`US009665705B2
`
`c12) United States Patent
`Burke
`
`(IO) Patent No.:
`(45) Date of Patent:
`
`US 9,665,705 B2
`*May 30, 2017
`
`(54) REMOTE ENTRY SYSTEM
`
`(71) Applicant: Securicom (NSW) Pty. Ltd., Ramsgate,
`NSW (AU)
`
`(72)
`
`Inventor: Christopher John Burke, Ramsgate
`(AU)
`
`(73) Assignee: SECURICOM (NSW) PTY LTD,
`Ramsgate (AU)
`
`63/0861 (2013.01); H04W 12108 (2013.01);
`H04W 84/12 (2013.01); H04W 84/18
`(2013.01)
`
`(58) Field of Classification Search
`CPC ....................................................... G06F 21/32
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`( *) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by O days.
`
`This patent is subject to a terminal dis(cid:173)
`claimer.
`
`5,109,428 A * 4/1992 Igaki .
`
`A61B 5/1172
`356/71
`5,933,515 A * 8/1999 Pu.
`G06K 9/00006
`340/5.53
`7,152,045 B2 * 12/2006 Hoffman ................. G06F 21/32
`235/379
`
`(21) Appl. No.: 15/000,818
`
`(22) Filed:
`
`Jan. 19, 2016
`
`(65)
`
`Prior Publication Data
`
`US 2016/0132672 Al May 12, 2016
`
`Related U.S. Application Data
`
`(63) Continuation of application No. 13/572,166, filed on
`Aug. 10, 2012, now Pat. No. 9,269,208, which is a
`(Continued)
`
`(30)
`
`Foreign Application Priority Data
`
`Aug. 13, 2003
`
`(AU) ................................ 2003904317
`
`(51)
`
`Int. Cl.
`H04L 29106
`G06F 21132
`G06F 21135
`G07C 9/00
`H04W 12108
`
`(2006.01)
`(2013.01)
`(2013.01)
`(2006.01)
`(2009.01)
`(Continued)
`
`(52) U.S. Cl.
`CPC .............. G06F 21132 (2013.01); G06F 21135
`(2013.01); G07C 9/00158 (2013.01); H04L
`
`OTHER PUBLICATIONS
`
`Klosterman, Andrew J., and Gregory R. Ganger. "Secure continuous
`biometric-enhanced authentication." (2000). *
`
`* cited by examiner
`
`Primary Examiner - Shawnchoy Rahman
`(74) Attorney, Agent, or Firm - Brinks Gilson & Liane
`
`ABSTRACT
`(57)
`A system is disclosed for providing secure access to a
`controlled item, the system comprising a database of bio(cid:173)
`metric signatures, a transmitter subsystem comprising a
`biometric sensor for receiving a biometric signal, means for
`matching the biometric signal against members of the data(cid:173)
`base of biometric signatures to thereby output an accessi(cid:173)
`bility attribute, and means for emitting a secure access signal
`conveying information dependent upon said accessibility
`attribute, wherein the secure access signal comprises one of
`at least a rolling code, an encrypted Bluetooth™ protocol,
`and a WiFi™ protocol, and a receiver sub-system compris(cid:173)
`ing means for receiving the transmitted secure access signal
`and means for providing conditional access to the controlled
`item dependent upon said information.
`
`17 Claims, 10 Drawing Sheets
`
`100
`
`,)
`
`109
`
`110
`
`124
`
`1 c
`
`c:---iu,.,::•
`
`Database
`
`108
`
`~oi•r ~ jt--, '!"!~~1---
`
`Feedback,..,.,,.
`
`102
`Request
`
`L.';
`
`121
`
`I
`
`---=;-:~
`
`116
`transmitter
`sub-system
`
`,11
`receiver
`sub-system
`
`ASSA ABLOY Ex. 1001 - Page 1
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`US 9,665,705 B2
`Page 2
`
`Related U.S. Application Data
`
`continuation of application No. 10/568,207, filed as
`application No. PCT/AU2004/001083 on Aug. 13,
`2004, now Pat. No. 8,266,442.
