Lock box security system with improved communication

US 20040025039A1
Filed: 03/06/2003
Published: 02/05/2004
Est. Priority Date: 04/30/2002
Status: Abandoned Application

First Claim

Patent Images

1. A security system, comprising:

an electronic lock at a remote location, the electronic lock having a memory in which a first encryption key is stored; and

a portable electronic key device, the portable electronic key device coupleable to the electronic lock and operable by a key device user to open the electronic lock, the portable electronic key device having a memory in which data protected by the first encryption key is stored, wherein;

when the key device user couples the portable electronic key device and the electronic lock, the encrypted data is sent from the portable electronic key device to the electronic lock and the electronic lock attempts to decrypt the encrypted data using the first encryption key, and the first encryption key is not stored in the memory of the key device, whereby the lock opens if the attempted decryption succeeds.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security systems and methods control access at remote locations protected by electronic locks. Users open or otherwise manipulate an electronic lock via an electronic key device. The electronic key device may be an open architecture PDA programmed to function as an electronic key device, while retaining its general-purpose PDA functionality. Alternatively, the electronic key device may be a special-purpose device designed to function as an electronic key device. The key device and the lock box communicate with each other, preferably, by infrared techniques. The lock box and the key device are administered by a central authority via a central computer, which coordinates all security measures through the use of, e.g., frequent updates; tokens that the key device cannot read; checksums, including Message Authentication Codes; and encryption. A plurality of key devices may be programmed to open the same lock box. A key device may open a plurality of lock boxes.

152 Citations

View as Search Results

34 Claims

1. A security system, comprising:
- an electronic lock at a remote location, the electronic lock having a memory in which a first encryption key is stored; and
  
  a portable electronic key device, the portable electronic key device coupleable to the electronic lock and operable by a key device user to open the electronic lock, the portable electronic key device having a memory in which data protected by the first encryption key is stored, wherein;
  
  when the key device user couples the portable electronic key device and the electronic lock, the encrypted data is sent from the portable electronic key device to the electronic lock and the electronic lock attempts to decrypt the encrypted data using the first encryption key, and the first encryption key is not stored in the memory of the key device, whereby the lock opens if the attempted decryption succeeds.

2. In a real estate lock box system comprising a server, a key device, and a lock box, the lock box containing a key to a real estate property, the lock box opening to reveal the key upon verifying the identity of the key device, an improvement comprising using an open architecture computer device as the key device.
- View Dependent Claims (3, 4)
- - 3. The system of claim 2 wherein the open architecture computer device is a personal digital assistant.
  - 4. The system of claim 2 wherein the open architecture computer device is a personal digital assistant having a memory in which encrypted credentials information is stored, the encrypted credentials information being communicated to the lock box when access to the lock box is desired.

5. In a real estate lock box system comprising a server, a key device, and a lock box, the lock box containing a key to a real estate property, the lock box opening to reveal the key upon verifying the identity of the key device, an improvement comprising verifying the identity of the key device using data protected by a message authentication code.
- View Dependent Claims (6)
- - 6. The system of claim 5 wherein only a portion of the message authentication code is used.

7. In a real estate lock box system comprising a server, a key device, and a lock box, the lock box containing a key to a real estate property, the lock box opening to reveal the key upon verifying the identity of the key device, an improvement comprising the lock box verifying authorization of the key device to interact with the lock box using data protected by a message authentication code.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The system of claim 7 wherein the data comprise authorization codes used to distinguish Multiple Listing Services.
  - 9. The system of claim 7 wherein the data comprise authorization codes used to distinguish lock boxes.
  - 10. The system of claim 7 wherein the data comprise authorization codes used to determine the dates and times at which the key device is authorized to access the lock box.
  - 11. The system of claim 10 wherein the data expire at a pre-determined date and time.
  - 12. The system of claim 11 wherein the expiration date and time are updatable to different dates and times.
  - 13. The system of claim 7 wherein the intermediary is identified by a personal identification code (PIN), the PIN is encrypted by the server;
    - and the data comprise a portion of the encrypted PIN.
  - 14. The method of claim 13 wherein:
    - the server and the intermediary communicate with each other periodically to exchange information, and the PIN is changeable during each communication between the server and the intermediary.

15. A method of validating an intermediary in a system, the system comprising a server, the intermediary, and a client, the intermediary having a memory, the method comprising the steps of:
- creating a first encryption key;
  
  storing the first encryption key on the server and on the client;
  
  creating a second encryption key;
  
  storing the second encryption key on the intermediary at a random memory address, wherein the random memory address is not known to the intermediary;
  
  storing the random memory address of the intermediary on the server;
  
  encrypting the random memory address and the second encryption key on the server using the first encryption key;
  
  passing the encrypted random memory address and the encrypted second encryption key from the server to the intermediary;
  
  passing the encrypted random memory address and the encrypted second encryption key from the intermediary to the client;
  
  decrypting the random memory address and the second encryption key on the client using the first encryption key;
  
  creating a random challenge on the client;
  
  passing the challenge and the memory address from the client to the intermediary;
  
  obtaining data from the memory of the intermediary at the memory address;
  
  encrypting the challenge on the intermediary using the data obtained from the memory address;
  
  passing the encrypted challenge from the intermediary to the client;
  
  encrypting the challenge on the client using the second encryption key; and
  
  comparing the encrypted challenge passed from the intermediary to the client with the encrypted challenge created on the client.
- View Dependent Claims (16)
- - 16. The method of claim 15 wherein:
    - the client further has a real-time clock, and the random challenge is based on the real-time clock.

