint record stored in the processor-readable memory of the padlock device.
In an embodiment, the processing structure generates the fingerprint identifier. In another embodiment, the fingerprint identifier for a new fingerprint record is received from an external device via the management interface.
In accordance with another aspect, there is provided a method of operating a padlock device having a housing and a shackle associated with the housing, the shackle having, with respect to the housing, a closed configuration and an open configuration, the method comprising storing one or more fingerprint records in an internal processor-readable memory of the padlock device, each fingerprint record comprising authorized fingerprint data associated with a respective fingerprint identifier; causing a latch subsystem associated with the housing to securely retain the shackle in the closed configuration; causing a biometric sensor to electronically sense fingerprint data from a finger being sensed; in the event of a release condition requiring at least that the sensed fingerprint data corresponds to authorized fingerprint data in at least one of the fingerprint records, causing the latch subsystem to release the shackle thereby to enable the shackle to be in the open configuration; presenting a management interface accessible by an external device in authorized communication with the padlock device enabling the external device to selectively: store one or more fingerprint records in the internal processor-readable memory; and delete or disable one or more stored fingerprint records in the internal processor-readable memory based at least on one or more respective fingerprint identifiers provided by the external device.
In accordance with another aspect, there is provided a method of unlocking a padlock, the method comprising: scanning a fingerprint of a user with a sensor; converting the fingerprint into fingerprint digital data; comparing the digital data to a set of at least one record of fingerprint digital data; and unlocking the padlock if the converted fingerprint digital data corresponds to one of the set of at least one record of fingerprint digital data.
In accordance with another aspect, there is provided a method of registering a padlock comprising a memory with an owner account, the method comprising: connecting the padlock with an external device; generate a unique lock ID and store the lock ID in the local memory of the padlock device if no existing lock ID is found in the memory; store the lock ID in an online database.
In accordance with another aspect, there is provided a method of associating a registered fingerprint with at least one stored data point in an external database. This association can then be used to read, identify, manage, add, delete or control users, fingerprints, accesses, and other relevant functions.
In accordance with another aspect, there is provided a method of connecting the padlock with an external device, which having or is connected to a screen or display, having or is connected to an input source and having access to a database, can be used to display information about the padlock and its stored fingerprints and control, manage, add, delete or control fingerprints, users and accesses pertaining to the connected padlock.
In accordance with another aspect, there is provided a method of collecting information about each access and its user at the time of access and transmitting and storing this information in an online database. This information can then be displayed or used for other purposes like displaying, analysis, reporting, calculations, etc.
In accordance with another aspect, there is provided a method of protecting the padlock from water damage using mechanical designs that prevent water from affecting the padlock's electrical components.
In accordance with another aspect, there is provided a method of replenishing the power source of the padlock without moving, changing or removing physical components of the padlock.
In accordance with another aspect, there is provided a method of preventing power outages by reminding the user to replenish the power source when the power source reaches certain levels.
In accordance with another aspect, there is provided a method of minimizing consumption of power to increase the power source's lifespan and decrease the frequency and time needed to replenish the power source.
In accordance with another aspect, there is provided a method of unlocking the padlock using a button on the padlock without using fingerprints, keys and external devices.
Some embodiments of the invention are explained in further detail below with reference to the figures, which are intended to illustrate only example embodiments and not to limit the scope of the invention, in which:
Described herein are example embodiments which are not intended to be limiting on the scope of the invention. The following are merely examples which illustrate some of the concepts described herein.
A light-emitting diode (LED) 110 is visible through the front cover 106 and, in this embodiment, serves as a state- or status-indicator for padlock device 100. For example, when padlock device 100 is in an unlocked state, LED 110 is driven to turn green. When padlock device 100 is in a locked state but is connected to another device via Bluetooth, LED 110 is driven to turn blue. When a user provides a fingerprint which is not accepted by padlock device 100, LED 110 is driven to turn red.
In this embodiment, biometric sensor 108 is a capacitive fingerprint sensor produced by Fingerprint Cards AB of Sweden under model number FPC 1020 and is mounted within front cover 106 along with a plastic insulator 126 equipped with a sensor gasket 128. Sensor gasket 128 achieves a similar sealing function for housing 104 and biometric sensor 108 as does O-ring 122 for power button 116. In this embodiment, biometric sensor 108, plastic insulator 126 and sensor gasket 128 are mounted to front cover 106 by fastening a sensor rear cover 130 to front cover 106 using one or more screws 133.
Biometric sensor 108 is electrically connected to be in communications with a processing structure 135 supported on PCB 124. In this embodiment, processing structure 135 is a coordinated set of two microprocessors mounted in communications with each other on PCB 124. In particular, in this embodiment, the first microprocessor is a Multiprotocol Bluetooth chip provided by Nordic Semiconductor of Trondheim, Norway under model number nRF51822-QFAC and the second microprocessor is a 32-bit ARM® Cortex®-M3 Microcontroller provided by ARM Inc. of Cambridge, U.K. under model Cortex-M3. In this embodiment, the first microprocessor serves as a master controller of padlock device 100 and the second microprocessor, controlled by the first processor, is used mainly to process sensed fingerprints as will be described.
Padlock device 100 includes a latch subsystem for securely retaining shackle 102 in the closed configuration, as will be described in further detail. In this embodiment, latch subsystem includes two latches 155 which make contact with shackle 102 so as to securely retain shackle 102 when padlock device 100 is in the closed configuration. Two long springs 156 are mounted inside latches 155 to bias latches 155 to a retention position. Two small metal shafts 158 are mounted concentrically with springs 156 to guide movement between retain (locked) and release (unlocked) positions of latches 155.
In this embodiment the latch subsystem further comprises a motor 162 in driving engagement via a rotor 166 with latches 155 and also powered by battery 164. Motor 162 is in electrical communication with processing structure 135, in particular the first microprocessor in this embodiment, via terminals on PCB 124 thereby to enable processing structure 135 to communicate with the latch subsystem. In the event of a release condition as will be described in further detail below a signal is sent by processing structure 135 to actuate motor 162, which serves to rotate rotor 166 to, in turn, cause latches 155 to recede inwards thereby to releases each portion 134, 152 of shackle 102 to enable shackle 102 to be moved to its open configuration.
In the unlocked position, a spring 168 having been compressed against its bias by second portion 154, is able to push second portion 154, and thus entire shackle 102, upwards until it reaches its rest position. Once this is done, perhaps after a very short delay to enable spring 168 to work against any friction, motor 162 is stopped by processing structure 135 from being actuated against the bias of springs 156 for latches 155 thus enabling latches 155 to return to their rest position—that is their extended or locked position. Shackle 102 having been moved upwards by spring 168 away from latches 155 remains in an unlocked state and free to be moved to an open configuration, for looping through some object to be locked, until such time as its portions 134, 152 are pushed back downwards into respective channels 132, 154 to be engaged again by latches 155.
When first portion 134 of shackle 102 is removed from channel 132, shackle 102 is prevented from being completely separated from housing 104, as second portion 152 of shackle 102 (which is longer in length than first portion 134) is prevented from being completely removed from second channel 154 of housing 104 by a rivet 170. Shackle 102 may, however, be freely rotated while retained within housing 104 about an axis aligned with second portion 152.
In this embodiment, once unlocked and first portion 134 of shackle 102 is removed, a user can manually close and re-lock shackle 102 by re-inserting first portion 134 into channel 132 far enough to engage latches 155, and thereby push them slightly back against the bias of springs 156 until latches 155 can snap back into respective slots in portions 134 and 152.
Referring once again to
As disclosed above, in this embodiment, screws 152 fasten front cover 106 to housing 104, thus enclosing the internal components on the front side of the padlock device 100. The rear side of padlock device 100 (as shown in
In this embodiment, padlock device 100 operates in conjunction with various software and hardware systems as described herein. For example, in this embodiment, the internal processor-readable memory and processing structure 135 are configured to together serve as a control subsystem that communicates with biometric sensor 108 and the latch subsystem to release shackle 102 as described above in the event of a release condition. The internal processor-readable memory is configured to store one or more fingerprint records, with each fingerprint record comprising authorized fingerprint data associated with a respective fingerprint identifier. Depending on the implementation or needs of a system, the fingerprint identifier may be generated anew by an external device and provided to padlock device 100 for creating a new fingerprint record or may be generated by padlock device 100 when padlock device 100 is instructed to create a new fingerprint record. For example, for larger enterprises, it may be useful to have centralized creation of fingerprint identifiers so that individual padlock devices 100 for the enterprise do not carry duplicate fingerprint identifiers that in fact are associated in different padlock devices 100 with different fingerprints.
Processing structure 135 is configured to receive sensed fingerprint data from the biometric sensor 108 and to cause the latch subsystem to release shackle 102 when the release condition is satisfied. In this embodiment, the release condition requires at least that the sensed fingerprint data corresponds to authorized fingerprint data in at least one of the fingerprint records, thus enabling an authorized person to open shackle 102 simply by touching the biometric sensor 108 with his or her finger. In an embodiment, the release condition may require additionally, for example, that the sensed fingerprint data is sensed by the biometric sensor at a time that corresponds to one or more authorized time windows for the corresponding fingerprint record. The authorized time windows can additionally be stored in associated with at least one of the fingerprint records in the internal processor-readable memory. This would enable padlock device 100 to remain locked outside of certain time windows to people who, within the time windows, would otherwise be able to unlock padlock device 100. In embodiments where padlock device 100 does not track time, such time-window functionality may be provided only to those using a software application on an external device to unlock padlock device 100, or not at all. As another example, the release condition may require that additional sensed fingerprint data be sensed by biometric sensor 108 (that is, more than one person's fingerprint, sequentially) and that the additional sensed fingerprint data corresponds to authorized fingerprint data in at least one other of the fingerprint records. This would enable padlock device 100 to require two different people (or at least two different fingerprints) to be present to unlock padlock device 100.
