1. Field of the Invention
The present invention relates to an access control system having at least one mobile transponder having an authorization code, which is to be carried by a person, and at least one local control station having a reader by which the authorization code of the transponder can be read as it is moved close to the reader in a non-contact manner and can be transmitted over a network to a primary and/or control code evaluation device.
2. The Prior Art
A known problem of access control with a data carrier containing an access code is that it authorizes the owner of the data carrier rather than the authorized person himself or herself as determined on the basis of that person""s individual characteristics. Should the data carrier fall into the hands of unauthorized persons, they can gain access. Access control systems to date were not in a position to identify the person him/herself and to make verification. This problem is solved only through the use of biometric systems.
In biometric systems inalienable characteristics of a person, such as voice, fingerprint, face or retina, are used as authorization. Here it is a matter of evaluating such characteristics which allow a person to be identified most clearly. Should this condition not be fulfilled, the biometric system does not substantially raise the security in access control, since the same biometric characteristic is shared by many people, meaning that other people can gain access on the basis of the biometric characteristic. On the other hand, the biometric characteristics may not be tolerated so closely that in the event of natural changes made to the characteristics or deviations during detection authorized persons are denied access.
A system is known as LEGICfinger, wherein a fingerprint of the person desiring access is interpreted as biometric data and is compared to stored data on this particular fingerprint. The stored data are in this case on a mobile data carrier in the form of a card which the person carries. To be able to store the multiple characteristics of a fingerprint on the data carrier, the system utilizes a data compression process which files the acquired fingerprint in compressed form in the memory of the data carrier. The known system manages this with 30 bytes of storage capacity.
If it were intended to acquire and store biometric characteristics such as faces in this same way, a storage capacity of approximately 2 to 5 bytes is required, which is approximately one hundred times the storage capacity compared to storage of fingerprints.
By comparison, all standard transponders operate with a storage capacity of 64 to 128 bits, equal to 8 to 9 bytes, and associated central code-evaluation instruments are designed for this capacity, by means of which a plurality of local control stations, which read the correcting code of the transponders, is connected over a network. If the biometric data were to be transmitted now in place of the usual data, the overall system would have to be modified, in particular the capacity of the data bank of the authorization code to be administered would have to be increased substantially. Furthermore, the transmission capacity and the transmission speed of the network would need to be increased. The known system does not permit the cost-effective expansion of an existing access control system for biometric tests. Rather, the entire system would have to be replaced, since enable times of maximum one second cannot otherwise be achieved.
Moreover, because of the relatively high storage requirement at the time, storage of the biometric data, in particular from recording biometric characteristics of faces, would not be possible in the memory of the transponder. But even in the case of adequate storage, non-contact transmission of this quantity of data in the long-wave range would give rise to considerable problems. The required transmission time for the data would be so great that with normal movement and handling of the transponders, a sufficiently stable transmission path within the collection area of the reader cannot be assumed.
The object of the present invention is to improve on an access control system of the kind mentioned previously to the effect that additional monitoring of people-specific characteristics is enabled while maintaining storage, transmission and evaluation of the authorization code assigned to the transponder.
This task is solved by an access control system connected over a network to a code-evaluation device to provide access based on a comparison of a person""s biometric characteristics with biometric data stored in a memory. The system comprises:
(a) at least one mobile transponder to be carried by the person, which has an authorization code; and
(b) at least one local control station comprising:
(i) a reader by which the authorization code of the transponder can be read as the transponder is moved close to the reader in a non-contact manner and can be transmitted over a network to a code-evaluation device;
(ii) a recording device operated by the transponder for recording inalienable biometric characteristics of the person carrying the transponder; and
(iii) a comparator coupled to the transponder for comparing locally the recorded biometric characteristics to the stored biometric data;
wherein a data word is transmitted over the network to the code-evaluation device based on a match between the recorded biometric characteristics to the stored biometric data.
In the access control system according to the present invention, the standard authorization code of the transponder used to date can be stored therein, transmitted to the reader of the control station and transmitted over the network, either unchanged or slightly modified, to the primary or central code-evaluation instruments. Changes to these instruments are thereby necessary either not at all or only slightly. It is of major significance here also that the data set resulting for biometric comparisons and increased substantially compared to the authorization code does not have to be transmitted at each control procedure over the network and evaluated as primary or centrally.
The authorization code of the transponder can also be configured such that on the one hand it covers an adequate number of variation possibilities, but on the other hand can be transmitted in a sufficiently short time. In addition, those transponders are suited thereto which transmit their data to the reader in the long-wave range. In spite of the relatively low data rate, the transmission time for transmitting the complete authorization code is still sufficient whenever the transponder is brought into the field of the reader in the usual manual work movement and removed therefrom again immediately.
Through locally performed comparison of the recorded biometric characteristics to the stored biometric data, the particularly data-costly and time-consuming comparisons are carried into effect decentrally and thus parallel for all control stations. Particularly with systems having a large number of control stations and during control procedures arranged simultaneously, congestion in the data evaluation with the otherwise occurring consequence of increasing maintenance periods of more than one second in the individual control stations is avoided.
Furthermore, when the comparison is carried out locally it also allows an evaluation of biometric characteristics which is different from control station to control station, the independent modification of the control stations and the creation of different security steps individually matching requirements.
Common control of biometric characteristics and of the right authorization code of the transponder has the following drawbacks compared to a system which exclusively tests biometric characteristics. Without loss to overall security in testing for matching with biometric characteristics, a greater tolerance is permitted than is the case with exclusively biometric testing. The rejection rate of authorized persons on the basis of supposedly missing matching of the recorded biometric characteristics with the stored biometric data becomes minimal.
In accordance with a further development, the stored biometric data can be linked to the associated authorization codes of the transponders. For comparison of the recorded biometric characteristics to the stored biometric data, only the biometric data valid for the respective authorization code of the transponder is selected.
This drastically reduces the number of necessary comparisons of the recorded biometric characteristics to stored biometric data, since not the whole data volume has to be called on for the comparison. The calculation time is thus considerably less. Also, security against error recognition is increased, since there is a drop in the probability that comparisons with invalid data lead incorrectly to non-conformity.
Alternatively, it can be arranged that following local comparison of the recorded biometric characteristics to stored biometric data, only by their matching is the data word containing the authorization code of the transponder or the authorization code itself transmitted over the network to the code-evaluation device. The data word containing the authorization code of the transponder may also be transmitted constantly over the network to the code-evaluation device and the result of the comparison is contained in the data word.
In a first embodiment, an existing system, which to date has exclusively transmitted the authorization code of the transponder to the code-evaluation device, can remain unaltered. The second embodiment requires modification which may be restricted, however, to transmission and evaluation of the information of a comparison already made locally to the code-evaluation device. In the simplest case, this could be a yes/no status in the transmitted data word, which requires only one more bit. Opposing the additional loading of the network with transmission of the status no match of biometric characteristics with stored biometric data"" is the possibility of being able to centrally store the data of missed access attempts.
There is also the possibility of performing the local comparison within the control station or within a mobile unit comprising the transponder.
An effective choice is made where an associated sensor can be arranged to record the biometric characteristics. The biometric data required for the comparison can also be stored there.
Preferably at least one sensor for recording biometric characteristics is arranged inside a mobile unit comprising the transponder. This can be a sensor for recording fingerprints or handprints, which is touched anyway during handling of the mobile unit.
This effectively decreases the risk of sensors at control stations being put out of order by vandalism. The recording of fingerprints or handprints solves the problem arising from the sensors being touched by different people.
If the sensor for biometric characteristics, the memory for biometric data and the comparator are arranged jointly in the mobile unit, the transponder can be controlled by the comparator such that the authorization code is transmitted to the reader only when the biometric characteristics recorded by the sensor are matched with the stored biometric data of the authorization code. Vice versa, nothing would be transmitted without a match.
In a system having different degrees of security, the system can comprise, depending on the degree of security of the controlled accesses, both control stations for low degrees of security, which exclusively comprise individual readers for transponders, and control stations for a high degree of security, which comprise both readers for transponders and biometric recording apparatus.
The access control system according to the present invention can be dynamically matched to the increased security requisites. With biometric components it is, of course, possible to apply various biometric recognition processes, such as fingerprint process, facial recognition process, voice recognition process or one of several combinations thereof. This makes feasible an additional hierarchy of security measures.
In practice it is effective to record the biometric characteristics to create comparative data under supervision. If storage of the biometric data is then provided in the control station, it is effective to store the biometric data centrally also and to transmit it to the control stations only once or intermittently over the network. In this way, uniform data are available to all connected control stations. This is effective also for these biometric data with expansions of or alterations to the databank and simplifies administration expenditure in terms of system maintenance.