17. A method of validating an intermediary in a system, the system comprising a server, the intermediary, and a client, the intermediary having a memory, the client having a central processing unit and a memory, the memory of the client having a secure area, the method comprising the steps of:
- creating a first encryption key on the server;
  
  storing the first encryption key on the client;
  
  creating a second encryption key on the server;
  
  storing the encrypted second encryption key in a first authorization token on the server;
  
  encrypting the first authorization token using the first encryption key on the server, thereby generating a first server message authentication code (MAC);
  
  passing the first authorization token and a portion of the first server MAC from the server to the intermediary;
  
  creating a third encryption key on the server;
  
  storing the third encryption key on the intermediary at a random first memory address;
  
  encrypting the third encryption key and the first memory address using the second encryption key on the server;
  
  storing the encrypted third encryption key and the first memory address in a second authorization token on the server;
  
  encrypting the second authorization token with the second encryption key, thereby generating a second server MAC;
  
  passing the second authorization token and a portion of the second server MAC from the server to the intermediary;
  
  passing the first memory authorization token, the portion of the first server MAC, the second authorization token, and the portion of the second server MAC from the intermediary to the client;
  
  using the first encryption key to decrypt the first authorization token on the client, obtaining the second encryption key;
  
  verifying the first authorization token on the client by generating a first client MAC and comparing a portion of the first client MAC with the portion of the first server MAC;
  
  using the second encryption key to decrypt the second authorization token on the client, obtaining the first memory address and the third encryption key;
  
  verifying the second authorization token on the client by generating a second client MAC and comparing a portion of the second client MAC with the portion of the second server MAC;
  
  creating a challenge on the client;
  
  passing the challenge and the first memory address from the client to the intermediary;
  
  obtaining data from the memory of the intermediary at the first memory address;
  
  combining the challenge, the first memory address, and the data from the memory of the intermediary at the first memory address, creating a response therefrom;
  
  passing the response from the intermediary to the client;
  
  combining the challenge, the first memory address, and the third encryption key on the client, creating an expected response therefrom;
  
  comparing the response with the expected response, and validating the intermediary if the response matches the expected response.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17 wherein the first encryption key is stored in the central processing unit of the client.
  - 19. The method of claim 17 wherein:
    - the server and the intermediary communicate with each other periodically to exchange information, and each of the encryption keys other than the first encryption key is changeable during each communication between the server and the intermediary.
  - 20. The method of claim 19 wherein the server and the intermediary communicate at least daily in a synchronization process.
  - 21. The method of claim 17 wherein:
    - the client further has a real-time clock, and the random challenge is based on the real-time clock.

22. A method of protecting against copying in a system, the system comprising a server and an open architecture computer device, the open architecture computer device having a memory, the method comprising the steps of:
- at initialization time;
  
  creating a random string of data on the server;
  
  storing the random string of data on the server;
  
  storing the random string of data on the client at a random address in the memory of the open architecture computer device, wherein the random address is not known to the open architecture computer device;
  
  storing the random address on the server; and
  
  at verification time, passing the random address from the server to the open architecture computer device;
  
  obtaining data from the memory of the open architecture computer device at the random address;
  
  passing the data obtained from the memory of the open architecture computer device to the server;
  
  comparing the data passed from the open architecture computer device to the server with the random string of data stored on the server, and determining that copying has not occurred if the data passed from the open architecture computer device matches the random string of data stored on the server.
- View Dependent Claims (23)
- - 23. The method of claim 22 wherein, upon determining that copying has not occurred, the initialization time steps are performed in preparation for the next verification time.

24. A real estate lock box comprising a container that holds a key, a central processing unit that determines whether an individual seeking access to the key container is authorized to gain such access, and a memory, wherein the memory is partitioned into a first area and a second area, the first area containing unprotected public information and the second area containing secure information that requires authorization to access.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The real estate lock box of claim 24 wherein a device-unique identification code is associated with the lock box.
  - 26. The real estate lock box of claim 25 wherein the device-unique identification code is stored in the central processing unit.
  - 27. The real estate lock box of claim 25 wherein the device-unique identification code is used to give permission to reprogram the central processing unit.
  - 28. The real estate lock box of claim 27 wherein the permitted reprogramming includes changing the device-unique identification code.
  - 29. The real estate lock box of claim 24 wherein static data are loaded into the first memory area for public access.
  - 30. The real estate lock box of claim 29 wherein the static data include listing information for a real estate property associated with the lock box.
  - 31. The real estate lock box of claim 24 wherein data are generated upon each access to the first memory area and the generated data are stored in the first memory area for public access.
  - 32. The real estate lock box of claim 31, wherein the information stored in the first memory area comprises a log of users who have accessed the first memory area.
  - 33. The real estate lock box of claim 24 further comprising a solenoid that secures the key container within the lock box, the solenoid having two opposing parts and being actuatable in response to a sensed inductance level in the parts, wherein when the parts are moved toward each other, the sensed inductance level reaches a predetermined value and the solenoid is actuated to release the container and allow access to the key.

34. A real estate lock box having a key container secured by a solenoid with opposing first and second members, the first and second members being spaced apart when the key container is secured, wherein the key container is shaped to move the first and second members toward each other, thereby changing the inductance in the members and triggering actuation of the solenoid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Electric Company
Original Assignee
General Electric Company
Inventors
Buckley, John, Bellamy, Dirk L, Diedrich, Anton K, Langford, Susan, Kuenzi, Adam, Chapin, Ron

Application Number

US10/363,938
Publication Number

US 20040025039A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G07C 2009/00412   the transmitted data signal...

G07C 2009/00785   by light

G07C 9/00309   operated with bidirectional...

Lock box security system with improved communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

152 Citations

34 Claims

Specification

Use Cases

Quick Links

Others

Lock box security system with improved communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

152 Citations

34 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others