US 20050184857 A1
A security container with an electronic lock circuit is used to securely store mechanical keys or other valuable items. Items to be protected are placed in a secured location in the security container. A detector of the security container detects whether the items are indeed in the secured location, such as by means of receiving signals from a transponder attached to the items. The security container is locked only if the items are detected to be in the secured location. Audit trail records for the locking and unlocking events of the security container may be downloaded for analysis. A monitoring device with a location identification device, such as a GPS sensor, may be attached to items to be monitored for tracking locations and activities of the items.
1. A security container comprising:
an electronic lock control circuit for controlling operations of the lock;
a closure for containing an item to be protected, the closure being movable to an open position for receiving the item and a closed position in which the item contained in the closure is not accessible; and
a detector for detecting presence of the item in the closure, the detector and the closure being disposed such that the item in the closure is detectable by the detector when the closure is in the closed position, the electronic lock control circuit being configured to actuate the lock to lock the closure in the closed position only if the detector has detected the presence of the item in the closure at the closed position.
2. A security container as in
3. A security container as in
4. A security container as in
5. A security container as in
6. A security container as in
7. A security container as in
8. A security container as in
9. A security container as in
10. A security container as in
11. A security container as in
12. A security container as in
13. A security storage system comprising:
a security container having a lock, an electronic lock control circuit for controlling operation of the lock, and a closure for containing an item to be protected, the closure being movable to an open position for receiving the item and a closed position in which the item contained in the closure is not accessible, and a detector for detecting presence of the item in the closure, the detector and the closure being disposed such that the item in the closure is detectable by the detector when the closure is in the closed position;
a transponder attached to the item to be protected, the transponder generating a detection signal detectable by the detector when the transponder is contained in the closure in the closed position,
the electronic lock control circuit being configured to actuate the lock to lock the closure in the closed position only if the detector has detected the presence of the transponder in the closure at the closed position.
14. A security storage system as in
15. A security storage system as in
16. A security storage system as in
17. A security storage system as in
18. A security storage system as in
19. A security storage system as in
20. A security storage system as in
21. A security storage system as in
22. A monitoring apparatus for tracking a location of an item being monitored, comprising:
a location sensor for sensing a location of the apparatus;
an event sensor for sensing a parameter indicative of an event occurring to the monitoring apparatus;
a microprocessor for processing readings of the location and motion sensors and storing audit records in the memory, the audit records having data indicative of the readings of the location and motion sensors and data providing timing information for the readings;
a communication component for transferring the audit data to an external device; and
means for attaching the monitoring apparatus to the item to be monitored.
23. A monitoring apparatus as in
24. A monitoring apparatus as in
25. A monitoring apparatus as in
This application is a continuation-in-part of U.S. application Ser. No. 11/010,661 filed Dec.13, 2004, which claims the priority of U.S. Provisional Application 60/528,831, filed Dec. 11, 2003.
This invention relates to an electronic security system and method for monitoring the location of and controlling access to mechanical keys or other types of valuable items.
Mechanical locks and keys have been used on vending machines for over the past 50 years. One particular problem with mechanical keys is the difficulty in keeping track of the whereabouts and usage to ensure that the mechanical keys are not used by unauthorized persons or by authorized persons but at unauthorized times or places. For instance, mechanical keys for vending machines are typically given to employees responsible for assigned vending machine routes. The employee for a given route has a schedule for visiting the vending machines on the route at particular times to collect money and restocking goods in the machines. It has been a common concern that the mechanical keys for the vending machines may be stolen and used by thieves to steal money and goods from the machines. Also, it is a concern that the keys may be used either by authorized or unauthorized persons at unauthorized times to access the vending machines. What is required is an electronic security system to overcome some of the management and security problems associated with the use of mechanical keys.
In view of the foregoing, it is an object of the invention to monitor the location, position, and operation capability of access control devices, especially mechanical keys.
It is an object of the invention to provide an apparatus to secure, enable/disable, and track the location and disposition of access control devices such mechanical keys, and other valuable items such as money, fire arms, tools, etc.
It is a related object of the invention to provide a record regarding the location and accessibility of an access control device or valuable item being monitored for auditing purposes.
These objects and other advantages of the invention will be apparent from the detailed description provided herein.
FIGS. 25 A-D are schematic diagrams of a security container in the form of a safe that is configured for securely storing valuable items such as mechanical keys;
The present invention provides a system and method for monitoring the location of mechanical keys and/or other access control devices or valuable items, to prevent unauthorized access to the keys or valuable items. Prior to describing embodiments of the invention, a system for managing electronic keys used for accessing vending machines or the like and for managing audit data collected by the electronic keys from the vending machines is first described with reference to
In an embodiment shown in
As illustrated in
The database 35, software 34 and cradle 36 transceiver interface systems are limited for secure operation on only one particular computer 32 by means of registration. The software programs and the cradle can properly function only after they are registered with an authorized control center. Thus, a thief cannot install stolen components on a computer at an unauthorized location. The steps of an exemplary registration process are described with reference to
The registration process described above links together the serial numbers assigned to and/or embedded in the software 34, the interface cradle station 36, and the computer 32 to create an authorization number stored in the database 35. Each time the software 34 is restarted, it reads the serial numbers of each of the components to calculate the authorization number, and then compares this number to the authorization number in the database to make sure they match before operating. If the calculated authorization number does not match the stored authorization number, the software does not allow the user to access the system management functions, and the system is inoperative.
Turning now to
In accordance with a feature of the embodiment, the operation of refreshing the key and downloading data from the key is automatic, without requiring a user to oversee or activate each of the steps involved in the process. All the user has to do to initiate the key refreshing operation is to place the key 31 in the cradle 36 and press the transmit button 39 of the key, and the software program 34 will finish the operation without requiring further attention from the user or system administrator. During this process the database 35 proceeds to service the key without prompting the user to enter any information or data at the computer either before or after the key is initiated. As a result, the key refreshing operation may run in the background, without the need to have an open window on the computer screen, thereby allowing the computer 32 to be used for other operations such as word processing or communications over the Internet. To service the next key, the previous key is removed, the new key is inserted and its transmit button is pressed. Again, the database proceeds to service the key without prompting the user to enter any information or data at the computer either before or after the key is initiated. The docking or refresh operation can be performed without the supervisors present, which allows the system to perform without daily maintenance.
As shown in
The electronic keys contain certain key codes for access authorization purposes. It is desirable to limit which keys can be serviced by which computers such that stolen or lost keys cannot be serviced at computers they are not authorized to be serviced at. Thus, the database preferably contains a feature to limit which serial number sequence keys it will service and which it will not service. If a key is not in this serial number range, the database, computer, and software will refuse to service it. The limit parameters are usually entered into the database by a supervisor just after installing the software.
Certain set-up procedures are implemented in the system in order to make the security features of the system useful and easy to use.
In managing the keys in an on-going basis, the supervisor may use the system to check the limit parameter status of the keys to quickly see which keys are either expired or approaching the end of their operation limit parameters. This is accomplished for example by selecting the “Edit Key Limit” menu on the main screen of
Next, the electronic locks to be accessed with the keys need to be assigned to Customers, locations, and/or asset identifier numbers (identification data).
In one procedure shown in
In another procedure also shown in 6A, the lock serial number 90 is not printed on a label, but is read from the lock by a diagnostic tool 92 to make certain the correct serial number is recorded. This number can be visually read from the tool display, recorded along with the customer, location, and/or asset identifier number, and manually entered into the database. In this procedure, a lost label on the lock will not impede the process.
In another procedure shown in
Lock-Database Data Exchange
Data may be exchanged to/from electronic locks of vending machines and the key management database 35. One method involves using an electronic key to collect the audit information in the lock and ultimately transfer this data to the database 35. In alternative embodiments, wireless communications may be used for the data transfer. For example, the lock can communicate directly (or indirectly) through a wireless medium to a computer transceiver interface to transfer the data to/from the database. The preferred embodiment described below uses the electronic keys to transfer the access limits and the audit trail information, but this invention is not limited to this method.
