[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

AU2009100853B4 - A secure wireless remote entry system - Google Patents

A secure wireless remote entry system Download PDF

Info

Publication number
AU2009100853B4
AU2009100853B4 AU2009100853A AU2009100853A AU2009100853B4 AU 2009100853 B4 AU2009100853 B4 AU 2009100853B4 AU 2009100853 A AU2009100853 A AU 2009100853A AU 2009100853 A AU2009100853 A AU 2009100853A AU 2009100853 B4 AU2009100853 B4 AU 2009100853B4
Authority
AU
Australia
Prior art keywords
code
protocol identifier
entry module
signal
wiegand
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired
Application number
AU2009100853A
Other versions
AU2009100853A4 (en
Inventor
Perry Andrew Brown
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microlatch Pty Ltd
Original Assignee
Microlatch Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2006905707A external-priority patent/AU2006905707A0/en
Application filed by Microlatch Pty Ltd filed Critical Microlatch Pty Ltd
Priority to AU2009100853A priority Critical patent/AU2009100853B4/en
Publication of AU2009100853A4 publication Critical patent/AU2009100853A4/en
Application granted granted Critical
Publication of AU2009100853B4 publication Critical patent/AU2009100853B4/en
Anticipated expiration legal-status Critical
Expired legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/60Indexing scheme relating to groups G07C9/00174 - G07C9/00944
    • G07C2209/62Comprising means for indicating the status of the lock
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Mobile Radio Communication Systems (AREA)

Description

S&F Ref: 782749AUD1 AUSTRALIA PATENTS ACT 1990 INNOVATION PATENT SPECIFICATION Name and Address Microlatch Pty Ltd, of Applicant: an Australian company, ACN 059 640 747, of Unit 13, 145-147 Forest Road, Hurstville, New South Wales, 2220, Australia Actual Inventor(s): Perry Andrew Brown Address for Service: Spruson & Ferguson St Martins Tower Level 35 31 Market Street Sydney NSW 2000 (CCN 3710000177) Invention Title: A secure wireless remote entry system The following statement is a full description of this invention, including the best method of performing it known to me/us: 5843c(2263585_l)
-I
A SECURE WIRELESS REMOTE ENTRY SYSTEM Field of the Invention The present invention relates to secure access systems and, in particular, to systems using wireless transmission of security code information. 5 Background Fig. 1 shows a prior art arrangement for providing secure access. A user 401 makes a request, as depicted by an arrow 402, directed to a code entry module 403. The module 403 is typically mounted on the external jamb of a secure door. The request 402 is typically a secure code of some type which is compatible with the code entry module 10 403. Thus, for example, the request 402 can be a sequence of secret numbers directed to a keypad 403. Alternately, the request 402 may be a biometric signal from the user 401 directed to a corresponding biometric sensor 403. One example of a biometric signal is a fingerprint. Other physical attributes that can be used to provide biometric signals include voice, retinal or iris pattern, face pattern, palm configuration and so on. 15 The code entry module 403 conveys the request 402 by sending a corresponding signal, as depicted by an arrow 404, to a controller 405 which is typically situated in a remote or inaccessible place. The controller 405 authenticates the security information provided by the user 401 by interrogating a database 407 as depicted by an arrow 406. If the user 401 is authenticated, and has the appropriate access privileges, then the controller 20 405 sends an access signal, as depicted by an arrow 408, to a device 409 in order to provide the desired access. The device 409 can, for example, be the locking mechanism of a secure door, or can be an electronic lock on a personal computer (PC) which the user 401 desires to access. A proximity card can also be used to emit the request 402, in which case the code entry module 403 has appropriate functionality.
-2 Although the request 402 can be made secure, either by increasing the number of secret digits or by using a biometric system, the communication infrastructure in Fig. 1 is typically less secure. The infrastructure of the arrangement 400 is generally hardwired, with the code entry module 403 generally being mounted on the outside jamb of a secured 5 door. In such a situation, the signal path 404 can be over a significant distance in order to reach the controller 405. The path 404 represents one weak point in the security system 400, providing an unauthorised person with relatively easy access to the information being transmitted between the code entry module 403 and the controller 405. Such an unauthorised person can, given this physical access, decipher the communicated 10 information between the code entry module 403 and the controller 405. This captured information can be deciphered, replayed in order to gain the access which rightfully belongs to the user 401, or to enable modification for other subversive purposes. Some current systems as depicted in Fig. 1 utilise a serial communication protocol called "Wiegand" for communication between the code entry module 403 and 15 the controller 405. The Wiegand protocol is a simple one-way data protocol. In one known arrangement for providing secure access that uses Wiegand, the signal 404 conveyed by the code entry module 403 to the controller 405 comprises a twenty four (24) bit Wiegand protocol identifier. The Wiegand protocol can be modified by increasing or decreasing the bit count to ensure uniqueness of the protocol among 20 different security companies. However, the Wiegand protocol does not secure the information being sent between the code entry module 403 and the controller 405. The Wiegand protocol provides no protection against interception of the signal 404 nor injection of messages into the signal 404. More advanced protocols are known to overcome the vulnerability of the 25 Wiegand protocol over the long distance route 404. For example, one known -3 arrangement for providing secure access is that distributed by Microchip Technology Inc ("the Microchip arrangement"). The Microchip arrangement is also traded under the Trade Mark, "Keeloq". The Microchip arrangement comprises multiple transmitters similar to the code entry module 403 and a receiver similar to the controller 405 described 5 above. The code entry modules 403 of the Microchip arrangement typically reside within an insecure environment and the controller 405 resides within a secure environment. Again, authentication is based upon the transmission of a secure code in the form of a radio frequency (RF) signal over an insecure signal path similar to the signal path 404. In the Microchip arrangement, there are typically 232 different codes which may 10 be transmitted by the code entry module 403 to the controller 405. The code entry module 403 will generate one of these secure codes from a distinct sequence, advancing progressively through the sequence on each transmission. The sequence of codes is unique for each code entry module 403 and will exhibit no apparent pattern. The transmitted code should also not include a code from any of the 215 previously transmitted 15 codes. In order to identify each code entry module 403 and a corresponding unique sequence of codes, each code entry module 403 is assigned a unique Microchip (Keeloq) serial number, which is typically twenty eight (28) bits in length. This serial number is included within each code transmission. Access will be granted by the controller 405, if a correct code is received from the code entry module 403. At any instant, the controller 20 405 will only accept a range of sixteen (16) codes from each code entry module's 403 sequence. Following receipt of a valid code, the sixteen code range is adjusted to coincide with the next sixteen (16) codes expected from the particular code entry module 403. This allows up to sixteen (16) transmissions to be damaged/lost before the controller 405 and the code entry module 403 become partially unsynchronised. In order to recover 25 from a partial synchronisation loss, the controller 405 typically accepts as valid, two -4 consecutive codes from the 215 possible codes in advance of the most recently validated code from the code entry module 403. The Microchip arrangement achieves "unpredictability" of its codes by means of a secret "key" (typically sixty four (64) bits in length) which is known by both the code 5 entry module 403 and the controller 405. The code entry module 403 encodes the code for transmission using an invertible encryption algorithm, customised through the application of the secret key and the Microchip (Keeloq) serial number. Accordingly, a simple ascending numerical sequence may be transformed into apparently random, uncorrelated codes, with a code sequence unique for each particular code entry module 10 403. Conventionally, initial synchronisation has been established between the code entry module 403 and the controller 405 of the Microchip arrangement, by instructing the controller 405 to accept a current transmission unconditionally, without regard to the transmitted code's position within the sequence. This instruction is made through 15 physical operation of a switch or similar mechanism located within the controller 405, while transmission is in progress. This requirement for physical operation is used to demonstrate to the controller 405 that the code entry module 103 has independent credentials for accessing the secure area, thus authorising synchronisation. Accordingly, this conventional method of synchronisation creates a weakness in the Microchip 20 arrangement, which may be exploited by any fraudster who is be able to gain access to the secure environment of the controller 403 and synchronise a code entry module 403. Summary It is an object of the present invention to substantially overcome, or at least ameliorate, one or more disadvantages of existing arrangements.
-5 According to one aspect of the present invention there is provided a transmitter sub-system for transmitting a secure access signal for use in a system for providing secure access to a controlled item, wherein the transmitter sub-system comprises: means for storing a Wiegand protocol identifier; 5 means for generating a code from a sequence of codes based on the Wiegand protocol identifier, upon a button of the sub-system being pressed; and means for transmitting said secure access signal comprising the code and the Wiegand protocol identifier embedded therein. In one advantageous implementation, the transmitter sub-system is incorporated 10 into a remote fob. According to another aspect of the present invention there is provided a system for providing secure access to a controlled item, the system comprising: a transmitter sub-system: means for storing a Wiegand protocol identifier; 15 means for generating a code from a sequence of codes based on the Wiegand protocol identifier, upon a button of the sub-system being pressed; and means for transmitting a secure access signal comprising the code and the Wiegand protocol identifier; and a receiver sub-system comprising; 20 means for receiving the transmitted secure access signal; and means for providing secure access to the controlled item dependent upon said code and said Wiegand protocol identifier. According to still another aspect of the present invention there is provided a method of transmitting a secure access signal for use in a system for providing secure 25 access to a controlled item, the method comprising the steps of: -6 generating a code from a sequence of codes based on a Wiegand protocol identifier, upon a button of said system being pressed; and transmitting a secure access signal comprising the code and the Wiegand 5 protocol identifier, wherein said secure access signal is configured to be received by a controller of said controlled item for determining whether secure access is provided to the controlled item. According to still another aspect of the present invention there is provided a computer readable medium having a computer program recorded therein for transmitting 10 a secure access signal for use in a system for providing secure access to a controlled item, said computer program comprising: code for receiving a request; code for generating a secure code from a sequence of codes based on a Wiegand protocol identifier, upon a button of said system being pressed; and 15 code for transmitting a secure access signal comprising the secure code and the Wiegand protocol identifier, wherein said secure access signal is configured to be received by a controller of said controlled item for determining whether secure access is provided to the controlled item. According to still another aspect of the present invention there is provided a 20 system for providing secure access to a controlled item, the system comprising: a transmitter sub-system: means for storing a Wiegand protocol identifier; 25 -7 means for receiving a request; means for generating a code from a sequence of codes based on the Wiegand identifier, upon receiving the request; means for encoding the code and the Wiegand protocol identifier; 5 and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier; and a receiver sub-system comprising; means for receiving the transmitted secure access signal; and 10 means for providing conditional access to the controlled item dependent upon said code and said Wiegand protocol identifier. According to still another aspect of the present invention there is provided a transmitter sub-system for operating in a system for providing secure access to a controlled item, the system comprising a receiver sub-system comprising means for 15 receiving a secure access signal transmitted by the transmitter sub-system, and means for providing conditional access to the controlled item dependent upon information conveyed in the secure access signal, wherein the transmitter sub-system comprises: means for storing a Wiegand protocol identifier; means for receiving a request; 20 means for generating a code from a sequence of codes based on the Wiegand protocol identifier, upon receiving the request; means for encoding the code and the Wiegand protocol identifier; and means for transmitting said secure access signal comprising the code and the encoded Wiegand protocol identifier embedded therein.
-8 According to still another aspect of the present invention there is provided a receiver sub-system for operating in a system for providing secure access to a controlled item, the system comprising transmitter sub-system comprising means for storing a Wiegand protocol identifier, means for receiving a request, means for generating a code 5 from a sequence of codes based on said Wiegand identifier, upon receiving the request, means for encoding the code and the Wiegand identifier, and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier, wherein the receiver sub-system comprises: means for receiving the transmitted secure access signal comprising the 10 code and the encoded Wiegand protocol identifier; and means for providing conditional access to the controlled item dependent upon said code and said Wiegand protocol identifier. According to still another aspect of the present invention there is provided a method for providing secure access to a controlled item, the method comprising the steps 15 of: receiving a request; generating a code from a sequence of codes based on a Wiegand identifier, upon receiving the request; encoding the code and the Wiegand protocol identifier; 20 transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier to a controller of said controlled item; and providing conditional access to the controlled item dependent upon said code and said Wiegand identifier. According to still another aspect of the present invention there is provided a 25 computer program product having a computer readable medium having a computer -9 program recorded therein for directing a processor to provide secure access to a controlled item, said computer program product comprising: code for receiving a request; code for generating a secure code from a sequence of codes based on a Wiegand 5 identifier, upon receiving the request; code for encoding the secure code and the Wiegand protocol identifier; and code for transmitting a secure access signal comprising the secure code and the Wiegand encoded protocol identifier to a controller of said controlled item, wherein said controller provides conditional access to the controlled item dependent upon said secure 10 code and said Wiegand identifier. According to still another aspect of the present invention there is provided a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to transmit a secure access signal in a system for providing secure access to a controlled item, said computer program product 15 comprising: code for receiving a request; code for generating a secure code from a sequence of codes based on a Wiegand identifier, upon receiving the request; code for encoding the secure code and the Wiegand protocol identifier; and 20 code for transmitting said secure access signal comprising the secure code and the encoded Wiegand protocol identifier to a controller of said controlled item, wherein said controller provides conditional access to the controlled item dependent upon said secure code and said Wiegand identifier. According to still another aspect of the present invention there is provided a 25 method of enrolling a biometric signature into a database of biometric signatures in a - 10 system for providing secure access to a controlled item, the system comprising said database of biometric signatures, a transmitter sub-system comprising means for storing a Wiegand protocol identifier, means for receiving a request, means for generating a code from a sequence of codes based on the Wiegand identifier, means for encoding the code 5 and the Wiegand protocol identifier, and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier, and a receiver sub system comprising means for receiving the transmitted secure access signal, and means for providing conditional access to the controlled item dependent upon said code and said Wiegand protocol identifier, said method comprising the steps of: 10 receiving a biometric signal; and storing a biometric signature in the database, as a representation of the biometric signal, if the database of biometric signatures is empty; and classifying the stored biometric signature as an administrator, thereby enrolling the received biometric signature. 15 According to still another aspect of the present invention there is provided an apparatus for enrolling a biometric signature into a database of biometric signatures in a system for providing secure access to a controlled item, the system comprising said database of biometric signatures, a transmitter sub-system comprising means for storing a Wiegand protocol identifier, means for receiving a request, means for generating a code 20 from a sequence of codes based on the Wiegand identifier, means for encoding the code and the Wiegand protocol identifier, and means for transmitting a secure access signal comprising the code and the encoded Wiegand protocol identifier, and a receiver sub system comprising means for receiving the transmitted secure access signal, and means for providing conditional access to the controlled item dependent upon said code and said 25 Wiegand protocol identifier, said apparatus comprising: - 11 receiving means for receiving a biometric signal; storage means for storing the biometric signature in the database, as a representation of the biometric signal, if the database of biometric signatures is empty; and 5 classification means for classifying the stored biometric signature as an administrator, thereby enrolling the received biometric signature. According to still another aspect of the present invention there is provided a computer program product having a computer readable medium having a computer program recorded therein for enrolling a biometric signature into a database of biometric 10 signatures in a system for providing secure access to a controlled item, the system comprising said database of biometric signatures, a transmitter sub-system comprising means for storing a Wiegand protocol identifier, means for receiving a request, means for generating a secure code from a sequence of codes based on the Wiegand identifier, means for encoding the secure code and the Wiegand protocol identifier, and means for 15 transmitting a secure access signal comprising the secure code and the encoded Wiegand protocol identifier, and a receiver sub-system comprising means for receiving the transmitted secure access signal, and means for providing conditional access to the controlled item dependent upon said secure code and said Wiegand protocol identifier, said program comprising: 20 code for receiving a biometric signal representing a biometric signature; and code for storing the biometric signature in the database, as a representation of the biometric signal, if the database of biometric signatures is empty; and code for classifying the stored biometric signature as an administrator, thereby enrolling the received biometric signature. 25 Other aspects of the invention are also disclosed.
- 12 Brief Description of the Drawings Some aspects of the prior art and one or more embodiments of the present invention are described with reference to the drawings, in which: Fig. 1 shows a prior art arrangement for providing secure access; 5 Fig. 2 is a functional block diagram of an arrangement for providing secure access according to the present disclosure; Fig. 3 shows an example of a method of operation of a sub-system of Fig. 2 comprising a code entry module, according to one embodiment; Fig. 4 shows an example of a method of operation of the (fixed) control device 10 of Fig. 2; Fig. 5 is a schematic block diagram of the arrangement in Fig. 2; and Fig. 6 shows a method of operation of the sub-system of Fig. 2 comprising the code entry module, according to another embodiment; Fig. 7 shows an access process relating to the example of Fig. 6; 15 Fig. 8 shows one enrolment process relating to the example of Fig. 6; and Fig. 9 shows another enrolment process relating to the example of Fig. 6. Detailed Description including Best Mode It is to be noted that the discussions contained in the "Background" section relating to prior art arrangements relate to discussions of documents or devices which 20 form public knowledge through their respective publication and/or use. Such should not be interpreted as a representation by the present inventor(s) or patent applicant that such documents or devices in any way form part of the common general knowledge in the art. Where reference is made in any one or more of the accompanying drawings to steps and/or features, which have the same reference numerals, those steps and/or features - 13 have for the purposes of this description the same function(s) or operation(s), unless the contrary intention appears. Fig. 2 is a functional block diagram of an arrangement 100 for providing secure access according to the present disclosure. The arrangement 100 may also be referred to 5 as a system comprising sub-systems 116 and 117. The arrangement of Fig. 2 comprises a code entry module 103. The code entry module 103 is preferably a Microchip (Keeloq) code entry module, as described above, which is modified as described below. However, a person skilled in the art would appreciate that any other suitable type of code entry module may be used. 10 In the arrangement 100 of Fig. 2, a user 101 makes a request, as depicted by an arrow 102, to a controller/transmitter 107 configured within a code entry module 103. The code entry module 103 comprises a button 121 and the request 102 takes the form of a button press. A signal, as depicted by arrow 106, generated by the button press is sent to the controller/transmitter 107. Upon receiving the signal 106, the controller/transmitter 15 107 is configured to generate a code. In particular, the controller/transmitter 107 is configured to generate one of the 23 different codes. However, the controller/transmitter 107 may be configured to generate any suitable number of different codes. The code entry module 103 will generate one of these codes from a distinct sequence, advancing progressively through the sequence on each request 102 being received. The sequence of 20 codes is unique for each code entry module 103. Accordingly, upon receiving the signal 106, the controller/transmitter 107 checks, as depicted by an arrow 112, the current code in a database 113. The controller 107 then generates a new code in the sequence of codes for the code entry module 103. In order to identify each code entry module 103 and the corresponding unique 25 sequence of codes, each code entry module 103 of the present disclosure is assigned a - 14 different serial number. In the described arrangement, the Microchip (Keeloq) serial number, which is typically twenty eight (28) bits in length, is replaced by a Wiegand protocol identifier. The Wiegand protocol identifier is typically twenty four (24) bits in length. Each code entry module 103 has a different Wiegand protocol identifier. Prior 5 to replacing the Microchip (Keeloq) serial number with the Wiegand identifier, the Wiegand protocol identifier is encoded using an invertible twenty four (24) bit encryption algorithm. Examples of encryption algorithms that may be used to encode the Wiegand protocol identifier include the Rivest, Shamir, & Adleman (RSA) algorithm, the Public Key Infrastructure (PKI) algorithm, the Data Encryption Standard (DES), Blowfish and 10 the International Data Encryption Algorithm (IDEA). The encryption algorithm used to encode the Wiegand protocol identifier is known only to the code entry module 103 and to a receiver 118, as seen in Fig. 2, which will be described below. The encoded Wiegand protocol identifier is inserted into bits zero (0) to twenty three (23) of the normal Microchip (Keeloq) serial number address space for the code 15 entry module 103. The remaining four bits (i.e., bits twenty four (24) to twenty seven (27)) of the Microchip (Keeloq) serial number are set to a predetermined fixed value (e.g., a series of '1's) indicating that the Microchip (Keeloq) serial number has been replaced by an encoded Wiegand protocol identifier. The Wiegand protocol identifier is allocated entirely within a predetermined (1/16 th) portion of the normal Microchip (Keeloq) code 20 entry module (or transmitter) address space for the code entry module 103. A person skilled in the art would appreciate that the Wiegand protocol identifier may be inserted into any suitable bits of the normal Microchip (Keeloq) serial number address space for the code entry module 103. Further, any bits may be used to indicate that the Microchip (Keeloq) serial number has been replaced by the Wiegand protocol identifier.
- 15 Each code entry module 103 has a Wiegand protocol identifier allocated to the code entry module 103 prior to the code entry module 103 being distributed to the user 101 for use. The Wiegand protocol identifier may be stored in the database 113. Prior to the code entry module 103 being distributed to the user 101, the code entry module 103 is 5 also allocated a secret "key" (typically sixty four (64) bits in length) which is known by both the code entry module 403 and the receiver 118. Again, the secret key may be stored in the database 113 on the transmitter sub-system 116. The secret key may also be stored in a database 115 on the receiver sub-system 117. Upon generating the new code in the sequence of codes for the code entry 10 module 103, the controller 107 sends the updated code, this being referred to as an access signal, as depicted by an arrow 108 to the receiver 118. Prior to the new code being sent to the controller 109, the new code is preferably encoded by the controller 107 using one of the encryption algorithms described above with the encryption algorithm being customised through the application of the secret key and the Wiegand protocol identifier. 15 The encoded Wiegand protocol identifier number for the code entry module 103 is also included within the access signal 108. The receiver 118 receives the access signal 108 and firstly determines that the four bit fixed portion of the address space for a Microchip (Keeloq) serial number correctly indicates that the serial number has been replaced by an encoded Wiegand 20 protocol identifier. If the receiver 118 determines that the four bit fixed portion does not indicate that the Microchip (Keeloq) serial number has been replaced by an encoded Wiegand protocol identifier then the receiver 118 rejects the access signal 108. Otherwise, the receiver 118 decodes the code included in the access signal 108, using the encryption algorithm that was used by the code entry module 103 to encode the code.
- 16 The receiver also decodes the Wiegand protocol identifier using the encryption algorithm that was used by the code entry module 103 to encode the Wiegand protocol identifier. Based on the decoded Wiegand protocol identifier, the receiver 118 identifies the sequence of codes being used by the code entry module 103 and tests the code received in 5 the access signal 108 against the most recent previously received code for the code entry module 103, this code having been stored in the database 115, this testing being depicted by an arrow 114. As will be described in detail below, the codes are stored in the database 115 in a hash table, or similar data structure. The receiver 118 uses the Wiegand protocol identifier received with the access signal 108 and linear probing for accessing the 10 codes stored in the hash table in order to test the code received in the access signal 108. If the code within the received access signal 108 is found to be the next code in the sequence for the received Wiegand protocol identifier, then, the receiver 118 provides a signal 120, in Wiegand format, to the controller 109. The signal 120 includes the decoded Wiegand identifier. In response to the signal 120, the controller 109 sends a 15 command, as depicted by an arrow 110, to a controlled item 111. The controlled item 111 may be a door locking mechanism on a secure door, or an electronic key circuit in a personal computer (PC) that is to be accessed by the user 101. It is noted that the receiver 118 receives the transmitted access signal 108 and converts it into a form that the controller 109 can use, as depicted by the arrow 120. As 20 the Wiegand protocol identifier is allocated entirely within a predetermined portion of the normal address space for Microchip (Keeloq) code entry modules (or transmitters) of the code entry module 103, the receiver 118 may be a conventional Microchip (Keeloq) receiver. However, such a conventional Microchip (Keeloq) receiver is modified so as to use the Wiegand protocol identifier received with the access signal 108 for accessing the 25 codes stored in the hash table.
- 17 The sub-system 117 maintains a unique sequence of codes for each of the code entry modules that the receiver 118 may encounter. Each of these code entry modules has a unique Wiegand protocol identifier corresponding to one of the sequences. The total number of possible code entry modules, each having a unique Wiegand identifier, and 5 accordingly, the total number of unique code sequences, is 2 (i.e., more than 16 million). A person skilled in the relevant art would appreciate that more or less code sequences may be possible. Each of these code sequences is stored in the database 115. In order to provide sufficient access for the receiver 118 to the stored codes, the codes are stored in a hash table or similar data structure within the database 115, as described 10 above. The receiver 118 may use a "hash table with linear probing" algorithm, as described above, to access the codes within the data structure. This allows the codes to be stored within a physical storage area of a size proportional to the number of active code entry modules. Such a hash table algorithm also requires the selection of a "hash function." The 24 bit Wiegand protocol identifier may be used as this hash function. 15 The code entry module 103 may also incorporate at least one mechanism for providing feedback to the user 101. This mechanism may, for example, take the form of one or more Light Emitting Diodes (LEDs) 122 which can provide visual feedback, depicted by an arrow 123 to the user 101. Alternately or in addition the mechanism can take the form of an audio signal provided by an audio transducer 124 providing audio 20 feedback 125. The codes generated by the code entry module 103 may be referred to as "rolling codes". Rolling codes provide a substantially non-replayable, non-repeatable and encrypted radio frequency data communications scheme for secure messaging. These codes use inherently secure protocols and serial number ciphering techniques which in the - 18 present disclosure hide the clear text values required for authentication between the key fob (transmitter) sub-system 116 and the receiver/controller 118/109. As described above, the rolling codes generated by the code entry module 103 use a different code variant each time the transmission of the access signal 108 occurs. 5 This is achieved by encrypting the data from the controller 107 with an encryption algorithm, as described above, and ensuring that successive transmissions of the access signal 108 are modified using a code and/or a look-up table or hash table known to both the transmitter sub-system 116 and the receiver sub-system 117. Using this approach, successive transmissions are modified, resulting in a non-repeatable data transfer, even if 10 the information from the controller 107 remains the same. The modification of the code in the access signal 108 for each transmission significantly reduces the likelihood that an intruder can access the information and replay the information to thereby gain entry at some later time. As described above, based on the Wiegand protocol identifier, the receiver 118 15 identifies the sequence of codes being used by the code entry module 103 and tests the code received in the access signal 108 against the most recent previously received code for the code entry module 103, this code having been stored in the database 115, this testing being depicted by the arrow 114. If the incoming code forming the access signal 108 is found "not to be" the next code in the sequence for that code entry module 103, 20 then the receiver 118 stores the Wiegand protocol identifier received in the access signal 108. The receiver 118 also then stores another code which is the next code expected in the sequence (the "expected next code") for the code entry module 103 (i.e., as identified by the Wiegand protocol identifier) after the code that was received in the access signal 108. The receiver 118 also starts a timer for a predetermined time. If another access signal 108 25 is received from the same code entry module 103 within the predetermined time and the - 19 code in the access signal 108 exactly matches the "expected next code" as previously stored, then the receiver 118 provides the signal 120 in the Wiegand format to the controller 109. The receiver 118 also stores a flag in the database 115 indicating that the receiver 118 and the code entry module 103 are "synchronised". Accordingly, the code 5 entry module 103 and the receiver 118 may be synchronised provided the code entry module 103 can generate two consecutive "in sequence" codes. The above method of synchronising the code entry module 103 and the receiver 118 is particularly advantageous over conventional Microchip (Keeloq) secure access arrangements using conventional Microchip (Keeloq) code entry modules (or 10 transmitters), which require physical operation of a switch mechanism in a receiver. The arrangement 100 described above can maintain security without the need to demonstrate physical access during synchronisation, since the arrangement 100 guarantees the authenticity of the code entry module 103, and hence the authenticity of the resultant Wiegand protocol identifiers. 15 The sub-system in Fig. 2 falling to the left hand side, as depicted by an arrow 116, of a dashed line 119 may be implemented in a number of different forms. The sub system 116 may for example be incorporated into a remote fob (which is a small portable device carried by the user 101), or alternately may be mounted in a protected enclosure on the outside jamb of a secured door. The sub-system 116 communicates with the sub 20 system 117 on the right hand side of the dashed line 119 via the wireless communication channel used by the access signal 108. The sub-system 117 is typically located in an inaccessible area such as a hidden roof space or alternately in a suitable protected area such as an armoured cupboard. The location of the sub-system 117 must of course be consistent with reliable reception of the wireless access signal 108.
-20 Although typically the communication channel uses a wireless transmission medium, there are instances where the channel used by the access signal 108 may use a wired medium. This is particularly the case when the transmitter sub-system 116 is mounted in an enclosure on the door jamb rather than in a portable key fob. 5 In the event that the sub-system 116 is implemented as a remote fob, the combination of the Wiegand identifier and the strongly encrypted wireless communication provides a particularly significant advantage over conventional secure access arrangements. The remote key fob arrangement allows easy installation, since the wired communication path 404 (see Fig. 1) is avoided. Other existing wiring elements of 10 the present systems 400 may be used where appropriate. Fig. 3 shows the method of operation of the sub-system 116 of Fig. 2 comprising the code entry module 103. The process 200 commences with a testing step 201 in which the code entry module 103 checks whether a request 102 is being received. If this is not the case, then the method 200 is directed in accordance with a NO arrow back to the step 15 201 in a loop. If, on the other hand, the request 102 has been received, then the method 200 is directed in accordance with a YES arrow to a step 202. In the step 202, the controller/transmitter 107 checks, as depicted by an arrow 112, the current code in the database 113. Then at the next step 203, the controller/transmitter 107 generates a new code in the sequence of codes for the code entry module 103 according to the Wiegand 20 protocol identifier allocated to the code entry module 103. At the next step 204, the newly generated code is encoded by the controller/transmitter 107 using one of the encryption algorithms described above, with the encryption algorithm being customised through the application of the secret key and the Wiegand protocol identifier. The Wiegand identifier is also encrypted at step 204, 25 using one of the encryption algorithms described above. In the subsequent step 205, the -21 controller 107 sends the appropriate access signal 108 to the receiver 109. The access signal comprises the encoded code and the encoded Wiegand protocol identifier. The process 200 is then directed in accordance with an arrow 206 back to the step 201. Fig. 4 shows the method of operation of the control sub-system 117 of Fig. 2. 5 The process 300 commences with a testing step 301 which continuously checks whether the access signal 108 has been received from the controller/transmitter 107. The step 301 is performed by the receiver 118. As long as the access signal 108 is not received the process 300 is directed in accordance with a NO arrow in a looping manner back to the step 301. When the access signal 108 is received, the process 300 is directed from the 10 step 301 by means of a YES arrow to a step 302. In the step 302, if the receiver 118 determines that the four bit fixed portion following the Wiegand protocol identifier included in the received access signal 108 correctly indicates that the serial number has been replaced by an encoded Wiegand protocol identifier, then the process 300 is directed from the step 302 by means of a YES arrow to a step 303. Otherwise, the process 300 is 15 directed in accordance with a NO arrow in a looping manner back to the step 301. At step 303, the receiver 118 decodes the code included in the access signal 108, using the encryption algorithm that was used to encode the code. The receiver 118 also decodes the Wiegand protocol identifier included in the signal 108. Then at step 304, the receiver 118 identifies the sequence of codes being used by the code entry module 103, 20 based on the Wiegand protocol identifier, and tests the code received in the access signal 108 against the most recent previously received code for the code entry module 103, this code having been stored in the database 115. If the incoming code forming the access signal 108 is found to be the next code in the sequence corresponding to the Wiegand protocol identifier included in the access signal 108, then the process 300 is directed from 25 the step 304 by means of a YES arrow to a step 305. In step 305, the receiver 118 -22 provides the signal 120 in the Wiegand format to the controller 109. The signal 120 comprises the Wiegand protocol identifier. In a subsequent step 308, the controller 109 sends a control signal 110 to the controlled item 111 (for example opening a secured door). The process 300 is then 5 directed from the step 308 as depicted by an arrow 308 back to the step 301. Returning to the testing step 304, if the incoming code forming the access signal 108 is found "not to be" the next code in the sequence corresponding to the Wiegand protocol identifier included in the received access signal 108, then the process 300 is directed from the step 304 by means of the NO arrow to step 306. At step 306, the 10 receiver 118 determines what the next code in the sequence corresponding to the Wiegand protocol identifier after the code that was received in the access signal 108 at step 301. This next code is the "next expected code" as described above. Then at the next step 309, the receiver 118 stores the code entry module's 103 Wiegand protocol identifier and the code determined at step 306 (i.e., the next expected code) in the database 115. The 15 receiver 118 also starts a timer to time out for a predetermined time (e.g., ten (10) seconds). In a subsequent step 310, if another access signal 108 is received from the same code entry module 103 (i.e., the access signal 108 contains the encoded Wiegand protocol identifier corresponding to the code entry module 103) within the predetermined time, 20 then the process 300 is directed from the step 310 by means of the YES arrow to step 311. Otherwise, the process 300 is directed from the step 310 by means of the NO arrow back to step 301. At step 311, if the incoming code included in the access signal 108 received at step 310 is found to be the code stored at step 309 (i.e., the next expected code), then the process 300 is directed from the step 311 by means of a YES arrow to step 307. 25 Otherwise, the process 300 is directed from the step 311 by means of the NO arrow back -23 to step 301. Accordingly, the code entry module 103 and the receiver 118 may be synchronised provided the code entry module 103 can generate two consecutive "in sequence" codes. One of the advantages of the arrangement 100 described above is that security 5 system upgrades may be made without replacing the Wiegand compatible controller 109. Accordingly, existing systems as are described in Fig. 1 may be upgraded by replacing the code entry module 403 and the transmission path 404, leaving the other components of the system 400 (ie., the controller 405, the code database 407, and the controlled item 409, together with existing wiring 408 and 406), largely intact. Minor programming 10 modifications may however be necessary to the receiver 118 so that the receiver 118 uses the Wiegand protocol identifier to interrogate the hash table stored in the database 115. When upgrading systems in this manner, the sub-system 116 may either be used in a remote fob configuration, or may be placed in a secure housing on an external door jamb. In the code entry module 103 described above, the code entry module 103 15 comprises a button 121 and the request 102 takes the form of a button press. In another embodiment as described below, the code entry module 103 may comprise a biometric sensor (not shown), either in place of the button 121 or as well as the buttons 121, and the request 102 may take a form which corresponds to the nature of the biometric sensor in the module 103. 20 In accordance with the further embodiment described below of the arrangement 100, the button 121 is replaced by a biometric sensor which will be referred to below as the "biometric sensor 121". If the biometric sensor 121 in the code entry module 103 is a fingerprint sensor, then the request 102 typically takes the form of a thumb press on a sensor panel (not shown) on the code entry module 103. In this instance, the code entry 25 module 103 would interrogate, as depicted by an arrow 104, a user identity database 105.
- 24 Thus, for example, if the request 102 is the thumb press on the biometric sensor 121 then the user database 105 contains biometric signatures for authorised users against which the request 102 can be authenticated. If the identity of the user 101 is authenticated successfully, then the code entry module 103 sends the signal 106 to the 5 controller/transmitter 107. Then, as at step 202, in response to receiving the signal 106, the controller/transmitter 107 checks, as depicted by the arrow 112, the current code in the database 113. The controller/transmitter 107 then generates a new code in the sequence of codes for the code entry module 103, as at step 203. As described above, the newly generated code is encrypted by the controller/transmitter 107 using one of the 10 encryption algorithms described above. The controller 107 then sends the appropriate access signal 108 to the receiver 109, as at step 205. The biometric signature database 105 is shown in Fig. 2 to be part of the transmitter sub-system 116. However, in an alternate arrangement, the biometric signature database 105 may be located in the receiver sub-system 117, in which case the communication 104 15 between the code entry module 103 and the signature database 105 may also be performed over a secure wireless communication channel such as the one used by the access signal 108. In the event that the secure access arrangement 100 is being applied to providing secure access to a PC, then the secured PC may store the biometric signature of the authorised user in internal memory, and the PC may be integrated into the receiver 20 sub-system 117 of Fig. 2. In addition to authenticating the user 101, the biometric sensor 121 in the code entry module 103 in conjunction with the controller 107 may also check other access privileges of the user 101. These access privileges may be contained in the database 105 which may be located either locally in the remote key fob, or in the receiver sub-system 25 117 as previously described. In one example, Tom Smith may firstly be authenticated as -25 Tom Smith using the thumb press by Tom on the biometric sensor panel (not shown). After Tom's personal biometric identity is authenticated, the transmitter sub-system 116 may check if Tom Smith is in fact allowed to use the particular door secured by the device 111 on weekends. Thus the security screening offered by the described 5 arrangement may range from simple authentication of the user's identity, to more comprehensive access privilege screening. The incorporation of the biometric sensor 121 into the code entry module 103 in the form of a remote key fob also means that if the user 101 loses the remote key fob, the user need not be concerned that someone else can use the code entry module 103. Since 10 the finder of the lost key fob will not be able to have his or her biometric signal authenticated by the biometric sensor 121 in the code entry module 103, the lost key fob is useless to anyone apart from the rightful user 101. The transmitter sub-system 116 is preferably fabricated in the form of a single integrated circuit (IC) to reduce the possibility of an authorised person bypassing the 15 biometric sensor 121 in the code entry module 103 and directly forcing the controller 107 to emit the access signal 108. The incorporation of the biometric sensor 121 into the code entry module 103, as described above, allows the user 101 to be validated. In this manner, the transmissions of the access signal 108 containing the encrypted code and Wiegand protocol identifier may 20 be limited to occur for only authorised users. The incorporation of the biometric sensor 121 into the code entry module 103, also allows the security of the arrangement of Fig. 2 to be maintained without the reliance on the physical security of the code entry modules. However, the incorporation of the biometric sensor 121 also creates the need for a method of allowing the enrolment of the user's biometrics.
- 26 Fig. 6 shows another process 700 of operation of the arrangement 100 of Fig. 2 where the code entry module 103 incorporates the biometric sensor 121, in accordance with the further embodiment. In this further embodiment, the process 700 is performed instead of the process 200 of Fig. 3. The code entry module 103 incorporating the 5 biometric sensor 121 is allocated a range of Wiegand protocol identifiers rather than just one Wiegand protocol identifier as with the first embodiment described above. The Wiegand protocol identifier in this range are distinct from those allocated to other code entry modules sharing the same "secret" key as described above. The Wiegand protocol identifier being used at any particular time is referred to as the "current" Wiegand 10 protocol identifier. The process 700 commences with a step 701 that determines if a biometric signal has been received by the biometric sensor 121 in the code entry module 103. If not, then the process 700 follows a NO arrow back to the step 701. If however a biometric signal has been received, then the process 700 follows a YES arrow to a step 702 that 15 determines if the user ID database 105 in Fig. 2 is empty. This would be the case, for example, if the code entry module is new and has never been used, or if the user 101 has erased all the information in the database 105 (as will be described in detail below). If the database 105 is empty, then the process 700 is directed by an arrow 703 to 706 in Fig. 8 which depicts a process 800 dealing with the enrolment or the 20 administration function for loading relevant signatures into the database 105. If on the other hand the database 105 is not empty, then the process 700 is directed to a step 704 that determines if the biometric signal that has been received is an administrator's biometric signal. The arrangement 100 comprising the code entry module 103 incorporating the 25 biometric sensor 121 may accommodate at least three classes of user, namely - 27 administrators, (ordinary) users, and duress users. The administrators have the ability to amend data stored, for example, in the database 105, while the ordinary users preferably do not have this capability. The first user of the code entry module 103, whether this is the user who purchases the module, or the user who programs the module 103 after all 5 data has been erased from the database 105, is automatically categorised as an administrator. This first administrator may direct the arrangement 100 to either accept further administrators, or alternately to only accept further ordinary users. Although the present description refers to "users", in fact it is "fingers" which are the operative entities in operation of the arrangement 100 where the biometric sensor 10 121 is a fingerprint sensor. In this event, a single user may enrol two or more of his or her own fingers as separate administrators or (ordinary) users of the arrangement 100, by storing corresponding fingerprints for corresponding fingers in the database 105 via the enrolment process 800 (see Fig. 8). Some class overlap is possible. Thus a stored biometric signature can belong to 15 an administrator in the duress class. The first administrator may provide control information to the code entry module 103 by providing a succession of finger presses to the biometric sensor 121, providing that these successive presses are of the appropriate duration, the appropriate quantity, and are input within a predetermined time. In one arrangement, the control information is 20 encoded by either or both (a) the number of finger presses and (b) the relative duration of the finger presses. If the successive finger presses are provided within this predetermined time, then the controller 107 accepts the presses as potential control information and checks the input information against a stored set of legal control signals. One example of a legal control signal can be expressed as follows: 25 "Enrol an ordinary user" -> dit, dit, dit, dah -28 where "dit" is a finger press of one second's duration (provided by the user 101 in response to the feedback provided by the Amber LED as described below), and "dah" is a finger press of two second's duration. In the event that a legitimate sequence of finger presses are not delivered within 5 the predetermined time, then the presses are considered not to be control information and merely to be presses intended to provide access to the controlled item 111. Legitimate control sequences are defined in Read Only Memory (ROM) in the controller 107. The code entry module 103 has feedback signalling mechanisms 122, implemented for example by a number of LEDs 122 and an audio transducer 124, 10 implemented by an audio transducer. The LEDs 122 and the audio transducer 124 are used by the controller to signal the state of the code entry module 103 to the user 101, and to direct the administration process. Thus, in one example, three LEDs, being Red, Amber and Green are provided. When the Amber LED is flashing, it means "Press the sensor". When the Amber 15 LED is steady ON, it means "Maintain finger pressure". When the Amber LED is OFF, it means "Remove finger pressure". When the arrangement 100 enters the enrolment state (depicted by the process 800 in Fig. 8), then the audio transducer 124 emits the "begin enrolment" signal (dit dit dit dit) and the Red LED flashes. Enrolment of a normal user (according to the step 807 in Fig. 8) is signalled by the OK audio signal (dit dit) and a 20 single blink of the Green LED. Returning to the step 704, if the step determines that the biometric signal received is an administrator's signal, then the process 700 is directed by a YES arrow to 706 in Fig. 8 as depicted by the arrow 703. If on the other hand, the step 704 indicates that the received biometric signal does not belong to an administrator then the process 25 700 is directed by a NO arrow to 707 in Fig. 7.
- 29 Fig. 7 shows the access process 600 by which a biometric signal 102 (see Fig. 2) is processed in order to provide access to the controlled item 111, or to take other action. Entering the process at 707 from Fig. 6, the process 600 proceeds to a step 602 that compares the received biometric signal to biometric signatures stored in the database 105. 5 A following step 603 determines if the received signal falls into the "duress" category. Biometric signals in this category indicate that the user 101 is in a coercive situation where, for example, an armed criminal is forcing the user 101 to access the secure facility (such as a bank door). If the step 603 determines that the received biometric signal is in the duress class, then a following step 604 prepares a "duress" bit for incorporation into 10 the code access signal 108. The aforementioned duress bit is an access attribute of the biometric signal 102. Thereafter the process 600 proceeds to a step 605. Modules used in the code entry module for producing the rolling code enable a number of user defined bits to be inserted into the access signal 108, and these bits may be used to effect desired control functions in the receiver sub-system 117. The disclosed 15 arrangement 100 utilises four such user bits, namely (a) to indicate that the user belongs to the duress category, (b) to indicate a "battery low" condition, or other desired system state or "telemetry" variable, for the code entry module 103, (c) to indicate that the biometric signal represents a legitimate user in which case the secure access to the controlled item 111 is to be granted, or (d) to indicate that the biometric signal is 20 unknown, in which case the controller 109 in the receiver sub-system 117 sounds an alert tone using a bell (not shown) or the like. Returning to Fig. 7, if the step 603 determines that the biometric signal is not in the duress class, then the process 600 proceeds according to a NO arrow to the step 605. The step 605 determines if the code entry module 103 has a low battery condition, in 25 which event the process 600 proceeds according to a YES arrow to a step 606 that -30 prepares a telemetry bit for insertion into the access signal 108. The aforementioned telemetry bit is an access attribute of the biometric signal 102. Thereafter, the process proceeds to a step 607. If the step 605 determines that telemetry signalling is not required, then the 5 process 600 proceeds according to a NO arrow to the step 607. The step 607 checks the biometric signal against the biometric signatures in the database 105. If the received biometric signal matches a legitimate signature in the database 105, then the process 600 is directed to a step 608 that prepares an "access" bit for insertion into the access signal 108. This access bit directs the controller 109 in the receiver sub-system 117 to provide 10 access to the controlled item 111. The aforementioned access bit is an access attribute of the biometric signal 102. The process 600 then proceeds to a step 610. If the step 607 determines that the biometric input signal does not match any legitimate biometric signatures in the database 105, then the process 600 proceeds according to a NO arrow to a step 609 that prepares an "alert" bit for insertion into the 15 access signal 108. The aforementioned alert bit is an access attribute of the biometric signal 102. This alert bit directs the controller 109 (a) not to provide access to the controlled item 111, and (b) to provide an alert tone, like ringing a chime or a bell (not shown), to alert personnel in the vicinity of the receiver sub-system 117 that an unauthorised user is attempting to gain access to the controlled item 111. The alert bit 20 may also cause a camera mounted near the controlled item 111 to photograph the unauthorised user for later identification of that person. The camera may be activated if the person attempting to gain access is unauthorised, and also if the person attempting to gain access is authorised but uses a duress signature. An optional additional step (not shown) may prepare an identification field for 25 insertion into the access signal 108. This sends, to the receiver sub-system 117, ID -31 information that the receiver sub-system 117 may use to construct an audit trail listing which users, having signatures in the database 105, have been provided with access to the controlled item 111. The process 600 is then directed to the step 610, where the controller/transmitter 5 107 checks, as depicted by an arrow 112 in Fig. 2, the current code in the database 113. Then at the next step 613, the controller/transmitter 107 generates a new code in the sequence of codes for the code entry module 103 according to the current Wiegand protocol identifier. At the next step 615, the newly generated code is encoded by the controller 107 using one of the encryption algorithms described above, with the 10 encryption algorithm being customised through the application of the secret key and the current Wiegand protocol identifier. The Wiegand identifier is also encoded at step 204, using one of the encryption algorithms described above. In the subsequent step 617 the controller/transmitter 107 sends the appropriate access signal 108 to the receiver 109. The access signal 108 includes the encoded code and the current encoded Wiegand 15 protocol identifier. Also, in the embodiment of Figs. 7 to 9, the access signal 108 also includes the various user defined bits. The process 200 is then directed in accordance with an arrow 611 to 705 of Fig. 6. Fig. 8 shows a process 800 for implementing various enrolment procedures. The process 800 commences at 706 from Fig. 6 after which a step 801 determines if the 20 biometric signal is a first administrator's signal (which is the case if the database 105 is empty). If this is the case, then the process 800 is directed to a step 802 that stores a biometric signature, representing the received biometric signal, in the database 105. From a terminology perspective, this first administrator, or rather the first administrator's first finger (in the event that the biometric sensor 121 is a fingerprint sensor), is referred to as 25 the "superfinger". Further administrator's fingers are referred to as admin-fingers, and -32 ordinary users fingers are referred to merely as "fingers". The reason that someone would enrol more than one of their own fingers into the system is to ensure that even in the event that one of their enrolled fingers is injured, the person can still operate the system using another enrolled finger. 5 It is noted that the step 802, as well as the steps 805, 807 and 809 involve sequences of finger presses on the biometric sensor 121 in conjunction with feedback signals from the LEDs 122 and/or the audio speaker 124. The process 800 then proceeds to a step 810 that determines if further enrolment procedures are required. If this is the case, then the process 800 proceeds by a YES arrow back to the step 801. If no further 10 enrolment procedures are required, then the process 800 proceeds by a NO arrow to 705 in Fig. 6. Returning to the step 801, if the biometric signal is not a first administrator's signal, then the process 800 proceeds by a NO arrow to a step 803. The step 803 determines if a further administrator signature is to be stored. It is noted that all signatures 15 stored in the database are tagged as belonging to one or more of the classes of administrator, ordinary user, and duress users. If a further administrator signature is to be stored, then the process 800 proceeds by a YES arrow to the step 802 that stores the biometric signal as a further administrator's signature. If a further administrator's signature is not required, then the process 800 20 proceeds according to a NO arrow to a step 804 that determines if a duress signature is to be stored. If this is the case then the process 800 follows a YES arrow to a step 805 that stores a duress signature. The process 800 then proceeds to the step 810. If however the step 804 determines that a duress signature is not required, then the process 800 proceeds by a NO arrow to step 806.
-33 The step 806 determines if a further simple signature (i.e., belonging to an ordinary user) is to be stored. If a further simple signature is to be stored, then the process 800 proceeds by a YES arrow to the step 807 that stores a representation of the received biometric signal as a further ordinary signature. 5 If a further simple signature is not required, then the process 800 proceeds according to a NO arrow to a step 808 that determines if any or all signatures are to be erased from the database 105. The determination of whether all signatures are to be erased from the database 105 at step 808 may be made based on an "erase all" control (not shown) incorporated into the code entry module 103. If any or all signatures are to 10 be erased from the database 105 then the process 800 follows a YES arrow to a step 809 that erases the desired signatures. If all of the signatures in the database 115 are erased at step 809, the controller/transmitter 107 changes the current Wiegand protocol identifier to a previously unused value from the range of Wiegand protocol identifiers allocated to the code entry 15 module 103. If no previously unused values from the range of Wiegand protocol identifiers allocated to the code entry module 103 are available, then the code entry module 103 is completely non-functional and the process 800 concludes at step 809 and will not return to 705 of Fig. 6. If all of the signatures in the database 115 are erased at step 809, the database 20 115 will be determined to be empty at a subsequent execution of step 702 of the process 700. Further, the code entry module 103 will appear as completely new to the receiver 118 and any existing synchronisation between the code entry module 103 and the receiver 118 will be revoked. That is, the flag in the database 115 indicating that the receiver 118 and the code entry module 103 are "synchronised" will be reset to indicate that the code 25 entry module 103 and the receiver 118 are not synchronised. In the instance that -34 synchronisation is revoked as described above, the code entry module 103 and the receiver 118 may be synchronised provided the code entry module 103 can generate two consecutive "in sequence" codes or through physical operation of a switch mechanism as described above. 5 If the code entry module 103 is still functional (i.e., there are still unused values from the range of Wiegand protocol identifiers allocated to the code entry module 103) following step 809, then the process 800 then proceeds to the step 810. Further, if the step 804 determines that no signatures are to be erased, then the process 800 proceeds by a NO arrow to the step 810. 10 Fig. 9 shows another enrolment process relating to the example of Fig. 6. The process 900 commences at 706 from Fig. 6 after which a step 901 determines if the received biometric signal comes from the first administrator. If this is the case, then the process 900 proceeds according to a YES arrow to a step 902. The step 902 emits an "Enrolment" tone and flashes the green LED once only. Thereafter, a step 905 reads the 15 incoming biometric signal which is provided by the user as directed by the Amber LED. When the Amber LED flashes continuously, this directs the user to "Apply Finger". When the Amber LED is in a steady illuminated state, this directs the user to "Maintain Finger Pressure". Finally, when the amber LED is off, this directs the user to "Remove Finger". 20 Returning to the step 901, if the incoming biometric signal does not belong to the first administrator, then the process 900 proceeds according to a NO arrow to a step 903. The step 903 emits an "Enrolment" tone, and flashes the Red LED in an on-going fashion. Thereafter, the process 900 proceeds according to an arrow 904 to the step 905. Following the step 905, a step 906 determines whether the incoming biometric 25 signal is legible. If this is not the case, then the process 900 proceeds according to a NO - 35 arrow to a step 907. The step 907 emits a "Rejection" tone, after which the process 900 is directed, according to an arrow 908 to 705 in Fig. 6. Returning to the step 906, if the incoming biometric signal is legible, then the process 900 follows a YES arrow to a step 909. The step 909 determines whether the finger press exceeds a predetermined time. If 5 this is not the case, then the process 900 follows a NO arrow to a step 910 which stores a representation of the biometric signal, which in the present case is stored as a fingerprint signature. Thereafter the process 900 follows an arrow 911 to 705 in Fig. 6. Returning to the step 909 if the finger press does exceed the predetermined period, then the process follows a YES arrow to a step 912. The step 912 erases any or all 10 relevant signatures depending upon the attributes of the incoming biometric signal. Thus, for example, if the incoming biometric signal belongs to an ordinary user, then the ordinary user's signature in the database 105 is erased by the step 912. If, on the other hand, the incoming biometric signal belongs to the first administrator, then all the signatures in the database 105 are erased. Administrators who are not the first 15 administrator may be granted either the same powers as the first administrator in regard to erasure of signatures, or can be granted the same powers as ordinary user in this respect. Again, the determination of whether all signatures are to be erased from the database 105 at step 912 may be made based on an "erase all" control (not shown) incorporated into the code entry module 103. Further, if all of the signatures in the 20 database 115 are erased at step 912, the controller/transmitter 107 changes the current Wiegand protocol identifier to a previously unused value from the range of Wiegand protocol identifiers allocated to the code entry module 103. If no previously unused values from the range of Wiegand protocol identifiers allocated to the code entry module 103 are available, then the code entry module 103 is completely non-functional and the 25 process 900 concludes at step 912 and will not return to 705 of Fig. 6.
- 36 If the code entry module 103 is still functional (i.e., there are still unused values from the range of Microchip (Keeloq) serial numbers allocated to the code entry module 103) following step 912, then the process 900 follows an arrow 913 to 705 in Fig. 6. Fig. 5 is a schematic block diagram of the arrangement 100 in Fig. 2. The 5 disclosed secure access methods are preferably practiced using the arrangement 100 in the form of a computer system, such as that shown in Fig. 5 wherein the processes of Figs. 3 4 and 6-9 may be implemented as software, such as application program modules executing within the arrangement 100. In particular, the described method steps are effected by instructions in the software that are carried out under direction of the 10 respective controller 107 and controller 109 (and receiver 118) in the transmitter and receiver sub-systems 116 and 117. The instructions may be formed as one or more code modules, each for performing one or more particular tasks. The software may also be divided into two separate parts, in which a first part performs the provision of secure access methods and a second part manages a user interface between the first part and the 15 user. The software may be stored in a computer readable medium, including the storage devices described below, for example. The software is loaded into the transmitter and receiver sub-systems 116 and 117 from the computer readable medium, and then executed under direction of the respective controllers 107 and 109 (and receiver 118). A computer readable medium having such software or computer program recorded on it is a computer 20 program product. The use of the computer program product in the computer preferably effects an advantageous apparatus for provision of secure access. The following description is directed primarily to the transmitter sub-system 116, however the description applies in general to the operation of the receiver sub-system 117. The arrangement 100 is formed, having regard to the transmitter sub-system 116, by 25 the controller module 107, input devices such as the button 121 (or biometric sensor in - 37 the case of the further embodiment), output devices including the LED display 122 and the audio device 124. A communication interface/transceiver 1008 is used by the controller module 107 for communicating to and from a communications network 1020. Although Fig. 2 shows the transmitter sub-system 116 communicating with the receiver 5 sub-system 117 using a direct wireless link for the access signal 108, this link used by the access signal 108 can be effected over the network 1020 forming a tandem link comprising 108-1020-108'. The aforementioned communications capability may be used to effect communications between the transmitter sub-system 116 and the receiver sub system 117 either directly or via the Internet, and other network systems, such as a Local 10 Area Network (LAN) or a Wide Area Network (WAN). The controller module 107 typically includes at least one processor unit 1005, and a memory unit 1006, for example formed from semiconductor random access memory (RAM) and read only memory (ROM). The controller module 107 also includes a number of input/output (1/0) interfaces including an audio-video interface 1007 that 15 couples to the LED display 122 and audio speaker 124, an I/O interface 1013 for the button 121, and the interface 1008 for communications. The components 1007, 1008, 1005, 1013 and 1006 of the controller module 107 typically communicate via an interconnected bus 1004 and in a manner which results in a conventional mode of operation of the controller 107 known to those in the relevant art. 20 Typically, the application program modules for the transmitter sub-system 116 are resident in the memory 1006 iROM, and are read and controlled in their execution by the processor 1005. Intermediate storage of the program and any data fetched from the bio sensor 121 and the network 1020 may be accomplished using the RAM in the semiconductor memory 1006. In some instances, the application program modules may 25 be supplied to the user encoded into the ROM in the memory 1006. Still further, the -38 software modules can also be loaded into the transmitter sub-system 116 from other computer readable media, say over the network 1020. The term "computer readable medium" as used herein refers to any storage or transmission medium that participates in providing instructions and/or data to the transmitter sub-system 116 for execution and/or 5 processing. Examples of storage media include floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the transmitter sub-system 116. Examples of transmission media include radio or infra-red transmission channels as well as a network connection to 10 another computer or networked device, and the Internet or Intranets including e-mail transmissions and information recorded on Websites and the like. As described above, the code entry module 103 incorporating the biometric sensor 121 is allocated a range of Wiegand protocol identifiers. In still another arrangement, the code entry module 103 may comprise a plurality of buttons similar to the button 121 15 shown in Fig. 2. In this instance, each of these buttons may have a different Wiegand protocol identifier, with each Wiegand identifier having a unique sequence of codes. Accordingly, pressing different ones of the buttons will result in different codes being sent by the code entry module 103. As described above, the encoded Wiegand protocol identifier is inserted into bits 20 zero (0) to twenty three (23) of the normal Microchip (Keeloq) serial number address space for the code entry module 103. The remaining four bits (i.e., bits twenty four (24) to twenty seven (27)) of the Microchip (Keeloq) serial number are set to a predetermined fixed value (e.g., a series of '1's) indicating that the Microchip (Keeloq) serial number has been replaced by an encoded Wiegand protocol identifier. Alternatively, two or more 25 of the remaining four bits may be may be used to indicate user groups. In this instance, -39 the code entry module 103 will only be accepted by the receiver 118 if the code entry module 103 and the receiver 118 are in the same user group. In one example, bits twenty six (26) and twenty seven (27) may be set to '1', while the remaining two bits (i.e., bits twenty four (24) and twenty five (25)) are set to a user group number. 5 Code entry modules may also be allocated to different user groups by using a different secret key, as described above, in each of the code entry modules. For example, one or more of the code entry modules may be allocated a particular secret key indicating one user group and one or more other code entry modules may be allocated a different secret key indicating a different user group. 10 Industrial Applicability It is apparent from the above that the arrangements described are applicable to the security industry. The foregoing describes only some embodiments of the present invention, and modifications and/or changes can be made thereto without departing from the scope and 15 spirit of the invention, the embodiments being illustrative and not restrictive. The arrangement 100 may also be used to provide authorised access to lighting systems, building control devices, exterior or remote devices such as air compressors and so on. The concept of "secure access" is thus extendible beyond mere access to restricted physical areas.

