Access Control Unit Interface
Background of the Invention
Field of the Invention
The present invention is directed to the field of access control and, in particular, to access control with biometric technology.
Related Art
Access control systems are used to limit access to selected individuals. Some of these systems use biometric technologies to determine whether access for an individual will be granted or denied. A biometric is a unique, measurable o characteristic or trait of a human being for automatically recognizing or verifying identity. For instance, fingerprint biometrics are largely regarded as an accurate method of biometric identification and verification. See, e.g., Roethenbaugh, G. Ed., Biometrics Explained (International Computer Security Association: Carlisle, PA 1998), pages 1-34, which is herein incorporated by reference in its entirety. Access control units ( ACUs) may be placed locally to perform a biometric analysis on the individual, and determine whether access will be granted or denied. Additionally, if required, an ACU may be used to document images of the access applicant. When an access applicant has been denied access, images of an access applicant may be desirable to determine whether the system is being tested for breach. Furthermore, images of an access applicant may be desirable when an access applicant has been accepted and is being granted access (i.e., the door is open), in order to determine whether an access applicant is gaining access and passing it to another ("pass forward"), whether multiple people are obtaining access, or whether property is being improperly transported through the door. An access control unit takes a live scan of an individual' s fingerprint with a fingerprint scanner. A host processor processes the detected fingerprint image. Such live scan ability is an important tool for access control, allowing for rapid
capture and transmission of fingerprints, and rapid fingerprint identification. Prior to the present invention, however, the host processor in an ACU was limited to a customized piece of logic, such as, an application specific-integrated circuit (ASIC) or a digital signal processor (DSP). An ACU was also not a generally compact device.
What is needed is a compact ACU interface which is compatible with a commercial off-the-shelf (COTS) processor, such as, a PENTIUM processor. Such a COTS processor is more likely to be familiar to an ACU customer, and able to operate a common commercial operating system such as WINDOWS or LINUX, thereby increasing customer acceptance throughout the life of the ACU from the time of purchase through installation and maintenance. A COTS processor may be more widely available at an overall competitive price and performance compared to customized logic. A compact ACU also allows it to be incorporated into a wider range of access control applications, such as, prison security points and entry /exit locations in a secure building or area, and allows it to be integrated more easily with existing computer systems. Furthermore, it is desirable to have an ACU that is compatible with a broader range and variety of communications interfaces. The placement of intelligence i:ι a small package at access points enables local and distributed alarms for tamper detection and breach.
Summary of the Invention
The present invention is directed to an access control unit interface between a fingerprint scanner, a camera, and peripherals, and a host processor.
A daughter card is coupled between the fingerprint scanner and the host processor. The daughter card handles real-time and interactive access control events. The host processor can be any commercially available processor.
In one embodiment, the daughter card has an access control interface processor. The access control interface processor includes a display interface module, a keyboard module, a Wiegand interface module, a finger detect interface module, a LED interface module, and a serial communication module.
The present invention further provides for a very compact design configuration. The daughter card and host processor may be coupled in a compact stacked configuration. This allows the access control unit to be installed in a variety of environments without using a great deal of space. User enrollment and access control are provided for in a convenient package.
Furthermore, the present invention provides an access control interface between a fingerprint scanner, camera, and peripherals, and any commercially available (COTS) host processor. This provides for greater flexibility in access control system design and implementation. Various commercially available processors can be chosen to meet different performance and/or cost needs. For example, familiar, low-cost host processors may be chosen to lower overall system cost. Off-the-shelf processors may be available in large quantities to support large production runs.
According to a further feature, the present invention provides for interconnection with a number of interface types, including a Wiegand interface, a serial port interface, and an Ethernet port interface. This provides for flexibility in interconnection environments. Interfacing directly with Ethernet provides for high rates of fingerprint data transfer.
Further embodiments, features, and advantages of the present inventions, as well as the structure and operation of the various embodiments of the present invention, are described in detail below with reference to the accompanying drawings.
Brief Description of the Figures
The accompanying drawings, which are incorporated herein and form a part of the specification, illustrate the present invention and, together with the description, further serve to explain the principles of the invention and to enable a person skilled in the pertinent art to make and use the invention. In the drawings:
FIG. 1 shows an example embodiment of an access control unit of the present invention;
FIG.2A shows a block diagram illustrating an embodiment of the present invention; FIG. 2B shows an example configuration of the present invention;
FIG. 3 shows an example detailed block diagram illustrating an embodiment of the present invention;
FIG. 4 shows example modules in an embodiment of the access control interface processor of the present invention; and FIG. 5 A, 5B and 5C show example operation of an access control interface processor of the present invention.
The present invention will now be described with reference to the accompanying drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Additionally, the left-most digit(s) of a reference number identifies the drawing in which the reference number first appears.
Detailed Description of the Preferred Embodiments
Overview and Terminology
The present invention is directed to an interface between a fingerprint scanner and a host processor in an access control unit. The host processor can be any commercially available processor. In a preferred embodiment, a daughter card is coupled between the fingerprint scanner and various accessories, and the host processor. The daughter card handles real-time and interactive access control events. In a preferred embodiment, the daughter card includes an access control interface processor. The access control interface processor performs a number of tasks, including interfacing the host processor with various I/O devices and ports.
To more clearly delineate the present invention, an effort is made throughout the specification to adhere to the following term definitions as consistently as possible.
The terms "commercially available processor" and "commercial-off-the- shelf (COTS) processor" are used interchangeably to refer to any processing unit available for general purpose or specific purpose computing. For example, a COTS processor can include, but is not limited to, a PC- 104 processor, a PENTIUM processor type sold by Intel Corporation or a PowerPC processor sold by Motorola. A COTS processor is also intended to broadly refer to any combination of software, firmware, and/or hardware, including, but not limited to,
DSPs, RISCs (Reduced Instruction Set Computers), and microprocessors.
Example Access Control Unit
FIG. 1 illustrates a frontal perspective view of an embodiment of an access control unit 100. Access control unit 100 includes an ACU case 102, a display 104, a keypad 106, a fingerprint scanner 108, a locked LED display 110, and a unlocked LED display 112. Access control unit 100 is not limited to this configuration, but may also include other combinations of I/O devices and ports as would be known by persons skilled in the relevant art(s), based upon the teachings herein. ACU case 102 provides a housing for some of the components necessary to operate access control unit 100, and presents the I/O devices and ports of access control unit 100. Display 104 provides status information to an individual accessing the access control unit 100. Display 104 may be an LCD display, or any other suitable display device. Keypad 106 allows an individual to input an access code to the access control unit 100. For example, keypad 106 allows for 1:1 verification or 1 :some identification to occur within the unit. Keypad 106 may be any suitable type of keypad, keyboard, or other key entry device.
Fingerprint scanner 108 captures a user's fingerprint. Fingerprint scanner 108 may be any suitable type of fingerprint scanner, known to persons skilled in the relevant art(s).
Locked LED display 110 indicates that access is currently being denied. Unlocked LED display 112 indicates that a user is currently being granted access.
The present invention is not limited to the use of LEDs, but may also include other suitable indicator devices known to those skilled in the relevant arts. Additional visual, audible, or other types of indicators may be used to denote further access control unit status details. The present invention is described in terms of this example access control unit environment. However, the present invention can be used in any access control interface where a daughtercard couples a biometric input device, I/O device(s) and other interfaces with a COTS processor.
Description in these terms is provided for convenience only. It is not intended that the invention be limited to application in this example environment.
In fact, after reading the following description, it will become apparent to a person skilled in the relevant art how to implement the invention in alternative environments known now or developed in the future.
Access Control Unit Interface
Structural implementations for an access control unit interface are described at a high-level, and at a more detailed level. These structural implementations are described herein for illustrative purposes, and are not limiting. In particular, the access control unit interface described in this section can be achieved using any number of structural implementations, including hardware, firmware, software, or any combination thereof. The details of such structural implementations will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein.
FIG. 2A illustrates an example block diagram of a preferred embodiment of the present invention. Access control unit 200 includes a host processor 210,
a daughter card 220, a fingerprint scanner 108, electrical connections 230, and observation camera 250. Host processor 210 is bi-directionally coupled to daughter card 220 through electrical connections 230.
FIG. 2B shows an example access control unit daughter card and host processor physical connection configuration 240. Configuration 240 includes a host processor 210, a daughter card 220, a fingerprint scanner 108, electrical connections 230, and an ACU case 102. As illustrated, host processor 210, daughter card 220, and electrical connections 230 form a substantially stacked configuration in ACU case 102. This is a compact arrangement, which allows for a compact size for ACU case 102. In one example, daughter card 220 is fabricated on a circuit board approximately 3.5 inches x 3.5 inches or less.
FIG. 3 shows a more detailed block diagram of an embodiment of an access control unit. The access control unit of FIG. 3 includes a host processor 210, a daughter card 220, a finger detector 302, a Wiegand interface 304, a LED display 306, a textual display 308, a keypad 310, a serial port 312, a fingerprint scanner 108, an Ethernet port 314, a door relay 340, a RTE (Request to Exit) 342, an alarm 344, a tamper detector 348, and a storage mass memory 350. Daughter card 220 further includes an access control interface processor 316, an interface logic 318, a keyboard scan controller 320, a serial port drivers 322, a UART (Universal Asynchronous Receiver Transmitter) 324, a storage device 326, a frame grabber 328, a frame memory 330, an I2C (Inter-IC) interface 332, an Ethernet interface 334, a bus 336, and a relay control and digital input 346.
Access control interface processor 316 is coupled to bus 336, finger detector 302, Wiegand interface 304, LED display 306, textual display 308, keyboard scan controller 320, interface logic 318, and UART 324.
Keyboard scan controller 320 is coupled to keypad 310 and access control interface processor 316.
Serial port drivers 322 is coupled to serial port 312 and UART 324. UART 324 is coupled to access control interface processor 316, serial port drivers 322, interface logic 318, and bus 336.
Interface logic 318 is coupled to access control interface processor 316, UART 324, storage device 326, frame grabber 328, frame memory 330, I2C interface 332, Ethernet interface 334, and bus 336.
Storage device 326 is coupled to interface logic 318 and bus 336. Frame grabber 328 is coupled to fingerprint scanner 108, interface logic
318, frame memory 330, 12C interface 332, and observation camera 250.
Frame memory 330 is coupled to interface logic 318, frame grabber 328, and bus 336.
I2C interface 332 is coupled to interface logic 318, frame grabber 328, and bus 336.
Ethernet interface 334 is coupled to interface logic 318, Ethernet port 318, and bus 336.
Relay control and digital input 346 is coupled to door relay 340, RTE 342, alarm 344, tamper detector 348, and bus 336. Host processor 210 is coupled through bus 336 to access control interface processor 316, interface logic 318, UART 324, storage device 326, frame memory 330, 12C interface 332, Ethernet interface 334, and relay control and digital input 346. In alternative embodiments, fewer devices, or additional devices are coupled through bus 336 to host processor 210. Storage mass memory 350 is coupled through bus 336 to access control interface processor 316, interface logic 318, UART 324, storage device 326, frame memory 330, 12C interface 332, Ethernet interface 334, and relay control and digital input 346. In alternative embodiments, fewer devices, or additional devices are coupled through bus 336 to storage mass memory 350.
Operation
Host processor 210 of FIG. 3 performs high-level control functions for an access control unit. For instance, host processor 210 provides the necessary control signals to daughter card 220 to cause a fingerprint image to be captured. Host processor 210 receives the captured fingerprint image and matches it to one
or more previously stored fingerprints. One-to-one or one-to-many matching algorithms can be used to determine a match. Host processor 210 comprises any commercially available processor. In a preferred embodiment, host processor 210 comprises a PC- 104 processor. Host processor 210 interfaces with daughter card 220 through bus 336.
In a preferred embodiment, bus 336 comprises an ISA (Industry Standard Architecture) bus, which is well known to those skilled in the relevant art(s).
Finger detector 302, shown in FIG. 3, detects when a finger is present at fingerprint scanner 108. In one example embodiment, finger detector 302 includes an interrupter beam. In alternative embodiments, finger detector 302 may detect skin resistance, or measure characteristics of light reflected off skin, in order to detect a live finger, as would be understood by persons skilled in the relevant art(s).
Fingerprint scanner 108 images a user's fingerprint. In an embodiment, fingerprint scanner 108 outputs fingerprint data representative of the captured fingerprint image in a video format. In general, any known fingerprint scanner can be used.
Observation camera 250 captures images of an access applicant when desired. Images may be captured when access is denied or granted. In an embodiment, observation camera 250 outputs images captured at periodic intervals, in a video format. In general, any suitable camera may be used.
Frame grabber 328, frame memory 330, and I2C interface 332 operate together to capture fingerprint images of fingerprint scanner 108 and access applicant images of observation camera 250. In an embodiment, frame grabber 328 digitizes the video signals output by fingerprint scanner 108 and observation camera 250. A captured image is stored in frame memory 330. In one example, frame memory 330 is a static random access memory (SRAM). Host processor 210 accesses frame memory 330 to obtain captured fingerprint images and access applicant images, through bus 336. In an embodiment, frame grabber 328 comprises an integrated circuit chip, such as a BT827, which accepts video sources to be digitized, stored, and
analyzed. Such sources include fingerprint scanner 108 and observation camera 250. Control and status registers within an BT827 can only be accessed over an I C interface. I2C interface 332 allows host processor 210 to access these registers through bus 336. Other suitable frame grabbers and associated circuits can be used as would be apparent to person(s) skilled in the relevant art(s) given this description.
UART 324 provides a communications interface between host processor 210 and serial drivers 322. In a preferred embodiment, UART 324 provides an ISA interface to serial drivers 323. UART 324 also provides a communications interface between host processor 210 and access control interface processor 316.
In a preferred embodiment, UART 324 provides an ISA interface between host processor 210 and access control interface processor 316. UARTs are well known to those skilled in the relevant art(s).
Storage device 326 provides for data storage on the daughter card 220. In a preferred embodiment, storage device 326 is a flash memory device designed to emulate a hard drive in the manner that a host processor, such as a personal computer, accesses data. This provides for convenient access by commercially available processors. Interface logic 318 decodes address?1; provided by host processor 210 over bus 336, and provides the decoded addresses to storage device 326. Storage device 326 outputs data onto bus 336.
Door relay 340 is a relay or switch that allows an access door to be opened. In an embodiment, relay control and digital input 346 provides the control signal that activates door relay 340.
RTE 342 allows an access door to be opened from the inside, rather than the side of the door monitored by an access control unit. In an embodiment, when accessed, RTE 342 provides a signal to relay control and digital input 346 indicating a request to exit.
Alarm 344 provides an alarm indication during specified situations. For instance, alarm 344 may be active when a door is left open for more than a specified amount of time, or when an attempt is made to force a door open.
Alarm 344 receives an activation signal from relay control and digital input 346.
Tamper detector 348 detects when an access control unit is being tampered with. For instance, tamper detector 348 may provide an active signal when an improper attempt is made to open the access control unit. Tamper detector 348 provides a signal to relay control and digital input 346 that indicates tampering.
Relay control and digital input 346 provides a control signal to door relay 340, and provides and receives other signals. In an embodiment, relay control and digital input 346 receives signals from tamper detector 348, RTE 342, and provides a signal to alarm 344. In other embodiments, relay control and digital input 346 may receive additional input signals, or have fewer input signals, and provide additional or fewer output signals. In embodiments, relay control and digital input 346 provides output signals to, and receives input signals from host processor 210 through bus 336.
Storage mass memory 350 provides mass storage for host processor 210 and daughter card 220. In an embodiment, storage mass memory 350 stores fingerprint images. In an alternative embodiment, storage mass memory 350 stores images captured periodically by observation camera 250 until they can be transmitted from the access control unit through Ethernet port 314. Storage mass memory 350 may provide these functions, combinations of these functions, and other functions well known to persons skilled in the relevant art(s).
Input/Output Devices and Interfaces
In one embodiment, Wiegand interface 304 allows the present invention to interface with a Wiegand communications line.
LED display 306 includes LEDs that indicate that access is currently being granted or denied.
Textual display 308 provides status information to an individual accessing the access control unit. In a preferred embodiment, textual display 308 is an LCD display. Other textual displays are well known to persons skilled in the relevant art(s).
Keypad 310 allows an individual to input an access code to the access control unit 100, allowing for 1 :1 verification or l :some identification to occur within the unit. In embodiments, there may be more than one level of access. For instance, an embodiment may have two levels of access: user access and system administration access.
Keyboard scan controller 320 scans keypad 310 for key data. Suitable keyboard scan controllers are known to persons skilled in the relevant art(s).
Serial port 312 provides a serial interface to an access control unit, supporting multiple communication protocols. These include, but are not limited to, RS-232, RS-422, and RS-485. Serial port drivers 322 convert data to the appropriate electrical signal levels. Suitable serial port drivers are known to persons skilled in the relevant art(s).
Ethernet interface 334 allows an access control unit to transmit and receive large quantities of data at high speed, such as fingerprint images and observation images. In an embodiment, interface logic 318 decodes controls signals provided by host computer 210 through bus 336, to access Ethernet interface 334. Ethernet port 314 provides an Ethernet connection for Ethernet interface 334.
Interface Logic
In an embodiment, interface logic 318 decodes address and control signals from host processor 210 through bus 336. This allows host processor 210 to access UART 324, storage device 326, 12C interface 332, and Ethernet interface 334. Interface logic 318 also provides logic which enables frame grabber 328 to write data into storage device 326. Additionally, interface logic 318 provides logic to disable frame grabber 328 from writing to storage device 326, and to allow host processor 210 access to storage device 326. Interface logic 318 also provides logic for configuring the protocol of serial port drivers 322.
Interface logic 318 can be comprised of hardware, firmware, software, or a combination thereof. Preferably, interface logic 318 is comprised of at least one
complex programmable logic device (CPLD), such as those provided by Cypress Semiconductor. CPLDs at least provide for a high level of logic density.
Access Control Interface Processor
In an embodiment, access control interface processor 316 provides for lower level processing and interfacing functions on daughter card 220. For instance, access control interface processor 316 receives instructions from host processor 210 through bus 336, and transmits responses (solicited and unsolicited) to host processor 210 through bus 336. Access control interface processor 316 may provide additional and alternative functions. As shown in FIG. 4, in an embodiment, access control interface processor 316 includes a display interface module 402, a keyboard interface module 404, a Wiegand interface module 406, a LED interface module 408, a serial communication module 410, and a finger detect module 412.
Display interface module 402 couples textual display 308 with host processor 210. In an embodiment, display interface module 402 receives display commands with associated data from host processor 210, and allows host processor 210 to write to, to clear, and to control the cursor of textual display 308.
Keyboard interface module 404 interfaces keyboard scan controller 320 with host processor 210. In an embodiment, keyboard interface module 404 may allow the transmitting of solicited or non-solicited keypad input from keyboard scan controller 320 to host processor 210.
Wiegand interface module 406 couples Wiegand interface 304 and host processor 210, allowing data to be transmitted and received through Wiegand interface 304.
LED interface module 408 couples LED display 306 and host processor 210. In an embodiment, LED interface module 408 allows host processor 210 to cause LED display 306 to illuminate LEDs indicating that access has been granted and that access has been denied.
Serial communication module 410 couples serial port drivers 322 and host processor 210. In an embodiment, serial communications module 410 allows host processor 210 to send serial data to, and receive serial data from serial port drivers 322 through UART 324. Finger detect module 412 couples finger detector 302 and host processor
210. In an embodiment, finger detect module 412 allows finger detector 302 to provide signals to host processor 210 indicating that a finger is present, or that a finger is not present.
FIGS. 5A-5C show flowcharts providing detailed operational steps of an example embodiment of access control interface processor 316. The steps of
FIGS. 5A-5C may be implemented in hardware, firmware, software, or a combination thereof. Other structural embodiments will be apparent to persons skilled in the relevant art(s) based on the discussion contained herein. These steps are described in detail below. In step 500 in FIG. 5A, operation proceeds to step 508.
Operation of access control interface processor 316 starts at step 502. Operation proceeds to step 504.
In step 504, access control interface processor 316 is initialized. Operation proceeds to step 506. In step 506, the state of access control interface processor 316 is set to
"Start of Packet". Operation proceeds to step 508.
In step 508, keypad scan controller 320 is processed by access control interface processor 316, determining whether keypad data has been entered at keypad 310, and the resulting data is sent to the host computer 210. Operation proceeds to step 510.
In step 510, finger detector 302 is processed by access control interface processor 316, determining whether a finger has been detected, and the result is sent to host computer 210. Operation proceeds to step 512.
In step 512, the state of access control interface processor 316 is determined by access control interface processor 316. If the state is equal to
" Start of Packet", operation proceeds to step 514. If the state is not equal to "Start of Packet", operation proceeds to step 518.
In step 514, access control interface processor 316 determines whether the start of packet code has been received from host computer 210. If the start of packet code has been received, operation proceeds to step 520. If the start of packet code has not been received, operation proceeds to step 516.
In step 516, operation proceeds to step 500, indicated by an "A".
In step 518, operation proceeds to step 524 in FIG. 5B, indicated by a "B" .
In step 520, the state of access control interface processor 316 is set to "Get Command". Operation proceeds to step 522, indicated by an "A".
In step 522, operation proceeds to step 500.
In step 524 in FIG. 5B, operation proceeds to step 526.
In step 526, access control interface processor 316 determines whether the state is set equal to "Get Command". If the state is equal to "Get Command", access control interface processor receives data from host processor 210, and operation proceeds to step 528. If the state is not equal to "Get Command", operation proceeds to step 534.
In step 528, access control interface processor 316 determines whether valid data is received. If valid data is received, operation proceeds to step 532. If valid data is not received, operation proceeds to step 530.
In step 530, the state of access control interface processor 316 is set to "Start of Packet" by access control interface processor 316. Operation proceeds to step 500 in FIG. 5A, indicated by an "A".
In step 532, access control interface processor 316 sets the present command equal to the data received. Operation proceeds to step 538.
In step 534, operation proceeds to step 550 in FIG. 5C, indicated by a "C" .
In step 536, operation proceeds to step 500 in FIG. 5A, indicated by an "A".
In step 538, access control interface processor 316 determines whether the present command has data associated with it. If the present command does have
data associated with it, operation proceeds to step 540. If the present command does not have data associated with it, operation proceeds to step 542.
In step 540, the state of access control interface processor 316 is set to "Get Data" by access control interface processor 316. Operation proceeds to step 544.
In step 542, the present command is processed. Operation proceeds to step 546.
In step 544, operation proceeds to step 500 in FIG. 5A, indicated by an "A". In step 546, the state of access control interface processor 316 is set to
"Start of Packet" by access control interface processor 316. Operation proceeds to step 548.
In step 548, operation proceeds to step 500 in FIG. 5A, indicated by an "A". In step 550 in FIG. 5C, operation proceeds to step 552.
In step 552, access control interface processor 316 determines whether the state of access control interface processor 316 is set to "Get Data". If the state is set to "Get Data", operation proceeds to step 554. If the state is not set to "Get Data", operation proceeds to 558. In step 554, access control interface processor 316 determines whether all data has been collected from the present command. If all data has been collected from the present command, operation proceeds to step 560. If all data has not been collected from the present command, operation proceeds to step 556.
In step 556, operation proceeds to step 500 in FIG. 5A, indicated by an "A".
In step 558, access control interface processor 316 sets the state of access control interface processor 316 to "Start of Packet". Operation proceeds to step 566.
In step 560, access control interface processor 316 processes the present command. Operation proceeds to step 562.
In step 562, access control interface processor 316 sets the state of access control interface processor 316 to "Start of Packet". Operation proceeds to step 564.
In step 564, operation proceeds to step 500 in FIG. 5A, indicated by an "A".
In step 566, operation proceeds to step 500 in FIG. 5A, indicated by an "A".
Conclusion
While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example only, and not limitation. It will be apparent to persons skilled in the relevant art that various changes in form and detail can be made therein without departing from the spirit and scope of the invention. Thus, the breadth and scope of the present invention should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.