IMPROVED CARD READER FOR SECURITY SYSTEM

Description

Background of the Invention

[0001] This application relates to the field of door access security systems and, particularly, to the field of card readers for door access security systems.

[0002] Door access security systems, utilizing magnetic card readers at doors to be controlled, are known in the prior art. Such systems include central controllers coupled to a plurality of readers, each of which is located at a specific door to be controlled. Authorized persons wishing to gain access through a door, insert magnetic cards into slots in the reader. Magnetic codings on the cards are then read and data is sent to the controller which authorizes or refuses entry and tells the reader either to keep the door locked or unlock the door.

[0003] A problem arises when communication between a remote card reader and the central controller is lost. If all access is denied during such times, people's lives may be endangered. If open access to anyone is granted, security may be breached with no record of who was granted access during the down or degraded mode period.

[0004] Although directed to a different technology, there is disclosed in US-A-4114027 a banking system which comprises at least one remote transaction and cash dispensing unit interconnected with a central unit via a communication network. Each remote unit is operable following a single customer card insertion, in either a first mode or a second mode, to process one or more transactions, including cash withdrawal, fund transfer and payment and deposit transactions. The central unit determines the mode of operation of each remote unit. In the first mode, the central unit communicates data to a remote unit following a request from the remote unit. The central unit may transmit information for updating the customer's card. In the second mode, the remote unit does not communicate with the central unit, but itself both determines which transactions a customer may perform and processes customer-selected transactions in accordance with information included on the customer's card.

[0005] Although the banking system disclosed in US-A-4 114 027 has various advantages, it is not directed to cards wherein data such as I.D. data or system code data are permanently stored.

Summary of the Disclosure

[0006] According to a first aspect of the present invention, there is disclosed a security system for controlling access to an area, comprising at least one card reader for reading card data substantially permanently stored on a card introduced therein, and further comprising a central controller including first means for storing authorization data defining which person has authorized access to the area, and means for communicating between the central controller and the card reader. The card reader functions in a first mode or normal mode when communication between the card reader and the central controller is possible and at least in a second mode or degraded mode when the communication is impossible or difficult. The present invention is characterized in that the card reader further comprises means for detecting a poll signal periodically sent by the central controller, the absence of the poll signal from the central controller for a predetermined time causing the card reader to leave the normal mode and to enter the degraded mode until the next poll signal from the central controller is detected by the detecting means. The card reader also comprises means for downloading and storing the authorization data from the central controller during the first mode, means for comparing the card data with the authorization data in view of granting access to the area when the card data match the authorization data and second means for storing at least information resulting from the match.

[0007] According to a second aspect of the present invention, there is disclosed method of operating a security system comprised of a central controller and at least a card reader, the security system functioning in a first mode or normal mode when communication between the central controller and the card reader is possible and the security system functioning in a second mode or degraded mode when the communication is impossible or difficult. The method of the present invention comprises the step of reading a card by means of the card reader to derive, from the card, data substantially permanently stored on the card. The method of the present invention is characterized by the steps of sensing whether communication between the central controller and the card reader is possible by detecting a poll signal periodically sent by the central controller, the absence of the signal from the central controller for a predetermined time causing the card reader to leave the normal mode and to enter the degraded mode until further detection of a next poll signal from the central controller. When the security system functions in the first mode, the method of the present invention is characterized by the steps of sending the card data to the central controller, downloading authorization data stored in the central controller from the central controller into the card reader, storing the authorization data in the card reader, determining in the central controller if access is to be granted or denied based upon the comparison of the card data with the authorization data and sending a message from the central controller to the card reader indicating whether access is to be granted or denied. When the security system operates in the second mode, the method of the present invention is characterized by the steps of comparing some of the card data with the authorization data previously stored in the card reader in the first mode and granting or denying access based upon the comparison and storing in the card reader information resulting from the comparison.

Brief Description of the Drawings

[0008] 

Figure 1 is a block diagram of a security system in which the improved reader of the invention could be used;

Figure 2 is a block diagram of the improved reader;

Figure 3 is a logic diagram of the optical isolator board;

Figures 4A and B are a logic diagram of the switch and relay board;

Figures 5A and B are a circuit diagram of the RAM buffer board and power fail detect circuit;

Figures 6A, 6B and 6C are circuit diagrams of the CPU reader board;

Figures 7A and 7B are a logic diagram of the circuitry of the transaction buffer and the degraded mode buffer;

Figure 8 is a flow diagram for the reader software showing the steps taken to transmit data in the transaction buffer to the controller;

Figure 9 is a diagram of the memory tables in the controller which are used in performing downloading of degraded mode I.D. data to the card readers;

Figure 10 is a flow diagram for the controller software which details the steps taken by the controller in downloading information to readers;

Figures 11A and 11B are a flow diagram of the reader software showing the steps taken to authorize or deny access and store transaction data for transactions occurring during degraded and super degraded mode times when communication with the central controller is not possible.

Figure 12 is a flow diagram of the steps taken by the super degrade mode readers in downloading I.D. data on command from the central controller.

Detailed Description of the Preferred Embodiment

[0009] Referring to Figure 1 there is disclosed a system diagram of a typical magnetic card reading security system. A central controller 20 is coupled to a plurality of card readers of which readers 22 and 24 are typical. The controller 20 is coupled to each reader by an enable pair and a data pair by which the controller can communicate with any card reader in the system.

[0010] For example, the controller 20 communicates with the reader 22 by an enable pair 26 and a data pair 28. The controller 20 polls the reader 22 for messages and sends commands to it by the enable pair 26. Data is sent to the controller 20 from the reader 22 via the data pair 28. Serial format is used on both lines.

[0011] The reader 22 is typically located at a door that needs to be access-controlled while the controller 20 can be located at some distance from the door. The structural details of the controller 20 are well known in the art, and it can be purchased under the model designation MAC 530/40 from Rusco Electronic Systems in Glendale, California. The object code software for the controller is also well known and can be purchased from the same source.

[0012] In operation, the reader 22 receives a magnetic card in a card slot 32. The details of a typical magnetic card structure will be found in U.S. Patents 3,717,749 or 3,811,977. Other structures could also be used; the details of the structure of the magnetic card are not critical to the invention. Any structure capable of holding data encoded in a card and converting it to electrical signals capable of being transmitted over a line will be satisfactory.

[0013] When the card is read during normal operation, the data on the card is stored in a temporary RAM location until a polling signal from the controller 20 arrives on the enable lines 26. Upon receipt of the polling signal on the line 26, the data from the card is transferred on the data lines 28 to the controller 20. The controller 20 processes the data and sends back a "Go" or "No Go" command which causes the reader 22 to take the appropriate action. If the command is "Go", the reader 22 unlocks the door latch via the lines 34 and lights a green LED. If the command is "No Go", the reader 22 lights a red LED and, optionally, energizes a No Go relay.

[0014] In some optional embodiments, the cardholder is also required to enter a password comprised of a plurality of digits entered via a keyboard on the face of the reader 22. If the password and the card data are all correct, access will be granted.

[0015] Operation during times when communication between the readers and the central controller 20 is not possible, will be referred to herein as degraded mode operation. During degraded mode operation, those readers which are active read the data from cards and make the decision to authorize or deny access locally based upon a comparison of the data read from the card to the data stored in a degraded mode buffer located inside each reader. There is no need for communication with the central controller:

[0016] The data stored in each degraded mode buffer consists of the I.D. numbers of each employee who is authorized to enter the particular area controlled by the reader during degraded mode times. The specific information for each reader may be different and is loaded in each reader by the central controller 20 periodically or upon a request basis during times when communication between the readers and the central controller is normal.

[0017] The reader 22 can optionally also incorporate circuitry to monitor a plurality of alarm contacts connected to the lines 30. When one of the contacts changes state, the reader 22 senses the change and signals the controller 20 on the next poll. The controller 20 can then print out a preprogrammed message on a printer 36. More importantly, the controller 20 can automatically send back a command to cause a switch closure by energizing a relay in the reader 22 or in any other reader in the system. This automatic response can also be any other command that the reader receives normally from the controller. The relay can be connected to an emergency device via the lines 38. The emergency device can be any device such as an automatic phone dialer, a sprinkler system, an alarm or whatever other device that is desired.

[0018] The reader 24 is a different type of improved reader which can be used to keep time records for the attendance of hourly employees' on their jobs. The reader 24 has a display 40, a card slot 42, and "in" and "out" buttons, 44 and 46. In operation, an employee would place his card in the card slot 42 and press either the "in" button 44 or the "out" button 46. The data on his card plus the time of day displayed in the display 40 would then be stored in a buffer in the reader 24. Based upon the system code data on the card, the reader 24 would authorize or deny entry to the employee. If entry is authorized by the reader 24 and a green LED will be lit, the door will be unlocked via the lines 48. If entry is denied, the reader 24 will so indicate by lighting a red LED on the face plate. All authorization or denial decisions are made locally by the reader 24 based upon the system code alone on the card, and the data regarding each transaction, such as the I.D. number and the time of day, is stored in the local buffer in the reader 24. Optionally the reader 24 can include a degraded mode buffer which can store the I.D. numbers of those who are authorized to pass during degraded mode time, and will grant or deny access based upon data in this degraded mode buffer during degraded mode times. The data for the transaction, i.e., the I.D. number and the time of day of the transaction is stored in a transaction buffer.

[0019] The controller 20 is coupled to the reader 24 by an enable pair 50 and a data pair 52. The controller 20 polls the reader 24 by sending a poll signal on the line 50. Upon receipt of the poll signal, the reader 24 transfers the data for one transaction out of the transaction buffer to the controller 20 via the data lines 52. The controller then can process the data in any fashion including printing it out on the printer 36. The details of the controller 20 are exemplified by U.S. Patents 4,216,375 and 4,218,690. The operation of the controller in loading the degraded mode buffers of the readers with the I.D. data for persons authorized to pass during degraded mode times will be explained in more detail below.

[0020] The reader 24 can also include means to offset the time displayed in the display 40 from the time kept by the controller 20 in the case that the controller is in a different time zone from the reader. Normally the controller 20 keeps the master time for the system and the reader 24 keeps its own time. Every 15 minutes, the reader 24 inquires the time of the controller 20 and synchronizes the reader's local time with the master time kept by the controller. When the reader 24 is in a different time zone from the controller 20, a group of offset switches in the reader 24 are set to indicate the number of minutes of offset between the local reader time and the controller time.

[0021] Referring to Figure 2, there is shown a block diagram of a card reader for use in a security system such as is shown in Figure 1. Although in reality two different types of readers exist, the core circuits of each type of reader are the same with one type of reader having certain additional optional circuits which the other does not have. Figure 2 represents a combined functional block diagram of a reader with the common core circuits and with all the optional circuit elements of both types of readers also present.

[0022] The card reader of Figure 2 communicates with the controller 20 of Figure 1 through an isolation board 54. The isolation board 54 serves to isolate the data on the enable pair 26 and data pair 28 from the logic circuitry of the rest of the card reader. The isolation board 54 passes the signals from the enable line 26 through to the RX data lines 56 and passes the data from the TX data lines 58 through to the data lines 28.

