This invention relates to electronic combination locks and more specifically to electronic combination locks where the lock generates a combination for one-time use, and a separate dispatch computer generates the combination which is to be entered into the lock and compared with the generated combination in the lock.
An electronic combination lock of the general type used herein is described in U.S. Pat. No. 5,061,923. The lock described in the above patent is manufactured and sold as the Mas-Hamilton X-07 lock by the Mas-Hamilton Group of Lexington, Ky.
Combination locks are used on containers such as vaults which may, in tun, contain automatic teller machines (ATM). To service or repair an ATM, access within the vault containing the ATM is required. Service and repair involves not only malfunctions, broken or worn out parts of the ATM, but also the replenishment of the cash supply within the ATM and to collect deposits made at the ATM.
Due to the highly sensitive nature of the service or repair of an ATM, it has been customary in the past to use a two-person service/repair team. This concept is used to reduce the chances of theft of the cash either from the cash dispensing unit or from the ATM deposit collection container. The use of two-person service/repair teams is very expensive; and in an effort to reduce the cost of operations of ATMs, the two-person team in many cases has been replaced with a single person to repair/service the ATMs. With the use of only a single service person, the incidences of theft from the ATMs have dramatically increased. Service personnel must have the knowledge of the combination for the lock on the vault in order to gain access to the vault for the normal service or repair function and then the service person might return to the ATM location at a later time, open the vault and remove money therefrom. Also, several people may have been assigned the job of servicing the ATM at different times and, therefore, it is impossible to determine which of the individuals may have taken the money.
To combat this weakness in the security of the ATM and its supply of cash following service by the service personnel, it would be necessary for a second person to go to the ATM in order to change the combination of the lock. This change of the combination requires a lock technician and a considerable amount of time resulting in still additional costs and charges to the organization maintaining and servicing the ATM.
Further, since there are multiple individuals and perhaps very frequent changes of the combination in the lock, it is imperative that very accurate record keeping be performed and that a list of the current combinations for all ATMs being serviced by that particular service organization must be maintained together with a complete listing of the individuals who have had access to the lock with a specific combination.
To avoid implication in theft, a service person might not take money from an ATM when the authorized entry to the ATM is accomplished for the purposes of service or repair.
There is a relatively high turnover rate of employees in this type of an organization and in many cases, the employees leave without notice; therefore, it may be necessary to change the combination on the ATM vault very rapidly after the individual terminates employment with the service organization. If no notice is given, there may be a period of time following the employee""s decision to terminate his employment and the recognition of the fact that the employee is not returning. This period of vulnerability would permit the employee to return to the units which he has serviced and for which he still has a current combination. Additionally, the relatively time-consuming procedure to change combinations in mechanical combination locks where the wheels and gate positions must be changed within the lock, would leave additional time of insecure protection for the vault and the ATM.
One example of a lock which has a one-time use combination is the Electronic CA300 lock manufactured and sold by Sequill Corp., 145 W. Main, Barrington, Ill. This lock is provided with a large plurality of authorized combinations, any one of which will open it. After the combination has been used, the lock acts to disable the used combination so that it may not be reused until such time as the lock is restarted. This lock is used primarily to contain and secure a key to a home or other real property so that a real estate agent may open the box and remove the key for purposes of gaining access to the property in order to show the property to a prospective buyer.
A real estate brokerage may put one of these locks on a house which it has listed for sale and then an agent for another brokerage may contact the listing broker for an access combination. Once that number is provided to the showing agent, a notation may be made as to the agent receiving that combination so that any discrepancy at the property may be correlated with the access of that agent.
This lock does not generate the combinations that are authorized for use. The combination is disabled but may be re-authorized upon a restarting of the lock. Further, all of the authorized combinations are stored within the lock and could conceivably be accessed with appropriate electronic access equipment to reveal other usable combinations within the memory of the lock.
Another example of changing combinations in locks include U.S. Pat. No. 4,511,946 issued to W. A. McGanan wherein a hotel room combination is changed upon the departure of each guest or at the check-in of a guest. The combination which was usable by the preceding guest then becomes unusable. However, this combination is only changed upon change of the guest and is changed as a result of a computer control at the registration desk over an electrical connection to the lock or by an indication to the lock that a new combination has been entered by use of a new key. Only upon the indication that a new combination should be accepted will the lock then disregard the previous combination.
The Mas-Hamilton X-07 lock is provided with enhanced software to operate the microprocessor and to control the lock. The software and the microprocessor in combination operate to receive the dialed combination and upon entry of the dialed combination, the electrical control of the ATM version of the X-07 lock generates an authorized combination. This combination is generated by an algorithm which utilizes the last authorized combination which is invalid for purposes of operating the lock, the serial number of the lock, a randomly changed master combination, and a count of the number of times that the lock has been opened using an authorized ATM combination.
Still further, some of the above values are mathematically modified and the result of the combination of some of the above values further are altered by rotation of the digits within the number or by rotating the binary representation of the resultant combined value. The operation of the algorithm within the microprocessor of the lock results in a six digit decimal form number which is a provisional authorized combination. The provisional authorized combination then is tested to prevent certain selected values, such as the serial number of the lock, the factory-manufactured lock setting, or any one of the other combinations for the lock from being used as the ATM combination. Should the provisional authorized combination be equal to any of the prohibited values, then that provisional authorized combination further is altered by repeating several of the steps of the algorithm and the new provisional authorized combination retested. After the generation and testing of the provisional combination is complete, the generated combination is compared with the entered combination to permit access if the two combinations match. The combination is further tested against preset criteria; and should the combination meet that preset criteria, then a new master combination is generated and stored. The new authorized combination is stored and the seal count of the lock (the count of the number of times that the lock has been opened using an ATM combination) is then incremented. At that point the lock is then conditioned to be opened by the operator.
The lock may also respond to a second combination designated as a bank combination. This provides the opportunity for bank personnel to open the vault of the ATM in order to perform audits, verify the amounts of cash in the ATM or any other function for which only the bank need gain access to the vault without affecting the sequential nature of the combination generation. The seal count is accessed and stored in an array of storage locations thereby providing a historical series of seal counts to indicate each time the bank combination was used to gain access to the ATM vault. Whenever the bank combination opens the lock and permits access to the vault, the seal count is stored but is not updated because the seal count is used as part of the input for generation of the ATM authorized combination; and to update or increment the seal count each time the bank combination is used to gain access, would alter the ability of a dispatching system to remain in synchronism with the generation of the combinations by the lock.
Since the lock is a self-powered lock and the registers of the electronic control require continuous power to preserve contents, the registers of the microprocessor only hold the generated authorized combination during the period the lock is powered. In the event that the combination entered is not matched with the generated combination in the lock, such as when an erroneous combination is entered, the authorized combination is not preserved in the memory registers of the electronic controls past the time the lock is powered. As the powering charge in the lock electronic controls is dissipated with time the contents of the registers within the electronic controls likewise will be dissipated.
Since the combination used to gain access to the vault by opening the lock continually changes and the combination cannot be used more than once, a new combination must be determined and provided to the person to whom the ATM has been assigned for maintenance or service. In order to generate that combination and provide it to the individual who will be servicing or maintaining the ATM, it is necessary to perform the generation algorithm and to use the same identical values that will be used by the lock whenever the lock generates the authorized combination for comparison purposes. This generation may be performed by a computer which has mounted in it an adapter card. The adapter card carries an identical microprocessor to that of the lock and the microprocessor is controlled by a program having an identical combination generating algorithm. The computer may be used as a storage and control facility to hold and maintain the variable values which are used to generate the combination in cooperation with the combination generation algorithm. The algorithm, if known to an individual, will permit the individual to manually generate the authorized combination in the event that all the appropriate variables, functions and values would be known to the individual. While manual generation is possible by one having the algorithm and the necessary variable values, a computer with the adapter card is the preferred approach since this combination generation process then can be carried on very rapidly, efficiently, and with minimum possibilities for error.
Further, in order to prevent access to the combination generation capability of the computer, additional conventional security approaches may be taken such as to require password verification and/or the use of a key in the form of an electronic circuit which may be attached to or inserted into a connector on the computer to indicate that the individual attempting to generate a combination would be an authorized individual.
The adapter card connected into the computer may have different algorithms therein stored in the form of multiple microprocessors which may be alternatively accessed depending upon which specific lock is to be opened. The algorithms may be called in response to the entry of the lock designation or by any other convenient means so long as the appropriate algorithm is accessed for the particular lock to be opened.
The lock may be opened by bank personnel using a constant or unchanging bank combination. The bank combination is initially generated by the lock and will not change with each use. The bank combination may be changed at any time by inserting the change key and dialed bank combination. The new bank combination will be generated and be displayed to the operator so that the operator will then know the new bank combination.
A more detailed understanding of the present invention may be had by referring to the drawings and the detailed description to follow.