EP2304693B1 - Access control method and access control system - Google Patents
Access control method and access control system Download PDFInfo
- Publication number
- EP2304693B1 EP2304693B1 EP09765310.9A EP09765310A EP2304693B1 EP 2304693 B1 EP2304693 B1 EP 2304693B1 EP 09765310 A EP09765310 A EP 09765310A EP 2304693 B1 EP2304693 B1 EP 2304693B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- access control
- write
- control medium
- read device
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Not-in-force
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00809—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission through the human body
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/08—With time considerations, e.g. temporary activation, valid time window or time limitations
Definitions
- the invention relates to the field as access control. It relates more particularly to an access control procedure and access control system based on an identification procedure (actually: authentication method).
- Identification systems are used in different applications such as access control prepaid card systems, data acquisition systems, etc.
- the wireless information transmissions for example via radio frequency signals or microwaves (eg via GSM), are becoming increasingly important. Due to the comparatively large range, the potential problem of manipulation arises.
- a transmitter / receiver of a manipulator be set up by means of a so-called "man-in-the-middle" attack or another vulnerability of the exchange protocol used exploiting exploitation is performed.
- capacitive-resistive coupling also called 'capacitive coupling' or 'PAN coupling'
- 'PAN coupling' capacitive-resistive coupling
- a disadvantage of the capacitive-resistive coupling is the data transmission rate of the information transmission, which is usually very low in realizable embodiments. This is because the communication device is generally set up to allow signal transmission through the human body. This prohibits high frequencies and high amplitudes.
- the invention is characterized essentially by the fact that for the access control in a first step, a wireless radio link (this is expressly meant in addition to radio frequencies communication via microwave frequencies) between the object to the access is sought, and an access control medium (mobile phone, other electronic device, smart card, etc.) is established.
- an authentication procedure is initially performed, in which the access authorization of the access control medium is checked.
- a temporary access code is sent from the object to the access control medium and sent back by this to the object, possibly in a modified form.
- the capacitive-resistive coupling is used either for the return of the - optionally modified - access code to the object or possibly for the transmission of the access code to the access control medium; in the other direction the signal is sent via the wireless connection.
- the object is a door with a mechatronic Locking device, which is in communication with a - optionally integrated in the locking device - writing and / or reading device, which in turn has means for communicating over the wireless connection and for receiving and / or transmitting capacitive-resistive signals.
- the release of the object in this case corresponds to the mechatronic unlocking of the door.
- the authentication method is any method of determining whether the access control medium is authorized to access the object. This can be done through a simple query of codes that must be present on the access control medium, over more complex, secure procedures. In particular, it is possible to carry out the authentication method in a manner known per se from the prior art or by means of a commercially available system whose protocol does not necessarily have to be known. In any case, the authentication method preferably provides a yes / no answer to the question whether the access control medium authorizes access in the present situation. Only if the answer is "yes" is a temporary access code generated and transmitted to the access control medium.
- the temporary access code is, for example, a random sequence; it is only accepted by the object for some time after its generation, for example during 2-10 seconds or can only be received once as entitled ("one time” code).
- further temporary access codes are generated by the writing and / or reading device of the object if, after this time, the wireless communication connection still exists, but access to the object has not yet taken place; it may also be provided that the temporary access code is valid as long as the wireless connection exists.
- the procedure according to the invention has the advantage that it combines the manipulation security of known authentication processes, which can take place via secure connections (for example with encryption) and can cause the exchange of larger amounts of data, with the selectivity of the capacitive-sensitive coupling. In contrast to the prior art, this is done without sacrificing comfort due to delays caused by the slow, short-range capacitive-resistive coupling.
- the relatively time-consuming construction of a secure radio link - which may include synchronization, etc. - can take place as the user approaches the object. Over the capacitive-resistive channel then only - for example, unencrypted - a very short data sequence must be transmitted, and the release of the object can be done immediately after their receipt.
- the access control medium for example, constantly repeatedly emits the temporary access code or the data packet derived therefrom via the transmitter (transmitter) of the capacitive-resistive coupling; For this purpose, a pair of electrodes present in the access control medium is supplied with a corresponding signal.
- a receiver electrode eg, a door handle, which is preferably configured as a receiver electrode or part of the receiver electrode of the capacitive-resistive receiver
- reception of the signal by the capacitive-resistive receiver begins Coupling, wherein the signal path may pass through the user's body when carrying the access control medium in the pocket.
- the data transmitted with the capacitive-resistive coupling can consist of a temporary access code (containing no access-control-medium-specific data), which possibly has still been changed with a simple, non-access-control-medium-specific operation. Adding an ID or other simple string is not excluded.
- a security against manipulation consists on the one hand in the security of the selected wireless connection; available methods often include encryption, and it is also for practical reasons (synchronization, etc.) not easy and quickly possible to listen to a short time existing radio signal.
- a manipulating person could also use the unauthorized temporarily received temporary access code only to a limited extent, since this is only valid for a very short time.
- the temporary access code is transmitted via the capacitive-resistive coupling-permanently-and then sent back via the existing wireless connection; it is easily possible for the recipient to verify that it comes from the same sender with which the successful authentication process was previously performed.
- the method according to the invention brings practically no time delays which are recognizable to the user, since the back transmission of the optionally modified access code can take place immediately after its reception via the capacitive-resistive coupling, namely via the already established wireless connection.
- Bluetooth Bluetooth Low Energy
- the use of this comparatively short-range (about 10 m signal range) technology is advantageous in terms of safety due to the short range.
- the use of "normal” Bluetooth is likewise possible, with the disadvantage that the power consumption of such a system is higher.
- the access control medium is preferably a portable device, for example a mobile telephone. In such is generally enough power available. According to a preferred embodiment, the access control medium assumes the role of "master" in Karluninkation Bluetooth or Bluetooth Low Energy, ie the initialization of the connection is based on the access control medium.
- maintenance data is transmitted from the writing and / or reading device (the door) to the access control medium, for example battery life data etc.
- the non-wired writing and / or writing data can be transmitted Reading device via the access control medium trigger a warning signal or draw attention in another suitable manner to be remedied.
- the procedure according to the invention is particularly suitable for applications in which the access control medium does not have to be actively handled by the user, for example, but can remain in his pocket.
- the kapitizitiv-resistive coupling is then preferably primarily through the body of the user, which acts as a - bad - electrical conductor. Therefore, for the capacitive-resistive coupling, the ultra-wideband signal transmission is particularly preferred using the frequency spreading method. This can cause the current amplitudes flowing through the body to be very small. Regarding implementation of this method and benefits will also be on the WO 2007/112609 directed.
- a user 1 can carry the access control medium 2, for example, in a bag or attached to a belt. During the entire procedure, he does not have to take control of the access control medium.
