Dual interface device for access control and a method therefor
First Claim
Patent Images
1. An access control device having dual interfaces comprising:
- a contact-bound interface for communication with a remote system, the contact-bound interface comprising a USB interface with a USB type A plug and configured to receive access control credentials and cryptographic keys transmitted as files to the access control device; and
a contact-less interface for communication with an access control system using an emulated RFID card;
wherein the access control device further comprises a cryptographic processor, a virtual file system comprising a USB Mass Storage Device file system, a pre-configured unique identifier and a cryptographic key allowing for authentication and verification of access control credentials and cryptographic keys, the access control credentials and cryptographic keys stored in a storage upon acceptance, and being accessible to the emulated RFID card for transmission via the contact-less interface to the access control system; and
wherein the files of access control credentials and cryptographic keys are handled as blocks of wrapped and/or Authenticated Encryption with Associated Data (AEAD) files.
4 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a low-cost access control device for identification and authentication in both the “digital” and “physical” worlds by contact-bound respectively contact-less interfaces and where individual users of the device can securely update access control credentials and cryptographic keys from a remote system without the need for any additional hardware or specialized software. The access control credentials and the at least one cryptographic key shall be readable by an access control system via the contact-less interface of the device, thereby enabling or denying the holder of the device access.
-
Citations
13 Claims
-
1. An access control device having dual interfaces comprising:
-
a contact-bound interface for communication with a remote system, the contact-bound interface comprising a USB interface with a USB type A plug and configured to receive access control credentials and cryptographic keys transmitted as files to the access control device; and a contact-less interface for communication with an access control system using an emulated RFID card; wherein the access control device further comprises a cryptographic processor, a virtual file system comprising a USB Mass Storage Device file system, a pre-configured unique identifier and a cryptographic key allowing for authentication and verification of access control credentials and cryptographic keys, the access control credentials and cryptographic keys stored in a storage upon acceptance, and being accessible to the emulated RFID card for transmission via the contact-less interface to the access control system; and wherein the files of access control credentials and cryptographic keys are handled as blocks of wrapped and/or Authenticated Encryption with Associated Data (AEAD) files. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for secure communication with an access control device comprising:
-
receiving access control credentials and cryptographic keys transmitted as files to the access control device over a contact-bound interface, the contact-bound interface comprising a USB interface with a USB type A plug; and communicating data derived from an access control credential and cryptographic key to an access control system over a contact-less interface using an emulated RFID card; wherein the access control device comprises a cryptographic processor, a virtual file system comprising a USB Mass Storage Device file system, a pre-configured unique identifier and a cryptographic key allowing for authentication and verification of access control credentials and cryptographic keys, the access control credentials and cryptographic keys stored in a storage upon acceptance, and being accessible to the emulated RFID card for transmission via the contact-less interface to the access control system; and wherein the files of access control credentials and cryptographic keys are handled as blocks of wrapped and/or Authenticated Encryption with Associated Data (AEAD) files. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification