Title:

United States Patent 3846622

Abstract:

An access control system is described for permitting authorized persons to enter restricted areas. Each authorized person is issued a card with a multi-bit number coded thereon in machine readable form. At the time he is issued the card, the authorized person is also given a number to be memorized. When the authorized person seeks to enter a restricted area, he places his card into the access control system which reads the machine readable number from the card and transforms the card number by a transformation means into a transformed number. The transformed number is formed in two parts, the first part being formed by interacting some card number bits with selected, but fixed, machine-generated bits. The second part of the transformed number is formed by interacting the remainder of the card number bits with a first part of the transformed number which was obtained by interacting card number bits and fixed bits. The two parts of the transformed number are then compared with the memorized number which is entered into a system keyboard by the person seeking to enter the restricted area. If a favorable comparison occurs between the entered memorized number, a signal is produced to permit the person to enter.

Inventors:

MEYER M

Application Number:

05/293595

Publication Date:

11/05/1974

Filing Date:

09/29/1972

Export Citation:

Assignee:

The Mosler Safe Company (Hamilton, OH)

Primary Class:

Other Classes:

221/2, 340/5.6

International Classes:

Field of Search:

235/61

View Patent Images:

US Patent References:

3740530 | APPARATUS AND METHOD FOR VERIFICATION OF A CREDIT CARD | 1973-06-19 | Hoffer | |

3715569 | CREDIT CARD AUTOMATIC CURRENCY DISPENSER | 1973-02-06 | Hicks | |

3700862 | INDICIA SYSTEM FOR CREDIT CARDS AND THE LIKE | 1972-10-24 | Snook | |

3665162 | IDENTIFICATION SYSTEM | 1972-05-23 | Yamamoto | |

3662343 | CREDIT CARD AUTOMATIC CURRENCY DISPENSER | 1972-05-09 | Goldstein | |

3643064 | CODE AUTHENTICATOR | 1972-02-15 | Hudson | |

3641315 | SYSTEM FOR AUTOMATICALLY CONDUCTING OFFICE WORK REQUIRED FOR TRANSACTIONS AT A BANK AND THE LIKE | 1972-02-08 | Nagata | |

3610889 | IDENTIFICATION CARD CONTROL SYSTEM | 1971-10-05 | Goldman | |

3602695 | DOCUMENT-CODING METHOD AND APPARATUS | 1971-08-31 | Boss | |

3513298 | HIGH SECURITY CREDIT CARD SYSTEM | 1970-05-19 | Riddle | |

3401830 | Vending machine for credit card purchasing | 1968-09-17 | Mathews | |

3221304 | Electronic identification system employing a data bearing identification card | 1965-11-30 | Enikeieff | |

3006997 | Keyboard transmitter for telegraph signs of the morse type | 1961-10-31 | Evensen |

Primary Examiner:

Cook, Daryl W.

Attorney, Agent or Firm:

Wood, Herron & Evans

Claims:

What is claimed is

1. An apparatus for verifying that an authorized person is seeking entrance into a restricted area, the apparatus comprising in combination:

2. The apparatus in claim 1 wherein said second number transforming means includes

3. The apparatus in claim 2 wherein additionally including internal feedback means to control which transformed number bits in said second part of a transformed number are input to said third number transforming means.

4. An apparatus for verifying that an authorized person is seeking entrance into a restricted area by presenting a card with a card number thereon and inserting a memorized number, the apparatus comprising in combination:

5. The apparatus in claim 4 additionally comprising selective steering means for selectively steering, as a function of the bits stored in selected bit positions in said first storage means, one of two transformed number bits from either said first or second group of transformed number bits to further transforming means for transforming said steered bit with a card number bit stored in said first storage means to form a transformed number bit of said second sub-group.

6. Apparatus for verifying that an authorized person is seeking to enter a restricted area by presenting a card with a card number thereon and inserting a memorized number, the apparatus comprising in combination:

7. A verification method for determining whether a person is authorized to enter a restricted area, the method comprising the steps of:

8. The verification method in claim 7 wherein Step (e) includes the steps of

9. The verification method in claim 8 wherein Step (a) includes selecting, as a function of card number bits, which bit in the first group of transformed number bits is transformed with which card number bit and wherein Step (b) includes selecting, as a function of card number bits, which bit in the first sub-group is transformed with which card number bit.

1. An apparatus for verifying that an authorized person is seeking entrance into a restricted area, the apparatus comprising in combination:

2. The apparatus in claim 1 wherein said second number transforming means includes

3. The apparatus in claim 2 wherein additionally including internal feedback means to control which transformed number bits in said second part of a transformed number are input to said third number transforming means.

4. An apparatus for verifying that an authorized person is seeking entrance into a restricted area by presenting a card with a card number thereon and inserting a memorized number, the apparatus comprising in combination:

5. The apparatus in claim 4 additionally comprising selective steering means for selectively steering, as a function of the bits stored in selected bit positions in said first storage means, one of two transformed number bits from either said first or second group of transformed number bits to further transforming means for transforming said steered bit with a card number bit stored in said first storage means to form a transformed number bit of said second sub-group.

6. Apparatus for verifying that an authorized person is seeking to enter a restricted area by presenting a card with a card number thereon and inserting a memorized number, the apparatus comprising in combination:

7. A verification method for determining whether a person is authorized to enter a restricted area, the method comprising the steps of:

8. The verification method in claim 7 wherein Step (e) includes the steps of

9. The verification method in claim 8 wherein Step (a) includes selecting, as a function of card number bits, which bit in the first group of transformed number bits is transformed with which card number bit and wherein Step (b) includes selecting, as a function of card number bits, which bit in the first sub-group is transformed with which card number bit.

Description:

This invention relates generally to access control systems and, more specifically, to control systems for assuring that only authorized persons are permitted access to a restricted area.

For instance, security and numerous other reasons, manufacturers and others have found it desirable, if not necessary, to limit entrance into their facilities to authorized personnel. The dangers of unauthorized entry into such facilities are quite numerous. For example, a manufacturer may be involved in producing products of military importance. The military secrets involved in such manufacture must be maintained in confidence and positive measures must be taken to prevent disclosure of these secrets to unauthorized persons. Besides secrecy, access to certain manufacturing areas often must be limited for safety reasons because large and dangerous machinery located within a restricted area may injure persons unfamiliar with such machinery. In other manufacturing operations, a manufacturer may be producing a product by a secret process, the secrecy of which he desires to maintain. By preventing unauthorized entry into such manufacturing areas, disclosure of the secret process is made unlikely.

In order to assure that only authorized persons enter restricted areas, many approaches have been tried. One common technique used by manufacturers has been to employ a security guard to check identification cards of personnel entering the restricted area. The success of such an approach, however, depends upon the conscientiousness of the guard himself. During periods when large numbers of employees are entering or leaving a restricted area, for example, when a work shift changes, the guard may become somewhat lax and fail to recognize that an unauthorized person has entered the restricted area.

