Title of Invention	A METHOD AND AN ENTRY ACCESS SYSTEM FOR PROVIDING ACCESS TO A SECURE SYSTEM
Abstract	An entry access system includes a locking mechanism enabling authorized entry at a secured entry point to a closed access area or computing device. Entry is approved in response to an interaction between an intended entrant and the entry access system that involves an interchange of multidigit numbers and use of ill and PINs for generation of a multidigit check number to establish authenticity of a

Title of Invention

A METHOD AND AN ENTRY ACCESS SYSTEM FOR PROVIDING ACCESS TO A SECURE SYSTEM

Abstract

An entry access system includes a locking mechanism enabling authorized entry at a secured entry point to a closed access area or computing device. Entry is approved in response to an interaction between an intended entrant and the entry access system that involves an interchange of multidigit numbers and use of ill and PINs for generation of a multidigit check number to establish authenticity of a

Full Text	constructed and transmitted to the communicator. At the communicator the multidigit number is received and a new number is generated, using encryption algorithm techniques with the PIN as a key. The new number is retransmitted back to the entry access system where a check number is generated, using the new number, and using the PIN as a key. The check number is compared with the original generated arbitrary number. If they match access is granted to the entry applicant. The generated numbers may be transmitted openly between stations without compromising system security since the encryption processes are limited to intemal processes at each end. Attainment of the transmitted numbers through interception by an unauthorized recipient is of no value in gaining access to the secure area. Accordingly, the present invention provides a method of providing access to a secure system through an entry access system in which access is granted in response to a protocol process, where both the user and the entry access system possess a user ID and a PIN, characterized by: establishing a telephone communication link between the user and the entry access system; entering the PIN into a communication device to allow transmission of the ID to the entry access system; the entry access system correlating the received ID with the PIN assigned to the user that is stored in the entry access system; transmitting from the entry access system a multidigit number to the communication device derived from the stored PIN; receiving the multidigit number at the communication device and transforming the multidigit number by encryption techniques to attain a new number by using the PIN as a key; retuming the transformed new number to the entry access system; transforming the received number at the entry of the entry access system utilizing the PIN as a key and utilizing the same encryption techniques to attain a check number; and deactivating the lock if the check number is identical to the new number. The present invention also provides an entry access system for controlling access to a secure system, comprising: means for communicating over a telephone network; a data base of ID and PIN numbers; means for generating an arbitrary multidigit number in response to an ID communicated by an intended entrant to the secure system ; means for converting the multidigit number into DTMF multitones; telephone communication means connected for transmitting the multitones into a telephone network for transmission to the intended format; characterized by: means for receiving a number generated by encryption methods of a communicator of the intended entrant from an ID and PIN of the entrant, via the telephone network; means for generating a check number using the stored PIN as a key and comparing it to the multidigit number; a locking mechanism for enabling / disabling entry to the secure system operative to identity of the multidigit number and the generated check number. With reference to the accompanying drawings, in which : FIG. 1 is a schematic of a secured access system according to the principles of the invention; FIG. 2 is a schematic of a protocol arrangement included in the entry access system for allowing access according to the principles of the invention; and FIG. 3 is a flow chart illustrating a process in which the entry access system operates. A secured system shown in FIG. 1 has an area, computer or data storage 101 which is secured from entry by the entry access system 103 which controls a locking mechanism 105 which needs to be released before a user can gain access to the interior of the secure system (i.e. area). The entry access system includes a telephone station set 109 connected to the public switched telephone network (PSTN) 107. The PSTN 107 is connected to a wireless base station 111. The user desiring entry to the secure system 101 in the illustrative embodiment has a mobile communicator 121 in wireless communication with the wireless base station 111. Communicator 121 preferably has a touch tone decoder 123 for receiving and transmitting numbers as DTMF dual frequencies. The invention is not limited to wireless communication but may communicate, in the alternative, through a wired station set extemal to the secure area. The communicator is arranged to accept a smart card 125 which includes data storage relevant to the card holder. The smart card may include information such as an ID number, a PIN (i.e., also stored at the entry access system) or other information relevant to the user. In the altemative, to a another number from the received number and the user's PIN as indicated by the instructions of block 315. The user's PIN may be entered directly by user or recovered from an inserted smart card. The another number is retumed to the entry point, as indicated in block 317; and at the entry point system the originally generated number is acted upon by the encryption engine in combination with the stored PIN at the entry point to regenerate a check number as per block 319. If the regenerated check number is identical to the transmitted number from the communicator the entry is unlocked as per decision block 321. If the numbers do not match the process is terminated leaving the entry locked. While a particular process and apparatus have been illustratively disclosed other variations may be implemented without departing from the spirit and scope of the invention. In one alternative embodiment the number of the entry point would be released only by application of the PIN releasing the number as stored on the smart card. While the communicator is shown as wireless the process may be implemented using a wired communication connection. Another variation would include a timeout period in which to enter valid information, after which the system is disabled or the process terminated. WE CLAIM : 1. A method of providing access to a secure system through an entry access system in which access is granted in response to a protocol process, where both the user and the entry access system possess a user ID and a PIN, characterized by: establishing a telephone communication link between the user and the entry access system (305, 307); entering the PIN into a communication device (123) to allow transmission of the ID to the entry access system (309); the entry access system correlating the received ID with the PIN assigned to the user that is stored in the entry access system (311); transmitting from the entry access system a multidigit number to the communication device derived from the stored PIN (313); receiving the multidigit number at the communication device and transforming the multidigit number by encryption techniques to attain a new number by using the PIN as a key (315); retuming the transformed new number to the entry access system (317); transforming the received number at the entry of the entry access system utilizing the PIN as a key and utilizing the same encryption techniques to attain a check number (319); and deactivating the lock if the check number is identical to the new number (321). 2. An entry access system for controlling access to a secure system, comprising: means (121, 111, 205) for communicating over a telephone network; a data base (201, 203) of ID and PIN numbers; means for generating an arbitrary multidigit number in response to an ID communicated by an intended entrant to the secure system (101); means (209) for converting the multidigit number into DTMF multitones; telephone communication means (101, 205) connected for transmitting the multitones into a telephone network for transmission to the intended format; characterized by: means for receiving a number generated by encryption methods of a communicator of the intended entrant from an ID and PIN of the entrant, via the telephone network (107); means for generating a check number using the stored PIN as a key and comparing it to the multidigit number; a locking mechanism (105) for enabling / disabling entry to the secure system (101) operative to identity of the multidigit number and the generated check number. 3. The method, as claimed in claim 1, further including: the step of storing the system ID and PIN includes inserting a smart card (125) in the communication device (121). 4. The method as claimed in claim 1, further including: the step of entering of the PIN includes the step of releasing the PIN from a smart card (125) inserted into the communication device (121). 5. The method as claimed in claim 1, further including the step of limiting response in deactivating the lock to operations performed within a specified time limit. 6. The system as claimed in claim 2, comprises the telephone communication means (107) having a connection through the network to a wireless station (111) for communicating with a wireless communicator (121) of the intended entrant. 7. The system as claimed in claim 6, comprises the wireless communicator (121) receiving an ID and PIN from a smart card (125) inserted into the wireless communicator (121). 8. A method of providing access to a secure system, substantially as herein described with reference to the accompanying drawings. 9. An entry access system for controlling access to a secure system substantially as herein described with reference to the accompanying drawings.

