EP2624223B1 - Method and apparatus for access control - Google Patents
Method and apparatus for access control Download PDFInfo
- Publication number
- EP2624223B1 EP2624223B1 EP13450007.3A EP13450007A EP2624223B1 EP 2624223 B1 EP2624223 B1 EP 2624223B1 EP 13450007 A EP13450007 A EP 13450007A EP 2624223 B1 EP2624223 B1 EP 2624223B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- access control
- access
- control device
- identification medium
- sam
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 21
- 238000013475 authorization Methods 0.000 claims description 40
- 230000005540 biological transmission Effects 0.000 claims description 32
- 230000000903 blocking effect Effects 0.000 claims description 14
- 230000006870 function Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 10
- 238000009795 derivation Methods 0.000 claims description 9
- 230000002457 bidirectional effect Effects 0.000 claims description 5
- 238000013461 design Methods 0.000 claims description 5
- 230000005672 electromagnetic field Effects 0.000 claims description 3
- 238000011156 evaluation Methods 0.000 claims description 3
- 230000001939 inductive effect Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 12
- 230000008859 change Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000002123 temporal effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 241001136792 Alle Species 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000000682 scanning probe acoustic microscopy Methods 0.000 description 1
- 239000013545 self-assembled monolayer Substances 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00857—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/21—Individual registration on entry or exit involving the use of a pass having a variable access code
Definitions
- the invention relates to a method for access control, in particular in buildings, in which bidirectional data transmission takes place between an electronic identification medium and an access control device and data processing, wherein the data transmission comprises the transmission of access right data from the electronic identification medium to the access control device, wherein the access right data in the access control device for Determining the access authorization to be evaluated and depending on the detected access authorization a blocking means for selectively enabling or blocking the access is controlled.
- the invention relates to a device comprising an access control device with a blocking means for selectively enabling or disabling the access and a transmitting / receiving device to allow bidirectional data transmission between an electronic identification medium and the access control device, wherein the access control device data processing means for controlling the data transmission and the Determining the access authorization based on received access right data and the data processing means interact with the blocking means for selectively enabling or disabling the access.
- RFID systems consist of an electronic identification medium, such as an electronic key, on which access rights data, such as an identification or access code and / or access conditions such as authorized access time, legitimate access, authorized access date a user and the like., are stored electronically and which is often referred to as a "transponder", and a reader.
- the transponder is usually constructed without its own energy source and the required energy is obtained from the electromagnetic field of the reader.
- radio systems are also known in which the electronic identification medium is an active transmitter with its own energy source (eg remote opening of the central locking system for motor vehicles).
- the access authorizations for easier management are usually stored in an access control center.
- the access control center usually has a database in which the individual locking units, the keys and the respective access authorizations can be managed.
- the electronic identification media can be programmed in accordance with the respectively desired access authorizations with access right data.
- the access right data is sent from the access control center to a wireless mobile telecommunications device of the respective desired user or key holder.
- the access rights data received from the mobile telecommunication device can be made available to a suitable identification medium, which receives a key function in this manner.
- a kind of "online key” is thus created, since the key can be reprogrammed via the mobile telecommunications network and the corresponding mobile terminal in order to change the access right data and thus the access authorization of the key holder in this manner.
- the locking units can work as autonomous units after installation and initialization and in particular require no network connection.
- Security critical attack points also provides the data transfer between the identification medium and the access control device.
- the access control device itself can be the target of attacks for example, aimed at destroying the electronic components or circuits responsible for access control.
- access control devices or closing units are to be understood as meaning electrical, electronic or mechatronic closing units, in particular locks.
- Closing units may in this case comprise various components, such as e.g. Access devices for identification media, in particular electronic keys, a locking electronics and the like.
- Access control devices or locking units serve in particular to block access to rooms depending on the access authorization or release and are accordingly intended for installation in doors, windows and the like.
- mechanical clamping units e.g. to understand cylinder locks.
- Mechatronic clamping units are e.g. electric motor driven locking devices, in particular e-cylinder.
- Electric locking units are e.g. electric door opener.