To overcome the possibility that a security guard might fail to notice an unauthorized person entering a restricted area, numerous mechanical devices have been devised in an attempt to remove the possibility of human error. These mechanical devices frequently employ a card, a coded badge, or other identification device for identifying authorized personnel. When the apparatus determines that the card, badge, or other device is of an acceptable form, the apparatus automatically opens a door or, in some other manner, permits access to a restricted area. This approach, however, does not prevent access to a restricted area by a person who has obtained the card or badge of another by some unauthorized means. In fact, neither the security guard nor the mechanical systems of the type described is capable of detecting an individual attempting to enter a restricted area with an identification means obtained by unauthorized methods.

In an effort to prevent unauthorized persons from entering restricted areas with illictly obtained identification means, additional identification checks have been provided in various automated access control systems. These checks generally include a test on a memorized number which is entered via a keyboard by the person seeking admittance to the restricted area and a test on an identification card entered into a card reader. In some systems, the card number and the memorized number are compared and if identical to each other, the access control apparatus will permit the individual to enter the restricted area. This approach, like previous approaches, is not completely foolproof because an unauthorized person can learn the memorized number directly from the card itself. Consequently, access by unauthorized persons to a restricted area is not completely avoided by this approach.

In an attempt to prevent unauthorized persons from learning the secret number from the card itself, various other methods have been tried which include scrambling the data on the card. In such systems, the apparatus that reads the card number also unscrambles the card number according to a fixed unscrambling method to generate a secret number for comparison with a memorized number entered by the card holder. A favorable comparison of the memorized with the unscrambled number is operative to permit access to a restricted area. Other systems have generated secret numbers from card numbers by first coding card data in the form of many data words, each word containing as many digits as there are digits in a memorized number known by the authorized card holder. Each digit of the system-generated secret number is formed by adding like digit positions of each word coded on the card, ignoring carries to form a sum digit. All of the sum digits, when combined, comprise the generated secret number which is then compared with the entered memorized number. As with other systems, a favorable comparison between the memorized and generated secret numbers will permit access to the restricted area.

The foregoing approaches have not been successful in preventing unauthorized access to restricted areas. The primary reason for this fact is that the methods for generating the secret number from the card is relatively simple to determine once a card is obtained and the memorized number assigned therewith is known. These identified prior art methods for generating a secret number usually produce secret numbers where a single digit change in the card number will only cause a single digit change in the associated generated secret number. This makes the secret number generating method relatively easy to determine. In addition, these prior art methods are entirely dependent on the data on the card itself to generate the secret number. This means that a person intent on compromising the system need only obtain relatively few card numbers and their associated memorized numbers to accomplish this objective.

With the foregoing in mind, it is a primary object of this invention to provide an access control system, which is difficult to defeat, of the type which requires entry of a specified number from memory before the holder of a card bearing a different number is permitted entry.

This object has been achieved by incorporating in the access control apparatus a number transformation circuit which operates on the card number prior to its comparison with the memorized number in a manner which is extremely difficult to determine from knowledge of a limited number of card numbers and their associated memorized numbers. More particularly, the invention contemplates transforming the multi-bit card number in two distinct steps wyich are then combined to form a composite transformation of the card number for comparison with a manually entered memorized number. In accordance with the first step of the card number transformation, certain bits of the card number are interacted with fixed data to form a first multi-bit component of the transformed number. The bits of this first transformed number component are also interacted with the remaining bits of the card number, to form a second multi-bit component of the transformed number. The two transformed number components are thereafter combined and the combination compared with the memorized number manually entered by the card holder. If the comparison is favorable, the holder is permitted entry.

In one preferred form of the invention the interaction scheme, or algorithm, utilized in generating the second transformed number component is invariant from card to card. However, in another embodiment of the invention, the interaction algorithm for the second transformed number component is a function of the card number itself and hence varies from card to card. With either embodiment, a highly defeat-resistant access control system is provided. An important advantage of this invention, and one significantly contributing to its defeat-resistance, is that in most instances alteration of even a single bit of the card number produces a change in a multiplicity of the bits of the transformed number and in turn the memorized number to which it must compare if access is to be permitted. Thus, even though two card numbers may differ by only a single bit, their corresponding memorized numbers will differ markedly, increasing the difficulty of defeat.

The foregoing and other objects, features and advantages of this invention will become more clear from the following detailed description of a preferred embodiment of the invention taken in connection with the drawings wherein:

FIG. 1 is a system diagram showing the functional units in the access control apparatus;

FIG. 2 is a detailed circuit diagram for a preferred transferred transformation number generator including two data transformers; and

FIG. 3 is another preferred secret number generator where the generated number is formed by a data transformer which has a changeable data transformation function which depends on the card number itself.

Generally, the access control system of the present invention includes a card 10 given to each authorized person. The card 10 has a multi-bit number coded thereon in machine-readable form along a strip 12. The card number may be an employee number, a social security number or some other number usually uniquely assigned to the individual. When the card is issued, the individual is given a multi-digit memorized number for use with the card in the access control system. When seeking entrance to a restricted area, the card holder places his card 10 into a card reader 14. At the same time, he enters his memorized number on a keyboard 16. The card number is transformed by a transform algorithm in accordance with the method of this invention into a transformed number which is indeterminate from the card number alone. The transformed number is compared with the memorized number in a compare circuit 20, a favorable comparison producing a signal to open a door or otherwise permit access to a restricted area.

Referring now to FIG. 1 in greater detail, a schematic diagram of the access control system of the present invention is shown. A card 10 with a data-carrying portion 12 is provided each authorized user. The card 10 is made of any suitable material including plastic, cardboard, rigid paper, metal or other suitable material and is preferably of the size and shape of a conventional credit card. The data-carrying portion 12 may be in the form of embossing, holes punched through the card, magnetically encodable material on the card itself or any other suitable machine readable means for carrying a multi-bit card number. In a preferred embodiment, the multi-bit card number comprises 12 binary bits C1, C2, . . . C12. A card reader 14 is provided to read the multi-bit card number C1, C2, . . . C12 from the card 10. The card reader 14 is itself well known and is adapted for reading the particular form of data coded on the cards accepted by the system.

When a card 10 is inserted into the card reader 14 through an entry slot 22, the card reader will read the multi-bit card number C1, C2, . . . C12 from the data carrying portion 12 and convert it into binary signals for transmission to a register 26 over line 24. In the preferred embodiment, the multi-bit card number C1, C2, . . . C12 is stored in twelve storage sections or stages C1', C2', . . . C12' of register 26, with one card number bit stored in each stage. It will be recognized by those skilled in the art that the multi-bit card number C1, C2, . . . C12 and the register 26 can take other forms. For example, the card number might be a multi-digit number in binary-coded-decimal form or other forms or may comprise a multi-bit number with either more or less than 12 bits.