Full Text

constructed and transmitted to the communicator.
At the communicator the multidigit number is received and a new number is generated, using encryption algorithm techniques with the PIN as a key. The new number is retransmitted back to the entry access system where a check number is generated, using the new number, and using the PIN as a key. The check number is compared with the original generated arbitrary number. If they match access is granted to the entry applicant.
The generated numbers may be transmitted openly between stations without compromising system security since the encryption processes are limited to intemal processes at each end. Attainment of the transmitted numbers through interception by an unauthorized recipient is of no value in gaining access to the secure area.
Accordingly, the present invention provides a method of providing access to a secure system through an entry access system in which access is granted in response to a protocol process, where both the user and the entry access system possess a user ID and a PIN, characterized by: establishing a telephone communication link between the user and the entry access system; entering the PIN into a communication device to allow transmission of the ID to the entry access system; the entry access system correlating the received ID with the PIN assigned to the user that is stored in the entry access system; transmitting from the entry access system a multidigit number to the communication device derived from the stored PIN; receiving the multidigit number at the communication device and transforming the multidigit number by encryption

techniques to attain a new number by using the PIN as a key; retuming the transformed new number to the entry access system; transforming the received number at the entry of the entry access system utilizing the PIN as a key and utilizing the same encryption techniques to attain a check number; and deactivating the lock if the check number is identical to the new number.
The present invention also provides an entry access system for controlling access to a secure system, comprising: means for communicating over a telephone network; a data base of ID and PIN numbers; means for generating an arbitrary multidigit number in response to an ID communicated by an intended entrant to the secure system ; means for converting the multidigit number into DTMF multitones; telephone communication means connected for transmitting the multitones into a telephone network for transmission to the intended format; characterized by: means for receiving a number generated by encryption methods of a communicator of the intended entrant from an ID and PIN of the entrant, via the telephone network; means for generating a check number using the stored PIN as a key and comparing it to the multidigit number; a locking mechanism for enabling / disabling entry to the secure system operative to identity of the multidigit number and the generated check number.
With reference to the accompanying drawings, in which :
FIG. 1 is a schematic of a secured access system according to the principles of the invention;