- a release agent e.g. a mechanically acting blocking element which can be moved between a blocking and a releasing position, a mechanical or magnetic coupling element comprising an actuating element, e.g. a handle coupled or decoupled with a locking member, or an electrically locking and / or releasable locking member, such as e.g. an electric door opener, to understand.
- actuating element e.g. a handle coupled or decoupled with a locking member
- an electrically locking and / or releasable locking member such as e.g. an electric door opener
- the document US 2005/060555 A1 discloses an access control method wherein a mobile device has stored a plurality of private keys that are uniquely associated with different doors and that are also stored by the respective access control devices.
- the document GB 2427055 A discloses a portable token for authenticating a user to various access control devices, wherein the access information is stored in the token and the user has the ability to manage that information.
- the present invention therefore aims to increase the safety of electronically operating access control systems.
- the data processing comprises an authentication of the electronic identification medium on the basis of at least one digital certificate and the data transmission comprises the use of a key exchange or derivation protocol, whereby the at least one secret, shared session key is accessed, whereupon the at least one session key is used to establish a secure transmission channel between the electronic identification medium and the access control device, and the access rights data are electronically transmitted over the secure channel Identification medium are transmitted to the access control device, wherein the at least one session key in the electronic identification medium and in the access control device based on an access control device individual access code is generated, preferably further based on a random number generated by the identification medium and an access control device and / or one of the identification medium and a run number generated by the access control device.
- the electronic identification medium is authenticated on the basis of at least one digital certificate
- non-system-aware and therefore non-certified or invalidly certified subscribers of the access control system can be identified.
- the at least one digital certificate is issued by an access control center.
- the at least one digital certificate is additionally signed by the access control center, so that the certificate can also be checked for authenticity and validity.
- a digital certificate here is to be understood as a digital data record which confirms certain properties of the identification medium and whose authenticity and integrity can be tested by cryptographic methods.
- this is a public-key certificate, which confirms the identification medium as the owner and other properties of a public cryptographic key. It is thus a proof that the public key of an asymmetric encryption method belongs to the identification medium.
- the digital certificate is used as part of a dynamic asymmetric authentication method.
- a 5x key exchange or derivation protocol is understood here to mean a process in cryptography in order to make two or more communication partners access a common, secret key without transmitting it in plain text. This can be done by someone transferring a key to all partners involved or by creating or deriving a new key during the execution of the protocol.
- the key exchange or derivation protocol specifies the exact procedure.
- the session key is then used to quadruple and decrypt the data transmitted between the identification medium and the access control device by means of a symmetric encryption method and to maintain their authenticity.
- the at least one session key is generated or derived in the electronic identification medium and in the access control device on the basis of an access control device-specific access code, preferably on the basis of a random number generated by the identification medium and a random access number generated by the access control device and / or one of the identification medium and one run number generated by the access control device.
- the transmission security can be further increased by the fact that the key exchange protocol, the generation of a cryptogram using the session key in the access control device and the transmission of the same the identification medium, wherein the cryptogram is verified in the identification medium using the session key.
- the key exchange protocol comprises generating a cryptogram using the session key in the identification medium and transmitting it to the access control device, verifying the cryptogram in the access control device using the session key.
- the advantage of the inventive method is that all data that does not serve the construction of the secure transmission channel are transmitted in this secure, session-specific channel, whereby the integrity, authenticity and confidentiality of the data is ensured.
- the access rights data are transmitted via the secure channel, wherein a complementary authentication preferably succeeds by signing the access right data from an access control center and transmitting it together with the signature via the secure channel from the electronic identification medium to the access control device.
- Another advantage of the procedure according to the invention is that the access control device neither to the access control center still be connected to a certification authority wireless or wired. Rather, the determination of the access authorization in the access control device, including the authentication of the electronic identification medium, the execution of the key exchange and the establishment of the secure transmission channel exclusively due to between the access control device and the electronic identification medium transmitted or once and permanently in the access control device stored data, such as a manufacturer-stored access control device identification.
- a further increase in security succeeds in that the data transfer is purely passive by loading the electromagnetic field between the electronic identification medium and the access control device. This data transfer works only over a very limited range of about 10 cm, so that listening is difficult.