`
`(51)
`
`Int. Cl.
`H04W 84/12
`H04W 84/18
`
`(2009.01)
`(2009.01)
`
`ASSA ABLOY Ex. 1001 - Page 2
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 1 of 10
`
`US 9,665,705 B2
`
`-t:::
`·- '-LLS
`
`,:-co
`" i... O)Q
`
`I...
`(I)
`
`i
`8
`
`ASSA ABLOY Ex. 1001 - Page 3
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`User
`101
`
`Feedback/,,,, ~
`
`/~
`125
`.#
`
`.... ~ - - -
`
`123
`-~ - -
`102
`Request
`
`/'\
`
`121
`
`103
`J
`
`Module~
`
`Audio
`transducer
`
`LEO
`indicators
`
`124
`
`122
`
`104
`
`106
`
`Controller/ I
`
`Transmitter
`
`112_1 I
`
`~ ,I')
`
`Database!
`
`I
`
`1191'
`
`I
`I
`I
`I
`I
`I
`(
`I
`I
`I
`I
`I
`I
`I
`I
`
`105
`
`User !D
`Database
`
`108
`,,.,.J
`
`◄ c:;
`116
`transmitter
`sub-system
`
`Controller
`
`Receiver
`
`...
`
`Controlled
`Item
`
`110J I
`
`I
`I
`I
`I
`I
`I
`I
`I c:; ►
`'
`117
`I
`receiver
`I
`sub-system
`
`100
`
`✓
`
`120
`
`114
`
`115
`
`Fig. 2
`
`109
`
`111
`
`I
`
`e •
`
`00
`•
`~
`~
`~
`~
`
`=
`
`~
`
`~
`~
`~
`~
`'"o
`N
`0 ....
`
`-....J
`
`rJJ
`
`('D
`
`=-('D
`.....
`N
`0 ....
`....
`
`0
`
`d r.,;_
`_."-0
`0--,
`0--,
`UI
`
`~ = UI = N
`
`ASSA ABLOY Ex. 1001 - Page 4
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 3 of 10
`
`US 9,665,705 B2
`
`NO
`
`NO
`
`206
`
`YES
`
`202
`
`Compare to
`signatures
`
`YES
`
`204
`
`Select control
`option
`
`205
`
`Send access
`signal
`
`200
`
`,J
`
`Fig. 3
`
`ASSA ABLOY Ex. 1001 - Page 5
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 4 of 10
`
`US 9,665,705 B2
`
`YES
`
`302
`
`Compare to
`code
`
`NO
`
`YES
`
`304
`
`305
`
`Send control
`signal
`
`300
`
`✓
`
`Fig. 4
`
`ASSA ABLOY Ex. 1001 - Page 6
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 5 of 10
`
`US 9,665,705 B2
`
`LO
`•
`
`O') --LL
`
`~
`l.!"J
`
`0)
`0 ..-
`
`c'::
`
`8 ... ~ l l ) 8i
`.9 > e a.
