The present invention relates to using a smart card key for high security printers and insuring access only when a unique password is provided as well as printing markings from information stored in the smart card key memory.
Smart cards, which are identification cards made from the traditional poly vinyl chloride/polyester cards having an integrated circuit embedded in the card, allowing for information to be stored in the card itself, are widely used. Typically the integrated circuit consists of either a memory or a microprocessor with memory. In order for a smart card to be encoded in the printer, the printer must have a smart card encoder.
One of the problems inherent in identification card printers is that anyone with access to the files or even to a inexpensive commercial drafting software program can recreate the identification card and print forgeries. This problem is particularly acute in locations where the printer, software, files, and other computer hardware are set up in a single area.
The present invention relates to maintaining security of a printer and its user by having a secure smart card key. The printer is, as shown, an identification card printer and has an externally accessible smart card encoder that can be used for initializing a smart card that forms a key. A further use of the externally accessible smart card encoder is to read the smart card and allow or prevent access. It is also possible to encode smart cards inside the printer, if so desired, by placing a second encoding device in the internal printing path of the printer.
Because a smart card can have a large amount of memory storage, both a digital image (such as a security mark for cards to be printed) and passwords can be stored in the smart card memory. The printers also can have large capacity Electrically Erasable Programmable Read Only Memory (EEPROM), as well as read only memory (ROM).
The first password usage of the smart card key is to enable printing by a selected identification card printer. The second password usage is to enable printing a specialized print panel for a security mark using a stored digital image in the smart card key memory. The ability to enable password protected printing only is provided initially in a computer program for the printer drive computer which converts computer images into digital data for printing cards. The computer program or software includes user interface items for setting passwords, duplicating smart cards, and loading images onto smart card memory. In addition, the selected password would also be stored in the associated identification card printer memory.
A match between the password in printer memory and the password in the smart card key memory is required to enable printing as the basic security feature. Thus, the smart card would act as the only key to allow the printer to print. The ability to store a digital representation of a security mark to be printed onto an identification card being printed by the card printer controlled by the smart card key prevents unauthorized use of the security mark, since accessibility to the mark is limited to the holder of the smart card key with the correct password.
Another aspect of the invention is an algorithmic unlocking mechanism available to users of the smart card key having a high security password feature, in case they ever lost the encoded smart card key or forgot the password. High security as used herein means that the password cannot be easily changed or bypassed. Printers are now equipped with a counter mechanism to count the number of passes that the printhead has made during the operation of the printer, or provide other changing counts. This number can be accessed and displayed on the display of the printer or the number can be printed on an I.D. card in the printer. The counter is a conventional system used in a wide variety of devices. In addition, other changing parameters in a printer can be used for a count, for example, a count of the number of cards printed in the printer can be recorded and used for this invention.
After a selected procedure by the owner of the printer, which verifies ownership of the high security printer, an algorithm is applied to the number generated by the counting mechanism. The algorithm is selected to produce an unlocking number unique to each number of the printer head pass count, a range of printer head pass counts or number of cards printed, as recorded by the counter in that printer. This can be done automatically by the printer if a smart card key used does not have an acceptable password. The count is based on a dynamic parameter unique to that particular printer. A duplicate algorithm to the one in printer memory is kept at a secure location, for example at the premises of the printer manufacturer. The printer manufacturer, after verifying the identity of the owner through a personal identification number, will use the algorithm to generate a one time usable unlocking number.
The owner is then issued this one time usable unlocking number generated from the algorithm at the secure location, which is entered through the host computer in place of the password from the smart card key. The printer will apply or compare the unlocking number generated in printer memory with the number generated from the secure location. If the algorithmically generated number entered by the user matches the algorithmic unlocking number generated in the printer, then the printer will accept and perform the current command given to the printer, such as a command to create a new smart card key or to disable the security feature entirely, or to change the password.
Although the printer memory stores the algorithmic unlocking code, the stored code cannot be used to unlock the printer without the separate algorithmic application, using the same algorithm, but kept at site unrelated to the user, thus protecting the security of the printer. The security value is that the pass count number (or other unique number) from the counter mechanism of the printer is one that the user has no control over, is constantly changing, and cannot be manipulated.
Once the printer has continued to print and the number of printhead passes counted and stored in printer memory has changed, the previously generated unlocking number will no longer match the number produced by the algorithm in the EEPROM of the printer after the change and therefore, the old number will not allow the printer to function.