`
`US 20020063 154A1
`
`(19) United States
`
`(12) Patent Application Publication (1 0) Pub. No.: US 2002/0063154 Al
`
`(54) SECURITY SYSTEM DATABASE
`MANAGEMENT
`
`(76) Inventors: Hector Hoyos, Guaynabo, PR (US);
`Alex Rivera, San Juan, PR (US);
`Miguel Berrios, Guaynabo, PR (US);
`Ricardo Real, Bayamon, PR (US);
`Leslie de Jesus, San Juan, PR (US)
`
`Correspondence Address:
`Patent Law Offices of Health W. Hoglund
`391 Juan A. Davila Street
`San Juan, PR 00918 (US)
`
`(21) Appl. No.: (cid:9)
`
`09/867,184
`
`(22)
`
`Filed: (cid:9)
`
`May 29, 2001
`
`Related U.S. Application Data
`
`(63) Non-provisional of provisional application No.
`60/207,562, filed on May 26, 2000.
`
`Publication Classification
`
`Int. Cl.7 ....................................................... G06K 7/01
`(51)
`(52) U.S. Cl . (cid:9)
`.......................................................... 235/382.5
`
`(57) (cid:9)
`
`ABSTRACT
`
`A security system database is configured to store a unique
`identifier and a biometrics feature for each user's. This
`information is periodically transferred from a central server
`to a plurality of access controllers. The access controllers in
`turn control building access based upon the information
`received from the central server. The access data is in turn
`periodically transferred from the access controllers to the
`central server. The central server uses this information to
`generate access reports.
`
`133E3,_^
`
`13q
`1320 (cid:9)
`-------------
`
`1332
`
`'1322
`
`
`
`1344 (cid:9)
`
`$
`
`334
`
`1324
`
`rm
`
`,a ^,
`r-- 1IIl I _.1336,
`
`1328
`
`1 30
`
`7310
`
`^Popticna i.
`printer
`-1 fl8
`Fingerprint
`1304 keyboard Mouse 1306 ennr
`
`1312
`
`1326
`
`1314 (cid:9)
`
`j 1316
`
`IPR2022-00600
`Apple EX1014 Page 1
`
`
`
`Patent Application Publication May 30, 2002 Sheet 1 of 8 (cid:9)
`
`US 2002/0063154 Al
`
`102 (cid:9)
`
`1 (cid:9)
`
`1 (cid:9)
`
`2
`
`106
`
`104 (cid:9)
`
`l
`
`Network ID Name
`
`10:10:01
`
`South Parking Lot Entry
`
`10:10:02
`
`Main Gate
`
`N
`
`10:10:N
`
`Other Entry
`
`(Database of Access Points)
`
`202 (cid:9)
`
`1 (cid:9)
`
`#
`
`204 (cid:9)
`
`1 (cid:9)
`
`Name
`
`206 (cid:9)
`
`1 (cid:9)
`
`208 (cid:9)
`
`1 (cid:9)
`
`210 (cid:9)
`
`1 (cid:9)
`
`212 (cid:9)
`
`1 (cid:9)
`
`A.P.l A.P.2 A.P.3 A.P.4
`
`1
`
`2
`
`Basic
`
`Software
`
`1
`
`1
`
`0
`
`0
`
`0
`
`1
`
`1
`
`0
`
`N
`
`Other
`
`X
`
`X
`
`X
`
`X
`
`(Database of Access Groups)
`
`Fig. 2
`
`214
`
`11F
`
`A.P.M
`
`X
`
`X
`
`X
`
`IPR2022-00600
`Apple EX1014 Page 2
`
`
`
`Patent Application Publication May 30, 2002 Sheet 2 of 8
`
`US 2002/0063154 Al
`
`302 (cid:9)
`
`1 (cid:9)
`
`#