- the data processing means comprise at least one microcontroller and a Secure Access Module (SAM), wherein the SAM is configured to perform cryptographic functions, and the transmitting / receiving device is arranged in a first area of the access control device and the SAM is arranged in a second area of the access control device.
- SAM Secure Access Module
- a dedicated component namely the Secure Access Module (SAM) are bundled, the SAM can be arranged in a separate from the transmitting / receiving unit area of the access control device.
- the design here is such that the first area (in which the transmitting / receiving unit is arranged) an unprotected area and the second area (in which the SAM is arranged) is a structurally protected area. This ensures that the SAM is better protected against destruction or manipulation by force or other destructive influences, especially against physical attacks of all kinds.
- the microcontroller is arranged in the second area.
- the microcontroller is preferably connected so that it connects the transmitting / receiving device with the SAM.
- the microcontroller is preferably arranged interchangeably in the access control device.
- the access control device is designed for installation in a door and is provided with at least one first handle, such as a knob or a pusher, wherein the first portion of the first handle and the second portion of a for receiving in an opening of the door leaf provided area or a second, the first handle opposite, second handle is formed.
- the SAM preferably includes authentication means to authenticate the electronic identification medium based on at least one digital certificate, and is programmed with a key exchange protocol. Furthermore, the SAM is preferably designed or programmed to set up a secure transmission channel between the electronic identification medium and the access control device. Furthermore, it is preferably provided that the SAM comprises an evaluation circuit for determining the access authorization on the basis of the received access right data.
- the evaluation circuit can be designed as a hardware circuit or realized by software.
- the SAM is particularly preferably designed as a microcontroller in chip card or SIM card design, in particular in IC design.
- the SAM can be interchangeably accommodated in an interface, in particular in a slot, so that, for example, the encryption type and the encryption strength can be changed in a simple manner by exchanging the SAM or changing the application running in the SAM.
- the identification medium is integrated in a mobile telecommunication device, in particular a mobile phone.
- the training is in this case preferably further developed in that the transmitting / receiving device for the wireless, preferably inductive data transmission in particular according to the NFC or RFID standard (ISO / IEC 14443) is formed.
- FIG. 1 the schematic structure of an access control system in a first embodiment
- Fig. 2 a further training of an access control system
- Fig. 3 a modified embodiment of an access control system
- Fig. 4 a block diagram of an access control device used in an access control system according to the Fig. 1 . 2 or 3 can be used
- Fig. 5 a diagram of the simplified protocol flow during a locking process.
- Fig. 1 is an access control center labeled 1.
- the objects to which the access is to be controlled by means of the access control system are designated 2 and schematically represented in the present case as houses.
- the objects 2 each have a door with a closing unit based on RFID, for example.
- An administrator 3 manages the access control center 1 and can assign access authorizations.
- the access control center 1 is connected to a telecommunications network 4, such as a LAN, WLAN, GSM, GPRS or UMTS network and can send via the network 4 access rights data to mobile telecommunications equipment 5.
- the mobile telecommunication devices 5 are, for example, mobile phones that are equipped with a key function.
- the cell phones have, for example, an NFC or RFID module in whose memory the access rights data obtained from the access control center 1 can be written.
- the access control center is again designated 1 and the administrator 3.
- the access control center 1 has a database 6 or is connected to such a database on which the access right data is stored and managed.
- the access control center 1 is further connected to a writing unit 7, which is designed, for example, as a writing instrument for RFID tags or transponders. With 8 an RFID transponder is shown, which can be described by the writing unit 7. This corresponds in principle to the conventional method of how RFID transponders can be programmed.
- a data connection between a mobile telecommunication device 5 and the access control center 1 can now according to the illustration in Fig. 2 done in different ways.
- a wireless connection via various connection protocols, such as WLAN, GSM or UMTS can be made with the Internet 9, wherein the access control center 1 is connected to the Internet 9.
- an SMS gateway 10 may be provided so that the data exchange between the access control center 1 and the mobile telecommunication device 5 via a short message service or another push service.