[0023] The RX data lines 56 are coupled to a multiplexer 60 in a switch and relay board 62. The purpose of the multiplexer 60 is to select various data channels for connection to a data line D7, 63, of a bus 64. The bus 64 is coupled between the switch and relay board 62 and the data, address and control terminals of a microprocessor CPU 66 on a reader CPU board 67. Address lines AO-A2 from the bus 64 are also coupled to the multiplexer 60. Through these address lines, the CPU 66 causes the multiplexer 60 to select one of the data channels connected to it for connection to its data output coupled to the line D7. The microprocessor 66 can then read the data on the selected data channel through the D7 line 63. In Figure 2 the only data channels which are shown are the Rx data line 56 through which commands and polling signals are received and the coil detect line 57 which carries data read from the card. Other data channels are used for other features of the reader not relevant to the present discussion.

[0024] Data to be transmitted from the card reader to the central controller 20 are input from the D0 line 68 of the data bus 64 to a driver 70. The driver 70 is also coupled to the AO-A2 address lines of the data bus 64 which supply an address from the microprocessor 66. The driver 70 has several addressable outputs, one of which is the TX data lines 58. The address supplied to the driver 70 causes it to apply the signal on the D0 line 68 to the selected output. To transmit data, the microprocessor 66 places the data to be sent on the D0 bus line and writes the proper address on the address lines AO-A2 of the bus 64. The serial data on the D0 line is then applied to the TX data lines 58.

[0025] The central controller 20 receives the data on the data line 28 and acts upon the data message in some fashion depending upon what the message is and may or may not send a command back to the card reader via the enable line 26.

[0026] A go relay 71 is coupled to a door latch device by the lines 34. The lines 34 can be coupled to relay contacts or other switching devices to provide an interruptible current flow path to control whether the door latch is in a locked or unlocked state. The go relay is also coupled to the driver 70 by a switching line 72. The switching line controls the state of the go relay and thereby controls the state of the door latch device. The switching line is addressable by the microprocessor 66 through the driver 70 such that the microprocessor 66 controls the state of the go relay 70.

[0027] The microprocessor 66 is also coupled to a card reader coil circuit 74 by the bus 64. The card reader coils 74 consist, in the preferred embodiment, of a plurality of coils coupled to the address and data line of the bus 64 and physically arranged so as to individually magnetically interact with a plurality of magnetized spots on a card inserted in the card slots 42 or 32. The microprocessor 66 can individually address and read each coil in the card reader coil circuit 74 to determine the data in the magnetic spots on the card. The details of the card reading coil circuit are known to those skilled in the art and are not critical to the invention.

[0028] The microprocessor 66 is also coupled to an optional display 40 by the bus 64. In readers which are being used for time and attendance functions, i.e., as time clocks, it is desirable that the time of day be displayed externally for the benefit of workers who are lined up and waiting to put their cards into the reader 24 to start or end their work shifts. The display 40 can be any conventional display, and the details of its construction are not critical to the invention.

[0029] The microprocessor 66 is also coupled to a random access memory (RAM) board 78. The RAM board 78 contains a RAM buffer memory 80, a battery backup system comprised of a battery 82 and a power fail detect circuit 84. The power fail detect circuit 84 monitors the 12 volt unregulated D.C. voltage derived from the A.C. power line and connects the battery 82 to the power terminals of the RAM buffer 80 when the A.C. line power fails so as to preserve the data stored in the RAM 80. The RAM 80 is selected by the microprocessor 66 through connection of a decoder 86 to the address and control lines of the bus 64. The microprocessor 66 enables the RAM 80 by generating the proper address to select the RAM 80 and placing it on the bus 64 thereby enabling the RAM 80 through the decoder 86. The data to be written into the RAM 80 is then placed on the data lines of the bus 64.

[0030] A transaction buffer 88 is also coupled to the microprocessor 66 through the bus 64. The purpose of the transaction buffer 88 is to store transaction data from the magnetic I.D. data on the cards and the local time of each transaction during times when communication with the central controller 20 are lost for persons who were granted or denied access during the degraded mode of operation.

[0031] The microprocessor 66 is also coupled to a degraded mode buffer 89 via the bus 64. The degraded mode buffer 89 stores the I.D. data for all persons authorized access during degraded mode operation when no communication with the central controller is possible. The controller 20 can load this data into the degraded mode buffer 89 in any known fashion.

[0032] A CCM/COM board 90 is also coupled to the microprocessor 66 by the bus 64. The purpose of the CCM/COM board 90 is, optionally, to monitor the condition of an alarm device or devices external to the card reader and to generate data indicating the condition of the alarm devices for transmission to the central controller. The CCM/ COM board 90 also can receive data from the central controller which causes a switch closure on the CCM/COM board. This switch is coupled to an emergency device by the lines 38. The alarm contacts are coupled to the CCM/COM board 90 by the lines 30.

[0033] When the card reader is optionally being used for a time and attendance function, the In and Out switches 44 and 46 are used to tell the card reader whether the cardholder wishes to enter or leave an area. The In and Out buttons 44 and 46 are coupled to the MUX 60 in the switch and relay board 62 by the line 92.

[0034] Red and green indicator LEDs, represented by block 97 are each coupled to the MUX 60 by the bus 96. The LEDs are used by the microprocessor 66 to signal whether authorization has been granted or denied.

[0035] The microprocessor 66 is coupled to a feature memory 98 and to a program memory 100 by the bus 64. The program memory 100 stores the instructions for the microprocessor 66 and the feature memory 98 stores data indicating which software options are in effect for the microprocessor 66.

[0036] Referring to Figure 3, there is shown a circuit diagram for the isolation board 54 in Figure 2. The data lines 28 are coupled to the collector and emitter of a transistor 106 in the optical isolator 102. The light emitting diode 108 of the optical isolator 102 is coupled across the TTX data lines 58. When the current is flowing in the TX data lines 58, the LED 108 is energized and emits light causing the transistor 106 to assume one of its two switching states. The opposite state is assumed when the LED 108 is de-energized.

[0037] The enable lines 26 are coupled through a noise suppression circuit 110 to the LED 112 of an optical isolator 116. The transistor 114 of the optical isolator has its collector and emitter coupled to the RX data lines 56. In the preferred embodiment, the optical isolator 116 is a Mon- santo MCT2. The optical isolator 102 is a Mon- santo 4N33.

[0038] The details of the circuit of the switch and relay board 62 are given in Figures 4 A and B which are a logic diagram of that board. The RX data line 56 is coupled to the data input D1 of the multiplexer 60A. A resistor 59 couples a +5 volt supply to the line 56 to positively clamp it at a logic 1 level except where the transistor 114 on the isolation board clamps the line 56 to ground potential. The other data inputs of the multiplexer 60A are coupled to other data channels. For example the card reader coil circuit 74 is coupled to the D0 input of the multiplexer 60A by a line 57. The coil detect signal line 57 carries the data from each coil in the card reader coil circuit 74 as it is addressed by the microprocessor 66. The out switch 46 and the in switch 44 are coupled to the D2 and D3 inputs respectively by the lines 118 and 120.

[0039] The address inputs 122 of the multiplexer 60A are coupled to the A0-2 address lines of the bus 64. The output 63 of the multiplexer 60A is coupled to the D7 data line of the bus 64. The microprocessor 66 controls which of the data inputs are coupled to the data output 63 by the address it supplies on the address lines 122. The chip select input 126 is coupled to the address lines in the bus 64 of the microprocessor 66 through a decoder on the reader CPU board to be discussed more fully below. The microprocessor 66 can enable the multiplexer 60A by writing the proper address on the address lines driving the decoder coupled to the line 126 (not shown).

[0040] A multiplexer 60B has its data output coupled to the D7 data line 63. The data inputs of the multiplexer 60B are coupled to various data channels. The XO data input is coupled by the line 128 to a "tamper" switch (not shown). The tamper switch is physically situated so as to change states when the faceplace of the card reader is removed causing an alarm message to be transmitted to the controller 20. The X1 data input is coupled to a "card in" switch (not shown). The "card in" switch is situated so as to change states when a card is inserted in the card slot. By periodically checking the condition of these two switches, the microprocessor 66 can tell whether tampering is occurring or whether there is a card to be read in the card slot.

[0041] There are three groups of eight switches on the switch and relay board 62. A time offset group of switches 136 is comprised of 8 switches 136A-H which are used to set a binary number representing the number of minutes of time offset at the local card reader. In those cases where the local card reader is in a different time zone than the central controller 20, the switches 136 are set for the number of minutes by which the local time at the card reader differs from the time at the central controller.

[0042] A second group of switches 138 has several purposes. The switches 138A-D are used to set the amount of time that the unlock signal on the lines 34 to the door latch device causes the door latch to remain unlocked. The swithes 138A-D also determine the time of energization of a No Go relay 166 and the time the red and green LEDs (not shown) in the block 97 in Figure 2 are energized during certain times in the operation. The switch 138 E is used to signal whether a 12 hour or 24 hour time display format is desired. The switch 138F is used to enable and disable the buffer RAM 80 as an option. The switches 138G and H are not used.

[0043] The switches 140 are used by the customer to set the system code. The system code is one of the items of data which is magnetically stored on each cardholder's card. When the card reader makes the authorization decision locally without consulting the central controller 20, it is the system code stored on the switches 140A-H which is compared to the system code on the cardholder's card to determine if authorization will be granted.

[0044] The switches 136, 138 and 140 are individually addressable by the microprocessor 66 through the multiplexers 60A and 60B and a decoder 140. The decoder 140 has address inputs 142 coupled to the address lines in the bus 64. The address supplied on the lines 142 is converted in the BCD to decimal decoder 140 to a logic zero signal on one of the output lines 0-6 which comprise a bus 144. Each of the lines in the bus 144 is coupled to one terminal of a plurality of switches in the switch groups 136, 138 and 140. When the group address appears on the address lines 142, one of the outputs in the bus 144 goes low thereby activating that group. The other terminal of each switch is coupled to the cathode of a diode which has its anode coupled to one of the XO-X3 inputs of the multiplexer 60B via the lines 132, 134, 130, 128, 146 or 148. All of the XO-X3 inputs are also coupled to a + 5 volt supply through the resistors 150, 152, 154 and 156. The XO-X3 inputs will be held in a logic one condition except if the line coupling that input is also coupled to a group of switches of which one has been enabled by a logic zero from the decoder 140 and the switch is closed.

[0045] The groups of switches coupled to the XO-X3 inputs of the multiplexer 60B intersect with the groups connected to the bus 144 such that for any particular output of the decoder 140 which has been enabled, and for any particular input of the multiplexer 60B which has been enabled, only one switch is coupled to both enabled lines. Thus the microprocessor 66 can individually read each switch in the groups 136, 138 and 140 by changing the address signals on the address lines of the bus 64.

[0046] The multiplexer 60B has its inhibit line grounded by the line 158 and its disable input held high by connection through a resistor 160 to a +5 volt supply. The disable input is pulled low to take the D7 output out of the high impedance state when the signal CSSW is true on the line 162. The line 162 is coupled to a decoder on the reader CPU board 67 which is coupled to address and control lines of the microprocessor 66 in the bus 64.