- the data exchange via the wireless connection already starts while the user approaches the door.
- the typical range for the preferably used here Bluetooth or Bluetooth low energy technology is about 10 meters.
- the door handle 3.1 of the door is designed, for example, as a receiver electrode for the capacitive-resistive coupling.
- the transmission of the data packet from the access control medium 2, for example through the body of the user 1 to the receiver electrode begins, according to the method discussed in more detail below. If the data has been exchanged correctly and successfully, the door is released and the user can press the door handle. For him, the whole process is so, so whether the door would be constantly open.
- the authentication process may also take place. Since, however, the extremely short-range capacitive-resistive coupling does not start under these circumstances, the door does not open. For example, a person accidentally located nearby, therefore, can not open the door.
- the access control medium is designed as a mobile telephone 11.
- the mobile phone has means for communicating via Bluetooth Low Energy technology.
- it is provided with a transmitter (or possibly receiver, see below) for the capacitive-resistive coupling.
- housing parts or a transparent display surface can be designed as corresponding electrodes 13, 14 or coated with them. This will also be on the documents WO 2008/098397 . WO 2008/098398 and WO 2008/098399 directed.
- FIG. 3 shows a flowchart of an embodiment of a method according to the invention.
- solid arrows between the box signal transmissions over the wireless connection eg Bluetooth Low Energy
- the dotted arrow represents the capacitive-resistive data transmission.
- the left column states of the writing and / or reading device the “door”
- the middle column states of the access control medium hereinafter it is described as a mobile phone, the method would be carried out analogously on other access control media.
- the terms “Advertiser”, “Scanner”, “Initiator”, “Slave” and “Master” correspond to the terminology commonly used for Bluetooth Low Energy; the corresponding states will be briefly explained below.
- “RCID Rx” and “RCID Tx” stand for receiver and transmitter for the capacitive-resistive coupling; "open” refers to the state of the release of the object, eg. Unlocking the door.
- the time axis runs in Fig. 3 from top to bottom.
- the mobile phone may change from the scanner to the initiator role and ask the writer / writer for a wireless connection (step 32).
- the secure Bluetooth low energy connection is set up within, for example, at most 2 s, the mobile telephone acting as "master”, the writing and / or reading device as "slave” according to common terminology (step 33).
- the authentication process is carried out with the aid of the established wireless connection, ie the access authorization of the master is checked (step 34).
- the access control medium authorizes access, that is to say by means of a data exchange via a secure, for example encrypted connection - the data exchange can be based on the challenge-response method or another suitable method the access control medium required data and / or qualifications are available.
- the procedure chosen during the authentication process will not be explained in detail here; It can be done according to the prior art or according to other suitable procedures. There are - especially in connection with communication via radio frequencies - various different solutions from different providers, such as the "Legic®" system.
- the procedure according to the invention even makes it possible to use proprietary solutions from third-party providers, ie the method sequence of the authentication method need not be known to the person implementing the method according to the invention; only the result (an "OK” or an "access denied”) is needed.
- a temporary (i.e., only for a limited time and / or single access only) access code is transmitted to the mobile by the writing and / or reading device (step 35). This is done via the secure wireless connection.
- This access code - or a quantity derived therefrom - is transmitted back to the writing and / or reading device repeatedly immediately and if necessary, the capacitive-resistive information transmission being used for this return (step 36).
- the transmission of the access code or the derived variable takes place, for example, until either a time limit (for example a value between 2 and 10 seconds) has been exceeded or the access code has been received by the writing and / or reading device.
- the temporary access code is transmitted capacitively and resistively to the mobile telephone by the writing and / or reading device, and that it sends back the access code or the derived variable via the secure wireless connection, in which case the sending of the access code by the writing and / or reading device can take place until either a time limit is reached or the returned access code or the derived variable is received via the secure connection.
- the access code is, for example, a random number or a random sequence or a variable composed or calculated from a random number / random sequence and further variables.
- the method according to the invention can be implemented particularly simply if the temporary access code itself is sent back by the mobile telephone. As a possible derived therefrom come to a unique number or The same, a time information, a further random variable, etc. added access code, sequences of the access code, or a variable obtained with a previously known operation on the possibly completed access code or sequences thereof.
- test data for example test data, battery life data, status data etc.
- the connection is terminated (here by the mobile telephone) (step 38), and the object is released, for example the door is unlocked (step 39).
- Fig. 3 schematically the time is shown, which is needed for the steps before or after first touching the door handle.
- the particularly time-consuming process steps such as setting up the secure connection can already take place while the user approaches the door and, for example, between 1 and 5 s claim - in the example shown about 2 s.
- long device detection times can be tolerated, which in turn makes long advertising intervals of the object or short active scanner times of the access medium possible. This reduces the power consumption both on the object and on the access medium, without affecting the comfort for the user.
- the (return) transmission of the temporary access code and the release of the door are very fast processes that last at most a few tenths of a second, for example. Between 0.05 s and 0.5 s, in the example shown about 0.15 s.
Description
Die Erfindung betrifft das Gebiet als Zugangskontrolle. Sie betrifft im Speziellen ein auf einem Identifizierungsverfahren (eigentlich: Authentifizierungsverfahren) beruhendes Zugangskontrollverfahren und Zugangskontrollsystem.The invention relates to the field as access control. It relates more particularly to an access control procedure and access control system based on an identification procedure (actually: authentication method).
Identifizierungssysteme (oft auch als Identifikationssysteme bezeichnet) kommen zum Einsatz bei unterschiedlichen Anwendungen wie der Zugangskontrolle Wertkartensystemen, Datenerfassungssystemen etc. Immer wichtiger werden dabei die drahtlosen Informationsübertragungen, beispielsweise über Radiofrequenzsignale, oder auch Mikrowellen (bspw. über GSM). Dabei stellt sich aufgrund der vergleichsweise grossen Reichweite das mögliche Problem von Manipulationen. So kann beispielsweise mittels einer in einiger Entfernung von einem Datenaustauschpunkt (Schreib- und/oder Leseeinrichtung eines Schliessystems eines Wertkartenlesers etc.) ein Sender/Empfänger eines Manipulierenden aufgestellt sein, mittels dem eine sogenannte "man-in-the-middle"-Attack oder eine andere Sicherheitslücken des verwendeten Austauschprotokolls ausnutzende Manipulation durchgeführt wird.Identification systems (often referred to as identification systems) are used in different applications such as access control prepaid card systems, data acquisition systems, etc. The wireless information transmissions, for example via radio frequency signals or microwaves (eg via GSM), are becoming increasingly important. Due to the comparatively large range, the potential problem of manipulation arises. Thus, for example, by means of a remote from a data exchange point (writing and / or reading device of a locking system of a prepaid card reader, etc.) a transmitter / receiver of a manipulator be set up by means of a so-called "man-in-the-middle" attack or another vulnerability of the exchange protocol used exploiting exploitation is performed.
