Mechanical combination locks such as those found on safes, vaults, cabinets and other high security enclosures are well known and subject to a number of attacks, such as by drilling, manipulation, and operation by dialer controlled by a computer.
Recently an electronic combination lock for such enclosures has been invented which provides the opportunity to greatly increase the level of security afforded by the lock, while at the same time overcomes many of the shortcomings of the prior art mechanical locks.
A dial type combination lock relies on the rotation of a dial to positions represented by numbers on the dial to rotate mechanical elements within the lock, such that the wheels of the mechanism align to allow a bar to drop into the wheels and retract the lock bar or bolt, allowing the enclosure to be opened.
The electronic combination lock does not have the equivalent mechanical elements and, therefore, can not be attacked in the same manner. For example, the mechanical lock may be drilled to permit the insertion of an optical device into the lock mechanism to observe the positions of the wheels and thus their alignment which permits the opening of the enclosure without the knowledge of the combination.
The electronic lock cannot be drilled for a similar purpose since the electronic lock mechanism will not reveal the position of any element which would be helpful for the attacker to observe and which would give the attacker any information as to the steps needed to unlock the device.
The mechanical lock has a fixed position of internal elements relative to the dial and thus may be observed with the movements of the dial repeated by the attacker, at a later time.
The electronic lock does not have a fixed dial to number position relation and thus observation of the movement of the dial is much more difficult if not impossible.
Dialers exist which may be attached to the knob of a dial on a combination lock and which dial combinations under the control of a computer. As each combination fails, the computer then continues to dial other combinations to eventually unlock the lock.
With a combination lock of the mechanical type and sufficient time,a dialer is particularly effective.
The electronic combination locks are dependent upon electronic pulses being generated to indicate to the electronic controls, that the dial is being rotated and in which direction. The pulses may be generated by conventional pulse generation means when a voltage supply is provided to power the pulse generator.
Alternatively, pulses may be generated by the operation of the lock and the voltage pulses provide a power source for the operation of the lock.
This type of power source eliminates the need for a separate power source for the system, such as a battery or other external voltage supply.
With the control of the device by a series of voltage pulses, the use of the pulses may be used to further control functions of the lock.
The electronic combination lock disclosed and described herein is a combination lock having a dial which has no divisions or markings relating to the numbers of the combination thereon. The rotation of the dial drives a generator which produces electrical pulses. The voltage pulses serve as a power source for the electronics of the lock and to further indicate to the microprocessor the speed and direction of rotation of the dial.
Through a random number generator, the micro processor generates a psuedo-random number which is then displayed on a display which is mounted in proximity to the dial.
The rotation of the dial of the lock is accomplished in a manner very closely related to the manner of the rotation of the dial of a conventional mechanical combination lock.
When the numbers of the combination have been entered through dial rotation, the microprocessor compares the combination with the authorized combination; if the same, a signal is sent to the motor that will engage the latch with the bolt retractor and connect the bolt through mechanical connections, to the dial so that when the dial is further rotated in the proper direction the bolt will be retracted and the enclosure is then opened.
The microprocessor is controlled by a coded program. The ability to control the microprocessor with a microcoded control program is a major advantage in that the several functions and features may be added to make the lock mechanism and the enclosure more secure.
In order for a dialer to be effective, the relationship between the dial rotation and the numbers entered must be correllated so that a 3.6 degree rotation of the dial increments or decrements the entry number by one unit for a 100 unit dial. The generation of a random number within the microprocessor at the beginning of each number entry operation and the use of that random number as the starting point for the sequence of numbers displayed, eliminates the correllation of the number being displayed and eventually entered, and the dial position.
When the dial is rotated, the generator creates pulses and these pulses are received by and counted by the microprocessor. As the pulses are accumulated, the pulses are also timed and the speed of rotation of the dial is determined. As the speed of the rotation of the dial varies, the rate of change of the displayed numbers is changed. This is accomplished so that at a high rate of rotation the displayed numbers may change at a high rate while at the lower rates of rotation, the rate of change of the displayed numbers may be by single units at a slower rate with respect to the amount of dial rotation. Further the number of degrees the dial must be turned to effect the change of the displayed number will vary so that there is no consistent amount of rotation required to change the displayed number by one unit. This aspect of the lock also acts to foil the use of a computer controlled dialer.
The timing capabilities of the lock provides the opportunity to determine the time used in the entering of the combination. If the total time of entry is either too short, indicating that the lock is under attack by a device rather than a human hand, or if the time to enter the combination is too long, indicating that the operation of the lock is being attacked by other than a person having knowledge of an authorized combination, the lock is prevented from opening even if the authorized combination is subsequently entered.
As the connection between the dial and the generator is mechanical and, therefore, a predictable one, the number of pulses received by the microprocessor indicates the rotational displacement of the dial. The rotational movement of the dial by the hand of a human being is such that the dial is generally turned less than 360 degrees and then the dial is stopped while the operator releases the dial and acquires a new grasp of the dial. The stopping of the dial acts to allow a timer to run and if the stop period is less than a predetermined period that is related to human reaction time, the stop of the dial is not recognized as a stop of the dial. When the dial is rotated more than 480 degrees or 1.33 revolutions without a recognized stop, the lock is probably under attack by a device or at the very least by an unconventional dialing technique and the lock will not open even, if the authorized combination is entered.
Dialers are capable of reversing directions of the dial in very short times and depend upon speed to open a combination lock in a reasonably short time period without detection. This lock requires the dial be stopped or stationary for a short time periodically. One of those times occurs as the dial is reversed to enter the number just dialed and to start access to the next number to be entered. The timing of the stopped period of the dial insures both that a dialer is not being used and it extends the time that is necessary to open the lock by dialing all possible combinations until the lock is unlocked by the proper combination. If the dial is reversed in less than the predetermined time period required to detect a stop of the dial, the microprocessor will not recognize the stop and the incrementing/decrementing of the numbers on the display will continue in whichever sense they were changing. This will foil the entry of a correct number and will set up a condition where the lock will refuse to open due to more than a 1.33 revolution of the dial without a stop.
The microprocessor will also keep a count record of all the failed attempts to open the lock since the last successful operation. If the numbers of trys or attempts to unlock the lock equals or exceeds the number set in the microprocessor microcode, the lock will fail to open even if an authorized combination is subsequently entered, prior to power down. After an error indication is displayed, the lock is disabled to prevent further entry tries, until power down and power up.
The self contained generation of power for the lock electronics and controls creates a major advantage since there is no need to provide a power source such as a battery. The life of an operational power charge is limited, without further rotation of the dial, and thus resets are not externally required. When a condition is created where the lock will not open even with the eventual entry of the authorized combination, the lock electronics must be reset. The reset is accomplished by letting the lock stand idle for a predetermined period of time without the dial rotation. Further rotation of the dial is ineffective to cause the lock to unlock. Waiting for the predetermined time out to reset the lock is a major deterrent to the success of a dialer which is dependent upon speed and non detection.
The timing capability of the electronic lock provides an opportunity to prevent the use of a practice common with mechanical locks. To access the safe or vault on a short notice, it is common to dial in the first two numbers of a combination and then to not enter the third number. When the operator is ready to access the vault or safe, the third and final number of the combination is entered and the enclosure is opened.
This common and dangerous security violation, which severely compromises the security of the enclosure, is overcome by the requiring of the complete entry of the combination within a preselected time period. The entry of two of three combination elements and the delayed entry of the third until after the relatively short time period has expired, causes the scrambling of the entered combination numbers and the lock requires the complete combination to be entered again.
The use of multiple combinations to open a lock is possible with this electronic lock even from a single lock mechanism. The mechanical lock mechanisms are not capable of multiple combinations being entered into a single lock. Accordingly multiple lock mechanisms are required for multiple combinations to be used to enter the enclosure. The present electronic lock accepts multiple combinations in what is referred to as a dual mode, requiring dual combinations. The combinations may be entered in any order, but if an error is made in either combination the lock will not signal that an error was made until after the second combination is entered, thereby not informing the attacker of the part of the procedure which was in error. The two combinations may be considered as a single 12 digit combination raising the security level of the lock, even though the combination is possessed by a single individual.
The lock may also be conditioned to accept the two separate combinations in a required order. The first combination required is referred to as the senior and the later combination the subordinate. When properly entered, the senior combination enables the lock to accept the subordinate combination at any later time. The repeated entry of the senior combination deactivates the lock such that it will not accept the subordinate combination until reactivated.
The electronic lock contains two counters that may be used for security monitoring. The first counter is an error counter which is incremented each time that the lock is unsucessfully operated. This count is retained in nonvolatile memory and the contents of the error counter displayed on the display at the time of power on, if greater than two. The authorized operator of the lock is shown an indication of the fact that the lock has been attacked and that the lock was not opened, since the number in the error counter is not reset until a proper combination is entered and the lock unlocked.
The second of the counters is referred to as the seal counter. The seal counter is incremented by one with each successful opening of the lock. It is never reset. With four digits, the maximum count is 9,999 and would require over 80 hours of dialing the correct combination to increment the count completely around to the number originally on the display prior to attack, if correct combinations were entered at the rate of two per minute. Thus by monitoring the the error and seal counters, the attack of the lock by an unauthorized individual is apparent and whether the lock was properly operated to access the enclosure is known to the authorized operator.
The combination of the lock may be changed if the combination is not known or forgotten, by using the serial number of the lock as a temporary combination. This allows locks that have been stored in inventory to be properly recombinationed by using the serial number of the lock, but does not allow one with the serial number of the lock but not the authorized combination to change the combination for later seemingly authorized access to the enclosure.
The invention described and claimed herein takes advantage of the electronic pulse control of the electronic lock and therefore it is an object of the invention to increase the security level of the lock.
Another object of the invention is to render the lock more resistant to the attack of the lock through attack by drilling or penatrating the lock mechanism housing for purposes of observation of the lock device.
An additional object of the invention is to render the lock safe from successful attack for a substantial period of time by use of a dialer device.
Another object of the invention is to disable the lock from becoming unlocked, when the conditions of the combination input are such that they fail to fall within preselected parameters to insure that the lock is not being attacked with a dialer.
It is a still additional object of the invention to render the lock inoperative when predetermined input parameters are not met and the failure of the parameters to be met suggests that the lock operation is by other than by a human being authorized to unlock the lock.
It is another object of the invention to prevent the lock from unlocking when the period of uninterrupted rotation of the dial of the electronic lock is in excess of a predetermined period.
It is another object of the invention to prevent the lock from unlocking when the amount of the dial rotation exceeds a predetermined amount, in a direction, without stopping the dial movement.
It is a still further object of the invention to prevent the lock from unlocking when the dial direction changes occur with such speed that the dial is probably not operated by the hand of a human being.
An additional object of the invention is that the lock will not operate to unlock if the dialing time exceeds a predetermined amount of time without either successful entry of the combination or the lock being powered down.
It is a another object of the invention to defeat the use of a dialer by varying the correlation between dial displacement and numerical incrementation, depending on the speed of rotation of the dial.
It is still an additional object of the invention to inhibit the use of a dialer by initiating all sequences of numbers displayed by the look at a random number which has no relation to the last combination number element entered.
Another object of the invention is provided by the ability to reverse and recover if a number is passed in the dialing, without having to restart the combination entry.
Still another object of the invention is to provide in a single combination lock the capability of requiring entry of multiple authorized combinations prior to the lock being unlocked.
An additional object of the invention is to provide to the operator of the lock a visual display of numbers that will indicate that the lock has been attacked and the number of times the lock has been successfully operated.
A still further object of the invention is to provide the capability of opening the lock and changing the combination of the lock, under controlled conditions, so that the combination of the lock may be changed or set when there is no record or recollection of the combination when the lock was stored.
The foregoing objects of the invention are accomplished by the electronic controls of the lock, as will become more apparent from the detailed description of the invention to follow.
The foregoing objects aspects and advantages of the invention will become apparent from the drawings and the detailed description of the invention that will follow.