86-451: A permissive action link ( PAL ) is an access control security device for nuclear weapons . Its purpose is to prevent unauthorized arming or detonation of a nuclear weapon. The United States Department of Defense definition is: A device included in or attached to a nuclear weapon system to preclude arming and/or launching until the insertion of a prescribed discrete code or combination. It may include equipment and cabling external to
172-450: A biometric input . There are three types (factors) of authenticating information: Passwords are a common means of verifying a user's identity before access is given to information systems. In addition, a fourth factor of authentication is now recognized: someone you know, whereby another person who knows you can provide a human element of authentication in situations where systems have been set up to allow for such scenarios. For example,
258-424: A card plus a PIN should always be used. Many access control credentials unique serial numbers are programmed in sequential order during manufacturing. Known as a sequential attack, if an intruder has a credential once used in the system they can simply increment or decrement the serial number until they find a credential that is currently authorized in the system. Ordering credentials with random unique serial numbers
344-463: A combination lock in the 16th century. US Patents regarding combination padlocks by J.B. Gray in 1841 and by J.E. Treat in 1869 describe themselves as improvements, suggesting that such mechanisms were already in use. Joseph Loch was said to have invented the modern combination lock for Tiffany's Jewelers in New York City, and from the 1870s to the early 1900s made many more improvements in
430-403: A door is locked, only someone with a key can enter through the door, depending on how the lock is configured. Mechanical locks and keys do not allow restriction of the key holder to specific times or dates. Mechanical locks and keys do not provide records of the key used on any specific door, and the keys can be easily copied or transferred to an unauthorized person. When a mechanical key is lost or
516-447: A door left open longer than a specified length of time. The third most common security risk is natural disasters. In order to mitigate risk from natural disasters, the structure of the building, down to the quality of the network and computer equipment vital. From an organizational perspective, the leadership will need to adopt and implement an All Hazards Plan, or Incident Response Plan. The highlights of any incident plan determined by
602-458: A host PC via Ethernet LAN or WAN. Advantages: Disadvantages: 7. IP readers. Readers are connected to a host PC via Ethernet LAN or WAN. Advantages: Disadvantages: The advantages and disadvantages of IP controllers apply to the IP readers as well. The most common security risk of intrusion through an access control system is by simply following a legitimate user through a door, and this
688-497: A host PC via a serial RS-485 communication line (or via 20mA current loop in some older systems). External RS-232/485 converters or internal RS-485 cards have to be installed, as standard PCs do not have RS-485 communication ports. Advantages: Disadvantages: 2. Serial main and sub-controllers. All door hardware is connected to sub-controllers (a.k.a. door controllers or door interfaces). Sub-controllers usually do not make access decisions, and instead forward all requests to
774-656: A key ring. Biometric technologies include fingerprint, facial recognition , iris recognition , retinal scan , voice, and hand geometry. The built-in biometric technologies found on newer smartphones can also be used as credentials in conjunction with access software running on mobile devices. In addition to older more traditional card access technologies, newer technologies such as near-field communication (NFC), Bluetooth low energy or Ultra-wideband (UWB) can also communicate user credentials to readers for system or building access. Components of an access control system include: Access control decisions are made by comparing
860-405: A means of further managing and monitoring access to mechanically keyed areas or access to certain small assets. Physical access control is a matter of who, where, and when. An access control system determines who is allowed to enter or exit, where they are allowed to exit or enter, and when they are allowed to enter or exit. Historically, this was partially accomplished through keys and locks. When
946-469: A missile launch as in the case of land-based ICBMs , the set of keys is distributed among the key personnel on the submarine and kept in safes (each of these crew members has access only to his keys), some of which are locked by combination locks . Nobody onboard has the combination to open these safes; the unlock key comes as a part of the launch order from the higher authority. In the case of Minuteman missile launch crews, both operators must agree that
SECTION 10
#17327732003391032-456: A number of new combination locks that were adaptable to different types of weapons. In the spring of 1961, there was a series of hearings in Congress, where Sandia presented the prototype of a special electro-mechanical lock, which was then known still as a "proscribed action link". The military leadership, however, soon realized that this term had negative connotations for the use of weapons by
1118-437: A number of other security measures, which together form a comprehensive security package. To prevent exploitation and sniffing via power line attacks permissive action links are powered by low-maintenance radioisotope generators . Instead of conventional batteries, these generators produce electricity using the heat from the radioactive decay of plutonium-238 . Although the half-life of Pu is 87.7 years, these generators' lifespan