Seit einiger Zeit ist die Verwendung der sogenannten kapazitiv-resistiven Kopplung (auch ,kapazitive Kopplung' oder ,PAN-Kopplung' genannt) für die Zugangskontrolle bekannt. Diese ist sehr kurzreichweitig, und es wird oft der Pfad durch den menschlichen Körper für die Signalübertragung ausgenutzt. Dadurch kann ein Empfangen von Signalen durch einen in einiger Entfernung positionierten Manipulierenden mit recht grosser Sicherheit ausgeschlossen werden.For some time, the use of so-called capacitive-resistive coupling (also called 'capacitive coupling' or 'PAN coupling') for access control has been known. This is very short-range, and it often becomes the path exploited by the human body for signal transmission. As a result, receiving signals by a manipulator positioned at some distance can be ruled out with rather great certainty.
Nachteilig an der kapazitiv-resistiven Kopplung ist die in realisierbaren Ausführungsformen meist sehr geringe Datenübertragungsrate der Informationsübertragung. Diese rührt daher, dass die Kommunikationseinrichtung im Allgemeinen so eingerichtet wird, dass eine Signalübertragung durch den menschlichen Körper ermöglicht wird. Dies verbietet hohe Frequenzen und hohe Amplituden.A disadvantage of the capacitive-resistive coupling is the data transmission rate of the information transmission, which is usually very low in realizable embodiments. This is because the communication device is generally set up to allow signal transmission through the human body. This prohibits high frequencies and high amplitudes.
Aufgrund der sehr beschränkten Datenübertragungsrate können entweder nur sehr kurze Datenpakete übertragen werden, oder es entsteht eine entsprechend lange Wartezeit. Ersteres ist für Anwendungen mit höheren Sicherheitsstandards unerwünscht, letzteres wirkt sich negativ auf den Komfort aus.Due to the very limited data transmission rate, either only very short data packets can be transmitted, or a correspondingly long waiting time arises. The former is undesirable for higher security applications, the latter has a negative impact on comfort.
Aus der
Es ist daher Aufgabe der Erfindung, ein Authorisierungsverfahren und ein Authorisierungssystem zur Verfügung zu stellen, welche Nachteile gemäss dem Stand der Technik überwinden und insbesondere für die Anwendung ,Zugangskontrolle' die notwendige Sicherheit und gleichzeitig eine befriedigende Geschwindigkeit des Verfahrens ermöglichen.It is therefore an object of the invention to provide an authorization method and an authorization system which overcome disadvantages according to the prior art and, in particular for the application 'access control', enable the necessary security and at the same time a satisfactory speed of the method.
Diese Aufgabe wird gelöst durch ein Verfahren und ein System, wie sie in den Ansprüchen definiert sind.This object is achieved by a method and a system as defined in the claims.
Die Erfindung zeichnet sich im Wesentlichen dadurch aus, dass für die Zugangskontrolle in einem ersten Schritt eine drahtlose Funkverbindung (damit ist hier nebst Radiofrequenzen die Kommunikation über Mikrowellenfrequenzen ausdrücklich mitgemeint) zwischen dem Objekt, zu dem Zugang gesucht wird, und einem Zugangskontrollmedium (Mobiltelefon, anderes elektronisches Gerät, Chipkarte etc.) aufgebaut wird. Über diese drahtlose Verbindung wird zunächst ein Authentifizierungsverfahren durchgeführt, in welchem die Zugangsberechtigung des Zugangskontrollmediums geprüft wird. Anschliessend wird ein temporärer Zugangscode vom Objekt an das Zugangskontrollmedium gesandt und von diesem wieder an das Objekt zurückgesandt, unter Umständen in modifizierter Form. Dabei wird entweder für das Zurücksenden des - gegebenenfalls modifizierten - Zugangscodes an das Objekts oder eventuell für das Senden des Zugangscodes an das Zugangskontrollmedium die kapazitiv-resistive Kopplung verwendet; in die jeweils andere Richtung wird das Signal über die drahtlose Verbindung gesandt.The invention is characterized essentially by the fact that for the access control in a first step, a wireless radio link (this is expressly meant in addition to radio frequencies communication via microwave frequencies) between the object to the access is sought, and an access control medium (mobile phone, other electronic device, smart card, etc.) is established. Via this wireless connection, an authentication procedure is initially performed, in which the access authorization of the access control medium is checked. Subsequently, a temporary access code is sent from the object to the access control medium and sent back by this to the object, possibly in a modified form. In this case, the capacitive-resistive coupling is used either for the return of the - optionally modified - access code to the object or possibly for the transmission of the access code to the access control medium; in the other direction the signal is sent via the wireless connection.
Sofern der temporäre Zugangscode - gegebenenfalls in modifizierter Form - korrekt zum Objekt zurückgelangt, wird das Objekt freigegeben. In vielen Ausführungsformen ist das Objekt eine Türe mit einer mechatronischen Verriegelungsvorrichtung, die in Kommunikationsverbindung mit einer - ggf. in die Verriegelungsvorrichtung integrierten - Schreib- und/oder Leseeinrichtung steht, die ihrerseits Mittel zum Kommunizieren über die drahtlose Verbindung und zum Empfangen und/oder Aussenden von kapazitiv-resistiven Signalen aufweist. Das Freigeben des Objekts entspricht in diesem Fall der mechatronische Entriegelung der Tür.If the temporary access code - possibly in modified form - returns to the object correctly, the object is released. In many embodiments, the object is a door with a mechatronic Locking device, which is in communication with a - optionally integrated in the locking device - writing and / or reading device, which in turn has means for communicating over the wireless connection and for receiving and / or transmitting capacitive-resistive signals. The release of the object in this case corresponds to the mechatronic unlocking of the door.
Das Authentifizierungsverfahren ist irgend ein Verfahren, durch das festgestellt werden kann, ob das Zugangskontrollmedium zum Zugang zum Objekt berechtigt. Das kann über eine einfache Abfrage von Codes geschehen, die auf dem Zugangskontrollmedium vorhanden sein müssen, ober über aufwändigere, sichere Verfahren. Insbesondere besteht die Möglichkeit, das Authentifizierungsverfahren in an sich vom Stand der Technik her bekannter Art oder mittels eines kommerziell erhältlichen Systems, dessen Protokoll nicht unbedingt bekannt sein muss, durchzuführen. Auf jeden Fall liefert das Authentifizierungsverfahren bevorzugt eine ja/nein-Antwort auf die Frage, ob das Zugangskontrollmedium in der vorliegenden Situation zum Zugang berechtigt. Nur wenn die Antwort "ja" ist, wird ein temporärer Zugangscode erzeugt und an das Zugangskontrollmedium übermittelt.The authentication method is any method of determining whether the access control medium is authorized to access the object. This can be done through a simple query of codes that must be present on the access control medium, over more complex, secure procedures. In particular, it is possible to carry out the authentication method in a manner known per se from the prior art or by means of a commercially available system whose protocol does not necessarily have to be known. In any case, the authentication method preferably provides a yes / no answer to the question whether the access control medium authorizes access in the present situation. Only if the answer is "yes" is a temporary access code generated and transmitted to the access control medium.
