At present, various systems are used to control access to restricted areas. One type of access control system uses hardcopy, printed entry passes, issued by a body authorized to do so.
One problem with these entry passes is the coordination between the various departments of a large organization, as to which body has the authority to approve the issuance of the pass, and which body actually issues it.
As circumstances change, passes have to be changed or canceled. In present systems, there may be difficulty in responding to these needs.
Another problem with existing systems is the use of one digital document to include both the identification of the user, and their permits. The identification for a particular person is fixed, whereas their permits change as new permits are added and old permits are canceled. Thus, the use of one document to hold both the identification and permits information may prove cumbersome or not suitable to real life requirements. The issuer of a permit may be required to identify the recipient, which may be difficult sometimes, for example when the permit is issued to a remote user like in Internet.
Moreover, since the identification and the various permits are issued by distinct, separate authorities, changing the document may be difficult or impractical.
One has to accept that, in real life, there may be permits being issued without the required authority. There is a need to have the capability to trace each permit to its source, to ascertain that the permit issuance was legitimate.
Still another problem in present systems is the possible disclosure of the existence and/or contents of a confidential permit in a certificate, in case the permit holder is challenged by an impostor or someone who has no authorization to ask for that permit. For example, an ATM machine which was tampered with, to deliver the details of credit cards with the PIN to their non-legitimate operator.
The use of certificates issued by a center was disclosed in my prior patent applications, No. 113259 (Israel), No. 08/626,571 (U.S.A.) and 96105258.6 (E.P.O.). The certificates there were used by each party to prove their identity and to exchange encryption keys, prior to a secure communication session.
At present, when E-mail or other electronic document is received, one cannot tell whether it originated at a specific firm.
This feature was available with paper documents, since these documents carried a letterhead with the details of the firm where the letter originated.
Prior art patents apparently do not solve the abovedetailed problems.
Thus, Fischer U.S. Pat. No. 5,412,717 discloses a computer security method and apparatus having program authorization information data structures.
The system includes a monitor which limits the ability of a program about to be executed to the use of predefined resources. The monitor processes a data structure including a set of authorities defining that which a program is permitted to do. The program authorization information in Fischer refers to a situation wherein programs are obtained from untrustworthy sources, and its purpose is to protect a user from any program to be executed. Fischer includes means to protect from computer viruses. An interpreter verifies that the functions encountered in a program are in fact permissible.
Bisbee et al., U.S. Pat. No. 5,615,268 discloses a system and method for electronic transmission, storage and retrieval of authenticated documents. Bisbee provides means for achieving a verifiable chain of evidence for digital documents, that cannot be repudiated. The system ensures the authenticity of digital documents. The digital document can be transmitted electronically to another party, whereby the system ensures the integrity of the document and the non-repudiation of the document. Moreover, Bisbee verifies the authority of the party requesting the authenticated electronic document. The electronic document is signed with a digital signature.
It is an objective of the present invention to address the problems of the issuance and use of permits.