WO2002005219A1 - Assembly for verifying the user authorisation for devices protected by user identifications - Google Patents
Assembly for verifying the user authorisation for devices protected by user identifications Download PDFInfo
- Publication number
- WO2002005219A1 WO2002005219A1 PCT/AT2001/000219 AT0100219W WO0205219A1 WO 2002005219 A1 WO2002005219 A1 WO 2002005219A1 AT 0100219 W AT0100219 W AT 0100219W WO 0205219 A1 WO0205219 A1 WO 0205219A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- control
- devices
- central computer
- memory
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
Definitions
- the invention relates to an arrangement for checking the user authorization for secured by user ID devices with each connected to an input and display unit Steuerchn ⁇ for the devices and with a central computer connected to the control stages for comparing the input and display unit Entered user IDs with user IDs stored in an ID memory and assignable from user data memory.
- the authorization check can be advantageous for all connected devices from the central device Computers are carried out, but in this central computer there must also be an assignment of the user IDs to the user data of the users, so that the services used by the users in the area of the individual facilities can also be properly billed to the users, for example via a corresponding one Account management.
- this linking of the user data with a central authorization check which is advantageous per se for a plurality of usable devices brings with it difficulties with regard to data protection, in particular if the shared authorization check is to be used by independent operators of the devices.
- the invention is therefore based on the object to design a device for checking the user authorization for secured by user ID devices of the type described so that a link to an operator of the facilities to be used user data of a user to be provided with the for the verification provided user IDs can be excluded on the central computer.
- control stages for the devices are connected at least in groups to a control computer which is connected to the user data memory and can be controlled by the central computer, the central computer and a registration device for users with input stages on the one hand for in the identifier memory User IDs to be stored and, on the other hand, for the user data to be stored in the user data memory, is assigned such that the registration device has an index output stage for the data records entered and optionally the central computer or the control computer has an output stage for the indexes which can be assigned to key codes and can be read into both the central computer and the control computer and that depending on the comparison of the user IDs entered via the input and display unit with the stored user IDs of the compared B User identification associated key code can be read from the key code memory of the central computer in the control computer.
- the user data e.g. B. personal data of the users are managed in a control computer independent of the central computer, to which the central computer has no access rights, a link between the user IDs and the user data is no longer possible if care is taken to ensure that the ID memory for the user IDs is used exclusively the central computer and the user data memory are assigned exclusively to the control computer.
- a registration device for users with input stages is provided on the one hand for the user IDs to be stored in the identification memory and on the other hand for the user data to be stored in the user data memory.
- the central computer assigns a key code to each user ID, which is also passed on to the control computer, in the area of which the key codes are assigned to the user data. This will make this assignment possible ensures that the registration device has an index output stage for the data records entered, so that on the one hand the key codes output in connection with the input of the user ID and on the other hand the user data can be provided with these indexes, which then assign the key codes to the user data in the area of the control computer allow.
- this key code output can also be assigned to the control computer, because the only important thing is to communicate the key codes to both computers.
- the user ID entered via its input and display unit is compared with the registered user IDs stored in the identification memory and, if the registered user ID associated with this, matches the key code from the key code memory of the central computer in the control computer.
- the transmission of a key code to the control computer means that it was determined via the central computer that the user ID entered in the area of a device is associated with a user authorization which can be identified via the assigned key code, but only in the area of the control computer.
- the device selected by the user can then be released for use, depending on additional parameters, by controlling the control level associated with the selected device.
- control stages for the devices can have a code transmitter for each device use.
- These user codes can be output both to the central computer and to the control computer, which in the area of the control computer leads to a complete documentation of every facility use, because in this If the key code also allows the user code to be passed on from the central computer to the control computer.
- this checking option can be used by mutually independent operators of different facilities without one Possibility of access to the data of the other operator.
- the operators only need to be provided with separate control computers which are connected to the facilities belonging to the respective operator.
- the provision of several control computers for devices grouped together, however, requires that the control computers are each assigned separate key codes even in the case of common users, so that when a new user registers, an operator of a group of devices must first check whether this user has not already been registered by another operator.
- the user ID which has already been registered and is stored in the identification memory of the central computer can only be assigned an additional key code.
- the selection of the respective key code then depends on the assignment of the device used in each case to the individual control computers. If a device is connected to two or more control computers, the control computer belonging to the respective user must be selected via the associated input and display unit.
- the respective user has to prove his authorization by entering a user ID.
- the devices 1 combined in a group A are assigned a control stage 2 with an input and display unit 3.
- the input user ID which can be structured very differently and includes, for example, biometric data, such as fingerprints, is at most fed to a central computer 4 after an evaluation in control stage 2, with the aid of which the input user ID with authorized user IDs stored in an identification memory 5 for authorized users User is compared.
- the central computer 4 is only responsible for checking the entered user ID with the stored user IDs of authorized users, while the administration of the user data is outsourced to an independent control computer 6.