1204-419: A part of extending the weapons' service lives to at least 2025. Code management system The year 1995 saw the development of the code management system (CMS). The CMS has simplified the control and logistics for staff and improved the flexibility and speed in deploying and arming weapons. New codes can be used to recode, lock, and manage the weapons, while the secrecy and validity of the possible launch orders
1290-437: A piece of knowledge, or a facet of a person's physical being that enables an individual access to a given physical facility or computer-based information system. Typically, credentials can be something a person knows (such as a number or PIN), something they have (such as an access badge ), something they are (such as a biometric feature), something they do (measurable behavioural patterns), or some combination of these items. This
1376-427: A single dial which interacts with several parallel discs or cams . Customarily, a lock of this type is opened by rotating the dial clockwise to the first numeral, counterclockwise to the second, and so on in an alternating fashion until the last numeral is reached. The cams typically have an indentation or notch, and when the correct permutation is entered, the notches align, allowing the latch to fit into them and open
1462-573: A time of crisis. But the advantages of PALs outweighed the disadvantages: thanks to the PALs weapons were able to be distributed to a greater extent in Europe, so as to prevent a rapid and selective destruction or conquest by the Soviet bloc, while still retaining U.S. control over the farther-flung weapons. The precursors of permissive action links were simple mechanical combination locks that were set into
1548-422: A user by default have the same authority, this level of control is not fine-grained enough to satisfy the principle of least privilege , and arguably is responsible for the prevalence of malware in such systems (see computer insecurity ). In some models, for example the object-capability model , any software entity can potentially act as both subject and object. Combination lock A combination lock
1634-414: A user may have their password, but have forgotten their smart card. In such a scenario, if the user is known to designated cohorts, the cohorts may provide their smart card and password, in combination with the extant factor of the user in question, and thus provide two factors for the user with the missing credential, giving three factors overall to allow access. A credential is a physical/tangible object,
1720-548: Is a type of locking device in which a sequence of symbols, usually numbers, is used to open the lock. The sequence may be entered using a single rotating dial which interacts with several discs or cams , by using a set of several rotating discs with inscribed symbols which directly interact with the locking mechanism, or through an electronic or mechanical keypad. Types range from inexpensive three-digit luggage locks to high-security safes. Unlike ordinary padlocks, combination locks do not use keys. The earliest known combination lock
1806-516: Is classified, although these mechanisms have been offered to Pakistan for protection of their nuclear weapons. In the end, the US decided that it could not do so for legal reasons; the Pakistanis were also concerned that such technology would be sabotaged by a "kill-switch" that the US could operate. However, many experts in the field of nuclear technology in the US government supported the publication of
SECTION 20
#17327732003391892-438: Is considered to be a significant aspect of privacy that should be further studied. Access control policy (also access policy ) is part of an organization’s security policy . In order to verify the access control policy, organizations use an access control model. General security policies require designing or selecting appropriate security controls to satisfy an organization's risk appetite - access policies similarly require
1978-486: Is exit control, e.g. of a shop (checkout) or a country. The term access control refers to the practice of restricting entrance to a property, a building , or a room to authorized persons. Physical access control can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through technological means such as access control systems like the mantrap . Within these environments, physical key management may also be employed as
2064-472: Is from levering a door open. This is relatively difficult on properly secured doors with strikes or high holding force magnetic locks. Fully implemented access control systems include forced door monitoring alarms. These vary in effectiveness, usually failing from high false positive alarms, poor database configuration, or lack of active intrusion monitoring. Most newer access control systems incorporate some type of door prop alarm to inform system administrators of
2150-428: Is known as multi-factor authentication . The typical credential is an access card or key-fob, and newer software can also turn users' smartphones into access devices. There are many card technologies including magnetic stripe, bar code, Wiegand , 125 kHz proximity, 26-bit card-swipe, contact smart cards, and contactless smart cards . Also available are key-fobs, which are more compact than ID cards, and attach to
