WO1984002786A1 - Improved card reader for security system - Google Patents

Improved card reader for security system Download PDF

Info

Publication number
WO1984002786A1
WO1984002786A1 PCT/US1983/000057 US8300057W WO8402786A1 WO 1984002786 A1 WO1984002786 A1 WO 1984002786A1 US 8300057 W US8300057 W US 8300057W WO 8402786 A1 WO8402786 A1 WO 8402786A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
central controller
card
access
card reader
Prior art date
Application number
PCT/US1983/000057
Other languages
French (fr)
Inventor
Bhupendra J Khandwala
Jorge A Young
Sarkis V Kalustian
Original Assignee
Figgie Int Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=22174804&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO1984002786(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Figgie Int Inc filed Critical Figgie Int Inc
Priority to EP83900819A priority Critical patent/EP0137767B1/en
Priority to PCT/US1983/000057 priority patent/WO1984002786A1/en
Priority to DE8383900819T priority patent/DE3381654D1/en
Priority to AT83900819T priority patent/ATE53683T1/en
Priority to JP58500850A priority patent/JPS60500340A/en
Priority to CA000444892A priority patent/CA1207458A/en
Priority to IT67022/84A priority patent/IT1178816B/en
Publication of WO1984002786A1 publication Critical patent/WO1984002786A1/en
Priority to US07/036,150 priority patent/US4816658A/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C1/00Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
    • G07C1/10Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
    • G07C1/12Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity wherein the time is indicated in figures
    • G07C1/14Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity wherein the time is indicated in figures with apparatus adapted for use with individual cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/23Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration

Definitions

  • Door access security systems utilizing magnetic card readers at doors to be controlled, are known in the prior art.
  • Such systems include central controllers coupled to a plurality of readers, each of which is located at a specific door to be controlled.
  • Authorized persons wishing to gain access through a door insert magnetic cards into slots in the reader. Magnetic codings on the cards are then read and data is sent to the controller which authorizes or refuses entry and tells the reader either to keep the door locked or unlock the door.
  • a problem arises when communication between a remote card reader and the central controller is lost. If all access is denied during such times, peoples lives may be endangered. If open access to anyone is granted, security may be breached with no record of who was granted access during the down or degraded mode period.
  • a card reader for use in a security system for controlling access through key doors, said security system having a central controller and a plurality of card readers, each reader controlling a key door.
  • the card readers read magnetic data stored on cards held by employees, etc.
  • the cards have system code data and I.D. data stored on them magnetically or otherwise.
  • the reader sends the card data to the central controller, when communication is possible, and the central controller then grants or denies access based on the card data by sending a signal to the reader that authorizes or denies permission to the card reader to unlock the door, etc.
  • the improved card reader can also sense when communications with the central controller are lost and grant or deny access without consulting the controller. based upon data read from the card by comparing the card data to data stored in a degraded node buffer in the reader, indicating which persons are authorized access during degraded mode times when communication with the central controller is not possible.
  • the data in the degraded mode buffer is loaded from the central controller on a request basis by the reader or central controller or periodically.
  • the card reader stores the I.D. data from the card for each employee who was either granted or denied authorization in a transaction buffer for later transmission to the central controller. Both "Go" and "No Go" transactions are recorded and marked as such for later segregation by the controller.
  • Figure 1 is a block diagram of a security system in which the improved reader of the invention could be used.
  • FIG. 2 is a block diagram of the improved reader.
  • Figure 3 is a logic diagram of the optical isolator board.
  • Figures 4 A and B are a logic diagram of the switch and relay board.
  • Figures 5 A and B are a circuit diagram of the RAM buffer board and power fail detect circuit.
  • Figures 6A, 6B and 6C are circuit diagrams of the CPU reader board.
  • Figures 7A and 7B are a logic diagram of the circuitry of the transaction buffer and the degraded mode buffer.
  • Figure 8 is a flow diagram for the reader software showing the steps taken to transmit data in the transaction buffer to the controller.
  • Figure 9 is a diagram of the memory tables in the controller which are used in performing downloading of degraded mode I.D. data to the card readers.
  • Figure 10 is a flow diagram for the controller software which details the steps taken by the controller in downloading information to readers.
  • Figures 11A and 11B are a flow diagram of the reader software showing the steps taken to authorize or deny access and store transaction data for transactions occurring during degraded and super degraded mode times when communication with the central controller is not possible.
  • Figure 12 is a flow diagram of the steps taken by the super degrade mode readers in downloading I.D. data on command from the central controller. Detailed Description of the Preferred Embodiment
  • FIG. 1 there is disclosed a system diagram of a typical magnetic card reading security system.
  • a central controller 20 is coupled to a plurality of card readers of which readers 22 and 24 are typical.
  • the controller 20 is coupled to each reader by an enable pair and a data pair by which the controller can communicate with any card reader in the system.
  • the controller 20 communicates with the reader 22 by an enable pair 26 and a data pair 28.
  • the controller 20 polls the reader 22 for messages and sends commands to it by the enable pair 26.
  • Data is sent to the controller 20 from the reader 22 via the data pair 28.
  • Serial format is used on both lines.
  • the reader 22 is typically located at a door that needs to be access-controlled while the controller 20 can be located at some distance from the door.
  • the structural details of the controller 20 are well known in the art, and it can be purchased under the model designation MAC 530/40 from Rusco Electronic Systems in Glendale, California.
  • the object code software for the controller is also well known and can be purchased from the same source.
  • the reader 22 receives a magnetic card in a card slot 32.
  • the details of a typical magnetic card structure will be found in U.S. Patents 3,717,749 or
  • the data on the card is stored in a temporay RAM location until a polling signal from the controller 20 arrives on the enable lines 26.
  • the data from the card is transferred on the data lines 28 to the controller 20.
  • the controller 20 processes the data and sends back a "Go” or "No Go” command which causes the reader 22 to take the appropriate action. If the command is “Go”, the reader 22 unlocks the door latch via the lines 34 and lights a green LED. If the command is "No Go”, the reader 22 lights a red LED and, optionally, energizes a No Go relay.
  • the cardholder is also required to enter a password comprised of a plurality of digits entered via a keyboard on the face of the reader 22. If the password and the card data are all correct, access will be granted.
  • degraded mode operation Operation during times when communication between the readers and the central controller 20 is not possible, will be referred to herein as degraded mode operation.
  • those readers which are active read the data from cards and make the decision to authorize or deny access locally based upon a comparison of the data read from the card to the data stored in a degraded mode buffer located inside each reader. There is no need for communication with the central controller.
  • the data stored in each degraded mode buffer consists of the I.D. numbers of each employee who is authorized to enter the particular area controlled by the reader during degraded mode times.
  • the specific information for each reader may be different and is loaded in each reader by the central controller 20 periodically or upon a request basis during times when communication between the readers and the central controller is normal.
  • the reader 22 can optionally also incorporate circuitry to monitor a plurality of alarm contacts connected to the lines 30. When one of the contacts changes state, the reader 22 senses the change and signals the controller 20 on the next poll. The controller 20 can then print out a pre-programmed message on a printer 36. More importantly, the controller 20 can automatically send back a command to cause a switch closure by energizing a relay in the reader 22 or in any other reader in the system. This automatic response can also be any other command that the reader receives normally from the controller.
  • the relay can be connected to an emergency device via the lines 38.
  • the emergency device can be any device such as an automatic phone dialer, a sprinkler system, an alarm or whatever other device that is desired.
  • the reader 24 is a different type of improved reader which can be used to keep time records for the attendance of hourly employees' on their jobs.
  • the reader 24 has a display 40, a card slot 42, and "in” and “out” buttons, 44 and 46. In operation, an employee would place his card in the card slot 42 and press either the "in” button 4.4 or the "out” button 46. The data on his card plus the time of day displayed in the display 40 would then be stored in a buffer in the reader 24. Based upon the system code data on the card, the reader 24 would authorize or deny entry to the employee. If entry is authorized by the reader 24 and a green LED will be lit, the door will be unlocked via the lines 48. If entry is denied, the reader
  • the reader 24 will so indicate by lighting a red LED on the face plate. All authorization or denial decisions are made locally by the reader 24 based upon the system code alone on the card, and the data regarding each transaction, such as the I.D. number and the time of day, is stored in the local buffer in the reader 24.
  • the reader 24 can include a degraded mode buffer which can store the
  • I.D. numbers of those who are authorized to pass during degraded mode time and will grant or deny access based upon data in this degraded mode buffer during degraded mode times.
  • the data for the transaction i.e., the I.D. number and the time of day of the transaction is stored in a transaction buffer.
  • the controller 20 is coupled to the reader 24 by an enable pair 50 and a data pair 52.
  • the controller 20 polls the reader 24 by sending a poll signal on the line 50.
  • the reader 24 transfers the data for one transaction out of the transaction buffer to the controller 20 via the data lines 52.
  • the controller then can process the data in any fashion including printing it out on the printer 36.
  • the details of the controller 20 are exemplified by U.S. Patents 4,216,375 and 4,218,690. The operation of the controller in loading the degraded mode buffers of the readers with the I.D. data for persons authorized to pass during degraded mode times will be explained in more detail below.
  • the reader 24 can also include means to offset the time displayed in the display 40 from the time kept by the controller 20 in the case that the controller is in a different time zone from the reader. Normally the controller 20 keeps the master time for the system and the reader 24 keeps its own time. Every 15 minutes, the reader 24 inquires the time of the controller 20 and synchronizes the reader's local time with the master time kept by the controller. When the reader 24 is in a different time zone from the controller 20, a group of offset switches in the reader 24 are set to indicate the number of minutes of offset between the local reader time and the controller time. Referring to Figure 2, there is shown a block diagram of a card reader for use in a security system such as is shown in Figure 1.
  • Figure 2 represents a combined functional block diagram of a reader with the common core circuits and with all the optional circuit elements of both types of readers also present.
  • the card reader of Figure 2 communicates with the controller 20 of Figure 1 through an isolation board 54.
  • the isolation board 54 serves to isolate the data on the enable pair 26 and data pair 28 from the logic circuitry of the rest of the card reader.
  • the isolation board 54 passes the signals from the enable line 26 through to the RX data lines 56 and passes the data from the TX data lines 58 through to the data lines 28.
  • the RX data lines 56 are coupled to a multiplexer 60 in a switch and relay board 62.
  • the purpose of the multiplexer 60 is to select various data channels for connection to a data line D7, 63, of a bus 64.
  • the bus 64 is coupled between the switch and relay board 62 and the data, address and control terminals of a microprocessor CPU 66 on a reader CPU board 67. Address lines A0-A2 from the bus 64 are also coupled to the multiplexer 60.
  • the CPU 66 causes the multiplexer 60 to select one of the data channels connected to it for connection to its data output coupled to the line D7.
  • the microprocessor 66 can then read the data on the selected data channel through the D7 line
  • Data to be transmitted from the card reader to the central controller 20 are input from the D ⁇ line 68 of the data bus 64 to a driver 70.
  • the driver 70 is also coupled to the A ⁇ -A2 address lines of the data bus 64 which supply an address from the microprocessor 66.
  • the driver 70 has several addressable outputs, one of which is the TX data lines 58.
  • the address supplied to the driver 70 causes it to apply the signal on the D ⁇ line 68 to the selected output.
  • the microprocessor 66 places the data to be sent on the D ⁇ bus line and writes the proper address on the address lines A ⁇ -A2 of the bus 64.
  • the serial data on the D ⁇ line is then applied to the TX data lines 58.
  • the central controller 20 receives the data on the data line 28 and acts upon the data message in some fashion depending upon what the message is and may or may not send a command back to the card reader via the enable line 26.
  • a go relay 71 is coupled to a door latch device by the lines 34.
  • the lines 34 can be coupled to relay contacts or other switching devices to provide an interruptible current flow path to control whether the door latch is in a locked or unlocked state.
  • the go relay is also coupled to the driver 70 by a switching line 72.
  • the switching line controls the state of the go relay and thereby controls the state of the door latch device.
  • the switching line is addressable by the microprocessor 66 through the driver 70 such that the microprocessor 66 controls the state of the go relay 70.
  • the microprocessor 66 is also coupled to a card reader coil circuit 74 by the bus 64.
  • the card reader coils 74 consist, in the preferred embodiment, of a plurality of coils coupled to the address and data line of the bus 64 and physically arranged so as to individually magnetically interact with a plurality of magnetized spots on a card inserted in the card slots 42 or 32.
  • the microprocessor 66 can individually address and read each coil in the card reader coil circuit 74 to determine the data in the magnetic spots on the card.
  • the details of the card reading coil circuit are known to those skilled in the art and are not critical to the invention.
  • the microprocessor 66 is also coupled to an optional display 40 by the bus 64. In readers which are being used for time and attendance functions, i.e., as time clocks, it is desirable that the time of day be displayed externally for the benefit of workers who are lined up and waiting to put their cards into the reader 24 to start or end their work shifts.
  • the display 40 can be any conventional display, and the details of its construction are not critical to the invention.
  • the microprocessor 66 is also coupled to a random access memory (RAM) board 78.
  • the RAM board 78 contains a RAM buffer memory 80, a battery backup system comprised of a battery 82 and a power fail detect circuit 84.
  • the power fail detect circuit 84 monitors the 12 volt unregulated D.C. voltage derived from the A.C.
  • the RAM 80 is selected by the microprocessor 66 through connection of a decoder 86 to the address and control lines of the bus 64.
  • the microprocessor 66 enables the RAM 80 by generating the proper address to select the RAM 80 and placing it on the bus 64 thereby enabling the RAM 80 through the decoder 86.
  • the data to be written into the RAM 80 is then placed on the data lines of the bus 64.
  • a transaction buffer 88 is also coupled to the microprocessor 66 through the bus 64.
  • the purpose of the transaction buffer 88 is to store transaction data from the magnetic I.D. data on the cards and the local time of each transaction during times when communication with the central controller 20 are lost for persons who were granted or denied access during the degraded mode of operation.
  • the microprocessor 66 is also coupled to a degraded mode buffer 89 via the bus 64.
  • the degraded mode buffer 89 stores the I.D. data for all persons authorized access during degraded mode operation when no communication with the central controller is possible. The controller 20 can load this data into the degraded mode buffer 89 in any known fashion.
  • a CCM/COM board 90 is also coupled to the microprocessor 66 by the bus 64.
  • the purpose of the CCM/COM board 90 is, optionally, to monitor the condition of an alarm device or devices external to the card reader and to generate data indicating the condition of the alarm devices for transmission to the central controller.
  • the CCM/COM board 90 also can receive data from the central controller which causes a switch closure on the CCM/COM board. This switch is coupled to an emergency device by the lines 38.
  • the alarm contacts are coupled to the CCM/COM board 90 by the lines 30.
  • the In and Out switches 44 and 46 are used to tell the card reader whether the cardholder wishes to enter or leave an area.
  • the In and Out buttons 44 and 46 are coupled to the MUX 60 in the switch and relay board 62 by the line 92.
  • Red and green indicator LEDs represented by block 97 are each coupled to the MUX 60 by the bus 96.
  • the LEDs are used by the microprocessor 66 to signal whether authorization has been granted or denied.
  • the microprocessor 66 is coupled to a feature memory 98 and to a program memory 100 by the bus 64.
  • the program memory 100 stores the instructions for the microprocessor 66 and the feature memory 98 stores data indicating which software options are in effect for the microprocessor 66.
  • FIG 3 there is shown a circuit diagram for the isolation board 54 in Figure 2.
  • the data lines 28 are coupled to the collector and emitter of a transistor 106 in the optical isolator 102.
  • the light emitting diode 108 of the optical isolator 102 is coupled across the TX data lines 58. When the current is flowing in the TX data lines 58, the LED 108 is energized and emits light causing the transistor 106 to assume one of its two switching states. The opposite state is assumed when the LED 108 is de-energized.
  • the enable lines 26 are coupled through a noise suppression circuit 110 to the LED 112 of an optical isolator 116.
  • the transistor 114 of the optical isolator has its collector and emitter coupled to the RX data lines 56.
  • the optical isolator 116 is a Monsanto MCT2.
  • the optical isolator 102 is a Monsanto 4N33.
  • FIGS 4 A and B are a logic diagram of that board.
  • the RX data line 56 is coupled to the data input D1 of the multiplexer 60A.
  • a resistor 59 couples a +5 volt supply to the line 56 to positively clamp it at a logic 1 level except where the transistor
  • the other data inputs of the multiplexer 60A are coupled to other data channels.
  • the card reader coil circuit 74 is coupled to the D ⁇ input of the multiplexer 60A by a line 57.
  • the out switch 46 and the in switch 44 are coupled to the
  • the address inputs 122 of the multiplexer 60A are coupled to the A ⁇ -2 address lines of the bus 64.
  • the output 63 of the multiplexer 60A is coupled to the D7 data line of the bus 64.
  • the microprocessor 66 controls which of the data inputs are coupled to the data output 63 by the address it supplies on the address lines 122.
  • the chip select input 126 is coupled to the address lines in the bus 64 of the microprocessor 66 through a decoder on the reader CPU board to be discussed more fully below.
  • the microprocessor 66 can enable the multiplexer 60A by writing the proper address on the address lines driving the decoder coupled to the line 126 (not shown).
  • a multiplexer 60B has its data output coupled to the D7 data line 63.
  • the data inputs of the multiplexer 60B are coupled to various data channels.
  • the XO data input is coupled by the line 128 to a "tamper" switch (not shown).
  • the tamper switch is physically situated so as to change states when the faceplace of the card reader is removed causing an alarm message to be transmitted to the controller 20.
  • the X1 data input is coupled to a "card in” switch (not shown).
  • the "card in” switch is. situated so as to change states when a card is inserted in the card slot. By periodically checking the condition of these two switches, the microprocessor 66 can tell whether tampering is occurring or whether there is a card to be read in the card slot.
  • a time offset group of switches 136 is comprised of 8 switches 136A-H which are used to set a binary number representing the number of minutes of time offset at the local card reader. In those cases where the local card reader is in a different time zone than the central controller 20, the switches 136 are set for the number of minutes by which the local time at the card reader differs from the time at the central controller.
  • a second group of switches 138 has several purposes.
  • the switches 138A-D are used to set the amount of time that the unlock signal on the lines 34 to the door latch device causes the door latch to remain unlocked.
  • the swithes 138A-D also determine the time of energization of a No Go relay 166 and the time the red and green LEDs (not shown) in the block 97 in Figure 2 are energized during certain times in the operation.
  • the switch 138 E is used to signal whether a 12 hour or 24 hour time display format is desired.
  • the switch 138F is used to enable and disable the buffer RAM 80 as an option.
  • the switches 138G and H are not used.
  • the switches 140 are used by the customer to set the system code.
  • the system code is one of the items of data which is magnetically stored on each cardholder's card.
  • the card reader makes the authorization decision locally without consulting the central controller 20, it is the system code stored on the switches 140A-H which is compared to the system code on the cardholder's card to determine if authorization will be granted.
  • the switches 136, 138 and 140 are individually addressable by the microprocessor 66 through the multiplexers 60A and 60B and a decoder 140.
  • the decoder 140 has address inputs 142 coupled to the address lines in the bus 64.
  • the address supplied on the lines 142 is converted in the BCD to decimal decoder 140 to a logic zero signal on one of the output lines 0-6 which comprise a bus 144.
  • Each of the lines in the bus 144 is coupled to one terminal of a plurality of switches in the switch groups 136, 138 and 140. When the group address appears on the address lines 142, one of the outputs in the bus 144 goes low thereby activating that group.
  • each switch is coupled to the cathode of a diode which has its anode coupled to one of the X0-X3 inputs of the multiplexer 60B via the lines 132, 134, 130, 128, 146 or 148. All of the X0-X3 inputs are also coupled to a + 5 volt supply through the resistors 150, 152, 154 and 156. The X0-X3 inputs will be held in a logic one condition except if the line coupling that input is also coupled to a group of switches of which one has been enabled by a logic zero from the decoder 140 and the switch is closed.
  • the groups of switches coupled to the X0-X3 inputs of the multiplexer 60B intersect with the groups connected to the bus 144 such that for any particular output of the decoder 140 which has been enabled, and for any particular input of the multiplexer 6OB which has been enabled, only one switch is coupled to both enabled lines.
  • the microprocessor 66 can individually read each switch in the groups 136, 138 and 140 by changing the address signals on the address lines of the bus 64.
  • the multiplexer 60B has its inhibit line grounded by the line 158 and its disable input held high by connection through a resistor 160 to a +5 volt supply. The disable input is pulled low to take the D7. output out of the high impedance state when the signal is true on the line 162.
  • the line 162 is coupled to a decoder on the reader CPU board 67 which is coupled to address and control lines of the microprocessor 66 in the bus 64.
  • Data to be transmitted to the microprocessor 66 is placed on the TX data line 58 by a driver 70.
  • the driver 70 also has several other outputs.
  • the output line 164 can be connected to an optional No Go relay 166.
  • a +5 volt supply coupled to the other terminal of the coil of the No Go relay 166 causes current to flow through the relay coil, thereby energizing it and causing the electrical conditions on the lines 168 coupled to the relay contacts to change.
  • the decoder 140 is a 74145 type TTL decoder such as is made by Signetics
  • the MUX 60A is a 74LS251 type multiplexer such as is made by Texas Instruments
  • the MUX 60B is a MC14512
  • CMOS type decoder such as is made by Motorola
  • the driver 70 is an NE590 type driver such as is made by Signetics.
  • An output line 96 from the driver 70 is coupled to the GO LED (not shown) to energize it when authorization to make access has been granted.
  • An output line 72 from the driver 70 is coupled to a terminal of the coil of a Go relay 71. When the driver 70 grounds the line 72, a +5 volt supply coupled to the other terminal of the relay coil energizes the coil, causing the relay contacts to change the condition on the lines 34 coupled to the door locking device.
  • the driver 70 has a data input, the D ⁇ data bit on the line 68, and it has address inputs on the lines 172.
  • the address inputs 172 are coupled to the microprocessor 66 by the bus 64. The address at these inputs determines which of the outputs of the driver 70 will be coupled to the data input 68.
  • the microprocessor 66 can thus write a logic 0 or 1 to any of the outputs of the driver 70 by controlling the address on the lines 172 and the data on the data input line 68 which is coupled to data bit zero of the bus 64.
  • the chip enable and clear inputs are coupled to decoder 250 of Figure 6C and a gate 282 in
  • the RAM buffer 80 has address lines 174 which are coupled to the address lines of the microprocessor 66 in the bus 64. Data inputs and outputs 176 are also coupled to the microprocessor 66 data lines in the bus 64. A write enable line 178 is coupled to a control line in the bus 64 from the microprocessor 66 to control whether the RAM buffer 80 is reading or writing data through the data lines 176 to the address specified on the lines 174.
  • a chip select line 180 is coupled to a decoder 86.
  • the decoder 86 has a VMA signal input line 184 coupling one input of a NOR gate 182 to a VMA control line of the microprocessor 66 in Figure 6B.
  • the VMA signal is true when there is a valid memory address on the address lines 174. Because the other input to the NOR gate 182 is grounded, the NOR gate 182 serves as an inverter with the output on the line 186 false when a valid memory address is present on the address lines 174.
  • the resistor 188 couples a positive voltage supply to the VMA input of the gate 182 to hold it at logic one except when VMA is false.
  • a NOR gate 190 has one input coupled to the output of the NOR gate 182 and the other input coupled to a signal from a decoder 248 in Figure 6C.
  • the CPU 66 can cause ⁇ to be true, i.e., logic zero, and can assert VMA on the line 184. This causes two logic O's at the inputs of the NOR gate 190 and a logic 1 appears on the line 194. This logic 1 is inverted in a NOR gate 196 and appears as a logic 0 on the line 198.
  • a NOR gate 200 serves to gate a power fail detect signal on a line 202 from a power fail detector 84 through to the chip select input line 180 of the RAM buffer 80 if power fails.
  • the signal on the line 180 controls whether the RAM 80 is selected or deselected.
  • the signal from the power fail detector 84 on a line 216 is a logic 0 indicating no power failure.
  • the RAM 80 is selected because the signal on the line 204 is a logic 1 which is inverted by a NOR gate to assert the signal on the line 180 at logiz zero thereby enabling the RAM buffer 80 to read and write data.
  • a signal on a line 208 comes from a reset circuit on the reader CPU board which will be described below.
  • the RST signal is a logic 0 at power up but becomes a logic one 1.2 seconds later as will be explained in connection with Figure 6B.
  • a NOR gate 210 inverts this signal such that its output line 212 which is coupled to one input of a NOR gate 214 is normally low after power has been on for 1.2 seconds.