[0047] Data to be transmitted to the microprocessor 66 is placed on the TX data line 58 by a driver 70. The driver 70 also has several other outputs. For example, the output line 164 can be connected to an optional No Go relay 166. When the line 164 is grounded by the driver 70, a +5 volt supply coupled to the other terminal of the coil of the No Go relay 166 causes current to flow through the relay coil, thereby energizing it and causing the electrical conditions on the lines 168 coupled to the relay contacts to change.

[0048] In the preferred embodiment, the decoder 140 is a 74145 type TTL decoder such as is made by Signetics, the MUX 60A is a 74LS251 type multiplexer such as is made by Texas Instruments, the MUX 60B is a MC14512, CMOS type decoder such as is made by Motorola, and the driver 70 is an NE590 type driver such as is made by Signetics.

[0049] An output line 96 from the driver 70 is coupled to the GO LED (not shown) to energize it when authorization to make access has been granted. An output line 72 from the driver 70 is coupled to a terminal of the coil of a Go relay 71. When the driver 70 grounds the line 72, a +5 volt supply coupled to the other terminal of the relay coil energizes the coil, causing the relay contacts to change the condition on the lines 34 coupled to the door locking device.

[0050] The driver 70 has a data input, the D0 data bit on the line 68, and it has address inputs on the lines 172. The address inputs 172 are coupled to the microprocessor 66 by the bus 64. The address at these inputs determines which of the outputs of the driver 70 will be coupled to the data input 68. The microprocessor 66 can thus write a logic O or 1 to any of the outputs of the driver 70 by controlling the address on the lines 172 and the data on the data input line 68 which is coupled to data bit zero of the bus 64. The chip enable and clear inputs are coupled to decoder 250 of Figure 6C and a gate 282 in Figure 6B by the Signal lines CSOUT and RST.

[0051] Referring to Figures 5A & 5B, there is shown a circuit diagram of the RAM buffer and power fail detect board. The RAM buffer 80 has address lines 174which are coupled to the address lines of the microprocessor 66 in the bus 64. Data inputs and outputs 176 are also coupled to the microprocessor 66 data lines in the bus 64. A write enable line 178 is coupled to a control line in the bus 64 from the microprocessor 66 to control whether the RAM buffer 80 is reading or writing data through the data lines 176 to the address specified on the lines 174.

[0052] A chip select line 180 is coupled to a decoder 86. The decoder 86 has a VMA signal input line 184 coupling one input of a NOR gate 182 to a VMA control line of the microprocessor 66 in Figure 6B. The VMA signal is true when there is a valid memory address on the address lines 174. Because the other input to the NOR gate 182 is grounded, the NOR gate 182 serves as an inverter with the output on the line 186 false when a valid memory address is present on the address lines 174. The resistor 188 couples a positive voltage supply to the VMA input of the gate 182 to hold it at logic one except when VMA is false. A NOR gate 190 has one input coupled to the output of the NOR gate 182 and the other input coupled to a CSRAMO signal from a decoder 248 in Figure 6C. The CPU 66 can cause CSRAM0 to be true, i.e., logic zero, and can assert VMA on the line 184. This causes two logic 0's at the inputs of the NOR gate 190 and a logic 1 appears on the line 194. This logic 1 is inverted in a NOR gate 196 and appears as a logic 0 on the line 198.

[0053] A NOR gate 200 serves to gate a power fail detect signal on a line 202 from a power fail detector 84 through to the chip select input line 180 of the RAM buffer 80 if power fails. When power has not failed, however, the signal on the line 180 controls whether the RAM 80 is selected or deselected. Normally, the signal from the power fail detector 84 on a line 216 is a logic 0 indicating no power failure. When the signal on the line 198 is a logic 0, the RAM 80 is selected because the signal on the line 204 is a logic 1 which is inverted by a NOR gate to assert the CS signal on the line 180 at logic zero thereby enabling the RAM buffer 80 to read and write data.

[0054] A RST signal on a line 208 comes from a reset circuit on the reader CPU board which will be described below. The RST signal is a logic 0 at power up but becomes a logic one 1.2 seconds later as will be explained in connection with Figure 6B. A NOR gate 210 inverts this signal such that its output line 212 which is coupled to one input of a NOR gate 214 is normally low after power has been on for 1.2 seconds.

[0055] The NOR gate 214 has its other input coupled to the output of a comparator 222 in the power fail detect circuit 84. The comparator 222 has its inverting input 224 coupled to a voltage reference of approximately 5.3 volts when the power has not failed. The line 224 is held at this reference level by the voltage divider effect of the resistors 228 and 226 which couple a +12 volt D.C. supply to ground.

[0056] The non-inverting input 230 of the comparator 222 is coupled to a 3.6 volt reference source derived from battery power. This reference voltage is generated by a resistor 232 which couples a battery 82 (not shown) to ground through a zener diode 234. The zener has a 3.6 volt breakdown voltage, and has its cathode coupled to the line 230. The comparator 222 has a resistor 236 coupled between the output and its non-inverting input to provide positive feedback. The output on the line 216 will be a logic 0 as long as the power has not failed. When the power fails, the battery reference on the line 230 exceeds the voltage on the line 224, and the output on the line 216 rises to a logic 1 level indicating power has failed.

[0057] The logic 1 on the line 216 with the logic zero on the line 212 causes the NOR gate 214 to lower its output on the line 218 to a logic zero. This 0 on the line 218 is inverted to a 1 on the line 202 by the NOR gate 220 which causes the output of the gate 200 to change to a 0, thereby deselecting the buffer 80 if it was in a selected condition. When the RAM buffer 80 is deselected, no data may be written into or read out of the buffer. The power input 238 of the RAM buffer 80 will be coupled through any known switching mechanism 240 to the battery 82 (not shown) via a line 242 upon power failure.

[0058] Referring to Figures 6A, 6B, and 6C, there is shown a circuit diagram of the reader CPU board. The microprocessor 66 is coupled to a feature memory 98 by data lines 240 and address lines 242. The feature memory contains data regarding which optional features are in effect in the card reader. The microprocessor 66 is also coupled to a program memory 100 by the data lines 240 and the AO-A4 address lines 242. The enable inputs of the memories 100 and 98 are coupled via the lines 244 and 246 to the microprocessor's address lines 242 through decoders 248 and 250, respectively, in Figure 6C. A clock 252 generates timing signals for the IRQ and NMI inputs on the lines 254 and 256, respectively. The details of the construction and operation of the clock and of the feature and program memories will be appreciated by those skilled in the art. Any mechanism which generates signals periodically on the lines 254 and 256 will suffice for purposes of the invention.

[0059] The microprocessor 66 executes the instructions which are stored in the program memory 100. Within the program there are certain subroutines which accomplish various functions. The IRQ and NMI inputs on the lines 254 and 256 cause vectoring to certain of these subroutines. For example, the IRQ line 254, when asserted true, will cause the program control of the microprocessor 66 to be vectored to a routine which reads all the switches described herein.

[0060] When the NMI line 256 is asserted true, the microprocessor 66 is vectored to a transmit routine which transmits data to the central controller 20 via the Tx data lines 58 and data lines 28.

[0061] The microprocessor 66 must be reset to the beginning of the program upon the initial application of power to the circuit. A power on reset circuit 254 accomplishes this purpose. A comparator 256 has its non-inverting input 258 coupled to a reference voltage defined by a resistive voltage divider comprised of the resistors 262 and 264 coupling the power supply to ground. The inverting input 260 is coupled to one terminal of a capacitor 268 in an RC circuit comprised of a resistor 266 and the capacitor 268. When the power is first turned on, the capacitor 268 acts as an initial short to ground and the voltage on the line 258 will exceed the voltage on the line 260, and the output of the comparator 256 on the line 270 will be a logic 1. The line 270 is coupled to the input of a NOR gate 272 which acts as an inverter. The resistors 274 and 276 serve as a voltage divider to hold the line 270 in a logic 1 condition except when the comparator 256 asserts the line 270 low.

[0062] The logic 1 at power up on the line 270 is inverted once in the NOR gate 272 and again in a NOR gate 278 to become the PONCLR signal on the line 280.

[0063] As the voltage on the capacitor 268 rises, it exceeds the voltage on the line 258 at a time determined by the values of the resistor 266 and the capacitor 268. When this happens, the 1 on the output line 270 changes to a 0 and line 280 follows suit. The initial 1 on the line 280 is communicated to the reset line 284 of the CPU 66 as a 0 by passage through a NOR gate 282. The other input to the NOR gate 282 is a line 286 from a deadman reset circuit 288. The line 286 is normally a logic 0 except when there is a problem, as will be described below. With the line 286 normally logic 0, the initial logic 1 on the line 280 is inverted by the NOR gate 282 and resets the microprocessor 66 to the beginning address of the program. Thereafter, the line 280 goes to a logic 0 and stays there.

[0064] The deadman reset circuit 288 serves to reset the microprocessor 66 in case there is a software problem. Normally, the deadman reset circuit 288 will attempt to reset the microprocessor 66 periodically unless the software gives a trigger signal "D/M trigger" on the line 290. Thus if for some reason the signal D/M trigger does not occur, program control is lost, and the deadman reset circuit will cause the program counter to be reset to the beginning program location.

[0065] The manner in which the deadman reset function is accomplished is through the use of two retriggerable monostable multi-vibrators 292 and 294. The one shot 292 has its B and clear (R_D2) inputs coupled to a +5 volt source through a resistor 296 and are therefore always in a logic 1 state. The Q output on the line 298 is normally low until a negative transition occurs on the D/M trigger line 290, at which time the 0 output line 298 goes to a logic 1 state for a time determined by the values of the resistor 300 and the capacitor 302 coupled to the external RC circuit terminals. However, the pulse time established by the resistors 300 and 302 is longer than the period of the D/ M trigger signal. Thus, the output line 298 will not return to zero after the initial trigger pulse because the D/M trigger signal on the line 90 continues to retrigger the one shot 292.

[0066] The signals on the lines 298 and 280 are coupled to the inputs of a NOR gate 304. The output line 306 of the NOR gate 304 is coupled to the clear input of the one shot 294. The B input of the one shot 294 is held in a logic 1 condition by connection to a +5 volt supply through the resistor 296. The A input of the one shot 294 is coupled by a line 308 to the clock 252 and carries a 600 hertz clock signal.

[0067] After the initial power up period, the NOR gate 304 will have a logic 0 at the input coupled to the line 280 and a logic 1 at the line 298 input unless the D/M trigger signal on the line 290 does not occur. The output line 306 will remain in a logic 0 state at all times which causes the one shot 294 to ignore all signals at the A and B inputs. However, if the D/M trigger signal on the line 290 fails to occur on schedule, indicating some problem with the program execution, the one shot 292 will time out and enable the one shot 294. The clock signal on the line 308 will then trigger the one shot 294 causing a logic 0 to 1 transition on the line 286. This causes the line 284 to drop from logic 1 to 0 and resets the microprocessor 66.

