Publication number | US3846622 A |

Publication type | Grant |

Publication date | Nov 5, 1974 |

Filing date | Sep 29, 1972 |

Priority date | Sep 29, 1972 |

Publication number | US 3846622 A, US 3846622A, US-A-3846622, US3846622 A, US3846622A |

Inventors | M Meyer |

Original Assignee | Mosler Safe Co |

Export Citation | BiBTeX, EndNote, RefMan |

Patent Citations (13), Referenced by (31), Classifications (8), Legal Events (3) | |

External Links: USPTO, USPTO Assignment, Espacenet | |

US 3846622 A

Abstract

An access control system is described for permitting authorized persons to enter restricted areas. Each authorized person is issued a card with a multi-bit number coded thereon in machine readable form. At the time he is issued the card, the authorized person is also given a number to be memorized. When the authorized person seeks to enter a restricted area, he places his card into the access control system which reads the machine readable number from the card and transforms the card number by a transformation means into a transformed number. The transformed number is formed in two parts, the first part being formed by interacting some card number bits with selected, but fixed, machine-generated bits. The second part of the transformed number is formed by interacting the remainder of the card number bits with a first part of the transformed number which was obtained by interacting card number bits and fixed bits. The two parts of the transformed number are then compared with the memorized number which is entered into a system keyboard by the person seeking to enter the restricted area. If a favorable comparison occurs between the entered memorized number, a signal is produced to permit the person to enter.

Claims available in

Description (OCR text may contain errors)

United States Patent Meyer [4 Nov. 5, 1974 1 ACCESS CONTROL APPARATUS Prima ExaminerDar l W. Cook 7 l 1 Y 5] mentor R Meyer Cmcmnau Ohio Attorney, Agent, or FirmWood, Herron & Evans [73] Assignee: The Mosler Safe Company,

Hamilton, Ohio 57 ABSTRACT 22 i d; Sept 29 1972 An access control system is described for permitting l authorized persons to enter restricted areas. Each au- [2 1 Appl- 293,595 thorized person is issued a card with a multi-bit number coded thereon in machine readable form. At the 52 5 CL 235 1 7 3 340 149 235 1 11 1 time he is issued the card, the authorized person is Int. Cl. G07f 7/02, H04q 5/02, G06k 7/08,

References Cited UNITED STATES PATENTS also given a number to be memorized. When the authorized person seeks to enter a restricted area, he places his card into the access control system which reads the machine readable number from the card and transforms the card number by a transformation means into a transformed number. The transformed number is formed in two parts, the first part being formed by interacting some card number bits with selected, but fixed, machine-generated bits. The second part of the transformed number is formed by interacting the remainder of the card number bits with a first part of the transformed number which was obtained by interacting card number bits and fixed bits. The two parts of the transformed number are then compared with the memorized number which is entered into a system keyboard by the person seeking to enter the restricted area. If a favorable comparison occurs between the entered memorized number, a signal is produced to permit the person to enter.

9 Claims, 3 Drawing Figures ales-" a Evensen 178/17 Enikeieff 340/149 A Mathews 221/2 Riddle 235/61.1l D Boss 235/61.7 B

Goldman 235/61.7 B

Nagata 235/61.7 B Hudson 235/61.7 B Goldstein.... 340/149 A Yamamoto 235/61.7 B Snook 235/6l.12 M Hicks 235/61.11 D Hoffer 235/61.7 B

26 z wwwwit...1: CARD NUMBER REGISTER 1.352s V8228" j w 1 FIRST NUMBER r -'4 FIXED 10 NUMBER [i TRANSFORMER J4 GENERATOR TRANSFORMER j+ NUMBER NUMBER PERMI'EFACCESS COMPARE EQUAL ATENIEUR W 3846-522 ml 1W 2 136 c lo lmc '53 CARD CARD NUMBER REGISTER 25 FIRST NUMBER F -F FIXED j SECOND NUMBER TRANSFORMER 5 g' fgfi IJ'TRANSFORMER 4a 435 J Mn 51R12 FL. .1 L.. /4 TRANSFORMED-TRANSFORMED I j+ NUMBER NUMBER KEYBOARD L PART I l PART 2 J 4 I COMPARE CIRCUIT it?! Eil iiw PERMIII'FACCESS RE E UAL M COMPA Q M c, c cgcgc 'c c;c'cgc'c'c' F F F F IIIEIIIEIIII0'I 19/ 8,846,622

WI 2 8F 2 MEMORIZED FIXED Zfl/ NUMBER W w ,a/4 CAR NUMBER I j COMPARE cggcgp J I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I ACCESS CONTROL APPARATUS This invention relates generally to access control systems and, more specifically, to control systems for assuring that only authorized persons are permitted access to a restricted area.

For instance, security and numerous other reasons, manufacturers and others have found it desirable, if not necessary, to limit entrance into their facilities to authorized personnel. The dangers of unauthorized entry into such facilities are quite numerous. For example, a manufacturer may be involved in producing products of military importance. The military secrets involved in such manufacture must be maintained in confidence and positive measures must be taken to prevent disclosure of these secrets to unauthorized persons. Besides secrecy, access to certain manufacturing areas often must be limited for safety reasons because large and dangerous machinery located within a restricted area may injure persons unfamiliar with such machinery. in other manufacturing operations, a manufacturer may be producing a product by a secret process, the secrecy of which he desires to maintain. By preventing unauthorized entry into such manufacturing areas, disclosure of the secret process is made unlikely.

In order to assure that only authorized persons enter restricted areas, many approaches have been tried. One common technique used by manufacturers has been to employ a security guard to check identification cards of personnel entering the restricted area. The success of such an approach, however, depends upon the conscientiousness of the guard himself. During periods when large numbers of employees are entering or leaving a restricted area, for example, when a work shift changes, the guard may become somewhat lax and fail to recognize that an unauthorized person has entered the restricted area.

To overcome the possibility that a security guard might fail to notice an unauthorized person entering a restricted area, numerous mechanical devices have been devised in an attempt to remove the possibility of human error. These mechanical devices frequently employ a card, a coded badge, or other identification device for identifying authorized personnel. When the apparatus determines that the card, badge, or other device is of an acceptable form, the apparatus automatically opens a door or, in some other manner, permits access to a restricted area. This approach, however, does not prevent access to a restricted area by a person who has obtained the card or badge of another by some unauthorized means. In fact, neither the security guard nor the mechanical systems of the type described is capable of detecting an individual attempting to enter a restricted area with an identification means obtained by unauthorized methods.

In an effort to prevent unauthorized persons from entering restricted areas with illictly obtained identification means, additional identification checks have been provided in various automated access control systems. These checks generally include a test on a memorized number which is entered via a keyboard by the person seeking admittance to the restricted area and a test on an identification card entered into a card reader. In some systems, the card number and the memorized number are compared and if identical to each other, the access control apparatus will permit the individual to enter the restricted area. This approach,

like previous approaches, is not completely foolproof because an unauthorized person can learn the memorized number directly from the card itself. Consequently, access by unauthorized persons to a restricted area is not completely avoided by this approach.

In an attempt to prevent unauthorized persons from learning the secret number from the card itself, various other methods have been tried which include scrambling the data on the card. in such systems, the apparatus that reads the card number also unscrambles the card number according to a fixed unscrambling method to generate a secret number for comparison with a memorized number entered by the card holder. A favorable comparison of the memorized with the unscrambled number is operative to permit access to a restricted area. Other systems have generated secret numbers from card numbers by first coding card data in the form of many data words, each word containing as many digits as there are digits in a memorized number known by the authorized card holder. Each digit of the system-generated secret number is formed by adding like digit positions of each word coded on the card, ignoring carries to form a sum digit. All of the sum digits, when combined, comprise the generated secret number which is then compared with the entered memorized number. As with other systems, a favorable comparison between the memorized and generated secret numbers will permit access to the restricted area.

The foregoing approaches have not been successful in preventing unauthorized access to restricted areas. The primary reason for this fact is that the methods for generating the secret number from the card is relatively simple to determine once a card is obtained and the memorized number assigned therewith is known. These identified prior art methods for generating a secret number usually produce secret numbers where a single digit change in the card number will only cause a single digit change in the associated generated secret number. This makes the secret number generating method relatively easy to determine. in addition, these prior art methods are entirely dependent on the data on the card itself to generate the secret number. This means that a person intent on compromising the system need only obtain relatively few card numbers and their associated memorized numbers to accomplish this objective.

With the foregoing in mind, it is a primary object of this invention to provide an access control system, which is difficult to defeat, of the type which requires entry of a specified number from memory before the holder of a card bearing a different number is permitted entry.

This object has been achieved by incorporating in the access control apparatus a number transformation circuit which operates on the card number prior to its comparison with the memorized number in a manner which is extremely difficult to determine from knowledge of a limited number of card numbers and their associated memorized numbers. More particularly, the invention contemplates transforming the multi-bit card number in two distinct steps wyich are then combined to form a composite transformation of the card number for comparison-with a manually entered memorized number. In accordance with the first step of the card number transformation, certain bits of the card number are interacted with fixed data to form a first multi-bit component of the transformed number. The bits of this first transformed number component are also interacted with the remaining bits of the card number, to form a second multi-bit component of the transformed number. The two transformed number components are thereafter combined and the combination compared with the memorized number manually entered by the card holder. If the comparison is favorable, the holder is permitted entry.

In one preferred form of the invention the interaction scheme, or algorithm, utilized in generating the second transformed number component is invariant from card to card. However, in another embodiment of the invention, the interaction algorithm for the second transformed number component is a function of the card number itself and hence varies from card to card. With either embodiment, a highly defeat-resistant access control system is provided. An important advantage of this invention, and one significantly contributing to its defeat-resistance, is that in most instances alteration of even a single bit of the card number produces a change in a multiplicity of the bits of the transformed number and in turn the memorized number to which it must compare if access is to be permitted. Thus, even though two card numbers may differ by only a single bit, their corresponding memorized numbers will differ markedly, increasing the difficulty of defeat.

The foregoing and other objects, features and advantages of this invention will become more clear from the following detailed description of a preferred embodiment of the invention taken in connection with the drawings wherein:

FIG. 1 is a system diagram showing the functional units in the access control apparatus;

FIG. 2 is a detailed circuit diagram for a preferred transferred transformation number generator including two data transformers; and

FIG. 3 is another preferred secret number generator where the generated number is formed by a data transformer which has a changeable data transformation function which depends on the card number itself.

Generally, the access control system of the present invention includes a card given to each authorized person. The card 10 has a multi-bit number coded thereon in machine-readable form along a strip 12. The card number may be an employee number, a social security number or some other number usually uniquely assigned to the individual. When the card is issued, the individual is given a multi-digit memorized number for use with the card in the access control system. When seeking entrance to a restricted area, the card holder places his card 10 into a card reader 14. At the same time, he enters his memorized number on a keyboard 16. The card number is transformed by a transform algorithm in accordance with the method of this invention into a transformed number which is indeterminate from the card number alone. The transformed number is compared with the memorized number in a compare circuit 20, a favorable comparison producing a signal to open a door or otherwise permit access to a restricted area.

Referring now to FIG. 1 in greater detail, a schematic diagram of the access control system of the present invention is shown. A card 10 with a data-carrying portion 12 is provided each authorized user. The card 10 is made of any suitable material including plastic, cardboard, rigid paper, metal or other suitable material and is preferably of the size and shape of a conventional credit card. The data-carrying portion 12 may be in the form of embossing, holes punched through the card, magnetically encodable material on the card itself or any other suitable machine readable means for carrying a multi-bit card number. In a preferred embodiment, the multi-bit card number comprises 12 binary bits C 1, C2, C12. A card reader 14 is provided to read the multi-bit card number C1, C2, C12 from the card 10. The card reader 14 is itself well known and is adapted for reading the particular form of data coded on the cards accepted by the system.

When a card 10 is inserted into the card reader 14 through an entry slot 22, the card reader will read the multi-bit card number C1, C2, C12 from the data carrying portion 12 and convert it into binary signals for transmission to a register 26 over line 24. In the preferred embodiment, the multi-bit card number C1, C2, C12 is stored in twelve storage sections or stages C1, C2, C12 of register 26, with one card number bit stored in each stage. It will be recognized by those skilled in the art that the multi-bit card number C1, C2, C12 and the register 26 can take other forms. For example, the card number might be a multi-digit number in binary-coded-decimal form or other forms or may comprise a multi-bit number with either more or less than 12 bits.

After the multi-bit card number C1, C2, C12 has ben read from the card 10 into the register 26, the stored card number bits C1, C2, C12 are available for transformation according to the number transformation method and apparatus of this invention. The number transformation method includes selecting it bits 5,, S S,, from the register 26, where n is a num ber less than the number of stored card number bits C1, C2, C12. The selected bits 5,, S S,, are transmitted over a line 28 from the register 26 to a first number transformer 30. A fixed number generator 32 is provided to generate a selectable, but fixed, multi-bit number for transmission over a line 34 to the first number transformer 30. In a preferred embodiment, the fixed number generator 32 generates four hits F,, F F F These bits are produced by connecting each wire of line 34 to a signal source, such as an electrical ground or other voltage source, via a settable switch or the like. Each switch setting is selected by the system owner and is dependent of the card number assigned. The selected card number bits from the register 26 input to the first transformer 30, in this example there being four such bits 8,, S S, corresponding to the four fixed bits F F F and the fixed number bits F,, F F F, from the fixed number generator 32 are transformed by the first number transformer 30 is accordance with the transformation method of this invention to form a multi-bit first component T T T;,, T, of a transformed number T,, T T,,. The first component of the transformed number T T T T, is transmitted over a line 36 to the compare circuit 20 and comprises four of the transformed number bits T,, T T,, which are to be compared with the memorized number. Preferably, the transformed number has twelve bits T T T corresponding to the twelve bits of the card number.

The first component of the transformed number T,, T T is also transmitted over a line 38 to a second number transformer 40. The remaining bits of the card number C1, C2, C12 stored in register 26, that is, those not selected for input to first number transformer 30, are selected and transmitted over a line 42 to the second number transformer 40. These remaining bits which are selected, designated S S S and the first component T1, T T of the transformed number T T T are transformed in accordance with the method of this invention to form a second multi-bit component T T T of the transformed number T T T The second multi-bit component of the transformed number T T T is placed on a line 44 for transmission to the compare circuit 20.

As described earlier, the individual seeking access to a restricted area will place a card into a card reader. At the same time he will enter a memorized number on the system keyboard 16. The memorized number, in the preferred embodiment, comprises a four digit octal number M M M The keyboard converts the memorized octal number M M M into twelve binary-coded-octal bits M(0) M(0) M(0) The twelve bits M(0),, M(0) M(0), corresponding to the memorized octal number M M M M, are transmitted over a line 46 to the compare circuit 20.

The compare circuit itself comprises, in a preferred embodiment, a plurality of circuits for comparing each bit of the transformed number T T T with its respective memorized number counterpart bits M(0),, M(0) M(0), A typical compare circuit 20 may comprise, in part, 12 two-input EXCLUSIVE-OR elements for comparing the 12 bits of the transformed number T T T with the 12 bits of the memorized number M(0) M(0) ...M(0), If each EXCLUSIVE- OR element detects an identity between a transformed number bit and a memorized number bit, a signal is generated by the compare circuit to permit entrance into the restricted area, it being assumed that a person entering the correct memorized number associated with a given card is an authorized person.

Referring now to FIG. 2, an actual circuit is shown for an access control system which transforms card number bits C1, C2, C12 according to the method of this invention into transformed number bits T T T for comparison with a manually entered multi-bit memorized number M(0),, M(0) M(0) The card number bits C1, C2, C12 are read by a reader into a card number register 60, each data bit filling one of the data bit positions labeled Cl through C12,

A second register 62 is provided to store the memorized number bits M(0),, M(0) M(0), corresponding to the four memorized number digits M M M entered into the keyboard which have been converted by the keyboard into binary-coded-octal format. These binary-coded-octal memorized number bits M(0),, M(0) M(0), are stored in register 62 in bit posillOnS labeled M(0)],, M(0)2', M(0)12'.

The fixed number generator 32 maycorrrpri afour bit register 64 wiurraur'sii'sasrtrons labeled F F F and F Each bit position of this register 64 is settable to a predetermined bit value, either a 0 or 1. Alternatively, the fixed number generator 32 may comprise a plugboard with outputs F F F and F, selectively connected to a signal representing either a 0 or 1. The actual binary bits F F F F, for the fixed number register 64 is selected by the system owner and this setting is independent of the card numbers assigned.

The first data transformation means 30 comprises four EXCLUSIVE-OR circuits 70, 71, 72 and 73. Each of these EXCLUSIVE-OR circuits has two inputs, one input having a signal thereon representing the binary value of a fixed number hit F F F F and the other input having a signal thereon representing a selected bit 5,, S S S for the card number stored in register 60. EXCLUSIVE-OR circuit 70, for example, has one input connected by a wire 66 to the F bit position of the fixed number register 64. The other EXCLUSlVE- OR circuit 70 input is connected by a wire 68 to bit position C3 in register 60, the signal wire 68 representing the selected bit 8,, In a similar manner, the remaining EXCLUSIVE-OR circuits 71, 72 and 73 have one input wired to a fixed number data bit position F F or F and have the other input wired to other selected bit positions in the card number register 60 corresponding to selected bits S S and 5,.

As described in connection with FIG. 1, the first data transforming means 30 has an output which forms a first part of the transformed number T T T T The EXCLUSIVE-OR circuits 70, 71, 72 and 73 which comprise the first number transformer 39 each have outputs wired by output wires 74, 75, 76 and 77, respectively, to the compare circuit 20. As hereinafter explained, the signals on the wires 74, 75, 76 and 77 (T T T T are compard with signals from certain bit positions in-the memorized number register 62 to determine if the memorized number bits are the same as the bits comprising the first part of the transformed number T T T T As earlier mentioned, the first portion T T T T, of the transformed number T T T are also input to the second number transformer 40. In FIG. 2, connecting wires 100, 101, 102, or 103 connect the first part T,-T of the transformed number T,-T, with the second number transformation means 40. The card number bits not used to generate the first part of the transformed number T -T, are selected and comprise the remaining inputs S S S to the second number transformation means 40.

The second number transformation means 40 includes a first set of EXCLUSlVE-QR circuits 104, 105, 106 and 107 each having two inputs and one output. One input of each EXCLUSIVE-OR circuit 104-107 is wired by the wires 100, 101, 102, and 103 to the output of the first number transformer 30, these wires having signals thereon representing transformer number bits T,, T T T The second input of each first set of EX- CLUSIVE-OR circuits 104-107 is wired to a previously unselected card number bit position in register 60. The output of each first set EXCLUSIVE-OR circuit 104-107 is wired to an input of the input of the compare circuit 20 and comprises a portion of the second part of the transformed number bits, namely, bits T T T T,, which are generated by transforming the first part of the transformed number, namely, bits T T T T, with selected card number bits S S S S The remainder of the second part of the transformed number T T T T, is generated by a second set of EXCLUSIVE-OR circuits 110, 111, 112 and 113, each circuit having two inputs and one output. One of the two inputs for each second set EXCLUSIVE-OR circuit 110-113 is wired by a connectin wire to the output of a first set EXCLUSIVE-OR circuit, namely, output bits T T T T The other input of each second set EXCLUSIVE-OR is wired to selected bit positions 5,, S S 5, in the card number register 60. The output of the second set EXCLUSIVE-OR circuis 110-113, as stated, comprises the remainder T T T T of the second part of the transformed number bits. The first part and the second part of the transformed number comprise the whole transformed number T T T Summarizing, the first part T -T of the transformed number T T is formed by interacting selected card number bits 8,, S S S, from the card number register 60 with selectable, but fixed, system number bits F F F F, from the fixed number register 64. The second part of the transformed number comprises bits T T T formed by interacting transformed number bits T- 4 with selected card number bits 8 -5 Because of the method used to form the transformed number, each transformed number bit T T T T is a function of one fixed number bit and at least one card number bit. The fact that each transformed number bit is formed in part by interaction with a fixed number bit is the primary reason why the transformed number bits T T T cannot easily be determined by unauthorized persons from the card number itself.

The compare circuit has been described in part earlier, and comprises a plurality of EXCLUSIVE-OR circuits 114-125 for comparing bits T T T T from the data transforming means 30 and the bits T T T from the second data transforming means 40 with the binary-coded-octal memorized number bits M(0),, M(0) M(0) stored in register 62. Each such EX- CLUSIVE-OR circuit has two inputs and one output. One input of each EXCLUSIVE-OR circuit 114-125 is wired to one bit position M(0) M(0) M(0),- in the memorized number register 62, while the other input is wired to one EXCLUSIVE-OR circuit outputs 74-85 representing transformation bits T T T The output of each EXCLUSIVE-OR circuit 114-125 is wired to the input of an AND circuit 130. When all memorized number bits M(0) M(0) M(0), correspond to all transformed number bits T T T the outputs of all the EXCLUSIVE-OR circuit 114-125 will have a signal thereon representing a binary 1. When all the outputs of the EXCLUSIVE-OR circuits 114-125 are a 1, the AND circuit 130 will produce a signal indieating all the transformed number bits T T T are identical to the memorized number bits M(0),, M(0) M(0), This condition is presumed to indicate that an authorized person seeks entry to a restricted area and he should be admitted because he knows the proper memorized number associated with the number coded on his card.

While the foregoing discussion of FIG. 2 has been made with particular emphasis on the specific wiring shown, it will be clear to those of skill in the art that the connecting wires between the various circuits may be changed so that the logical transfer function, or algorithm, defining any given transformed number bit can be different than described. Consequently, the data transformation of the first and second data transformers can be quickly modified by simply changing the wiring. This is highly advantageous for security reasons because it may become necessary to alter the number transformation algorithm at a given installation because some unauthorized person has obtained a card and learned the memorized number associated therewith. Of course, the same result can be achieved by changing the fixed number generator.

While the above description has disclosed a comparison circuit which comprises an exact comparing network, other forms of comparing circuits are equally usable. Such other possible compare circuits might determine whether there is a predetermined relationship between the transformed number and the keyboard entered memorized number. For example, the transformed number and the keyboard-entered memorized number could be added together to form a sum for comparison with a constant number. If the sum equals the constant number, a predetermined relationship exists between the memorized number and the card number and a favorable compare signal would be produced to permit access to the restricted area.

Referring now to FIG. 3, another number transformation network is shown for transforming card number bits C1, C2, C12 into a transformed number bit T T T for comparison with a keyboard entered memorized number M M M M represented by binary-coded-octal bits M(0) M(0) M(0), This logic network generates two different groups of transformed number bits. The first group of transformed number bits is generated by transforming the card number bits with fixed machine generated bits. A second group of transformed number bits is generated by transforming the remaining card number bits with transformed number bits. In fact, some of the transformed number bits in this second group of bits are generated by this network from previously generated transformed number bits in the same group. This is possible because there are multiple feed-back paths within the second data group transformer shown in FIG. 3. As such, the second data group transformer forms a first sub-group of transformed number bits by transforming the first group of transformed number bits with selected card number bits. Further sub-groups of the second data group transformer are formed by transforming first sug-groups of transformed number bits with card number bits.

The card number read from a card, in the preferred embodiment of FIG. 3, comprises a twelve bit number C1, C2, C12 stored in a register 200 which includes twelve individual bit storage positions labeled C,, C C Each bit position for register 200 is connected by a wire to the number transforming network shown within the rectangular area enclosed by block 201.

A second set of inputs to the transforming network 201 comprises settable, but fixed, data from a fixed data generating means (not shown) which produces bit signals F F F F representing fixed data on the fixed data bit input lines labeled F F F and F The fixed number input bits F F F F are transformed with the card number bits C1, C2, C12 stored in register 200 in accordance with the number transforming method of the invention to form transformed number bits T T T output on twelve output lines 202-213. These output lines 202-213 comprise twelve input signals to a comparing circuit enclosed within block 214 which is constructed identically to the compare circuit 20 in FIG. 2. The other twelve inputs to the comparing circuit 214 are labeled M(0),, M(0) M(0) and comprise wires having signals thereon representing the memorized octal number M M M M (in binary-coded-octal format) entered on a system keyboard by the person seeking entry into the resticted area. If the binary-coded-octal keyboard memorized number M(0) M(0) M(0) is identical to the transformed number T,, T T the comparison circuit 214 generates a signal indicating that the keyentered memorized number M M and the transformed card number C1-C12 compare favorably because they are equal to each other, the generated signal being operative to permit access by the card holder into the restricted area.

Referring in greater detail to the circuit shown in FIG. 3, the fixed, machine-generated number F F F;,, F, is carried on the four lines F F F and F Each of these input number lines forms one input to an EX- CLUSlVE-OR element 220, 222, 224 or 226. The second input for each of these EXCLUSIVE-OR elements 220, 222, 224 and 226 is connected to one bit position in the card number register 200, namely, bit positions C12, C10, C7, C5, respectively. The output of each EXCLUSIVE-OR element 220, 222, 224 and 226 is connected to an output line 213, 211, 208, and 206, respectively. These output lines 213, 211, 208 and 206 have signals thereon which represent the binary value for the first group of the transformed number bits T T T T which is generated by number transforming networks within block 201. The transformed number bits T T T and T therefore are formed in the circuit of FIG. 3 in the same manner as transformed number bits T T T T, are formed in the circuit of FIG. 2.

The remainder of the transformed number bits T T T T T T T T formed by the number transformer 201 in FIG. 3 are formed in a somewhat different means than those formed by the circuit in FIG. 2. To better understand this somewhat modified circuit, the operation of the number transforming network 201 is now described. The number transforming network 201 comprises three selector circuits 230, 232, and 234 and additionally includes two EXCLUSIVE-OR elements 236 and 238. The EXCLUSIVE-OR elements 236 and 238 each have one input connected directly to one bit positon C and C in the card number register 200. The other input for these EXCLUSIVE-OR elements 236 and 238 comprises one output from one of the selector circuits 230 and 234. The output of these EXCLUSIVE-OR circuits 236 and 238 are connected to number transforming second output lines 205 and 209 and constitute transformed numbers T and T Each selector circuit 230, 232 and 234 comprises three EXCLUSIVE-OR elements each having an output connected to one of the number transforming network output wires and additionally two such EXCLU- SlVE-OR outputs form inputs to a set of four AND circuits which steer the transformed bits through a feedback network which is controlled by the binary value of bits stored in selected bit positions of the card number register 200. The AND circuit output for each selector circuit 230, 232, 234 is wired to an OR element whose output is connected to either a selector circuit input line or one of the EXCLUSlVE-OR circuits 236 or 238.

Since each selector circit 230, 232 or 234 has identical internal wiring, only selector circuit 230 will be described in detail. Three card number bit input wires 240, 242 and 244 are provided and are connected directly to three of the card number bit storage positions in register 200, namely, card bit storage position C C C These card number inputs 240, 242 and 244 each connect to one input of the EXCLUSIVE-OR elements 246, 248 and 250. The second input 252, 254 or 256 to each of these EXCLUSIVE-OR elements 246, 248 and 250 comprises feedback inputs which are connected to selector circuit outputs. The EXCLUSIVE- OR element 248 has an output connected directly to the number transforming network output line 203. The

other EXCLUSIVEOR elements 246 and 250, however, have these outputs connected to the number transforming network output lines 202 and 204, respectively, and also connected to one input of two AND circuits, the output of EXCLUSIVE-OR 246 forming one input to AND circuits 258, 260 while the output of EXCLUSIVE-OR circuit 258 forms one input to AND circuits 262 and 264.

The second input toeach AND circuit 258, 260, 262 and 264 comprises a steering signal which is generated from one card number bit position. For selector circuit 230, the steering signal is carried by a wire 266 which is connected directly to the card number register 200 bit position C The signal on this wire 266 is connected directly to one input of AND circuits 258 and 264. An inverter circuit 268 is also connected to the wire 266. The output of this inverter circuit 268 is connected to an input of the AND circuits 260 and 262. The output for each of the AND circuits 258, 260, 262 and 264 is connected to one of two OR circuits 270 or 272. Specifically, the output of each AND cricuit 260 and 264 is connected to an input of the OR circuit 270, while the output of each AND circuit 258 and 262 is connected to an input of OR circuit 272.

In operation, the steering signal on the wire 266 is operative to gate the output signal from EXCLUSIVE-OR circuit 246 or 250 to the input of either OR circuit 270 or 272 depending on the binary value in the C, bit po sition of register 200. For example, when the value of the C, bit is a binary 1, AND circuits 258 and 264 will have one input at a binary 1 value, The inverter 268 will force one input to AND circuit 260 and 262 to a binary 0 value. The other input to AND circuits 258 and 264 is determined entirely by the output of EX- CLUSlVE-OR 246 and 250. For example, one input to the AND circuit 258 is connected to the output of the EXCLUSIVE-OR circuit 246 which forms the transformed number bit T, output. When the other input to AND circuit 258 is a 1, ie, when card bit C4 is a l, the output of this AND circuit 258, which is connected to one input of OR circuit 272, will have a binary signal thereon identical to the binary output bit T 1 generated by EXCLUSIVE-OR circuit 246. At the same time, the AND circuit 264, whose output is connected to an input of OR circuit 270, will have a signal appearing at its output which is identical to the output of the EX- CLUSIVE-OR circuit 250 constituting the transformed number bit T Consequently, when the steering signal on the input wire 266 is a binary 1, the output of the EXCLUSIVBOR 246 (T is steered by the AND circuit 258 to an input of OR circuit 272, while the output of EXCLUSIVE-OR circuit 250 (T is steered via the AND circuit 264 to an input of the OR circuit 270. Be cause the inverter circuit 268 forces one input to the AND circuits 260 and 262 to a 0 when bit C, is a 1, the AND circuits 260 and 262 which are connected to inputs of the OR circuits 270 and 272, respectively, are ineffective to alter the output of the OR circuits 270 and 272. In fact, the output of the OR circuits 270 and 272 will have the same binary value as transformed number bits T and T respectively, when the C bit is a 1.

When the steering signal on the input wire 266 contains a binary 0, i.e., when bit C, is a 0, this signal will be inverted by the inverter circuit 268 to activate the connected AND circuits 260 and 262. In this situation, the output of the EXCLUSIVE-OR circuit 246 (T is lll steered via AND circuit 260 to the input of the OR circuit 270, while the output of the EXCLUSIVE-OR circuit 250 (T is steered via the AND circuit 262 to the input of the OR circuit 272. At the same time, AND circuits 258 and 264 are deactivated because the steering signal on wire 266 is a 0. Under these circum stances, the output of OR circuits 270 and 272 will be the same as the T and T bit outputs, respectively,

It should be noted that the output of each EXCLU- SIVE-OR circuit in each selector circuit 230, 232, 234 comprises one bit of a transformed number and each such output is connected to a number transformer output line. Within each selector circuit, however, these signals are also directed by the steering circuitry to ad ditional selector circuit outputs which form feedback input to other EXCLUSIVE-OR elements in the number transforming network. As a consequence of the bit steering in the selector circuits, the exact algorithm for any given number transforming output line other than output lines 206, 208, 211 and 213 (T T T T is determined by bit steering controlled by the binary value of certain selected card number bit positions (C C C C Additionally, the remaining outputs from the number transforming network comprise a signal which is generated by transforming a card number data bit with one of the other transformed number bits. The number transforming network shown in FIG. 3 is therefore operative to produce a first group of transformed number bits which comprise signals on the output lines 206, 208, 211 and 213 (T T m, T which are formed by interacting selected card number bit positions with the bits of a fixed machine-generated number, while the remainder or second group of the number transforming network output signals are formed by interacting card number bit positions with transformed number bit positions. The exact transformed number bit position which is interacted with a given card number bit position is dependent on the steering gates which are themselves controlled by certain selected bit positions in the card number register 200.

As indicated, the second group of transformed number bits T,T,, T,,, T T and T may be formed in several sub-groups. A first sub-group is formed by interacting card number bits with transformed number bits in the first group of transformed number bits T T T T One example of such a transformation is the transformed number bit on output line 204 (T which is formed by interacting the card data bit C3 with the transformed number bit in group one on output line 213 (T The signal on output line 204 comprises a bit T in one sub-group ofthe second group oftransformed number bits. This signal on output line 204 is gated by the steering gates to interact with either the card number bit C2 or bit C4 depending on the binary value of C4. In either case, the outputs on lines 203 or 205 each comprise a transformed number bit T or T in a further sub-group of the second group of transformed number bits. Each further sub-group bit is formed by interacting a card number bit with a transformed number bit in another sub-group of the second group of transformed number bits.

From the foregoing description of preferred embodiments of this invention, it is clear that the object set 6 ner in which each transformed bit position is formed in part by the interaction of at least one card number bit with one fixed machine-generated bit, the latter bit being entirely independent of the card number. Furthermore, in the case of the second embodiment described in FIG. 3, the algorithm or transform function itself is changeable as a function of the card number itself, a feature which adds further to the difficulty in determining the transformed number from the card number. In either embodiment, however, the transformed number is not completely determinable from the card number itself.

While the foregoing description has been made with particular emphasis upon preferred embodiments thereof, it will be recognized by those ofskill in the art that certain modifications can be made without departing from the spirit and scope of this invention. For example, in certain instances, emphasis has been placed upon the specific wiring between various circuit elements. It will be clear to those of skill in the art that the specific inter-element wiring can be modified in order to alter the relationship between the card number and the memorized number. This alteration may be accomplished by using plugboard devices already known in the prior art. In addition, it will be clear to those of skill in the art that the principles of this invention need not be limited to systems with card numbers having four Octal-coded digits, or twelve bit positions, and also need not be limited to requiring the user to memorize a four octal digit number for use with this assigned card. These and other modifications can be readily made without departing from the spirit and scope of this invention as defined by the claims.

What is claimed is:

1. An apparatus for verifying that an authorized person is seeking entrance into a restricted area, the apparatus comprising in combination:

means for reading a multi-bit card number from a card presented by the person seeking entrance to the restricted area;

means for generating a muIti-bit fixed number;

first number transforming means responsive to said fixed number and only part of said multi-bit read card number to form a multi-bit first part ofa transformed number, said first part being logically related to the inputs to said first number transforming means;

second number transforming means responsive to the remaining part of said read card number and also responsive to said first part of said transformed number to form a multi-bit second part of a trans formed number, said second part being logically related to the inputs to said second number transforming means; and

a comparing means for comparing said first and second parts of a transformed number with a memorized number entered by the person seeking entrance into the restricted area, a favorable comparison of these numbers being operative to permit the person to enter the restricted area.

2. The apparatus in claim 1 wherein said second number transforming means includes third number transforming means responsive to said second part of a transformed number and also responsive to additional card number bits to form additional transformed number bits, said additional transformed number bits being logically related to the inputs to said third number transforming means.

3. The apparatus in claim 2 wherein additionally including internal feedback means to control which transformed number bits in said second part of a transformed number are input to said third number transforming means.

4. An apparatus for verifying that an authorized person is seeking entrance into a restricted area by presenting a card with a card number thereon and inserting a memorized number, the apparatus comprising in combination:

means for reading the card number from the card and producing multiple binary signals representing the read card number;

first means for storing said multiple binary signals;

means for generating a fixed multi-bit number, said fixed number bits being completely independent of said card number;

a first data transforming means responsive to said fixed number and to part, but not all, of said binary signals in said first storage means, said first transforming means producing at its output a first multibit group of transformed number bits, said first multi-bit group being logically related to the data input to said first data transforming means;

. a second data transforming means responsive to said first multi-bit group of said transformed number bits and also responsive to the remainder of said binary signals in said first storage means, said second data transforming means producing at its output a second multi-bit group of said transformed number bits, said second multi-bit group being logically related to the data input to said second data transforming means, said second transforming means including:

means to generate a first sub-group of said second group of transformed number bits by transforming said first group of transformed number bits with part, but not all, of said remaining bits stored in said first storing means, said first sub-group of transformed number bits being logically related to the data input to said first sub-group generating means, and

means to generate a second sub-group of said second group of transformed number bits by transforming said first sub-group with the remaining binary signals stored in said first storing means, said second sub-group of said second group of transformed number bits being logically related to the data input to said second sub-group generating means, said first sub-group and said second sub-group forming said second group of transformed number bits;

second storage means for storing the memorized number entered by the person seeking entrance to the restricted area; and

comparing means responsive to said memorized number stored in said second storage means and said first and said second groups of transformed number bits for comparing these two numbers, a favorable comparison being operative to permit the person to enter the restricted area.

5. The apparatus in claim 4 additionally comprising selective steering means for selectively steering, as a function of the bits stored in selected bit positions in said first storage means, one of two transformed number bits from either said first or second group of transformed number bits to further transforming means for transforming said steered bit with a card number bit stored in said first storage means to form a transformed number bit of said second sub-group.

6. Apparatus for verifying that an authorized person is seeking to enter a restricted area by presenting a card with a card number thereon and inserting a memorized number, the apparatus comprising in combination:

means for reading the card number from the card and producing multiple binary signals representing the read card number;

first means for storing said binary singals;

means for generating a fixed multi-bit number, said fixed number bits being completely independent of said card number;

a first set of EXCLUSIVE-OR circuits, each said circuit having two inputs and one output, one input of each said first set EXCLUSIVE-OR circuits being electrically connected to one bit position in said first storage means, the other input of each said first set EXCLUSIVE-OR circuit being electrically connected to one fixed data bit from said generating means, said first set EXCLUSIVE-OR circuits producing bits at their individual outputs which form a first portion of a transformed number;

a second set of EXCLUSIVE-OR circuits each having two inputs and one output, one input to each said second set EXCLUSIVE-OR circuit being electrically connected to one bit position in said first storage means, the other input to each said second set EXCLUSIVE-OR circuit being electrically connected to one bit position of said first portion of said transformed number, said second set EXCLUSIVE-OR circuits producing a bit at each individual output all of which form a second portion of a transformed number;

second means for storing said inserted memorized;

comparing means responsive to said second storage means and said first and second portion of said transformed number for comparing these two numbers, a favorable comparison being operative to permit the person to enter the restricted area.

7. A verification method for determining whether a person is authorized to enter a restricted area, the method comprising the steps of:

a. reading a multi-bit card number from a card carried by the person seeking to enter the restricted area;

b. storing a memorized multi-bit number entered by the person seeking to enter the restricted area;

c. generating a multi-bit fixed number independent of the card number;

d. forming a first group of transformed number bits by transforming said fixed number with part, but not all, bits of said card number, said first group of transformed number bits being logically related to the fixed number and card number bits transformed;

e. forming a second group of transformed number bits by transforming the remaining bits of the card number with said first group of transformed number bits, said second group of transformed number bits being logically related to said first group of transformed number bits and said remaining bits, said first and second groups of transformed number bits forming a multi-bit transformed number; and

f. comparing the transformed number with the stored memorized number, a favorable comparison being operative to permit entry to the restricted area.

8. The verification method in claim 7 wherein Step (e) includes the steps of a. forming a first sub-group of transformed number bits by transforming some, but not all, of the remaining bits ofthe card number with the first group of transformed number bits, said first sub-group of transformed number bits being logically related to the remaining bits and the first group of transformed number bits which are transformed to form said first sub-group; and

b. forming a second sub-group of transformed number bits by transforming the remaining bits of the card number with the first sub-group of transformed number bits, said second sub-group being logically related to the remaining bits and the first sub-group transformed to form said second subgroup, said first and second sub-groups forming the second group of transformed number bits.

9. The verification method in claim 8 wherein Stop (a) includes selecting, as a function of card number bits, which hit in the first group of transformed number bits is transformed with which card number bit and wherein Step (b) includes selecting, as a function of card number bits, which bit in the first sub-group is transformed with which card number bit.

UNI'IED s'rmfrxs PA'EEJ'I ()FFKJE CERTII IECATE OF COM- EC'IION Patent No. 3 I 846 r 622 Dated November 5 1974 Inventor(s) Marti-n Meyer It is certified that error appears in the above-identified patent and that said Letters Patent are hereby corrected as shown below:

Column 1, line 7, "instance" should be --insurance-.

Column 2, line 60, "wyich" should be which-.

Column 4, line 51, "is" should be --in- Column 6, line 18, "39" should be --30--.

Column 6, line 59, "connectin" should be -connectinq-.

Column 6, line 64, "circuis" should be --circuits--.

Column 8, line 33, "sug-group" should be -sub-group-.

Signed and sealed this. 22nd day of April 1975,

(SEAL) Attest: C. MARSHALL DANN RUTH C. MASON Commissioner of Patents Attesting Officer and Trademarks FORM Po-WSO (0-69) USCOMM-DC wan-Poo Q U.$. GOVIINMIINT IIIN'IING OH'ICI: I)" O--J66-Jl4 UNI'IED S'lNfES PA'IEN'! OFFICE CERTIFICATE OF CORI-v- EC'IION Patent No. 3 I 846 I 622 Dated November 5 1974 Inventor(s) ln R, Meyer It is certified that error appears in the above-identified patent and that said Letters Patent are hereby corrected as shown below:

Column 1, line 7, "instance" should be -insurance-.

Column 2, line 60, "wyich" should be -which--.

Column 4, line 51, "is" should be --i n- Column 6, line 18, "39" should be -30-.

Column 6, line 59 "connectin" should be -connecting- Column 6 line 64, "circuis" should be -c ircuits-.

Column 8, line 33, "sug-group" should be -sub-qroup-.

Signed and sealed this. 22nd day of April 1975,

(SEAL) Attest: C. MARSHALL DANN RUTH C. MASON Commissioner of Patents Attesting Officer and Trademarks FORM P0-10SOH0- USCOMM-DC 60376-P69 ".5. GOVERNMENT PRINTING OFFICE: I", 0-36-"4

Patent Citations

Cited Patent | Filing date | Publication date | Applicant | Title |
---|---|---|---|---|

US3006997 * | Oct 21, 1958 | Oct 31, 1961 | Internat Automorse | Keyboard transmitter for telegraph signs of the morse type |

US3221304 * | Feb 23, 1961 | Nov 30, 1965 | Marquardt Corp | Electronic identification system employing a data bearing identification card |

US3401830 * | Jan 19, 1967 | Sep 17, 1968 | San Francisco Bay Area Rapid T | Vending machine for credit card purchasing |

US3513298 * | Aug 5, 1964 | May 19, 1970 | John B Riddle | High security credit card system |

US3602695 * | Jun 19, 1967 | Aug 31, 1971 | Docutel Inc | Document-coding method and apparatus |

US3610889 * | Jun 16, 1966 | Oct 5, 1971 | Telecredit | Identification card control system |

US3641315 * | Feb 27, 1970 | Feb 8, 1972 | Omron Tateisi Electronics Co | System for automatically conducting office work required for transactions at a bank and the like |

US3643064 * | Mar 28, 1969 | Feb 15, 1972 | Hudson Corp | Code authenticator |

US3662343 * | Jul 29, 1970 | May 9, 1972 | Docutel Corp | Credit card automatic currency dispenser |

US3665162 * | Dec 11, 1969 | May 23, 1972 | Omron Tateisi Electronics Co | Identification system |

US3700862 * | Aug 26, 1969 | Oct 24, 1972 | Diginetics Inc | Indicia system for credit cards and the like |

US3715569 * | Jul 29, 1970 | Feb 6, 1973 | Docutel Corp | Credit card automatic currency dispenser |

US3740530 * | Dec 7, 1970 | Jun 19, 1973 | Transvac Electronics Inc | Apparatus and method for verification of a credit card |

Referenced by

Citing Patent | Filing date | Publication date | Applicant | Title |
---|---|---|---|---|

US3996449 * | Aug 25, 1975 | Dec 7, 1976 | International Business Machines Corporation | Operating system authenticator |

US4016404 * | Aug 5, 1975 | Apr 5, 1977 | Frank Appleton | Credit card verifier |

US4023012 * | Jun 30, 1975 | May 10, 1977 | Omron Tateisi Electronics Co. | System for verifying the user of a card |

US4023013 * | Dec 29, 1975 | May 10, 1977 | Diebold, Incorporated | On-line verification system for identification card or the like |

US4025759 * | Oct 16, 1975 | May 24, 1977 | The Grey Lab. Establishment | Checking apparatus for documents |

US4025760 * | Aug 14, 1975 | May 24, 1977 | Addressograph Multigraph Corporation | Security means for transaction terminal system |

US4048475 * | Oct 26, 1976 | Sep 13, 1977 | Omron Tateisi Electronics Company | Apparatus for checking the user of a card in card-actuated machines |

US4094462 * | Aug 2, 1976 | Jun 13, 1978 | Ncr Corporation | Method and means for providing and testing secure identification data |

US4095739 * | Aug 26, 1977 | Jun 20, 1978 | A-T-O Inc. | System for limiting access to security system program |

US4140272 * | Oct 3, 1977 | Feb 20, 1979 | Atalla Technovations | Optical card, system and method for securing personal identification data |

US4142097 * | Sep 1, 1977 | Feb 27, 1979 | A-T-O Inc. | Programmable keyboard sequencing for a security system |

US4193061 * | Jul 11, 1978 | Mar 11, 1980 | Zoltai John T | Electronic authentication system |

US4208575 * | Jan 22, 1979 | Jun 17, 1980 | Valmet Corporation | Credit card or check validator |

US4339820 * | Aug 20, 1980 | Jul 13, 1982 | Stockburger H | Method and device for coding and/or decoding and securing data |

US4652698 * | Aug 13, 1984 | Mar 24, 1987 | Ncr Corporation | Method and system for providing system security in a remote terminal environment |

US4652990 * | Oct 27, 1983 | Mar 24, 1987 | Remote Systems, Inc. | Protected software access control apparatus and method |

US4857714 * | Mar 18, 1988 | Aug 15, 1989 | Sunyich Steven L | Credit card storage system |

US4953745 * | Feb 20, 1986 | Sep 4, 1990 | James R. Rowlett, Jr. | Medication dispensing apparatus |

US5323448 * | Mar 11, 1993 | Jun 21, 1994 | Spectradyne, Inc. | System for accessing amenities through a public telephone network |

US5475740 * | Jun 22, 1993 | Dec 12, 1995 | Spectradyne, Inc. | System for accessing and paying for amenities using a telephone |

US5729717 * | Jun 7, 1995 | Mar 17, 1998 | Kabushiki Kaisha Toshiba | IC card and issuing apparatus allowing multiple applications |

US6009465 * | Jan 22, 1996 | Dec 28, 1999 | Svi Systems, Inc. | Entertainment and information systems and related management networks for a remote video delivery system |

US6991176 | Mar 21, 2000 | Jan 31, 2006 | Deutsche Telekom Ag | Method for generating identification numbers |

USRE38419 | Mar 15, 2001 | Feb 10, 2004 | Ncr Corporation | Computer interface device |

USRE39376 * | Dec 28, 2000 | Nov 7, 2006 | Svi Systems, Inc. | System for accessing amenities through a public telephone network |

DE2746859A1 * | Oct 19, 1977 | May 3, 1978 | Atalla Technovations | Verfahren und vorrichtung zur codierungssicherung |

EP0059114A1 * | Jan 12, 1982 | Sep 1, 1982 | Georges Lasserre | Checking device for the identification of persons |

EP0215291A1 * | Aug 12, 1986 | Mar 25, 1987 | Hülsbeck & Fürst GmbH. & Co. KG | Electronic locking device for motor vehicles |

EP0232240A2 * | Feb 6, 1987 | Aug 12, 1987 | Bewator Ab | A method for establishing whether or not a first person shall be granted free passage to a confined area through a door, gate or the like entrance |

EP0553283A1 * | Oct 11, 1991 | Aug 4, 1993 | Amtech Corporation | A recognition apparatus and method for security systems |

WO2000060551A1 * | Mar 21, 2000 | Oct 12, 2000 | Deutsche Telekom Ag | Method of deriving an identification number |

Classifications

U.S. Classification | 340/5.54, 221/2, 340/5.6 |

International Classification | G07F7/10 |

Cooperative Classification | G07F7/10, G07F7/1066 |

European Classification | G07F7/10P6B, G07F7/10 |

Legal Events

Date | Code | Event | Description |
---|---|---|---|

Oct 3, 1995 | AS | Assignment | Owner name: MOSLER INC., OHIO Free format text: RELEASE;ASSIGNOR:BANKERS TRUST COMPANY;REEL/FRAME:007662/0368 Effective date: 19950901 |

Sep 4, 1990 | AS | Assignment | Owner name: BANKERS TRUST COMPANY Free format text: SECURITY INTEREST;ASSIGNOR:MOSLER, INC.;REEL/FRAME:005426/0111 Effective date: 19900518 |

Jul 19, 1990 | AS | Assignment | Owner name: BANKERS TRUST COMPANY, NEW YORK Free format text: SECURITY INTEREST;ASSIGNOR:MOSLER, INC.;REEL/FRAME:005449/0239 Effective date: 19900518 |

Rotate