Claims (5)

1. A transmitter sub-system for transmitting a secure access signal for use in a system for providing secure access to a controlled item, the transmitter sub-system 5 comprising: means for storing a Wiegand protocol identifier; means for generating a code from a sequence of codes based on the Wiegand protocol identifier, upon a button of the sub-system being pressed; and means for transmitting said secure access signal comprising the code and the 10 Wiegand protocol identifier.
2. A transmitter sub-system according to claim 1, wherein the transmitter sub system is incorporated into a remote fob. 15
3. A system for providing secure access to a controlled item, the system comprising: a transmitter sub-system: means for storing a Wiegand protocol identifier; means for generating a code from a sequence of codes based on the 20 Wiegand protocol identifier, upon a button of the sub-system being pressed; and means for transmitting a secure access signal comprising the code and the Wiegand protocol identifier; and a receiver sub-system comprising; means for receiving the transmitted secure access signal; and -41 means for providing secure access to the controlled item depending on said code and said Wiegand protocol identifier.
4. A method of transmitting a secure access signal for use in a system for providing 5 secure access to a controlled item, the method comprising the steps of: generating a code from a sequence of codes based on a Wiegand protocol identifier, upon a button of said system being pressed; and transmitting a secure access signal comprising the code and the Wiegand protocol identifier, wherein said secure access signal is configured to be received by a 10 controller of said controlled item for determining whether secure access is provided to the controlled item.
5. A computer readable medium having a computer program recorded therein for transmitting a secure access signal for use in a system for providing secure access to a 15 controlled item, said computer program comprising: code for receiving a request; code for generating a secure code from a sequence of codes based on a Wiegand protocol identifier, upon a button of said system being pressed; and - 42 code for transmitting a secure access signal comprising the secure code and the Wiegand protocol identifier, wherein said secure access signal is configured to be received by a controller of said controlled item for determining whether conditional 5 access is provided to the controlled item. DATED this 2nd Day of March 2010 10 MICROLATCH PTY PTD Patent Attorneys for the Applicant SPRUSON&FERGUSON
AU2009100853A 2006-10-13 2009-08-25 A secure wireless remote entry system Expired AU2009100853B4 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2009100853A AU2009100853B4 (en) 2006-10-13 2009-08-25 A secure wireless remote entry system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AU2006905707 2006-10-13
AU2006905707A AU2006905707A0 (en) 2006-10-13 A secure wireless remote entry system
AU2007306965A AU2007306965A1 (en) 2006-10-13 2007-03-13 A secure wireless remote entry system
AU2009100853A AU2009100853B4 (en) 2006-10-13 2009-08-25 A secure wireless remote entry system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU2007306965A Division AU2007306965A1 (en) 2006-10-13 2007-03-13 A secure wireless remote entry system