After the multi-bit card number C1, C2, . . . C12 has ben read from the card 10 into the register 26, the stored card number bits C1, C2, . . . C12 are available for transformation according to the number transformation method and apparatus of this invention. The number transformation method includes selecting n bits S_{1}, S_{2}, . . . S_{n} from the register 26, where n is a number less than the number of stored card number bits C1, C2, . . . C12. The selected bits S_{1}, S_{2}, . . . S_{n} are transmitted over a line 28 from the register 26 to a first number transformer 30. A fixed number generator 32 is provided to generate a selectable, but fixed, multi-bit number for transmission over a line 34 to the first number transformer 30. In a preferred embodiment, the fixed number generator 32 generates four bits F_{1}, F_{2}, F_{3}, F_{4}. These bits are produced by connecting each wire of line 34 to a signal source, such as an electrical ground or other voltage source, via a settable switch or the like. Each switch setting is selected by the system owner and is dependent of the card number assigned. The selected card number bits from the register 26 input to the first transformer 30, in this example there being four such bits S_{1}, S_{2}, . . . S_{4} corresponding to the four fixed bits F_{1}, F_{2}, . . . F_{4}, and the fixed number bits F_{1}, F_{2}, F_{3}, F_{4} from the fixed number generator 32 are transformed by the first number transformer 30 is accordance with the transformation method of this invention to form a multi-bit first component T_{1}, T_{2}, T_{3}, T_{4} of a transformed number T_{1}, T_{2}, . . . T_{n}. The first component of the transformed number T_{1}, T_{2}, T_{3}, T_{4} is transmitted over a line 36 to the compare circuit 20 and comprises four of the transformed number bits T_{1}, T_{2}, . . . T_{n} which are to be compared with the memorized number. Preferably, the transformed number has twelve bits T_{1}, T_{2}, . . . T_{12} corresponding to the twelve bits of the card number.

The first component of the transformed number T_{1}, T_{2}, . . . T_{4} is also transmitted over a line 38 to a second number transformer 40. The remaining bits of the card number C1, C2, . . . C12 stored in register 26, that is, those not selected for input to first number transformer 30, are selected and transmitted over a line 42 to the second number transformer 40. These remaining bits which are selected, designated S_{5}, S_{6}, . . . S_{12}, and the first component T1, T_{2}, . . . T_{4} of the transformed number T_{1}, T_{2}, . . . T_{12} are transformed in accordance with the method of this invention to form a second multi-bit component T_{5}, T_{6}, . . . T_{12} of the transformed number T_{1}, T_{2}, . . . T_{12}. The second multi-bit component of the transformed number T_{5}, T_{6}, . . . T_{12} is placed on a line 44 for transmission to the compare circuit 20.

As described earlier, the individual seeking access to a restricted area will place a card into a card reader. At the same time he will enter a memorized number on the system keyboard 16. The memorized number, in the preferred embodiment, comprises a four digit octal number M_{1}, M_{2}, . . . M_{4}. The keyboard converts the memorized octal number M_{1}, M_{2}, ... M_{4} into twelve binary-coded-octal bits M(0)_{1}, M(0)_{2}, ... M(0)_{12}. The twelve bits M(0)_{1}, M(0)_{2}, ... M(0)_{12} corresponding to the memorized octal number M_{1}, M_{2}, M_{3}, M_{4} are transmitted over a line 46 to the compare circuit 20.

The compare circuit 20 itself comprises, in a preferred embodiment, a plurality of circuits for comparing each bit of the transformed number T_{1}, T_{2}, ... T_{12} with its respective memorized number counterpart bits M(0)_{1}, M(0)_{2}, ... M(0)_{12}. A typical compare circuit 20 may comprise, in part, 12 two-input EXCLUSIVE-OR elements for comparing the 12 bits of the transformed number T_{1}, T_{2}, ... T_{12} with the 12 bits of the memorized number M(0)_{1}, M(0)_{2}, ...M(0)_{12}. If each EXCLUSIVE-OR element detects an identity between a transformed number bit and a memorized number bit, a signal is generated by the compare circuit to permit entrance into the restricted area, it being assumed that a person entering the correct memorized number associated with a given card is an authorized person.

Referring now to FIG. 2, an actual circuit is shown for an access control system which transforms card number bits C1, C2, ... C12 according to the method of this invention into transformed number bits T_{1}, T_{2}, ... T_{12} for comparison with a manually entered multi-bit memorized number M(0)_{1}, M(0)_{2}, ... M(0)_{12}. The card number bits C1, C2, ... C12 are read by a reader into a card number register 60, each data bit filling one of the data bit positions labeled C1' through C12'.

A second register 62 is provided to store the memorized number bits M(0)_{1}, M(0)_{2}, ... M(0)_{12} corresponding to the four memorized number digits M_{1}, M_{2}, ... M_{4} entered into the keyboard which have been converted by the keyboard into binary-coded-octal format. These binary-coded-octal memorized number bits M(0)_{1}, M(0)_{2}, ... M(0)_{12} are stored in register 62 in bit positions labeled M(0)_{1} ', M(0)_{2} ', ... M(0)_{12} '.

the fixed number generator 32 may comprise a four bit register 64 with four bit positions labeled F_{1}, F_{2}, F_{3} and F_{4}. Each bit position of this register 64 is settable to a predetermined bit value, either a 0 or 1. Alternatively, the fixed number generator 32 may comprise a plugboard with outputs F_{1}, F_{2}, F_{3} and F_{4} selectively connected to a signal representing either a 0 or 1. The actual binary bits F_{1}, F_{2}, F_{3}, F_{4} for the fixed number register 64 is selected by the system owner and this setting is independent of the card numbers assigned.

The first data transformation means 30 comprises four EXCLUSIVE-OR circuits 70, 71, 72 and 73. Each of these EXCLUSIVE-OR circuits has two inputs, one input having a signal thereon representing the binary value of a fixed number bit F_{1}, F_{2}, F_{3}, F_{4} and the other input having a signal thereon representing a selected bit S_{1}, S_{2}, S_{3}, S_{4} for the card number stored in register 60. EXCLUSIVE-OR circuit 70, for example, has one input connected by a wire 66 to the F_{1} bit position of the fixed number register 64. The other EXCLUSIVE-OR circuit 70 input is connected by a wire 68 to bit position C3' in register 60, the signal wire 68 representing the selected bit S_{1}. In a similar manner, the remaining EXCLUSIVE-OR circuits 71, 72 and 73 have one input wired to a fixed number data bit position F_{2}, F_{3} or F_{4} and have the other input wired to other selected bit positions in the card number register 60 corresponding to selected bits S_{2}, S_{3} and S_{4}.