Der temporäre Zugangscode ist beispielsweise eine Zufallssequenz; er wird nur während einiger Zeit nach seiner Erzeugung vom Objekt akzeptiert, bspw. während 2-10 Sekunden oder kann nur einmal als berechtigt empfangen werden ("one time" Code). Optional werden durch die Schreib- und/oder Leseeinrichtung des Objekts weitere temporäre Zugangscodes erzeugt, wenn nach Ablauf dieser Zeit die drahtlose Kommunikationsverbindung noch immer besteht, aber der Zugang zum Objekt noch nicht erfolgt ist; es kann auch vorgesehen sein, dass der temporäre Zugangscode gültig ist, solange die drahtlose Verbindung besteht.The temporary access code is, for example, a random sequence; it is only accepted by the object for some time after its generation, for example during 2-10 seconds or can only be received once as entitled ("one time" code). Optionally, further temporary access codes are generated by the writing and / or reading device of the object if, after this time, the wireless communication connection still exists, but access to the object has not yet taken place; it may also be provided that the temporary access code is valid as long as the wireless connection exists.
Das erfindungsgemässe Vorgehen hat den Vorteil, dass es die Manipulationssicherheit von bekannten Authentifizierungsprozessen, die über sichere Verbindungen (bspw. mit Verschlüsselung) erfolgen und den Austausch von grösseren Datenmengen bedingen kann, mit der Selektivität der kapazitiv-resitiven Kopplung kombiniert. Im Gegensatz zum Stand der Technik geschieht das, ohne dass dadurch der Komfort aufgrund von Verzögerungen durch die langsame, kurzreichweitige kapazitiv-resistive Kopplung litte. Der relativ zeitaufwändige Aufbau einer sicheren Funkverbindung - der die Synchronisation etc. mit beinhalten kann - kann stattfinden, während sich der Benutzer dem Objekt nähert. Über den kapazitiv-resistiven Kanal muss dann lediglich - beispielsweise unverschlüsselt - eine sehr kurze Datensequenz übermittelt werden, und die Freigabe des Objekts kann sofort anschliessend an deren Empfang erfolgen.The procedure according to the invention has the advantage that it combines the manipulation security of known authentication processes, which can take place via secure connections (for example with encryption) and can cause the exchange of larger amounts of data, with the selectivity of the capacitive-sensitive coupling. In contrast to the prior art, this is done without sacrificing comfort due to delays caused by the slow, short-range capacitive-resistive coupling. The relatively time-consuming construction of a secure radio link - which may include synchronization, etc. - can take place as the user approaches the object. Over the capacitive-resistive channel then only - for example, unencrypted - a very short data sequence must be transmitted, and the release of the object can be done immediately after their receipt.
Dadurch ergibt sich für den Benutzer ein natürlicher Bewegungsablauf. Er kann das Zugangskontrollmedium in der Tasche tragen. Während er sich der Türe nähert, wird eine Kommunikationsverbindung aufgebaut und die Zugangsberechtigung automatisch, ohne Zutun des Benutzers, geprüft. Ein Zufallselemente enthaltender temporärer Zugangscode wird - in der bevorzugten Ausführungsform über die gesicherte Verbindung - an das Zugangskontrollmedium übermittelt.This results in a natural movement for the user. He can carry the access control medium in his pocket. As he approaches the door, a communication connection is established and the access authorization is checked automatically, without user intervention. A random access code containing random elements is transmitted - in the preferred embodiment via the secure connection - to the access control medium.
Dann beginnt das Zugangskontrollmedium beispielsweise ständig wiederholt den temporären Zugangscode bzw. das daraus abgeleitete Datenpaket über den Sender (Transmitter) der kapazitiv-resistiven Kopplung auszusenden; zu diesem Zweck wird ein im Zugangskontrollmedium vorhandenes Elektrodenpaar mit einem entsprechenden Signal beaufschlagt. Sobald sich der Benutzer in unmittelbarer Nähe einer Empfängerelektrode (z.B. eines Türdrückers, welcher vorzugsweise als Empfängerelektrode oder als Teil der Empfängerelektrode des kapazitiv-resistiven Empfängers ausgestaltet ist) befindet oder die Empfängerelektrode berührt, beginnt der Empfang des Signals durch den Empfänger für die kapazitiv-resistive Kopplung, wobei der Signalpfad durch den Körper des Benutzers führen kann, wenn dieser das Zugangskontrollmedium in der Tasche trägt.Then the access control medium, for example, constantly repeatedly emits the temporary access code or the data packet derived therefrom via the transmitter (transmitter) of the capacitive-resistive coupling; For this purpose, a pair of electrodes present in the access control medium is supplied with a corresponding signal. Once the user is in the immediate vicinity of a receiver electrode (eg, a door handle, which is preferably configured as a receiver electrode or part of the receiver electrode of the capacitive-resistive receiver) or contacts the receiver electrode, reception of the signal by the capacitive-resistive receiver begins Coupling, wherein the signal path may pass through the user's body when carrying the access control medium in the pocket.
Aufgrund des erfmdungsgemässen Vorgehens muss also über die kapazitiv-resistive Kopplung lediglich eine einfach Zeichenfolge übermittelt werden insbesondere müssen in diesem Schritt keine den eigentlichen Authentifizierungsprozess betreffende Daten übermittelt werden. Insbesondere kann sämtliche Information, die der Schreib- und/oder Leseeinrichtung zum Identifizieren/Authentifizieren des Zugangskontrollmediums dient, schon vorgängig über die drahtlose Verbindung übermittelt worden sein. Die mit der kapazitiv-resistiven Kopplung übermittelten Daten können aus einem (keine Zugangskontrollmedium-spezifischen Daten enthaltenden) temporären Zugangscode bestehen, die ggf. noch mit einer einfachen, nicht Zugangskontrollmedium-spezifischen Operation geändert wurden. Auch das Hinzufügen einer ID oder anderen simplen Zeichenfolge ist nicht ausgeschlossen.Due to the procedure according to the invention, therefore, only a simple character string must be transmitted via the capacitive-resistive coupling. In particular, no data relating to the actual authentication process has to be transmitted in this step. In particular, all information that serves the writing and / or reading device for identifying / authenticating the access control medium may have already been transmitted via the wireless connection. The data transmitted with the capacitive-resistive coupling can consist of a temporary access code (containing no access-control-medium-specific data), which possibly has still been changed with a simple, non-access-control-medium-specific operation. Adding an ID or other simple string is not excluded.