`
`304 (cid:9)
`
`1
`
`Name
`
`I (cid:9)
`
`2
`
`3
`
`4
`
`Engineering
`
`Marketing
`
`Administration
`
`Software
`
`402 (cid:9)
`
`404
`
`#
`
`I
`
`2
`
`Name
`
`Exempt
`
`Non—Exempt
`
`N
`
`Others
`
`N
`
`Others
`
`(Database of Departments)
`Fig. 3
`
`(Database of Groups)
`
`IA
`
`502 (cid:9)
`
`1 (cid:9)
`
`#
`
`504
`
`1
`
`Name
`
`1
`
`2
`
`3
`
`4
`
`5
`
`Visitor
`
`Temporary Leave
`
`Voluntary Leave
`
`Termination
`
`Active
`
`N
`
`Others
`
`506 (cid:9)
`
`508
`
`l (cid:9)
`
`Time
`Frame
`0
`
`^
`
`Account
`Disabled
`0
`
`1
`
`0
`
`0
`
`0
`
`1
`
`1
`
`1
`
`1
`
`0
`
`1
`
`(Database of Employment Status Options)
`
`Fig. 5
`
`IPR2022-00600
`Apple EX1014 Page 3
`
`(cid:9)
`(cid:9)
`(cid:9)
`
`
`Patent Application Publication May 30, 2002 Sheet 3 of 8 (cid:9)
`
`US 2002/0063154 Al
`
`602 (cid:9)
`
`1
`
`# (cid:9)
`
`1
`
`2
`
`3
`
`4
`
`5
`
`604
`
`606 (cid:9)
`
`Name
`
`Full Time A
`
`T/A
`Group (cid:9)
`In / Out
`
`Full Time B
`
`4 In / 4 Out
`
`608
`
`i
`^ Time
`
`Frame_
`0
`
`0
`
`0
`
`1
`
`1
`
`Part Time
`
`Seasonal
`
`Visitor
`
`2In/2 Out
`3thI3Out
`^/O—ut--
`
`
`
`(Database of Employment Type Options)
`
`Fig. 6
`
`704 (cid:9)
`
`702 (cid:9)
`
`I (cid:9)
`
`710 (cid:9)
`
`706 (cid:9)
`
`708 (cid:9)
`
`III (cid:9)
`
`Name
`
`Enroll UpFe1ete
`
`712 (cid:9)
`
`i (cid:9)
`
`714 (cid:9)
`
`i (cid:9)
`
`716 (cid:9)
`
`I (cid:9)
`
`Admin.
`Reports
`0
`
`718 (cid:9)
`
`i (cid:9)
`
`T/A (cid:9)
`1Rorts (cid:9)
`0
`
`720 (cid:9)
`
`I (cid:9)
`
`T/A
`Edit
`0
`
`722 (cid:9)
`
`i
`
`Video
`Report
`0
`
`724
`
`Info
`Report
`0
`
`1
`
`2
`
`3
`
`4
`5 F
`
`User
`
`DB Manger
`
`Administrator
`
`Enroll Clerk
`
`Reports Clerk
`
`0
`
`1
`
`1
`
`1
`
`0
`
`]
`
`0
`
`1
`
`1
`
`1
`
`0
`
`0
`
`1
`
`1
`
`0
`
`0
`
`Sched—
`uler
`0
`
`1
`
`1
`
`0
`
`0
`
`0
`
`1
`
`0
`
`0
`
`0
`
`(Database of Access Priviliges)
`
`Fig. 7
`
`1
`
`1
`
`0
`
`1
`
`1
`
`1
`
`0
`
`1
`
`1
`
`1
`
`0 (cid:9)
`
`1 (cid:9)
`
`1
`
`1
`
`0
`
`1
`
`1
`
`1
`
`0
`
`1
`
`IPR2022-00600
`Apple EX1014 Page 4
`
`(cid:9)
`(cid:9)
`
`
`Patent Application Publication May 30, 2002 Sheet 4 of 8 (cid:9)
`
`US 2002/0063154 Al
`
`802 (cid:9)
`
`804 (cid:9)
`
`806 (cid:9)
`
`808 (cid:9)
`
`810 (cid:9)
`
`812 (cid:9)
`
`814 (cid:9)
`
`816 (cid:9)
`
`818 (cid:9)
`
`820 (cid:9)
`
`822 (cid:9)
`
`i Li (cid:9) LJ (cid:9)
`
`824
`
`I
`
`Employ. (cid:9)
`Number
`1
`
`pID (cid:9)
`
`Dept (cid:9)
`
`1776
`
`Bng.
`
`# (cid:9)
`
`Name (cid:9)
`
`1
`
`2 (cid:9)
`
`A. Rivera
`
`I M. Berrios
`
`N
`
`O
`
`p 0)1. End (cid:9) Employ. Leave D*
`Repor
`Date__. Ri
`Status (cid:9)
`Type (cid:9)
`Date (cid:9)
`—
`—
`Active
`F.T. A
`—
`—
`
`2
`
`9999
`
`Soft.