As described in connection with FIG. 1, the first data transforming means 30 has an output which forms a first part of the transformed number T_{1}, T_{2}, T_{3}, T_{4}. The EXCLUSIVE-OR circuits 70, 71, 72 and 73 which comprise the first number transformer 39 each have outputs wired by output wires 74, 75, 76 and 77, respectively, to the compare circuit 20. As hereinafter explained, the signals on the wires 74, 75, 76 and 77 (T_{1}, T_{2}, T_{3}, T_{4}) are compard with signals from certain bit positions in the memorized number register 62 to determine if the memorized number bits are the same as the bits comprising the first part of the transformed number T_{1}, T_{2}, T_{3}, T_{4}.

As earlier mentioned, the first portion T_{1}, T_{2}, T_{3}, T_{4} of the transformed number T_{1}, T_{2}, ... T_{12} are also input to the second number transformer 40. In FIG. 2, connecting wires 100, 101, 102, or 103 connect the first part T_{1} -T_{4} of the transformed number T_{1} -T_{12} with the second number transformation means 40. The card number bits not used to generate the first part of the transformed number T_{1} -T_{4} are selected and comprise the remaining inputs S_{5}, S_{6}, ... S_{12} to the second number transformation means 40.

The second number transformation means 40 includes a first set of EXCLUSIVE-OR circuits 104, 105, 106 and 107 each having two inputs and one output. One input of each EXCLUSIVE-OR circuit 104-107 is wired by the wires 100, 101, 102, and 103 to the output of the first number transformer 30, these wires having signals thereon representing transformer number bits T_{1}, T_{2}, T_{3}, T_{4}. The second input of each first set of EXCLUSIVE-OR circuits 104-107 is wired to a previously unselected card number bit position in register 60. The output of each first set EXCLUSIVE-OR circuit 104-107 is wired to an input of the input of the compare circuit 20 and comprises a portion of the second part of the transformed number bits, namely, bits T_{5}, T_{6}, T_{7}, T_{8} which are generated by transforming the first part of the transformed number, namely, bits T_{1}, T_{2}, T_{3}, T_{4} with selected card number bits S_{5}, S_{6}, S_{7}, S_{8}.

The remainder of the second part of the transformed number T_{9}, T_{10}, T_{11}, T_{12} is generated by a second set of EXCLUSIVE-OR circuits 110, 111, 112 and 113, each circuit having two inputs and one output. One of the two inputs for each second set EXCLUSIVE-OR circuit 110-113 is wired by a connectin wire to the output of a first set EXCLUSIVE-OR circuit, namely, output bits T_{5}, T_{6}, T_{7}, T_{8}. The other input of each second set EXCLUSIVE-OR is wired to selected bit positions S_{9}, S_{10}, S_{11}, S_{12} in the card number register 60. The output of the second set EXCLUSIVE-OR circuis 110-113, as stated, comprises the remainder T_{9}, T_{10}, T_{11}, T_{12} of the second part of the transformed number bits. The first part and the second part of the transformed number comprise the whole transformed number T_{1}, T_{2}, ... T_{12}.

Summarizing, the first part T_{1} -T_{4} of the transformed number T_{1} -T_{12} is formed by interacting selected card number bits S_{1}, S_{2}, S_{3}, S_{4} from the card number register 60 with selectable, but fixed, system number bits F_{1}, F_{2}, F_{3}, F_{4} from the fixed number register 64. The second part of the transformed number comprises bits T_{5}, T_{6}, ... T_{12} formed by interacting transformed number bits T_{1} -T_{4} with selected card number bits S_{5} -S_{12}. Because of the method used to form the transformed number, each transformed number bit T_{1}, T_{2}, T_{3}, ... T_{12} is a function of one fixed number bit and at least one card number bit. The fact that each transformed number bit is formed in part by interaction with a fixed number bit is the primary reason why the transformed number bits T_{1}, T_{2}, ... T_{12} cannot easily be determined by unauthorized persons from the card number itself.

The compare circuit 20 has been described in part earlier, and comprises a plurality of EXCLUSIVE-OR circuits 114-125 for comparing bits T_{1}, T_{2}, T_{3}, T_{4} from the data transforming means 30 and the bits T_{5}, T_{6}, ... T_{12} from the second data transforming means 40 with the binary-coded-octal memorized number bits M(0)_{1}, M(0)_{2}, ... M(0)_{12} stored in register 62. Each such EXCLUSIVE-OR circuit has two inputs and one output. One input of each EXCLUSIVE-OR circuit 114-125 is wired to one bit position M(0)_{1}, M(0)_{2}, ... M(0)_{12} in the memorized number register 62, while the other input is wired to one EXCLUSIVE-OR circuit outputs 74-85 representing transformation bits T_{1}, T_{2}, ... T_{12}. The output of each EXCLUSIVE-OR circuit 114-125 is wired to the input of an AND circuit 130. When all memorized number bits M(0)_{1}, M(0)_{2}, ... M(0)_{12} correspond to all transformed number bits T_{1}, T_{2}, ... T_{12}, the outputs of all the EXCLUSIVE-OR circuit 114-125 will have a signal thereon representing a binary 1. When all the outputs of the EXCLUSIVE-OR circuits 114-125 are a 1, the AND circuit 130 will produce a signal indicating all the transformed number bits T_{1}, T_{2}, ... T_{12} are identical to the memorized number bits M(0)_{1}, M(0)_{2}, ... M(0)_{12}. This condition is presumed to indicate that an authorized person seeks entry to a restricted area and he should be admitted because he knows the proper memorized number associated with the number coded on his card.

While the foregoing discussion of FIG. 2 has been made with particular emphasis on the specific wiring shown, it will be clear to those of skill in the art that the connecting wires between the various circuits may be changed so that the logical transfer function, or algorithm, defining any given transformed number bit can be different than described. Consequently, the data transformation of the first and second data transformers can be quickly modified by simply changing the wiring. This is highly advantageous for security reasons because it may become necessary to alter the number transformation algorithm at a given installation because some unauthorized person has obtained a card and learned the memorized number associated therewith. Of course, the same result can be achieved by changing the fixed number generator.

While the above description has disclosed a comparison circuit which comprises an exact comparing network, other forms of comparing circuits are equally usable. Such other possible compare circuits might determine whether there is a predetermined relationship between the transformed number and the keyboard-entered memorized number. For example, the transformed number and the keyboard-entered memorized number could be added together to form a sum for comparison with a constant number. If the sum equals the constant number, a predetermined relationship exists between the memorized number and the card number and a favorable compare signal would be produced to permit access to the restricted area.