Eine Sicherheit gegenüber Manipulationen besteht einerseits in der Sicherheit der gewählten drahtlosen Verbindung; verfügbare Verfahren beinhalten oft eine Verschlüsselung, und es ist auch aus praktischen Gründen (Synchronisation etc.) nicht einfach und rasch möglich, ein nur kurze Zeit bestehendes Funksignal abzuhören. Andererseits könnte eine manipulierende Person den unberechtigt empfangenen temporären Zugangscode auch nur beschränkt nutzen, da dieser nur für sehr kurze Zeit gültig ist.A security against manipulation consists on the one hand in the security of the selected wireless connection; available methods often include encryption, and it is also for practical reasons (synchronization, etc.) not easy and quickly possible to listen to a short time existing radio signal. On the other hand, a manipulating person could also use the unauthorized temporarily received temporary access code only to a limited extent, since this is only valid for a very short time.
Gemäss einer Variante des erfindungsgemässen Vorgehens wird der temporäre Zugangscode über die kapazitiv-resistive Kopplung - dauernd - übermittelt und dann über die bestehende drahtlose Verbindung zurückgesandt; für den Empfänger ist es ohne Weiteres möglich zu verifizieren, dass sie von demselben Sender kommt, mit dem auch zuvor der erfolgreiche Authentifizierungsprozess durchgeführt wurde. Auch in dieser Variante bringt das erfindungsgemässe Verfahren praktisch keine für den Benutzer erkennbaren Zeitverzögerungen mit sich, da das Zurückübermitteln des ggf. modifizierten - Zugangscodes unmittelbar anschliessend an dessen Empfang über die kapazitiv-resistive Kopplung erfolgen kann, und zwar über die bereits aufgebaute drahtlose Verbindung.According to a variant of the method according to the invention, the temporary access code is transmitted via the capacitive-resistive coupling-permanently-and then sent back via the existing wireless connection; it is easily possible for the recipient to verify that it comes from the same sender with which the successful authentication process was previously performed. In this variant too, the method according to the invention brings practically no time delays which are recognizable to the user, since the back transmission of the optionally modified access code can take place immediately after its reception via the capacitive-resistive coupling, namely via the already established wireless connection.
Besonders geeignet als Informationsübertragungskanal (als die drahtlose Verbindung) ist der vormals unter dem Namen "Wibree" bekannte Standard Bluetooth Low Energy. Die Verwendung dieser vergleichsweise kurzreichweitigen (ca. 10 m Signalreichweite) Technologie ist aufgrund der kurzen Reichweite sicherheitstechnisch vorteilhaft. Als besonders günstig erweist sie sich zudem für die Anwendung "Zugangskontrolle" aus folgendem Grund: Türen in Gebäuden sind oft nicht verkabelt, und eine Verkabelung wäre mit grossem Aufwand verbunden. Daher sind solche "standalone"-Vorrichtungen auf Batterieversorgung angewiesen. Aus praktischen Gründen ist unerwünscht, wenn diese Batterien in hohem Rhythmus auszuwechseln sind. Daher ist die sehr energiesparende Bluetooth Low Energy Technologie, die eigentlich für die Kommunikation zwischen Sensoren und in deren Nähe plazierten Empfängern entwickelt wurde, durchaus überraschend sehr gut für die vorliegende Anwendung geeignet. Auch der Einsatz von "normalen" Bluetooth ist in ähnlicher Weise möglich, mit dem Nachteil, dass der Leistungsverbrauch eines solches Systems höher ist.Particularly suitable as an information transmission channel (as the wireless connection) is the previously known under the name "Wibree" standard Bluetooth Low Energy. The use of this comparatively short-range (about 10 m signal range) technology is advantageous in terms of safety due to the short range. In addition, it proves to be particularly favorable for the application "access control" for the following reason: Doors in buildings are often not wired, and a wiring would be very costly. Therefore, such "standalone" devices rely on battery power. For practical reasons, it is undesirable if these batteries are to be replaced at high speed. Therefore, the very energy-saving Bluetooth low energy technology, which was actually developed for the communication between sensors and in their vicinity placed receivers, quite surprisingly very well suited for the present application. The use of "normal" Bluetooth is likewise possible, with the disadvantage that the power consumption of such a system is higher.
Beim Zugangskontrollmedium handelt es sich vorzugsweise um ein portables Gerät, bspw. Mobiltelefon. In einem solchen steht im Allgemeinen genügend Leistung zur Verfügung steht. Gemäss einer bevorzugten Ausführungsform übernimmt das Zugangskontrollmedium die Rolle des "Masters" bei der Kommuninkation über Bluetooth bzw. Bluetooth Low Energy, d.h. die Initialisierung der Verbindung geht vom Zugangskontrollmedium aus.The access control medium is preferably a portable device, for example a mobile telephone. In such is generally enough power available. According to a preferred embodiment, the access control medium assumes the role of "master" in Kommuninkation Bluetooth or Bluetooth Low Energy, ie the initialization of the connection is based on the access control medium.
Gemäss einer bevorzugten Ausführungsform werden nach erfolgten Authentifizierungsverfahren Unterhaltsdaten von der Schreib- und/oder Leseeinrichtung (der Türe) an das Zugangskontrollmedium übermittelt, bspw. Batteriestandsdaten etc. Im Falle eines Störfalles oder eines notwendigen Batteriewechsel kann dadurch die - nicht verdrahtete Schreib- und/oder Leseeinrichtung via das Zugangskontrollmedium ein Warnsignal auslösen oder auf andere geeignete Weise auf das zu Behebende aufmerksam machen.According to a preferred embodiment, after the authentication process, maintenance data is transmitted from the writing and / or reading device (the door) to the access control medium, for example battery life data etc. In the event of an accident or a necessary battery change, the non-wired writing and / or writing data can be transmitted Reading device via the access control medium trigger a warning signal or draw attention in another suitable manner to be remedied.
Wie vorstehend dargelegt eignet sich das erfindungsgemässe Vorgehen besonders für Anwendungen, bei denen das Zugangskontrollmedium durch den Benutzer nicht aktiv behändigt werden muss sonder bspw. in seiner Tasche verbleiben kann. Die kapatizitiv-resistive Kopplung erfolgt dann bevorzugt primär durch den Körper des Benutzers hindurch, welcher als - schlechter - elektrischer Leiter fungiert. Für die kapazitiv-resistive Kopplung besonders bevorzugt ist die daher eine Ultra-Breitband-Signalübertragung unter Verwendung des Frequenzspreizverfahrens. Dadurch kann bewirkt werden, dass die durch den Körper fliessenden Stromamplituden sehr klein sind. Betreffend Realisierung dieses Verfahrens und Vorteile wird auch auf die
Im Folgenden werden Ausführungsformen der Erfindung anhand von schematischen Zeichnungen illustriert. Es zeigen:
-
Fig. 1 eine Skizze zur Veranschaulichung des Ablaufs beim erfindungsgemässen Verfahren; -
Fig. 2 eine Darstellung eines Mobiltelefons als Zugangskontrollmedium in einem erfindungsgemässen System; und -
Fig. 3 ein Ablaufdiagramm einer Ausführungsform eines erfindungsgemässen Verfahrens.