  • the NOR gate 214 has its other input coupled to the output of a comparator 222 in the power fail detect circuit 84.
  • the comparator 222 has its inverting input 224 coupled to a voltage reference of approximately 5.3 volts when the power has not failed.
  • the line 224 is held at this reference level by the voltage divider effect of the resistors 228 and 226 which couple a +12 volt D.C. supply to ground.
  • the non-inverting input 230 of the comparator 222 is coupled to a 3.6 volt reference source derived from battery power. This reference voltage is generated by a resistor 232 which couples a battery 82 (not shown) to ground through a zener diode 234.
  • the zener has a 3.6 volt breakdown voltage, and has its cathode coupled to the line 230.
  • the comparator 222 has a resistor 236 coupled between the output and its non-inverting input to provide positive feedback.
  • the output on the line 216 will be a logic 0 as long as the power has not failed.
  • the battery reference on the line 230 exceeds the voltage on the line 224, and the output on the line 216 rises to a logic 1 level indicating power has failed.
  • the logic 1 on the line 216 with the logic zero on the line 212 causes the NOR gate 214 to lower its output on the line 218 to a logic zero.
  • This 0 on the line 218 is inverted to a 1 on the line 202 by the NOR gate 220 which causes the output of the gate 200 to change to a 0, thereby deselecting the buffer 80 if it was in a selected condition.
  • the RAM buffer 80 is deselected, no data may be written into or read out of the buffer.
  • the power input 238 of the RAM buffer 80 will be coupled through any known switching mechanism 240 to the battery 82 (not shown) via a line 242 upon power failure.
  • the microprocessor 66 is coupled to a feature memory 98 by data lines 240 and address lines 242.
  • the feature memory contains data regarding which optional features are in effect in the card reader.
  • the microprocessor 66 is also coupled to a program memory 100 by the data lines 240 and the A0-A4 address lines 242.
  • the enable inputs of the memories 100 and 98 are coupled via the lines 244 and 246 to the microprocessor's address lines 242 through decoders 248 and 250, respectively, in Figure 6C.
  • a clock 252 generates timing signals for the IRQ and NMI inputs on the lines 254 and 256, respectively.
  • the details of the construction and operation of the clock and of the feature and program memories will be appreciated by those skilled in the art. Any mechanism which generates signals periodically on the lines 254 and 256 will suffice for purposes of the invention.
  • the microprocessor 66 executes the instructions which are stored in the program memory 100. Within the program there are certain subroutines which accomplish various functions. The IRQ and NMI inputs on the lines 254 and 256 cause vectoring to certain of these subroutines. For example, the IRQ line 254, when asserted true, will cause the program control of the microprocessor 66 to be vectored to a routine which reads all the switches described herein. When the NMI line 256 is asserted true, the microprocessor 66 is vectored to a transmit routine which transmits data to the central controller 20 via the Tx data lines 58 and data lines 28.
  • a comparator 256 has its non-inverting input 258 coupled to a reference voltage defined by a resistive voltage divider comprised of the resistors 262 and 264 coupling the power supply .to ground.
  • the inverting input 260 is coupled to one terminal of a capacitor 268 in an RC circuit comprised of a resistor 266 and the capacitor 268.
  • the line 270 is coupled to the input of a NOR gate 272 which acts as an inverter.
  • the resistors 274 and 276 serve as a voltage divider to hold the line 270 in a logic 1 condition except when the comparator 256 asserts the line 270 low.
  • the logic 1 at power up on the line 270 is inverted once in the NOR gate 272 and again in a NOR gate 278 to become the PONCLR signal on the line 280.
  • the 1 on the output line 270 changes to a 0 and line 280 follows suit.
  • the initial 1 on the line 280 is communicated to the reset line 284 of the CPU 66 as a 0 by passage through a NOR gate 282.
  • the other input to the NOR gate 282 is a line 286 from a deadman reset circuit 288.
  • the line 286 is normally a logic 0 except when there is a problem, as will be described below. With the line 286 normally logic 0, the initial logic 1 on the line 280 is inverted by the NOR gate 282 and resets the microprocessor 66 to the beginning address of the program. Thereafter, the line 280 goes to a logic 0 and stays there.
  • the deadman reset circuit 288 serves to reset the microprocessor 66 in case there is a software problem. Normally, the deadman reset circuit 288 will attempt to reset the microprocessor 66 periodically unless the software gives a trigger signal "D/M trigger" on the line 290. Thus if for some reason the signal D/M trigger does not occur, program control is lost, and the deadman reset circuit will cause the program counter to be reset to the beginning program location.
  • the manner in which the deadman reset function is accomplished is through the use of two retriggerable monostable multi-vibrators 292 and 294.
  • the one shot 292 has its B and clear (R D2 ) inputs coupled to a +5 volt source through a resistor 296 and are therefore always in a logic 1 state.
  • the Q output on the line 298 is normally low until a negative transition occurs on the D/M trigger line 290, at which time the 0 output line 298 goes to a logic 1 state for a time determined by the values of the resistor 300 and the capacitor 302 coupled to the external
  • the pulse time established by the resistors 300 and 302 is longer than the period of the D/M trigger signal.
  • the output line 298 will not return to zero after the initial trigger pulse because the D/M trigger signal on the line 90 continues to retrigger the one shot 292.
  • the signals on the lines 298 and 280 are coupled to the inputs of a NOR gate 304.
  • the output line 306 of the NOR gate 304 is coupled to the clear input of the one shot 294.
  • the B input of the one shot 294 is held in a logic 1 condition by connection to a +5 volt supply through the resistor 296.
  • the A input of the one shot 294 is coupled by a line 308 to the clock 252 and carries a 600 hertz clock signal.
  • the NOR gate 304 will have a logic 0 at the input coupled to the line 280 and a logic 1 at the line 298 input unless the D/M trigger signal on the line 290 does not occur.
  • the output line 306 will remain in a logic 0 state at all times which causes the one shot 294 to ignore all signals at the
  • FIG. 6C there is shown a logic diagram of the decoder circuitry which forms part of the decoder 86 in Figure 2.
  • the decoder chip 248 has its select inputs coupled to the AI2-AI4 lines of the address bus 242 of the microprocessor 66.
  • the G1 enable input 310 is coupled to the ⁇ 2 output from the microprocessor 66 which is the clock signal for the rest of the system.
  • the G2A enable input is held low by virtue of being coupled to the output of an inverter 314 which has its input coupled to a logic 1.
  • the G2B input is coupled to the power on clear signal PONCLR on the line 280.
  • the decoder 250 has its A and B select inputs coupled to the address bus 242 and its C select input coupled to the R/W signal from the microprocessor 66.
  • the G1 enable input is coupled to the ⁇ 2 clock signal from the microprocessor 66, and the G2A enable signal is connected to the Y ⁇ output from the decoder 248.
  • the G2B enable input is coupled to the A7 line of the address bus 242 from the microprocessor 66.
  • Both the decoders 248 and 250 are 74L5138 one of eight decoders such as are manufactured by Texas Instruments.
  • the outputs of the two decoders 248 and 250 are coupled to the various chip select inputs in the system as labelled in Figure 6C.
  • the microprocessor 66 can enable any chip in the system needed for a particular operation.
  • FIGs 7A and 7B there is shown a logic diagram of the circuitry of the transaction buffer 88 and the degraded mode buffer 89 of Figure 2.
  • a battery backup circuit 356 in Figure 7B serves to protect the information in the RAM chips shown in Figure 7B upon power failure.
  • Each of the RAM chips is a 6116LP-4 CMOS static RAM such as is manufactured by Hitachi.
  • the +5-volt line supply voltage on the line 358 normally causes a forward bias on the diode 360 and the +5 volt signal is thus coupled to the output line 362.
  • the positive voltage on the line 364 from the battery 366 exceeds the voltage on the line 358 which causes a reverse bias on the diode 360.
  • the diode 368 will be forward biased such that the battery power will be coupled to the line 362 to keep the information in the RAM intact.
  • a series of decoders 370-372 are coupled to the All line of the address bus 242. These decoders are 74LS139 one of four decoders in the preferred embodiment.
  • the decoders have outputs 373-378 which are coupled to the chip select inputs of the 6 RAM chips of Figures 8B through a power fail detect circuit 382.
  • Each decoder has its B enable input coupled to the VMA output 184 from the microprocessor 66 to enable the decoder to read the All bit when the decoder has been enabled.
  • the decoders 370372 are enabled by enable signals on the lines 379-381 coupled to the decoder 248 in Figure 6C.
  • a power fail circuit 382 senses when the line power represented by the voltage on the line 358 has failed by comparing the voltage at a node 386 maintained by the line to the voltage at a node 388 maintained by a battery.
  • a comparator 390 changes the state of its output 392 when the battery voltage at the node 388 exceeds the line voltage at the node 386.
  • the comparator is a National LM311 in the preferred embodiment.
  • the chip select signals on the lines 373-378 are individually coupled through 74LS32 OR gates 393-398 to the chip select inputs of the RAM chips in Figure 7B. Each chip select input is also coupled through the OR gates 393-398 to the output 392 from the comparator 390 such that when the comparator finds a failure of line power, all the RAM chips in Figure 7B will be deselected so as to maintain the integrity of the data.
  • FIG. 8 there is shown a flow diagram of the steps which are taken to transmit the data in the transaction buffer 88 to the central controller 20. The steps of Figure 8 are taken each time a poll signal comes in from the controller 20.
  • the CPU normally operates in an executive mode symbolized by the state 441 in Figure
  • the executive jumps to various subroutines which perform housekeeping and command scan functions. These subroutines are symbolized by the state 443.
  • One of the functions is to periodically check for the presence of a poll signal from the controller 20 in Figure 1.
  • the poll signal is sent periodically to each card reader in the system via the enable pair 26 coupled that card reader.
  • the CPU will check an internal counter which is incremented each time a transaction is stored in the transaction buffer 88. This operation is symbolized by the block 451 in Figure 8. If the count is non-zero, then, the CPU knows that there is data in the transaction buffer 88 which needs to be transmitted to the central controller 20. Transfer is then made to a state 448 by a path 450. If the count is zero, the CPU returns to its other functions because there is no data to transmit. This transfer is symbolized by the path 453.
  • the CPU determines if the buffer option flag is set in the feature memory 98 in Figure 2. If the feature is present, the CPU will retrieve the data for one transaction from the transaction buffer 88 and transmit it to the central controller 20. This operation is symbolized by the state 454 in Figure 8 and is accomplished by addressing one of the transactions in the transaction buffer 88 and reading the data there by the bus 64. The data is then converted to serial format in the CPU 66 and sent via the D ⁇ data bit line 68 to the driver 70 in Figure 2. The driver then places the data on the Tx data lines 58 and it is sent through the optical isolator board 54 onto the data line 28 to the central controller 20. The CPU then returns to the executive routine via the path 456.
  • the CPU 66 will transfer to a state 460 by a path 458 where it checks for the presence of a card in the card slot. If there is a card in the card reader, the card data will be read by the CPU 66, converted to serial format and transmitted to the central controller 20. This step is symbolized by the block 462. Control is then returned to the executive. if there is no card in the reader, the CPU will transfer to the state 464 via the path 465 to determine if there is a time request pending.
  • the card readers which have the time and attendance function keep the local time but periodically request the time from the central controller so as to synchronize the local time with the central controller time.
  • the card reader will ask the time of the central controller 20 as symbolized by the state 466 and return to the executive via the path 468. If no time request is pending, the CPU will acknowledge the poll as symbolized by the state 470 and return to the executive routine by the path 472.
  • FIG. 9 there is shown a symbolic diagram of the memory tables used by the central controller 20 in downloading I.D. data to the readers for use in the super degraded mode.
  • the readers 22 and 24 can request downloading when they are inititally turned on since they will not have any I.D. data stored in their degraded mode buffers 89.
  • the control controller 20 can download the degraded mode data to the appropriate readers periodically, at random or whenever the data in the controller memory tables is changed by the user.
  • Figure 10 shows an algorithm for the software of the controller 20 detailing the steps taken by the controller to download I.D. data to degraded mode readers. Not all readers in a system need be degraded mode readers.
  • the readers which are to be degraded mode are designated by the user by making an entry in the super degraded mode memory table 700.
  • Each reader in the system has an entry in the SDM memory table 700.
  • the reader entries consist of one byte of data of which two bits are used to designate the condition of the reader and the balance is used for other purposes including designating whether or not the particular reader is to be functional in the degraded mode.
  • the receipt of a download request from a reader xxx is represented by the block 708.
  • the controller initiated the downloading operation, it will send a message to the reader commanding the reader to make a downloading request. Either way, a downloading request is made by the reader xxx to the controller.
  • the controller senses the download request from the reader xxx, it checks the super degraded mode memory table 700 to determine if the reader xxx has been designated by the user as a super degraded mode reader as represented by the block 710. If it has not been so designated, the controller sends a termination message to the reader xxx indicating that there will be no downloading operation as represented by the block 712.
  • the controller will consult the reader xxx column in a Reader Authorization Memory Table 714 in Figure 9.
  • the table 714 contains a column of entries for each reader in the system. Each employee in the system is assigned a specific I.D. number and a specific status number. The status number indicates which controlled areas in the system to which the employee has access.
  • the purpose of the Reader Authorization Memory Table 714 is to correlate which readers are within each status group.
  • the table 714 takes the form of a matrix with an entry for each reader/status number combination.
  • the entry for each reader/status number combination is a time zone number.
  • the time zone number for each combination is used for access to a time zone table (not shown) which indicates, at any particular time of day, whether a person with the given status number is authorized to have access to a location controlled by the given reader. If the time zone number for a particular combination is zero ' then persons with the given status number are never authorized to enter the location controlled by the given reader. Any reader status number combination which is a non-zero time zone number is a valid combination for super degraded mode. That is, no check of the time zone table is performed in super degraded mode. All I.D.'s in a status group with a nonzero time entry in the table 714 will be sent to the reader.
  • the central controller 20 After the central controller 20 has consulted the Reader Authorization Memory Table 714 column for the reader xxx and determined all status numbers which have non zero time entries, the controller must determine which employees are within the groups with those status numbers. To do this, the controller 20 consults an Identificatin Number Memory Table 716 in Figure 9.
  • the table 716 has an entry for every employee authorized to have access in the system. Each entry, of which the entry 718 is typical, has an I.D. number and a status number. The I.D.
  • the table 716 is arranged in ascending numerical order by I.D. number.
  • the central controller 20 in processing a downloading request from the reader xxx, scans the Identification Number Memory Table 716 in ascending order to find all I.D. numbers that have status numbers which correspond to the status numbers found when the table 714 was consulted for the reader xxx.
  • the location of all authorized status numbers in the table 714 is represented by the step 720 in Figure 10.
  • the step of locating all the I.D. numbers in ascending order within each authorized status group for the reader xxx is represented by the step 722 in Figure 10.
  • the controller 20 sets the "in process" bit for the reader xxx entry in the table 700 comparable to the bit 706 for reader 000.
  • the controller 20 clears the "download request" bit 704 and the "in process” bit
  • each reader in the system can optionally function in either a "degraded” mode or a “super degraded” mode. In both cases, communication with the central controller 20 is not possible but the access decision transaction storage operations are different in each mode.
  • the reader compares only the system code on the card to the system code set by the user on the reader's switches in Figure 4B.
  • the reader will record the I.D. number and the local time in the transaction buffer for transactions where authorization was granted and will mark the entry as a "Go" transaction.
  • the reader will check the system code on the card against the switches and the I.D. data against data in the degraded mode buffer downloaded from the controller. The reader will record all transactions either "Go” or "No Go” in the transaction buffer and mark them as such.
  • the block 800 in Figure 11 symbolizes an executive routine part of which is the background block 802 which performs routine housekeeping checks and functions that the card reader does when it is not doing one of the foreground processing routines to handle conditions discovered by the CPU during processing in the executive routine.
  • Part of the normal executive routine is to check for the periodic appearance of a poll signal from the central controller. This check is symbolized by the block 804. If a poll signal has arrived from the controller during the last 30 seconds, the CPU will branch to the block 806 and avoid the degraded mode states.
  • the readers in the system which are designated as super degraded mode must load their degraded mode buffers with the I.D. numbers of all those employees who are authorized access during times when communication is lost. There are at least two times when this downloading must occur: first, upon power-up; and, second, upon a change in the information in the tables having to do with the super degraded mode in the central controller.
  • the blocks 808, 810 and 812 represent the power-up downloading.
  • the block 808 represents the determination as to whether the degraded mode buffer 808 needs to be initially loaded after power-up. If a power-up situation is found, the reader CPU will determine whether the super degraded mode option is present in the feature memory as represented by the block 810. Control returns to the executive routine 800 if the reader either is not in a power-up situation or the super degraded mode option is not present.
  • the reader CPU finds that both a power-up situation exists and that the super degraded mode option is present, the reader will request a download from the controller, and store the downloaded I.D. data in the super degraded mode authorized access buffer 89 in Figure 2. This is represented by the block 812. After downloading is completed, control is returned to the executive. If the reader executive routine has not detected a poll within the last 30 seconds, the reader CPU will enter the degraded mode as symbolized by the path 814 and the states following it.
  • the reader must first determine whether there is a card in the reader slot as symbolized by the state 816. If there is no card, control is returned to the executive routine as symbolized by the path 818. If there is a card in the reader, the reader CPU will read the card and then check the feature PROM 98 to determine if the super degraded mode option is in effect as symbolized by the state 820. If not, program control will be transferred to a state 822 wherein the reader CPU checks the feature PROM 98 to determine if the degraded mode option is in effect. If it is not in effect, program control returns to the executive routine 800 as symbolized by the path 824.
  • the reader CPU will compare the system code data on the card in the slot against the system code set on the switches on the switch and relay board 62 as represented by the state 826. If there is not a match, then program control is transferred to a state 828 where the red LED on the front panel of the reader is lit for a time. Some readers will have a "No Go” option in effect. The reader CPU will check the feature memory 98. and determine whether the "No Go" option is in effect as symbolized by the state 830. If it is not in effect, control will be transferred back to the executive.
  • the reader CPU will energize a "No Go" relay for a time set by switches on the switch and relay board 62 as represented by the state 832.
  • the No Go relay can be used to ring an alarm or control any other function. Control is then returned to he executive.
  • the reader energizes a "Go" relay and lights the green LED on the front of the panel as symbolized by the state 834. If the buffer option for the degraded mode is in ef fect , a determination represented by the state 836 , then the reader will store the I . D. number on the card and the local time in the transaction buf fer 88 . The reader CPU will also mark the record as a "Go" transact ion such that when the content of the transaction buf fer is later transmitted to the central controller , the "Go" transactions will be printed out in one color whereas "No Go" transactions stored while operating in the super degraded mode can be printed in a different color . This operation of recording and marking the transaction records is symbolized by the state 838 . Subsequently, control is returned to the executive 800.
  • the super degraded mode authorized access buffer must be checked to determine if it is full. This check is represented by the state 840. If it is full, the card in the slot will be ignored as represented by the state 842.
  • program control is transferred to the state 844. There the reader CPU checks the feature PROM 98 to determine if the IDEC option is present. If it is present, control is transferred to the state 846 where the reader CPU determines whether the IDEC password was properly entered as represented by the state 846. If the IDEC option is not in effect, the state 846 is skipped as symbolized by the path 848 and the data checking states 850 and 852 are entered. If the IDEC password, comprised of several digits entered frcm a reader keyboard 854, is not properly entered, the reader enters the state 856.
  • the state 856 represents the reader CPU operations of storing the I.D. number from the rejected card and the time of day for the transaction and marking the entry as a "No Go" transaction.
  • the transactions in the transaction buffer 88 are marked either "Go” or "No Go” so that they may be printed out in different colors or otherwise segregated by the central controller.
  • the reader CPU enters the state 850 to determine if there is a system code match between the card data and the switches. If there is not a match, the state 856 is entered. If there is a match, the reader CPU enters a state 852 to determine if there is an I.D. code match. To make the I.D. code match, the reader CPU compares the I.D. data from the card to the I.D. data in the super degraded mode authorized access buffer 89 which was downloaded from the central controller when communication was possible.
  • the reader CPU enters the state 858 to store the transaction.
  • the state 858 represents the steps of storing the I.D. number from the card and the local time in the transaction buffer 88 and marking the record as a "Go" transaction. Thereafter, the reader CPU enters the state 860 where the Go relay is energized and the Green LED is lit. Control is then returned to the executive routine 800.
  • the reader After the transaction buffer is loaded and communication with the central controller returns, the reader will transmit the data in the transaction buffer, one transaction at a time to the controller using the algarithm of Figure 8.
  • FIG. 12 there is shown a flow diagram of the steps taken by the readers when the controller 20 requests to dump I.D. data into the super degraded mode buffer.
  • the reader CPU is functioning in the executive routine 800 when, as part of the routine, the inquiry is made as to whether a command has been received from the controller as represented by the state 862. If no command has been received, the other tasks of the executive routine are continued as symbolized by the path 864.
  • the reader CPU enters the state 866 wherein it determines from the feature PROM 98 whether the super degraded mode option is present. If it is not present, then program control is returned to the executive routine 800 to determine what, if anything, to do about the command that was received.
  • the reader CPU enters the state 868. In this state, the reader determines if the command that was received from the central controller was an I.D. dump command indicating that the controller wishes to download I.D. information from its memory tables. If it was not such a command, the reader returns to the executive routine 800 to determine what to do.
  • the reader will enter a state 870 wherein the reader will request a download from the CPU. Thereafter, the reader enters, a state 872 wherein the I.D. records coming in from the controller are stored in the super degraded mode buffer 89.
  • the reader CPU stores it as represented by the state 872 and then enters a state 874 to determine if the super degraded mode buffer 89 is full. If it is not full, the reader requests another I.D. record as symbolized by the state 876.
  • the controller 20 may have no more ID's to send so the reader CPU enters a state 878 to determine if the controller has sent a message indicating that it has no more ID's to send. If the controller has sent such a message, control is returned to the executive 800. However, if no such message has been sent, program control is returned to the state 872 to store the next incoming I.D. record.
  • a state 880 will be entered wherein the reader will transmit an "I'm full" message to the controller indicating it cannot accept any further I.D. records. Control will then be returned to the executive routine.
  • Appendix A there is listed the object code of the reader software for performing the super-degraded mode functions described herein.