FIG. 2 is a schematic of a protocol arrangement included in the entry access system for allowing access according to the principles of the invention; and
FIG. 3 is a flow chart illustrating a process in which the entry access system operates.
A secured system shown in FIG. 1 has an area, computer or data storage 101 which is secured from entry by the entry access system 103 which controls a locking mechanism 105 which needs to be released before a user can gain access to the interior of the secure system (i.e. area). The entry access system includes a telephone station set 109 connected to the public switched telephone network (PSTN) 107.
The PSTN 107 is connected to a wireless base station 111. The user
desiring entry to the secure system 101 in the illustrative embodiment has a
mobile communicator 121 in wireless communication with the wireless base
station 111. Communicator 121 preferably has a touch tone decoder 123 for
receiving and transmitting numbers as DTMF dual frequencies. The invention is
not limited to wireless communication but may communicate, in the alternative,
through a wired station set extemal to the secure area. The communicator is
arranged to accept a smart card 125 which includes data storage relevant to the
card holder. The smart card may include information such as an ID number, a
PIN (i.e., also stored at the entry access system) or other information relevant to
the user. In the altemative, to a

another number from the received number and the user's PIN as indicated by the instructions of block 315. The user's PIN may be entered directly by user or recovered from an inserted smart card.
The another number is retumed to the entry point, as indicated in block 317; and at the entry point system the originally generated number is acted upon by the encryption engine in combination with the stored PIN at the entry point to regenerate a check number as per block 319. If the regenerated check number is identical to the transmitted number from the communicator the entry is unlocked as per decision block 321. If the numbers do not match the process is terminated leaving the entry locked.
While a particular process and apparatus have been illustratively disclosed other variations may be implemented without departing from the spirit and scope of the invention. In one alternative embodiment the number of the entry point would be released only by application of the PIN releasing the number as stored on the smart card. While the communicator is shown as wireless the process may be implemented using a wired communication connection.
Another variation would include a timeout period in which to enter valid information, after which the system is disabled or the process terminated.

WE CLAIM :
1. A method of providing access to a secure system through an entry access system in which access is granted in response to a protocol process, where both the user and the entry access system possess a user ID and a PIN, characterized by: establishing a telephone communication link between the user and the entry access system (305, 307); entering the PIN into a communication device (123) to allow transmission of the ID to the entry access system (309); the entry access system correlating the received ID with the PIN assigned to the user that is stored in the entry access system (311); transmitting from the entry access system a multidigit number to the communication device derived from the stored PIN (313); receiving the multidigit number at the communication device and transforming the multidigit number by encryption techniques to attain a new number by using the PIN as a key (315); retuming the transformed new number to the entry access system (317); transforming the received number at the entry of the entry access system utilizing the PIN as a key and utilizing the same encryption techniques to attain a check number (319); and deactivating the lock if the check number is identical to the new number (321).
2. An entry access system for controlling access to a secure system, comprising: means (121, 111, 205) for communicating over a telephone network; a data base (201, 203) of ID and PIN numbers; means for generating an arbitrary multidigit number in response to an ID communicated by an intended entrant to the secure system (101); means (209) for converting the multidigit number into DTMF multitones;

telephone communication means (101, 205) connected for transmitting the multitones into a telephone network for transmission to the intended format; characterized by: means for receiving a number generated by encryption methods of a communicator of the intended entrant from an ID and PIN of the entrant, via the telephone network (107); means for generating a check number using the stored PIN as a key and comparing it to the multidigit number; a locking mechanism (105) for enabling / disabling entry to the secure system (101) operative to identity of the multidigit number and the generated check number.
3. The method, as claimed in claim 1, further including: the step of storing the system ID and PIN includes inserting a smart card (125) in the communication device (121).
4. The method as claimed in claim 1, further including: the step of entering of the PIN includes the step of releasing the PIN from a smart card (125) inserted into the communication device (121).
5. The method as claimed in claim 1, further including the step of limiting response in deactivating the lock to operations performed within a specified time limit.
6. The system as claimed in claim 2, comprises the telephone communication means (107) having a connection through the network to a wireless station (111) for communicating with a wireless communicator (121) of the intended entrant.

7. The system as claimed in claim 6, comprises the wireless communicator
(121) receiving an ID and PIN from a smart card (125) inserted into the
wireless communicator (121).
8. A method of providing access to a secure system, substantially as herein
described with reference to the accompanying drawings.
9. An entry access system for controlling access to a secure system
substantially as herein described with reference to the accompanying
drawings.

Documents:

165-mas-1997-abstract.pdf

165-mas-1997-claims duplicate.pdf

165-mas-1997-claims original.pdf

165-mas-1997-correspondance others.pdf

165-mas-1997-correspondance po.pdf

165-mas-1997-description complete duplicate.pdf

165-mas-1997-description complete original.pdf

165-mas-1997-drawings.pdf

165-mas-1997-form 1.pdf

165-mas-1997-form 26.pdf

165-mas-1997-form 3.pdf

165-mas-1997-form 4.pdf

165-mas-1997-form 5.pdf

165-mas-1997-pct.pdf

« Previous Patent

Next Patent »

Patent Number

206312

Indian Patent Application Number

165/MAS/1997

PG Journal Number

26/2007

Publication Date

29-Jun-2007

Grant Date

23-Apr-2007

Date of Filing

28-Jan-1997

Name of Patentee

AT&T Corp

Applicant Address

32 AVENUE NEW YORK 10013-2412.

Inventors:

#	Inventor's Name	Inventor's Address
1	ROBERT RAYMOND MILLER II	12 BRADLEY ROAD, CONVENT STATION, NEW JERSEY 07960.

PCT International Classification Number

H04L9/04

PCT International Application Number

N/A

PCT International Filing date

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	08/657448	1996-05-29	U.S.A.