Processing structure 135 of padlock device 100, in this embodiment the first microprocessor, is also configured to present a management interface accessible by an external device that is in authorized communication with the control system. In this embodiment, the management interface presents software function calls available to be called by an external device that is authorized to communicate with padlock device 100. The function calls available to the external device enable the external device to instruct padlock device 100 to enroll a new fingerprint, delete or disable a fingerprint, provide access history, unlock padlock device 100, and the like. By providing such function calls, the external device can make changes on and can request information of padlock device 100 without having to know precise implementation details of padlock device 100. That is, the external device does not have to know how internal processor-readable memory is managed on padlock device 100, nor the instruction set for processing structure 135. Using management interface according to this embodiment, external device can selectively instruct processing structure 135 to store one or more fingerprint records in the internal processor-readable memory and/or to instruct processing structure 135 to delete or disable one or more stored fingerprint records in the internal processor-readable memory based at least on one or more respective fingerprint identifiers provided by the external device.
In this embodiment, the first microprocessor, serving as the master controller of padlock device 100, communicates with the external device, and also controls the second microprocessor, movement of motor 162, power management and alternative methods of unlocking padlock device 100 such as via the management interface as will be described or via a pattern of button presses as will also be described. The second microprocessor is used primarily for fingerprint related processes such as capturing fingerprint data from biometric sensor 108, retrieving fingerprint data from internal processor-readable memory, and signalling the first microprocessor in the event of matches or no matches, etc.
In this embodiment, processing structure 135 is also configured to present the management interface accessible by the external device in authorized communication with the control system to selectively instruct processing structure 135 to cause the latch subsystem to release shackle 102 without the control subsystem being in the release condition (that is, without having to have a finger presented to biometric sensor 108). This enables padlock device 100 to be unlocked by an authorized person having possession and control over the external device.
In this embodiment, such an external device could be a mobile device 800 provisioned to conduct authorized communications with padlock device 100, present a user interface, and to provide padlock device management functionality to a user of the mobile device 800 thereby to enable the user to be a manager of padlock device 100. A mobile device 800 is convenient to carry and can provide a convenient interface for managing access to padlock device 100. Such a mobile device 800 can be provisioned by downloading to mobile device 800 an executable software application (computer program) from, for example, an “App Store” server site such as is provided by Apple Computer of Cupertino, Calif., U.S.A., and installing the software application so that it may function on mobile device 800. The software application includes program code for authenticating a user who is an authorized manager of padlock device 100 on mobile device 800, and program code for presenting a user interface on mobile device 800 for enabling the authorized manager to conduct managing of fingerprint records for padlock device 100. The software application also include program code for accessing the management interface of padlock device 100 to selectively instruct the processing structure 135 of padlock device 100 in accordance with the managing.
In this embodiment, the software application also includes program code for causing mobile device 800 to retrieve a serial number of padlock device 100 from a remote server in the event that the authorized manager is authenticated. The software application also includes program code for sending the retrieved serial number and a user key corresponding to the authorized manager to padlock device 100 thereby to request padlock device 100 to authorize communications with the mobile device 800 thereby to enable mobile device 800 to instruct padlock device 100 via its management interface as described above.
In this embodiment, mobile device 800 is a smartphone.
In this embodiment, before padlock device 100 can be locked and unlocked, padlock device 100 must first be initialized to be associated with a user account. In this embodiment, this initialization process is called “first-pair”.