[0068] Referring to Figure 6C, there is shown a logic diagram of the decoder circuitry which forms part of the decoder 86 in Figure 2. The decoder chip 248 has its select inputs coupled to the A12-A14 lines of the address bus 242 of the microprocessor 66. The G1 enable input 310 is coupled to the 02 output from the microprocessor 66 which is the clock signal for the rest of the system. The G2A enable input is held low by virtue of being coupled to the output of an inverter 314 which has its input coupled to a logic 1. The G2B input is coupled to the power on clear signal PONCLR on the line 280.

[0069] The decoder 250 has its A and B select inputs coupled to the address bus 242 and its C select input coupled to the R/W signal from the microprocessor 66. The G1 enable input is coupled to the 02 clock signal from the microprocessor 66, and the G2A enable signal is connected to the Y0 output from the decoder 248. The G2B enable input is coupled to the A7 line of the address bus 242 from the microprocessor 66.

[0070] Both the decoders 248 and 250 are 74L5138 one of eight decoders such as are manufactured by Texas Instruments. The outputs of the two decoders 248 and 250 are coupled to the various chip select inputs in the system as labelled in Figure 6C. By writing the proper addresses on the address lines 242, the microprocessor 66 can enable any chip in the system needed for a particular operation.

[0071] Turning to Figures 7A and 7B there is shown a logic diagram of the circuitry of the transaction buffer 88 and the degraded mode buffer 89 of Figure 2. A battery backup circuit 356 in Figure 7B serves to protect the information in the RAM chips shown in Figure 7B upon power failure. Each of the RAM chips is a 6116LP-4 CMOS static RAM such as is manufactured by Hitachi. The +5- volt line supply voltage on the line 358 normally causes a forward bias on the diode 360 and the +5 volt signal is thus coupled to the output line 362. However, when the power fails, the positive voltage on the line 364 from the battery 366 exceeds the voltage on the line 358 which causes a reverse bias on the diode 360. The diode 368, however, will be forward biased such that the battery power will be coupled to the line 362 to keep the information in the RAM intact.

[0072] A series of decoders 370-372 are coupled to the A11 line of the address bus 242. These decoders are 74LS139 one of four decoders in the preferred embodiment. The decoders have outputs 373-378 which are coupled to the chip select inputs of the 6 RAM chips of Figures 8B through a power fail detect circuit 382. Each decoder has its B enable input coupled to the VMA output 184 from the microprocessor 66 to enable the decoder to read the A11 bit when the decoder has been enabled. The decoders 370-372 are enabled by enable signals on the lines 379-381 coupled to the decoder 248 in Figure 6C. A power fail circuit 382 senses when the line power represented by the voltage on the line 358 has failed by comparing the voltage at a node 386 maintained by the line to the voltage at a node 388 maintained by a battery. A comparator 390 changes the state of its output 392 when the battery voltage at the node 388 exceeds the line voltage at the node 386. The comparator is a National LM311 in the preferred embodiment.

[0073] The chip select signals on the lines 373-378 are individually coupled through 74LS32 OR gates 393-398 to the chip select inputs of the RAM chips. in Figure 7B. Each chip select input is also coupled through the OR gates 393-398 to the output 392 from the comparator 390 such that when the comparator finds a failure of line power, all the RAM chips in Figure 7B will be deselected so as to maintain the integrity of the data.

[0074] The connections and functioning of the RAM chips of Figure 7B will be apparent to those skilled in the art. Data from the microprocessor 66 is input and output on the bus 240 to and from the memory locations having the addresses on the bus 242.

[0075] Turning to Figure 8 there is shown a flow diagram of the steps which are taken to transmit the data in the transaction buffer 88 to the central controller 20. The steps of Figure 8 are taken each time a poll signal comes in from the controller 20. The CPU normally operates in an executive mode symbolized by the state 441 in Figure 8. The executive jumps to various subroutines which perform housekeeping and command scan functions. These subroutines are symbolized by the state 443. One of the functions is to periodically check for the presence of a poll signal from the controller 20 in Figure 1. The poll signal is sent periodically to each card reader in the system via the enable pair 26 coupled that card reader. The check for the presence of a poll signal is symbolized by the state 447 in Figure 8. If no poll has been received, the CPU returns to its other housekeeping functions in the state 443 via the path 449.

[0076] If a poll has been received, the CPU will check an internal counter which is incremented each time a transaction is stored in the transaction buffer 88. This operation is symbolized by the block 451 in Figure 8. If the count is non-zero, then, the CPU knows that there is data in the transaction buffer 88 which needs to be transmitted to the central controller 20. Transfer is then made to a state 448 by a path 450. If the count is zero, the CPU returns to its other functions because there is no data to transmit. This transfer is symbolized by the path 453.

[0077] In the state 448, the CPU determines if the buffer option flag is set in the feature memory 98 in Figure 2. If the feature is present, the CPU will retrieve the data for one transaction from the transaction buffer 88 and transmit it to the central controller 20. This operation is symbolized by the state 454 in Figure 8 and is accomplished by addressing one of the transactions in the transaction buffer 88 and reading the data there by the bus 64. The data is then converted to serial format in the CPU 66 and sent via the D0 data bit line 68 to the driver 70 in Figure 2. The driver then places the data on the Tx data lines 58 and it is sent through the optical isolator board 54 onto the data line 28 to the central controller 20. The CPU then returns to the executive routine via the path 456.

[0078] If the buffer option is not present, the CPU 66 will transfer to a state 460 by a path 458 where it checks forthe presence of a card in the card slot. If there is a card in the card reader, the card data will be read by the CPU 66, converted to serial format and transmitted to the central controller 20. This step is symbolized by the block 462. Control is then returned to the executive.

[0079] If there is no card in the reader, the CPU will transfer to the state 464 via the path 465 to determine if there is a time request pending. The card readers which have the time and attendance function keep the local time but periodically request the time from the central controller so as to synchronize the local time with the central controller time. If there is a time request pending, the card reader will ask the time of the central controller 20 as symbolized by the state 466 and return to the executive via the path 468.

[0080] If no time request is pending, the CPU will acknowledge the poll as symbolized by the state 470 and return to the executive routine by the path 472.

[0081] Referring to Figure 9 there is shown a symbolic diagram of the memory tables used by the central controller 20 in downloading I.D. data to the readers for use in the super degraded mode. The readers 22 and 24 can request downloading when they are initially turned on since they will not have any I.D. data stored in their degraded mode buffers 89. Also, the control controller 20 can download the degraded mode data to the appropriate readers periodically, at random or whenever the data in the controller memory tables is changed by the user.

[0082] Referring jointly to Figures 9 and 10, the downloading operation will be explained. Figure 10 shows an algorithm for the software of the controller 20 detailing the steps taken by the controller to download I.D. data to degraded mode readers. Not all readers in a system need be degraded mode readers. The readers which are to be degraded mode are designated by the user by making an entry in the super degraded mode memory table 700. Each reader in the system has an entry in the SDM memory table 700. The reader entries consist of one byte of data of which two bits are used to designate the condition of the reader and the balance is used for other purposes including designating whether or not the particular reader is to be functional in the degraded mode.

[0083] The first bit 704 in the table entry for reader number 000 is used to signal whether the reader has a downloading request pending. All readers in the system which have a downloading request pending at any particular time will have the first bit set in the reader entry in the SDM memory table 700. Each downloading request is processed individually until either the degraded mode buffer 89 in the requesting reader is full, and so signals, or the controller runs out of I.D. numbers of employees who are authorized to enter the location controlled by the requesting reader during degraded mode times. After the downloading request by a particular reader has been processed completely, the controller clears the first bit for the reader entry in the table 700, e.g., bit 704 for the reader 000. The controller continues this process until all downloading requests are completely processed.

[0084] Referring to Figure 10, the receipt of a download request from a reader xxx is represented by the block 708. If the controller initiated the downloading operation, it will send a message to the reader commanding the reader to make a downloading request. Either way, a downloading request is made by the reader xxx to the controller. When the controller senses the download request from the reader xxx, it checks the super degraded mode memory table 700 to determine if the reader xxx has been designated by the user as a super degraded mode reader as represented by the block 710. If it has not been so designated, the controller sends a termination message to the reader xxx indicating that there will be no downloading operation as represented by the block 712.

[0085] Ifthe reader xxx has been designated as a super degraded mode reader, the controller will consult the reader xxx column in a Reader Authorization Memory Table 714 in Figure 9. The table 714 contains a column of entries for each reader in the system. Each employee in the system is assigned a specific I.D. number and a specific status number. The status number indicates which controlled areas in the system to which the employee has access. The purpose of the Reader Authorization Memory Table 714 is to correlate which readers are within each status group. Thus the table 714 takes the form of a matrix with an entry for each reader/status number combination. The entry for each reader/status number combination is a time zone number. The time zone number for each combination is used for access to a time zone table (not shown) which indicates, at any particular time of day, whether a person with the given status number is authorized to have access to a location controlled by the given reader. If the time zone number for a particular combination is zero, then persons with the given status number are never authorized to enter the location controlled by the given reader. Any reader status number combination which is a non-zero time zone number is a valid combination for super degraded mode. That is, no check of the time zone table is performed in super degraded mode. All I.D.'s in a status group with a non-zero time entry in the table 714 will be sent to the reader. These persons will be authorized entry during super degraded mode operation regardless of what time it is when they put their cards in the reader slot. This is different from normal operation when the cardholder can get in only at the times designated by the time zone.

[0086] After the central controller 20 has consulted the Reader Authorization Memory Table 714 column for the reader xxx and determined all status numbers which have non zero time entries, the controller must determine which employees are within the groups with those status numbers. To do this, the controller 20 consults an Identification Number Memory Table 716 in Figure 9. The table 716 has an entry for every employee authorized to have access in the system. Each entry, of which the entry 718 is typical, has an I.D. number and a status number. The I.D. number identifies the particular employee and the status number indicates which areas to which he can have access. The table 716 is arranged in ascending numerical order by I.D. number. The central controller 20, in processing a downloading request from the reader xxx, scans the Identification Number Memory Table 716 in ascending order to find all I.D. numbers that have status numbers which correspond to the status numbers found when the table 714 was consulted for the reader xxx. The location of all authorized status numbers in the table 714 is represented by the step 720 in Figure 10. The step of locating all the I.D. numbers in ascending order within each authorized status group for the reader xxx is represented by the step 722 in Figure 10. During the process of collecting the I.D. number for downloading to the reader xxx, the controller 20 sets the "in process" bit for the reader xxx entry in the table 700 comparable to the bit 706 for reader 000.

[0087] After the I.D. numbers for the downloading of the reader xxx have been collected, the controller 20 clears the "download request" bit 704 and the "in process" bit 706 for the reader xxx entry in the Super Degraded Mode Memory Table 700. Also, the I.D. numbers collected for the reader xxx are transmitted to the reader xxx for storage in the Degraded Mode Authorized Access Buffer 89 in Figure 2. These steps are represented by the blocks 724 and 726. Thereafter, the controller 20 waits for the next download request from another reader.

[0088] Referring to Figure 11 there is shown a flow diagram of the steps taken by the reader in processing card data in the super degraded mode. For clarification, each reader in the system can optionally function in either a "degraded" mode or a "super degraded" mode. In both cases, communication with the central controller 20 is not possible but the access decision transaction storage operations are different in each mode. In the "degraded" mode, the reader compares only the system code on the card to the system code set by the user on the reader's switches in Figure 4B. Optionally the reader will record the I.D. number and the local time in the transaction buffer for transactions where authorization was granted and will mark the entry as a "Go" transaction.

[0089] In the "super degraded" mode, the reader will check the system code on the card against the switches and the I.D. data against data in the degraded mode buffer downloaded from the controller. The reader will record all transactions either "Go" or "No Go" in the transaction buffer and mark them as such.

[0090] The block 800 in Figure 11 symbolizes an executive routine part of which is the background block 802 which performs routine housekeeping checks and functions that the card reader does when it is not doing one of the foreground processing routines to handle conditions discovered by the CPU during processing in the executive routine. Part of the normal executive routine is to check for the periodic appearance of a poll signal from the central controller. This check is symbolized by the block 804. If a poll signal has arrived from the controller during the last 30 seconds, the CPU will branch to the block 806 and avoid the degraded mode states. The block 806 represents the normal command processing performed by the reader during times when communications with the central controller are functioning normally, such as reading cards in the slot, sending the card data to the controller for an access decision, receiving a message from the controller either granting or denying access and causing access to be either granted or denied.

[0091] The readers in the system which are designated as super degraded mode must load their degraded mode buffers with the I.D. numbers of all those employees who are authorized access during times when communication is lost. There are at least two times when this downloading must occur: first, upon power-up; and, second, upon a change in the information in the tables having to do with the super degraded mode in the central controller. The blocks 808, 810 and 812 represent the power-up downloading. The block 808 represents the determination as to whether the degraded mode buffer 808 needs to be initially loaded after power-up. If a power-up situation is found, the reader CPU will determine whether the super degraded mode option is present in the feature memory as represented by the block 810. Control returns to the executive routine 800 if the reader either is not in a power-up situation or the super degraded mode option is not present.

[0092] If the reader CPU finds that both a power-up situation exists and that the super degraded mode option is present, the reader will request a download from the controller, and store the downloaded I.D. data in the super degraded mode authorized access buffer 89 in Figure 2. This is represented by the block 812. After downloading is completed, control is returned to the executive.

[0093] If the reader executive routine has not detected a poll within the last 30 seconds, the reader CPU will enter the degraded mode as symbolized by the path 814 and the states following it.

[0094] The reader must first determine whether there is a card in the reader slot as symbolized by the state 816. If there is no card, control is returned to the executive routine as symbolized by the path 818. Ifthere is a card in the reader, the reader CPU will read the card and then check the feature PROM 98 to determine if the super degraded mode option is in effect as symbolized by the state 820. If not, program control will be transferred to a state 822 wherein the reader CPU checks the feature PROM 98 to determine if the degraded mode option is in effect. If it is not in effect, program control returns to the executive routine 800 as symbolized by the path 824.

[0095] If the degraded mode option is in effect as determined in the state 822, the reader CPU will compare the system code data on the card in the slot against the system code set on the switches on the switch and relay board 62 as represented by the state 826. Ifthere is not a match, then program control is transferred to a state 828 where the red LED on the front panel of the reader is litfor a time. Some readers will have a "No Go" option in effect. The reader CPU will check the feature memory 98 and determine whether the "No Go" option is in effect as symbolized by the state 830. If it is not in effect, control will be transferred back to the executive. If it is in effect, then the reader CPU will energize a "No Go" relay for a time set by switches on the switch and relay board 62 as represented by the state 832. The No Go relay can be used to ring an alarm or control any other function. Control is then returned to the executive.

[0096] Referring again to the state 826, if a match in the system code was found, then the reader energizes a "Go" relay and lights the green LED on the front of the panel as symbolized by the state 834. If the buffer option for the degraded mode is in effect, a determination represented by the state 836, then the reader will store the I.D. number on the card and the local time in the transaction buffer 88. The reader CPU will also mark the record as a "Go" transaction such that when the content of the transaction buffer is later transmitted to the central controller, the "Go" transactions will be printed out in one color whereas "No Go" transactions stored while operating in the super degraded mode can be printed in a different color. This operation of recording and marking the transaction records is symbolized by the state 838. Subsequently, control is returned to the executive 800.

[0097] Returning to the state 820 in Figure 11, if the reader CPU check of the feature PROM 98 indicates that super degraded mode option is in effect, the super degraded mode authorized access buffer must be checked to determine if it isfull. This check is represented by the state 840. If it is full, the card in the slot will be ignored as represented by the state 842.

[0098] If the super degraded mode authorized access buffer is not full, program control is transferred to the state 844. There the reader CPU checks the feature PROM 98to determine if the IDEC option is present. If it is present, control is transferred to the state 846 where the reader CPU determines whether te IDEC password was properly entered as represented by the state 846. If the IDEC option is not in effect, the state 846 is skipped as symbolized by the path 848 and the data checking states 850 and 852 are entered. If the IDEC password, comprised of several digits entered from a reader keyboard 854, is not properly entered, the reader enters the state 856.

[0099] The state 856 represents the reader CPU operations of storing the I.D. number from the rejected card and the time of day for the transaction and marking the entry as a "No Go" transaction. The transactions in the transaction buffer 88 are marked either "Go" or "No Go" so that they may be printed out in different colors or otherwise segregated by the central controller.

[0100] If the IDEC option is present and the IDEC password was properly entered, the reader CPU enters the state 850 to determine if there is a system code match between the card data and the switches. If there is not a match, the state 856 is entered. lfthere is a match, the readerCPU enters a state 852 to determine if there is an I.D. code match. To make the I.D. code match, the reader CPU compares the I.D. data from the card to the I.D. data in the super degraded mode authorized access buffer 89 which was downloaded from the central controller when communication was possible.

[0101] If there is a match with any I.D. record in the buffer 89, the reader CPU enters the state 858 to store the transaction. The state 858 represents the steps of storing the I.D. number from the card and the local time in the transaction buffer 88 and marking the record as a "Go" transaction. Thereafter, the reader CPU enters the state 860 where the Go relay is energized and the Green LED is lit. Control is then returned to the executive routine 800.

[0102] After the transaction buffer is loaded and communication with the central controller returns, the reader will transmit the data in the transaction buffer, one transaction at a time to the controller using the algarithm of Figure 8.

[0103] Referring to Figure 12, there is shown a flow diagram ofthe steps taken by the readers when the controller 20 requests to dump I.D. data into the super degraded mode buffer. As usual, the reader CPU is functioning in the executive routine 800 when, as part of the routine, the inquiry is made as to whether a command has been received from the controller as represented by the state 862. If no command has been received, the othertasks of the executive routine are continued as symbolized by the path 864.

[0104] If a command has been received, the reader CPU enters the state 866 wherein it determines from the feature PROM 98 whether the super degraded mode option is present. If it is not present, then program control is returned to the executive routine 800 to determine what, if anything, to do about the command that was received.

[0105] If the super degraded mode option is present, the reader CPU enters the state 868. In this state, the reader determines if the command that was received from the central controller was an I.D. dump command indicating that the controller wishes to download I.D. information from its memory tables. If it was not such a command, the reader returns to the executive routine 800 to determine what to do.

[0106] If the command was an I.D. dump command, the readerwill enter a state 870 wherein the readerwill request a download from the CPU. Thereafter, the reader enters a state 872 wherein the I.D. records coming in from the controller are stored in the super degraded mode buffer 89.

[0107] As each I.D. record comes in, the reader CPU stores it as represented by the state 872 and then enters a state 874 to determine if the super degraded mode buffer 89 is full. If it is not full, the reader requests another I.D. record as symbolized by the state 876. The controller 20 may have no more ID's to send so the reader CPU enters a state 878 to determine if the controller has sent a message indicating that it has no more ID's to send. If the controller has sent such a message, control is returned to the executive 800. However, if no such message has been sent, program control is returned to the state 872 to store the next incoming I.D. record.

[0108] Returning to the state 874, if the reader CPU finds that the super degraded mode buffer 89 was filled by storage of the last received I.D. record, a state 880 will be entered wherein the reader will transmit an "I'm full" message to the controller indicating it cannot accept any further I.D. records. Control will then be returned to the executive routine.

Claims

1. A security system for controlling access to an area, comprising at least one card reader (24) for reading card data substantially permanently stored on a card introduced therein, and further comprising a central controller (20) including first means for storing authorization data defining which person has authorized access to said area, and means for communicating (50, 52) between said central controller and said card reader, said card reader (24) being adapted to function in a first mode or normal mode, in which mode communication between said card reader (24) and said central controller (20) is possible and at least in a second mode or degraded mode when said communication is impossible or difficult, characterized in that said card reader (24) further comprises means for detecting (66) a poll signal periodically sent by said central controller (20), the absence of said poll signal from said central controller (20) for a predetermined time causing the card reader (24) to leave said normal mode and to enter said degraded mode until the next poll signal from said central controller (20) is detected by said detecting means (66), said card reader (24) also comprising means for downloading and storing said authorization data from said central controller (20) during said first mode, means for comparing said card data with said authorization data in view of granting access to said area when said card data match said authorization data and second means (88) for storing at least information resulting from said match.

2. A security system as defined in Claim 1, characterized in that said comparing means and said storing means (88) in said card reader (24) are activated when said central controller (24) enters second mode.

3. A security system as defined in either Claim 1 or Claim 2, characterized in that said communicating means (50, 52) transfer said information resulting from said match during said second mode, to said central controller (20) at a time when said communication is possible.

4. A security system as defined in Claim 3, characterized in that said transfer is caused by reception by said card reader of a signal sent by said central controller at a selected time.

5. A security system as defined in any one of Claims 1 to 4, characterized in that during the first mode of said card reader (24), said communicating means (50, 52) transfer said card data to said central controller (20), and in that said central controller (20) further comprises means (66) for evaluating said card data to determine, by comparison with said authorization data, whether access should be granted, and means for sending a message to said card reader (24) instructing said card reader (24) whether or not to grant access.

6. A security system as defined in any one of Claims 1 to 5, characterized in that said security system includes a plurality of card readers (22, 24), and said central controller (20) further comprises second means for storing data regarding which of said readers is authorized to grant access when said readers are in a second mode.

7. A security system as defined in any one of Claims 1 to 6, characterized in that said central controller (20) further comprises means for receiving requests from any of said readers (22, 24) for downloading said authorization data to said requesting card reader (22, 24) and means for sending said authorization data via said communicating means (50, 52) to said card reader for storage upon acceptance of said request by said central controller (20).

8. A security system as defined in Claim 7, characterized in that said central controller (20) further comprises means for determining by consulting said second storing means in central controller (20) whether said requesting card reader (22, 24) is authorized to grant access when said card reader (22, 24) is in a second mode, said request by said card reader (22, 24) being refused if said card reader (22, 24) has not been designated to grant access when said card reader (22, 24) is in a second mode.

9. A security system as defined in any one of Claims 1 to 8, characterized in that said authorization data consist at least of I.D data identifying which person is authorized access and of port data indicating which said reader (22, 24) said person is authorized access to.