- the user 11 of the mobile telecommunication device 5 can in this case, as indicated by the line 12, access the access control center 1 and, if he has the required Has access rights to the access control center 1, manage the access rights. If the user 11 is not the administrator 3, the access granted to the access control center 1 is such that he can only manage and, if necessary, change his own access authorizations. Access to the access control center 1 can take place, for example, via a web interface so that the user 11 can manage his access authorizations with the aid of any internet-capable computer.
- This in Fig. 2 denoted by 5 mobile telecommunications device may be a cell phone that is equipped with an NFC module.
- the access rights data obtained from the access control center 1 are made available to the built-in NFC module, so that the access right data can be transmitted in the sequence via an NFC connection to the locking unit 13.
- FIG. 2 another mobile telecommunication device 14 is shown, which itself does not perform a key function. Instead, the access rights data transmitted by the access control center 1 are transferred to an external RFID transponder 15. The RFID transponder 15 can then be used independently of the mobile telecommunication device 14 to block locking units 13.
- a modified access control system is shown in which, as in the system according to Fig. 2 an access control center 1 via any communication connection, for example, via the Internet 9, mobile telecommunications devices 5 can provide access rights data. This can also be done via an SMS gateway 10 or another Push service done.
- a client computer 16 of a user is also connected to the Internet 9 and can mediate access rights data issued by the access control center 1 as a proxy.
- the client computer 16 is connected to a writing unit 17, which is designed, for example, as a writing instrument for RFID tags or transponders. 18, an RFID transponder is shown, which can be described by the writing unit 17.
- a certification authority 19 is now additionally integrated into the access control system, which is connected to the access control center 1.
- the provisioning of the components in the access control system is done as follows, which is usually only required once when a new component is added to the system.
- the certification authority 19 creates a digital certificate (corresponds to "cert MK " in Fig. 5 )
- the mobile telecommunication device 5 or arranged in this module or built-in module which performs the key function, such as a secure element, in particular a secure access module, or the SIM card of the telecommunication device 5.
- the module is based on a unique in the system ID ("ID MK " in Fig. 5 ) identified.
- the certification authority 19 creates a digital certificate (corresponds to "cert L " in Fig. 5 ) for a secure element, in particular a Secure Access Module, the access control device or closing unit 13.
- the module of the access control device 13 is also based on a unique in the system ID ("ID L " in Fig. 5 ) identified.
- the application of the access authorizations to the mobile telecommunication device 5 takes place as follows.
- the access rights data to be transmitted to the mobile telecommunication device 5 are generated in the access control center 1.
- the access rights data consist, for example, of a secret access control device-specific key (corresponds to "LT” in FIG Fig. 5 ) and a temporal permission restriction (corresponds to "Calendar” in Fig. 5 ).
- This temporal authorization restriction is signed by the certification authority 19 (see “s c " in FIG Fig. 5 ) to ensure their authenticity.
- the authorization restriction is transmitted from the access control center 1 to the certification authority 19, which then returns the signed authorization restriction to the access control center 1.
- the individual access right data which consists of the access control device-specific key and the time restriction of authorization signed by the certification authority 19, are then summarized.
- a secure connection is established via the mobile telecommunication device 5 with the aid of the digital certificates that were applied during the provisioning.
- the mobile telecommunication device 5 serves only as a mediator (proxy).
- the access control data is transmitted to the mobile telecommunications device 5 and stored in the module secured.
- the access control device 13 has an unprotected area 20, eg an outside area, and a protected area 21, eg an inside area.
- the transmitting / receiving unit 22 is arranged, which is designed, for example, as RFID read / write device and can exchange data with a passive RFID medium integrated in the mobile telecommunication device 5 or a passive RFID chip card 18.
- the data transmission can be done, for example, in NFC card emulation mode expire.
- a microcontroller 23, a Secure Access Module (SAM) 24, a circuit 25 for the electromechanical or electrical driving of a blocking means, not shown, and a hardware clock 26 are arranged.
- the blocking means can in this case be moved between a locking position and a release position for selectively enabling or disabling the access.