In this embodiment, padlock device 100 can be awakened from sleep mode by pressing power button 116 once and can be switched into a Bluetooth mode by pressing power button 116 a second time (step 910), wherein the Bluetooth transceiver is in a condition to pair and communicate with, for example, smartphone 800. Upon pressing the “add padlock” symbol 2006 in the software application as shown in
In this embodiment, the SN is generated using a unique string generation algorithm, such as an algorithm known in the art. It is to be noted that in some embodiments, the SN may also be generated by getting a sequentially unused ID from the online database and encrypting it, and in these cases publicly available cryptographic algorithms like MD5, SHA-1 or SHA-256 may be used for the encryption. At step 928, the software application then generates two random keys (hereby called key1 and key2) using a random string generation algorithm, such as an algorithm known in the art. The software application then sends the SN, key1 and key2 to padlock device 100, which stores the received information in the internal processor-readable memory of padlock device 100 (step 930); the software application then sends the SN, key1, key2 and padlock device 100's relevant information (like mac address, firmware version, etc.) to the online database to be stored (step 932); in the online database, the padlock device 100 and key1 (the key for owner level permissions) are associated with the user account; at step 934, the software application deletes the SN, key1 and key2 from the mobile device 800. Initialization is successful and the user account is then considered to be an owner account for padlock device 100 (step 936). It should be noted that in some embodiments, there may be multiple owner accounts for padlock device 100, and each owner account may have different permission levels that allow for different settings to be changed under that owner account; multiple keys would be generated and associated with different accounts to distinguish the permission levels. In some embodiments, an owner account may have multiple padlock devices 100 associated with the account.
It should be noted that the use of keys (for example, key1 and key2 as mentioned above) are used along with the SN as a security measure to prevent the SN from being illegally listened to, recorded and used to gain illegal access to padlock device 100. It should also be noted that in some embodiments, key1 and key2 may be updated with newly generated strings each time the owner is authenticated and the software application connects to padlock device 100; this further improves the security of the system by preventing one key to be used multiple times.
According to some embodiments, authentication is required before any management such as changes in settings by an authorized owner/manager can be made to any of padlock devices 100 registered to an account. For example, if the owner wishes to share access of a padlock device 100 with a user that is not the owner (e.g. a third party), to add additional authorized digital fingerprints to the local memory on padlock device 100, or to remove a digital fingerprint from padlock device 100, these actions would all require owner authentication. It should be appreciated that some embodiments of the invention function without a non-owner's information being stored on the local memory of padlock device 100. However, in other embodiments, the owner can choose to add another user's (e.g. an individual who is not the owner) fingerprint in a digital format to the local memory on padlock device 100 such that padlock device 100 can be used by that non-owner user with a fingerprint, and without the use of a smartphone.
The software application sends the SN and key to padlock device 100 (step 1006). At step 1008, software application compares information obtained from database with those in padlock device 100. If the SN matches to that stored in padlock device 100 and the user's key matches key1 stored in padlock device 100, then the owner authentication is successful and owner permissions is established (step 1010). If not, the method proceeds to step 1012 and authentication fail.
In this embodiment, if the owner is within proximity of padlock device 100, the user can be authenticated by retrieving and using the encrypted owner identifier stored in the local memory of padlock device 100 (rather than matching lock ids stored in padlock device 100 and the online database). This owner identifier can then be compared to an owner identifier computed from the fingerprint provided by the user attempting to obtain authorization. According to some embodiments, only the owner is allowed to authenticate using the data stored locally on padlock device 100.
In some embodiments, the software application may allow the owner to manage fingerprints according to users' individual identities, or user profiles.
In this embodiment, the owner enables padlock device 100 to enter a mode of operation in which padlock device 100 can accept a fingerprint of a user for storage within the local memory of padlock device 100 as a user authorized to unlock padlock device 100. Once in the “accept” mode of operation, the user can scan a fingerprint into padlock device 100 via sensor 108, and a digital fingerprint template corresponding to fingerprint is then stored in a fingerprint record in internal processor-readable memory on padlock device 100 in association with a fingerprint ID unique to the finger that was scanned. In this embodiment, only the owner has the privileges required to enable padlock device 100 to accept a fingerprint for digitization and local storage within the local memory of padlock device 100.
In this embodiment, padlock device 100 produces a sequentially new fingerprint identifier for the fingerprint to be used as the fingerprint identifier. The fingerprint identifier is associated with the fingerprint template in the internal processor-readable memory of padlock device 100 and also sent to the mobile device 800 (step 1416). The software application then allows the owner to choose the user whose fingerprint was just accepted from a list of user profiles (step 1418). If the user does not exist in the list of user profiles, the owner is asked to enter basic information (e.g. one or more of a username, email address, name, or the like) about the user and create a user profile for the user. If the user has an existing user profile, that user profile will be used. Once the user profile has been selected or created, the owner then selects which finger the accepted fingerprint belongs to at step 1420. In this embodiment, the fingerprint identifier, user profile, finger selected, owner' account and all relevant information are associated with each other and uploaded to the online database at the remote server, to be stored at step 1422.
In this embodiment, padlock device 100 can be unlocked via the software application on smartphone 800 or via biometric sensor 108 on padlock device 100 itself.
It should be noted that in some embodiments, the comparing and matching process may be done in other components or devices (for example the fingerprint module or the mobile device). In this embodiment, if the received fingerprint corresponds to—that is, matches—one of the fingerprint templates stored in the local memory, then the release condition is achieved and the lock should be unlocked. In an embodiment, this newly received fingerprint is also used to enrich the current template; this enriching process, called adaptive fingerprint learning, increases the accuracy and performance of the fingerprint scanning process every time an authorized fingerprint is scanned. With the second microprocessor of processing structure 135 having recognized that the sensed fingerprint data corresponds to fingerprint data in a fingerprint record in internal processor-readable memory, the second microprocessor signals the first microprocessor. The first microprocessor can determine if any other conditions needs satisfying before considering the release condition to have been fully satisfied and, if the release condition is indeed fully satisfied, the first microprocessor of processing structure 135 causes the latch subsystem to move to an unlock condition by causing motor 162 to release latches 155 to allow shackle 102 to be ejected from channel 132 and 154 (step 1510); in some embodiments, LED signal 110 is driven by the first microprocessor of processing structure 135 to flash green. In this embodiment, padlock device 100 also creates and stores a history record in the internal processor-readable memory for the fingerprint identifier associated with the fingerprint (step 1512). In this embodiment, the set of history records keeps the sequence of successful accesses (i.e., each time the shackle is successfully released from its locked condition) in the history records. In this embodiment, the history record simply stores the fingerprint identifier used for successfully accesses, in sequence of access. In alternative embodiments, where padlock device 100 is capable of tracking date/time, a timestamp of date/time of the successful access may be included in the history record. In alternative embodiments, the history record may also include location information for the successful access in the event that padlock device 100 incorporates a global positioning system (GPS) receiver or is otherwise capable of discerning its physical location. For example, if padlock device 100 is positioned on the back door of a transport truck, it may be useful to log information about where in its travels (source, destination or somewhere in between) it had been successfully unlocked.
On the other hand, if at step 1508, the received fingerprint does not match any of the locally stored fingerprint templates, then padlock device 100 should not be unlocked, and motor 162 will not be actuated; in this embodiment, the LED signal 110 will flash red (step 1514). To prevent aggressive operations of the padlock, five consecutive failed attempts would lead to a shut-down of padlock device 100.
After authenticating the owner (step 1602), the owner selects a user profile from a list of user profiles (step 1604); the owner then selects a fingerprint to delete from a list of fingerprints under the selected user profile (step 1606). At step 1608, the software application then sends the corresponding fingerprint identifier of the selected fingerprint as well as a delete command to the management interface of padlock device 100. At step 1610, padlock device 100 searches and deletes the fingerprint ID and fingerprint template associated with the fingerprint ID from the padlock's local memory. In an embodiment, padlock device 100 may search and disable the fingerprint identifier and fingerprint template associated with the fingerprint identifier from in the padlock's local memory. At step 1612, padlock device 100 sends a feedback signal to the software application to notify a successful delete action. Then the software application removes (or disables) the fingerprint identifier and fingerprint data (for example, which finger's fingerprint was deleted) from the online database at the remote server and updates the user interface to reflect the change at step 1614. The ability for an authorized owner/manager to delete individual fingerprints using the management interface is significantly more useful than having to clear all of the fingerprints from padlock device 100 should one employee no longer have access and thereafter having to reconstitute the set of authorized persons again.
In this embodiment, the owner can delete a user profile and all of the fingerprints registered under that user profile.
In this embodiment, the owner can delete a padlock device 100 and all of the user profiles and fingerprints registered under that padlock device 100 from the owner account. In this embodiment, after a padlock device 100 is deleted from an owner account, padlock device 100 may then go through the initiation process (See
In this embodiment, padlock device 100 may provide access history records to mobile device 800 to be displayed or used. The management interface of padlock device 100 allows mobile device 800, once authorized, to instruct the processing structure 135 of padlock device 100 to provide the history records, or at least a subset of them.
In this embodiment, padlock device 100 may send battery (or batteries, or other power source) information, including but not limited to voltage, current, resistance, to mobile device 800. The management interface of padlock device 100 allows mobile device 800, once authorized, to instruct processing structure 135 of padlock device 100 to provide the battery information, or at least a subset of it. This information may then be used to calculate and produce information to improve user experience (for example, percentage of power source remaining 808 as shown in
In this embodiment, the software application allows for customized privileges for different users. In this embodiment, the customized privileges apply to users whose fingerprint data is not stored in the local memory of padlock device 100. For example, the owner may set the software application to only allow access privileges to certain users at certain times of the day or certain days of the week. For example, the owner may allow their friend to only unlock padlock device 100 on weekends. In this embodiment, the updating of access privileges requires authentication by the owner.
In this embodiment, padlock device 100 may be unlocked using a method called “Morse code”, without having to use biometric sensors, keys, and external devices.
In this embodiment, the systems and methods disclosed herein use multilayer fingerprint authentication protocols in order to put padlock device 100 into a release condition. That is, in order to authenticate an account, fingerprints from more than one user may be required to be provided sequentially, possibly from multiple locations. For example, to unlock padlock device 100 according to some embodiments may require that more than one users provide a fingerprint. In an embodiment, such permission may be obtained by the software application sending an alert to each required user's mobile devices, prompting each user for a fingerprint authentication remotely from the padlock device sensor 802.
It should be appreciated from examples in this document that in some embodiments, none of the identification data is stored locally on any mobile device 800. Any encrypted data is stored in an online database, and so the loss of mobile device 800 would not result in the security of the lock being compromised. Furthermore, since use of the software application on any mobile device requires authentication, the systems and methods described herein may provide a robust security system that is resistant to tampering.
Processor 2302 may be further interconnected with a plurality of communications radios. For example, mobile communication device 2300 may have at least one cellular radio 2312 for voice or data communications on a wireless network. Processor 2302 may also be interconnected with a Wi-Fi radio 2314, a Bluetooth radio 2316 and a near-field communication (NFC) radio 2318. Cellular radio 2312 may be operable, for example, to interface mobile communication device a 2G/3G/4G/LTE GSM or CDMA cellular network. Wi-Fi radio 2314 may be operable to wirelessly interface mobile communication device 2300 to a local-area network, for example, using IEEE 802.11a/b/g/n/ac standards. Bluetooth radio 2316 may be operable to interface mobile communication device 2300 with neighbouring Bluetooth devices, such as a padlock device, according to a Bluetooth protocol, such as Bluetooth Low Energy (BLE). NFC radio 2318 may be operable to behave in any of a plurality of standard NFC protocols. NFC radio 2318 may be capable of operating in a plurality of different modes, including NFC card emulation modes, NFC reader/writer modes and NFC peer-to-peer modes. One or more of cellular radio 2312, Wi-Fi radio 2314, Bluetooth radio 2316 and NFC radio 2318 may be capable of receiving signals according to corresponding wireless communication protocols and reporting an associated signal strength.
In this embodiment, one or more components of mobile communication device 2300 are formed as portions of a single semiconductor die, referred to as a “system-on-chip”. Alternatively, components may be formed as separate semiconductor dies, in communication through one or more buses on a circuit board.
Mobile device 2300 may operate under control of software stored on storage 2306 and executed by processor 2302.
By way of example, software applications 2324 may include a phone dialer, an email client, an internet browser, messaging software applications, social media software applications, media players, and the like. Software applications 2324 may further include one or more software applications for interfacing with the padlock device 100 and for moving data to online databases. Such software applications 2324 may, for example, toggle components such as cellular radio 2312, Wi-Fi radio 2314, Bluetooth radio 2316 and NFC (near field communications) radio 2316 ON or OFF. The software applications 2324 may further enable or disable other software applications from running, or enable or disable specific files or file types from being opened.
In alternative embodiments, the processing structure may incorporate other components such as embedded Bluetooth and/or NFC and/or WiFi radio components thereby integrating such components with the processing structure rather than being separate components.
In this embodiment, software applications 2324 include a software application as described above for collecting user information, providing an account identifier, collecting one or more of a user's fingerprint, and converting the fingerprint to an encrypted user identifier. In an embodiment, the software applications 2324 prevents mobile device 2300 from storing any of the account or user identifiers in persistent storage 2306 on mobile device 2310 and will only allow mobile device 2310 to transmit these identifiers to an online database.
The embodiments of the systems and methods described herein may be implemented in hardware or software, or a combination of both. These embodiments may be implemented in computer programs executing on programmable computers, each computer including at least one processor, a data storage system (including volatile memory or non-volatile memory or other data storage elements or a combination thereof), and at least one communication interface. For example, and without limitation, the various programmable computers may be a server, gaming machine, network appliance, set-top box, embedded device, computer expansion module, personal computer, laptop, personal digital assistant, cellular telephone, smartphone device, UMPC tablets and wireless hypermedia device or any other computing device capable of being configured to carry out the methods described herein.
Program code is applied to input data to perform the functions described herein and to generate output information. The output information is applied to one or more output devices, in known fashion. In some embodiments, the communication interface may be a network communication interface. In embodiments in which elements of the invention are combined, the communication interface may be a software communication interface, such as those for inter-process communication. In still other embodiments, there may be a combination of communication interfaces implemented as hardware, software, and combinations thereof.
Each program may be implemented in a high level procedural or object oriented programming or scripting language, or a combination thereof, to communicate with a computer system. However, alternatively the programs may be implemented in assembly or machine language, if desired. The language may be compiled or interpreted language. Each such computer program may be stored on a storage media or a device (e.g., ROM, magnetic disk, optical disc), readable by a general or special purpose programmable computer, for configuring and operating the computer when the storage media or device is read by the computer to perform the procedures described herein. Embodiments of the system may also be considered to be implemented as a non-transitory computer-readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner to perform the functions described herein.
