ACCESS CONTROL SYSTEM AND METHOD FOR OPERATING SAID SYSTEM

US 20130285793A1
Filed: 06/18/2013
Published: 10/31/2013
Est. Priority Date: 04/28/2006
Status: Active Grant

First Claim

Patent Images

1. A system operable to control access to different physical spaces, each space provided with an electrical locking device, with the aid of a programmable, mobile unit, said system comprising:

an authority means operable to issue access rights connected to said programmable, mobile unit in the form of an authorizing data (AD),the authorizing data (AD) being sent to an authorization means connected to said authority means and being operable to generate an alphanumerical key for said programmable, mobile unit and send said alphanumerical key and a unique identifier of said mobile unit to an operator,the operator being connected to said authorization means, and being operable to send said alphanumerical key to said mobile unit identified by said unique identifier,said electrical locking device, and said mobile unit using an authentication protocol with said alphanumerical key to authenticate each other,said mobile unit, if said mobile unit and said electrical locking device have been authenticated, sending said authorizing data (AD) to said electrical locking device, and if said authorizing data (AD) comprises an identifier of said electrical locking device, said mobile unit is able to open said electrical locking device with the aid of a communication means comprised in said mobile unit for communication in the near field,said unique identifier of said mobile unit being a number, and said authorizing data (AD) comprising an identification (ID₁;

. . . ;

ID_n) of each of said electrical locking device which said mobile unit should be able to open,said electrical locking device communicating, during access control and management of access to said electrical locking device, only with said mobile unit.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system uses a mobile unit to control access to physical spaces with electrical locking devices. An authority means connected to the mobile unit issues authorizing data (AD) access rights, which are sent to an authorization means connected to the authority means, generate a mobile unit alpha-numerical key and send the key and the mobile unit'"'"'s unique identifier to an operator connected to the authorization means. The operator sends the alpha-numerical key to the mobile unit identified by the unique identifier. An electrical locking device and the mobile unit use an authentication protocol with the alpha-numerical key to authenticate the mobile unit, which, when authenticated, sends the authorizing data (AD) to the electrical locking device. If the authorizing data (AD) comprises an identifier of the electrical locking device, the mobile unit can open the electrical locking device using a communication means in the mobile unit for near field communication.

41 Citations

View as Search Results

35 Claims

1. A system operable to control access to different physical spaces, each space provided with an electrical locking device, with the aid of a programmable, mobile unit, said system comprising:
- an authority means operable to issue access rights connected to said programmable, mobile unit in the form of an authorizing data (AD),the authorizing data (AD) being sent to an authorization means connected to said authority means and being operable to generate an alphanumerical key for said programmable, mobile unit and send said alphanumerical key and a unique identifier of said mobile unit to an operator,the operator being connected to said authorization means, and being operable to send said alphanumerical key to said mobile unit identified by said unique identifier,said electrical locking device, and said mobile unit using an authentication protocol with said alphanumerical key to authenticate each other,said mobile unit, if said mobile unit and said electrical locking device have been authenticated, sending said authorizing data (AD) to said electrical locking device, and if said authorizing data (AD) comprises an identifier of said electrical locking device, said mobile unit is able to open said electrical locking device with the aid of a communication means comprised in said mobile unit for communication in the near field,said unique identifier of said mobile unit being a number, and said authorizing data (AD) comprising an identification (ID₁;
  
  . . . ;
  