10. A security system as defined in Claim 9, characterized in that said authorization data further includes status data indicating which controlled areas in said system to which said person has access.

11. A security system as defined in any one of Claims 7 to 10, characterized in that said request for downloading of said authorization data from said central controller (20) to said requesting card reader (22, 24) occurs when said card reader (22, 24) is initially powered up.

12. A security system as defined in any one of Claims 7 to 10, characterized in that said request for downloading of said authorization data from said central controller (20) to said requesting card reader (22, 24) occurs with a predetermined period.

13. A security system as defined in any one of Claims 7 to 10, characterized in that said request for downloading of said authorization data from said central controller (20) to said requesting card reader (22, 24) occurs when said authorization data are updated in said first storing means in central controller (20), upon sending by said central controller (20) of an "updating" signal to said card reader (22, 24).

14. A security system as defined in any one of Claims 1 to 13, characterized in that said card data comprise system code data identifying the organization and said I.D. data identifying the person with regard to the access status of said person to said area.

15. A security system as defined in Claim 14, characterized in that said match between card data and authorization data operated by said comparing means in said card reader (22, 24) is based upon match of said system code data of said card data with said authorization data.

16. A security system as defined in either Claim 14 or 15, characterized in that said match between said card data and authorization data operated by said comparing means in said card reader (22, 24) is based upon match of said system code data and said I.D. data of said card data with said authorization data.

17. A security system as defined in any one of Claims 14 to 16, characterized in that said information resulting from said match comprises said I.D. data of said card data for all persons granted access during said second mode.

18. A security system as defined in any one of Claims 14 to 17, characterized in that said information further comprises the time when each person was granted access.

19. A security system as defined in any one of Claims 14 to 18, characterized in that said information further comprises said I.D. data of said card data for all persons who attempted entering said area.

20. A security system as defined in any one of Claims 14 to 19, characterized in that said information further includes the time of each transaction, said transaction being defined as an attempted entry, successful or not, and further includes the result of the transaction characterized as either a "go" transaction when access was granted and a "no go" transaction when access was denied.

21. A security system as defined in any one of Claims 1 to 20, characterized in that said card reader (22, 24) includes a keyboard, the entry to said area being further based upon adequate match of a password with said authorization data, said password being entered by card holder on said keyboard.

22. A method of operating a security system comprised of a central controller (20) and at least a card reader (22, 24), said security system functioning in a first mode or normal mode when communication between said central controller (20) and said card reader is possible and said security system functioning in a second mode or degraded mode when said communication is impossible or difficult, said method comprising the step of:

reading a card by means of said card reader (22, 24) to derive, from said card, data substantially permanently stored on said card, said method being characterized by the steps of:

sensing whether communication between said central controller (20) and said card reader is possible by detecting a poll signal periodically sent by said central controller (20), the absence of said signal from said central controller (20) for a predetermined time causing the card reader (20) to leave said normal mode and to enter said degraded mode until further detection of a next poll signal from said central controller (20);

when said security system functions in said first mode:

sending said card data to said central controller (20);

downloading authorization data stored in said central controller (20) from said central controller into said card reader (24);

storing said authorization data in said card reader (24);

determining in said central controller (20) if access is to be granted or denied based upon a the comparison of said card data with said authorization data; and

sending a message from said central controller (20) to said card reader (24) indicating whether access is to be granted or denied;

and when said security system operates in said second mode:

comparing some of said card data with said authorization data previously stored in said card reader in said first mode; and

granting or denying access based upon said comparison and storing in said card reader (24) information resulting from said comparison.

23. A method of operating a security system as set forth in Claim 22, further characterized when said security system operates in said second mode, by the steps of:

comparing in said central controller (20) all of said card data comprising system code data identifying the card holder's organization and I.D. data identifying the card holder, with said authorization data; and

storing in said card reader (22, 24) said card data and said information comprising the time and the result of the entry transaction, said transaction being marked as a "no go" transaction if either the system code data or the I.D. code data do not match authorization data stored in said card reader (22, 24) and being marked as a "go" transaction if both the system code data and the I.D. code data match said authorization data.

24. A method of operating a security system as set forth in either Claim 22 or 23, further characterized when said security system operates in said first mode, by the steps of:

sending a request from said card reader (22, 24) to said central controller (20) for downloading authorization data stored in said central controller (20);

determining in said central controller (20) whether said requesting card reader (22, 24) has been designated to grant access during said second mode of said security system; and

downloading said authorization data from said central controller (20) to said requesting card reader (22, 24) if said card reader (22, 24) has been designated to grant access during said second mode of said security system.

25. A method of operating a security system as set forth in any one of Claims 22 to 24, further characterized by the step of transmitting said card data read from said card by said card reader (22, 24) and stored therein, in a transaction occurring during said second mode, and said information resulting from said transaction to said central controller (20) after said communication between said central controller (20) and said card reader (22, 24) has been restored.

Ansprüche

1. Sicherheitssystem zur Kontrolle des Zutritts zu einem Bereich, mit wenigstens einem Kartenleser (24) zum Lesen von Kartendaten, die im wesentlichen permanent auf einer darin eingeführten Karte gespeichert sind, ferner mit einer Zentralsteuerung (20), welche erste Einrichtungen zum Speichern von Autorisierungsdaten aufweist, welche definieren, welche Person autorisierten Zutritt zu dem Bereich hat, sowie Einrichtungen zur Kommunikation (50, 52) zwischen der Zentralsteuerung und dem Kartenleser, wobei der Kartenleser (24) derart ausgebildet ist, daß er in einem ersten Modus oder Normalmodus arbeitet, in welchem Modus die Kommunikation zwischen dem Kartenleser (24) und der Zentralsteuerung (20) möglich ist, sowie wenigstens in einem zweiten Modus oder degradierten Modus, wenn die Kommunikation unmöglich oder schwierig ist, dadurch gekennzeichnet, daß der Kartenleser (24) ferner Einrichtungen zur Detektierung (66) eines Abfragesignals, das periodisch von der Zentralsteuerung (20) gesendet wird, aufweist, wobei die Abwesenheit des Abfragesignals von der Zentralsteuerung (20) über eine vorbestimmte Zeitspanne hinweg bewirkt, daß der Kartenleser (24) den Normalmodus verläßt und in den degradierten Modus eintritt, bis das nächste Abfragesignal aus der Zentralsteuerung (20) durch die Detektoreinrichtung (66) detektiert wird, wobei der Kartenleser (24) auch Einrichtungen zum Herabladen und Speichern der Autorisierungsdaten aus der Zentralsteuerung (20) während des ersten Modus umfaßt, sowie Einrichtungen zum Vergleichen der Kartendaten mit den Autorisierungsdaten in Anbetracht der Gewährung von Zutritt zu dem Bereich, wenn die Kartendaten mit den Autorisierungsdaten übereinstimmen, sowie zweite Einrichtungen (88) zum Speichern von wenigstens Informationen, die sich aus der Übereinstimmung ergeben.

2. Sicherheitssystem nach Anspruch 1, dadurch gekennzeichnet, daß die Vergleichseinrichtungen und die Speichereinrichtungen (88) in dem Kartenleser (24) aktiviert werden, wenn die Zentralsteuerung (24) in den zweiten Modus eintritt.

3. Sicherheitssystem nach Anspruch 1 oder 2, dadurch gekennzeichnet, daß die Kommunikationseinrichtungen (50, 52) die Information, die sich aus der Übereinstimmung während des zweiten Modus ergeben, an die Zentralsteuerung (20) zu einer Zeit übertragen, wenn die Kommunikation möglich ist.

4. Sicherheitssystem nach Anspruch 3, dadurch gekennzeichnet, daß die Übertragung dadurch bewirkt wird, daß durch den Kartenleser ein Signal empfangen wird, das zu einer vorgewählten Zeit von der Zentralsteuerung gesendet wurde.

5. Sicherheitsystem nach einem der Ansprüche 1 bis 4, dadurch gekennzeichnet, daß während des ersten Modus des Kartenlesers (24) die Kommunikationseinrichtungen (50, 52) die Kartendaten an die Zentralsteuerung (20) transferieren, und daß die Zentralsteuerung (20) ferner Einrichtungen (66) zur Bewertung der Kartendaten umfaßt, um durch Vergleich mit den Autorisierungsdaten festzustellen, ob Zutritt gewährt werden sollte, sowie Einrichtungen zum Senden einer Botschaft an den Kartenleser (24), welche den Kartenleser (24) anweist, ob Zutritt zu gewähren ist oder nicht.

6. Sicherheitssystem nach einem der Ansprüche 1 bis 5, dadurch gekennzeichnet, daß das Sicherheitssystem eine Vielzahl von Kartenlesern (22,24) aufweist, und daß die Zentralsteuerung (20) ferner zweite Einrichtungen zur Speicherung von Daten umfaßt, welche angeben, welcher der Leser autorisiert ist, Zugriff zu gewähren, wenn die Leser sich in einem zweiten Modus befinden.

7. Sicherheitssystem nach einem derAnsprüche 1 bis 6, dadurch gekennzeichnet, daß die Zentralsteuerung (20) ferner Einrichtungen zum Empfang von Anfragen von irgendeinem der Leser (22, 24) aufweist, um die Autorisierungsdaten zu dem anfragenden Kartenleser (22, 24) hinunterzuladen, sowie Einrichtungen zur Sendung der Autorisierungsdaten über die Kommunikationseinrichtungen (50, 52) an den Kartenleser zur Speicherung bei Akzeptierung der Anfrage durch die Zentralsteuerung (20).

8. Sicherheitssystem nach Anspruch 7, dadurch gekennzeichnet, daß die Zentralsteuerung (20) ferner Einrichtungen umfaßt, um durch Konsultierung der zweiten Speichereinrichtung in der Zentralsteuerung (20) zu bestimmen, ob der anfragende Kartenleser (22, 24) zur Gewährung von Zutritt autorisiert ist, wenn der Kartenleser (22, 24) sich in einem zweiten Modus befindet, wobei die Anfrage durch den Kartenleser (22, 24) verweigert wird, falls der Kartenleser (22, 24) nichtzur Gewährung von Zutritt bezeichnet worden ist, wenn der Kartenleser (22, 24) sich in einem zweiten Modus befindet.

9. Sicherheitssystem nach einem der Ansprüche 1 bis 8, dadurch gekennzeichnet, daß die Autorisierungsdaten wenigstens Identitätsdaten umfassen, welche die Person identifizieren, die zum Zutritt autorisiert ist, sowie Tordaten, welche anzeigen, welcher Leser (22, 24) autorisiert ist, dieser Person Zutritt zu gewähren.

10. Sicherheitssystem nach Anspruch 9, dadurch gekennzeichnet, daß die Autorisierungsdaten ferner Statusdaten umfassen, welche anzeigen, zu welchen kontrollierten Bereichen in dem System die Person Zutritt hat.

11. Sicherheitssystem nach einem der Ansprüche 7 bis 10, dadurch gekennzeichnet, daß die Anfrage zur Herabladung der Autorisierungsdaten aus der Zentralsteuerung (20) an den anfragenden Kartenleser (22, 24) dann stattfindet, wenn die Stromversorgung des Kartenlesers (22, 24) anfänglich eingeschaltet wird.

