The present invention relates to security systems that regulate access to secure areas, and more particularly, to a security badge that is attached to the authorized person and resets itself when removed from that individual.
To simplify the following discussion, the present invention will be explained in terms of security systems for use in accessing computers and the like; however, it will be apparent from the following discussion that the present invention may be utilized in other security systems.
Computer systems having access to a network typically utilize some form of access control to assure that unauthorized individuals do not gain access to confidential information or do damage to the network and/or computers connected thereto. The secure access protocols often require a user to memorize multiple passwords and protocols. For example, the user may need a first password to log onto a terminal in the network, a set of different passwords corresponding to the various servers in the networks or secure directories within a server, and yet another set of passwords relating to various software programs and related files.
Electronic identification cards have been used to automate the logon and access control processes. Such systems sense a personal identification presented by the user. The card can be in the form of a radio frequency identification (RFID) card which is sensed remotely by the computer terminal or a card that is passed through a reader by the user.
While such cards can be used to automate the logon process, they do not provide sufficient security to satisfy the needs of many systems. The authenticity of the card can, in principle, be verified by the system that queries the card; however, the system cannot necessarily identify the person presenting the card. An unauthorized person who has gained control of such a card can still access the system.
In principle, the computer terminal can be equipped with hardware that also allows it to authenticate the person presenting the card. In fact, if the person can be identified directly, then an identification card is not needed. Identification systems based on retinal scans, voiceprints, and fingerprints are well known in the art. This hardware would need to be present at each of the terminals. The cost of providing such hardware at each terminal is often prohibitive.
Even in those situations in which identification hardware is provided at each terminal, the system must still deal with interruptions that occur when the user leaves the terminal for a brief period of time. Consider the case of a user who has logged onto a terminal using some form of personal identification system. If the user leaves the terminal without logging off, an unauthorized user can gain access to the system through the open terminal. Hence, the terminal must have some method for determining that the authorized user remains present at the terminal after the logon. For example, an RFID card worn by the user can be queried periodically to determine that the user is still at the terminal.
If the authorized user breaks contact with the terminal, either because the user left the terminal for a short period of time or because the monitoring system failed to detect the person on one of the periodic queries, the terminal needs to disable itself. When the user again makes contact with the terminal, the logon process must be repeated. A logon process that verifies the identity of the user through fingerprints, retinal scans, etc. requires a relatively long procedure. Hence, such systems are frustrating to use, since a user who turns away from the computer or crosses the room to get a document can be forced to repeat the entire logon protocol.
Systems based on personal identification cards also present logistical problems for the users and system operators. In such systems, each user is provided with an identification card that must be presented to the system to gain authorization. The card is assigned to the particular user. To guard against an unauthorized person gaining control of the card, the assigned person usually takes the card home at night. If the user leaves the badge at home or loses the badge, the user must go through an often lengthy process of obtaining a new badge or some form of temporary badge in the case in which the user has left his or her badge at home. In addition, the system must provide one badge for each user who is authorized to use the system, whether or not that person will use the system on any particular day. Hence, the number of security badges that must be maintained can be quite large. Since these badges are typically powered by batteries, the costs of providing and maintaining the badges is significant.
Broadly, it is the object of the present invention to provide an improved security badge system.
It is a further object of the present invention to provide a security system that can authenticate a user without requiring expensive personal identification hardware at each work station.
These and other objects of the present invention will become apparent to those skilled in the art from the following detailed description of the invention and the accompanying drawings.
The present invention is a security badge to be worn by a person seeking access to a secure system. The badge includes a data processor having a non-volatile and a volatile memory, a transceiver, and an attachment sensor. The volatile memory stores information related to a security clearance associated with the person. This information is loaded after the badge is attached to the person. The transceiver sends signals generated by the processor and receives signals specifying operations to be carried out by the badge. These signals include signals that provide the person wearing the badge access to the secure system. Upon detecting the removal of the badge from the wearer, the attachment sensor causes information stored in the volatile memory to be altered such that the person no longer has access to the secure system. The transceiver can utilize optical, electromagnetic or acoustic signals for communicating with the secure system. In one embodiment of the invention, the badge includes a tamper sensor for detecting an alteration in the badge that could allow the contents of the volatile memory to be read and rendering information stored in the volatile memory unreadable when the tamper sensor detects such an alteration. In another embodiment, the badge includes a random number generator for generating random numbers for use in coded transmission between the badge and the secure system. The random number generator may utilize a sensor for sensing an environmental variable that determines the random number sequence generated by the random number generator. In another embodiment of the invention, the badge has low and high power modes, the processor being capable of performing at least one computation in the high power mode that cannot be performed in the low power mode. The processor switches from low power mode to high power mode in response to the transceiver detecting a predetermined signal while in the low power mode. In another embodiment of the invention, the attachment sensor includes an attachment mechanism and a position sensor. The attachment mechanism has an open position and a closed position. The attachment mechanism secures the badge to the person in the closed position. The position sensor monitors the state of the attachment mechanism.