-
Fig. 1 a sketch to illustrate the process in the inventive method; -
Fig. 2 a representation of a mobile phone as an access control medium in a system according to the invention; and -
Fig. 3 a flowchart of an embodiment of a method according to the invention.
Gemäss
Bewegt sich der Benutzer nur an der Tür vorbei, ohne dass der Benutzer versucht, den Türdrücker zu betätigen, findet unter Umständen ebenfalls der Authentifizierungsprozess statt. Da aber die - extrem kurzreichweitige - kapazitiv-resistive Kopplung unter diesen Umständen nicht einsetzt, öffnet sich die Türe nicht. Eine sich beispielsweise zufälligerweise in der Nähe befindliche Person kann daher die Türe nicht öffnen.If the user only moves past the door without the user attempting to operate the door handle, the authentication process may also take place. Since, however, the extremely short-range capacitive-resistive coupling does not start under these circumstances, the door does not open. For example, a person accidentally located nearby, therefore, can not open the door.
Besonders bevorzugt ist das Zugangskontrollmedium als Mobiltelefon 11 ausgestaltet. Das Mobiltelefon weist Mittel zum Kommunizieren über die Bluetooth Low Energy - Techologie auf. Ausserdem ist es mit einem Sender (oder eventuell Empfänger, s.u.) für die kapazitiv-resistive Kopplung versehen. Beispielsweise können Gehäuseteile oder eine - transparente - Displayfläche als entsprechende Elektroden 13, 14 ausgestaltet oder mit diesen beschichtet sein. Diesbezüglich wird auch auf die Dokumente
Die Zeitachse verläuft in
Im Normalzustand 31 "Standby"-Zustand, in welchem kein Zugangskontrollverfahren initialisiert ist, sendet entweder die Schreib- und/oder Leseeinrichtung oder das Mobiltelefon periodische Initialisierungssignale ("advertising packets") aus, bspw. mit einem Takt von zwischen 0.2 und 10 Hz, bspw. einmal pro Sekunde. Im dargestellten Ausführungsbeispiel werden die Initialisierungssignale von der Schreib- und/oder Leseeinrichtung versandt. Wird das advertising Packet vom Mobiltelefon empfangen, kann das Mobiltelefon von der Scanner- zur Initiator-Rolle wechseln, und es fragt die Schreib- und/oder Leseeinrichtung um eine drahtlose Verbindung an (Schritt 32). Daraufhin wird, innerhalb von beispielsweise höchstens 2 s die sichere Bluetooth Low Energy-Verbindung eingerichtet, wobei gemäss der gängigen Terminologie das Mobiltelefon als "Master", die Schreib- und/oder Leseeinrichtung als "Slave" fungiert (Schritt 33). Mit Hilfe der eingerichteten drahtlosen Verbindung wird der Authentifizierungsprozess durchgeführt, d.h. es wird die Zugangsberechtigung des Masters geprüft (Schritt 34).In the
Beim hier Authentifizierungsprozess genannten Verfahren wird geprüft, ob das Zugangskontrollmedium zum Zugang berechtigt, d.h. durch einen Datenaustausch über eine sichere, bspw. verschlüsselte Verbindung - der Datenaustausch kann auf dem Challenge-Response-Verfahren oder einem anderen geeigneten Verfahren beruhen - wird überprüft, ob auf dem Zugangskontrollmedium benötigte Daten und/oder Befähigungen vorhanden sind. Das Vorgehen, das beim Authentifizierungsprozess gewählt wird, wird hier nicht näher erläutert; es kann gemäss dem Stand der Technik oder auch gemäss anderen geeigneten Vorgehensweisen erfolgen. Es gibt - insbesondere in Verbindung mit der Kommunikation über Radiofrequenzen - diverse verschiedene Lösungen von unterschiedlichen Anbietern, bspw. das "Legic®"-System. Das erfindungsgemässe Vorgehen ermöglicht sogar die Verwendung von proprietären Lösungen von Drittanbietern, d.h. der Verfahrensablauf des Authentifizierungsverfahren muss demjenigen nicht bekannt sein, der das erfindungsgemässe Verfahren implementiert; lediglich das Resultat (ein "OK" oder ein "Zugang verweigert") wird benötigt.In the case of the method mentioned here, it is checked whether the access control medium authorizes access, that is to say by means of a data exchange via a secure, for example encrypted connection - the data exchange can be based on the challenge-response method or another suitable method the access control medium required data and / or qualifications are available. The procedure chosen during the authentication process will not be explained in detail here; It can be done according to the prior art or according to other suitable procedures. There are - especially in connection with communication via radio frequencies - various different solutions from different providers, such as the "Legic®" system. The procedure according to the invention even makes it possible to use proprietary solutions from third-party providers, ie the method sequence of the authentication method need not be known to the person implementing the method according to the invention; only the result (an "OK" or an "access denied") is needed.
Bei erfolgter Authentifizierung wird durch die Schreib- und/oder Leseeinrichtung ein temporärer (d.h. nur während beschränkter Zeit und/oder nur einmalig zum Zugang berechtigender) Zugangscode an das Mobiltelefon übermittelt (Schritt 35). Dies erfolgt über die sichere drahtlose Verbindung. Dieser Zugangscode - oder eine daraus abgeleitete Grösse, - wird sofort und bei Bedarf wiederholt an die Schreib- und/oder Leseeinrichtung zurück übermittelt, wobei für diese Zurückübermittlung die kapazitiv-resistive Informationsübertragung verwendet wird (Schritt 36). Das Aussenden des Zugangscodes oder der abgeleiteten Grösse erfolgt bspw. so oft, bis entweder eine Zeitlimite (bspw. eine Grösse zwischen 2 und 10 Sekunden) überschritten ist oder der Zugangscode von der Schreib- und/oder Leseeinrichtung empfangen wurde.Upon authentication, a temporary (i.e., only for a limited time and / or single access only) access code is transmitted to the mobile by the writing and / or reading device (step 35). This is done via the secure wireless connection. This access code - or a quantity derived therefrom - is transmitted back to the writing and / or reading device repeatedly immediately and if necessary, the capacitive-resistive information transmission being used for this return (step 36). The transmission of the access code or the derived variable takes place, for example, until either a time limit (for example a value between 2 and 10 seconds) has been exceeded or the access code has been received by the writing and / or reading device.
Als Variante zum dargestellten Vorgehen kann auch vorgesehen sein, dass der temporäre Zugangscode von der Schreib- und/oder Leseeinrichtung kapazitiv-resistiv an das Mobiltelefon übermittelt wird, und dass dieses den Zugangscode bzw. die abgeleitete Grösse über die sichere drahtlose Verbindung zurücksendet, wobei dann das Aussenden des Zugangscode durch die Schreib- und/oder Leseeinrichtung so lange erfolgen kann, bis entweder eine Zeitlimite erreicht oder der zurückgesandte Zugangscode bzw. die abgeleitete Grösse über die gesicherte Verbindung empfangen ist.As a variant of the illustrated procedure, it can also be provided that the temporary access code is transmitted capacitively and resistively to the mobile telephone by the writing and / or reading device, and that it sends back the access code or the derived variable via the secure wireless connection, in which case the sending of the access code by the writing and / or reading device can take place until either a time limit is reached or the returned access code or the derived variable is received via the secure connection.
Der Zugangscode ist bspw. eine Zufallszahl oder Zufallssequenz oder eine aus einer Zufallszahl/Zufallssequenz und weiteren Grössen zusammengesetzte oder berechnete Grösse.The access code is, for example, a random number or a random sequence or a variable composed or calculated from a random number / random sequence and further variables.
Besonders einfach ist das erfindungsgemässe Verfahren implementierbar, wenn durch das Mobiltelefon der temporäre Zugangscode selbst zurückgesandt wird. Als mögliche daraus abgeleitete Grössen kommen der um eine Unikatsnummer oder Dergleichen, eine Zeitinformation, eine weitere Zufallsgrösse etc. ergänzte Zugangscode, Sequenzen des Zugangscodes oder eine mit einer vorbekannten Operation auf dem u.U. ergänzten Zugangscode oder Sequenzen davon erhaltene Grösse in Frage.The method according to the invention can be implemented particularly simply if the temporary access code itself is sent back by the mobile telephone. As a possible derived therefrom come to a unique number or The same, a time information, a further random variable, etc. added access code, sequences of the access code, or a variable obtained with a previously known operation on the possibly completed access code or sequences thereof.
Anschliessend an das Vor- und Zurücksenden des temporären Zugangscodes - oder teilweise gleichzeitig dazu - können optional auch Unterhaltsdaten ausgetauscht werden, bspw. können Prüfdaten, Batteriestandsdaten, Statusdaten etc. von der Schreib- und/oder Leseeinrichtung an das Mobiltelefon übermittelt (Schritt 37) und bei Bedarf für Wartungszwecke ausgewertet werden; auch entsprechende Warnungen oder dergleichen können ausgelöst werden. Schliesslich wird die Verbindung - hier durch das Mobiltelefon - beendet (Schritt 38), und das Objekt freigegeben, bspw. die Türe entriegelt (Schritt 39).Following the forward and backward transmission of the temporary access code-or at least simultaneously thereto-maintenance data can optionally also be exchanged, for example test data, battery life data, status data etc. can be transmitted from the writing and / or reading device to the mobile telephone (step 37) and be evaluated for maintenance if necessary; also appropriate warnings or the like can be triggered. Finally, the connection is terminated (here by the mobile telephone) (step 38), and the object is released, for example the door is unlocked (step 39).
Ganz rechts in
Alle Prozesse zeichnen sich somit durch einen ausgesprochen geringen Energieverbrauch und sind daher geeignet, auch mit verhältnismässig kleinen und/oder langlebigen Batterien ausgeführt zu werden, bspw. insbesondere wenn die Schreib- und/oder Leseeinrichtung der Türe als nicht verdrahtete ,standalone'-Vorrichtung vorhanden ist, deren Batterie dann bspw. nur alle ein bis zwei Jahre ausgewechselt werden muss.All processes are thus characterized by a very low energy consumption and are therefore suitable to be performed even with relatively small and / or long-lasting batteries, for example. Especially if the writing and / or reading device of the door as a non-wired, standalone 'device available is, whose battery then, for example, only every one to two years must be replaced.
Claims (10)
- An access control method for the controlled release of an object, comprising the following steps:- building up a wireless connection between an access control medium and a write/read device of the object via radio waves or microwaves,- carrying out an authentication process by way of data signals which are transferred between the access control medium and the write/read device of the object via the wireless connection;- given a successful authentication in the authentication process, transferring a temporary access code from the write/read device of the object to the access control medium;- sending a data package based on the temporary access code, back from the access control medium to the write/read device of the object,- wherein the transfer of the temporary access code or the sending-back of the data package is effected by way of the capacitive-resistive coupling; and- release of the object by way of this write/read device, if the received data package is recognised as being correct.
- An access control method according to claim 1, characterised in that the transfer of the temporary access code is effected via the wireless connection, and the sending-back of the data package is effected via the capacitive-resistive coupling.
- An access control method according to claim 1 or 2, characterised in that the data package is identical to the temporary access code or comprises at least a part of the temporary access code in an unencrypted manner.
- An access control method according to one of the preceding claims, characterised in that a mobile telephone is used as an access control medium.
- An access control method according to one of the preceding claims, characterised in that the wireless connection is a Bluetooth or Bluetooth low energy connection.
- An access control method according to one of the preceding claims, characterised in that initialisation signals are emitted from the write/read device of the object at regular intervals, prior to building up the wireless connection.
- An access control method according to claim 6, characterised in that the access control medium requests the wireless connection on receiving an initialisation signal.
- An access control method according to one of the preceding claims, characterised in that maintenance data is transmitted from the write/read device of the object to the access control medium via the wireless connection, subsequently to the authentication process.
- An access control method according to one of the preceding claims, characterised in that the signal transmission by way of the capacitive-resistive coupling is effected as a transmission of an ultra-broadband signal whilst using a frequency spread method.