2236-603: Is recommended to counter this threat. Finally, most electric locking hardware still has mechanical keys as a fail-over. Mechanical key locks are vulnerable to bumping . The need to know principle can be enforced with user access controls and authorization procedures and its objective is to ensure that only authorized individuals gain access to information or systems necessary to undertake their duties. In computer security , general access control includes authentication , authorization , and audit. A more narrow definition of access control would cover only access approval, whereby
2322-468: Is referred to as tailgating . Often the legitimate user will hold the door for the intruder. This risk can be minimized through security awareness training of the user population or more active means such as turnstiles. In very high-security applications this risk is minimized by using a sally port , sometimes called a security vestibule or mantrap, where operator intervention is required presumably to assure valid identification. The second most common risk
2408-481: Is shorter than that; the alpha decay of the plutonium produces helium, causing the pressure inside the generator to increase. "Bypassing a PAL should be, as one weapons designer graphically put it, about as complex as performing a tonsillectomy while entering the patient from the wrong end." PAL devices have been installed on all nuclear devices in the US arsenal. The US Navy was last to receive them, with all weapons fitted with PALs by 1996 or 1997. Modern PALs use
2494-424: Is specific and well-defined, precluding approximation, emulation, noise, or interference from being accepted as a false positive . An environmental sensing device (ESD) determines through environmental sensors whether the weapon is operating in its combat environment. For example, on an ICBM, a nuclear warhead would first be exposed to a strong acceleration, then a period of free fall and then further acceleration as
2580-554: Is still ensured. In total, CMS consists of fourteen custom products (nine software and five hardware products). The software products were developed by Sandia National Laboratories while the hardware was created by the National Nuclear Security Administration . The CMS was fully operational for the first time in November 2001. A part of the system, a special cryptographic processor fitted into
2666-415: Is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization . Access control on digital platforms is also termed admission control . The protection of external databases is essential to preserve digital security . Access control
Permissive action link - Misplaced Pages Continue
2752-470: Is unavailable, will the readers use their internal database to make access decisions and record events. Semi-intelligent reader that have no database and cannot function without the main controller should be used only in areas that do not require high security. Main controllers usually support from 16 to 64 readers. All advantages and disadvantages are the same as the ones listed in the second paragraph. 4. Serial controllers with terminal servers. In spite of
2838-459: The Cold War came to a head in the 1960s, the government felt it best not to leave the use of nuclear weapons in the hands of possibly-renegade generals, including the commander of Strategic Air Command (SAC). Without Permissive Action Links, each nuclear weapon was effectively under the independent control of one person, the general under whose command it happened to fall. I used to worry about
2924-524: The Missiles and Rockets Agreement , which paved the way for the development and implementation of PALs. Certain national laboratories, under the auspices of the AEC, would develop and produce nuclear weapons, while the responsibility for the use and deployment remained with the military. The laboratories were also free to conduct their own research in the field of arms control and security. The thinking behind this
3010-542: The National Incident Management System must include Pre-incident planning, during incident actions, disaster recovery, and after-action review. Similar to levering is crashing through cheap partition walls. In shared tenant spaces, the divisional wall is a vulnerability. A vulnerability along the same lines is the breaking of sidelights. Spoofing locking hardware is fairly simple and more elegant than levering. A strong magnet can operate
3096-402: The two-man rule , which is designed to prevent accidental or malicious launch of nuclear weapons by a single individual. For example, on a ballistic missile submarine (SSBN), both the commanding officer (CO) and executive officer (XO) must agree that the order to launch is valid, and then mutually authorize the launch with their operations personnel. Instead of another party confirming
3182-637: The warhead , and anti-tamper systems which intentionally mis-detonate the weapon if its other security features are defeated, destroying it without giving rise to a nuclear explosion. Permissive action links were developed in the United States in a gradual process from the first use of atomic weapons to the early 1960s. In 1953 the United States Atomic Energy Commission and the Department of Defense signed
3268-636: The Chinese about American weapon design, and therefore, refused the request. Following the dissolution of the Soviet Union , Ukraine had on its territory the world's third largest nuclear weapons stockpile . While Ukraine had physical control of the weapons, it did not have operational control of the weapons as they were dependent on Russian-controlled electronic permissive action links and the Russian command-and-control system. In 1994, Ukraine agreed to
3354-476: The PAL system because they considered Pakistan's arsenal as the world's most vulnerable to abuse by terrorist groups. Whether it's India or Pakistan or China or Iran, the most important thing is that you want to make sure there is no unauthorized use. You want to make sure that the guys who have their hands on the weapons can't use them without proper authorization. In November 2007, The New York Times revealed that
3440-411: The PAL vulnerable to bypass after such damage. Also, activation-critical electronics within the weapon, such as capacitors, are selected so that they will fail before the safety device in the event of damage, ensuring that the weapon fails safe . Nuclear weapons will only respond to a specific arming signal. This is passed to the weapon by a unique signal generator located outside the weapon. This output
3526-486: The RS-485-related advantages and disadvantages also apply. 5. Network-enabled main controllers. The topology is nearly the same as described in the second and third paragraphs. The same advantages and disadvantages apply, but the on-board network interface offers a couple of valuable improvements. Transmission of configuration and user data to the main controllers is faster, and may be done in parallel. This makes
Permissive action link - Misplaced Pages Continue
3612-460: The US had invested $ 100 million since 2001 in a secret program to protect Pakistan's nuclear arsenal. Instead of transferring PAL technology, the US provided helicopters, night vision and nuclear detection devices, as well as training to Pakistani personnel in order to prevent the theft or misuse of Pakistan's nuclear material, warheads, and laboratories. Access control In physical security and information security , access control ( AC )
3698-414: The access control list, the control panel operates a relay that in turn unlocks the resource. The control panel also ignores an opening signal to prevent an alarm. Often the reader provides feedback, such as a flashing red LED for an access denied and a flashing green LED for an access granted. The above description illustrates a single factor transaction. Credentials can be passed around, thus subverting
3784-440: The access control list. For example, Alice has access rights to the server room , but Bob does not. Alice either gives Bob her credential, or Bob takes it; he now has access to the server room. To prevent this, two-factor authentication can be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted; another factor can be a PIN, a second credential, operator intervention, or
3870-453: The civilian leadership of the host country could overrule that country's military. In addition, the U.S. realized that in the event of war, parts of West Germany would be overwhelmed early on , and nuclear weapons stationed there could fall into the hands of the Soviet Union. For a long time the U.S. military resisted the use of PALs. It feared the loss of its own independence, and it feared malfunction, which could put warheads out of action in
3956-663: The control panel. The spokes communicate through a serial connection; usually RS-485. Some manufactures are pushing the decision making to the edge by placing a controller at the door. The controllers are IP enabled, and connect to a host and database using standard networks Access control readers may be classified by the functions they are able to perform: Some readers may have additional features such as an LCD and function buttons for data collection purposes (i.e. clock-in/clock-out events for attendance reports), camera/speaker/microphone for intercom, and smart card read/write support. 1. Serial controllers. Controllers are connected to
4042-572: The control systems of nuclear weapons, such as the Minuteman ICBM . There they could perform different functions: some blocked the cavity through which the nuclear materials were shot to create a reaction; other locks blocked circuits; and some simply prevented access to the control panel. For testing, some of these mechanisms were installed during 1959 in weapons stationed in Europe. The work on PAL prototypes remained at low levels until 1960. Sandia National Laboratories successfully created
4128-406: The credential presented. When access is granted, the resource is unlocked for a predetermined time and the transaction is recorded. When access is refused, the resource remains locked and the attempted access is recorded. The system will also monitor the resource and alarm if the resource is forcefully unlocked or held open too long after being unlocked. When a credential is presented to a reader,
4214-440: The credentials to an access control list. This look-up can be done by a host or server, by an access control panel, or by a reader. The development of access control systems has observed a steady push of the look-up out from a central host to the edge of the system, or the reader. The predominant topology circa 2009 is hub and spoke with a control panel as the hub, and the readers as the spokes. The look-up and control functions are by
4300-440: The crew in another launch control center to do the same for the missiles to be launched. Another part of the PAL design is the inclusion of "stronglinks" and "weaklinks" . These ensure resilience to accidental activation through damage. The stronglinks include an increased ruggedness of some components and the inclusion of insensitive munitions so that they will not be circumvented by fire, vibration, or magnetic fields, leaving
