CONTROLLING ACCESS TO A LOCATION
First Claim
1. A method of controlling access to a location, the location being secured by a lock mechanism, the system comprising an access control management system adapted to administrate electronic keys for a plurality of locations and a plurality of users, a user mobile unit to be carried by a user, and a lock control unit operationally coupled to the lock mechanism at said location and adapted to control the lock mechanism, the method comprising:
- storing, by the access control management system, a plurality of data records associated with respective lock control units, each data record comprising key generation data for generating an electronic key for a corresponding lock control unit;
communicating a generated electronic key from the access control management system to the user mobile unit, the electronic key being indicative of a predetermined access right to said location, the electronic key having associated with it a lock control unit identifier of the lock control unit at said location;
communicating the electronic key from the user mobile unit to the lock control unit at said location;
authenticating, by the lock control unit, the electronic key and, subject to successful authentication of the electronic key, operating the lock mechanism;
wherein the electronic key comprises a data item cryptographically protected between the access control management system and the lock control unit using a first cryptographic key unknown to the user mobile unit and wherein communicating the electronic key from the user mobile unit to the lock control unit at said location further comprises cryptographically protecting the electronic key using a second cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of controlling access to a location, the location being secured by a lock mechanism, the system comprising an access control management system adapted to administrate electronic keys for a plurality of locations and a plurality of users, a user mobile unit to be carried by a user, and a lock mechanism operationally coupled to the lock mechanism at said location and adapted to control the lock mechanism, the method comprising: storing, by the access control management system, a plurality of data records associated with respective lock control units, each data record comprising key generation data for generating an electronic key for a corresponding lock control unit; communicating a generated electronic key from the access control management system to the user mobile unit, the electronic key being indicative of a predetermined access right to said location, the electronic key having associated with it a lock control unit identifier of the lock control unit at said location; communicating the electronic key from the user mobile unit to the lock control unit at said location; authenticating, by the lock control unit, the electronic key and, subject to successful authentication of the electronic key, operating the lock mechanism; wherein the electronic key comprises a data item cryptographically protected between the access control management system and the lock control unit using a cryptographic key unknown to the user mobile unit.
-
Citations
20 Claims
-
1. A method of controlling access to a location, the location being secured by a lock mechanism, the system comprising an access control management system adapted to administrate electronic keys for a plurality of locations and a plurality of users, a user mobile unit to be carried by a user, and a lock control unit operationally coupled to the lock mechanism at said location and adapted to control the lock mechanism, the method comprising:
-
storing, by the access control management system, a plurality of data records associated with respective lock control units, each data record comprising key generation data for generating an electronic key for a corresponding lock control unit; communicating a generated electronic key from the access control management system to the user mobile unit, the electronic key being indicative of a predetermined access right to said location, the electronic key having associated with it a lock control unit identifier of the lock control unit at said location; communicating the electronic key from the user mobile unit to the lock control unit at said location; authenticating, by the lock control unit, the electronic key and, subject to successful authentication of the electronic key, operating the lock mechanism; wherein the electronic key comprises a data item cryptographically protected between the access control management system and the lock control unit using a first cryptographic key unknown to the user mobile unit and wherein communicating the electronic key from the user mobile unit to the lock control unit at said location further comprises cryptographically protecting the electronic key using a second cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19, 20)
-
-
13. An access control management system for controlling access to a plurality of locations, each location being secured by a respective lock mechanism, each lock mechanism being controlled by a lock control unit, the lock control unit having associated with it a lock control unit identifier, the lock control unit comprising means for wireless communication via a wireless communications channel with a user mobile unit, and adapted to receive an electronic key from a user mobile unit, to verify a received electronic key and, subject to successful verification, to activate the lock mechanism, the access control management system being configured to send a message to a user mobile unit, the user mobile unit comprising means for wireless communication via the wireless communications channel with the lock control unit, the message comprising an electronic key, wherein at least a data item comprised in the electronic key is cryptographically protected between the access control management system and the lock control unit using a first cryptographic key unknown to the user mobile unit.
-
14. (canceled)
-
15. A lock control unit operationally connectable to a lock mechanism and adapted to control the lock mechanism for securing a location, the lock control unit having associated with it a lock control unit identifier and a key verification data item allowing verification of a data item cryptographically protected between an access control management system for distributing electronic keys to user mobile units and the lock control unit, and the lock control unit comprising a processing unit and first wireless communications means adapted to communicate with wireless communication means of the user mobile unit, the lock control unit being configured to receive an electronic key from a user mobile unit, to verify the received electronic key based on a cryptographic key stored in a memory of the lock control unit and, subject to successful verification, to activate the lock mechanism, wherein the electronic key comprises a data item that is cryptographically protected between the access control management system and the lock control unit using first cryptographic key unknown to the user mobile unit and wherein communication of the electronic key from the user mobile unit to the lock control unit is cryptographically protected using a second cryptographic key.
Specification