- the microcontroller 23 controls the basic functions of the access control device 13 and connects the SAM 24 with the transceiver unit 22.
- the application protocol data unit (APDU) generally refers to a communication unit between a chip card and a chip card application (eg according to the ISO / IEC 7816 standard).
- the SAM 24 contains the access control logic and a secure memory, as described in particular with reference to the description of Fig. 5 will be explained in more detail.
- the microcontroller 23 cooperates with a schematically indicated acoustic and / or visual signal generator 27, such as a light ring and a buzzer, to signal the user various operating conditions.
- Fig. 5 Now the basic sequence of communication between the electronic identification medium 5, in particular the secure module of the mobile telecommunication device 5 or the chip card 18, and the SAM 24 of the access control device 13 is shown. This is not the actual protocol, but a simplified representation of the underlying principles of the protocol. On the part of the access control device 13 is both the microcontroller 23 and the SAM are involved in the communication. On the secure module of the mobile telecommunication device 5 or the smart card 18 is in Fig. 5 with the keychain application 28.
- a record of LT, Calendar and c s is the access rights data, each record of an access control device identification ID is assigned to L.
Description
Die Erfindung betrifft ein Verfahren zur Zutrittskontrolle insbesondere in Gebäuden, bei dem eine bidirektionale Datenübermittlung zwischen einem elektronischen Identifikationsmedium und einer Zutrittskontrollvorrichtung und eine Datenverarbeitung stattfindet, wobei die Datenübermittlung die Übermittlung von Zutrittsrechtsdaten vom elektronischen Identifikationsmedium an die Zutrittskontrollvorrichtung umfasst, wobei die Zutrittsrechtsdaten in der Zutrittskontrollvorrichtung zur Feststellung der Zutrittsberechtigung ausgewertet werden und in Abhängigkeit von der festgestellten Zutrittsberechtigung ein Sperrmittel zum wahlweisen Freigeben oder Sperren des Zutritts angesteuert wird.The invention relates to a method for access control, in particular in buildings, in which bidirectional data transmission takes place between an electronic identification medium and an access control device and data processing, wherein the data transmission comprises the transmission of access right data from the electronic identification medium to the access control device, wherein the access right data in the access control device for Determining the access authorization to be evaluated and depending on the detected access authorization a blocking means for selectively enabling or blocking the access is controlled.
Weiters betrifft die Erfindung eine Vorrichtung umfassend eine Zutrittskontrollvorrichtung mit einem Sperrmittel zum wahlweisen Freigeben oder Sperren des Zutritts und einer Sende-/Empfangseinrichtung, um eine bidirektionale Datenübermittlung zwischen einem elektronischen Identifikationsmedium und der Zutrittskontrollvorrichtung zu ermöglichen, wobei die Zutrittskontrollvorrichtung Datenverarbeitungsmittel zur Steuerung der Datenübermittlung und zur Feststellung der Zutrittsberechtigung auf Grund von empfangenen Zutrittsrechtsdaten aufweist und die Datenverarbeitungsmittel mit dem Sperrmittel zum wahlweisen Freigeben oder Sperren des Zutritts zusammenwirken.Furthermore, the invention relates to a device comprising an access control device with a blocking means for selectively enabling or disabling the access and a transmitting / receiving device to allow bidirectional data transmission between an electronic identification medium and the access control device, wherein the access control device data processing means for controlling the data transmission and the Determining the access authorization based on received access right data and the data processing means interact with the blocking means for selectively enabling or disabling the access.