4386-412: The designs and functions of such locks. However his patent claim states "I do not claim as my invention a tumbler composed of two disks, one working within the other, such not being my invention.", but there is no reference to prior art of this type of lock. The first commercially viable single-dial combination lock was patented on 1 February 1910 by John Junkunc, owner of American Lock Company. One of
SECTION 50
#17327732003394472-534: The destruction of the weapons, and to join the NPT. In 2007, the UK government revealed that its nuclear weapons were not equipped with permissive action links. Instead, the UK's nuclear bombs to be dropped by aircraft were armed by inserting a key into a simple lock similar to those used to protect bicycles from theft. The UK withdrew all air-launched bombs in 1998. Detailed information about PAL systems design and their use
4558-448: The door. Access cards themselves have proven vulnerable to sophisticated attacks. Enterprising hackers have built portable readers that capture the card number from a user's proximity card. The hacker simply walks by the user, reads the card, and then presents the number to a reader securing the door. This is possible because card numbers are sent in the clear, no encryption being used. To counter this, dual authentication methods, such as
4644-562: The early 1970s, France was an early recipient of United States assistance on this critical element of nuclear security. The Nuclear Non-Proliferation Treaty (NPT) went into effect in 1970 and precluded treaty members (including the US) from directly disseminating technology related to nuclear weapons development or enhancement. In order to get around this prohibition, the US developed a legal trick: "negative guidance". French nuclear scientists would regularly brief US scientists on French developments in
4730-505: The entities that can perform actions on the system are called subjects , and the entities representing resources to which access may need to be controlled are called objects (see also Access Control Matrix ). Subjects and objects should both be considered as software entities, rather than as human users: any human users can only have an effect on the system via the software entities that they control. Although some systems equate subjects with user IDs , so that all processes started by
4816-438: The fact that [ General Power ] had control over so many weapons and weapon systems and could, under certain conditions, launch the force. Back in the days before we had real positive control [i.e., PAL locks], SAC had the power to do a lot of things, and it was in his hands, and he knew it. In order to protect its NATO allies, the United States had stationed various nuclear weapons overseas; these weapons were thus at least under
4902-456: The field of PALs, and the US scientists would tell their French counterparts when they were not on the right track. In 1971, the US also offered its technology to the Soviet Union, which developed a similar system. In the early 1990s, the People's Republic of China requested information to develop its own PALs. The Clinton administration believed that to do so would give too much information to
4988-531: The key holder is no longer authorized to use the protected area, the locks must be re-keyed. Electronic access control (EAC) uses computers to solve the limitations of mechanical locks and keys. It is particularly difficult to guarantee identification (a critical component of authentication ) with mechanical locks and keys. A wide range of credentials can be used to replace mechanical keys, allowing for complete authentication, authorization, and accounting . The electronic access control system grants access based on
5074-409: The launch order is valid by comparing the order's authorization code against a code from a "sealed authenticator" (a special sealed envelope that holds a code). The sealed authenticators are stored in a safe that has two separate locks so that a single crew member cannot open the safe alone. Both crew members must simultaneously turn the four launch keys. An additional safeguard is provided by requiring
5160-442: The lock requires only configuring a new key code and informing the users, which will generally be cheaper and quicker than the same process for traditional key locks. Electronic combination locks , while generally safe from the attacks on their mechanical counterparts, suffer from their own set of flaws. If the arrangement of numbers is fixed, it is easy to determine the lock sequence by viewing several successful accesses. Similarly,
5246-408: The lock. The C. L. Gougler Keyless Locks Company manufactured locks for which the combination was a set number of audible clicks to the left and right, allowing them to be unlocked in darkness or by the vision-impaired. In 1978 a combination lock which could be set by the user to a sequence of his own choosing was invented by Andrew Elliot Rae. At this time the electronic keypad was invented and he
SECTION 60
#17327732003395332-402: The main controllers. Main controllers usually support from 16 to 32 sub-controllers. Advantages: Disadvantages: 3. Serial main controllers & intelligent readers. All door hardware is connected directly to intelligent or semi-intelligent readers. Readers usually do not make access decisions, and forward all requests to the main controller. Only if the connection to the main controller
5418-610: The missile launch checklists included an item confirming this combination until 1977. A 2014 article in Foreign Policy said that the US Air Force told the United States House Committee on Armed Services that "A code consisting of eight zeroes has never been used to enable a MM ICBM, as claimed by Dr. Bruce Blair." The Air Force's statement (that 00000000 was never used to enable an ICBM, i.e.
