This page describes how the features of a KeySafe can be used and the various
control characters that can be entered on the console. Some features will only
work if the options have been added to the Keysafe during construction. Some
features will only work if the KeySafe software is up to date. Information on
this page will be of interest to both wearers and KeyHolders.
Safe Keypad
The keypad on the front of the safe can be optionally wired into the SBC and
used for several different things built into the KeySafe software. As each key
is depressed, a message is sent to the console port for debugging purposes.
Numbers are entered by pressing the number keys: 0-9, and can be from 1 to 10
digits long. The "B" key is used as a "backspace" and erases the last
character
entered. It can be hit multiple times to erase up to the entire number entered
so far. The "A" key acts like an "enter" key on a keyboard. When the "A" is hit,
the software accepts the keys entered so far, as the complete number. The
software allows up to 30 seconds between key depressions. If you wait longer
than that, the entry will be discarded, although the partial result will be
recorded in the history file. Below are some features/ways to use the keypad.
- If enabled by your KeyHolder, entering the number '911' on the keypad will
immediately unlock the KeySafe. This feature is intended to be used in an
emergency, hence the code chosen for the feature. The use of the code to
unlock the safe will be reported to the KeyHolder.
- If enabled by your KeyHolder, there are 4 numbers, each 8 digits long,
chosen at random by the Keysafe. Each of the numbers are a one-time
combination code that will unlock the KeySafe. Each time one of these numbers
is used, it is invalidated and a new number replaces it. The numbers are
reported to the KeyHolder is a secure manner. The ideas is that this feature
provides a secure way to unlock a KeySafe without using the Internet. The
Internet may be down, or the KeyHolder may be away from his/her computer at
the time an unlock is needed. If the KeyHolder has recorded the numbers, they
can be provided to the wearer via a phone call, or any other convenient way.
Note that loss of power on a KeySafe will result in 4 new numbers being
created. So to use this feature, it's best to provide some kind of power
backup system.
- The Keypad can be used as an assignment. For example the KeyHolder could
order the wearer to enter certain numbers on certain days or times of the day.
These entries would be recorded and reported to the KeyHolder, along with the
time stamps of when they were entered. The holder would not only have to be in
the right place at the appointed time, but would be reminded of the lockup of
the keys on a regular basis.
Battery Charger
It is important for the security of the system that the KeySafe software runs
without interruption. If the software stops running it will no longer be able to
detect tampering while it is not running. One of the ways to do this is by using
an external UPS. But you can also build the UPS functionality into the safe
itself, making it even more difficult for a wearer to interrupt power. If you
add this feature to your safe, use the status web page to check on the battery's
health from time to time. The KeySafe will also report when external power is
lost or restored, and whenever the charger circuit becomes active or inactive.
There are no user adjustments associated with this feature other than telling
the software the feature exists.
Light Beam
The light beam feature provides a completely secure way to be sure the safe's
door is closed. The feature adds 4 emitters and 4 detectors. This creates a
total of 16 reading that the software can use to check. There are no adjustments
for this feature other than providing a reasonable alignment of the emitter and
detectors. Use the status web page to check on your construction. Once set, you
can use the configuration page to "lock in" the readings for your particular
safe.
Checkin/Unlock Web Page
The Checkin/Unlock web page should be visited on a regular basis even if the
is no unlock pending for the wearer. This page allows the exchange of
information between the KeySafe and the web pages. History data is sent from the
KeySafe to the web pages and configuration information is sent to the KeySafe
when needed. Also, the time is synchronized as needed during these connections.
If there is an unlock pending, be sure to visit the Unlock/Checkin page once
again after the safe is re-secured. This will let your KeyHolder see that you
have completed the re-locking process properly.
KeySafe LEDs
There are three LEDs on the front of the KeySafe, depending on the options
selected when building the safe, they may not all be functional. Whether they
are hooked up or not, makes no difference to the software, which will drive them
as follows regardless. The green led will be light when ever the safe's solenoid
is energized. The yellow led will light when ever an "unsafe" condition is
detected on port-c, or on the light beam. An unsafe condition exists if any of
the configured input lines is at a logic low level, IE at a ground or zero
volts. The light beam is "unsafe" if it detects the door to be open. The red led
is not yet assigned a function by the software, but one maybe assigned to it in
the future.
History
The history feature's primary purpose is to provide the KeyHolder with a way
to detect tampering of the KeySafe by the wearer. As events are detected by the
KeySafe software, they are recorded in the history file for eventual
transmission to the web site. These transfers occur when the wearer accesses the
Checkin/Unlock web page, so it's important that wearers are ordered to
access this page on a regular basis. Since there is no disk drive in the KeySafe,
history is initially recorded in the RAM memory. Once an hour, these records are
transferred to the FLASH memory so that will not be lost in the event of a loss
of power. History messages from the KeySafe are combined with history records
generated by the web pages themselves, and the result is displayed upon request.
The KeyHolder can view the complete collection of history records, others,
including the wearer can only view a subset of the history records.
To detect tampering, the KeyHolder needs to examine the history records
carefully. A clever wearer, who wishes to tamper with the KeySafe can tamper
with the history records themselves, in an attempt to cover his/her tracks.
However, if the history records are examined closely, such attempts will always
be detected. We advise the KeyHolder to pay particular attention to any records
which show the running of the software was stopped. For example, the history
message Software Shut Down Via Console would indicate
this. Also the message History File Was Restored From Flash
would indicate the same thing. The only time the software should be shutdown is
with the permission of the KeyHolder for software upgrades or maintenance/upgrades
on the hardware.
The clock in the KeySafe is synchronized to the web page each time the
Checkin/Unlock web page is accessed. The web site itself is synchronized to an
atomic clock. So except when powering up the KeySafe, time adjustments should
always be small amounts. Any large time adjustments would be a cause for concern
and suspicion. A very large adjustment indicates the KeySafe has been powered
down. We recommend that a KeySafe be powered by an internal battery, such as the
High Security options, or at the least by an external UPS. A power down could be
used by a wearer to try to cover several kinds of tampering. The KeyHolder
should insist that a power down not be allowed to occur, except in the rare case
of a wide spread, long duration, wide area power problem.
The console cable is supposed to be inaccessible when ever the safe is
locked. If any characters are received on this cable, they are recorded in the
history file and are cause for concern. The wearer should never be using the
console, even if the safe is unlocked without the KeyHolder's permission.
When an unlock is permitted by the KeyHolder, the safe will generate several
history records, depending on the options built into the safe. The KeyHolder
should get used to the normal sequence of messages, for any given wearer, so
anything out of the ordinary can be questioned. As soon as the safe is relocked,
the wearer should access the Checkin/Unlock page so all the events of the
unlock are available to the KeyHolder to see.