`
`ASSA ABLOY Ex. 1001 - Page 7
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 6 of 10
`
`US 9,665,705 B2
`
`700
`
`✓
`
`From Fig. 7 or Fig. 8
`
`or
`Fig. 9
`
`YES
`
`NO
`
`NO
`
`Fig. 6
`
`ASSA ABLOY Ex. 1001 - Page 8
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 7 of 10
`
`US 9,665,705 B2
`
`600
`
`~
`
`From Fig. 6 707
`
`Compare to
`signatures
`
`604
`
`606
`
`608
`
`Insert duress
`bit(s)
`
`YES
`
`Insert telemetry YES
`blt(s)
`
`Insert access
`bit(s}
`
`YES
`
`NO
`
`609
`
`Insert alert
`bit(s)
`
`610
`
`Send control
`sJgnal
`
`To Fig. 6 705
`
`811
`
`Fig. 7
`
`ASSA ABLOY Ex. 1001 - Page 9
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 8 of 10
`
`US 9,665,705 B2
`
`~--Store administrator-14--..---<
`signature
`
`805
`
`YES
`
`Store duress
`signature
`
`807
`
`809
`
`Store simple
`signature
`
`Erase
`signature(s)
`
`800
`
`,J
`
`811
`
`YES
`
`Fig. 8
`
`ASSA ABLOY Ex. 1001 - Page 10
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 9 of 10
`
`US 9,665,705 B2
`
`903
`
`Emit "enrolment"
`tone & flash Red
`LED (ongoing)
`
`_,____J"
`
`900
`
`✓
`
`904
`
`Emit "enrolment"
`tone & flash Green
`LED (once)
`
`902
`
`Read biometric
`signal (directed by
`Amber LED}
`
`905
`
`To Fig. 6
`
`Emit nrejection"
`tone
`
`911.---------.
`Store signature
`
`913
`
`Erase rerevant
`signature(s)
`
`912
`
`Fig. 9
`
`ASSA ABLOY Ex. 1001 - Page 11
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`U.S. Patent
`
`May 30, 2017
`
`Sheet 10 of 10
`
`US 9,665,705 B2
`
`111
`
`~ ---_,~j-£21~117 r-'100'
`l
`
`D'base
`
`...,.. __ 1 Contr'I
`
`Controlled
`Item
`
`r----------,
`t
`l
`122
`124
`I
`1
`l
`I
`I
`I
`I
`
`) :
`
`I
`
`108
`
`LED
`Display
`
`I ®®®
`
`!
`I
`Rx sub~system 1
`f
`L _ _ _ _ _ _ _ _ _ ..J
`
`108'
`
`Communication
`Network
`
`1020
`
`- - - .,
`~ - - - - - - - C ~ 1 ~ - - ,
`1 oos
`107
`I ,
`
`I
`
`: 1007
`I
`I
`I
`l
`l
`l
`I
`I
`I
`l
`I
`!
`I
`I
`I
`
`Audio-Video
`Interface
`
`Comm'n.
`Interface
`
`I
`I
`
`1004:
`
`Processor
`
`l/0
`Interface
`
`Memory
`
`100
`
`bio sensor
`
`1013
`
`1006
`
`121
`~---------~---------------------~
`Fig. 10
`
`ASSA ABLOY Ex. 1001 - Page 12
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`US 9,665,705 B2
`
`1
`REMOTE ENTRY SYSTEM
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application is a continuation patent application of
`U.S. Non-Provisional application Ser. No. 10/568,207 for
`REMOTE ENTRY SYSTEM, filed Jun. 4, 2008, the disclo(cid:173)
`sure of which is incorporated by reference in its entirety.
`
`FIELD OF THE INVENTION
`
`The present invention relates to secure access systems
`and, in particular, to systems using wireless transmission of
`security code information.
`
`BACKGROUND
`
`FIG. 1 shows a prior art arrangement for providing secure
`access. A user 401 makes a request, as depicted by an arrow
`402, directed to a code entry module 403. The module 403
`is typically mounted on the external jamb of a secure door.
`The request 402 is typically a secure code of some type
`which is compatible with the code entry module 403. Thus, 25
`for example, the request 402 can be a sequence of secret
`numbers directed to a keypad 403. Alternately, the request
`402 can be a biometric signal from the user 401 directed to
`a corresponding biometric sensor 403. One example of a
`biometric signal is a fingerprint. Other physical attributes 30
`that can be used to provide biometric signals include voice,
`retinal or iris pattern, face pattern, palm configuration and so
`on.