Furthermore, the systems and methods of the described embodiments are capable of being distributed in a computer program product including a physical, non-transitory computer readable storage medium that bears computer-executable instructions for one or more processors. The medium may be provided in various forms, including one or more diskettes, non-volatile memory and the like. Non-transitory computer-readable storage media may include all computer-readable media, with the exception being a transitory, propagating signal. The term non-transitory is not intended to exclude computer readable storage media such as primary memory, volatile memory, RAM and so on, where the data stored thereon may only be temporarily stored. The computer-executable instructions may also be in various forms, including compiled and non-compiled code.
Throughout the preceding discussion, numerous references will be made regarding servers, services, interfaces, portals, platforms, or other systems formed from computing devices. It should be appreciated that the use of such terms is deemed to represent one or more computing devices having at least one processor configured to execute software instructions stored on a computer readable tangible, non-transitory medium. For example, a server can include one or more computers operating as a web server, database server, or other type of computer server in a manner to fulfill described roles, responsibilities, or functions. One should further appreciate the disclosed computer-based algorithms, processes, methods, or other types of instruction sets can be embodied as a computer program product comprising a non-transitory, tangible computer readable media storing the instructions that cause a processor to execute the disclosed steps. One should appreciate that the systems and methods described herein may involve interconnected networks of hardware devices configured to receive data using receivers, transmit data using transmitters, and transform electronic data signals using particularly configured processors.
The preceding discussion provided many example embodiments of the inventive subject matter. Although each embodiment represents a single combination of inventive elements, the inventive subject matter is considered to include all possible combinations of the disclosed elements. Thus if one embodiment comprises elements A, B, and C, and a second embodiment comprises elements B and D, then the inventive subject matter is also considered to include other remaining combinations of A, B, C, or D, even if not explicitly disclosed.
As used herein, and unless the context dictates otherwise, the term “coupled to” is intended to include both direct coupling (in which two elements that are coupled to each other contact each other) and indirect coupling (in which at least one additional element is located between the two elements). Therefore, the terms “coupled to” and “coupled with” are used synonymously.
The software and hardware enhancements described herein may be carried out using any type of computer, including portable devices, such as smart phones, that can access a network location or portal via the internet or other communication path (e.g., a LAN or WAN).
The above-described embodiments can be implemented in any of numerous ways. For example, the embodiments may be implemented using hardware, software or a combination thereof. When implemented in software, the software code can be executed on any suitable processor or collection of processors, whether provided in a single computer or distributed among multiple computers. Such processors may be implemented as integrated circuits, with one or more processors in an integrated circuit component. A processor may be implemented using circuitry in any suitable format.
Further, it should be appreciated that a computer may be embodied in any of a number of forms, such as a rack-mounted computer, a desktop computer, a laptop computer, or a tablet computer. Additionally, a computer may be embedded in a device not generally regarded as a computer but with suitable processing capabilities, including an EGM, A Web TV, a Personal Digital Assistant (PDA), a smart phone, a tablet or any other suitable portable or fixed electronic device.
Also, a computer may have one or more input and output devices. These devices can be used, among other things, to present a user interface. Examples of output devices that can be used to provide a user interface include printers or display screens for visual presentation of output and speakers or other sound generating devices for audible presentation of output. Examples of input devices that can be used for a user interface include keyboards and pointing devices, such as mice, touch pads, and digitizing tablets. As another example, a computer may receive input information through speech recognition or in other audible formats.
Such computers may be interconnected by one or more networks in any suitable form, including as a local area network or a wide area network, such as an enterprise network or the Internet. Such networks may be based on any suitable technology and may operate according to any suitable protocol and may include wireless networks, wired networks or fiber optic networks.
The various methods or processes outlined herein may be coded as software that is executable on one or more processors that employ any one of a variety of operating systems or platforms. Additionally, such software may be written using any of a number of suitable programming languages and/or programming or scripting tools, and also may be compiled as executable machine language code or intermediate code that is executed on a framework or virtual machine.
In this respect, the enhancements to game components may be embodied as a tangible, non-transitory computer readable storage medium (or multiple computer readable storage media) (e.g., a computer memory, one or more floppy discs, compact discs (CD), optical discs, digital video disks (DVD), magnetic tapes, flash memories, circuit configurations in Field Programmable Gate Arrays or other semiconductor devices, or other non-transitory, tangible computer-readable storage media) encoded with one or more programs that, when executed on one or more computers or other processors, perform methods that implement the various embodiments discussed above. The computer readable medium or media can be transportable, such that the program or programs stored thereon can be loaded onto one or more different computers or other processors to implement various aspects as discussed above. As used herein, the term “non-transitory computer-readable storage medium” encompasses only a computer-readable medium that can be considered to be a manufacture (i.e., article of manufacture) or a machine.