- An access control system for the controlled release of an object, comprising at least one write/read device of the object for blocking or releasing an object, in dependence on a control of the access authorisation, as well as comprising at least one access control medium, wherein the write/read device of the object and the access control medium in each case comprise a transmitter and receiver device for the wireless communication via radio wave or microwave signals, and moreover a transmitter and a receiver for the capacitive-resistive coupling between the write/read device of the object and the access control medium are present in the write/read device of the object and in the access control medium, with which transmitter and receiver capacitive-resistive signals can be transmitted from the access control medium to the write-/read device of the object and/or from the write/read device of the object to the access control medium, characterised in that the write/read device of the object and the access control medium are configured to carry out an access control method according to one of the preceding claims.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CH9402008 | 2008-06-18 | ||
PCT/CH2009/000202 WO2009152628A1 (en) | 2008-06-18 | 2009-06-15 | Access control method and access control system |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2304693A1 EP2304693A1 (en) | 2011-04-06 |
EP2304693B1 true EP2304693B1 (en) | 2016-08-31 |
Family
ID=40910732
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP09765310.9A Not-in-force EP2304693B1 (en) | 2008-06-18 | 2009-06-15 | Access control method and access control system |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP2304693B1 (en) |
WO (1) | WO2009152628A1 (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8554141B2 (en) | 2010-06-24 | 2013-10-08 | Broadcom Corporation | Method and system for multi-stage device filtering in a bluetooth low energy device |
NL1038635C2 (en) * | 2011-03-04 | 2012-09-05 | Franken | Soundproof communication booth access system. |
AT512075A1 (en) * | 2011-10-18 | 2013-05-15 | Evva Sicherheitstechnologie | METHOD OF ACCESS CONTROL |
FR3010571B1 (en) * | 2013-09-09 | 2016-12-30 | Valeo Securite Habitacle | AUTHENTICATION OF A USER WITH A MOBILE DEVICE TO A VEHICLE |
EP3063742B1 (en) * | 2013-10-29 | 2020-07-15 | Cubic Corporation | Fare collection using wireless beacons |
CN104183049B (en) * | 2014-09-02 | 2017-11-10 | 南京铁马信息技术有限公司 | A kind of intelligentized gate inhibition's alignment system and its localization method |
DE102017105771A1 (en) * | 2017-03-17 | 2018-09-20 | Deutsche Telekom Ag | Access control procedure |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19901364A1 (en) * | 1998-01-19 | 1999-07-22 | Marquardt Gmbh | Lock system, especially for locking motor vehicle doors |
WO2007036061A1 (en) * | 2005-09-27 | 2007-04-05 | Kaba Ag | Method and system for the transmission of identification signals |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI20002255A (en) * | 2000-10-13 | 2002-04-14 | Nokia Corp | A method for controlling and controlling locks |
DE10147936B4 (en) * | 2001-09-28 | 2007-02-22 | Siemens Ag | Access control method, control system, control device and mobile communication terminal |
DE10238134A1 (en) * | 2002-08-15 | 2004-02-26 | Ident Technology Ag | Car door locking system, includes reception system operated by contacting component of vehicle by carrier of mobile key unit |
FR2860668B1 (en) * | 2003-10-06 | 2006-01-06 | Valeo Securite Habitacle | CURRENT BAUDGE IDENTIFICATION SYSTEM CIRCULATING THROUGH THE BODY TO TWO DETECTION MODES |
US20100231353A1 (en) * | 2007-02-14 | 2010-09-16 | Kaba Ag | System and portable device for transmitting identification signals |
-
2009
- 2009-06-15 WO PCT/CH2009/000202 patent/WO2009152628A1/en active Application Filing
- 2009-06-15 EP EP09765310.9A patent/EP2304693B1/en not_active Not-in-force
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19901364A1 (en) * | 1998-01-19 | 1999-07-22 | Marquardt Gmbh | Lock system, especially for locking motor vehicle doors |
WO2007036061A1 (en) * | 2005-09-27 | 2007-04-05 | Kaba Ag | Method and system for the transmission of identification signals |
Also Published As
Publication number | Publication date |
---|---|
EP2304693A1 (en) | 2011-04-06 |
WO2009152628A1 (en) | 2009-12-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2304693B1 (en) | Access control method and access control system | |
EP2238576B1 (en) | Method and device for regulating access control | |
EP1069265A2 (en) | Entry authorisation device and combined entry and user authorisation device | |
DE102017210523B3 (en) | A method of operating a passive radio-based locking device and passive radio-based locking device | |
EP3580938B1 (en) | Method for determining relative position of a ble-device with respect to a vehicle | |
EP1041224A2 (en) | Device and method for releasing a secure system, especially a motor vehicle access system | |
DE102014001224A1 (en) | Method for person-selective access control | |
DE102017207830A1 (en) | Apparatus and method for determining a distance | |
WO2018036689A1 (en) | Wireless key closing device for a motor vehicle, motor vehicle, and method for operating the closing device | |
EP1317824A2 (en) | Method and system for controlling access | |
EP2584541B1 (en) | Method for access control | |
WO1999054843A1 (en) | Radio-interrogation data carrier | |
DE10112573A1 (en) | Method for initializing an anti-theft system for a motor vehicle | |
AT504633B1 (en) | METHOD FOR AUTHENTICATING A MOBILE OPERATING DEVICE | |
EP2469481B1 (en) | Safety system and safety method | |
DE102008007842B3 (en) | Synchronization of the communication between the identification transmitter and the vehicle station of an access device | |
EP3580942B1 (en) | Signal strength detection method for signal strength-based position determination of a mobile ble device | |
EP2859536B1 (en) | Method for proving the presence of an identity token in the range of an identity sensor in a cryptographically secure manner, and identity sensor for such a method | |
EP2063380A2 (en) | Communication device for contactless data transmission over a near field | |
EP1768316B1 (en) | Deblocking of a wireless card | |
EP2584540A2 (en) | Method for access control | |
EP3441948A1 (en) | Closing system, electric lock for a closing system and method for operating a closing system | |
EP2767059B1 (en) | Blocking of data exchange for protecting a near field communication | |
EP1106450A2 (en) | Activation and/or deactivation device for a security device | |
EP2871616A1 (en) | Method and device for access control |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20101217 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA RS |
|
17Q | First examination report despatched |
Effective date: 20110520 |
|
DAX | Request for extension of the european patent (deleted) | ||
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20160331 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK TR |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: GERMAN |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 502009013031 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 825571 Country of ref document: AT Kind code of ref document: T Effective date: 20161015 |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: TRGR |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20160831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20161130 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20161201 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20161130 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170102 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 502009013031 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20170601 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 502009013031 Country of ref document: DE Representative=s name: BALDER IP LAW, S.L., ES Ref country code: DE Ref legal event code: R081 Ref document number: 502009013031 Country of ref document: DE Owner name: DORMAKABA SCHWEIZ AG, CH Free format text: FORMER OWNER: KABA AG, WETZIKON, CH |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: ST Effective date: 20180228 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170630 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170630 Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170615 Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170615 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20170630 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170630 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MM01 Ref document number: 825571 Country of ref document: AT Kind code of ref document: T Effective date: 20170615 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170630 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170615 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20090615 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20160831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20161231 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20210618 Year of fee payment: 13 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: SE Payment date: 20210618 Year of fee payment: 13 Ref country code: GB Payment date: 20210625 Year of fee payment: 13 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 502009013031 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: EUG |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20220615 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220616 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220615 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230103 |