`The code entry module 403 conveys the request 402 by
`sending a corresponding signal, as depicted by an arrow 404,
`to a controller 405 which is typically situated in a remote or
`inaccessible place. The controller 405 authenticates the
`security information provided by the user 401 by interro(cid:173)
`gating a database 407 as depicted by an arrow 406. If the
`user 401 is authenticated, and has the appropriate access
`privileges, then the controller 405 sends an access signal, as
`depicted by an arrow 408, to a device 409 in order to provide
`the desired access. The device 409 can, for example, be the
`locking mechanism of a secure door, or can be an electronic
`lock on a personal computer (PC) which the user 401 desires
`to access.
`A proximity card can also be used to emit the request 402,
`in which case the code entry module 403 has appropriate
`functionality.
`Although the request 402 can be made secure, either by
`increasing the number of secret digits or by using a biomet(cid:173)
`ric system, the communication infrastructure in FIG. 1 is
`typically less secure. The infrastructure 400 is generally
`hardwired, with the code entry module 403 generally being
`mounted on the outside jamb of a secured door. In such a
`situation, the signal path 404 can be over a significant
`distance in order to reach the controller 405. The path 404
`represents one weak point in the security system 400,
`providing an unauthorised person with relatively easy access
`to the information being transmitted between the code entry
`module 403 and the controller 405. Such an unauthorised
`person can, given this physical access, decipher the com(cid:173)
`municated information between the code entry module 403
`and the controller 405. This captured information can be
`deciphered, replayed in order to gain the access which
`rightfully belongs to the user 401, or to enable modification
`for other subversive purposes.
`
`2
`Current systems as depicted in FIG. 1 utilise a commu(cid:173)
`nication protocol called "Wiegand" for communication
`between the code entry module 403 and the controller 405.
`The Wiegand protocol is a simple one-way data protocol that
`5 can be modified by increasing or decreasing the bit count to
`ensure uniqueness of the protocol among different security
`companies. The Wiegand protocol does not secure the
`information being sent between the code entry module 403
`and the controller 405.
`10 More advanced protocols such as RS 485 have been used
`in order to overcome the vulnerability of the Wiegand
`protocol over the long distance route 404. RS 485 is a duplex
`protocol offering encryption capabilities at both the trans(cid:173)
`mitting and receiving ends, i.e. the code entry module 403
`15 and the controller 405 respectively in the present case. The
`length of the path 404 nonetheless provides an attack point
`for the unauthorised person.
`Due to the cost and complexity ofre-wiring buildings and
`facilities, security companies often make use of existing
`20 communication cabling when installing and/or upgraded
`security systems, thereby maintaining the vulnerability
`described above.
`
`SUMMARY
`
`It is an object of the present invention to substantially
`overcome, or at least ameliorate, one or more disadvantages
`of existing arrangements.
`According to a first aspect of the present invention, there
`is provided a system for providing secure access to a
`controlled item, the system comprising:
`a database of biometric signatures;
`a transmitter subsystem comprising: a biometric sensor
`for receiving a biometric signal; means for matching the
`35 biometric signal against members of the database of bio(cid:173)
`metric signatures to thereby output an accessibility attribute;
`and means for emitting a secure access signal conveying
`information dependent upon said accessibility attribute,
`wherein the secure access signal comprises one of at least a
`40 rolling code, an encrypted Bluetooth™ protocol, and a
`WiFi™ protocol; and
`a receiver sub-system comprising; means for receiving the
`transmitted secure access signal; and means for providing
`conditional access to the controlled item dependent upon
`45 said information.
`According to another aspect of the present invention,
`there is provided a transmitter sub-system for operating in a
`system for providing secure access to a controlled item, the
`system comprising a database of biometric signatures, a
`50 receiver sub-system comprising means for receiving a
`secure access signal transmitted by the transmitter sub(cid:173)
`system, and means for providing conditional access to the
`controlled item dependent upon information conveyed in the
`secure access signal; wherein the transmitter subsystem
`55 comprises: a biometric sensor for receiving a biometric
`signal; means for matching the biometric signal against
`members of the database of biometric signatures to thereby
`output an accessibility attribute; and means for emitting the
`secure access signal conveying said information dependent
`60 upon said accessibility attribute, wherein the secure access
`signal comprises one of at least a rolling code, an encrypted
`Bluetooth™ protocol, and a WiFi™ protocol.
`According to another aspect of the present invention,
`there is provided receiver sub-system for operating in a
`65 system for providing secure access to a controlled item, the
`system comprising a database of biometric signatures, a
`transmitter subsystem comprising a biometric sensor for
`
`ASSA ABLOY Ex. 1001 - Page 13
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`US 9,665,705 B2
`
`3
`receiving a biometric signal, means for matching the bio(cid:173)
`metric signal against members of the database of biometric
`signatures to thereby output an accessibility attribute, and
`means for emitting a secure access signal conveying infor(cid:173)
`mation dependent upon said accessibility attribute, wherein
`the secure access signal comprises one of at least a rolling
`code, an encrypted Bluetooth™ protocol, and a WiFi™
`protocol; wherein the receiver sub-system comprises; means
`for receiving the transmitted secure access signal; and means
`for providing conditional access to the controlled item
`dependent upon said information.
`According to another aspect of the present invention,
`there is provided a method for providing secure access to a
`controlled item, the method comprising the steps of:
`receiving a biometric signal;
`matching the biometric signal against members of a
`database of biometric signatures to thereby output an acces(cid:173)
`sibility attribute;
`emitting a secure access signal conveying information
`dependent upon said accessibility attribute, wherein the 20
`secure access signal comprises one of at least a rolling code,
`an encrypted Bluetooth™ protocol, and a WiFi™ protocol;
`and
`providing conditional access to the controlled item depen(cid:173)
`dent upon said information.
`According to another aspect of the present invention,
`there is provided a method for populating a database of
`biometric signatures in a system for providing secure access
`to a controlled item, the system comprising said database of
`biometric signatures, a transmitter subsystem comprising a
`biometric sensor for receiving a biometric signal, and means
`for emitting a secure access signal, and a receiver sub(cid:173)
`system comprising means for receiving the transmitted
`secure access signal, and means for providing conditional
`access to the controlled item dependent upon information in 35
`said secure access signal, said method comprising the steps
`of:
`receiving a series of entries of the biometric signal;
`determining at least one of the number of said entries and
`a duration of each said entry;
`mapping said series into an instruction; and
`populating the database according to the instruction.
`According to another aspect of the present invention,
`there is provided a method for transmitting a secure access
`signal in a system for providing secure access to a controlled 45
`item, the system comprising a database of biometric signa(cid:173)
`tures, a receiver sub-system comprising means for receiving
`the secure access signal transmitted by a transmitter sub(cid:173)
`system, and means for providing conditional access to the
`controlled item dependent upon information conveyed in the 50
`secure access signal, said method comprising the steps of:
`receiving a biometric sensor by biometric signal; matching
`the biometric signal against members of the database of
`biometric signatures to thereby output an accessibility attri(cid:173)
`bute; and emitting the secure access signal conveying said 55
`information dependent upon said accessibility attribute,
`wherein the secure access signal comprises one of at least a
`rolling code, an encrypted Bluetooth™ protocol, and a
`WiFi™ protocol.
`According to another aspect of the present invention, 60
`there is provided a method for receiving a secure access
`signal in a system for providing secure access to a controlled
`item, the system comprising a database of biometric signa(cid:173)
`tures, a transmitter subsystem comprising a biometric sensor
`for receiving a biometric signal, means for matching the 65
`biometric signal against members of the database of bio(cid:173)
`metric signatures to thereby output an accessibility attribute,
`
`4
`and means for emitting a secure access signal conveying
`information dependent upon said accessibility attribute,
`wherein the secure access signal comprises one of at least a
`rolling code, an encrypted Bluetooth™ protocol, and a
`5 WiFi™ protocol, said method comprising the steps of:
`receiving the transmitted secure access signal; and pro(cid:173)
`viding conditional access to the controlled item dependent
`upon said information.