5504-448: The number of nuclear-armed states was a similar cause for concern for the United States government for reasons similar to the original impetus for PALs. Thus, since the 1960s, the US has offered its own PAL technologies to other nuclear powers. The US considered this a necessary step: if the technology were kept secret, it would only be half as effective as possible, since the other power in a conflict might not have such safety measures. In
5590-661: The numbers in the combination (but not the actual sequence) may be determined by which keys show signs of recent use. More advanced electronic locks may scramble the numbers' locations randomly to prevent these attacks. There is a variation of the traditional dial based combination lock wherein the "secret" is encoded in an electronic microcontroller. These are popular for safe and bank vault doors where tradition tends towards dial locks rather than keys. They allow many valid combinations, one per authorized user, so changing one person's access has no effect on other users. These locks often have auditing features, recording which combination
5676-532: The officer corps ("proscribed" meaning "prohibited"), and decided to start calling PAL "permissive action link" instead ("permissive" meaning "allowing" or "tolerating"). In June 1962, President John F. Kennedy signed the National Security Action Memorandum number 160. This presidential directive ordered the installation of PALs in all U.S. nuclear weapons in Europe. (U.S. nuclear weapons that were not in Europe were excluded from
5762-523: The order.) The conversion was completed in September 1962 and cost $ 23 million ($ 232 million in 2023 dollars). According to nuclear safety expert Bruce G. Blair , the US Air Force's Strategic Air Command worried that in times of need the codes for the Minuteman ICBM force would not be available, so it decided to set the codes to 00000000 in all missile launch control centers . Blair said
5848-464: The organization to design or select access controls. Geographical access control may be enforced by personnel (e.g. border guard , bouncer , ticket checker), or with a device such as a turnstile . There may be fences to avoid circumventing this access control. An alternative of access control in the strict sense (physically controlling access itself) is a system of checking authorized presence, see e.g. Ticket controller (transportation) . A variant
5934-479: The partial control of the hosting allied state. This was especially concerning to the United States Congress , as control of these weapons by a third party was in violation of U.S. federal law. Added to this was the fact that some of the allies were considered potentially unstable—particularly West Germany and Turkey. There was considerable concern that in one of these countries the instructions of
6020-410: The rapid development and increasing use of computer networks, access control manufacturers remained conservative, and did not rush to introduce network-enabled products. When pressed for solutions with network connectivity, many chose the option requiring less efforts: addition of a terminal server , a device that converts serial data for transmission via LAN or WAN. Advantages: Disadvantages: All
6106-406: The reader sends the credential's information, usually a number, to a control panel, a highly reliable processor. The control panel compares the credential's number to an access control list, grants or denies the presented request, and sends a transaction log to a database . When access is denied based on the access control list , the door remains locked. If there is a match between the credential and
6192-431: The simplest types of combination lock, often seen in low-security bicycle locks, briefcases , and suitcases , uses several rotating discs with notches cut into them. The lock is secured by a pin with several teeth on it which hook into the rotating discs. When the notches in the discs align with the teeth on the pin, the lock can be opened. The rotary combination locks found on padlocks , lockers, or safes may use
6278-411: The solenoid controlling bolts in electric locking hardware. Motor locks, more prevalent in Europe than in the US, are also susceptible to this attack using a doughnut-shaped magnet. It is also possible to manipulate the power to the lock either by removing or adding current, although most Access Control systems incorporate battery back-up systems and the locks are almost always located on the secure side of
6364-561: The system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords, biometric analysis, physical keys, electronic keys and devices, hidden paths, social barriers, and monitoring by humans and automated systems. In any access-control model,
6450-409: The system more responsive, and does not interrupt normal operations. No special hardware is required in order to achieve redundant host PC setup: in the case that the primary host PC fails, the secondary host PC may start polling network controllers. The disadvantages introduced by terminal servers (listed in the fourth paragraph) are also eliminated. 6. IP controllers . Controllers are connected to