Referring now to FIG. 3, another number transformation network is shown for transforming card number bits C1, C2, ... C12 into a transformed number bit T_{1}, T_{2}, ... T_{12} for comparison with a keyboard entered memorized number M_{1}, M_{2}, M_{3}, M_{4} represented by binary-coded-octal bits M(0)_{1}, M(0)_{2}, ... M(0)_{12}. This logic network generates two different groups of transformed number bits. The first group of transformed number bits is generated by transforming the card number bits with fixed machine generated bits. A second group of transformed number bits is generated by transforming the remaining card number bits with transformed number bits. In fact, some of the transformed number bits in this second group of bits are generated by this network from previously generated transformed number bits in the same group. This is possible because there are multiple feed-back paths within the second data group transformer shown in FIG. 3. As such, the second data group transformer forms a first sub-group of transformed number bits by transforming the first group of transformed number bits with selected card number bits. Further sub-groups of the second data group transformer are formed by transforming first sug-groups of transformed number bits with card number bits.

The card number read from a card, in the preferred embodiment of FIG. 3, comprises a twelve bit number C1, C2, ... C12 stored in a register 200 which includes twelve individual bit storage positions labeled C_{1} ', C_{2} ', ... C_{12} '. Each bit position for register 200 is connected by a wire to the number transforming network shown within the rectangular area enclosed by block 201.

A second set of inputs to the transforming network 201 comprises settable, but fixed, data from a fixed data generating means (not shown) which produces bit signals F_{1}, F_{2}, F_{3}, F_{4} representing fixed data on the fixed data bit input lines labeled F_{1} ', F_{2} ', F_{3} ', and F_{4} '. The fixed number input bits F_{1}, F_{2}, F_{3}, F_{4} are transformed with the card number bits C1, C2, ... C12 stored in register 200 in accordance with the number transforming method of the invention to form transformed number bits T_{1}, T_{2}, ... T_{12} output on twelve output lines 202-213. These output lines 202-213 comprise twelve input signals to a comparing circuit enclosed within block 214 which is constructed identically to the compare circuit 20 in FIG. 2. The other twelve inputs to the comparing circuit 214 are labeled M(0)_{1}, M(0)_{2}, ... M(0)_{12} and comprise wires having signals thereon representing the memorized octal number M_{1}, M_{2}, M_{3} , M_{4} (in binary-coded-octal format) entered on a system keyboard by the person seeking entry into the resticted area. If the binary-coded-octal keyboard memorized number M(0)_{1}, M(0)_{2}, ... M(0)_{12} is identical to the transformed number T_{1}, T_{2}, ... T_{12}, the comparison circuit 214 generates a signal indicating that the key-entered memorized number M_{1} - M_{4} and the transformed card number C1-C12 compare favorably because they are equal to each other, the generated signal being operative to permit access by the card holder into the restricted area.

Referring in greater detail to the circuit shown in FIG. 3, the fixed, machine-generated number F_{1}, F_{2}, F_{3}, F_{4} is carried on the four lines F_{1} ', F_{2} ', F_{3} ' and F_{4} '. Each of these input number lines forms one input to an EXCLUSIVE-OR element 220, 222, 224 or 226. The second input for each of these EXCLUSIVE-OR elements 220, 222, 224 and 226 is connected to one bit position in the card number register 200, namely, bit positions C12', C10', C7', C5', respectively. The output of each EXCLUSIVE-OR element 220, 222, 224 and 226 is connected to an output line 213, 211, 208, and 206, respectively. These output lines 213, 211, 208 and 206 have signals thereon which represent the binary value for the first group of the transformed number bits T_{12}, T_{10} , T_{7}, T_{5} which is generated by number transforming networks within block 201. The transformed number bits T_{12}, T_{10}, T_{7}, and T_{5} therefore are formed in the circuit of FIG. 3 in the same manner as transformed number bits T_{1}, T_{2}, T_{3}, T_{4} are formed in the circuit of FIG. 2.

The remainder of the transformed number bits T_{1}, T_{2}, T_{3}, T_{4}, T_{6}, T_{8}, T_{9}, T_{11} formed by the number transformer 201 in FIG. 3 are formed in a somewhat different means than those formed by the circuit in FIG. 2. To better understand this somewhat modified circuit, the operation of the number transforming network 201 is now described. The number transforming network 201 comprises three selector circuits 230, 232, and 234 and additionally includes two EXCLUSIVE-OR elements 236 and 238. The EXCLUSIVE-OR elements 236 and 238 each have one input connected directly to one bit positon C_{4} ' and C_{8} ' in the card number register 200. The other input for these EXCLUSIVE-OR elements 236 and 238 comprises one output from one of the selector circuits 230 and 234. The output of these EXCLUSIVE-OR circuits 236 and 238 are connected to number transforming second output lines 205 and 209 and constitute transformed numbers T_{4} and T_{8} .

Each selector circuit 230, 232 and 234 comprises three EXCLUSIVE-OR elements each having an output connected to one of the number transforming network output wires and additionally two such EXCLUSIVE-OR outputs form inputs to a set of four AND circuits which steer the transformed bits through a feedback network which is controlled by the binary value of bits stored in selected bit positions of the card number register 200. The AND circuit output for each selector circuit 230, 232, 234 is wired to an OR element whose output is connected to either a selector circuit input line or one of the EXCLUSIVE-OR circuits 236 or 238.

Since each selector circit 230, 232 or 234 has identical internal wiring, only selector circuit 230 will be described in detail. Three card number bit input wires 240, 242 and 244 are provided and are connected directly to three of the card number bit storage positions in register 200, namely, card bit storage position C_{1} ', C_{2} ', C_{3} '. These card number inputs 240, 242 and 244 each connect to one input of the EXCLUSIVE-OR elements 246, 248 and 250. The second input 252, 254 or 256 to each of these EXCLUSIVE-OR elements 246, 248 and 250 comprises feedback inputs which are connected to selector circuit outputs. The EXCLUSIVE-OR element 248 has an output connected directly to the number transforming network output line 203. The other EXCLUSIVE-OR elements 246 and 250, however, have these outputs connected to the number transforming network output lines 202 and 204, respectively, and also connected to one input of two AND circuits, the output of EXCLUSIVE-OR 246 forming one input to AND circuits 258, 260 while the output of EXCLUSIVE-OR circuit 258 forms one input to AND circuits 262 and 264.

The second input to each AND circuit 258, 260, 262 and 264 comprises a steering signal which is generated from one card number bit position. For selector circuit 230, the steering signal is carried by a wire 266 which is connected directly to the card number register 200 bit position C_{4} '. The signal on this wire 266 is connected directly to one input of AND circuits 258 and 264. An inverter circuit 268 is also connected to the wire 266. The output of this inverter circuit 268 is connected to an input of the AND circuits 260 and 262. The output for each of the AND circuits 258, 260, 262 and 264 is connected to one of two OR circuits 270 or 272. Specifically, the output of each AND cricuit 260 and 264 is connected to an input of the OR circuit 270, while the output of each AND circuit 258 and 262 is connected to an input of OR circuit 272.

In operation, the steering signal on the wire 266 is operative to gate the output signal from EXCLUSIVE-OR circuit 246 or 250 to the input of either OR circuit 270 or 272 depending on the binary value in the C_{4} ' bit position of register 200. For example, when the value of the C_{4} ' bit is a binary 1, AND circuits 258 and 264 will have one input at a binary 1 value. The inverter 268 will force one input to AND circuit 260 and 262 to a binary 0 value. The other input to AND circuits 258 and 264 is determined entirely by the output of EXCLUSIVE-OR 246 and 250. For example, one input to the AND circuit 258 is connected to the output of the EXCLUSIVE-OR circuit 246 which forms the transformed number bit T_{1} output. When the other input to AND circuit 258 is a 1, i.e., when card bit C4 is a 1, the output of this AND circuit 258, which is connected to one input of OR circuit 272, will have a binary signal thereon identical to the binary output bit T_{1} generated by EXCLUSIVE-OR circuit 246. At the same time, the AND circuit 264, whose output is connected to an input of OR circuit 270, will have a signal appearing at its output which is identical to the output of the EXCLUSIVE-OR circuit 250 constituting the transformed number bit T_{3}. Consequently, when the steering signal on the input wire 266 is a binary 1, the output of the EXCLUSIVE-OR 246 (T_{1}) is steered by the AND circuit 258 to an input of OR circuit 272, while the output of EXCLUSIVE-OR circuit 250 (T_{3}) is steered via the AND circuit 264 to an input of the OR circuit 270. Because the inverter circuit 268 forces one input to the AND circuits 260 and 262 to a 0 when bit C_{4} ' is a 1, the AND circuits 260 and 262 which are connected to inputs of the OR circuits 270 and 272, respectively, are ineffective to alter the output of the OR circuits 270 and 272. In fact, the output of the OR circuits 270 and 272 will have the same binary value as transformed number bits T_{3} and T_{1}, respectively, when the C_{4} ' bit is a 1.

When the steering signal on the input wire 266 contains a binary 0, i.e., when bit C_{4} ' is a 0, this signal will be inverted by the inverter circuit 268 to activate the connected AND circuits 260 and 262. In this situation, the output of the EXCLUSIVE-OR circuit 246 (T_{1}) is steered via AND circuit 260 to the input of the OR circuit 270, while the output of the EXCLUSIVE-OR circuit 250 (T_{3}) is steered via the AND circuit 262 to the input of the OR circuit 272. At the same time, AND circuits 258 and 264 are deactivated because the steering signal on wire 266 is a 0. Under these circumstances, the output of OR circuits 270 and 272 will be the same as the T_{1} and T_{3} bit outputs, respectively.

It should be noted that the output of each EXCLUSIVE-OR circuit in each selector circuit 230, 232, 234 comprises one bit of a transformed number and each such output is connected to a number transformer output line. Within each selector circuit, however, these signals are also directed by the steering circuitry to additional selector circuit outputs which form feedback input to other EXCLUSIVE-OR elements in the number transforming network. As a consequence of the bit steering in the selector circuits, the exact algorithm for any given number transforming output line other than output lines 206, 208, 211 and 213 (T_{5}, T_{7}, T_{10}, T_{12}) is determined by bit steering controlled by the binary value of certain selected card number bit positions (C_{5} ', C_{7} ', C_{10} ', C_{12} '). Additionally, the remaining outputs from the number transforming network comprise a signal which is generated by transforming a card number data bit with one of the other transformed number bits. The number transforming network shown in FIG. 3 is therefore operative to produce a first group of transformed number bits which comprise signals on the output lines 206, 208, 211 and 213 (T_{5}, T_{7}, T_{10}, T_{12}) which are formed by interacting selected card number bit positions with the bits of a fixed machine-generated number, while the remainder or second group of the number transforming network output signals are formed by interacting card number bit positions with transformed number bit positions. The exact transformed number bit position which is interacted with a given card number bit position is dependent on the steering gates which are themselves controlled by certain selected bit positions in the card number register 200.

As indicated, the second group of transformed number bits T_{1} -T_{4}, T_{6}, T_{8}, T_{9} and T_{11} may be formed in several sub-groups. A first sub-group is formed by interacting card number bits with transformed number bits in the first group of transformed number bits T_{5}, T_{7}, T_{10}, T_{12}. One example of such a transformation is the transformed number bit on output line 204 (T_{3}) which is formed by interacting the card data bit C3 with the transformed number bit in group one on output line 213 (T_{12}). The signal on output line 204 comprises a bit T_{3} in one sub-group of the second group of transformed number bits. This signal on output line 204 is gated by the steering gates to interact with either the card number bit C2 or bit C4 depending on the binary value of C4. In either case, the outputs on lines 203 or 205 each comprise a transformed number bit T_{2} or T_{4} in a further sub-group of the second group of transformed number bits. Each further sub-group bit is formed by interacting a card number bit with a transformed number bit in another sub-group of the second group of transformed number bits.

From the foregoing description of preferred embodiments of this invention, it is clear that the object set forth at the outset has been achieved by these various embodiments. Specifically, in each embodiment described, a transformed number is generated in a manner in which each transformed bit position is formed in part by the interaction of at least one card number bit with one fixed machine-generated bit, the latter bit being entirely independent of the card number. Furthermore, in the case of the second embodiment described in FIG. 3, the algorithm or transform function itself is changeable as a function of the card number itself, a feature which adds further to the difficulty in determining the transformed number from the card number. In either embodiment, however, the transformed number is not completely determinable from the card number itself.

While the foregoing description has been made with particular emphasis upon preferred embodiments thereof, it will be recognized by those of skill in the art that certain modifications can be made without departing from the spirit and scope of this invention. For example, in certain instances, emphasis has been placed upon the specific wiring between various circuit elements. It will be clear to those of skill in the art that the specific inter-element wiring can be modified in order to alter the relationship between the card number and the memorized number. This alteration may be accomplished by using plugboard devices already known in the prior art. In addition, it will be clear to those of skill in the art that the principles of this invention need not be limited to systems with card numbers having four octal-coded digits, or twelve bit positions, and also need not be limited to requiring the user to memorize a four octal digit number for use with this assigned card. These and other modifications can be readily made without departing from the spirit and scope of this invention as defined by the claims.

For instance, security and numerous other reasons, manufacturers and others have found it desirable, if not necessary, to limit entrance into their facilities to authorized personnel. The dangers of unauthorized entry into such facilities are quite numerous. For example, a manufacturer may be involved in producing products of military importance. The military secrets involved in such manufacture must be maintained in confidence and positive measures must be taken to prevent disclosure of these secrets to unauthorized persons. Besides secrecy, access to certain manufacturing areas often must be limited for safety reasons because large and dangerous machinery located within a restricted area may injure persons unfamiliar with such machinery. In other manufacturing operations, a manufacturer may be producing a product by a secret process, the secrecy of which he desires to maintain. By preventing unauthorized entry into such manufacturing areas, disclosure of the secret process is made unlikely.