`
`F.T. B
`
`Active
`
`Admin. Exempt
`
`I
`
`(Database of Users)
`
`Fig. 8
`
`902 (cid:9)
`
`904 (cid:9)
`
`906 (cid:9)
`
`908 (cid:9)
`
`910 (cid:9)
`
`912 (cid:9)
`
`914 (cid:9)
`
`916 (cid:9)
`
`__iII __ I
`
`922
`
`AG.
`N
`
`A.G.
`1
`
`A.G.
`2
`
`Employ.
`Number
`1
`
`1 G.
`3
`
`A.G.
` _4
`
`A.G. (cid:9)
`_ (cid:9) 5_ (cid:9)
`
`A.G.
`6
`
`(Database of Users' Access Groups)
`
`Fig. 9
`
`IPR2022-00600
`Apple EX1014 Page 5
`
`(cid:9)
`(cid:9)
`
`
`Patent Application Publication May 30, 2002 Sheet 5 of 8 (cid:9)
`
`US 2002/0063154 Al
`
`1006 (cid:9)
`
`I (cid:9)
`
`1008 (cid:9)
`
`l (cid:9)
`
`1010 (cid:9)
`
`1 (cid:9)
`
`1012 (cid:9)
`
`1 (cid:9)
`
`J.
`
`Pit (cid:9)
`2
`1
`3
`5 (cid:9)
`4
`6
`1-1.dat 1-2.dat 1-3.dat 1-4.dat 1-5.dat 1-6.dat
`
`1014 (cid:9)
`
`1016 (cid:9)
`
`1018
`
`Composite
`1—C.dat
`
`1004 (cid:9)
`
`Employ.
`Number
`1
`
`1002 (cid:9)
`
`1 (cid:9)
`
`#
`
`1
`
`2
`
`2
`
`2-1.dat 2-2.dat 2-3.dat 1 2-4.dat 2-5.dat 2-6.dat
`
`2—C.dat
`
`N
`
`N
`
`N—I.dat N-2.dat N-3.dat N-4.dat N-5.datN -6.dat N—C.dat
`
`(Database of Users' Fingerprints)
`Fig. 10
`
`1102 (cid:9)
`
`1104 (cid:9)
`
`1106 (cid:9)
`
`1108 (cid:9)
`
`1110 (cid:9)
`
`1112 (cid:9)
`
`1114
`
`Date & Access j pill}
`Point
`Time
`01/30/00 Main
`14:33:22 Gate
`01/3—/00 Eng.
`14:42:38
`
`1234
`
`1776
`
`1
`
`2
`
`Name Result Other
`
`A.
`Rivera
`—
`
`Accept
`
`Deny
`
`N
`
`j
`
`(Access Log)
`
`Fig. 11
`
`IPR2022-00600
`Apple EX1014 Page 6
`
`
`
`Patent Application Publication May 30, 2002 Sheet 6 of 8
`
`US 2002/0063154 Al
`
`121.0 (cid:9)
`
`1212
`
`1214
`
`1202 (cid:9)
`
`1204 (cid:9)
`
`1206
`
`Li (cid:9)
`
`1208
`
`Message (cid:9)
`
`Group
`
`ALL
`
`1
`
`2
`
`1 (cid:9)
`1-1.dat
`
`2-4 .dat
`
`Start (cid:9)
`Date (cid:9)
`01/30/00
`
`Client Tour at 1
`4a.
