Device authentication using a unidirectional protocol

US 8,183,980 B2
Filed: 08/16/2006
Issued: 05/22/2012
Est. Priority Date: 08/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method of maintaining a secure access system that uses a unidirectional communication protocol, the secure access system comprising at least one credential, at least one reader, and a device upstream of said reader, the method comprising:

reading a credential with a reader;

said reader generating a first message comprising credential data associated with said credential and a first code;

transmitting said first message to an upstream device;

said upstream device analyzing said credential data in order to determine the authenticity of said credential and further analyzing said first code in order to determine the authenticity of said reader;

receiving, at said reader, a prompting signal transmitted by said upstream device;

in response to receiving said prompting signal from said upstream device, said reader generating a second message comprising a second code, wherein said second code is different from said first code; and

transmitting, by said reader, said second message to said upstream device, wherein a first code selection algorithm is used to generate said first code, wherein said first code selection algorithm generates said first code based upon at least one of time of day, total operation time of said reader, a reader unique ID, number of cards read, and a reader manufacturer ID, wherein a second code selection algorithm is used to generate said second code, and wherein the first and second code selection algorithms are different.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure access systems are discussed herein. Specifically, a method and system is provided that allows a control panel of a secure access system to verify the authenticity and fidelity of a reader within the secure access system by utilizing a rolling code agreed upon by the reader and the control panel.

Citations

46 Claims

1. A method of maintaining a secure access system that uses a unidirectional communication protocol, the secure access system comprising at least one credential, at least one reader, and a device upstream of said reader, the method comprising:
- reading a credential with a reader;
  
  said reader generating a first message comprising credential data associated with said credential and a first code;
  
  transmitting said first message to an upstream device;
  
  said upstream device analyzing said credential data in order to determine the authenticity of said credential and further analyzing said first code in order to determine the authenticity of said reader;
  
  receiving, at said reader, a prompting signal transmitted by said upstream device;
  
  in response to receiving said prompting signal from said upstream device, said reader generating a second message comprising a second code, wherein said second code is different from said first code; and
  
  transmitting, by said reader, said second message to said upstream device, wherein a first code selection algorithm is used to generate said first code, wherein said first code selection algorithm generates said first code based upon at least one of time of day, total operation time of said reader, a reader unique ID, number of cards read, and a reader manufacturer ID, wherein a second code selection algorithm is used to generate said second code, and wherein the first and second code selection algorithms are different.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - receiving at said upstream device said second message; and
      
      said upstream device analyzing said second code in order to determine the authenticity of said reader, wherein the first and second codes are maintaining in a list of rolling codes at the reader.
  - 3. The method of claim 1, wherein said prompting signal is transmitted from said upstream device to said reader via an LED control signal.
  - 4. The method of claim 3, wherein additional LED control signals are initiated by said upstream device on a random basis.
  - 5. The method of claim 1, wherein said first message is encrypted by said reader prior to transmitting said first message to said upstream device and decrypted by said upstream device prior to analyzing said first message.
  - 6. The method of claim 1, wherein said first code selection algorithm generates said first code based upon a number of messages previously transmitted from said reader to said upstream device.
  - 7. The method of claim 1, wherein said first and second codes are unique codes chosen from a rolling code list.
  - 8. The method of claim 7, further comprising:
    - said upstream device accessing a second list that corresponds to said rolling code list;
      
      said upstream device comparing said first code to one or more valid codes from said second list;
      
      determining that said first code matches a valid code; and
      
      in response to said upstream device determining that said first code matches said valid code, said upstream device determining that the authenticity of said reader is valid.
  - 9. The method of claim 1, wherein said transmitting utilizes a Wiegand protocol.
  - 10. The method of claim 1, wherein said credential is machine readable and comprises at least one of an RFID device, a contact smart card, a contactless smart card, a proximity card, a magnetic stripe card, a barium ferrite card, a bar code, a Wiegand card, a PDA, and a cellular phone.
  - 11. The method of claim 1, wherein credential data is at least one of a user name, a social security number, a title, access permissions, a key, a password, a manufacturer ID, site code, customer code, and a unique ID.
  - 12. The method of claim 1, wherein said upstream device is at least one of a control panel, a host computer, a processor, a database, and an intermediate device.
  - 13. The method of claim 1, wherein said reader comprises a second device that generates the codes.
  - 14. The method of claim 13, wherein said second device is integral with a housing of said reader.

15. A method of maintaining a secure access system that uses a unidirectional communication protocol, comprising:
- providing a downstream device associated with at least one interrogator device that is operable to transmit a rolling code from a first list of rolling codes as a part of a message;
  
  providing an upstream device that is operable to receive said message and analyze said rolling code by accessing a second list of rolling codes which matches the first list of colling codes and then comparing the rolling code to a valid code from the second list of rolling codes;
  
  requiring said downstream device to transmit a first message comprising a first valid rolling code at a first time;
  