Für die elektronische Zutrittskontrolle mit berührungslosen Systemen gibt es mehrere Möglichkeiten. Bisher bekannte RFID-Systeme bestehen aus einem elektronischen Identifikationsmedium, wie z.B. einem elektronischen Schlüssel, auf welchem Zutrittsrechtsdaten, wie z.B. ein Identifikations- bzw. Zugangscode und/oder Zutrittsbedingungen wie z.B. berechtigte Zutrittszeit, berechtigter Zutrittstag, berechtigtes Zutrittsdatum eines Benutzers und dgl., elektronisch gespeichert sind und der oft als "Transponder" bezeichnet wird, und einem Lesegerät. Dabei ist der Transponder meist ohne eigene Energiequelle aufgebaut und die benötigte Energie wird aus dem elektromagnetischen Feld des Lesegeräts bezogen. Weiters sind auch Funksysteme bekannt, bei denen das elektronische Identifikationsmedium ein aktiver Sender mit eigener Energiequelle ist (z.B. Fernöffnung der Zentralverriegelung für Kraftfahrzeuge).There are several possibilities for electronic access control with non-contact systems. Previously known RFID systems consist of an electronic identification medium, such as an electronic key, on which access rights data, such as an identification or access code and / or access conditions such as authorized access time, legitimate access, authorized access date a user and the like., Are stored electronically and which is often referred to as a "transponder", and a reader. The transponder is usually constructed without its own energy source and the required energy is obtained from the electromagnetic field of the reader. Furthermore, radio systems are also known in which the electronic identification medium is an active transmitter with its own energy source (eg remote opening of the central locking system for motor vehicles).
Bei größeren Schließsystemen mit einer Mehrzahl von Schließeinheiten und elektronischen Identifikationsmedien bzw. Schlüsseln werden die Zutrittsberechtigungen zur einfacheren Verwaltung meist in einer Zutrittskontrollzentrale gespeichert. Die Zutrittskontrollzentrale weist hierbei üblicherweise eine Datenbank auf, in der die einzelnen Schließeinheiten, die Schlüssel und die jeweiligen Zutrittsberechtigungen verwaltet werden können. Über eine an die Zutrittskontrollzentrale angeschlossene Schreibeinrichtung können die elektronischen Identifikationsmedien entsprechend den jeweils gewünschten Zutrittsberechtigungen mit Zutrittsrechtsdaten programmiert werden.For larger locking systems with a plurality of locking units and electronic identification media or keys, the access authorizations for easier management are usually stored in an access control center. In this case, the access control center usually has a database in which the individual locking units, the keys and the respective access authorizations can be managed. Via a writing device connected to the access control center, the electronic identification media can be programmed in accordance with the respectively desired access authorizations with access right data.
In der
Auf Grund der Möglichkeit der entfernten Programmierung von Schlüsseln ist es zur Änderung der Zutrittsberechtigungen nicht mehr notwendig, einen Zugriff direkt auf die einzelnen Schließeinheiten zu erhalten. Die Schließeinheiten können nach der Installation und Initialisierung als autonome Einheiten arbeiten und erfordern insbesondere keine Netzwerkanbindung.Due to the possibility of remote programming of keys it is no longer necessary to change the access authorizations to obtain access directly to the individual locking units. The locking units can work as autonomous units after installation and initialization and in particular require no network connection.
Obwohl die elektronische Überprüfung der Zutrittsberechtigung allgemein eine Reihe von Vorteilen bietet, wie z.B. die Möglichkeit der raschen Änderung von Berechtigungsdaten und eine wesentlich größere Codierungsvielfalt und -komplexität als bei einer mechanischen Berechtigungsabfrage, können elektronisch vorliegende Zutrittsberechtigungsdaten, insbesondere solche, die drahtlos übertragen werden, bei ungenügenden Sicherheitsvorkehrungen leicht und unbemerkt abgefangen oder kopiert und missbräuchlich verwendet werden.Although the electronic validation of access authorization generally offers a number of advantages, such as: the possibility of rapid change of authorization data and a much greater coding variety and complexity than a mechanical authorization query, electronically present access authorization data, especially those that are wirelessly transmitted, can be easily and unnoticed intercepted or copied and misused inadequate security precautions.