During service of the key 31, data is exchanged from the key to the computer 32 and from the computer to the key as described in
In the event of multiple computers authorized to service the same keys, rather than having multiple computers with multiple databases local to the respective computers, it may be more convenient to have one database residing on a central server or shared drive so more than one computer and cradle can be used to service the keys. Thus, the authority to service the key resides in one database and all of the data exchanged is managed in one database rather than multiple databases. In that case, the data exchanged from the key to the computer may be immediately transported to the database or stored locally at the computer and later processed by the computer and loaded in the remotely located database. This may be a more desirable process since the data transfer may be very time consuming during heavy traffic hours on the network and may better and more reliably be transferred during low traffic times.
During this data exchange process, the health of the electronic key can be diagnosed. For example, the clock in the electronic key is read by the computer and compared to the clock in the computer. If there is a mismatch in time, the computer can alert the supervisor that the key can a faulty clock or battery. Likewise with the memory in the key. If the data exchange process is not successful, the battery or the memory may be suspect to be faulty, and the computer will display this fault for the user or the supervisor so the battery can be replaced or the key taken out of service.
During service of the key, the vending machine audit data collected by the key is downloaded from the key to the cradle 36, next to the computer memory buffer 64, and last to the database 35 of the computer. The data is managed by the supervisor by allowing each lock serial number to be identified in the database by the customer, location, and/or asset identifier number as previously described is set-up. The software may allow several options for managing this data in the database. This process is executed only one time for identifying the asset number, and one time for each time the vending machine is assigned to a customer or a location. The processes for identifying this data are as follows:
Pop-Up Request Process
The software will provide a menu to select the identification process. Next, a drop down list will list in numerical order all lock serial numbers that are not identified. Next, the user will select the lock that he/she wishes to identify. After selected, a screen is provided to enter the data. Also provided is a field for entering the effective data in case the identification data is entered several days or weeks after the data the data is valid.
This process can also be executed when viewing audit events from the database. In this situation, the lock serial number is displayed to identify the vending machine (in lieu of the vending machine asset number, customer, and location data). By selecting this number from this display position and clicking, the screen to enter the vending machine data will pop-up for ease of data entry.
Automatic process. It is possible for the identification data to be transferred automatically into the lock database. This identification data will be entered separately from another computer and/or database which separately contains the vending machine identification data.
Referring now to
If access data is determined to be new, it is stored in the database 35. Suitable data sorting techniques are preferably used in order to efficiently store this data, and to efficiently retrieve this data in the future, and in the future compare this data to new data collected,. The software shall be configured such that the audit information in the database cannot be modified or deleted, either accidentally or on purpose, in order to preserve the integrity of the security monitoring system. After audit data is stored in the database, certain data sorting techniques are required to make the viewing of the data useful.
The audit trails data may also be printed. In one implementation, the printing options available are “Automatic Audit Printing” and “Print Current Screen.” Automatic printing allows for printing when a key refresh is executed and prints all the new events the key has encountered. The audit screen does not have to be displayed on the computer screen to enable printing.
Limiting Operational Parameters for Keys
Limiting operational parameters are available for keys. To ensure the security of the system, in a preferred embodiment such new limits can be assigned only when the computer is in the Supervisor or Administrator modes.
A “Disable FOB” button 137 is provided in the screen 136 to disable the key at its next refresh. In this regard, if the key reaches any of the limits, it will become disabled. The key will indicate that it is disabled by flashing brightly three times when the key is in the cradle and the transmit button of the key is pressed.
After the new parameters have been stored, prior parameters for this key are also kept in the database for easy viewing. In addition, the time and date of the prior docking event and the parameters can be stored and easily viewed.
Later, in a key refreshing operation, the button of the key is pressed on the key and the limit parameters are loaded into the memory of the key.