- the central computer 4 only assigns a key code to the user IDs, which is stored in a key code memory 7 of both the central computer 4 and the control computer 6. If the match of the entered user ID with a user ID stored in the identification memory 5 is therefore determined, then only the associated key code needs to be read out of the key code memory 7 of the central computer 4 into the control computer 6 in order to use the assignment of the individual key codes stored in this control computer 6 to connect the checked user of a device 1 with his user data to the user data stored in a user data memory 8.
- control computer 6 Since the control computer 6 is connected to the control stages 2 of the devices 1, additional parameters for the activation of the devices 1 managed by the control computers 6 can be checked for the activation of the devices 1 via the control stages 2. Such for example, parameters can depend on the status of a user account that can be loaded via the control computer 6.
- control stages 2 of the devices 1 are assigned code transmitters 9, the use codes of which permit these distinctions. Via these user codes, which are assigned to the key code for the user ID checked by the central computer 4, each check can be uniquely assigned to the respective use of a device 1 in the control computer 6.
- a registration device 10 which has an input stage 11 for the user ID and an input stage 12 for the user data.
- the user IDs are read into the ID memory 5 of the central computer 4 on the one hand and the associated user data into the user data memory 8 of the control computer 6 on the one hand via the input stages 11 and 12. Since the user IDs are stored separately from the user data in mutually independent computers 4 and 6 before a common key code can be assigned to these data records, the registration device 10 is provided with an index output stage 13, on the basis of whose index the assignment of a new key code to the newly registered user data becomes possible.
- an output stage 14 for key codes is initiated via the central computer 4, which on the one hand assigns the newly issued key code to the registered user ID and on the other hand forwards this key code together with the index assigned during the new registration to the control computer 6, so that the key code can be linked to the newly registered user data via the index.
- the output stage 14 for key codes can can also be assigned to the control computer 6, which requires the key code to be forwarded to the central computer 4.
- the possible checking of the user authorization of a user of the devices 1 via the common computer 4 can be used not only for a group A of devices 1, but also for several device groups, as is the case for a group B of devices 15 is shown, which can differ significantly from devices 1, because it is only a question of the authorization check via an identifier comparison.
- Group B of devices 15 is assigned a separate control computer 16 which, like control computer 6, is provided with a key code memory 7 and a user data memory 8.
- a control stage 2 with an input and display device 3 is assigned to the devices 15, wherein the individual device uses can be clearly distinguished from one another with the aid of operating codes from code transmitters 9.
- control computers 6 and 16 are assigned different key codes in order to be able to clearly differentiate, even with common users, whether a facility use must be attributed to the control computer 6 or the control computer 16.
- the operators of the setup tion groups A and B completely independent of each other. They only use the authorization check via the central computer 4, the services of which can therefore be used by very different users, without there being a risk that data can be exchanged between the control computers 6, 16 of the users via the central computer 4.
- a device 1 or 15 could also be connected to both control computers 6, 16 in order to enable the use of this device both by the users who are recorded by the control computer 6 and by the users of the control computer 16. This is readily possible if it is ensured that with the necessary actuation of the associated input and display unit 3 by a user, the control computer 6 or 16 responsible for this user is selected.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE50113236T DE50113236D1 (en) | 2000-07-10 | 2001-07-05 | ARRANGEMENT FOR VERIFYING THE USER RIGHTS FOR DEVICES SECURED BY USER IDENTIFICATIONS |
AU2002218793A AU2002218793A1 (en) | 2000-07-10 | 2001-07-05 | Assembly for verifying the user authorisation for devices protected by user identifications |
EP01984188A EP1299864B1 (en) | 2000-07-10 | 2001-07-05 | Assembly for verifying the user authorisation for devices protected by user identifications |
AT01984188T ATE377814T1 (en) | 2000-07-10 | 2001-07-05 | ARRANGEMENT FOR VERIFICATION OF AUTHORITY TO USE FACILITIES SECURED BY USER IDENTIFICATIONS |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ATA1177/2000 | 2000-07-10 | ||
AT0117700A AT410489B (en) | 2000-07-10 | 2000-07-10 | ARRANGEMENT FOR CHECKING THE USER AUTHORIZATION FOR DEVICES SECURED BY USER IDS |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002005219A1 true WO2002005219A1 (en) | 2002-01-17 |
Family
ID=3686660
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/AT2001/000219 WO2002005219A1 (en) | 2000-07-10 | 2001-07-05 | Assembly for verifying the user authorisation for devices protected by user identifications |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1299864B1 (en) |