`Please see Admin. 01/30/00
`
`End (cid:9)
`Date
`01/30/00
`
`JPresente
`
`N
`
`N
`
`L±
`_L Print
`
`EiLIIII1_ ThTI1
`
`(Database of Messages)
`Fig. 12
`
`3B
`
`320
`
`1 344
`
`1340 ]/1J 1332
`1342. L&IiJ
`01"
`
`1328
`
`322
`
`334
`
`1324
`
`li-
`
`lU I 1336
`
`1312
`
`1314
`
`1310
`
`
`
`1300
`
`1302
`
`,-- (cid:9)
`
`1 (cid:9)
`
`- -.---- (cid:9)
`Keyboard (cid:9)
`
`1304 (cid:9)
`
`Option
`printer
`-1308
`FIngerprInt
`-1
`u8e so
`
`Fig. 13
`
`IPR2022-00600
`Apple EX1014 Page 7
`
`(cid:9)
`(cid:9)
`
`
`Patent Application Publication May 30, 2002 Sheet 7 of 8 (cid:9)
`
`US 2002/0063154 Al
`
`Adding New User
`
`Enter Database
`Rights
`
`Enter Report Group
`
`Access Groups
`
`Fingerprint Data
`
`1428
`
`1430
`
`1432
`
`1412
`
`1414
`
`1416
`
`1418
`
`1420
`
`Enter Name
`
`Enter Employmee
`Number
`
`Enter PID
`
`Enter Department
`
`Enter Employee
`Type
`
`Enter Temporary End
`Date
`
`Enter Status
`
`Enter Leave
`Date
`
`Fig. 14
`
`IPR2022-00600
`Apple EX1014 Page 8
`
`
`
`Patent Application Publication May 30, 2002 Sheet 8 of 8 (cid:9)
`
`US 2002/0063154 Al
`
`Report Generation (cid:9)
`
`Report Selection (cid:9)
`
`Date Range (cid:9)
`
`Group (cid:9)
`___________ (cid:9)
`
`^► (cid:9)
`
`Query Database (cid:9)
`
`I (cid:9)
`
`j (cid:9)
`
`Present Result (cid:9)
`
`1510 (cid:9)
`
`1512 (cid:9)
`
`1514
`
`1516 (cid:9)
`
`1518 (cid:9)
`
`Message Tranmittal
`_ (cid:9)
`Receive Message
`Data
`
`—_1 610
`
`_ (cid:9)
`( (cid:9)
`
`MF (cid:9)
`Transmitt to
`Remote Units
`
`-----. ^.-1612
`
`
`
`Receive Matching
`User ID
`L__________ (cid:9)
`
`___
`
`----__ c (cid:9) 1616
`Present Message
`
`{ (cid:9)
`
`fir (cid:9)
`
`— 1618
`
`Update Database
`
`Fig. 15
`
`Fig. 16
`
`IPR2022-00600
`Apple EX1014 Page 9
`
`(cid:9)
`(cid:9)
`
`
`US 2002/0063154 Al
`
`May 30, 2002
`
`SECURITY SYSTEM DATABASE MANAGEMENT
`
`FIELD OF THE INVENTION
`[0001] The present invention relates generally to a com-
`puterized security system used to restrict entry to a building
`or property, and more specifically to the maintenance of a
`database of user information used in such a security system.
`
`DESCRIPTION OF RELATED ART
`[0002] Security systems are widely used to control entry to
`a building or a property. Where only a few people are
`permitted access to a property, e.g. a home, the security
`system may be relatively simple, consisting of a lock with an
`associated key on every door. Although this security system
`is acceptable for many homes, it is not suitable for many
`commercial applications for a number of reasons.
`[0003] First, as the number of people who require access
`to a property increases, the security risks generally increase
`as well. For example, businesses that use a simple lock and
`associated key on every door typically provide keys to a
`selected group of employees. Invariably, someone in that
`group eventually loses a key and that loss poses a potential
`security hazard. Moreover, businesses typically experience
`some employee turnover. Although an employee typically
`returns any building keys upon the termination of his or her
`employment, this administrative burden is sometimes over-
`looked and poses an additional security risk.
`[0004] Second, many commercial buildings require more
`careful monitoring of the persons who have entered a
`particular building. For example, a warehouse that is used to
`store valuable goods will require carefully restricted access.
`In such applications, a simple lock and associated key for
`every door is generally inadequate.
`[0005]
`In other settings, especially academic or commer-
`cial research settings, access may be restricted to prevent
`loss of trade secret information. In such applications, a
`property may be divided into different areas. To minimize
`the risk of loss, employees may be granted access to the
`different areas only on an as-needed basis. Thus, a person
`may have access to a main entrance and a specific area but
`not to the entire property. Although a key and lock security
`system may be used for these types of settings, the admin-
`istrative burden of monitoring who has copies of the various
`keys quickly becomes impractical. Likewise, the cost of
`providing a security guard at every entrance is not economi-
`cally or administratively feasible for most applications.
`[0006] Accordingly, a number of computerized security
`systems have been implemented to reduce the administrative
`burden and to reduce the risk of unauthorized entry into a
`building or property. For example, U.S. Pat. No. 4,210,899,
`titled "Fingerprint-Based Access Control and Identification
`Apparatus," issued to Swonger et al. on Jul. 1, 1980,
`discloses a security system that uses a human fingerprint to
`control access. U.S. Pat. No. 4,395,628, titled "Access
`Security Control," issued to Silverman et al. on Jul. 26,
`1983, discloses another security system that uses a control
`card to control access. U.S. Pat. No. 5,608,387, titled
`"Personal Identification Device and Access Control Sys-
`tems," issued to Davies on Mar. 4, 1997, discloses still
`another security system that uses human recognition of a
`complex image to control access. Each of the above-listed
`patents is incorporated herein by reference.
`
`[0007] Each of the above-listed patents also implements a
`database that is used to determine whether to grant access.
`These databases must be maintained on a regular basis as
`new users are added to the security system and old users are
`removed from the security system. In addition, the access
`privileges for an existing user may change. For example, a
`particular employee may have access only during certain
`times of the day and only during certain days of the week.
`This employee's access may be increased to allow at-will
`access. Likewise, a particular employee may have access
`only to specific areas in a building. If the employee's
`responsibilities change, his or her access privileges to spe-
`cific areas in the building will also likely change. The
`associated database(s) must be updated to reflect such
`changes. This administrative burden can become onerous as
`the number of users and/or access points increase. Accord-
`ingly, a database management system is desired that sim-
`plifies as much as possible this process.
`
`SUMMARY OF THE INVENTION
`
`[0008] According to one aspect of the invention, a security
`system database of user information is maintained. The
`database is used to grant or deny a user access to a property,
`such as a building. To begin configuration, a central server
`receives a representation of a fingerprint from a system
`administrator. The representation of the system administra-
`tor's fingerprint is saved in a memory along with access
`privileges that permit complete system access. Subse-
`quently, the system administrator must present his or her
`fingerprint in order to gain access to the system. The
`resulting fingerprint is compared with the representation
`saved in memory. If a match is detected, the system admin-
`istrator is permitted access to the database, otherwise not.
`After gaining access, the system administrator may create
`access privileges for other users by first entering a new
`record command. The new user's fingerprint is captured and
`saved in memory as a record associated with the new user.
`The system administrator also determines access privileges
`for the new user.
`[0009] According to a further aspect of the invention, the
`fingerprint data is transformed and encrypted to prevent
`disclosure of private data.
`[0010] According to another aspect of the invention, the
`fingerprint data may be replaced by an electronic represen-
`tation of the user's face.
`[0011] According to a further aspect of the invention, a
`user's access privilege information includes access hours,
`access days and access points.
`[0012] According to another aspect of the invention, the
`access to a building is monitored by a security system having
`a database of user information. The database is established
`at a central server and includes a unique identifier and a
`biometric feature for each authorized user's. This database is
`transferred through a computerized network to a plurality of
`access controllers. The access controllers receive requests
`from the users to enter the secure area. The access requests
`each include a unique identifier and a biometric feature such
`as a fingerprint. The access request is compared with the
`database of authorized users to determine access privileges.
`The comparison is made locally at the access controller.
`Access records are generated based upon these requests and
`transferred to the central server. This, in turn, permits the
`
`IPR2022-00600
`Apple EX1014 Page 10
`
`(cid:9)
`
`
`US 2002/0063154 Al
`
`May 30, 2002
`
`2
`
`generation of attendance reports at the central server based (cid:9)
`upon the records of the access requests. (cid:9)
`
`[0013] According to a further aspect of the invention, the
`report of attendance includes records for a single employee
`that were generated at different access controllers.
`[0014] According to a further aspect of the invention, the
`central server polls the access controllers upon generating an
`access report.
`
`[0015] According to another aspect of the invention, a
`security system includes a central server and a plurality of
`access controllers. The central server is configured to estab-
`lish a database of user information including a unique
`identifier and a biometrics feature for each user. The central
`server is further configured to generate reports of user access
`information. The plurality of access controllers coupled with
`the central server through a network. The plurality of access
`controllers are each configured to control associated access
`points based upon the database of user information and to
`retain access records. The the central server periodically
`transfers an updated copy of the database of user informa-
`tion to the plurality of access controllers. The plurality of
`access controllers each periodically transfer an updated copy
`of access records to the central server for use in generating
`the reports of user access information.
