DE3514660C2 - - Google Patents

Description

The invention relates to a locking system according to the Ober Concept of claim 1. Such a device is an example as described in EP-OS 00 98 437.

In certain cases, for example for hotels, residential complexes, or company building, you need a locking system that next to Individual keys for each lock also group keys that open a series of locks, and one for all locks system key. Such So far, hierarchies have generally been based on purely mechanical Ways realized. A number of disadvantages had to be accepted be taken: the system offers a limited variety and is relatively easy to copy; the areas that a groups key opens, can not be changed easily; Lost keys can only be lost with a certain amount Effort - the cylinders of the associated locks have to be removed be changed - invalidate.

That's why they had already thought about it, at least some of them these weaknesses through the use of modern electronics remove. So is in the cited publication Locking system discussed, the parts of when plugging together communicate with each other according to the following scheme: The lock generates an outgoing start impulse number of casesx and transmits this number to the key. Both Convert partsx according to a predefined algorithm Intermediate sizey order and remove this size according to a certain rule a fragment , the shorter the deeper the Keys or the lock are in the hierarchy. That's it calculated on the side  is given to the castle and there with the size determined on the lock side  compared; if they match  then the lock is operated in mood. Alternatively, lie far away different keys although fragments of the same length , however work according to different algorithms; accordingly The locks contain the algorithms for everyone left key and check if any of their algorithms or does not match the key algorithm.

A method of operating an electronic security device direction is also known from DE-OS 33 13 609, which the Operation of an electronic security device with as much as possible high security factor is made possible. Every castle and everyone Keys each have an electronic memory, in the on the lock side a lock identification code as well a lock code and in the one on the key side a function code, a key identification code, a key combination tion code and a change code are stored.

Previous concepts have their specific advantages but not always the requirements to be met. For example, a variant is only flexible to a limited extent Circumstance that is particularly important when large ob objects with frequently changing and / or complicated key Lock assignments are to be supplied. Another variant the locks must have a series of (reprogrammable one stored) program parts and therefore rule be moderately equipped with relatively expensive program memories. In addition comes in both cases that changes in the key-lock Assignment of an intervention in the electronics of the affected Require locks and therefore especially with large areas building complexes only with considerable expenditure of time and personnel can be carried out.

The invention has for its object an electronic Key lock system to be specified with the highest possible security factor and the possibility of giving each key a freely selectable if necessary, easily changeable selection from the locks of the Assignable to systems (group key). To solve this task  is a system with the features of claim 1 featured beat.

In the proposed system, the basic code is that of the sub Separation of the individual systems is chosen so long that identification by unauthorized persons is practically impossible is; typical code lengths are 24 bits or 32 bits. As a code All programmable read-only memories such as PROM's, EPROM's or EEPROM's; are the security requirements not too high (example: vehicle locking system), Dio den- or conductor matrices are used (see. DE-OS 34 09 611).

In order to strictly meet the requirement for free lock selection for each key, a yes / no decision must be possible for each lock of the system, that is to say that one bit per lock is available in the key store. Because of the space requirement, such individual coding is only useful for small and medium-sized systems. For very large objects with more than 10⁴ logically distinguishable locks, a specific group coding is recommended instead - at least for keys with a large number of assigned locks:
The numbers of the locks to be locked by the keys are grouped together in blocks of successive numbers, with individual locks being exceptions to this. Then it is sufficient to separate the valid and the invalid number ranges from one another, i.e. only to save the block limits. These limits are freely selectable; only the number of limits and therefore the individual areas is limited by the capacity of the memory chip. If the numbers were initially assigned sensibly, this technology regularly offers sufficient freedom of choice.

A system according to the invention can be operated with a relatively small amount Expand program memory capacity so that a missing ge key without changing the locks assigned to it invalidated and by a slightly changed second key can be replaced. For this purpose there will be one for each key key-specific number and a priority number and at a priority number for each lock  Key saved. It is agreed that a Key can only operate a lock if the key-side priority number the same size or around one unit larger than that for him in the castle stored priority number, and that in the latter Case the lock priority number at the first The lock and key are put together automatically matched to the key priority number becomes. If a key is lost, the Key center a new key made out, which only differs from the previous one in that that the priority number is increased by one unit. All locks that differ from the lost Having keys pressed also fits to the after follower and let the replaced key - and possibly from its predecessors - no longer block, once the new key has been used for the first time is.

If the system subordinate key ("Single key "), for example a room key Hotels that can be copied can do so according to the invention system can be designed particularly inexpensively. It is sufficient if the individual key only one Block with stored basic code and if necessary Wear the key and priority number and the lock Microprocessors - parallel to the data transfer route tine for group keys - a program section for Reading out the storage data of the passive individual keys have sel.

Further advantageous refinements and developments the invention are the subject of additional claims.

The proposed system is now to be based on an implementation Example in connection with the attached drawing tion are explained in more detail. It shows  

Fig. 1 is a mapping table between the individual keys and locks of the system,

FIGS. 2a to 2c, the coding system of keys and locks and

Fig. 3 shows the dialog between the key and lock after plugging together.

