The present invention relates to electronic locks and electronic locking systems, to electronic locking systems which use remotely encoded keycards and, in particular, to an electronic locking system which utilizes public key cryptography.
The process of operating an electronic lock and updating the program information in that lock based upon the coded information in a keycard (or key), that to encode the keycard, is constrained by several factors. These include, the relatively very small data storage which is available on the keycard and in the electronic lock itself, and the limited speed and computational abilities of the microprocessors which are used in such locks. These space and computational limitations are very important when one considers that the keycard must include some sort of secret identifying code or combination, as well as instructions for operating (or preventing operation) of a selected lock or locks, and that the lock must both validate the card and implement the instructions.
To date, there are available only a few possibly viable systems which use a remotely programmed keycard to control the mechanical operation and programming of an electronic lock. These approaches are believed to be best exemplified by Zucker U.S. Pat. No. 3,800,284; Hinman U.S. Pat. No. 3,860,911; Sabsay U.S. Pat. No. 3,821,704 and its reissue Re. 29,259; and commonly assigned McGahan U.S. Pat. No. 4,511,946.
In the system disclosed in the Zucker patent, at any given time prior to reprogramming by a new lock, the lock will contain two types of code information: first, the previous code number and, second, the next sequential code number. The key is encoded with a single combination. This system is designed so that, presumably, when a valid, properly sequenced new key is issued, the key combination will match the next sequential combination in the lock and cause the lock both to open and to reprogram itself. During reprogramming, a function generator in the lock uses the combination previously stored in the lock to generate a current combination and the next sequential combination. Upon subsequent use of this same key, the lock will open because the first lock code equals the current key code. However, the lock is not recombinated or reprogrammed at this time because the next sequential combination has already been resequenced and no longer equals the key code. After recombination by the next key, the current lock code is no longer equal to the code of the next previous key and, as a consequence, that key will no longer open the lock.
The Hinman system uses two combinations in both the lock and the key, but operates in a manner similar to that employed by Zucker.
The electronic lock disclosed in the Sabsay patent is the converse of that used in Zucker in that the lock is assigned one combination while the key is assigned two fields or combinations. The key fields are: a first field or authorization number which is the previously authorized code, and a second field or key number which contains the current authorized code. When a key is presented to the lock, if the "current" or second field equals the single lock number, the lock is opened. If the "previous" code in the first, authorization field equals the lock number, the lock both recombinates and then opens. When a new key is presented to the lock, the previous code in the key's first field should equal the current lock number so the lock will recombinate and then open. Thereafter each time this key is used (prior to recombination by the next key), the updated lock number will equal the current code in the key's second field and the lock will open but not recombinate.
The commonly assigned McGahan patent uses first and second combinations in the lock as well as in the key. Both the lock and key combinations are sequential in that the second combination is the next sequential number above the first combination. During use, if the first key combination equals the first lock combination and the second key combination equals the second lock combination, the lock opens. If this equality does not exist but the first key combination equals the second lock combination, the lock both opens and recombinates. Thus, when the properly sequenced next key is presented to the lock, the first key combination will equal the second lock combination and the lock will open and recombinate. Thereafter, until a new key recombinate the lock, the first and second lock and key combinations are equal and the present key will open the lock but will not cause it to recombinate. Prior keys will not be able to open or recombinate the lock because neither of the two required equalities exists between the lock and key codes.
However, to our knowledge none of the presently available electronic lock systems, including McGahan, eliminates the sequencing problem which occurs when the key sequence and the lock sequence get out of step, for example, because a duly issued and sequenced card is not used. This situation is illustrated in FIGS. 1 through 3 for Zucker, Sabsay and McGahan, respectively. In each case, first and second validly issued and sequenced keys are used as anticipated and recombinate the lock as planned. However, the third key, which is also validly issued and sequenced, is not used. This can occur simply because a guest does not enter his or her room or does not use a particular door in a suite of rooms. Whatever the reason, following the failure to use the third duly issued card, the fourth and subsequent cards will not operate the lock.
Additionally, in the existing electronic lock systems, the security function and operating functions compete for the limited space available in the keycard and lock, with the result that either or both functions may be limited to an undesirable or unacceptable degree. For example, it is desirable to have a large selection of possible lock uses such as guest levels, suite levels, common areas, etc., and to be able to provide access to different combinations of locks or lock levels via a single keycard. To date, the inherent physical limitations of the keycards and electronic locks have constrained even the most versatile of electronic locking systems to a single choice, at any lock, from among eight or nine possible master levels, and control, by any individual keycard, of only a single master level or lock.