`
`[0016] Further aspects of the invention will be better
`appreciated in view of the drawings and the description that
`follows.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0017] FIG. 1 is a block diagram of one preferred database
`of access points.
`[0018] FIG. 2 is a block diagram of one preferred database
`of access groups.
`
`[0019] Fig. 3 is a block diagram of one preferred database
`of departments.
`[0020] FIG. 4 is a block diagram of one preferred database
`of groups.
`[0021] FIG. 5 is a block diagram of one preferred database
`of employment status options.
`[0022] FIG. 6 is a block diagram of one preferred database
`of employment type options.
`[0023] FIG. 7 is a block diagram of one preferred database
`of access privileges.
`[0024] FIG. 8 is a block diagram of one preferred database
`of user access privileges.
`[0025] FIG. 9 is a block diagram of one preferred database
`of users' access groups.
`[0026] FIG. 10 is a block diagram of one preferred
`database of users' fingerprint data.
`[0027] FIG. 11 is a block diagram of one preferred data-
`base used to store an access log of transactions.
`[0028] FIG. 12 is a block diagram of one preferred
`database of user messages.
`[0029] FIG. 13 is a block diagram of one preferred
`computerized security system.
`
`[0030] FIG. 14 is a flow chart showing one preferred
`method of adding a new user.
`[0031] FIG. 15 is a flow chart showing one preferred
`method of generating a report.
`[0032] FIG. 16 is a flow chart showing one preferred
`method of transmitting a message to a user.
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`[0033] In one preferred embodiment a building includes a
`number of doors through which a person may enter. A
`security device, also referred to as a remote access control-
`ler, is provided at each such door. The remote access
`controller includes an electrical control for a locking mecha-
`nism that restricts the opening of the associated door. The
`remote access controller also includes a user interface that
`includes both a touch screen and a fingerprint sensor. A user
`may gain entry to the building by placing his or her finger
`on a fingerprint sensor and keying a unique identifier. The
`remote access controller includes a computer having soft-
`ware necessary to perform all related control functions.
`
`[0034] In some applications, both the entry and the exit
`from a building will be controlled. In such cases an addi-
`tional security device, also referred to as a companion user
`interface, may be provided on the other side of the door. The
`companion connects with the locking mechanism. To exit
`the building, or secured area, a user may place his or her
`finger on a fingerprint sensor and key the unique identifier.
`The companion does not include a computer and necessary
`software to perform this functionality, but instead connects
`with the remote access controller. The remote access con-
`troller provides the necessary support. This helps reduce the
`overall system cost and complexity by reducing the number
`of computers required for the various access points.
`[0035] The remote access controller includes a database of
`user information that is used in determining whether to
`allow a person access. That database is generated at central
`server. The central server connects to each of the remote
`access controllers. The central computer is used to generate
`the database of user information. It is also used to configure
`and control the remote access controllers. For example, the
`central server is used to configure the database of user
`information to specify the hours during which a particular
`user may gain access to a particular door or to the entire
`building. The central server connects with the remote access
`computers through an Ethernet network.
`
`[0036] In addition to these units, the system may include
`video monitoring. The video monitoring includes intelligent
`video surveillance and exception generation capability.
`These capabilities may be tied with the employee fingerprint
`ID logs from the remote access controllers. The video
`surveillance also connects to the remote access controllers
`through the Ethernet network.
`
`[0037] Preferred embodiments of the central server,
`remote access controllers and companion user interfaces are
`further described below and in the related application Build-
`ing Security System, to Hoyos, et al., filed May 29, 2001,
`Application No. _/_,_, which is incorporated herein by
`reference.
`[0038] Preferred embodiments of the database are also
`described below with reference to the figures. More particu-
`
`IPR2022-00600
`Apple EX1014 Page 11
`
`(cid:9)
`
`
`US 2002/0063154 Al
`
`May 30, 2002
`
`3
`
`larly, FIGS. 1 -10 show aspects of the database that are used
`to enroll users and to grant them access privileges to various
`access points. These access privileges are entered and con-
`figured through a central server, and transferred through a
`computerized network to remote access controllers. The
`remote access controllers receive access requests and deter-
`mine whether to permit entry through an associated access
`point based upon the user's information and the database of
`access privileges. Each of the remote access controllers
`saves a database log of access attempts. These logs are
`transferred through the computerized network to the central
`server.