Publications (2)

Publication Number Publication Date
AU2009100853A4 AU2009100853A4 (en) 2009-10-08
AU2009100853B4 true AU2009100853B4 (en) 2010-04-29

Family

ID=39282329

Family Applications (2)

Application Number Title Priority Date Filing Date
AU2007306965A Abandoned AU2007306965A1 (en) 2006-10-13 2007-03-13 A secure wireless remote entry system
AU2009100853A Expired AU2009100853B4 (en) 2006-10-13 2009-08-25 A secure wireless remote entry system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
AU2007306965A Abandoned AU2007306965A1 (en) 2006-10-13 2007-03-13 A secure wireless remote entry system

Country Status (2)

Country Link
AU (2) AU2007306965A1 (en)
WO (1) WO2008043125A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2206277A4 (en) 2007-10-22 2013-02-13 Microlatch Pty Ltd A transmitter for transmitting a secure access signal
US8358783B2 (en) 2008-08-11 2013-01-22 Assa Abloy Ab Secure wiegand communications
US8937528B2 (en) * 2012-09-12 2015-01-20 Ford Global Technologies, Llc Apparatus and method for registering users and managing biometric data thereof in a vehicle
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2006203768A1 (en) * 2005-08-31 2007-03-15 Assa Abloy Ab Device authentication using a unidirectional protocol

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6980655B2 (en) * 2000-01-21 2005-12-27 The Chamberlain Group, Inc. Rolling code security system
EP0771498B1 (en) * 1995-05-17 2007-05-09 The Chamberlain Group, Inc. Rolling code security system
US6026165A (en) * 1996-06-20 2000-02-15 Pittway Corporation Secure communications in a wireless system
US6484260B1 (en) * 1998-04-24 2002-11-19 Identix, Inc. Personal identification system
US6956495B2 (en) * 2001-05-22 2005-10-18 oneLINK System and method for remote opening of handicap access doors
US6956460B2 (en) * 2002-01-15 2005-10-18 Tsui Philip Y W Transmitter for operating rolling code receivers
AU2003267878A1 (en) * 2002-10-22 2004-05-13 Anzon Autodoor Limited Access control system
US6882729B2 (en) * 2002-12-12 2005-04-19 Universal Electronics Inc. System and method for limiting access to data
AU2003904317A0 (en) * 2003-08-13 2003-08-28 Securicom (Nsw) Pty Ltd Remote entry system
US7193502B2 (en) * 2004-03-06 2007-03-20 Wayne-Dalton Corp. Operating system and methods for seeding a random serial number for radio frequency control of a barrier operator's accessories

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2006203768A1 (en) * 2005-08-31 2007-03-15 Assa Abloy Ab Device authentication using a unidirectional protocol

Also Published As

Publication number Publication date
WO2008043125A1 (en) 2008-04-17
AU2009100853A4 (en) 2009-10-08
AU2007306965A1 (en) 2008-04-17

Similar Documents

Publication Publication Date Title
US9665705B2 (en) Remote entry system
US11947649B2 (en) Locking device biometric access
US8112278B2 (en) Enhancing the response of biometric access systems
KR100911856B1 (en) Entry control system and entry control method
CA2527836C (en) An in-circuit security system and methods for controlling access to and use of sensitive data
JP2005512204A (en) Portable device and method for accessing a data key activated device
JPH11265432A (en) Personal identification fob
US8112632B2 (en) Security devices, systems and computer program products
KR101613476B1 (en) Face recognition based authenticable door-lock control system
AU2009100853B4 (en) A secure wireless remote entry system
WO2008031143A1 (en) Password generator
JPH1030367A (en) Identification signal checking device and identification signal checking method
WO1999045717A1 (en) Personal access code remote control
AU2005316195A1 (en) Enhancing the response of biometric access systems
JP2006186484A (en) Verification system
KR20040075869A (en) Portable device and method for accessing data key actuated devices
JP2011090667A (en) Memory lock system of microelectronics

Legal Events

Date Code Title Description
FGI Letters patent sealed or granted (innovation patent)
FF Certified innovation patent
MK22 Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry