Patent Grant
7145434
The present invention is intended as an improvement to key control systems in electronic locks. Currently, the process of adding and deleting valid keys in an electronic lock system requires a supervisor, serviceman, or someone of higher position than a “normal” user to go to the lock to perform the manipulation. Once this person is at the lock they can either (1) show a “supervisor” key which will allow other keys to be added or deleted, (2) show a “programming” key which will allow other keys to be added or deleted, or (3) connect to the lock through a computer which will update the lock's memory. As previously stated, each of these methods requires someone in a management position to visit each lock that needs to be updated. If, as in the vending machine industry, there are hundreds of machines (locks) that need to be maintained, this process can be quite expensive and time consuming.
Further, in currently available electronic lock systems, each lock keeps track of the keys that were presented to it, valid and invalid. A manager may then go to the lock and upload (into a computer) the keys that were presented to the lock. This is commonly called an “audit trail”. If a supervisor needed to know which locks a key has been taken to, the supervisor would need to visit each lock that the key could be taken to, and upload each machine's audit trail. As noted above, the cost associated with a manager visiting each machine is quite high.
There are other currently available systems that will allow remote database manipulation and audit trail gathering. These systems require either expensive integral call phone technology, or an expensive hard wired network system.
A need for a system exists that will allow user database manipulation and audit trail gathering automatically, cost effectively, and without requiring managers to visit locks periodically.
Some examples of current electronic lock systems include U.S. Pat. Nos.: 4,916,443; 5,475,375; 4,988,987; 4,947,163; 4,887,292; and 4,766,746. The entire disclosure of these six United States patents are incorporated by reference herein in their entirety for all purposes.
Various features and advantages of the invention will be set forth in part in the following description, or may be understood from the description, or may be learned from practice of the invention. The present invention includes a key control and audit trail system that uses standard “user” keys as a method of maintaining lock databases and gathering audit trails. The process is completely invisible to the standard user may and take place during normal, standard user, key use. A method is provided to simply and conveniently perform and track these operations.
The present invention includes preparing a dataset of key to lock relationships that designate which keys are accessible to which locks. In one exemplary embodiment of the present invention the accessibility of the keys to the locks allows for the locks to be opened by an appropriate key. This dataset of key to lock relationships is transferred to a memory of one of the keys, and the key is presented to one of the locks. At least a portion of the dataset is transferred from the key to a memory of the lock. Consequently, the memory of the lock is updated according to any changes that may be present in the dataset. The memory of the key is also updated in order to reflect any updated change to the lock.
In an alternative exemplary embodiment, the key may then be placed in communication with a computer and at least a portion of the memory of the key may be transferred to a database in the computer. This transfer updates the database and allows for an indication of the completion of the update to the memory of the lock. Therefore, the administrator of the system is informed that the change in the key to lock relationships has been effectively communicated to that particular lock.
The dataset of key to lock relationships and the changes made thereto may be done on the same computer as the database, or may be conducted on a separate computer or other device.
The lock may be an electronic lock that has a serial number. The dataset may assign a unique alphanumeric lock name to the serial number of the lock. Additionally, the key may be an electronic key that has a serial number with a unique alphanumeric user name assigned to the serial number in the dataset of key to lock relationships.
In one exemplary embodiment of the present invention a modification log may be created when the administrator desires a change to be made to the dataset of key to lock relationship. This modification log can be transferred to the lock memory through the key memory and eventually back to the computer. During transfer, the lock memory may update the modification log with the date and time of completion of the update to the memory of the lock. Once transferred to the computer, the database may be updated with the locks that have been modified along with the date and time of modification. Encryption and other forms of protection may be incorporated in order to ensure the integrity of the system. For instance, the key may have an encrypted key ID, and the lock may have a list of valid key IDs in the memory of the lock. Upon presenting the key to the lock, the lock will decrypt the key ID, and then compare the key ID to the list of valid key IDs of the memory of the lock. If the IDs do not match, the key will not have access to the lock and the lock remains closed. If the IDs do match, a second layer of protection will be used in order to ensure that the key being presented is valid.
Here, a key is provided with an encrypted key password in the memory of the key, and the lock is provided with a lock password that corresponds to the key in the memory of the lock. The lock will search the key memory for the encrypted key password that corresponds to the particular lock into which the key is presented. The lock will decrypt the key password and compare the key password to the lock password corresponding to that particular key. A new lock password is selected by the lock, encrypted, and stored in the memory of the key. If the passwords match, the lock will open and allow access to the user. If the passwords do not match, the key is not deemed to be valid and the lock will remain closed.
Reference will now be made in detail to embodiments of the invention, one or more examples of which are illustrated in the drawings. Each example is provided by way of explanation of the invention, and not meant as a limitation of the invention. For example, features illustrated or described as part of one embodiment can be used with another embodiment to yield still a third embodiment. It is intended that the present invention include these and other modifications and variations.
Computer hardware and software may be employed in order to provide a method of maintaining lock databases and gathering audit trails through the use of standard “user” keys. Referring to
The Add User step creates a one-to-one relationship between the iButton's ® serial number and the user name. Each time the software uses the user's name it actually is referring to the iButton's ® serial number. Once the user's information is entered into the system their name will be displayed in the user name list box 7. In this exemplary embodiment, “key 8” has been entered and is displayed by reference numeral 8. In theory, the administrator would repeat this process until every user that will have access to any of the locks is entered into the system. The maximum number of users is limited only by the memory size in the administrator's computer.
Turning now to
“Key 8”, reference number 21, does not have access to “lock 1” at reference numeral 24. Each of these entries, in the two areas 22 and 23 are accompanied by a checked or unchecked box. A checked box denotes that this user-lock relationship is complete, signifying that the relationship is true in the lock's memory. An unchecked box denotes that this user-lock relationship is incomplete, signifying that it is true in the administrator's computer only, not the lock. The checked box at reference numeral 25, denotes that “lock 1”, reference numeral 24, has a completed user lock relationship stored in the memory of “lock 1”, reference numeral 24.
Every time that a user-lock relationship is modified by the administrator, a record of the incomplete modifications is kept. This record is called the modification queue. It is accessed by the modification queue button 26 as shown in
Turning to
The modification queue is a multi column report that includes: an action type 33, a user name 34, a lock name 35, a “sent” status 36, and a priority level 37. The action type 33 typically shows whether the user is being added or deleted. Here, the action type 33 is “add user” 38. The user name 34 shows to which user name the action type 33 is being performed, in this case, “key 8” 39. The lock name 35 shows to which lock name the action type 33 is being performed, in this case “lock 1” 40. The “sent” status 36 shows whether or not the modification has been sent, on a user key to the lock. In this case the “sent status” is “No” 41. Since each key may be limited to two hundred lock-key manipulations in certain exemplary embodiments, and there may be more than two hundred modifications in the queue, there is a system to raise the priority of select manipulations. This status is shown in the priority column 37 and in this case is “low” 42.
Turning now to
The administrator presses the “prepare for receive” button 47 and places the user key in a base station attached to the computer. This will begin the maintenance process noted above. In one exemplary embodiment as discussed above the manipulation of adding “key 8” to “lock 1” will be placed on the key. A record of all key maintenances performed is kept and can be viewed by pressing the history log button 48.
After the maintenance is performed, the key audit trail window 50 is shown. This is illustrated in
Turning now to
Various bookkeeping functions are available in the modification queue. These include filter/sort 62, action type 63, and criteria 64. The filtering option allows the administrator to remove all entries except those containing a specific character string. The sort command will place the queue in alphabetical order. The administrator chooses the desired filtering or sorting in the action type 63 pull down menu. Specifically the administrator chooses in which column the operation will be performed. Finally, the administrator chooses the criteria, or the specific character string in which to operate. An example would be “filter by” 62, user name in the action type 63 box, and “key 8” in the criteria 64 box. If the administrator performed this filter, the screen would only show modifications involving “key 8”.
An additional operation available in the modification queue is the ability to set a higher priority on some desired modifications. This may be needed due to possible limited number of lock-key manipulations that each key can store. In one exemplary embodiment, the key is limited to two hundred manipulations. When a key maintenance is performed, the software takes the oldest two hundred modifications and loads them on the key. It is feasible that the administrator may perform a manipulation that needs to be performed immediately, and there are more than two hundred manipulations in the modification log. By pressing the priority high button 61, the manipulation has a higher priority and is taken first during a key maintenance. The key maintenance procedure will take the “high priority” manipulations first, then it will take the oldest “low priority” manipulations until two hundred are placed on the key. If a manipulation was inadvertently given “high priority,” the “priority low” button 60 can be used to correct.
When the key is taken to a lock, a number of operations are performed. This process is illustrated in
The presentation is performed by simply placing the key against an iButton ® receptor, such that the key and the receptor are in electrical contact. The communication is automatic (as seen by the user) and is detailed in technical manuals published by Dallas Semiconductor. The entire process disclosed in
The first lock to key communication occurs when the lock places the lock's serial number and the date and time in the key's audit trail memory section 67. In this exemplary embodiment, the key can remember a maximum of two hundred audit trails. When the audit trail section is full, the oldest entry gets replaced by the newest. Secondly, the lock reads the lock-key manipulation section of the key 68. The lock then searches for any modifications that relate to this particular lock. In this exemplary embodiment, the key is limited to two hundred manipulations, so theoretically there could be one manipulation that corresponds to the lock that is scanning the key and one hundred ninety nine that correspond to other locks. The manipulations could include the “add user” command and the “delete user” command. The manipulations are then processed 69. If the lock reads an “add user” command, it will add that user (key) as a valid user (along with its key ID and password) to the lock's memory. If the lock reads a “delete user” command, the lock will delete that user (along with its key ID and password) from the lock's memory. If the lock gets a “delete user” command for a user that is not in the lock's memory, the lock will remember that user number and block any “add user” commands for that user that the lock may get in the future. After the manipulations are processed, the lock changes the modifications on the key to show that they are complete 70. For example, an “add user” command is replaced with an “added user” command.
After the audit trail section of the key has been written to 67 and the lock-key manipulations have been performed 68, 69, and 70 the lock then determines if the key is valid, and if this is the case, the lock will open. The first step in this process is reading of the key ID 71 by the lock. The key ID is encrypted and therefore must be decrypted. The lock compares the key ID to the list of valid key IDs in the lock's memory and determines its validity 72. If the key ID is not valid 74, the process is completed and the lock does not open 75. If the key ID is valid 73, the lock searches the lock's memory for the password that corresponds to that key 76. The lock then searches the key's memory for the password that corresponds to that specific lock 77. Since the password is encrypted, the lock must decrypt it. The lock then compares the two passwords and determines if they match 78. If they do not match, then the key is not valid 79, the process is completed and the lock does not open 75. If the passwords match 80, the key is determined to be valid. The lock then picks a new password to be used for the next access. This new password is then stored in the key (encrypted) and in the lock 81. The lock then opens 82. The process of changing passwords makes electronically “picking” or “hacking” the lock significantly more difficult since not only must the key ID be known, but a constantly changing password must be known to gain unauthorized access. The encryption process adds another level of complexity to the hacking process.
The lock may be any motor or solenoid based mechanical system that has a microprocessor based control circuit, provided with memory. Typically, the motor or solenoid controls a linkage that locks a door. However, the lock may be used in conjunction with structures other than doors in different exemplary embodiments of the present invention.
After the key as been brought to the lock(s), it is returned to the administrator to remove, process, and record the audit trail(s) and the completed modification(s). The administrator performs the key maintenance procedure, again, as described in
Turning now to
The system therefore uses the standard user keys as the vehicle for transferring the information from the computer system to the lock's memory. The system may not require any further action (or knowledge of the transfer, for that matter) by the operator to perform the information transfer. The system may be entirely automatic at the lock end.
The lock 110 is also. provided with a lock memory 112. The lock memory 112 may either include the microprocessor control circuit in the lock 110 or be in communication with the microprocessor control circuit. The lock memory 112 is provided with a memory interface 114 in order to communicate with a key 122. The key 122 incorporates therein a key memory 124 and a key interface 126. The key interface 126 may be placed in contact with the memory interface 114 of lock 110 in order to transfer data to and from the lock memory 112 and key memory 124.
The electronic lock system also includes a computer 128 into which a database 130 may be retained. The database 130 may be used in order to create a dataset of key to lock relationships, and a modification log that may be used to alter the key to lock relationship. The computer 128 has a computer to key interface 132 that is used for transmitting data to and from the key memory 124 through the key interface 126.
It should be understood that the present invention includes various modifications that can be made to embodiments of the system and method for key control in an electronic locking system described herein as come within the scope of the appended claims and their equivalents.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4646080 | Genest et al. | Feb 1987 | A |
| 4766746 | Henderson et al. | Aug 1988 | A |
| 4811012 | Rollins | Mar 1989 | A |
| 4845490 | Ward et al. | Jul 1989 | A |
| 4887292 | Barrett et al. | Dec 1989 | A |
| 4916443 | Barrett et al. | Apr 1990 | A |
| 4947163 | Henderson et al. | Aug 1990 | A |
| 4988987 | Barrett et al. | Jan 1991 | A |
| 5014049 | Bosley | May 1991 | A |
| 5204663 | Lee | Apr 1993 | A |
| 5475375 | Barrett et al. | Dec 1995 | A |
| 5477041 | Miron et al. | Dec 1995 | A |
| 5745044 | Hyatt et al. | Apr 1998 | A |
| Number | Date | Country | |
|---|---|---|---|
| 20040207509 A1 | Oct 2004 | US |