6536-477: The tactical nuclear weapons were fully equipped with PALs. In 1981, almost 20 years after the invention of PALs, just over half of U.S. nuclear weapons were still equipped only with mechanical locks. It took until 1987 until these were completely replaced. Over the years the permissive action links have been continuously maintained and upgraded. In 2002, PALs on older B61 nuclear bombs were replaced and upgraded with new systems to improve reliability and security, as
6622-419: The user to enter a numeric sequence on a keypad to gain entry. These special locks usually require the additional use of electronic circuitry, although purely mechanical keypad locks have been available since 1936. The chief advantage of this system is that multiple persons can be granted access without having to supply an expensive physical key to each person. Also, in case the key is compromised, "changing"
6708-485: The warhead reenters the atmosphere. The ESD determines the external parameters such as acceleration curve, temperature and pressure, and only arms the weapon when these environments are sensed in the correct order. ESDs are not exclusive to weapons equipped with PALs and some weapons, such as the W25 , also had ESDs despite not being fitted with PALs. Modern PALs are believed to feature a limited number of code reentries before
6794-428: The weapon locks out, requiring that the weapon be returned to Pantex for rebuilding. This system may also include a non-violent disablement system, where some of the weapon's internal components are destroyed to hamper use. This system may be part of the ordinary limited retry lockout system, or may be a feature that can be enabled if the local situation calls for it. The non-violent disablement system may also be part of
6880-425: The weapon or weapon system to activate components within the weapon or weapon system. The earliest PALs were little more than locks introduced into the control and firing systems of a nuclear weapon, designed to prevent a person from detonating it or removing its safety features . More recent innovations have included encrypting the firing parameters it is programmed with, which must be decrypted to properly detonate
6966-423: The weapon's anti-intrusion system, designed to activate if someone tries to enter one of the weapon's exclusion regions such as for the purpose of circumventing the weapon's PAL. Over the years the design and feature set of PALs has increased, as has the length of the access code. US-manufactured PALs are divided into five categories; however, the earliest PALs were never assigned a category letter. The increase in
7052-493: The weapons in 1997 had a potential Year 2000 problem . By the spring of 2004, all PAL systems were equipped with the CMS. It is thus currently the general foundation for future hardware and software improvements to PALs. Elements of PAL systems are located deep within the nuclear device. The design and construction attempt to create a black box system so as to limit information leakage. PALs are also linked directly or indirectly with
7138-434: The weapons were not actually launched) does not contradict Blair's statement (that 00000000 was the code for doing so). The complete conversion to PAL systems was relatively slow. In 1974, U.S. Defense Secretary James Schlesinger found that a variety of tactical nuclear weapons were still not fitted with permissive action links, even though the technology had been available for some time. It took another two years until all
7224-543: Was excavated in a Roman period tomb on the Kerameikos , Athens . Attached to a small box, it featured several dials instead of keyholes. In 1206, the Muslim engineer Al-Jazari documented a combination lock in his book al-Ilm Wal-Amal al-Nafi Fi Sina'at al-Hiyal ( The Book of Knowledge of Ingenious Mechanical Devices ). Muhammad al-Asturlabi (ca. 1200) also made combination locks. Gerolamo Cardano later described
7310-531: Was that if the government would ever be interested in such a security device, the research and development of prototypes would already be well advanced. At the beginning of the 1960s, the desire for the usage of such a system grew for both political and technological reasons. Newer nuclear weapons were less complex in operation, relatively mass-produced (and therefore predictably similar), and less cumbersome to arm and use than previous designs. Accordingly, new methods were necessary to prevent their unauthorized use. As
7396-467: Was unable to get any manufacturers to back his mechanical lock for lockers, luggage, or brief-cases. The silicon chip locks never became popular due to the need for battery power to maintain their integrity. The patent expired and the original mechanical invention was instantly manufactured and sold worldwide mainly for luggage, lockers, and hotel safes. It is now a standard part of the luggage used by travellers. Many doors use combination locks which require
#338661