Abstract

This application relates to the field of door access security systems and, particularly, to the field of card readers for door access security systems. A problem arises when communication between a remote card reader and the central controller is lost. If all access is denied during such times, peoples lives may be endangered. If open access to anyone is granted, security may be breached with no record of who was granted access during the down or degraded mode period. There is disclosed herein an improved card reader (22) for a security system utilizing a central controller (20) and a plurality of card readers for controlling traffic through critical doors in a facility. During normal operation, the card readers read card data and send it to the central controller. The central controller makes the decision whether to grant or deny access based upon a comparison of the card data and data kept in memory regarding persons who are authorized access to certain areas. The central controller then sends a "Go" or "No Go" message, i.e., whether or not to grant access, to the reader after the access decision is made. The improved card reader can also sense when communications with the central controller are lost and grant or deny access without consulting the controller, based upon data read from the card by comparing the card data to data stored in a degraded mode buffer (89) in the reader, indicating which persons are authorized access during degraded mode times when communication with the central controller is not possible. The improved reader includes means (89) for storing the authorized identification code data for persons who will be allowed access during times when communications between the card reader and the central controller are not working.

Description

IMPROVED CARD READER FOR SECURITY SYSTEM Background of the Invention
This application relates to the field of door access security systems and, particularly, to the field of card readers for door access security systems. Door access security systems, utilizing magnetic card readers at doors to be controlled, are known in the prior art. Such systems include central controllers coupled to a plurality of readers, each of which is located at a specific door to be controlled. Authorized persons wishing to gain access through a door, insert magnetic cards into slots in the reader. Magnetic codings on the cards are then read and data is sent to the controller which authorizes or refuses entry and tells the reader either to keep the door locked or unlock the door. A problem arises when communication between a remote card reader and the central controller is lost. If all access is denied during such times, peoples lives may be endangered. If open access to anyone is granted, security may be breached with no record of who was granted access during the down or degraded mode period.
Summary of the Disclosure There is disclosed herein a card reader for use in a security system for controlling access through key doors, said security system having a central controller and a plurality of card readers, each reader controlling a key door. The card readers read magnetic data stored on cards held by employees, etc. The cards have system code data and I.D. data stored on them magnetically or otherwise. The reader sends the card data to the central controller, when communication is possible, and the central controller then grants or denies access based on the card data by sending a signal to the reader that authorizes or denies permission to the card reader to unlock the door, etc.
The improved card reader can also sense when communications with the central controller are lost and grant or deny access without consulting the controller. based upon data read from the card by comparing the card data to data stored in a degraded node buffer in the reader, indicating which persons are authorized access during degraded mode times when communication with the central controller is not possible. The data in the degraded mode buffer is loaded from the central controller on a request basis by the reader or central controller or periodically. During times when communications with the central controller are lost, the card reader stores the I.D. data from the card for each employee who was either granted or denied authorization in a transaction buffer for later transmission to the central controller. Both "Go" and "No Go" transactions are recorded and marked as such for later segregation by the controller. Brief Description of the Drawings
Figure 1 is a block diagram of a security system in which the improved reader of the invention could be used.
Figure 2 is a block diagram of the improved reader.
Figure 3 is a logic diagram of the optical isolator board.
Figures 4 A and B are a logic diagram of the switch and relay board.
Figures 5 A and B are a circuit diagram of the RAM buffer board and power fail detect circuit. Figures 6A, 6B and 6C are circuit diagrams of the CPU reader board.
Figures 7A and 7B are a logic diagram of the circuitry of the transaction buffer and the degraded mode buffer.
Figure 8 is a flow diagram for the reader software showing the steps taken to transmit data in the transaction buffer to the controller.
Figure 9 is a diagram of the memory tables in the controller which are used in performing downloading of degraded mode I.D. data to the card readers. Figure 10 is a flow diagram for the controller software which details the steps taken by the controller in downloading information to readers. Figures 11A and 11B are a flow diagram of the reader software showing the steps taken to authorize or deny access and store transaction data for transactions occurring during degraded and super degraded mode times when communication with the central controller is not possible.
Figure 12 is a flow diagram of the steps taken by the super degrade mode readers in downloading I.D. data on command from the central controller. Detailed Description of the Preferred Embodiment
Referring to Figure 1 there is disclosed a system diagram of a typical magnetic card reading security system. A central controller 20 is coupled to a plurality of card readers of which readers 22 and 24 are typical. The controller 20 is coupled to each reader by an enable pair and a data pair by which the controller can communicate with any card reader in the system.
For example, the controller 20 communicates with the reader 22 by an enable pair 26 and a data pair 28. The controller 20 polls the reader 22 for messages and sends commands to it by the enable pair 26. Data is sent to the controller 20 from the reader 22 via the data pair 28. Serial format is used on both lines.
The reader 22 is typically located at a door that needs to be access-controlled while the controller 20 can be located at some distance from the door. The structural details of the controller 20 are well known in the art, and it can be purchased under the model designation MAC 530/40 from Rusco Electronic Systems in Glendale, California. The object code software for the controller is also well known and can be purchased from the same source.
In operation, the reader 22 receives a magnetic card in a card slot 32. The details of a typical magnetic card structure will be found in U.S. Patents 3,717,749 or
3,811,977. Other structures could also be used; the details of the structure of the magnetic card are not critical to the invention. Any structure capable of holding data encoded in a card and converting it to electrical signals capable of being transmitted over a line will be satisfactory.
When the card is read during normal operation, the data on the card is stored in a temporay RAM location until a polling signal from the controller 20 arrives on the enable lines 26. Upon receipt of the polling signal on the line 26, the data from the card is transferred on the data lines 28 to the controller 20. The controller 20 processes the data and sends back a "Go" or "No Go" command which causes the reader 22 to take the appropriate action. If the command is "Go", the reader 22 unlocks the door latch via the lines 34 and lights a green LED. If the command is "No Go", the reader 22 lights a red LED and, optionally, energizes a No Go relay.
In some optional embodiments, the cardholder is also required to enter a password comprised of a plurality of digits entered via a keyboard on the face of the reader 22. If the password and the card data are all correct, access will be granted.
Operation during times when communication between the readers and the central controller 20 is not possible, will be referred to herein as degraded mode operation. During degraded mode operation, those readers which are active read the data from cards and make the decision to authorize or deny access locally based upon a comparison of the data read from the card to the data stored in a degraded mode buffer located inside each reader. There is no need for communication with the central controller. The data stored in each degraded mode buffer consists of the I.D. numbers of each employee who is authorized to enter the particular area controlled by the reader during degraded mode times. The specific information for each reader may be different and is loaded in each reader by the central controller 20 periodically or upon a request basis during times when communication between the readers and the central controller is normal.
The reader 22 can optionally also incorporate circuitry to monitor a plurality of alarm contacts connected to the lines 30. When one of the contacts changes state, the reader 22 senses the change and signals the controller 20 on the next poll. The controller 20 can then print out a pre-programmed message on a printer 36. More importantly, the controller 20 can automatically send back a command to cause a switch closure by energizing a relay in the reader 22 or in any other reader in the system. This automatic response can also be any other command that the reader receives normally from the controller. The relay can be connected to an emergency device via the lines 38. The emergency device can be any device such as an automatic phone dialer, a sprinkler system, an alarm or whatever other device that is desired.
The reader 24 is a different type of improved reader which can be used to keep time records for the attendance of hourly employees' on their jobs. The reader 24 has a display 40, a card slot 42, and "in" and "out" buttons, 44 and 46. In operation, an employee would place his card in the card slot 42 and press either the "in" button 4.4 or the "out" button 46. The data on his card plus the time of day displayed in the display 40 would then be stored in a buffer in the reader 24. Based upon the system code data on the card, the reader 24 would authorize or deny entry to the employee. If entry is authorized by the reader 24 and a green LED will be lit, the door will be unlocked via the lines 48. If entry is denied, the reader
24 will so indicate by lighting a red LED on the face plate. All authorization or denial decisions are made locally by the reader 24 based upon the system code alone on the card, and the data regarding each transaction, such as the I.D. number and the time of day, is stored in the local buffer in the reader 24. Optionally the reader 24 can include a degraded mode buffer which can store the
I.D. numbers of those who are authorized to pass during degraded mode time, and will grant or deny access based upon data in this degraded mode buffer during degraded mode times. The data for the transaction, i.e., the I.D. number and the time of day of the transaction is stored in a transaction buffer.
The controller 20 is coupled to the reader 24 by an enable pair 50 and a data pair 52. The controller 20 polls the reader 24 by sending a poll signal on the line 50. Upon receipt of the poll signal, the reader 24 transfers the data for one transaction out of the transaction buffer to the controller 20 via the data lines 52. The controller then can process the data in any fashion including printing it out on the printer 36. The details of the controller 20 are exemplified by U.S. Patents 4,216,375 and 4,218,690. The operation of the controller in loading the degraded mode buffers of the readers with the I.D. data for persons authorized to pass during degraded mode times will be explained in more detail below.
The reader 24 can also include means to offset the time displayed in the display 40 from the time kept by the controller 20 in the case that the controller is in a different time zone from the reader. Normally the controller 20 keeps the master time for the system and the reader 24 keeps its own time. Every 15 minutes, the reader 24 inquires the time of the controller 20 and synchronizes the reader's local time with the master time kept by the controller. When the reader 24 is in a different time zone from the controller 20, a group of offset switches in the reader 24 are set to indicate the number of minutes of offset between the local reader time and the controller time. Referring to Figure 2, there is shown a block diagram of a card reader for use in a security system such as is shown in Figure 1. Although in reality two different types of readers exist, the core circuits of each type of reader are the same with one type of reader having certain additional optional circuits which the other does not have. Figure 2 represents a combined functional block diagram of a reader with the common core circuits and with all the optional circuit elements of both types of readers also present.
The card reader of Figure 2 communicates with the controller 20 of Figure 1 through an isolation board 54. The isolation board 54 serves to isolate the data on the enable pair 26 and data pair 28 from the logic circuitry of the rest of the card reader. The isolation board 54 passes the signals from the enable line 26 through to the RX data lines 56 and passes the data from the TX data lines 58 through to the data lines 28.
The RX data lines 56 are coupled to a multiplexer 60 in a switch and relay board 62. The purpose of the multiplexer 60 is to select various data channels for connection to a data line D7, 63, of a bus 64. The bus 64 is coupled between the switch and relay board 62 and the data, address and control terminals of a microprocessor CPU 66 on a reader CPU board 67. Address lines A0-A2 from the bus 64 are also coupled to the multiplexer 60.
Through these address lines, the CPU 66 causes the multiplexer 60 to select one of the data channels connected to it for connection to its data output coupled to the line D7. The microprocessor 66 can then read the data on the selected data channel through the D7 line
63. In Figure 2 the only data channels which are shown are the Rx data line 56 through which commands and polling signals are received and the coil detect line 57 which carries data read from the card. Other data channels are used for other features of the reader not relevant to the present discussion. Data to be transmitted from the card reader to the central controller 20 are input from the Dø line 68 of the data bus 64 to a driver 70. The driver 70 is also coupled to the Aø-A2 address lines of the data bus 64 which supply an address from the microprocessor 66. The driver 70 has several addressable outputs, one of which is the TX data lines 58. The address supplied to the driver 70 causes it to apply the signal on the Dø line 68 to the selected output. To transmit data, the microprocessor 66 places the data to be sent on the Dø bus line and writes the proper address on the address lines Aø-A2 of the bus 64. The serial data on the Dø line is then applied to the TX data lines 58.
The central controller 20 receives the data on the data line 28 and acts upon the data message in some fashion depending upon what the message is and may or may not send a command back to the card reader via the enable line 26.
A go relay 71 is coupled to a door latch device by the lines 34. The lines 34 can be coupled to relay contacts or other switching devices to provide an interruptible current flow path to control whether the door latch is in a locked or unlocked state. The go relay is also coupled to the driver 70 by a switching line 72. The switching line controls the state of the go relay and thereby controls the state of the door latch device. The switching line is addressable by the microprocessor 66 through the driver 70 such that the microprocessor 66 controls the state of the go relay 70. The microprocessor 66 is also coupled to a card reader coil circuit 74 by the bus 64. The card reader coils 74 consist, in the preferred embodiment, of a plurality of coils coupled to the address and data line of the bus 64 and physically arranged so as to individually magnetically interact with a plurality of magnetized spots on a card inserted in the card slots 42 or 32. The microprocessor 66 can individually address and read each coil in the card reader coil circuit 74 to determine the data in the magnetic spots on the card. The details of the card reading coil circuit are known to those skilled in the art and are not critical to the invention.
The microprocessor 66 is also coupled to an optional display 40 by the bus 64. In readers which are being used for time and attendance functions, i.e., as time clocks, it is desirable that the time of day be displayed externally for the benefit of workers who are lined up and waiting to put their cards into the reader 24 to start or end their work shifts. The display 40 can be any conventional display, and the details of its construction are not critical to the invention. The microprocessor 66 is also coupled to a random access memory (RAM) board 78. The RAM board 78 contains a RAM buffer memory 80, a battery backup system comprised of a battery 82 and a power fail detect circuit 84. The power fail detect circuit 84 monitors the 12 volt unregulated D.C. voltage derived from the A.C. power line and connects the battery 82 to the power terminals of the RAM buffer 80 when the A.C. line power fails so as to preserve the data stored in the RAM 80. The RAM 80 is selected by the microprocessor 66 through connection of a decoder 86 to the address and control lines of the bus 64. The microprocessor 66 enables the RAM 80 by generating the proper address to select the RAM 80 and placing it on the bus 64 thereby enabling the RAM 80 through the decoder 86. The data to be written into the RAM 80 is then placed on the data lines of the bus 64.
A transaction buffer 88 is also coupled to the microprocessor 66 through the bus 64. The purpose of the transaction buffer 88 is to store transaction data from the magnetic I.D. data on the cards and the local time of each transaction during times when communication with the central controller 20 are lost for persons who were granted or denied access during the degraded mode of operation. The microprocessor 66 is also coupled to a degraded mode buffer 89 via the bus 64. The degraded mode buffer 89 stores the I.D. data for all persons authorized access during degraded mode operation when no communication with the central controller is possible. The controller 20 can load this data into the degraded mode buffer 89 in any known fashion.
A CCM/COM board 90 is also coupled to the microprocessor 66 by the bus 64. The purpose of the CCM/COM board 90 is, optionally, to monitor the condition of an alarm device or devices external to the card reader and to generate data indicating the condition of the alarm devices for transmission to the central controller. The CCM/COM board 90 also can receive data from the central controller which causes a switch closure on the CCM/COM board. This switch is coupled to an emergency device by the lines 38. The alarm contacts are coupled to the CCM/COM board 90 by the lines 30.
When the card reader is optionally being used for a time and attendance function, the In and Out switches 44 and 46 are used to tell the card reader whether the cardholder wishes to enter or leave an area. The In and Out buttons 44 and 46 are coupled to the MUX 60 in the switch and relay board 62 by the line 92.
Red and green indicator LEDs, represented by block 97 are each coupled to the MUX 60 by the bus 96. The LEDs are used by the microprocessor 66 to signal whether authorization has been granted or denied.
The microprocessor 66 is coupled to a feature memory 98 and to a program memory 100 by the bus 64. The program memory 100 stores the instructions for the microprocessor 66 and the feature memory 98 stores data indicating which software options are in effect for the microprocessor 66. Referring to Figure 3, there is shown a circuit diagram for the isolation board 54 in Figure 2. The data lines 28 are coupled to the collector and emitter of a transistor 106 in the optical isolator 102. The light emitting diode 108 of the optical isolator 102 is coupled across the TX data lines 58. When the current is flowing in the TX data lines 58, the LED 108 is energized and emits light causing the transistor 106 to assume one of its two switching states. The opposite state is assumed when the LED 108 is de-energized.
The enable lines 26 are coupled through a noise suppression circuit 110 to the LED 112 of an optical isolator 116. The transistor 114 of the optical isolator has its collector and emitter coupled to the RX data lines 56. In the preferred embodiment, the optical isolator 116 is a Monsanto MCT2. The optical isolator 102 is a Monsanto 4N33.
The details of the circuit of the switch and relay board 62 are given in Figures 4 A and B which are a logic diagram of that board. The RX data line 56 is coupled to the data input D1 of the multiplexer 60A. A resistor 59 couples a +5 volt supply to the line 56 to positively clamp it at a logic 1 level except where the transistor