`According to another aspect of the present invention,
`10 there is provided a computer program product having a
`computer readable medium having a computer program
`recorded therein for directing a processor to provide secure
`access to a controlled item, said computer program product
`15 comprising:
`code for receiving a biometric signal;
`code for matching the biometric signal against members
`of a database of biometric signatures to thereby output an
`accessibility attribute;
`code for emitting a secure access signal conveying infor(cid:173)
`mation dependent upon said accessibility attribute, wherein
`the secure access signal comprises one of at least a rolling
`code, an encrypted Bluetooth™ protocol, and a WiFi™
`protocol; and
`code for providing conditional access to the controlled
`item dependent upon said information.
`According to another aspect of the present invention,
`there is provided a computer program product having a
`computer readable medium having a computer program
`30 recorded therein for directing a processor to populate a
`database of biometric signatures in a system for providing
`secure access to a controlled item, said computer program
`product comprising:
`code for receiving a series of entries of the biometric
`signal;
`code for determining at least one of the number of said
`entries and a duration of each said entry;
`code for mapping said series into an instruction; and
`code for populating the database according to the instruc-
`tion.
`According to another aspect of the present invention,
`there is provided a computer program product having a
`computer readable medium having a computer program
`recorded therein for directing a processor to transmit a
`secure access signal in a system for providing secure access
`to a controlled item, said computer program product com(cid:173)
`prising:
`code for receiving a biometric sensor by biometric signal;
`code for matching the biometric signal against members
`of the database of biometric signatures to thereby output an
`accessibility attribute; and
`code for emitting the secure access signal conveying said
`information dependent upon said accessibility attribute,
`wherein the secure access signal comprises one of at least a
`rolling code, an encrypted Bluetooth™ protocol, and a
`WiFi™ protocol.
`According to another aspect of the present invention,
`there is provided a computer program product having a
`computer readable medium having a computer program
`recorded therein for directing a processor to receive a secure
`access signal in a system for providing secure access to a
`controlled item, said computer program product comprising:
`code for receiving the transmitted secure access signal;
`and
`code for providing conditional access to the controlled
`item dependent upon said information.
`
`25
`
`40
`
`ASSA ABLOY Ex. 1001 - Page 14
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`US 9,665,705 B2
`
`5
`According to another aspect of the present invention,
`there is provided a system for providing secure access, the
`system comprising:
`a biometric sensor for authenticating the identity of a user;
`a transmitter for transmitting information using a secure
`wireless signal dependent upon a request from the user and
`the authentication of the user identity; and
`a control panel for receiving the information and for
`providing the secure access requested.
`Other aspects of the invention are also disclosed.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`6
`signatures for authorised users against which the request 102
`can be authenticated. If the identity of the user 101 is
`authenticated successfully, then the code entry module 103
`sends a signal 106 to a controller/transmitter 107. The
`5 controller/transmitter 107 checks, as depicted by an arrow
`112, the current rolling code in a database 113. The con(cid:173)
`troller 107 then updates the code and sends the updated
`code, this being referred to as an access signal, as depicted
`by an arrow 108 to a controller 109. The rolling code
`10 protocol offers non-replay encrypted communication.
`The controller 109 tests the rolling code received in the
`access signal 108 against the most recent rolling code which
`has been stored in a database 115, this testing being depicted
`by an arrow 114. If the incoming rolling code forming the
`15 access signal 108 is found to be legitimate, then the con(cid:173)
`troller 109 sends a command, as depicted by an arrow 110,
`to a controlled item 111. The controlled item 111 can be a
`door locking mechanism on a secure door, or an electronic
`key circuit in a personal computer (PC) that is to be accessed
`by the user 101. It is noted that the controller 109 contains
`a receiver 118 that receives the transmitted access signal 108
`and converts it into a form that is provided, as depicted by
`an arrow 120, into a form that the controller 109 can use.