`
`[0039] The central server compiles the access logs from
`the various remote access controllers into a common access
`log database. A system administrator can generate reports
`based upon the access log database. One preferred access log
`is shown in FIG. 11.
`
`[0040] A system administrator is also able to send mes-
`sages through the central server. The message and recipients
`are selected, then the message is transmitted through he
`computerized network to the remote access controllers.
`When the intended recipient accesses one of the remote
`access points, the associated remote access controller pre-
`sents the message. One preferred message database is shown
`in FIG. 12.
`
`[0041] One preferred computerized security system is
`shown in FIG. 13. It includes a central computer 1300. The
`central computer 1300 includes a display 1302, a keyboard
`1304, a mouse 1306 and a fingerprint sensor 1308. The
`central computer 1300 also includes a processor and a
`memory configured to store a database of user information.
`The processor and memory are housed within enclosure
`1310 and operationally coupled with the other components
`of the central computer 1300. Preferably, the central com-
`puter 1300 operates using Windows NT, though other oper-
`ating systems configured to support a network could also be
`used.
`
`[0042] The central computer 1300 connects through a
`network 1312 to a plurality of remote computers 1320, 1322,
`1324 and 1326. The remote computers 1320, 1322, 1324 and
`1326 are positioned within the interior of an access area
`1314. Access to this area is restricted to authorized users.
`Remote computer 1320 includes a processor and memory.
`Remote computer 1320 also includes a touch screen 1328
`and a fingerprint sensor 1330.
`
`[0043] Remote computer 1320 receives user data from
`central computer 1300 through the network 1312. The user
`data is stored locally in memory. In a default state, touch
`screen 1328 displays a prompt message advising a user to
`place his or her finger upon the fingerprint sensor 130 in
`order to begin the access process.
`
`[0044] Preferably, when a user presents his or her finger to
`the fingerprint sensor 1330, an electronic representation is
`generated. This representation is pre-processed to extract
`salient features for comparison. Meanwhile, the user
`prompted to enter his or her ID through a keypad presented
`on touch screen 1328. The user's ID is used to access the
`appropriate database record. The representation of a finger-
`print associated with that record is compared with the
`pre-processed fingerprint to detect a match. If this compari-
`son generates a match, then the remote computer 1320
`
`changes the state of an external circuit controlling the
`associated access point. This permits the user to pass
`through the access point.
`
`[0045] In a second alternative embodiment, when a user
`presents his or her finger to the fingerprint sensor 1330, an
`electronic representation is generated. That representation is
`compared to the local database of user information. If it
`generates a match, then a message is displayed on touch
`screen 1328. Preferably, the message includes the user's
`name and advises the user to enter his or her user ID. At this
`time a keypad is also displayed on the touch screen 1328.
`The user may then enter a password. If the password
`matches the user's password from the local database, then
`the remote computer 1320 changes the state of an external
`circuit controlling the associated access point. This permits
`the user to pass through the access point.
`
`[0046] By retaining a local database of user information,
`the system reduces downtime due to any network failures.
`For example, if for any reason central computer 1300
`crashes or becomes unavailable, remote computer 1320 is
`still able to control access based upon a copy of the user
`database that is retained locally.
`
`[0047] Remote computers 1322, 1324 and 1326 function
`in the same manner as remote computer 1320. Remote
`computers 1320, 1322 and 1324 each connect with a user
`interface 1332, 1334 and 1336, respectively through a
`communication channel. Preferably communication channel
`1344 is made as an RS-422 and a parallel connection. User
`interfaces 1332, 1334 and 1336 are positioned in an unse-
`cured area 1316 surrounding access area 1314.
`
`[0048] User interface 1332 includes a display 1338, a
`keypad 1340 and a fingerprint sensor 1342. Preferably, user
`interface 1332 does not include a computer processor or
`associated memory. This background support is provided by
`remote computer 1320. This configuration helps to reduce
`system cost and complexity by reducing the total number of
`computers.
`
`[0049] User interface 1332 functions, in many respects, in
`the same manner as computer 1320 itself. As a user
`approaches, display 1338 prompts the user to present his or
`her finger on fingerprint sensor 1342. An electronic repre-
`sentation is generated and passed through communication
`channel 1344 to remote computer 1320. Remote computer
`1320 pre-processes the representation. Meanwhile, remote
`computer 1320 commands user interface 1332 to present a
`message to the user requesting entry of the user's ID. The
`user then enters an ID through keypad 1340. The ID is
`transmitted through communication channel 1344 to remote
`computer 1320. The pre-processed representation of a user's
`fingerprint is then compared with the appropriate database
`entry. If it matches, the remote computer 120 changes the
`state of a circuit that controls the associated access point.