AT (2) | AT410489B (en) |
AU (1) | AU2002218793A1 (en) |
DE (1) | DE50113236D1 (en) |
WO (1) | WO2002005219A1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0733999A2 (en) * | 1995-03-17 | 1996-09-25 | Kabushiki Kaisha Toshiba | Entering/leaving control system |
DE19541672A1 (en) | 1995-11-09 | 1997-05-15 | Hsb Umwelttechnik Gmbh | Biometric access control to secured process |
EP0794306A2 (en) * | 1996-03-09 | 1997-09-10 | KRONE Aktiengesellschaft | Electronic access control and security system |
WO1998041947A1 (en) * | 1997-03-17 | 1998-09-24 | Smarttouch, Inc. | Use sensitive tokenless identification system |
US5995014A (en) * | 1997-12-30 | 1999-11-30 | Accu-Time Systems, Inc. | Biometric interface device for upgrading existing access control units |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE3636680A1 (en) * | 1986-10-28 | 1988-05-11 | Josef Ritzer | Accessory for coin-operated cigarette machines |
US5483596A (en) * | 1994-01-24 | 1996-01-09 | Paralon Technologies, Inc. | Apparatus and method for controlling access to and interconnection of computer system resources |
-
2000
- 2000-07-10 AT AT0117700A patent/AT410489B/en not_active IP Right Cessation
-
2001
- 2001-07-05 WO PCT/AT2001/000219 patent/WO2002005219A1/en active IP Right Grant
- 2001-07-05 AT AT01984188T patent/ATE377814T1/en active
- 2001-07-05 DE DE50113236T patent/DE50113236D1/en not_active Expired - Lifetime
- 2001-07-05 EP EP01984188A patent/EP1299864B1/en not_active Expired - Lifetime
- 2001-07-05 AU AU2002218793A patent/AU2002218793A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0733999A2 (en) * | 1995-03-17 | 1996-09-25 | Kabushiki Kaisha Toshiba | Entering/leaving control system |
DE19541672A1 (en) | 1995-11-09 | 1997-05-15 | Hsb Umwelttechnik Gmbh | Biometric access control to secured process |
EP0794306A2 (en) * | 1996-03-09 | 1997-09-10 | KRONE Aktiengesellschaft | Electronic access control and security system |
WO1998041947A1 (en) * | 1997-03-17 | 1998-09-24 | Smarttouch, Inc. | Use sensitive tokenless identification system |
US5995014A (en) * | 1997-12-30 | 1999-11-30 | Accu-Time Systems, Inc. | Biometric interface device for upgrading existing access control units |
Also Published As
Publication number | Publication date |
---|---|
EP1299864A1 (en) | 2003-04-09 |
AU2002218793A1 (en) | 2002-01-21 |
ATA11772000A (en) | 2002-09-15 |
EP1299864B1 (en) | 2007-11-07 |
ATE377814T1 (en) | 2007-11-15 |
DE50113236D1 (en) | 2007-12-20 |
AT410489B (en) | 2003-05-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE3044463C2 (en) | ||
DE19528203C1 (en) | Locking system for useful object used by user for determined time | |
EP2034378B1 (en) | Machine tool with access control device | |
EP2122588B1 (en) | Chip card having a first user function, method for selecting an identifier, and computer system | |
WO2015117850A1 (en) | Method for accessing a physically secured rack and computer network infrastructure | |
DE4332411A1 (en) | Theft protection for motor vehicles with several control units for vehicle components | |
EP0805607A2 (en) | Method for accessing at least a part of the data of a microprocessor card | |
DE102012014039B4 (en) | System for using slot machines | |
EP3471068A1 (en) | Distributed system for managing personal information, method and computer program product | |
EP2126858B1 (en) | Chip card and method for releasing a chip card function | |
DE3601157C2 (en) | ||
DE19648042A1 (en) | Road vehicle with key having memory | |
DE102007041370B4 (en) | Chip card, electronic device, method for producing a chip card and method for using a chip card | |
DE10122367A1 (en) | Method and device for the interactive output or rental of goods from the warehouse of a goods management system | |
EP1299864B1 (en) | Assembly for verifying the user authorisation for devices protected by user identifications | |
DE102005015792A1 (en) | Electronic system for numerically controlled industrial processing machine, has computer operating printing machine, and another computer including authorization device storing access data for personnel with access authorization | |
EP1067482B1 (en) | Printed image | |
DE102015220798A1 (en) | Access control system for a storage area and access control procedures | |
DE102007019839B4 (en) | Method for using a chip card and chip card | |
EP0846821B1 (en) | Device for checking the user authorization of an access control system | |
EP3874473A1 (en) | Method for cascading electronic lock locking mechanisms | |
EP0203543B2 (en) | Method and device for verifying IC cards | |
EP1035706A2 (en) | Method to connect at least two network segments to an access controller through a user identifier | |
DE10347431A1 (en) | Remote maintenance and monitoring system for computer systems, e.g. medical computer systems, whereby access to restricted data is only enabled after prior authorization by an authorization entity | |
DE102016117482A1 (en) | SAFE AND SAFE SAFETY SYSTEM |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001984188 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 091562001 Country of ref document: AT |
|
WWP | Wipo information: published in national office |
Ref document number: 2001984188 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWG | Wipo information: grant in national office |
Ref document number: 2001984188 Country of ref document: EP |