  ID_n) of each of said electrical locking device which said mobile unit should be able to open,said electrical locking device communicating, during access control and management of access to said electrical locking device, only with said mobile unit.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 3. The system operable to control access to different physical spaces according to claim 1, wherein said alphanumerical key is a symmetric, secret key (kp), and in that a physical space is provided with an electrical master locking device, and wherein said authorization means also is operable to send said secret key (kp) and said number identifying said mobile unit to said master locking device (24).
  - 4. The system operable to control access to different physical spaces according to claim 3, wherein said master locking device and said mobile unit use said authentication protocol with said secret key (kp) to authenticate said mobile unit.
  - 5. The system operable to control access to different physical spaces according to claim 4, wherein said master locking device is operable, after said mobile unit has been authenticated, to send an authorization request to said authorization means, whereafter said authorization means also is operable to send said authorizing data (AD) concatenated with a message authentication code (MAC_kl(AD)), and an encrypted, secret key of said mobile unit with a symmetric key (kl) ((kp)) to said master locking device.
  - 6. The system operable to control access to different physical spaces according to claim 5, wherein said master locking device also is operable to send said authorizing data (AD) concatenated with said message authentication code (MAC_kl(AD)), and said encrypted secret key of said mobile unit with said symmetric key (kl) ((kp)) to said mobile unit with the aid of a communication means comprised in said master locking device for communication in the near field.
  - 7. A system operable to control access to different physical spaces according to claim 6, wherein said mobile unit is operable to send said encrypted secret key of said mobile unit with said symmetric key (kl) ((kp)) to said electrical locking device, which in turn also is operable to retrieve said secret key (kp) by decrypting (kp) with said symmetric key (kl).
  - 8. The system operable to control access to different physical spaces according to claim 7, wherein said mobile unit also is operable to send said authorizing data (AD) concatenated with said message authentication code (MA(AD)) to said electrical locking device, whereby said electrical locking device is operable to verify the validity of said authorizing data (AD) with said message authentication code (MAC) and said symmetric key (kl).
  - 9. The system operable to control access to different physical spaces according to claim 1, wherein said alphanumerical key is a symmetric, secret key (kp), and wherein said authorization means also is operable to generate said secret key (kp), said authorizing data (AD) concatenated with a message authentication code (MA(AD)), and an encrypted, secret key of said mobile unit (14) with a symmetric key (ki)((AD)), and to send said secret key (kp), said authorizing data (AD) concatenated with said message authentication code (MA(AD)), said encrypted secret key of said mobile unit with said symmetric key (E_ki(kp)), and said number to said operator (20).
  - 10. The system operable to control access to different physical spaces according to claim 9, wherein said operator also is operable to send, besides said secret key (kp), said authorizing data (AD) concatenated with said message authentication code (MAC_kl(AD)), and said encrypted secret key of said mobile unit with said symmetric key (E_kl(kp)) to said mobile unit.
  - 11. The system operable to control access to different physical spaces according to claim 10, wherein said mobile unit also is operable to establish a communication channel in the near field with said electrical locking device, and to send said encrypted secret key of said mobile unit with said symmetric key (E_kl(kp)) to said electrical locking device, which in turn also is operable to retrieve said secret key (kp) by decrypting E_kl(kp) with said symmetric key (kl).
  - 12. The system operable to control access to different physical spaces according to claim 11, wherein said mobile unit also is operable to send said authorizing data (AD) concatenated with said message authentication code (MAC_kl(AD)) to said electrical locking device, whereby said electrical locking device is operable to verify the validity of said authorizing data (AD) with said message authentication code (MAC) and said symmetric key (kl).
  - 13. The system operable to control access to different physical spaces according to claim 1, wherein said alphanumerical key is an asymmetric key pair (privP, publP), and wherein said authorization means also is operable to generate said asymmetric key pair (privP, pubiP), a certificate (certP), and an authorizing data (AD) electronically signed by said authorization means private key (privA), (Sign_privA(AD)) for said mobile unit, and to send said authorizing data (AD), said private key (privP) of said mobile unit, said certificate (certP), said public key (pubA) of said authorization means, said authorization data electronically signed by said authorization means private key (Sign_privA(AD)), and said number to said operator.

2. (canceled)

14-17. -17. (canceled)

18. A method for controlling access to different physical spaces, each provided with an electrical locking device, with the aid of a programmable, mobile unit and with the aid of a system, said method comprising the steps of:
- an authority means comprised in said system issues access rights connected to said mobile unit in the form of an authorizing data (AD)), said authorizing data (AD) comprising an identification (ID₁;
  
  . . . ;
  
  ID_n) of each of said electrical locking device which said mobile unit should be able to open;
  
  to send said authorizing data (AD) to an authorization means comprised in said system and connected to said authority means;
  
  said authorization means generates an alphanumerical key for said mobile unit;
  
  to send said alphanumerical key and a unique identifier of said mobile unit to an operator which is connected to said authorization means, said unique identifier of said mobile unit being a number;
  
  said operator sends said alphanumerical key to said mobile unit identified by said unique identifier;
  
  wherein said electrical locking device, and said mobile unit use an authentication protocol with said alphanumerical key to authenticate each other;
  
  if said mobile unit and said electrical locking device have been authenticated, said mobile unit sends said authorizing data (AD) to said electrical locking device;
  
  to verify the validity of the authorization data (AD); and
  
  if said authorizing data (AD) comprises an identifier of said electrical locking device, said mobile unit is able to open said electrical locking device with the aid of a communication means comprised in said mobile unit for communication in the near field,wherein said electrical locking device communicates, during access control and management of access to said electrical locking device, only with said mobile unit.
- View Dependent Claims (26, 27, 28, 29, 30, 35)
- - 26. The method for controlling access to different physical spaces according to claim 18, wherein said alphanumerical key is a symmetric, secret key (kp), and in that said method also comprises the steps of:
    - with the aid of said authorization means, to generate said secret key (kp), said authorizing data (AD) concatenated with a message authentication code (MAC_ki(AD)), and an encrypted, secret key of said mobile unit with a symmetric key (kl) ((kp)); and
      
      to send said secret key (kp), said authorizing data (AD) concatenated with said message authentication code (MAC_ki(AD)), said encrypted secret key of said mobile unit with said symmetric key ((kp)), and said number of the mobile unit to said operator.
  - 27. The method for controlling access to different physical spaces according to claim 26, wherein said method also comprises the step of:
    - with the aid of said operator, to send, besides said secret key (kp), said authorizing data (AD) concatenated with said message authentication code (MAC_ki(AD)), and said encrypted secret key of said mobile unit with said symmetric key (E_ki(kp)) to said mobile unit.
  - 28. The method for controlling access to different physical spaces according to claim 27, wherein said method also comprises the steps of:
    - with the aid of said mobile unit, to establish a communication channel in the near field with said electrical locking device;
      