In order to assure that only authorized persons enter restricted areas, many approaches have been tried. One common technique used by manufacturers has been to employ a security guard to check identification cards of personnel entering the restricted area. The success of such an approach, however, depends upon the conscientiousness of the guard himself. During periods when large numbers of employees are entering or leaving a restricted area, for example, when a work shift changes, the guard may become somewhat lax and fail to recognize that an unauthorized person has entered the restricted area.

To overcome the possibility that a security guard might fail to notice an unauthorized person entering a restricted area, numerous mechanical devices have been devised in an attempt to remove the possibility of human error. These mechanical devices frequently employ a card, a coded badge, or other identification device for identifying authorized personnel. When the apparatus determines that the card, badge, or other device is of an acceptable form, the apparatus automatically opens a door or, in some other manner, permits access to a restricted area. This approach, however, does not prevent access to a restricted area by a person who has obtained the card or badge of another by some unauthorized means. In fact, neither the security guard nor the mechanical systems of the type described is capable of detecting an individual attempting to enter a restricted area with an identification means obtained by unauthorized methods.

In an effort to prevent unauthorized persons from entering restricted areas with illictly obtained identification means, additional identification checks have been provided in various automated access control systems. These checks generally include a test on a memorized number which is entered via a keyboard by the person seeking admittance to the restricted area and a test on an identification card entered into a card reader. In some systems, the card number and the memorized number are compared and if identical to each other, the access control apparatus will permit the individual to enter the restricted area. This approach, like previous approaches, is not completely foolproof because an unauthorized person can learn the memorized number directly from the card itself. Consequently, access by unauthorized persons to a restricted area is not completely avoided by this approach.

In an attempt to prevent unauthorized persons from learning the secret number from the card itself, various other methods have been tried which include scrambling the data on the card. In such systems, the apparatus that reads the card number also unscrambles the card number according to a fixed unscrambling method to generate a secret number for comparison with a memorized number entered by the card holder. A favorable comparison of the memorized with the unscrambled number is operative to permit access to a restricted area. Other systems have generated secret numbers from card numbers by first coding card data in the form of many data words, each word containing as many digits as there are digits in a memorized number known by the authorized card holder. Each digit of the system-generated secret number is formed by adding like digit positions of each word coded on the card, ignoring carries to form a sum digit. All of the sum digits, when combined, comprise the generated secret number which is then compared with the entered memorized number. As with other systems, a favorable comparison between the memorized and generated secret numbers will permit access to the restricted area.

The foregoing approaches have not been successful in preventing unauthorized access to restricted areas. The primary reason for this fact is that the methods for generating the secret number from the card is relatively simple to determine once a card is obtained and the memorized number assigned therewith is known. These identified prior art methods for generating a secret number usually produce secret numbers where a single digit change in the card number will only cause a single digit change in the associated generated secret number. This makes the secret number generating method relatively easy to determine. In addition, these prior art methods are entirely dependent on the data on the card itself to generate the secret number. This means that a person intent on compromising the system need only obtain relatively few card numbers and their associated memorized numbers to accomplish this objective.

With the foregoing in mind, it is a primary object of this invention to provide an access control system, which is difficult to defeat, of the type which requires entry of a specified number from memory before the holder of a card bearing a different number is permitted entry.

This object has been achieved by incorporating in the access control apparatus a number transformation circuit which operates on the card number prior to its comparison with the memorized number in a manner which is extremely difficult to determine from knowledge of a limited number of card numbers and their associated memorized numbers. More particularly, the invention contemplates transforming the multi-bit card number in two distinct steps wyich are then combined to form a composite transformation of the card number for comparison with a manually entered memorized number. In accordance with the first step of the card number transformation, certain bits of the card number are interacted with fixed data to form a first multi-bit component of the transformed number. The bits of this first transformed number component are also interacted with the remaining bits of the card number, to form a second multi-bit component of the transformed number. The two transformed number components are thereafter combined and the combination compared with the memorized number manually entered by the card holder. If the comparison is favorable, the holder is permitted entry.

In one preferred form of the invention the interaction scheme, or algorithm, utilized in generating the second transformed number component is invariant from card to card. However, in another embodiment of the invention, the interaction algorithm for the second transformed number component is a function of the card number itself and hence varies from card to card. With either embodiment, a highly defeat-resistant access control system is provided. An important advantage of this invention, and one significantly contributing to its defeat-resistance, is that in most instances alteration of even a single bit of the card number produces a change in a multiplicity of the bits of the transformed number and in turn the memorized number to which it must compare if access is to be permitted. Thus, even though two card numbers may differ by only a single bit, their corresponding memorized numbers will differ markedly, increasing the difficulty of defeat.

The foregoing and other objects, features and advantages of this invention will become more clear from the following detailed description of a preferred embodiment of the invention taken in connection with the drawings wherein:

FIG. 1 is a system diagram showing the functional units in the access control apparatus;

FIG. 2 is a detailed circuit diagram for a preferred transferred transformation number generator including two data transformers; and

FIG. 3 is another preferred secret number generator where the generated number is formed by a data transformer which has a changeable data transformation function which depends on the card number itself.

Generally, the access control system of the present invention includes a card 10 given to each authorized person. The card 10 has a multi-bit number coded thereon in machine-readable form along a strip 12. The card number may be an employee number, a social security number or some other number usually uniquely assigned to the individual. When the card is issued, the individual is given a multi-digit memorized number for use with the card in the access control system. When seeking entrance to a restricted area, the card holder places his card 10 into a card reader 14. At the same time, he enters his memorized number on a keyboard 16. The card number is transformed by a transform algorithm in accordance with the method of this invention into a transformed number which is indeterminate from the card number alone. The transformed number is compared with the memorized number in a compare circuit 20, a favorable comparison producing a signal to open a door or otherwise permit access to a restricted area.

Referring now to FIG. 1 in greater detail, a schematic diagram of the access control system of the present invention is shown. A card 10 with a data-carrying portion 12 is provided each authorized user. The card 10 is made of any suitable material including plastic, cardboard, rigid paper, metal or other suitable material and is preferably of the size and shape of a conventional credit card. The data-carrying portion 12 may be in the form of embossing, holes punched through the card, magnetically encodable material on the card itself or any other suitable machine readable means for carrying a multi-bit card number. In a preferred embodiment, the multi-bit card number comprises 12 binary bits C1, C2, . . . C12. A card reader 14 is provided to read the multi-bit card number C1, C2, . . . C12 from the card 10. The card reader 14 is itself well known and is adapted for reading the particular form of data coded on the cards accepted by the system.