The first step in the design of a specific locking system is to enter the logically distinguishable locks and keys as columns and rows in a matrix and to assign them to one another. Fig. 1 shows the beginning of such an assignment table, in which the keys with consecutive numbers are entered row by row and the locks with consecutive numbers are column by row. A marking on a matrix interface ("X" in the diagonal and "+" outside the diagonal) means that the key of the cut line should match the lock of the cut column. The table shows that there are hardly any individual keys in the strict sense and that the assignments "scatter" in such a way that they cannot be brought into a clearly structured hierarchy.

FIGS. 2a to 2c show, what information is stored in the individual system components. A key, which should only lock a few locks (example: single room and front door), contains a data memory S 1 in which a 24-bit basic code G , a priority number P _i and a key number N _{i are} stored. The EEPROM offered by Siemens under the designation SDA 2116 K, which comprises 128 bytes each with a width of 8 bits, could function as such a memory. In this memory, the basic code consumes a maximum of 6 bytes, so that there is still enough space for storing the priority and key number. Furthermore, the "individual keys" each carry a microprocessor µ C , for example the CMOS type 80 C 482 from Siemens in a micropack version ( FIG. 2a).

A key that is supposed to fit a large number of locks contains, in addition to the EEPROM, in which the basic code and key number are stored, and the microprocessor still another memory module S 2 ( FIG. 2b), for example the same type as the module S. 1 , in which numbers n _{j of} the appropriate locks as well as the priority and key number are stored. (The fact that the key number is contained in both components serves only to ensure that only related memories are combined on one key.)

The block S 2 contains the lock numbers in the form of area boundaries and individual lock numbers. For example, a group key should include all locks with numbers within the ranges

• 456 to 731 (block)
  953 to 3428 (block)
  4263 to 4263 (single key)
  6538 to 7325 (block)
  8120 to 8120 (single key) and
  8735 to 9249 (block)

block, only the digits 456, 731; 953, 3428; 6538, 7325; 8735, 9249; 4263 and 8120 saved. You need one to two per digit, i.e. per border Bytes. With a capacity of 1 k byte, Sy steme up to almost 65,000 locks 500 borders, that is, 250 valid ranges. This allows one very revealing structure of the hierarchical system with a large reserve for subsequent changes. are many single keys compared to larger blocks expected, so you could save some storage space, after coding the areas - in the above Example between the digits 9249 and 4263 - a separator set brand. All other numbers are then not considered Range limits, but as individual lock numbers inter Pretiert and accordingly do not need twice to be laid.  

The locks carry two memories s 1 , s 2 and a microprocessor µ c . In addition to the basic code G, the memory s 1 contains a lock number n _j ; the memory s 2 , which should have an EEPROM with a storage capacity of ½ k bytes, contains a priority number p _i for each of the assigned keys ( FIG. 2c).

So that the keys cannot be copied, must the opening code given by the key to the lock can be copied. Accordingly, when together insert key and lock - via contacts, IR Signals or the like - a data transmission in both directions in dialogue.

In Fig. 3 illustrates how this interaction takes place. First, the key and lock in their microprocessors µ C and µ c each form a random number Z , z and transmit these numbers to the respective partner. Each partner then encrypts its basic code G, g with the aid of a mathematical function F, f , which contains the average number transmitted, to a random parameter K, k and sends this variable back to the other partner. Each of the two partners then checks whether the basic code contained in the received parameter matches his own. If this is the case on both sides, the lock sends its number. If this is valid, the key sends the opening code O to the lock, together with its key and priority number. If these two numbers are also valid, the lock generates an electrical pulse I which leads to the opening of a connection or to the engagement of a clutch.

The basic code check in the other partner can be perform mathematically in two ways: either the other partners anticipates - this alternative is known - encryption using its original information independently and compares the encrypted  Results with each other. Or the one in the received one Original information contained in the size will be checked back won and ver with their own original information like. The appropriate programming of the Mikropro zessors has no special requirements; the same che also applies to the other program parts (transmission routines, dialog control, etc.). For more details is based on the European disclosure already cited scripture referenced.

Should in the course of the dialog - for example when using a non-system key - an inconsistency may occur so the dialogue breaks off immediately. For an unjustified So there is no usable data for users. If a correct data exchange is listened to, you can only with knowledge of the program data via a computer Analysis can be obtained. The dates of the dialogue are in remaining encrypted so that the code once sent is no longer valid for the next opening.

The invention is not limited to the example shown Ausfüh approximately. In this way, one could do even more encryption work to increase security; For example, the lock, key and priority numbers could be made unrecognizable by means of a function from the random numbers and the basic code and / or the basic code stored in the system parts could be obscured in a part-specific manner. If one changes from active to passive keys, the cryptographic measures, which were previously part of the µ C program, should be moved to tables for memory programming, in particular to prevent the key from being accessed by an unlawful user at a higher level archie level is set. Apart from that, it can also be advisable to work with universal modules, for example with microprocessors that are programmed across systems, or with lock memories that contain the basic codes of several systems. It must be left to the person skilled in the art in which way he stores the required data in the individual system parts; As a rule, a second memory block will only be required on the key side if the key is to fit a large number of locks. There is also considerable scope for structuring the data exchange: if the security requirements are somewhat lower, it is sufficient if only the lock sends out a random number, with the help of which the key from its basic code then forms a parameter checked by the lock. Such a simplified dialog offers in particular the possibility of using battery-free keys. Furthermore, each partner could only transmit small fragments of the information in one go, with both partners alternating in a certain way. If this is a transfer for comparison purposes, it can be stopped immediately at the first sign of an inequality, that is, before essential information leaks out. Finally, it may also be appropriate under certain circumstances that instead of storing the appropriate lock numbers on the key side, each lock contains the numbers of the assigned keys, the key transmits its number during dialog and the lock performs the number comparison immediately. This principle, in which the final decision is made by the lock, is particularly secure since the allocation memory in the lock is relatively well protected against manipulation.

Claims (11)

1. Electronic locking system with several locks and several, at least one of these locks matching keys, each lock and key has a memory ( s 1 , S 1 ), at least each lock has a microprocessor (µ c ) and lock and key when plugged together Interact via electrical impulses, characterized in that the memory of each lock and key ( s 1 , S 1 ) contains a system-specific code (basic code G ), that the memory of each lock ( s 1 ) contains a lock-specific number (lock number n _j ) contains that the memory of each key ( S 1 ) contains the numbers of the locks matching it, that the memory of each key ( S 1 ) additionally contains a priority number ( P _i ) and a key-specific number (key number N _i ) ent holds that the memory of each lock ( s 1 ) for each of the matching key numbers ( N _i ) also one e priority number ( p _i ) contains that a key can only operate a lock if its priority number ( P _i ) is the same size or one unit larger than the priority number ( p _i ) stored in the lock for its key number and then, if the priority number of a key ( P _i ) is one unit greater than the priority number stored for its key number in the lock ( p _i ), the lock-side priority number is increased by one unit when the key and lock are put together for the first time. 2. Locking system according to claim 1, characterized in that the basic code ( G ) contains at least 20 bits and is in particular 24 bits or 32 bits long. 3. Locking system according to claim 1 or 2, characterized in that a specific bit is assigned to each lock of the system for storing the appropriate lock numbers ( n _j ) in the memory of each key ( S 1 ). 4. Locking system according to claim 1 or 2, characterized in that for the storage of the appropriate lock numbers ( n _j ) at least in the storage of those keys which are supposed to fit for more than 10⁴ locks, the boundaries of areas which are made up of successive numbers Locks ( n _j ) are formed and consist of at least one number (single and multi-lock areas), are stored. 5. Locking system according to claim 4, characterized in that in one first memory section the boundaries of the multi-lock areas and in a second, separated from the first by a separating mark Memory portion the boundaries of the containment areas are stored. 6. Locking system according to one of claims 1 to 5, characterized in that the basic code ( G ) and the lock numbers ( n _j ) at least in those keys which should fit at most five and in particular at most two locks, in a single module ( S 1 ) are saved. 7. Locking system according to one of claims 1 to 6, in which at least also those keys which are to be suitable for at least three and in particular at least five locks ( "Grup penschlüssel"), a microprocessor (μ C) have, characterized in that, when together in the microprocessors of the key and the lock (µ C or µ c ) a random number ( Z, z ) is formed and the respective partner is informed that each of the partners has its basic code ( G, g ) with the help of a mathematical function ( F, f ), which contains the transmitted random number ( z, Z ), encoded to a randomly similar characteristic ( K, k ) and sends this variable back to the other partner that each of the two partners checks whether the parameter received in the ( K, k ) contained basic code ( G, g ) agrees with his own and that then and only if this is the case on both sides and possibly all other tests are positive, de r key sends an opening code ( O ), which triggers an actuation of the lock when the code has been checked positively by the lock. 8. Locking system according to claim 7, characterized in that when the keys each contain a key and priority number ( N _i or P _i ), with the opening code ( O ) at the same time also the key and priority number ( N _i or P _i ) of the key transmitted and compared in the lock with the priority number ( p _i ) stored there for the key, the lock being actuated only when a valid priority number ( P _i ) is received. 9. Locking system according to one of claims 1 to 8, characterized in that at least those keys which are intended to fit for a maximum of three and in particular a maximum of two locks ("individual keys") do not contain a microprocessor and the microprocessors of the locks which are respectively suitable ( µ c ) each have a program section that reads out the key data when the lock and key are put together. 10. Locking system according to one of claims 1 to 8, characterized in that the basic code ( G ) is stored in encrypted form and the keys and locks each have a microprocessor (µ C , µ c ) which the basic code ( G ) before its further Processing decoded again. 11. Locking system according to claim 7 or 8, characterized in that the lock numbers ( n _j ) and possibly also the key and priority numbers ( N _i or P _i ) before they are transmitted with a function which is based on the basic code ( G ) and in particular also depends on the generated random numbers ( Z, z ).