114 on the isolation board clamps the line 56 to ground potential. The other data inputs of the multiplexer 60A are coupled to other data channels. For example the card reader coil circuit 74 is coupled to the Dø input of the multiplexer 60A by a line 57. The coil detect signal line
57 carries the data from each coil in the card reader coil circuit 74 as it is addressed by the microprocessor 66.
The out switch 46 and the in switch 44 are coupled to the
D2 and D3 inputs respectively by the lines 118 and 120.
The address inputs 122 of the multiplexer 60A are coupled to the Aø-2 address lines of the bus 64. The output 63 of the multiplexer 60A is coupled to the D7 data line of the bus 64. The microprocessor 66 controls which of the data inputs are coupled to the data output 63 by the address it supplies on the address lines 122. The chip select input 126 is coupled to the address lines in the bus 64 of the microprocessor 66 through a decoder on the reader CPU board to be discussed more fully below. The microprocessor 66 can enable the multiplexer 60A by writing the proper address on the address lines driving the decoder coupled to the line 126 (not shown).
A multiplexer 60B has its data output coupled to the D7 data line 63. The data inputs of the multiplexer 60B are coupled to various data channels. The XO data input is coupled by the line 128 to a "tamper" switch (not shown). The tamper switch is physically situated so as to change states when the faceplace of the card reader is removed causing an alarm message to be transmitted to the controller 20. The X1 data input is coupled to a "card in" switch (not shown). The "card in" switch is. situated so as to change states when a card is inserted in the card slot. By periodically checking the condition of these two switches, the microprocessor 66 can tell whether tampering is occurring or whether there is a card to be read in the card slot.
There are three groups of eight switches on the switch and relay board 62. A time offset group of switches 136 is comprised of 8 switches 136A-H which are used to set a binary number representing the number of minutes of time offset at the local card reader. In those cases where the local card reader is in a different time zone than the central controller 20, the switches 136 are set for the number of minutes by which the local time at the card reader differs from the time at the central controller.
A second group of switches 138 has several purposes. The switches 138A-D are used to set the amount of time that the unlock signal on the lines 34 to the door latch device causes the door latch to remain unlocked. The swithes 138A-D also determine the time of energization of a No Go relay 166 and the time the red and green LEDs (not shown) in the block 97 in Figure 2 are energized during certain times in the operation. The switch 138 E is used to signal whether a 12 hour or 24 hour time display format is desired. The switch 138F is used to enable and disable the buffer RAM 80 as an option. The switches 138G and H are not used.
The switches 140 are used by the customer to set the system code. The system code is one of the items of data which is magnetically stored on each cardholder's card. When the card reader makes the authorization decision locally without consulting the central controller 20, it is the system code stored on the switches 140A-H which is compared to the system code on the cardholder's card to determine if authorization will be granted.
The switches 136, 138 and 140 are individually addressable by the microprocessor 66 through the multiplexers 60A and 60B and a decoder 140. The decoder 140 has address inputs 142 coupled to the address lines in the bus 64. The address supplied on the lines 142 is converted in the BCD to decimal decoder 140 to a logic zero signal on one of the output lines 0-6 which comprise a bus 144. Each of the lines in the bus 144 is coupled to one terminal of a plurality of switches in the switch groups 136, 138 and 140. When the group address appears on the address lines 142, one of the outputs in the bus 144 goes low thereby activating that group. The other terminal of each switch is coupled to the cathode of a diode which has its anode coupled to one of the X0-X3 inputs of the multiplexer 60B via the lines 132, 134, 130, 128, 146 or 148. All of the X0-X3 inputs are also coupled to a + 5 volt supply through the resistors 150, 152, 154 and 156. The X0-X3 inputs will be held in a logic one condition except if the line coupling that input is also coupled to a group of switches of which one has been enabled by a logic zero from the decoder 140 and the switch is closed. The groups of switches coupled to the X0-X3 inputs of the multiplexer 60B intersect with the groups connected to the bus 144 such that for any particular output of the decoder 140 which has been enabled, and for any particular input of the multiplexer 6OB which has been enabled, only one switch is coupled to both enabled lines. Thus the microprocessor 66 can individually read each switch in the groups 136, 138 and 140 by changing the address signals on the address lines of the bus 64. The multiplexer 60B has its inhibit line grounded by the line 158 and its disable input held high by connection through a resistor 160 to a +5 volt supply. The disable input is pulled low to take the D7. output out of the high impedance state when the signal
Figure imgf000016_0001
is true on the line 162. The line 162 is coupled to a decoder on the reader CPU board 67 which is coupled to address and control lines of the microprocessor 66 in the bus 64.
Data to be transmitted to the microprocessor 66 is placed on the TX data line 58 by a driver 70. The driver 70 also has several other outputs. For example, the output line 164 can be connected to an optional No Go relay 166. When the line 164 is grounded by the driver 70, a +5 volt supply coupled to the other terminal of the coil of the No Go relay 166 causes current to flow through the relay coil, thereby energizing it and causing the electrical conditions on the lines 168 coupled to the relay contacts to change.
In the preferred embodiment, the decoder 140 is a 74145 type TTL decoder such as is made by Signetics, the MUX 60A is a 74LS251 type multiplexer such as is made by Texas Instruments, the MUX 60B is a MC14512, CMOS type decoder such as is made by Motorola, and the driver 70 is an NE590 type driver such as is made by Signetics.
An output line 96 from the driver 70 is coupled to the GO LED (not shown) to energize it when authorization to make access has been granted. An output line 72 from the driver 70 is coupled to a terminal of the coil of a Go relay 71. When the driver 70 grounds the line 72, a +5 volt supply coupled to the other terminal of the relay coil energizes the coil, causing the relay contacts to change the condition on the lines 34 coupled to the door locking device.
The driver 70 has a data input, the Dø data bit on the line 68, and it has address inputs on the lines 172. The address inputs 172 are coupled to the microprocessor 66 by the bus 64. The address at these inputs determines which of the outputs of the driver 70 will be coupled to the data input 68. The microprocessor 66 can thus write a logic 0 or 1 to any of the outputs of the driver 70 by controlling the address on the lines 172 and the data on the data input line 68 which is coupled to data bit zero of the bus 64. The chip enable and clear inputs are coupled to decoder 250 of Figure 6C and a gate 282 in
Figure 6B by the Signal lines
Figure imgf000017_0001
and
Figure imgf000017_0002
Referring to Figures 5A & 5B, there is shown a circuit diagram of the RAM buffer and power fail detect board. The RAM buffer 80 has address lines 174 which are coupled to the address lines of the microprocessor 66 in the bus 64. Data inputs and outputs 176 are also coupled to the microprocessor 66 data lines in the bus 64. A write enable line 178 is coupled to a control line in the bus 64 from the microprocessor 66 to control whether the RAM buffer 80 is reading or writing data through the data lines 176 to the address specified on the lines 174.
A chip select line 180 is coupled to a decoder 86. The decoder 86 has a VMA signal input line 184 coupling one input of a NOR gate 182 to a VMA control line of the microprocessor 66 in Figure 6B. The VMA signal is true when there is a valid memory address on the address lines 174. Because the other input to the NOR gate 182 is grounded, the NOR gate 182 serves as an inverter with the output on the line 186 false when a valid memory address is present on the address lines 174. The resistor 188 couples a positive voltage supply to the VMA input of the gate 182 to hold it at logic one except when VMA is false. A NOR gate 190 has one input coupled to the output of the NOR gate 182 and the other input coupled to a
Figure imgf000018_0001
signal from a decoder 248 in Figure 6C. The CPU 66 can cause
Figure imgf000018_0002
ø to be true, i.e., logic zero, and can assert VMA on the line 184. This causes two logic O's at the inputs of the NOR gate 190 and a logic 1 appears on the line 194. This logic 1 is inverted in a NOR gate 196 and appears as a logic 0 on the line 198.
A NOR gate 200 serves to gate a power fail detect signal on a line 202 from a power fail detector 84 through to the chip select input line 180 of the RAM buffer 80 if power fails. When power has not failed, however, the signal on the line 180 controls whether the RAM 80 is selected or deselected. Normally, the signal from the power fail detector 84 on a line 216 is a logic 0 indicating no power failure. When the signal on the line 198 is a logic 0, the RAM 80 is selected because the signal on the line 204 is a logic 1 which is inverted by a NOR gate to assert the
Figure imgf000018_0003
signal on the line 180 at logiz zero thereby enabling the RAM buffer 80 to read and write data. A
Figure imgf000018_0004
signal on a line 208 comes from a reset circuit on the reader CPU board which will be described below. The RST signal is a logic 0 at power up but becomes a logic one 1.2 seconds later as will be explained in connection with Figure 6B. A NOR gate 210 inverts this signal such that its output line 212 which is coupled to one input of a NOR gate 214 is normally low after power has been on for 1.2 seconds.
The NOR gate 214 has its other input coupled to the output of a comparator 222 in the power fail detect circuit 84. The comparator 222 has its inverting input 224 coupled to a voltage reference of approximately 5.3 volts when the power has not failed. The line 224 is held at this reference level by the voltage divider effect of the resistors 228 and 226 which couple a +12 volt D.C. supply to ground. The non-inverting input 230 of the comparator 222 is coupled to a 3.6 volt reference source derived from battery power. This reference voltage is generated by a resistor 232 which couples a battery 82 (not shown) to ground through a zener diode 234. The zener has a 3.6 volt breakdown voltage, and has its cathode coupled to the line 230. The comparator 222 has a resistor 236 coupled between the output and its non-inverting input to provide positive feedback. The output on the line 216 will be a logic 0 as long as the power has not failed. When the power fails, the battery reference on the line 230 exceeds the voltage on the line 224, and the output on the line 216 rises to a logic 1 level indicating power has failed.
The logic 1 on the line 216 with the logic zero on the line 212 causes the NOR gate 214 to lower its output on the line 218 to a logic zero. This 0 on the line 218 is inverted to a 1 on the line 202 by the NOR gate 220 which causes the output of the gate 200 to change to a 0, thereby deselecting the buffer 80 if it was in a selected condition. When the RAM buffer 80 is deselected, no data may be written into or read out of the buffer. The power input 238 of the RAM buffer 80 will be coupled through any known switching mechanism 240 to the battery 82 (not shown) via a line 242 upon power failure.
Referring to Figures 6A, 6B, and 6C, there is shown a circuit diagram of the reader CPU board. The microprocessor 66 is coupled to a feature memory 98 by data lines 240 and address lines 242. The feature memory contains data regarding which optional features are in effect in the card reader. The microprocessor 66 is also coupled to a program memory 100 by the data lines 240 and the A0-A4 address lines 242. The enable inputs of the memories 100 and 98 are coupled via the lines 244 and 246 to the microprocessor's address lines 242 through decoders 248 and 250, respectively, in Figure 6C. A clock 252 generates timing signals for the IRQ and NMI inputs on the lines 254 and 256, respectively. The details of the construction and operation of the clock and of the feature and program memories will be appreciated by those skilled in the art. Any mechanism which generates signals periodically on the lines 254 and 256 will suffice for purposes of the invention.
The microprocessor 66 executes the instructions which are stored in the program memory 100. Within the program there are certain subroutines which accomplish various functions. The IRQ and NMI inputs on the lines 254 and 256 cause vectoring to certain of these subroutines. For example, the IRQ line 254, when asserted true, will cause the program control of the microprocessor 66 to be vectored to a routine which reads all the switches described herein. When the NMI line 256 is asserted true, the microprocessor 66 is vectored to a transmit routine which transmits data to the central controller 20 via the Tx data lines 58 and data lines 28.
The microprocessor 66 must be reset to the beginning of the program upon the initial application of power to the circuit. A power on reset circuit 254 accomplishes this purpose. A comparator 256 has its non-inverting input 258 coupled to a reference voltage defined by a resistive voltage divider comprised of the resistors 262 and 264 coupling the power supply .to ground. The inverting input 260 is coupled to one terminal of a capacitor 268 in an RC circuit comprised of a resistor 266 and the capacitor 268. When the power is first turned on, the capacitor 268 acts as an initital short to ground and the voltage on the line 258 will exceed the voltage on the line 260, and the output of the comparator 256 on the line 270 will be a logic 1. The line 270 is coupled to the input of a NOR gate 272 which acts as an inverter. The resistors 274 and 276 serve as a voltage divider to hold the line 270 in a logic 1 condition except when the comparator 256 asserts the line 270 low. The logic 1 at power up on the line 270 is inverted once in the NOR gate 272 and again in a NOR gate 278 to become the PONCLR signal on the line 280.
As the voltage on the capacitor 268 rises, it exceeds the voltage on the line 258 at a time determined by the values of the resistor 266 and the capacitor 268. When this happens, the 1 on the output line 270 changes to a 0 and line 280 follows suit. The initial 1 on the line 280 is communicated to the reset line 284 of the CPU 66 as a 0 by passage through a NOR gate 282. The other input to the NOR gate 282 is a line 286 from a deadman reset circuit 288. The line 286 is normally a logic 0 except when there is a problem, as will be described below. With the line 286 normally logic 0, the initial logic 1 on the line 280 is inverted by the NOR gate 282 and resets the microprocessor 66 to the beginning address of the program. Thereafter, the line 280 goes to a logic 0 and stays there.
The deadman reset circuit 288 serves to reset the microprocessor 66 in case there is a software problem. Normally, the deadman reset circuit 288 will attempt to reset the microprocessor 66 periodically unless the software gives a trigger signal "D/M trigger" on the line 290. Thus if for some reason the signal D/M trigger does not occur, program control is lost, and the deadman reset circuit will cause the program counter to be reset to the beginning program location.
The manner in which the deadman reset function is accomplished is through the use of two retriggerable monostable multi-vibrators 292 and 294. The one shot 292 has its B and clear (RD2) inputs coupled to a +5 volt source through a resistor 296 and are therefore always in a logic 1 state. The Q output on the line 298 is normally low until a negative transition occurs on the D/M trigger line 290, at which time the 0 output line 298 goes to a logic 1 state for a time determined by the values of the resistor 300 and the capacitor 302 coupled to the external
RC circuit terminals. However, the pulse time established by the resistors 300 and 302 is longer than the period of the D/M trigger signal. Thus, the output line 298 will not return to zero after the initial trigger pulse because the D/M trigger signal on the line 90 continues to retrigger the one shot 292.
The signals on the lines 298 and 280 are coupled to the inputs of a NOR gate 304. The output line 306 of the NOR gate 304 is coupled to the clear input of the one shot 294. The B input of the one shot 294 is held in a logic 1 condition by connection to a +5 volt supply through the resistor 296. The A input of the one shot 294 is coupled by a line 308 to the clock 252 and carries a 600 hertz clock signal.
After the initial power up period, the NOR gate 304 will have a logic 0 at the input coupled to the line 280 and a logic 1 at the line 298 input unless the D/M trigger signal on the line 290 does not occur. The output line 306 will remain in a logic 0 state at all times which causes the one shot 294 to ignore all signals at the
A and B inputs. However, if the D/M trigger signal on the line 290 fails to occur on schedule, indicating some problem with the program execution, the one shot 292 will time out and enable the one shot 294. The clock signal on the line 308 will then trigger the one shot 294 causing a logic 0 to 1 transition on the line 286. This causes the line 284 to drop from logic 1 to 0 and resets the microprocessor 66. Referring to Figure 6C, there is shown a logic diagram of the decoder circuitry which forms part of the decoder 86 in Figure 2. The decoder chip 248 has its select inputs coupled to the AI2-AI4 lines of the address bus 242 of the microprocessor 66. The G1 enable input 310 is coupled to the ø2 output from the microprocessor 66 which is the clock signal for the rest of the system. The G2A enable input is held low by virtue of being coupled to the output of an inverter 314 which has its input coupled to a logic 1. The G2B input is coupled to the power on clear signal PONCLR on the line 280. The decoder 250 has its A and B select inputs coupled to the address bus 242 and its C select input coupled to the R/W signal from the microprocessor 66. The G1 enable input is coupled to the ø2 clock signal from the microprocessor 66, and the G2A enable signal is connected to the Yø output from the decoder 248. The G2B enable input is coupled to the A7 line of the address bus 242 from the microprocessor 66.
Both the decoders 248 and 250 are 74L5138 one of eight decoders such as are manufactured by Texas Instruments. The outputs of the two decoders 248 and 250 are coupled to the various chip select inputs in the system as labelled in Figure 6C. By writing the proper addresses on the address lines 242, the microprocessor 66 can enable any chip in the system needed for a particular operation. Turning to Figures 7A and 7B there is shown a logic diagram of the circuitry of the transaction buffer 88 and the degraded mode buffer 89 of Figure 2. A battery backup circuit 356 in Figure 7B serves to protect the information in the RAM chips shown in Figure 7B upon power failure. Each of the RAM chips is a 6116LP-4 CMOS static RAM such as is manufactured by Hitachi. The +5-volt line supply voltage on the line 358 normally causes a forward bias on the diode 360 and the +5 volt signal is thus coupled to the output line 362. However, when the power fails, the positive voltage on the line 364 from the battery 366 exceeds the voltage on the line 358 which causes a reverse bias on the diode 360. The diode 368, however, will be forward biased such that the battery power will be coupled to the line 362 to keep the information in the RAM intact. A series of decoders 370-372 are coupled to the All line of the address bus 242. These decoders are 74LS139 one of four decoders in the preferred embodiment. The decoders have outputs 373-378 which are coupled to the chip select inputs of the 6 RAM chips of Figures 8B through a power fail detect circuit 382. Each decoder has its B enable input coupled to the VMA output 184 from the microprocessor 66 to enable the decoder to read the All bit when the decoder has been enabled. The decoders 370372 are enabled by enable signals on the lines 379-381 coupled to the decoder 248 in Figure 6C. A power fail circuit 382 senses when the line power represented by the voltage on the line 358 has failed by comparing the voltage at a node 386 maintained by the line to the voltage at a node 388 maintained by a battery. A comparator 390 changes the state of its output 392 when the battery voltage at the node 388 exceeds the line voltage at the node 386. The comparator is a National LM311 in the preferred embodiment.
The chip select signals on the lines 373-378 are individually coupled through 74LS32 OR gates 393-398 to the chip select inputs of the RAM chips in Figure 7B. Each chip select input is also coupled through the OR gates 393-398 to the output 392 from the comparator 390 such that when the comparator finds a failure of line power, all the RAM chips in Figure 7B will be deselected so as to maintain the integrity of the data.
The connections and functioning of the RAM chips of Figure 7B will be apparent to those skilled in the art. Data from the microprocessor 66 is input and output on the bus 240 to and from the memory locations having the addresses on the bus 242. Turning to Figure 8 there is shown a flow diagram of the steps which are taken to transmit the data in the transaction buffer 88 to the central controller 20. The steps of Figure 8 are taken each time a poll signal comes in from the controller 20. The CPU normally operates in an executive mode symbolized by the state 441 in Figure
8. The executive jumps to various subroutines which perform housekeeping and command scan functions. These subroutines are symbolized by the state 443. One of the functions is to periodically check for the presence of a poll signal from the controller 20 in Figure 1. The poll signal is sent periodically to each card reader in the system via the enable pair 26 coupled that card reader.
The check for the presence of a poll signal is symbolized by the state 447 in Figure 8. If no poll has been received, the CPU returns to its other housekeeping functions in the state 443 via the path 449.
If a poll has been received, the CPU will check an internal counter which is incremented each time a transaction is stored in the transaction buffer 88. This operation is symbolized by the block 451 in Figure 8. If the count is non-zero, then, the CPU knows that there is data in the transaction buffer 88 which needs to be transmitted to the central controller 20. Transfer is then made to a state 448 by a path 450. If the count is zero, the CPU returns to its other functions because there is no data to transmit. This transfer is symbolized by the path 453.
In the state 448, the CPU determines if the buffer option flag is set in the feature memory 98 in Figure 2. If the feature is present, the CPU will retrieve the data for one transaction from the transaction buffer 88 and transmit it to the central controller 20. This operation is symbolized by the state 454 in Figure 8 and is accomplished by addressing one of the transactions in the transaction buffer 88 and reading the data there by the bus 64. The data is then converted to serial format in the CPU 66 and sent via the Dø data bit line 68 to the driver 70 in Figure 2. The driver then places the data on the Tx data lines 58 and it is sent through the optical isolator board 54 onto the data line 28 to the central controller 20. The CPU then returns to the executive routine via the path 456.
If the buffer option is not present, the CPU 66 will transfer to a state 460 by a path 458 where it checks for the presence of a card in the card slot. If there is a card in the card reader, the card data will be read by the CPU 66, converted to serial format and transmitted to the central controller 20. This step is symbolized by the block 462. Control is then returned to the executive. if there is no card in the reader, the CPU will transfer to the state 464 via the path 465 to determine if there is a time request pending. The card readers which have the time and attendance function keep the local time but periodically request the time from the central controller so as to synchronize the local time with the central controller time. If there is a time request pending, the card reader will ask the time of the central controller 20 as symbolized by the state 466 and return to the executive via the path 468. If no time request is pending, the CPU will acknowledge the poll as symbolized by the state 470 and return to the executive routine by the path 472.
Referring to Figure 9 there is shown a symbolic diagram of the memory tables used by the central controller 20 in downloading I.D. data to the readers for use in the super degraded mode. The readers 22 and 24 can request downloading when they are inititally turned on since they will not have any I.D. data stored in their degraded mode buffers 89. Also, the control controller 20 can download the degraded mode data to the appropriate readers periodically, at random or whenever the data in the controller memory tables is changed by the user. Referring jointly to Figures 9 and 10, the downloading operation will be explained. Figure 10 shows an algorithm for the software of the controller 20 detailing the steps taken by the controller to download I.D. data to degraded mode readers. Not all readers in a system need be degraded mode readers. The readers which are to be degraded mode are designated by the user by making an entry in the super degraded mode memory table 700. Each reader in the system has an entry in the SDM memory table 700. The reader entries consist of one byte of data of which two bits are used to designate the condition of the reader and the balance is used for other purposes including designating whether or not the particular reader is to be functional in the degraded mode. The first bit 704 in the table entry for reader number
000 is used to signal whether the reader has a downloading request pending. All readers in the. system which have a downloading request pending at any particular time will have the first bit set in the reader entry in the SDM memory table 700. Each downloading request is processed individually until either the degraded mode buffer 89 in the requesting reader is full, and so signals, or the controller runs out of I.D. numbers of employees who are authorized to enter the location controlled by the requesting reader during degraded mode times. After the downloading request by a particular reader has been processed completely, the controller clears the first bit for the reader entry in the table 700, e.g., bit 704 for the reader 000. The controller continues this process until all downloading requests are completely processed.
Referring to Figure 10, the receipt of a download request from a reader xxx is represented by the block 708. If the controller initiated the downloading operation, it will send a message to the reader commanding the reader to make a downloading request. Either way, a downloading request is made by the reader xxx to the controller. When the controller senses the download request from the reader xxx, it checks the super degraded mode memory table 700 to determine if the reader xxx has been designated by the user as a super degraded mode reader as represented by the block 710. If it has not been so designated, the controller sends a termination message to the reader xxx indicating that there will be no downloading operation as represented by the block 712.
If the reader xxx has been designated as a super degraded mode reader, the controller will consult the reader xxx column in a Reader Authorization Memory Table 714 in Figure 9. The table 714 contains a column of entries for each reader in the system. Each employee in the system is assigned a specific I.D. number and a specific status number. The status number indicates which controlled areas in the system to which the employee has access. The purpose of the Reader Authorization Memory Table 714 is to correlate which readers are within each status group. Thus the table 714 takes the form of a matrix with an entry for each reader/status number combination. The entry for each reader/status number combination is a time zone number. The time zone number for each combination is used for access to a time zone table (not shown) which indicates, at any particular time of day, whether a person with the given status number is authorized to have access to a location controlled by the given reader. If the time zone number for a particular combination is zero' then persons with the given status number are never authorized to enter the location controlled by the given reader. Any reader status number combination which is a non-zero time zone number is a valid combination for super degraded mode. That is, no check of the time zone table is performed in super degraded mode. All I.D.'s in a status group with a nonzero time entry in the table 714 will be sent to the reader. These persons will be authorized entry during super degraded mode operation regardless of what time it is when they put their cards in the reader slot. This is different from normal operation when the cardholder can get in only at the times designated by the time zone. After the central controller 20 has consulted the Reader Authorization Memory Table 714 column for the reader xxx and determined all status numbers which have non zero time entries, the controller must determine which employees are within the groups with those status numbers. To do this, the controller 20 consults an Identificatin Number Memory Table 716 in Figure 9. The table 716 has an entry for every employee authorized to have access in the system. Each entry, of which the entry 718 is typical, has an I.D. number and a status number. The I.D. number identifies the particular employee and the status number indicates which areas to which he can have access. The table 716 is arranged in ascending numerical order by I.D. number. The central controller 20, in processing a downloading request from the reader xxx, scans the Identification Number Memory Table 716 in ascending order to find all I.D. numbers that have status numbers which correspond to the status numbers found when the table 714 was consulted for the reader xxx. The location of all authorized status numbers in the table 714 is represented by the step 720 in Figure 10. The step of locating all the I.D. numbers in ascending order within each authorized status group for the reader xxx is represented by the step 722 in Figure 10. During the process of collecting the I.D. number for downloading to the reader xxx, the controller 20 sets the "in process" bit for the reader xxx entry in the table 700 comparable to the bit 706 for reader 000.
After the I.D. numbers for the downloading of the reader xxx have been collected, the controller 20 clears the "download request" bit 704 and the "in process" bit
706 for the reader xxx entry in the Super Degraded Mode Memory Table 700. Also, the I.D. numbers collected for the reader xxx are transmitted to the reader xxx for storage in the Degraded Mode Authorized Access Buffer 89 in Figure 2. These steps are represented by the blocks 724 and 726. Thereafter, the controller 20 waits for the next download request from another reader.
Referring to Figure 11 there is shown a flow diagram of the steps taken by the reader in processing card data in the super degraded mode. For clarification, each reader in the system can optionally function in either a "degraded" mode or a "super degraded" mode. In both cases, communication with the central controller 20 is not possible but the access decision transaction storage operations are different in each mode. In the "degraded" mode, the reader compares only the system code on the card to the system code set by the user on the reader's switches in Figure 4B. Optionally the reader will record the I.D. number and the local time in the transaction buffer for transactions where authorization was granted and will mark the entry as a "Go" transaction.
In the "super degraded" mode, the reader will check the system code on the card against the switches and the I.D. data against data in the degraded mode buffer downloaded from the controller. The reader will record all transactions either "Go" or "No Go" in the transaction buffer and mark them as such.
The block 800 in Figure 11 symbolizes an executive routine part of which is the background block 802 which performs routine housekeeping checks and functions that the card reader does when it is not doing one of the foreground processing routines to handle conditions discovered by the CPU during processing in the executive routine. Part of the normal executive routine is to check for the periodic appearance of a poll signal from the central controller. This check is symbolized by the block 804. If a poll signal has arrived from the controller during the last 30 seconds, the CPU will branch to the block 806 and avoid the degraded mode states. The block
806 represents the normal command processing performed by the reader during times when communications with the central controller are functioning normally, such as reading cards in the slot, sending the card data to the controller for an access decision, receiving a message from the controller either granting or denying access and causing access to be either granted or denied. The readers in the system which are designated as super degraded mode must load their degraded mode buffers with the I.D. numbers of all those employees who are authorized access during times when communication is lost. There are at least two times when this downloading must occur: first, upon power-up; and, second, upon a change in the information in the tables having to do with the super degraded mode in the central controller. The blocks 808, 810 and 812 represent the power-up downloading. The block 808 represents the determination as to whether the degraded mode buffer 808 needs to be initially loaded after power-up. If a power-up situation is found, the reader CPU will determine whether the super degraded mode option is present in the feature memory as represented by the block 810. Control returns to the executive routine 800 if the reader either is not in a power-up situation or the super degraded mode option is not present.
If the reader CPU finds that both a power-up situation exists and that the super degraded mode option is present, the reader will request a download from the controller, and store the downloaded I.D. data in the super degraded mode authorized access buffer 89 in Figure 2. This is represented by the block 812. After downloading is completed, control is returned to the executive. If the reader executive routine has not detected a poll within the last 30 seconds, the reader CPU will enter the degraded mode as symbolized by the path 814 and the states following it.
The reader must first determine whether there is a card in the reader slot as symbolized by the state 816. If there is no card, control is returned to the executive routine as symbolized by the path 818. If there is a card in the reader, the reader CPU will read the card and then check the feature PROM 98 to determine if the super degraded mode option is in effect as symbolized by the state 820. If not, program control will be transferred to a state 822 wherein the reader CPU checks the feature PROM 98 to determine if the degraded mode option is in effect. If it is not in effect, program control returns to the executive routine 800 as symbolized by the path 824.
If the degraded mode option is in effect as determined in the state 822, the reader CPU will compare the system code data on the card in the slot against the system code set on the switches on the switch and relay board 62 as represented by the state 826. If there is not a match, then program control is transferred to a state 828 where the red LED on the front panel of the reader is lit for a time. Some readers will have a "No Go" option in effect. The reader CPU will check the feature memory 98. and determine whether the "No Go" option is in effect as symbolized by the state 830. If it is not in effect, control will be transferred back to the executive. If it is in effect, then the reader CPU will energize a "No Go" relay for a time set by switches on the switch and relay board 62 as represented by the state 832. The No Go relay can be used to ring an alarm or control any other function. Control is then returned to he executive.
Referring again to the state 826, if a match in the system code was found, then the reader energizes a "Go" relay and lights the green LED on the front of the panel as symbolized by the state 834. If the buffer option for the degraded mode is in ef fect , a determination represented by the state 836 , then the reader will store the I . D. number on the card and the local time in the transaction buf fer 88 . The reader CPU will also mark the record as a "Go" transact ion such that when the content of the transaction buf fer is later transmitted to the central controller , the "Go" transactions will be printed out in one color whereas "No Go" transactions stored while operating in the super degraded mode can be printed in a different color . This operation of recording and marking the transaction records is symbolized by the state 838 . Subsequently, control is returned to the executive 800.
Returning to the state 820 in Figure 11, if the reader CPU check of the feature PROM 98 indicates that super degraded mode option is in effect , the super degraded mode authorized access buffer must be checked to determine if it is full. This check is represented by the state 840. If it is full, the card in the slot will be ignored as represented by the state 842.
If the super degraded mode authorized access buffer is not full, program control is transferred to the state 844. There the reader CPU checks the feature PROM 98 to determine if the IDEC option is present. If it is present, control is transferred to the state 846 where the reader CPU determines whether the IDEC password was properly entered as represented by the state 846. If the IDEC option is not in effect, the state 846 is skipped as symbolized by the path 848 and the data checking states 850 and 852 are entered. If the IDEC password, comprised of several digits entered frcm a reader keyboard 854, is not properly entered, the reader enters the state 856.
The state 856 represents the reader CPU operations of storing the I.D. number from the rejected card and the time of day for the transaction and marking the entry as a "No Go" transaction. The transactions in the transaction buffer 88 are marked either "Go" or "No Go" so that they may be printed out in different colors or otherwise segregated by the central controller. If the IDEC option is present and the IDEC password was properly entered, the reader CPU enters the state 850 to determine if there is a system code match between the card data and the switches. If there is not a match, the state 856 is entered. If there is a match, the reader CPU enters a state 852 to determine if there is an I.D. code match. To make the I.D. code match, the reader CPU compares the I.D. data from the card to the I.D. data in the super degraded mode authorized access buffer 89 which was downloaded from the central controller when communication was possible.
If there is a match with any I.D. record in the buffer 89, the reader CPU enters the state 858 to store the transaction. The state 858 represents the steps of storing the I.D. number from the card and the local time in the transaction buffer 88 and marking the record as a "Go" transaction. Thereafter, the reader CPU enters the state 860 where the Go relay is energized and the Green LED is lit. Control is then returned to the executive routine 800.
After the transaction buffer is loaded and communication with the central controller returns, the reader will transmit the data in the transaction buffer, one transaction at a time to the controller using the algarithm of Figure 8.
Referring to Figure 12, there is shown a flow diagram of the steps taken by the readers when the controller 20 requests to dump I.D. data into the super degraded mode buffer. As usual, the reader CPU is functioning in the executive routine 800 when, as part of the routine, the inquiry is made as to whether a command has been received from the controller as represented by the state 862. If no command has been received, the other tasks of the executive routine are continued as symbolized by the path 864.
If a command has been received, the reader CPU enters the state 866 wherein it determines from the feature PROM 98 whether the super degraded mode option is present. If it is not present, then program control is returned to the executive routine 800 to determine what, if anything, to do about the command that was received.
If the super degraded mode option is present, the reader CPU enters the state 868. In this state, the reader determines if the command that was received from the central controller was an I.D. dump command indicating that the controller wishes to download I.D. information from its memory tables. If it was not such a command, the reader returns to the executive routine 800 to determine what to do.
If the command was an I.D. dump command, the reader will enter a state 870 wherein the reader will request a download from the CPU. Thereafter, the reader enters, a state 872 wherein the I.D. records coming in from the controller are stored in the super degraded mode buffer 89.
As each I.D. record comes in, the reader CPU stores it as represented by the state 872 and then enters a state 874 to determine if the super degraded mode buffer 89 is full. If it is not full, the reader requests another I.D. record as symbolized by the state 876. The controller 20 may have no more ID's to send so the reader CPU enters a state 878 to determine if the controller has sent a message indicating that it has no more ID's to send. If the controller has sent such a message, control is returned to the executive 800. However, if no such message has been sent, program control is returned to the state 872 to store the next incoming I.D. record.
Returning to the state 874, if the reader CPU finds that the super degraded mode buffer 89 was filled by storage of the last received I.D. record, a state 880 will be entered wherein the reader will transmit an "I'm full" message to the controller indicating it cannot accept any further I.D. records. Control will then be returned to the executive routine. Below as Appendix A, there is listed the object code of the reader software for performing the super-degraded mode functions described herein.
Although the invention has been described in terms of the preferred embodiment, any variation which accomplish the same functions in a similar means using similar apparatus are intended to be included.
Figure imgf000037_0001
Figure imgf000038_0001
Figure imgf000039_0001
Figure imgf000040_0001

Claims

WHAT IS CLAIMED IS;
1. A security system for controlling access by people to an area comprising: a card reader for controlling access to said area and for reading data stored on cards and for comparing said data to data stored in said reader regarding who is authorized access to said area and said card reader for granting access to said area if the card data matches the stored data for an authorized person; and a central controller for storing I.D. data regarding who is authorized access to said area during times when communication between said card reader and said central controller is not possible and for communicating said data to said card reader during times when communication with said card reader is possible.
2. A security system as defined in Claim 1 further comprising means in said reader for communicating during times when communication with said central controller exist, data read from said card to said central controller for the central controller to make the access decision and means in said central controller for making said access decision and for sending a message to said card reader regarding whether or not to grant access.
3. An apparatus as defined in Claim 1 or 2 including a plurality of card readers and wherein said central controller includes: first means to store data regarding which of said readers is authorized to grant access during times when communication with said card reader are lost; second means to store data regarding which employees are authorized access to each card reader location; and third means for receiving requests from any of said readers for downloading of I.D. data and for determining if said requesting reader is authorized to grant access during degraded mode times by consulting said first means and for consulting said second means to find the I.D. data for all persons authorized access to the location controlled by the requesting reader during degraded mode times and for sending said data to said requesting reader for storage.
4. An apparatus as defined in Claim 1 wherein said reader includes means for requesting downloading of I.D. numbers from said central controller after initial power up of the reader.
5. An apparatus as defined in Claim 1 wherein said card reader reads a card storing system code data identifying the organization that the card holder belongs to and I.D. data identifying the particular individual.
6. An apparatus as defined in Claim 5 wherein said card reader includes means for granting or denying access optionally on either the system code card data alone or upon both the system code and the I.D. data on said card.
7. An apparatus as defined in Claim 6 further comprising means to store the I.D. data for all persons granted access during degraded mode times for later communication to said central controller.
8. An apparatus as defined in Claim 7 further comprising means for storing the time that each person was granted access.
9. An apparatus as defined in Claim 6 further comprising means for storing data records comprising the
I.D. data for each person that was either granted or denied access during degraded mode operation for later transmission to said central controller when communications are restored. io. An apparatus as defined in Claim 9 wherein said data records include the time of the transaction and are marked as either a "Go" transaction where access was granted or a "No Go" transaction where access was denied.
11. An apparatus as defined in Claim 5 wherein said card reader includes a keyboard and includes means for granting or denying access on all of. the system code and the I.D. data on the card and a password entered by the card holder on said keyboard.
12. A security system comprising: a plurality of card reader means coupled to said central controller for reading data stored on magnetic cards and for either transmitting it to said central controller when communication with said central controller is possible or for comparing the card data to data stored in said card reader means in order to make a local decision to grant or deny access during times when communication with said central controller is not possible, and said card reader means for storing data from each said, central controller regarding which persons are authorized access to their particular controlled areas during times when communication with said central controller is not possible; storage means in said plurality of card reader means for storing the I.D. data and time of day for each transaction where access was either granted or denied during times when communication between said central controller and said card reader means is not possible; means in said central controller for receiving card data transmitted from said plurality of card reader means when communication with said card reader means is possible and for deciding whether to grant or deny access based upon said card data and for transmitting a message back to the card reader means that sent the card data causing said card reader means either to grant or deny access; means in said central controller for determining when a particular card reader means is requesting a download of I.D. data and for determining whether the requesting card reader means is authorized to grant access to any person during degraded mode times when communication between the card reader means and the central controller are lost and for finding the I.D. data for each person authorized to have access during degraded mode times to the area controlled by said card reader means and for sending said I.D. data to said card reader means for storage.
13. A method of operating a security system comprised of a card reader and a central controller comprising the steps of: reading a card to derive data from said card; sensing whether communication between said central controller and said card readers is possible; sending said card data to said central controller if communications with said central controller are possible; determining in said central controller if access is to be granted or denied; sending a message from said central controller to said reader indicating whether access is to be granted or denied; granting or denying access to the area controlled by said card reader based upon said message from said central controller; comparing said card data to data stored in said card reader by said central controller during times when communication with said central controller is not possible and granting or denying access based upon said comparison.
14. A method of operating a card reader in a security system having a central controller and a card reader comprising the steps of: loading in a buffer, I.D. data for persons authorized access during times when communication with said central controller is lost; sensing when communication with said central controller is lost; reading card data comprising system code data identifying the card holder's organization and I.D. code data identifying the individual; comparing said system code data to a first set of data stored in said card reader; comparing said I.D. code data to a second set of data loaded from said central controller during a time when communication existed; storing the I.D. code data from the card in a buffer in the card reader and marking the record as a "No Go" transaction if either the system code or the I.D. code do not match data stored in said card reader and marking the record as a "Go" transaction if both the system code and the I.D. code match data stored in the card reader and access is granted.
15. A method of operating a security system having a card reader and a central controller including the steps of Claim 14 comprising the additional steps of: sensing when said card reader needs to be loaded with I.D. data for persons authorized access during degraded mode times when communication with said central controller is lost; determining whether said card reader is authorized to grant access to any person during degraded mode times; locating the I.D. data for all persons who are authorized access to the area controlled by the requesting card reader during degraded mode times; and transmitting said I.D. data to said requesting card reader for storage and use by said card reader in granting or denying access during times when communication with said central controller is not possible.
16. A method of operating a security system having a plurality of card readers and a central controller comprising the steps of: storing in said central controller the I.D. data of all persons authorized access to the areas controlled by each card reader; transmitting the I.D. data for a particular card reader to that card reader during times when communication with said card reader are possible; comparing data read from a card to data stored in a particular card reader during times when communication between said card reader and said central controller are not possible for purposes of making the decision to grant or deny access to the card holder locally at the card reader without the need for communication with said central controller.
17. The method of Claim 16 further comprising the step of storing the I.D. data and time of each transaction, regardless of whether access is granted or denied, in said card reader during times when communication with said central controller are not possible and transmitting said transaction data to said central controller when communication is restored.
PCT/US1983/000057 1983-01-10 1983-01-10 Improved card reader for security system WO1984002786A1 (en)