`The code entry module 103 also incorporates at least one
`25 mechanism for providing feedback to the user 101. This
`mechanism can, for example, take the form or one or more
`Light Emitting Diodes (LEDs) 122 which can provide visual
`feedback, depicted by an arrow 123 to the user 101. Alter(cid:173)
`nately or in addition the mechanism can take the form of an
`30 audio signal provided by an audio transducer 124 providing
`audio feedback 125.
`The arrangement in FIG. 2 has been described for the case
`in which the secure code in the access signal 108 used
`between the sub-systems 116 and 117 is based upon the
`35 rolling code. It is noted that this is merely one arrangement,
`and other secure codes can equally be used. Thus, for
`example, either of the Bluetooth™ protocol, or the Wi Fi™
`protocols can be used.
`Rolling codes provide a substantially non-replayable non(cid:173)
`repeatable and encrypted radio frequency data communica(cid:173)
`tions scheme for secure messaging. These codes use inher(cid:173)
`ently secure protocols and serial number ciphering
`techniques which in the present disclosure hide the clear text
`values required for authentication between the key fob
`45 (transmitter) sub-system 116 and the receiver/controller 118/
`109.
`Rolling codes use a different code variant each time the
`transmission of the access signal 108 occurs. This is
`achieved by encrypting the data from the controller 107 with
`a mathematical algorithm, and ensuring that successive
`transmissions of the access signal 108 are modified using a
`code and/or a look-up table known to both the transmitter
`sub-system 116 and the receiver sub-system 117. Using this
`approach successive transmissions are modified, resulting in
`55 a non-repeatable data transfer, even if the information from
`the controller 107 remains the same. The modification of the
`code in the access signal 108 for each transmission signifi(cid:173)
`cantly reduces the likelihood that an intruder can access the
`information replay the information to thereby gain entry at
`some later time.
`The sub-system in FIG. 2 falling to the left hand side, as
`depicted by an arrow 116, of a dashed line 119 can be
`implemented in a number of different forms. The sub-system
`116 can for example be incorporated into a remote fob
`(which is a small portable device carried by the user 101),
`or alternately can be mounted in a protected enclosure on the
`outside jamb of a secured door. The sub-system 116 com-
`
`Some aspects of the prior art and one or more embodi(cid:173)
`ments of the present invention are described with reference
`to the drawings, in which:
`FIG. 1 shows a prior art arrangement for providing secure
`access;
`FIG. 2 is a functional block diagram of an arrangement for
`providing secure access according to the present disclosure;
`FIG. 3 shows an example of a method of operation of the 20
`remote control module of FIG. 2;
`FIG. 4 shows an example of a method of operation of the
`(fixed) control device of FIG. 2;
`FIG. 5 shows incorporation of a protocol converter into
`the arrangement of FIG. 2; and
`FIG. 6 shows another example of how the remote access
`system operates;
`FIG. 7 shows an access process relating to the example of
`FIG. 6;
`FIG. 8 shows one enrollment process relating to the
`example of FIG. 6;
`FIG. 9 shows another enrollment process relating to the
`example of FIG. 6; and
`FIG. 10 is a schematic block diagram of the system in
`FIG. 2.
`
`DETAILED DESCRIPTION INCLUDING BEST
`MODE
`
`It is to be noted that the discussions contained in the 40
`"Background" section relating to prior art arrangements
`relate to discussions of documents or devices which form
`public knowledge through their respective publication and/
`or use. Such should not be interpreted as a representation by
`the present inventor(s) or patent applicant that such docu(cid:173)
`ments or devices in any way form part of the common
`general knowledge in the art.
`Where reference is made in any one or more of the
`accompanying drawings to steps and/or features, which have
`the same reference numerals, those steps and/or features 50
`have for the purposes of this description the same
`function(s) or operation(s), unless the contrary intention
`appears.