Mit der Übersendung von Zutrittsrechtsdaten von der Zutrittskontrollzentrale an mobile Telekommunikationsgeräte ist beispielsweise das Risiko verbunden, dass die Zutrittsrechtsdaten von unberechtigten Personen manipuliert oder abgefangen werden. Sicherheitskritische Angriffspunkte bietet auch die Datenübertragung zwischen dem Identifikationsmedium und der Zutrittskontrollvorrichtung. Weiters kann die Zutrittskontrollvorrichtung selbst Ziel von Angriffen sein, die beispielsweise auf die Zerstörung der für die Zutrittskontrolle verantwortlichen elektronischen Bausteine oder Schaltkreise abzielen.With the transmission of access rights data from the access control center to mobile telecommunications equipment, for example, the risk associated with the access rights data manipulated or intercepted by unauthorized persons. Security critical attack points also provides the data transfer between the identification medium and the access control device. Furthermore, the access control device itself can be the target of attacks for example, aimed at destroying the electronic components or circuits responsible for access control.
Unter Zutrittskontrollvorrichtungen oder Schließeinheiten sind im Rahmen der Erfindung elektrische, elektronische oder mechatronische Schließeinheiten, insbesondere Schlösser, zu verstehen. Schließeinheiten können hierbei verschiedene Komponenten umfassen, wie z.B. Leseeinrichtungen für Identifikationsmedien, insbesondere elektronische Schlüssel, eine Schließelektronik und dgl. Zutrittskontrollvorrichtungen bzw. Schließeinheiten dienen dabei insbesondere dazu, den Zutritt zu Räumen in Abhängigkeit von der Zutrittsberechtigung zu versperren oder freizugeben und sind dementsprechend zum Einbau in Türen, Fenstern und dgl. vorgesehen. Unter mechanischen Schließeinheiten sind z.B. zylinderschlösser zu verstehen. Mechatronische Schließeinheiten sind z.B. elektromotorisch angetriebene Sperreinrichtungen, insbesondere E-Zylinder. Elektrische Schließeinheiten sind z.B. elektrische Türöffner.In the context of the invention, access control devices or closing units are to be understood as meaning electrical, electronic or mechatronic closing units, in particular locks. Closing units may in this case comprise various components, such as e.g. Access devices for identification media, in particular electronic keys, a locking electronics and the like. Access control devices or locking units serve in particular to block access to rooms depending on the access authorization or release and are accordingly intended for installation in doors, windows and the like. Among mechanical clamping units, e.g. to understand cylinder locks. Mechatronic clamping units are e.g. electric motor driven locking devices, in particular e-cylinder. Electric locking units are e.g. electric door opener.
Unter einem Freigabemittel ist im Rahmen der Erfindung z.B. ein mechanisch wirkendes Sperrelement, das zwischen einer Sperr- und einer Freigabestellung bewegt werden kann, ein mechanisches oder magnetisches Kupplungselement, das ein Betätigungselement, wie z.B. eine Handhabe, mit einem Sperrglied koppelt oder entkoppelt, oder ein elektrisch sperr- und/oder freigebbares Sperrelement, wie z.B. ein elektrischer Türöffner, zu verstehen.Under a release agent is within the scope of the invention, e.g. a mechanically acting blocking element which can be moved between a blocking and a releasing position, a mechanical or magnetic coupling element comprising an actuating element, e.g. a handle coupled or decoupled with a locking member, or an electrically locking and / or releasable locking member, such as e.g. an electric door opener, to understand.
Das Dokument
Das Dokument
Das Dokument
Die vorliegende Erfindung zielt daher darauf ab, die Sicherheit von elektronisch arbeitenden Zutrittskontrollsystemen zu erhöhen.The present invention therefore aims to increase the safety of electronically operating access control systems.