Priority Applications (8)

Application Number Priority Date Filing Date Title
EP83900819A EP0137767B1 (en) 1983-01-10 1983-01-10 Improved card reader for security system
PCT/US1983/000057 WO1984002786A1 (en) 1983-01-10 1983-01-10 Improved card reader for security system
DE8383900819T DE3381654D1 (en) 1983-01-10 1983-01-10 CARD READER FOR SECURITY SYSTEM.
AT83900819T ATE53683T1 (en) 1983-01-10 1983-01-10 CARD READER FOR SECURITY SYSTEM.
JP58500850A JPS60500340A (en) 1983-01-10 1983-01-10 Improved card reader for security systems
CA000444892A CA1207458A (en) 1983-01-10 1984-01-09 Card reader for security system
IT67022/84A IT1178816B (en) 1983-01-10 1984-01-10 SECURITY SYSTEM PARTICULARLY FOR ACCESS CONTROL TO A PREDETINED AREA AND METHOD FOR THE USE OF SUCH SYSTEM
US07/036,150 US4816658A (en) 1983-01-10 1987-04-03 Card reader for security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US1983/000057 WO1984002786A1 (en) 1983-01-10 1983-01-10 Improved card reader for security system

Publications (1)

Publication Number Publication Date
WO1984002786A1 true WO1984002786A1 (en) 1984-07-19

Family

ID=22174804

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1983/000057 WO1984002786A1 (en) 1983-01-10 1983-01-10 Improved card reader for security system

Country Status (7)

Country Link
EP (1) EP0137767B1 (en)
JP (1) JPS60500340A (en)
AT (1) ATE53683T1 (en)
CA (1) CA1207458A (en)
DE (1) DE3381654D1 (en)
IT (1) IT1178816B (en)
WO (1) WO1984002786A1 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0348959A2 (en) * 1988-07-01 1990-01-03 Fujitsu Limited Update processing system for an automated teller machine
WO1996030875A1 (en) * 1995-03-31 1996-10-03 Cheuk Fai Ho Improvements in or relating to the control or monitoring of electrical equipment
US5576526A (en) * 1992-05-13 1996-11-19 Schulte-Schlagbaum Aktiengesellschaft Closure system
GB2306721A (en) * 1995-10-18 1997-05-07 Canmoy Holdings Ltd Resource controller
GB2302755B (en) * 1995-03-31 1999-02-10 Cheuk Fai Ho Improvements in or relating to controlling or monitoring access to a restricted area
WO2006021047A1 (en) * 2004-08-27 2006-03-02 Honeywell Limited An access control system and a method of access control
EP1821262A2 (en) * 2006-02-13 2007-08-22 Gallner, Leopold System for checking the authorisation of persons to carry out activities requiring authorisation
EP2648171A1 (en) * 2012-04-06 2013-10-09 Zenpark System and method for managing parking space occupancy
US8878931B2 (en) 2009-03-04 2014-11-04 Honeywell International Inc. Systems and methods for managing video data
US8941464B2 (en) 2005-10-21 2015-01-27 Honeywell International Inc. Authorization system and a method of authorization
US9019070B2 (en) 2009-03-19 2015-04-28 Honeywell International Inc. Systems and methods for managing access control devices
US9280365B2 (en) 2009-12-17 2016-03-08 Honeywell International Inc. Systems and methods for managing configuration data at disconnected remote devices
US9344684B2 (en) 2011-08-05 2016-05-17 Honeywell International Inc. Systems and methods configured to enable content sharing between client terminals of a digital video management system
US9704313B2 (en) 2008-09-30 2017-07-11 Honeywell International Inc. Systems and methods for interacting with access control devices
US9894261B2 (en) 2011-06-24 2018-02-13 Honeywell International Inc. Systems and methods for presenting digital video management system information via a user-customizable hierarchical tree interface
US10038872B2 (en) 2011-08-05 2018-07-31 Honeywell International Inc. Systems and methods for managing video data
US10362273B2 (en) 2011-08-05 2019-07-23 Honeywell International Inc. Systems and methods for managing video data
US10523903B2 (en) 2013-10-30 2019-12-31 Honeywell International Inc. Computer implemented systems frameworks and methods configured for enabling review of incident data
EP4227916A1 (en) * 2022-02-10 2023-08-16 dormakaba EAD GmbH Presence detection terminal and method of operating same to protect against sabotage

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019018134A1 (en) * 2017-07-19 2019-01-24 Birde Technologies Llc Tamper-evident item and item validation system and method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3941977A (en) * 1972-09-01 1976-03-02 The Mosler Safe Company Off-line cash dispenser and banking system
US4091448A (en) * 1976-10-29 1978-05-23 Clausing Martin B Off-line, one-level/on-line, two-level timeshared automated banking system
US4109238A (en) * 1975-10-06 1978-08-22 1St Natl. Bank Of Atlanta Apparatus for verifying checks presented for acceptance
US4114027A (en) * 1976-09-13 1978-09-12 The Mosler Safe Company On-line/off-line automated banking system
US4197986A (en) * 1977-04-28 1980-04-15 Omron Tateisi Electronics Co. Money transaction system
US4249163A (en) * 1976-09-29 1981-02-03 G.A.O. Gesellschaft Fur Automation Und Organisation Mbh Automatic money dispenser and method
US4355369A (en) * 1975-07-30 1982-10-19 Docutel Corporation Automatic banking machine

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4218690A (en) * 1978-02-01 1980-08-19 A-T-O, Inc. Self-contained programmable terminal for security systems
JPS5921424B2 (en) * 1980-06-27 1984-05-19 オムロン株式会社 How to unlock using a card

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3941977A (en) * 1972-09-01 1976-03-02 The Mosler Safe Company Off-line cash dispenser and banking system
US4355369A (en) * 1975-07-30 1982-10-19 Docutel Corporation Automatic banking machine
US4109238A (en) * 1975-10-06 1978-08-22 1St Natl. Bank Of Atlanta Apparatus for verifying checks presented for acceptance
US4114027A (en) * 1976-09-13 1978-09-12 The Mosler Safe Company On-line/off-line automated banking system
US4249163A (en) * 1976-09-29 1981-02-03 G.A.O. Gesellschaft Fur Automation Und Organisation Mbh Automatic money dispenser and method
US4091448A (en) * 1976-10-29 1978-05-23 Clausing Martin B Off-line, one-level/on-line, two-level timeshared automated banking system
US4197986A (en) * 1977-04-28 1980-04-15 Omron Tateisi Electronics Co. Money transaction system

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0348959A2 (en) * 1988-07-01 1990-01-03 Fujitsu Limited Update processing system for an automated teller machine
EP0348959A3 (en) * 1988-07-01 1991-09-18 Fujitsu Limited Update processing system for an automated teller machine
US5576526A (en) * 1992-05-13 1996-11-19 Schulte-Schlagbaum Aktiengesellschaft Closure system
WO1996030875A1 (en) * 1995-03-31 1996-10-03 Cheuk Fai Ho Improvements in or relating to the control or monitoring of electrical equipment
GB2302755B (en) * 1995-03-31 1999-02-10 Cheuk Fai Ho Improvements in or relating to controlling or monitoring access to a restricted area
GB2306721A (en) * 1995-10-18 1997-05-07 Canmoy Holdings Ltd Resource controller
GB2306721B (en) * 1995-10-18 1999-10-27 Canmoy Holdings Ltd A resource controller
WO2006021047A1 (en) * 2004-08-27 2006-03-02 Honeywell Limited An access control system and a method of access control
US8941464B2 (en) 2005-10-21 2015-01-27 Honeywell International Inc. Authorization system and a method of authorization
EP1821262A2 (en) * 2006-02-13 2007-08-22 Gallner, Leopold System for checking the authorisation of persons to carry out activities requiring authorisation
EP1821262A3 (en) * 2006-02-13 2008-05-21 Gallner, Leopold System for checking the authorisation of persons to carry out activities requiring authorisation
US9704313B2 (en) 2008-09-30 2017-07-11 Honeywell International Inc. Systems and methods for interacting with access control devices
US8878931B2 (en) 2009-03-04 2014-11-04 Honeywell International Inc. Systems and methods for managing video data
US9019070B2 (en) 2009-03-19 2015-04-28 Honeywell International Inc. Systems and methods for managing access control devices
US9280365B2 (en) 2009-12-17 2016-03-08 Honeywell International Inc. Systems and methods for managing configuration data at disconnected remote devices
US9894261B2 (en) 2011-06-24 2018-02-13 Honeywell International Inc. Systems and methods for presenting digital video management system information via a user-customizable hierarchical tree interface
US9344684B2 (en) 2011-08-05 2016-05-17 Honeywell International Inc. Systems and methods configured to enable content sharing between client terminals of a digital video management system
US10038872B2 (en) 2011-08-05 2018-07-31 Honeywell International Inc. Systems and methods for managing video data
US10362273B2 (en) 2011-08-05 2019-07-23 Honeywell International Inc. Systems and methods for managing video data
US10863143B2 (en) 2011-08-05 2020-12-08 Honeywell International Inc. Systems and methods for managing video data
FR2989203A1 (en) * 2012-04-06 2013-10-11 Zenpark SYSTEM AND METHOD FOR MANAGING OCCUPANCY OF PARKING SPACES
EP2648171A1 (en) * 2012-04-06 2013-10-09 Zenpark System and method for managing parking space occupancy
US10523903B2 (en) 2013-10-30 2019-12-31 Honeywell International Inc. Computer implemented systems frameworks and methods configured for enabling review of incident data
US11523088B2 (en) 2013-10-30 2022-12-06 Honeywell Interntional Inc. Computer implemented systems frameworks and methods configured for enabling review of incident data
EP4227916A1 (en) * 2022-02-10 2023-08-16 dormakaba EAD GmbH Presence detection terminal and method of operating same to protect against sabotage

Also Published As

Publication number Publication date
ATE53683T1 (en) 1990-06-15
EP0137767B1 (en) 1990-06-13
IT1178816B (en) 1987-09-16
JPS60500340A (en) 1985-03-14
IT8467022A0 (en) 1984-01-10
CA1207458A (en) 1986-07-08
EP0137767A1 (en) 1985-04-24
DE3381654D1 (en) 1990-07-19
EP0137767A4 (en) 1985-11-07

Similar Documents

Publication Publication Date Title
US4816658A (en) Card reader for security system
US4538056A (en) Card reader for time and attendance
EP0137767B1 (en) Improved card reader for security system
US4095739A (en) System for limiting access to security system program
US5475378A (en) Electronic access control mail box system
US4698630A (en) Security system
CA2242031C (en) Biometric time and attendance system with epidermal topographical updating capability
US3866173A (en) Access control system for restricted area
USRE36426E (en) Time controlled lock system
US5089692A (en) Electronic lock
US4634846A (en) Multimode programmable stand-alone access control system
EP2487652B1 (en) Security device with offline credential analysis
EP0104767B1 (en) Card reader for security system
US5567926A (en) Minibar system
US4544832A (en) Card reader with buffer for degraded mode
CN102419874A (en) Facilities controlling system and method
AU569030B2 (en) Improved card for security system
US4142097A (en) Programmable keyboard sequencing for a security system
EP0107291A2 (en) Card reader for security system
CA1210595A (en) Method of and apparatus for discriminating between various types of check-out periods in employee time- recording systems and the like
EP0105594A2 (en) Card reader for security system
JP2818178B2 (en) Card access control system
JPH0792845B2 (en) Time recorder
JP2871042B2 (en) Access control device
JPH0764914A (en) Terminal access management device

Legal Events

Date Code Title Description
AK Designated states

Designated state(s): AU JP US

AL Designated countries for regional patents

Designated state(s): AT BE CH DE FR GB LU NL SE

WWE Wipo information: entry into national phase

Ref document number: 1983900819

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1983900819

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 1983900819

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1983900819

Country of ref document: EP