`FIG. 2 is a functional block diagram of an arrangement for
`providing secure access according to the present disclosure.
`A user 101 makes a request, as depicted by an arrow 102, to
`a code entry module 103. The code entry module 103
`includes a biometric sensor 121 and the request 102 takes a
`form which corresponds to the nature of the sensor 121 in
`the module 103. Thus, for example, if the biometric sensor 60
`121 in the code entry module 103 is a fingerprint sensor, then
`the request 102 typically takes the form of a thumb press on
`a sensor panel (not shown) on the code entry module 103.
`The code entry module 103 interrogates, as depicted by an
`arrow 104, a user identity database 105. Thus for example if 65
`the request 102 is the thumb press on the biometric sensor
`panel 121 then the user database 105 contains biometric
`
`ASSA ABLOY Ex. 1001 - Page 15
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`
`
`US 9,665,705 B2
`
`5
`
`7
`municates with the sub-system 117 on the right hand side of
`the dashed line 119 via the wireless communication channel
`used by the access signal 108. The sub-system 117 is
`typically located in an inaccessible area such as a hidden
`roof space or alternately in a suitable protected area such as
`an armoured cupboard. The location of the sub-system 117
`must of course be consistent with reliable reception of the
`wireless access signal 108.
`Although typically the communication channel uses a
`wireless transmission medium, there are instances where the
`channel used by the access signal 108 can use a wired
`medium. This is particularly the case when the transmitter
`sub-system 116 is mounted in an enclosure on the door jamb
`rather than in a portable key fob.
`The biometric signature database 105 is shown in FIG. 2
`to be part of the transmitter sub-system 116. However, in an
`alternate arrangement, the biometric signature database 105
`can be located in the receiver sub-system 117, in which case
`the communication 104 between the code entry module 103
`and the signature database 105 can also be performed over 20
`a secure wireless communication channel such as the one
`used by the access signal 108. In the event that the secure
`access system is being applied to providing secure access to
`a PC, then the secured PC can store the biometric signature
`of the authorised user in internal memory, and the PC can be
`integrated into the receiver sub-system 117 of FIG. 1.
`In the event that the sub-system 116 is implemented as a
`remote fob, the combination of the biometric verification
`and the strongly encrypted wireless communication pro(cid:173)
`vides a particularly significant advantage over current sys(cid:173)
`tems. The remote key fob arrangement allows easy instal(cid:173)
`lation, since the wired communication path 404 (see FIG. 1)
`is avoided. Other existing wiring elements of the present
`systems 400 can be used where appropriate. When the
`sub-system 116 is implemented as a remote fob, the fob
`incorporates the biometric ( eg fingerprint) authentication
`arrangement, in which case only one biometric signature is
`stored in the fob. This arrangement reduces the requirements
`on the central database 115. Once the key fob authenticates
`the user through biometric signature (eg fingerprint) verifi(cid:173)
`cation, the rolling code in the access signal 108 is transmit(cid:173)
`ted to the controller 109 for authorisation of the user for that
`location at that time.
`In addition to authenticating the user 101 the biometric
`sensor 121 in the code entry module 103 in conjunction with
`the controller 107 can also check other access privileges of
`the user 101. These access privileges can be contained in the
`database 105 which can be located either locally in the
`remote key fob, or in the receiver sub-system 117 as
`previously described. In one example, Tom Smith can firstly
`be authenticated as Tom Smith using the thumb press by
`Tom on the biometric sensor panel (not shown).AfterTom's
`personal biometric identity is authenticated, the transmitter
`sub-system 116 can check if Tom Smith is in fact allowed to
`use the particular door secured by the device 111 on week- 55
`ends. Thus the security screening offered by the described
`arrangement can range from simple authentication of the
`user's identity, to more comprehensive access privilege
`screening.
`The incorporation of the biometric sensor 121 into the
`code entry module 103 in the form of a remote key fob also
`means that i