The terms “application”, “program” or “software” are used herein in a generic sense to refer to any type of computer code or set of computer-executable instructions that can be employed to program a computer or other processor to implement various aspects of the present invention as discussed above. Additionally, it should be appreciated that according to one aspect of this embodiment, one or more computer programs that when executed perform methods as described herein need not reside on a single computer or processor, but may be distributed in a modular fashion amongst a number of different computers or processors to implement various aspects.
Computer-executable instructions may be in many forms, such as program modules, executed by one or more computers or other devices. Generally, program modules include routines, programs, objects, components, data structures, or the like that perform particular tasks or implement particular abstract data types. Typically the functionality of the program modules may be combined or distributed as desired in various embodiments.
Also, data structures may be stored in computer-readable media in any suitable form. For simplicity of illustration, data structures may be shown to have fields that are related through location in the data structure. Such relationships may likewise be achieved by assigning storage for the fields with locations in a computer-readable medium that conveys relationship between the fields. However, any suitable mechanism may be used to establish a relationship between information in fields of a data structure, including through the use of pointers, tags or other mechanisms that establish relationship between data elements.
Various aspects of the present game enhancements may be used alone, in combination, or in a variety of arrangements not specifically discussed in the embodiments described in the foregoing and is therefore not limited in its application to the details and arrangement of components set forth in the foregoing description or illustrated in the drawings. For example, aspects described in one embodiment may be combined in any manner with aspects described in other embodiments. While particular embodiments have been shown and described, changes and modifications may be made.
For example, while the biometric sensor 108 of padlock device 100 has been described in embodiments as a capacitive-type fingerprint sensor, alternatives are possible. For example, an optical-type fingerprint sensor may be employed. Furthermore, biometric sensor 108 may be some other kind of sensor, such as a retinal scanner for scanning a user's retina instead of his or her fingerprint. Different processing algorithms for processing retinal image data versus sensed fingerprint data would be required, and additional processing power may be required for same, but the various data structures and overall structure would likely be quite similar to that described above.
In an alternative embodiment, a padlock device according to the invention does not incorporate a biometric sensor 108. Rather, opening padlock device may be done another way, such as by via the authorized communications between an external device and such a padlock device, or via some external biometric sensor 108 that can authenticate the user and instruct the padlock device to enter the release condition.
In an alternative embodiment, a padlock device according to the invention does not incorporate a rechargeable battery that is rechargeable through a charging port, and instead incorporates a non-rechargeable battery that can be replaced by a user.
In an alternative embodiment, the processing structure of the padlock device may incorporate multiple processors coordinated to collectively process fingerprint data and manage the control system or each processor may be dedicated to a separate function, as design needs may require.
Management interface presented by padlock device 100 has been described in embodiments herein as a point of (authorized) access to padlock device 100 that is somewhat of an application programming interface presenting available “function calls” for enabling an external device that is authorized to communicate with padlock device 100 to, for example, enroll a new fingerprint, delete an individual fingerprint, request access history, unlock padlock device 100, and the like, without the external device having to know precisely how padlock device 100 is implemented. This provides a layer of abstraction that is useful in that it the external device does not have to know very much about the underlying implementation details of padlock device 100 (such as the instruction set for processing structure 135, or the memory management details of internal processor-readable memory) in order to execute the functions and request information as required. This also enables padlock device 100 in some embodiments to have some regard for managing its own security rather than being entirely transparent to, and manipulable by, an external device. However, alternatives are possible. For example, an alternative implementation of management interface may be less abstracted, serving substantially as an authorized point of access through which the external device can, for example, send instructions using the particular instruction set of processing structure 135, and/or can send and receive data directly to and from internal processor-readable memory to manage individual fingerprints.
While in embodiments described the processing structure comprises two microprocessors working together in a master-slave relationship, with the second microprocessor being employed mainly for fingerprint-related tasks, alternatives are possible. For example, in alternative embodiments the second microprocessor may be provisioned to be more involved in unlocking functions such as operating the latch subsystem in response to detecting a release condition. In another alternative embodiment, the processing structure could include only one microprocessor for all functions, or could include more than two microprocessors working in coordination.
This application claims priority to U.S. Provisional Patent Application Ser. No. 62/348,332 filed on Jun. 10, 2016, the contents of which are incorporated by reference in their entirety herein.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/CA2017/050707 | 6/9/2017 | WO | 00 |
| Number | Date | Country | |
|---|---|---|---|
| 62348332 | Jun 2016 | US |