12. Sicherheitssystem nach einem der Ansprüche 7 bis 10, dadurch gekennzeichnet, daß die Anfrage zum Herabladen derAutorisierungsdaten aus der Zentralsteuerung (20) an den anfragenden Kartenleser (22, 24) mit einer vorbestimmten Periode stattfindet.

13. Sicherheitssystem nach einem der Ansprüche 7 bis 10, dadurch gekennzeichnet, daß die Anfrage zum Herabladen derAutorisierungsdaten aus der Zentralsteuerung (20) an den anfragenden Kartenleser (22, 24) dann auftritt, wenn die Autorisierungsdaten in der ersten Speichereinrichtung in der Zentralsteuerung (20) aktualisiert werden, wenn durch die Zentralsteuerung (20) ein Aktualisierungssignal an den Kartenleser (22, 24) gesandt wird.

14. Sicherheitssystem nach einem der Ansprüche 1 bis 13, dadurch gekennzeichnet, daß die Kartendaten Systemkodedaten umfassen, welche die Organisation identifizieren, sowie die Identifizierungsdaten, welche die Person hinsichtlich des Zutrittsstatus der Person zu dem Bereich identifizieren.

15. Sicherheitssystem nach Anspruch 14, dadurch gekennzeichnet, daß die Übereinstimmung zwischen Kartendaten und Autorisierungsdaten, die von der Vergleichseinrichtung in dem Kartenleser (22, 24) verarbeitet werden, auf der Übereinstimmung der Systemkodedaten der Kartendaten mit den Autorisierungsdaten beruht.

16. Sicherheitssystem nach Anspruch 14 oder 15, dadurch gekennzeichnet, daß die Übereinstimmung zwischen den Kartendaten und Autorisierungsdaten, die von der Vergleichseinrichtung in dem Kartenleser (22, 24) verarbeitet werden, auf der Übereinstimmung der Systemkodedaten und der Identifizierungsdaten der Kartendaten mit den Autorisierungsdaten beruht.

17. Sicherheitssystem nach einem der Ansprüche 14 bis 16, dadurch gekennzeichnet, daß die sich aus der Übereinstimmung ergebende Information die Identifizierungsdaten der Kartendaten für alle Personen umfaßt, denen Zutritt während des zweiten Modus gewährt wurde.

18. Sicherheitssystem nach einem der Ansprüche 14 bis 17, dadurch gekennzeichnet, daß die Information ferner die Zeit umfaßt, zu der jeder Person Zutritt gewährt wurde.

19. Sicherheitssystem nach einem der Ansprüche 14 bis 18, dadurch gekennzeichnet, daß die Information ferner die Identitätsdaten der Kartendaten für alle Personen umfaßt, die versuchten in den Bereich einzutreten.

20. Sicherheitssystem nach einem der Ansprüche 14 bis 19, dadurch gekennzeichnet, daß die Information ferner die Zeit jeder Transaktion umfaßt, wobei diese Transaktion definiert ist als versuchter Eintritt, gleichgültig ob erfolgreich oder nicht, sowie ferner das Ergebnis der Transaktion, das entweder als "GO"-Transaktion gekennzeichnet ist, wenn Zutritt gewährt wurde, oder als "NO GO"-Transaktion, wenn der Zutritt verweigert wurde.

21. Sicherheitssystem nach einem der Ansprüche 1 bis 20, dadurch gekennzeichnet, daß der Kartenleser (22, 24) eine Tastatur umfaßt, wobei der Zutritt zu dem Bereich ferner auf einer adäquaten Übereinstimmung eines Paßwortes mit den Autorisierungsdaten beruht, und wobei das Paßwort durch den Karteninhaber in die Tastatur eingegeben wird.

22. Verfahren zum Betrieb eines Sicherheitssystems, welches eine Zentralsteuerung (20) umfaßt und wenigstens einen Kartenleser (22, 24), wobei das Sicherheitssystem in einem ersten Modus oder Normalmodus arbeitet, wenn die Kommunikation zwischen der Zentralsteuerung (20) und dem Kartenleser möglich ist, während das Sicherheitssystem in einem zweiten Modus oder degradierten Modus arbeitet, wenn die Kommunikation unmöglich oder schwierig ist, und wobei das Verfahren den Verfahrensschritt umfaßt:

Lesen einer Karte mittels des Kartenlesers (22, 24), um von der Karte Daten zu erhalten, die im wesentlichen permanent auf der Karte gespeichert sind,

wobei das Verfahren durch die folgenden Schritte gekennzeichnet ist:

Ermitteln ob eine Kommunikation zwischen der Zentralsteuerung (20) und dem Kartenleser möglich ist, indem ein Abfragesignal detektiert wird, das periodisch von der Zentralsteuerung (20) ausgesendet wird, wobei die Abwesenheit des Signals aus der Zentralsteuerung (20) für eine vorbestimmte Zeit bewirkt, daß der Kartenleser (20) den Normalmodus verläßt und in den degradierten Modus eintritt, bis eine weitere Detektion eines nächsten Abfragesignals aus der Zentralsteuerung (20) stattfindet;

wenn das Sicherheitssystem in dem ersten Modus arbeitet:

Aussenden der Kartendaten an die Zentralsteuerung (20);

Herabladen von Autorisierungsdaten, die in der Zentralsteuerung (20) gespeichert sind, aus der Zentralsteuerung in den Kartenleser (24);

Speichern der Autorisierungsdaten in dem Kartenleser (24);

Bestimmen in der Zentralsteuerung (20), ob Zutritt zu gewähren oder zu versagen ist, und zwar auf der Grundlage des Vergleichs der Kartendaten mit den Autorisierungsdaten; und

Aussenden einer Botschaft von der Zentralsteuerung (20) an den Kartenleser (24), welche angibt, ob Zugang zu gewähren oder zu versagen ist;

und wenn das Sicherheitssystem in dem zweiten Modus arbeitet:

Vergleichen einiger der Kartendaten mit den vorher in dem Kartenleser im ersten Modus gespeicherten Autorisierungsdaten; und

Gewähren oder Verweigern des Zugangs auf der Grundlage des Vergleichs und Speichern von Informationen, die sich aus dem Vergleich ergeben, in dem Kartenleser (24).

23. Verfahren zum Betreiben eines Sicherheitssystems nach Anspruch 22, ferner gekennzeichnet durch die folgenden Verfahrensschritte, wenn das Sicherheitssystem in dem zweiten Modus arbeitet:

Vergleichen in der Zentralsteuerung (20) all der Kartendaten, welche Systemkodedaten umfassen, die die Organisation des Karteninhabers identifizieren, sowie Identitätsdaten, welche den Karteninhaber selbst identifizieren, mit den Autorisierungsdaten; und

Speichern in dem Kartenleser (22, 24) die Kartendaten und die Information, welche die Zeit und das Ergebnis der Zutrittstransaktion umfa8t, wobei diese Transaktion als eine "NO GO"-Transaktion markiert ist, wenn entweder die Systemkodedaten oder die Identitätskodedaten nicht mit den in dem Kartenleser (22, 24) gespeicherten Autorisierungsdaten übereinstimmen, während die Transaktion als "GO"-Transaktion markiert wird, wenn sowohl die Systemkodedaten als auch die Identitätskodedaten mit den Autorisierungsdaten übereinstimmen.

24. Verfahren zum Betreiben eines Sicherheitssystems nach Anspruch 22 oder 23, ferner gekennzeichnet durch die folgenden Verfahrensschritte, wenn das Sicherheitssystem in dem ersten Modus arbeitet:

Aussenden einer Anfrage von dem Kartenleser (22, 24) an die Zentralsteuerung (20) zum Herabladen von in der Zentralsteuerung (20) gespeicherten Autorisierungsdaten;

Bestimmen in der Zentralsteuerung (20), ob der anfragende Kartenleser (22, 24) zur Gewährung von Zutritt während des zweiten Modus des Sicherheitssystems bezeichnet ist; und

Herabladen der Autorisierungsdaten aus der Zentralsteuerung (20) an den anfragenden Kartenleser (22, 24), wenn der Kartenleser (22, 24) zur Gewährung von Zutritt während des zweiten Modus des Sicherheitssystems bezeichnet worden ist.

25. Verfahren zum Betreiben eines Sicherheitssystems nach einem der Ansprüche 22 bis 24, ferner gekennzeichnet durch den Verfahrensschritt, daß die aus der Karte durch den Kartenleser (22, 24) ausgelesenen und darin gespeicherten Kartendaten in einer während des zweiten Modus stattfindenden Transaktion sowie auch die sich aus der Transaktion ergebenden Informationen an die Zentralsteuerung (20) übertragen werden, nachdem die Kommunikation zwischen der Zentralsteuerung (20) und dem Kartenleser (22, 24) wiederhergestellt wurde.

Revendications

1. Système de sécurité pour commander l'accès à une zone, comprenant au moins un lecteur (24) de cartes destiné à lire des données de carte enregistrées de façon sensiblement permanente sur une carte introduite dans ce lecteur, et comprenant en outre un dispositif central (20) de commande comprenant des premiers moyens destinés à enregistrer des données d'autorisation définissant quelle personne a un accès autorisé à ladite zone, et des moyens (50, 52) destinés à communiquer entre ledit dispositif central de commande et ledit lecteur de cartes, ledit lecteur (24) de cartes étant conçu pour fonctionner dans un premier mode ou mode normal, mode dans lequel une communication entre ledit lecteur (24) de cartes et ledit dispositif central (20) de commande est possible, et au moins dans un second mode ou mode dégradé lorsque ladite communication est impossible ou difficile, caractérisé en ce que ledit lecteur (24) de cartes comprend en outre des moyens (66) destinés à détecter un signal d'interrogation émis périodiquement par ledit dispositif central (20) de commande, l'absence dudit signal d'interrogation provenant dudit dispositif central (20) de commande, pendant un temps prédéterminé, amenant le lecteur (24) de cartes à quitter ledit mode normal et à passer dans ledit mode dégradé jusqu'à ce que le signal suivant d'interrogation provenant dudit dispositif central (20) de commande soit détecté par lesdits moyens de détection (66), ledit lecteur (24) de cartes comprenant aussi des moyens destinés à transférer et enregistrer lesdites données d'autorisation à partir dudit dispositif central (20) de commande durant ledit premier mode, des moyens destinés à comparer lesdites données de carte avec lesdites données d'autorisation en vue d'accorder l'accès à ladite zone lorsque lesdites données de carte concordent avec lesdites données d'autorisation et des seconds moyens (88) destinés à enregistrer au moins une information résultant de ladite concordance.

2. Système de sécurité selon la revendication 1, caractérisé en ce que lesdits moyens de comparaison et lesdits moyens (88) d'enregistrement dans ledit lecteur (24) de cartes sont activés lorsque ledit dispositif central (24) de commande passe dans le second mode.

3. Système de sécurité selon la revendication 1 ou la revendication 2, caractérisé en ce que lesdits moyens (50, 52) de communication transfèrent ladite information résultant de ladite concordance pendant ledit second mode audit dispositif central (20) de commande à un temps où ladite communication est possible.