It is advantageous to provide the capability of more than one docking station or cradle to service the same keys and vending machine locks. This is accomplished by providing a mechanism for either (1) multiple cradles communicating with multiple databases, wherein these databases would be synchronized and merged from time to time (
Multiple Cradles Communicating with Multiple Databases:
In one configuration illustrated in
Multiple cradles communicating with a single database: In an embodiment of this configuration shown in
Thus, it is a feature of the embodiment to provide multiple cradles with access to the same database and provide a fast refresh time so employees are not delayed waiting for their keys to be refreshed. One mechanism to accomplish this is for each computer 174, 175, 176 to hold a refresh buffer 181, 182, or 183 locally in its PC in order to allow for fast refreshes during busy working hours, and during non-work hours when network traffic is minimized the PC will upload it's data in the database 180 on the network. Also in this example the local PC may use the refresh buffer as a local database, or use a separate database, for holding the key limit data. This allows fast refresh of key limits, and would store the audit trail data in the buffer. A copy of the shared database is downloaded from the shared drive by each station and stored locally. In the case the connection to the shared database 180 is interrupted, each individual station can continue servicing keys without interruption using the local database. In this mode, typically no changes or additions are allowed to the database such as key limits and vending machine information.
Database Compacting and Archive:
Compacting and Archiving of the database are tasks that need to be executed at a frequency dependent on the amount of data that is being added to the database. The more data that is added, the more frequent these task should be executed. In one embodiment, the system allows the user to select an automatic compacting and archiving of the audit trail data. Also allowed is selecting automatic exiting of the software and automatic login of the software at selected intervals.
The system is capable of automatically starting up and exiting from operation on a daily basis. The start and stop times can be pre-determined and entered into the system as a scheduled task.
In an alternative embodiment illustrated in
In another alternative embodiment of the single database configuration illustrated in
An enhanced electronic key may be provided with additional hardware and software features to enhance the security, tracking, audit data control, and assisting of the employee to fill and service the vending machine.
The key 300 includes a two-way communication module 303 with a transceiver 310 for two-way communications with the electronic lock 299 of a vending machine. The key may also include user interface features 304 such as a keypad, touch screen, or buttons with specific functions. An annunciation component 305, such as LCD screen, may be included for displaying key-lock responses, text messaging, email, etc. The key may include another two-way communication component 306 that has a transceiver 311 for communicating wirelessly with a home-base 298.
As a feature of the embodiment, the electronic key 300 may further include a position sensing component 308 for identifying the current location of the key. This component, which may include an antenna 309 and may be internal or external to the key, may be based on one of the positioning systems such as GPS, DGPS, LORAN, etc.
The advantage of including the position sensing system component 308 in the key is that ability to track the location of each key used to access the vending machines. For example, electronic keys that include location tracking would pinpoint the geographical location of each vending machine the user of the key was attempting to access. Thus, and audit event for an access attempt would consist of the user of the key, the key code, the date and time of the attempt, the limits (if any) of the key, the serial or ID number of the vending machine, and the physical location (preferably at least 2-dimensional latitude and longitudinal coordinates, and possibly the third dimensional or altitude coordinate) of the vending machine being accessed. These coordinates could be translated by computer to common street address and location (for example, 100 W. Plainfield Rd, Countryside, Ill., second floor, suite 202).
When an electronic key has the capability of obtaining the location coordinates of a vending machine (either by receiving these coordinates itself by a position sensing system or by communication with a position sensing system at the vending machine location), the previously described step of reading the serial number of the vending machine (with a reader tool, or a bar code reading device, or by the electronic key) and entering the vending machine location data into the computer 32 manually may be eliminated. Since the electronic key will produce or receive the location coordinates at the time it attempts to access the vending machine, this data can be provided to the database as the vending machine location in lieu of a manual entry, which is subject to human error.
An additional benefit of the position sensing feature in the electronic key 300 is the ability to keep track of and/or locate keys if they are lost or stolen. Since this key has the data exchange feature described above, it can transmit its location coordinates to the central or home-base location or to a person possessing a computing device that would receive the location information.
An additional feature of this key 300 is the data transfer capability. In additional to its capability of transferring data in short range to the docking cradle (as described for other keys in this system) this key may be equipped with the capability to transmit and receive data over longer distances. Thus, as a key is being operated the audit data and the vending machine sales and inventory data would be transferred back to a central or home-base location. The enhanced communication capabilities would include text messaging and email in order for the person using the key to send and receive information concerning the route they are working on, changes and additions, reports, etc.
Monitoring and/or Tracking Keys and Other Items
The present invention is directed to a security system and method for monitoring the locations of mechanical keys or other access control devices, and to provide secured storage for the keys. Although the security system and method of the invention are especially advantageous for managing access and use of mechanical keys, they can also be used to monitor and control access to other types of valuable items.
In another implementation based on the embodiment described in
As shown in
The monitoring device 320 is used to monitor, record, and annunciate the location and activity of the devices being monitored, such as the mechanical keys 316. The recording circuit 326 tracks the location of the monitoring device (and thus the location of the keys 316) and records in the memory 328 the locations at different times. Thus, the recorded data provides a history of where the monitoring device 320 and the items attached thereto have been. The recorded data preferably includes the date and time of the sensed locations. In addition, the recording circuit 326 may also record the date and time of any detected activity of the devices being monitored.
To enable the monitoring device 320 to communicate with other devices, the monitoring device further includes a communication port 331 and a transceiver 332, which preferably transmits and receives signals via a wireless band, such as infrared or radio frequency. The communication port 331 allows a computer to download the position and time data from the monitoring device 320 at a convenient time. For example, after a driver for a vending machine route returns to the company at the end of the day, the data from the monitoring device 320 attached to the keys 316 assigned to that driver can be downloaded to a system management station like the one in the embodiment shown in
The monitoring device 320 can also be used to monitor and record other information that may indicate the activities occurring to the items being monitored and whether there have been attempts to tamper with the items. For example, events or conditions that are electronically measurable, such as the motion, temperature, barometer pressure, and ambient light, etc., can be sensed by respective sensors 340 in the monitoring device 320 and recorded for later analysis. Also, if the GPS sensor 322 is not in operation or has been disabled or cannot receive a signal, the monitoring device 320 can rely upon the activity sensors 340 to detect activities or changes of conditions. Thus, in this sense, the activity sensors 340 can be used to supplement the location identification by the GPS sensor 322 to provide more information that can be used to determine what may have happened to the items attached to the monitoring device. The parameters detected by the activity sensors 340 can be recorded locally (i.e., into the memory 328) and downloaded at a later time for analysis. Alternatively, the parameters can be transmitted by the wireless communication component 332 to a remote receiver to provide real-time information about activities concerning or surrounding the devices being monitored.
For purposes of interfacing with a user, the monitoring device 320 has a display 334 for displaying information and a keypad 335 that can be used to enter data and commands. An audio annunciator 336, such as an audio transducer or a buzzer, provides auditory information which may be used to indicate the various states of operations.
In accordance with another aspect of the invention, a security container with an electronic lock system and a closure that may be used to store the mechanical keys or other items in a secured manner to protect them unauthorized access. The security container is configured to ensure that the mechanical keys or other items to be protected are actually present in a secured location within it. The secured container is especially useful for storing items that are frequently taken out from and returned to it. For example, a driver for a given route of vending machines may receive the mechanical keys 316 for accessing the vending machines at the beginning of a workday, and return the keys to the company at the end of the work day by placing the keys into the secured container. The security container of the invention can be advantageously used to store the returned keys and to record the time the keys are returned and the time the keys are taken out again. A detection mechanism of the security container ensures that the keys are actually placed in the container and stay in the container until the next time the keys are taken out.
In one embodiment shown in FIGS. 25A-D, the security container is in the form of a safe 350, and the closure is a drawer 352. The safe 350 is illustrated in FIGS. 25A-D in a top view as a cabinet. The drawer 352 is movable between an open position as shown in
In accordance with a feature of the invention, the security container is configured such that it does not lock up unless the items to be protected are detected in the secured position. This feature ensures that the items to be protected are actually placed in the security container. It prevents, for example, a dishonest employee from pretending that he has returned the mechanical keys assigned to him to the safe 350 by opening and closing the drawers 352 without actually leaving the keys in the drawer.
To detect the presence of the items to be protected, the safe 350 is provided with a detector 356. By way of example, in
On the other hand, if the drawer 352 is closed, but the detector 356 cannot detect the presence of the items 353 inside the drawer, the safe 350 will not lock the drawer, and will not record a locking event. As a result, the items can still be accessed by opening the drawer, and the person attempting the locking event is still responsible for the security of the items as he has no proof that the items has been locked in the safe.
The electronic lock 353 of the safe 350 includes a locking mechanism 364 controlled by a lock control circuit 363 as shown in
To detect the presence of the items to be protected, the safe lock control circuit 363 further includes a detector 356, which may be placed together with the rest of the circuit or at a separate location in the safe, depending on the detection mechanism used and the physical layout of the safe. Returning to
Various ways may be used by the detector to detect the items to be protected. For instance, the detector may use optical sensors to detect the presence of the items.
Alternatively, in a preferred embodiment, the detector may cooperate with an identification device attached to the items 353 to facilitate the item detection. The identification device may transmit signals, interact with the detector via two-way communications, or otherwise enable the detector to determine its presence. Since the identification device is attached to the items to be protected, the detection of the identification device by the detector is an indication that the items to be protected are also present in the secured location. The identification device may be attached to the items to be protected by different ways, such as by means of gluing, strapping, mechanical fastening, chaining, etc., to provide a reliable association between the items 353 and the identification device.
In the embodiment shown in FIGS. 25A-D, the identification device is a transponder 390 attached to the items 353 by means of an attachment device 351, such as a ring. The transponder 390 may be an item different than the items 353 to be protected, or may be built into the items to be protected. The transponder 390 may transmit and receive signals to and from the detector 356 to allow the detector to sense its presence. The communications between the detector and transponder may be implemented in different ways, such as via a cable or through wireless transmissions in infrared or radio frequency. To enhance the security of the system, the communications may be encrypted, using encryption codes stored in the lock memory 382 and the transponder 390. The use of encrypted transmission would prevent a dishonest person from creating a fake locking event by placing an unauthorized transponder in the safe to deceive the detector.
In this regard, the transponder may be a part of an electronic key similar to the electronic keys for vending machines as in the embodiments described earlier. The electric key may be, for example, put on the same key ring with the mechanical keys. When the keys are moved to the secured position, the detector 356 communicates with the electronic key to determine that a valid transponder has been put in the secured position, and then locks the drawer 352 so that the electronic key with the mechanical keys attached to it are locked in the secured position.
Optionally, a location identification device, such as a GPS device, may be attached to the items to be protected to allow detection of the location of the items in the safe. This location identification device may be integrated with the transponder 390, or may be a separated device. For example,
In accordance with a feature of the invention, to prevent falsification (or “spoofing”) of item detection, it is advantageous to make the communications between the detector and the transponder short-ranged or directional, so that the detector can detect the presence of the transponder only when the transponder is placed in the secured location in the security container. For example, in the embodiment in
One example of preventing such deceptive tricks is to develop the communications between the detector and the transponder to be optical in nature so as to be highly directional. For instance, the transmission of the signals may be in the infrared band, and the detector may be located such that it can only receive or transmit signals over a very narrow angle. Another example is to set the power of communications between the detector 356 and the transponder 390 such that the communications are short in range, thus preventing the reception of deceptive signals sent over a long distance. This can be accomplished by either reducing the transmission powers of the detector 356 and transponder 390, or reducing their reception sensitivity. In this regard, the effective detection range for the detector 356 to sense the presence of the transponder 390 should be set according to the distance from the detector to the expected storage location of the items in the safe. For instance, for a small safe less than 1 cubit-foot in volume, a short detection range of several inches may be used, while in a large safe the detection range should be increased accordingly while still kept sufficiently short to prevent the detector from being able to sense the transponder when the latter is outside the safe. The high directionality of the transmission can be combined with the short communication range to enhance the effectiveness of the spoof prevention.
Once the presence of the items 353 to be protected in the secured location is detected, the electronic lock control circuit 363 actuates the lock 355 of the safe 350, thereby locking the items inside the safe. As part of the locking operation, an audit trail record is created for the storing and locking event. The audit trail data can be produced and stored either at the beginning or at the end of the lock event, and typically may include the time and date of the event. If a location device, such as a monitoring device 320 with a GPS sensor, is attached to the items, the location data can also be stored as part of the audit trail record. The audit trail record may be stored into the memory 382 of the lock control circuit of the safe. Alternatively, the audit trail record may be stored into a memory of the monitoring device 320, if the transponder is part of the monitoring device.
The detector 356 can monitor the item being locked in the safe before, during, and after the locking event to confirm that the items 353 are indeed in the safe when the safe is locked. After the items 353 are successfully locked in the safe, it may be advantageous to constantly or intermittently confirm that the items remain in safe while the safe is locked. For example, this may be accomplished by (a) the detector 356 maintaining constant or intermittent detection of the transponder 390, (b) the transponder maintaining constant or intermittent signaling to the detector, or (c) the transponder maintaining constant or intermittent detection of the detector. This feature will further discourage a dishonest person from rigging up an apparatus to trick the safe into locking without the items in it, because even if the safe can be somehow tricked into locking, the subsequent reconfirmation operation will show that the items are actually missing from the safe, and as a result audit trail records will be logged to alert an auditor of the records the breech of security.
Optionally, a monitoring device 320, like the one used in embodiment of
If at any time the communication between the detector and the transponder is lost or missing after the safe is locked, the electronics of the safe lock may log an audit trail record to indicate that event. Alternatively, if the transponder is part of the monitoring device 320 or has a communication link with the monitoring device, the monitoring device may log an audit trail record in its memory if the communication link between the detector and the transponder is broken. In addition, the safe lock electronics 363 or the monitoring device 320 can transmit an alarm signal, such as an audio alert signal for alerting a local user or a wireless signal transmitted to a remote monitoring station, to indicate a possible breech of security.
To determine the timing of the access/locking events for generating the audit trail data, the lock control circuit 363 may include a clock 386. The clock is optional because the time information may be provided by the transponder 390, and/or by an external assess control device such as the electronic key 358 used to access the safe, and the time data may be transferred to the electronic lock circuit 363 of the safe during a communication event. Thus, the safe is not required to keep and maintain a clock in its electronic lock control circuit.
The transponder 390 and the electronic key 358 used to access the safe need to be synchronized or linked to the safe lock, so that duplicate devices (i.e. other transponders or keys) cannot be substituted in their place to overcome the security of the system. To that end, in one implementation, each transponder contains a unique identification (ID) code, such as a serial number. This unique ID code is “learned” by the electronic lock circuit of the safe during a setup operation, in which the ID code is transferred to the lock circuit and stored in the lock memory. Similarly, another unique ID code is assigned to the electronic key 358, and that code is also transferred to the lock memory during the setup operation. The code transfer process may be initiated by the user pressing a learn button 385 to put the lock control circuit 363 in a learn mode, and the electronic key and transponder are then actuated to wirelessly transmit their access codes, including the respective ID codes, to the lock circuit. Alternatively, the access codes of the electronic key and transponder may be transferred to the lock control circuit of the safe via the communication port 394. Alternatively or additionally, it is also possible to synchronize or link the transponder and the electronic key to the safe lock by transferring the codes from the safe lock to the transponder and the electronic key.
Thereafter, the ID codes learned into the lock memory will allow the safe lock control circuit to work only with those particular devices identified by those codes. When the detector 356 receives transmissions from a transponder 390, the lock control circuit compares the ID number in the received transmissions with the ID numbers stored in the lock memory. If no match is found, it is an indication that an unauthorized transponder is being used, and the safe will not trigger a locking event. In addition, the safe stores an audit trail record in the memory to indicate the detection of an unauthorized transponder. In this regard, the safe may store in the lock memory an audit trail record each time it detects a transponder when it is in the unlocked state, regardless of whether the transponder has been properly registered with the lock circuit.
In accordance with a feature of one embodiment of the invention, the safe is provided with the capability to display or read out from the lock electronics information regarding the items locked inside the safe. The information to be read out may be, for example, a code, ID number, or name associated with the transponder that is attached to the items being protected. The information display may use the display component 334 of the lock control circuit, while the information readout may be through the communication port 331 or the wireless communication component 332. This feature is useful in a situation where a plurality of these safes are at a location and a person wants to retrieve a particular item but cannot tell which safe contains that item. Displaying or otherwise providing the information identifying the contents of the safes eliminates the need for the user to resort to the trial-and-error process of unlocking the safes until the item is found.
When a user wants to retrieve the items 353 stored in the safe, he needs to use an appropriate access control device to unlock the safe. For example, the safe lock may interface with an electronic key 358 similar to the way an electronic key is used to access vending machines as described in earlier embodiments. The electronic key 358 can be used to receive from the safe lock the audit trail records stored in the lock memory 328, and store the retrieved records in its own memory. Later, as shown in
In an alternative embodiment, the operation of the external electronic key 358 can also be used to trigger the locking operation of the safe once the items are placed in the secured location. The user first places the items to be protected at the secured location where the detector can detect the presence of the transponder attached to the items. In the embodiment shown in
In another embodiment of the invention, the lock control circuit is configured to provide enable and disable signals for an external device depending on the status of the safe. For example, in a vending route drive application, mechanical or electronic keys are given to the driver of an assigned route. The safe 350 may be placed inside the vehicle 391 driven by the driver for temporary storage of the keys 392 when the driver moves from one vending machine site to the next. In that case, the safe lock circuit 363 may be configured to transmit signals 393 to the ignition control circuit 394 of the vehicle to enable or disable the ignition of the vehicle. When the driver arrives at a vending machine site, he unlocks the safe 350 to take the vending machine keys 392 out of the safe so that they can be used to access the vending machines. In response to the unlocking event, the safe lock circuit 363 transmits a disable signal to the vehicle ignition control circuit 394 to disable the ignition. Later, when the driver returns the keys 392 to the safe, the safe lock circuit determines that the keys are indeed put back in the safe, locks the safe, and then transmits an enable signal to the vehicle ignition control circuit 394 to enable the ignition. The route driver can then start the vehicle 391 and drive it to the next vending machine site. Since the ignition is disabled if the keys are not in the safe, the route driver will not be able to operate the vehicle unless the keys are returned to the safe. In this way, if the driver forgets to take the keys after accessing the vending machines, he will be reminded of it since the vehicle will be inoperable.
In an alternative embodiment designed for securing mechanical keys, in addition to using a transponder 390 to facilitate detection of the keys in a security container, mechanical means is used to further ensure that the mechanical keys are properly placed inside the security container. As shown in
Preferred embodiments of this invention are described herein, including the best mode known to the inventors for carrying out the invention. Variations of those preferred embodiments may become apparent to those of ordinary skill in the art upon reading the foregoing description. The inventors expect skilled artisans to employ such variations as appropriate, and the inventors intend for the invention to be practiced otherwise than as specifically described herein. Accordingly, this invention includes all modifications and equivalents of the subject matter recited in the claims appended hereto as permitted by applicable law. Moreover, any combination of the above-described elements in all possible variations thereof is encompassed by the invention unless otherwise indicated herein or otherwise clearly contradicted by context.