  prompting said downstream device to transmit a second message comprising a second valid rolling code at a second time, wherein said upstream device prompts said downstream device to transmit said second message by at least one of (i) transmitting a prompting signal to said downstream device via an LED control line and (ii) interrupting power supplied to the downstream device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The method of claim 15, wherein at least one of said first and second is a window of time in which said downstream device is required to transmit said message.
  - 17. The method of claim 15, wherein at least one of said first and second message is time stamped in order to verify to said upstream device that said at least one of said first and second message was transmitted at their respective required time.
  - 18. The method of claim 15, further comprising, determining a required first and second time of check-in.
  - 19. The method of claim 18, wherein at least one of said first and second time is before at least one of said required first and second time of check-in.
  - 20. The method of claim 18, wherein at least one of said first and second time related is after at least one of said required first and second time of check in.
  - 21. The method of claim 15, wherein in response to said downstream device not transmitting at least one of said first and second valid rolling codes, determining that said downstream device is at least one of fraudulent and malfunctioning.
  - 22. The method of claim 15, wherein in response to said downstream device not transmitting said first rolling code, determining that said downstream device is at least one of fraudulent and malfunctioning.
  - 23. The method of claim 22, wherein in response to determining that said downstream device is at least one of fraudulent and malfunctioning, performing an invalid reader logic action.
  - 24. The method of claim 23, wherein said invalid reader logic action is at least one of sounding an alarm, notifying security/maintenance personnel that said downstream device is defective, not opening a door, and disabling said downstream device.

25. A secure access system utilizing a unidirectional communication protocol, comprising:
- a credential;
  
  a reader that is operable to read credential data from said credential upon presentation of said credential to said reader, generate a first message comprising some or all of said credential data and code data, and to transmit said first message;
  
  an upstream device that is operable to receive said first message and upon receiving said first message is operable to analyze said credential data in order to determine the authenticity of said credential and to analyze said code data in order to determine the authenticity of said reader, wherein said upstream device is further operable to generate and transmit a prompting signal via an LED control line to said reader which requires the reader to transmit additional code data in a second message to confirm its authenticity to said upstream device, wherein the code data includes a rolling code selected from a list of rolling codes, wherein said rolling code is a unique code chosen from said list of rolling codes, wherein said upstream device is further operable to access a second list which matches said list of rolling codes, compare said rolling code to a valid code from said second list, determine that said first code matches said valid code, and in response to determining that said first code matches said valid code, determine that the authenticity of said reader is valid.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 26. The system of claim 25, wherein said first message is encrypted by said reader prior to transmitting said first message to said upstream device and decrypted by said upstream device prior to analyzing said first message.
  - 27. The system of claim 26, wherein a key is used to encrypt and decrypt said first message.
  - 28. The system of claim 25, wherein a code selection algorithm is used to generate said rolling code.
  - 29. The system of claim 28, wherein said code selection algorithm generates said rolling code based upon at least one of time of day, total operation time of said reader, a reader unique ID, and a reader manufacturer ID.
  - 30. The system of claim 28, wherein said code selection algorithm generates said first code based upon the number of messages previously transmitted from said reader to said upstream device.
  - 31. The system of claim 25, wherein said first message is transmitted by said reader utilizing a Wiegand protocol.
  - 32. The system of claim 25, wherein said credential is at least one of an RFID device, magnetic stripe card, bar code, barium ferrite card, and smart card.
  - 33. The system of claim 25, wherein said upstream device is an intermediate device.
  - 34. The system of claim 25, wherein said upstream device is a control panel.
  - 35. The system of claim 25, wherein the list of rolling codes and the second list are algorithmically generated.

36. A device for use in a secure access system that uses a unidirectional communication protocol, wherein said device is operable to read credential data from a credential, comprising:
- a code generator that is operable to generate a first message comprising credential data associated with a credential that is used to determine the authenticity of said credential and a first code that is used to determine the authenticity of said device, wherein said code generator comprises a code selection algorithm, wherein said code selection algorithm generates said first code based upon at least one of time of day, total time of operation, a reader unique ID, and a reader manufacturer ID, wherein a second code selection algorithm is used to generate said second code;
  
  an LED control input which connects said device to an upstream device, wherein said LED control input is used control an LED of said reader and to receive prompting signals from said upstream device which prompts said code generator to generate a second message comprising a second code; and
  
  an output for transmitting said first and second messages to said upstream device.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 37. The device of claim 36, wherein said second code is different from said first code.
  - 38. The device of claim 37, wherein said second message is generated a predetermined amount of time after said first message is generated and in response to receiving said prompting signal.
  - 39. The device of claim 37, further comprising a power input.
  - 40. The device of claim 36, wherein said first message is encrypted by said code generator prior to transmitting said first message to said upstream device.
  - 41. The device of claim 36, wherein said code selection algorithm generates said first code based upon a number of messages previously transmitted from said device to said upstream device.
  - 42. The device of claim 36, wherein said code selection algorithm changes in response to receiving said prompting signal from said upstream device.
  - 43. The device of claim 36, wherein said code generator comprises a rolling code list.
  - 44. The device of claim 43, wherein said code generator changes how the rolling code list is used in response to receiving said prompting signal from said upstream device.
  - 45. The device of claim 44, wherein said prompting signal is transmitted randomly from said upstream device.
  - 46. The device of claim 36, wherein said upstream device comprises a reader and wherein a credential comprises said code generator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Davis, Michael L., Hulusi, Tam
Primary Examiner(s)
BROWN, VERNAL U

Application Number

US11/464,912
Publication Number

US 20070046424A1
Time in Patent Office

2,106 Days
Field of Search

340/5.8, 340/10.1, 340/4.61, 340/5.2, 340/5.9
US Class Current

340/5.8
CPC Class Codes

G07C 9/21   having a variable access code

G07C 9/27   with central registration

G07C 9/28   the pass enabling tracking ...

H04L 63/126   the source of the received ...

H04L 63/1466   Active attacks involving in...

Device authentication using a unidirectional protocol

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Device authentication using a unidirectional protocol

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links