`This permits the user to pass through the associated access
`point. Otherwise, remote computer 1320 commands user
`interface 1332 to present a message on display 1338 that the
`fingerprint did not match. The user may then re-attempt the
`access process.
`
`[0050] Remote computer 1322 and user interface 1334
`operate in the same manner as remote computer 1320 and
`user interface 1332. Likewise, remote computer 1324 and
`user interface 1336 operate in the same manner as remote
`
`IPR2022-00600
`Apple EX1014 Page 12
`
`(cid:9)
`
`
`US 2002/0063154 Al
`
`May 30, 2002
`
`0
`
`computer 1320 and user interface 1332. Remote computer
`1326 functions in the same manner as remote computer
`1320, except that it is not associated with another user
`interface. In the configuration shown, remote computer 1326
`would control an exit-only access point since it is located
`within access area 1314.
`[0051] According to another aspect of the invention, the
`security system is used to monitor time in and time out for
`system users. In operation, the remote computers 1320,
`1322, 1324 and 1326 can transmit to central computer 1300
`the time in and time out of each user. A database for this
`information is maintained on the central computer 1300.
`When the remote computer recognizes a user by generating
`a feature and user ID match, that information is sent through
`the network 1312 to central computer 1300. The system
`administrator may generate reports or transfer this data to
`other applications.
`[0052] In an alternative preferred embodiment, a particu-
`lar user may be given access permission only to certain
`access points. In this configuration, the respective remote
`computer will also check for access privileges. If the user
`does not have access privileges for the associated access
`point, then the remote computer will not permit access
`through that access point. For example, a user may have
`access privileges for the access point associated with remote
`computer 1320 and user interface 1332, but not for any other
`access point. In this configuration, when the user is properly
`identified at the access point then he or she will be permitted
`to pass through the access point. However, when the user
`attempts to access any other access point, the user will be
`advised that he or she does not have privileges for that
`access point.
`[0053] In yet another preferred embodiment all of the
`remote computers and user interfaces are positioned outside
`the access area 1314, in unsecured area 1316. In this
`configuration, each remote computer and each user interface
`is used to control a different access point. Once a user gains
`access to and enters access area 1314, then the user may exit
`by operating a simple control switch. The control switch
`automatically permits exit.
`[0054] The configuration of the database begins by estab-
`lishing a system administrator. For maximum system secu-
`rity, the system immediately requests that the system admin-
`istrator present his or her fingerprint and enter a personal
`identifier. This will be required to make subsequent access of
`the system as the administrator.
`[0055] Returning to FIG. 1, one preferred database struc-
`ture used to maintain the database of user access privileges
`is described. In particular, one preferred structure for iden-
`tifying the various access points is described. Specifically,
`the database of access points includes a number column 102,
`a network ID column 104, and a name column 106. As with
`the database structures that will be described below, the first
`row lists a column descriptor. The following rows each
`comprise one entry, so that each entry includes one field for
`each column. With reference to FIG. 1, the number column
`102 simply identifies the memory location of the particular
`entry. The network ID column 104 is used to save the
`network ID for each remote access controller. The name
`column 106 is used to save a common name that identifies
`the access point. This name is used in report generation.
`[0056] In alternative preferred embodiments, one remote
`access controller may be used to control access to more than
`
`one access point. In addition, the remote access controller
`may be connected to additional user interfaces that do not
`themselves connect to the computerized network. Nonethe-
`less, these user interfaces are used to control access to an
`access point and are controlled by the associated remote
`access controller. In such configurations, the database fur-
`ther includes fields for the additional access points and user
`interfaces. Each is also given a common name for use in
`generating reports.
`
`[0057] In typical applications, a remote access controller
`is placed on the inside of an access point and an additional
`user interface is placed on the outside of the access point.
`This configuration permits control of both the entry and exit
`at an access point. For reference purposes, the names would
`include an entry and exit identifier, as for example, "Main
`Gate-Entrance Side," and "Main Gate-Exit Side."
`
`[0058] The various access points are preferably organized
`into access groups. In operation a system administrator
`defines a group and associates various access points with the
`g