When a card 10 is inserted into the card reader 14 through an entry slot 22, the card reader will read the multi-bit card number C1, C2, . . . C12 from the data carrying portion 12 and convert it into binary signals for transmission to a register 26 over line 24. In the preferred embodiment, the multi-bit card number C1, C2, . . . C12 is stored in twelve storage sections or stages C1', C2', . . . C12' of register 26, with one card number bit stored in each stage. It will be recognized by those skilled in the art that the multi-bit card number C1, C2, . . . C12 and the register 26 can take other forms. For example, the card number might be a multi-digit number in binary-coded-decimal form or other forms or may comprise a multi-bit number with either more or less than 12 bits.

After the multi-bit card number C1, C2, . . . C12 has ben read from the card 10 into the register 26, the stored card number bits C1, C2, . . . C12 are available for transformation according to the number transformation method and apparatus of this invention. The number transformation method includes selecting n bits S

The first component of the transformed number T

As described earlier, the individual seeking access to a restricted area will place a card into a card reader. At the same time he will enter a memorized number on the system keyboard 16. The memorized number, in the preferred embodiment, comprises a four digit octal number M

The compare circuit 20 itself comprises, in a preferred embodiment, a plurality of circuits for comparing each bit of the transformed number T

Referring now to FIG. 2, an actual circuit is shown for an access control system which transforms card number bits C1, C2, ... C12 according to the method of this invention into transformed number bits T

A second register 62 is provided to store the memorized number bits M(0)

the fixed number generator 32 may comprise a four bit register 64 with four bit positions labeled F

The first data transformation means 30 comprises four EXCLUSIVE-OR circuits 70, 71, 72 and 73. Each of these EXCLUSIVE-OR circuits has two inputs, one input having a signal thereon representing the binary value of a fixed number bit F

As described in connection with FIG. 1, the first data transforming means 30 has an output which forms a first part of the transformed number T

As earlier mentioned, the first portion T

The second number transformation means 40 includes a first set of EXCLUSIVE-OR circuits 104, 105, 106 and 107 each having two inputs and one output. One input of each EXCLUSIVE-OR circuit 104-107 is wired by the wires 100, 101, 102, and 103 to the output of the first number transformer 30, these wires having signals thereon representing transformer number bits T

The remainder of the second part of the transformed number T

Summarizing, the first part T

The compare circuit 20 has been described in part earlier, and comprises a plurality of EXCLUSIVE-OR circuits 114-125 for comparing bits T

While the foregoing discussion of FIG. 2 has been made with particular emphasis on the specific wiring shown, it will be clear to those of skill in the art that the connecting wires between the various circuits may be changed so that the logical transfer function, or algorithm, defining any given transformed number bit can be different than described. Consequently, the data transformation of the first and second data transformers can be quickly modified by simply changing the wiring. This is highly advantageous for security reasons because it may become necessary to alter the number transformation algorithm at a given installation because some unauthorized person has obtained a card and learned the memorized number associated therewith. Of course, the same result can be achieved by changing the fixed number generator.

While the above description has disclosed a comparison circuit which comprises an exact comparing network, other forms of comparing circuits are equally usable. Such other possible compare circuits might determine whether there is a predetermined relationship between the transformed number and the keyboard-entered memorized number. For example, the transformed number and the keyboard-entered memorized number could be added together to form a sum for comparison with a constant number. If the sum equals the constant number, a predetermined relationship exists between the memorized number and the card number and a favorable compare signal would be produced to permit access to the restricted area.

Referring now to FIG. 3, another number transformation network is shown for transforming card number bits C1, C2, ... C12 into a transformed number bit T

The card number read from a card, in the preferred embodiment of FIG. 3, comprises a twelve bit number C1, C2, ... C12 stored in a register 200 which includes twelve individual bit storage positions labeled C

A second set of inputs to the transforming network 201 comprises settable, but fixed, data from a fixed data generating means (not shown) which produces bit signals F

Referring in greater detail to the circuit shown in FIG. 3, the fixed, machine-generated number F

The remainder of the transformed number bits T

Each selector circuit 230, 232 and 234 comprises three EXCLUSIVE-OR elements each having an output connected to one of the number transforming network output wires and additionally two such EXCLUSIVE-OR outputs form inputs to a set of four AND circuits which steer the transformed bits through a feedback network which is controlled by the binary value of bits stored in selected bit positions of the card number register 200. The AND circuit output for each selector circuit 230, 232, 234 is wired to an OR element whose output is connected to either a selector circuit input line or one of the EXCLUSIVE-OR circuits 236 or 238.

Since each selector circit 230, 232 or 234 has identical internal wiring, only selector circuit 230 will be described in detail. Three card number bit input wires 240, 242 and 244 are provided and are connected directly to three of the card number bit storage positions in register 200, namely, card bit storage position C

The second input to each AND circuit 258, 260, 262 and 264 comprises a steering signal which is generated from one card number bit position. For selector circuit 230, the steering signal is carried by a wire 266 which is connected directly to the card number register 200 bit position C

In operation, the steering signal on the wire 266 is operative to gate the output signal from EXCLUSIVE-OR circuit 246 or 250 to the input of either OR circuit 270 or 272 depending on the binary value in the C

When the steering signal on the input wire 266 contains a binary 0, i.e., when bit C

It should be noted that the output of each EXCLUSIVE-OR circuit in each selector circuit 230, 232, 234 comprises one bit of a transformed number and each such output is connected to a number transformer output line. Within each selector circuit, however, these signals are also directed by the steering circuitry to additional selector circuit outputs which form feedback input to other EXCLUSIVE-OR elements in the number transforming network. As a consequence of the bit steering in the selector circuits, the exact algorithm for any given number transforming output line other than output lines 206, 208, 211 and 213 (T

As indicated, the second group of transformed number bits T

From the foregoing description of preferred embodiments of this invention, it is clear that the object set forth at the outset has been achieved by these various embodiments. Specifically, in each embodiment described, a transformed number is generated in a manner in which each transformed bit position is formed in part by the interaction of at least one card number bit with one fixed machine-generated bit, the latter bit being entirely independent of the card number. Furthermore, in the case of the second embodiment described in FIG. 3, the algorithm or transform function itself is changeable as a function of the card number itself, a feature which adds further to the difficulty in determining the transformed number from the card number. In either embodiment, however, the transformed number is not completely determinable from the card number itself.

While the foregoing description has been made with particular emphasis upon preferred embodiments thereof, it will be recognized by those of skill in the art that certain modifications can be made without departing from the spirit and scope of this invention. For example, in certain instances, emphasis has been placed upon the specific wiring between various circuit elements. It will be clear to those of skill in the art that the specific inter-element wiring can be modified in order to alter the relationship between the card number and the memorized number. This alteration may be accomplished by using plugboard devices already known in the prior art. In addition, it will be clear to those of skill in the art that the principles of this invention need not be limited to systems with card numbers having four octal-coded digits, or twelve bit positions, and also need not be limited to requiring the user to memorize a four octal digit number for use with this assigned card. These and other modifications can be readily made without departing from the spirit and scope of this invention as defined by the claims.