      to send said encrypted key of said mobile unit with said symmetric key (E_ki(kp)) to said electrical locking device; and
      
      with the aid of said electrical locking device, to retrieve said secret key (kp) by decrypting (kp) with said symmetric key (kl).
  - 29. The method for controlling access to different physical spaces according to claim 28 wherein said method also comprises the steps of:
    - with the aid of said mobile unit, to send said authorizing data (AD) concatenated with said message authentication code (MA(AD)) to said electrical locking device; and
      
      with the aid of said electrical locking device, to verify the validity of said authorizing data (AD) with aid message authentication code (MAC) and said symmetric key (kl).
  - 30. The method for controlling access to different physical spaces according to claim 18, wherein said alphanumerical key is an asymmetric key pair (privP, publP), and wherein said method also comprises the steps of:
    - with the aid of said authorization means, to generate said asymmetric key pair (privP, publP), a certificate (certP), and an authorizing data (AD) electronically signed by said authorization means private key (privA), (Sign_PrivA(AD)) for said mobile unit; and
      
      to send said authorizing data (AD), said private key (privP) of said mobile unit said certificate (certP), said public key (pubA) of said authorization means, said authorization data electronically signed by said authorization means private key (Sign_privA(AD), and said number of the mobile unit to said operator.
  - 35. At least one computer program stored on a non-transitory computer readable medium, the at least one computer program comprising software code portions for performing the steps of claim 18 when executed by at least one computer.

19. (canceled)
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method for controlling access to different physical spaces according to claim 19, wherein said alphanumerical key is a symmetric, secret key (kp), and in that a physical space is provided with an electrical master locking device, wherein said method also comprises the step of:
    - said authorization means sends said secret key (kp) and said number identifying said mobile unit to said master locking device.
  - 21. The method for controlling access to different physical spaces according to claim 20, wherein said method also comprises the step of:
    - to authenticate said mobile unit with the aid of said master locking device and said mobile unit using said authentication protocol with said secret key (kp).
  - 22. The method for controlling access to different spaces according to claim 21, wherein said method also comprises the steps of:
    - if said mobile unit has been authenticated, with the aid of said master locking device, to send an authorization request to said authorization means; and
      
      with the aid of said authorization means, to send said authorizing data (AD) concatenated with a message authentication code (MA(AD)), and an encrypted secret key of said mobile unit with a symmetric key (kl) (E_ki(kp)) to said master locking device.
  - 23. The method for controlling access to different spaces according to claim 22, wherein said method also comprises the step of:
    - with the aid of said master locking device, to send said authorizing data (AD) concatenated with said message authentication code (MAC_kl(AD)), and said encrypted secret key of said mobile unit with said symmetric key (kl) ((kp)) to said mobile unit with the aid of a communication means comprised in said master locking device for communication in the near field.
  - 24. The method for controlling access to different physical spaces according to claim 23, characterized in that said method also comprises the steps of:
    - with the aid of said mobile unit, to send said encrypted secret key of said mobile unit with said symmetric key (kl) (E_kl(kp)) to said electrical locking device; and
      
      with the aid of said electrical locking device to retrieve said secret key (kp) by decrypting E_kl(kp) with said symmetric key (kl).
  - 25. The method for controlling access to different physical spaces according to claim 24, said method also comprises the steps of:
    - with the aid of said mobile unit, to send said authorizing data (AD) concatenated with said message authentication code (MAC_kl(AD)) to said electrical locking device; and
      
      with the aid of said electrical locking device, to verify the validity of said authorizing data (AD) with said message authentication code (MAC) and said symmetric key (kl).

31-34. -34. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telcred AB
Original Assignee
Telcred AB
Inventors
SADIGHI, Babak, CAO, Ling, SEITZ, Ludwig

Granted Patent

US 8,723,641 B2
Time in Patent Office

Days
Field of Search
US Class Current

340/5.61
CPC Class Codes

G07C 2009/00388   code verification carried o...

G07C 2009/00412   the transmitted data signal...

G07C 2009/00825   remotely by lines or wirele...

G07C 2009/00865   remotely by wireless commun...

G07C 2009/0088   centrally

G07C 9/00309   operated with bidirectional...

G07C 9/00571   operated by interacting wit...

G07C 9/27   with central registration

G08C 17/02   using a radio link

H04W 12/082   using revocation of authori...

Y10T 70/625   Operation and control

Y10T 70/70   Operating mechanism

Y10T 70/735   Operating elements

ACCESS CONTROL SYSTEM AND METHOD FOR OPERATING SAID SYSTEM

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS CONTROL SYSTEM AND METHOD FOR OPERATING SAID SYSTEM

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links