4. Système de sécurité selon la revendication 3, caractérisé en ce que ledit transfert est provoqué par la réception par ledit lecteur de cartes d'un signal émis par ledit dispositif central de commande à un temps choisi.

5. Système de sécurité selon l'une quelconque des revendications 1 à 4, caractérisé en ce que, durant le permier mode dudit lecteur (24) de cartes, lesdits moyens (50, 52) de communication transfèrent lesdites données de carte audit dispositif central (20) de commande, et en ce que ledit dispositif central (20) de commande comprend en outre des moyens (66) destinés à évaluer lesdites données de carte pour déterminer, par comparaison avec lesdites données d'autorisation, si un accès doit être accordé, et des moyens destinés à envoyer un message audit lecteur (24) de cartes lui donnant pour instruction d'accorder ou non l'accès.

6. Système de sécurité selon l'une quelconque des revendications 1 à 5, caractérisé en ce que ledit système de sécurité comprend plusieurs lecteurs de cartes (22, 24), et ledit dispositif central (20) de commande comprend en outre des seconds moyens destinés à enregistrer des données concernant lequel desdits lecteurs est autorisé à accorder l'accès lorsque lesdits lecteurs sont dans un second mode.

7. Système de sécurité selon l'une quelconque des revendications 1 à 6, caractérisé en ce que ledit dispositif central (20) de commande comprend en outre des moyens destinés à recevoir des demandes provenant de l'un quelconque desdits lecteurs (22, 24) pour transférer lesdites données d'autorisation audit lecteur de cartes demandeur (22, 24) et des moyens destinés à envoyer lesdites données d'autorisation par l'intermédiaire desdits moyens (50, 52) de communication audit lecteur de cartes pour les enregistrer à la suite de l'acceptation de ladite demande par ledit dispositif central (20) de commande.

8. Système de sécurité selon la revendication 7, caractérisé en ce que ledit dispositif central (20) de commande comprend en outre des moyens destinés à déterminer, par consultation desdits seconds moyens d'enregistrement dans le dispositif central de commande, si ledit lecteur de cartes demandeur (22, 24) est autorisé à accorder l'accès lorsque ledit lecteur (22, 24) de cartes est dans un second mode, ladite demande par ledit lecteur (22, 24) de cartes étant refusée si ledit lecteur (22, 24) de cartes n'a pas été désigné pour accorder l'accès lorsque ledit lecteur (22, 24) de cartes est dans un second mode.

9. Système de sécurité selon l'une quelconque des revendications 1 à 8, caractérisé en ce que lesdites données d'autorisation consistent en au moins des données d'identification identifiant quelle personne a un accès autorisé et des données d'accès indiquant ledit lecteur (22, 24) auquel ladite personne est autorisée à accéder.

10. Système de sécurité selon la revendication 9, caractérisé en ce que lesdites données d'autorisation comprennent en outre des données d'état indiquant à quelle zone contrôlée dans ledit système ladite personne a accès.

11. Système de sécurité selon l'une quelconque des revendications 7 à 10, caractérisé en ce que ladite demande pour transférer lesdites données d'autorisation dudit dispositif central (20) de commande audit lecteur de cartes demandeur (22, 24) apparaît lorsque ledit lecteur (22, 24) de cartes est initialement mis sous tension.

12. Système de sécurité selon l'une quelconque des revendications 7 à 10, caractérisé en ce que ladite demande pour transférer lesdites données d'autorisation dudit dispositif central (20) de commande audit lecteur de cartes demandeur (22, 24) apparaît avec une période prédéterminée.

13. Système de sécurité selon l'une quelconque des revendications 7 à 10, caractérisé en ce que ladite demande pour transférer lesdites données d'autorisation dudit dispositif central (20) de commande audit lecteur de cartes demandeur (22, 24) apparaît lorsque lesdites données d'autorisation sont mises à jour dans lesdits premiers moyens d'enregistrement dans le dispositif central (20) de commande, à la suite de l'envoi par ledit dispositif central (20) de commande d'un signal "mise à jour" audit lecteur (22, 24) de cartes.

14. Système de sécurité selon l'une quelconque des revendications 1 à 13, caractérisé en ce que lesdites données de carte comprennent des données de code du système identifiant l'organisation et lesdites données d'identification identifiant la personne en ce qui concerne la situation d'accès de ladite personne à ladite zone.

15. Système de sécurité selon la revendication 14, caractérisé en ce que ladite concordance entre des données de carte et des données d'autorisation sur lesquelles travaillent lesdits moyens de comparaison dans ledit lecteur (22, 24) de cartes est basée sur une concordance desdites données de code du système faisant partie desdites données de carte avec lesdites données d'autorisation.

16. Système de sécurité selon la revendication 14 ou 15, caractérisé en ce que ladite concordance entre lesdites données de carte et lesdites données d'autorisation, sur lesquelles travaillent lesdits moyens de comparaison dans ledit lecteur (22, 24) de cartes, est basée sur une concordance desdites données de code du système et desdites données d'identification faisant partie desdites données de carte, avec lesdites données d'autorisation.

17. Système de sécurité selon l'une quelconque des revendications 14 à 16, caractérisé en ce que ladite information résultant de ladite concordance comprend lesdites données d'identification faisant partie desdites données de carte pour toutes les personnes auxquelles l'accès est accordé durant ledit second mode.

18. Système de sécurité selon l'une quelconque des revendications 14 à 17, caractérisé en ce que ladite information comprend en outre l'heure à laquelle l'accès a été accordé à chaque personne.

19. Système de sécurité selon l'une quelconque des revendications 14 à 18, caractérisé en ce que ladite information comprend en outre lesdites données d'identification faisant partie desdites données de carte pour toutes les personnes ayant tenté d'entrer dans ladite zone.

20. Système de sécurité selon l'une quelconque des revendications 14 à 19, caractérisé en ce que ladite information comprend en outre l'heure de chaque transaction, ladite transaction étant définie par une tentative d'entrée, réussie ou non, et comprend en outre le résultat de la transaction caractérisée comme étant une transaction "passe" lorsque l'accès a été accordé et une transaction "passe pas" lorsque l'accès a été refusé.

21. Système de sécurité selon l'une quelconque des revendications 1 à 20, caractérisé en ce que ledit lecteur (22, 24) de cartes comprend un clavier, l'entrée à ladite zone étant en outre basée sur une concordance adéquate d'un mot de passe avec lesdites données d'autorisation, ledit mot de passe étant introduit par le porteur de la carte sur ledit clavier.

22. Procédé de mise en oeuvre d'un système de sécurité constitué d'un dispositif central (20) de commande et d'au moins un lecteur (22, 24) de cartes, ledit système de sécurité fonctionnant dans un premier mode ou mode normal lorsqu'une communication entre ledit dispositif central (20) de commande et ledit lecteur de cartes est possible et ledit système de sécurité fonctionnant dans un second mode ou mode dégradé lorsque ladite communication est impossible ou difficile, ledit procédé comprenant l'étape qui consiste:

à lire une carte au moyen dudit lecteur (22, 24) de cartes pour dériver, de ladite carte, des données enregistrées de façon sensiblement permanente sur ladite carte,

ledit procédé étant caractérisé par les étapes qui consistent:

à détecter si une communication entre ledit dispositif central (20) de commande et ledit lecteur de cartes est possible en détectant un signal d'interrogation envoyé périodiquement par ledit dispositif central (20) de commande, l'absence dudit signal provenant dudit dispositif central (20) de commande pendant un temps prédéterminé amenant ledit lecteur (20) de cartes à quitter ledit mode normal et à passer dans ledit mode dégradé jusqu'à une autre détection d'un signal d'interrogation suivant provenant dudit dispositif central (20) de commande;

lorsque ledit système de sécurité fonctionne dans ledit premier mode:

à envoyer lesdites données de carte audit dispositif central (20) de commande;

à transférer des données d'autorisation enregistrées dans ledit dispositif central (20) de commande, dudit dispositif central de commande dans ledit lecteur (24) de cartes;

à enregistrer lesdites données d'autorisation dans ledit lecteur (24) de cartes;

à déterminer dans ledit dispositif central (20) de commande si l'accès doit être accordé ou refusé sur la base de la comparaison desdites données de carte avec lesdites données d'autorisation; et

à envoyer un message dudit dispositif central (20) de commande audit lecteur (24) de cartes, indiquant si l'accès doit être accordé ou refusé;

et lorsque ledit système de sécurité fonctionne dans ledit second mode:

à comparer certaines desdites données de carte avec lesdites données d'autorisation enregistrées précédemment dans ledit lecteur de cartes dans ledit premier mode; et

à accorder ou refuser l'accès sur la base de ladite comparaison et à enregistrer dans ledit lecteur (24) de cartes une information résultant de ladite comparaison.

23. Procédé de mise en oeuvre d'un système de sécurité selon la revendication 22, caractérisé en outre, lorsque ledit système de sécurité fonctionne dans ledit second mode, par les étapes qui consistent:

à comparer dans ledit dispositif central (20) de commande toutes lesdites données de carte comprenant des données de code du système identifiant le régime du porteur de la carte et des données d'identification identifiant le porteur de la carte, avec lesdites données d'autorisation; et

à enregistrer dans ledit lecteur (22, 24) de cartes lesdites données de carte et ladite information comprenant l'heure et le résultat de la transaction d'entrée, ladite transaction étant marquée en tant que transaction "passe pas" si les données de code du système ou les données de code d'identification ne concordent pas avec des données d'autorisation enregistrées dans ledit lecteur (22, 24) de cartes, et étant marquée comme transaction "passe" si à la fois les données de code de système et les données de code d'identification concordent avec lesdites données d'autorisation.

24. Procédé de mise en oeuvre d'un système de sécurité selon l'une des revendications 22 ou 23, caractérisé en outre, lorsque ledit système de sécurité fonctionne dans ledit premier mode, par les étapes qui consistent:

à envoyer une demande dudit lecteur (22, 24) de cartes audit dispositif central (20) de commande pour transférer des données d'autorisation enregistrées dans ledit dispositif central (20) de commande;

à déterminer dans ledit dispositif central (20) de commande si ledit lecteur (22, 24) de cartes demandeur a été désigné pour accorder un accès durant ledit second mode dudit système de sécurité; et

à transférer lesdites données d'autorisation dudit dispositif central (20) de commande audit lecteur (22, 24) de cartes demandeur si ledit lecteur (22, 24) de cartes a été désigné pour accorder un accès durant ledit second mode dudit système de sécurité.

25. Procédé de mise en oeuvre d'un système de sécurité selon l'une quelconque des revendications 22 à 24, caractérisé en outre par l'étape qui consiste à transmettre lesdites données de carte lues sur ladite carte par ledit lecteur (22, 24) de cartes et enregistrées dans celui-ci, dans une transaction ayant lieu durant ledit second mode, et ladite information résultant de ladite transaction audit dispositif central (20) de commande après que ladite communication entre ledit dispositif central (20) de commande et ledit lecteur (22, 24) de cartes a été rétablie.

Drawing