Zur Lösung dieser Aufgabe ist gemäß einem ersten Aspekt der Erfindung bei einem Verfahren der eingangs genannten Art vorgesehen, dass die Datenverarbeitung eine Authentifizierung des elektronischen Identifikationsmediums auf Grundlage wenigstens eines digitalen Zertifikats umfasst und die Datenübermittlung die Verwendung eines Schlüsselaustausch-oder -ableitungsprotokolls umfasst, wodurch dem elektronschen Identifikationsmedium und der Zutrittskontrollvorrichtung wenigstens ein geheimer, gemeinsamer Sitzungsschlüssel zugänglich gemacht wird, worauf der wenigstens eine Sitzungsschlüssel zum Einrichten eines sicheren Übertragungskanals zwischen dem elektronischen Identifikationsmedium und der Zutrittskontrollvorrichtung verwendet wird, und dass die Zutrittsrechtsdaten über den sicheren Kanal vom elektronisehen Identifikationsmedium an die zutrittskontroilvorrichtung übermittelt werden, wobei der wenigstens eine Sitzungsschlüssel im elektronischen Identifikationsmedium und in der Zutrittskontrollvorrichtung auf Grundlage eines zutrittskontrollvorrichtungsindividuellen Zutrittscodes erzeugt wird, bevorzugt weiters auf Grundlage einer vom Identifikationsmedium und einer von der Zutrittskontrollvorrichtung erzeugten Zufallszahl und/oder von einer vom Identifikationsmedium und einer von der Zutrittskontrollvorrichtung erzeugten Laufnummer. Dadurch, dass das elektronische Identifikationsmedium auf Grundlage wenigstens eines digitalen Zertifikats authentifiziert wird, können systemfremde und daher nicht zertifizierte oder ungültig zertifizierte Teilnehmer des Zutrittskontrollsystem erkannt werden. Bevorzugt ist hierbei vorgesehen, dass das wenigstens eine digitale Zertifikat von einer Zutrittskontrollzentrale ausgestellt wird. Bevorzugt ist das wenigstens eine digitale Zertifikat von der Zutrittskontrollzentrale zusätzlich signiert, sodass auch das Zertifikat entsprechend auf Echtheit und Gültigkeit überprüft werden kann. Unter einem digitalen Zertifikat ist hierbei ein digitaler Datensatz zu verstehen, der bestimmte Eigenschaften des Identifikationsmediums bestätigt und dessen Authentizität und Integrität durch kryptographische Verfahren geprüft werden kann. Insbesondere handelt es sich dabei um ein Public-Key-Zertifikat, welches das Identifikationsmedium als Inhaber und weitere Eigenschaften eines öffentlichen kryptographischen Schlüssels bestätigt. Es handelt sich somit um einen Nachweis, dass der öffentliche Schlüssel eines asymmetrischen Verschlüsselungsverfahrens zu dem Identifikationsmedium gehört. Insbesondere kommt das digitale Zertifikat im Rahmen eines dynamischen asymmetrischen Authentifizierungsverfahrens zum Einsatz.To achieve this object, according to a first aspect of the invention, in a method of the type mentioned in the introduction, the data processing comprises an authentication of the electronic identification medium on the basis of at least one digital certificate and the data transmission comprises the use of a key exchange or derivation protocol, whereby the at least one secret, shared session key is accessed, whereupon the at least one session key is used to establish a secure transmission channel between the electronic identification medium and the access control device, and the access rights data are electronically transmitted over the secure channel Identification medium are transmitted to the access control device, wherein the at least one session key in the electronic identification medium and in the access control device based on an access control device individual access code is generated, preferably further based on a random number generated by the identification medium and an access control device and / or one of the identification medium and a run number generated by the access control device. By virtue of the fact that the electronic identification medium is authenticated on the basis of at least one digital certificate, non-system-aware and therefore non-certified or invalidly certified subscribers of the access control system can be identified. Preferably, it is provided that the at least one digital certificate is issued by an access control center. Preferably, the at least one digital certificate is additionally signed by the access control center, so that the certificate can also be checked for authenticity and validity. A digital certificate here is to be understood as a digital data record which confirms certain properties of the identification medium and whose authenticity and integrity can be tested by cryptographic methods. In particular, this is a public-key certificate, which confirms the identification medium as the owner and other properties of a public cryptographic key. It is thus a proof that the public key of an asymmetric encryption method belongs to the identification medium. In particular, the digital certificate is used as part of a dynamic asymmetric authentication method.
Erfindungswesentlich ist weiters das Einrichten eines sicheren Übertragungskanals, wobei der hierfür erforderliche Sitzungsschlüssel durch ein Schlüsselaustausch-oder -ableitungsprotokoll zugänglich gemacht wird. Unter einem 5chxüsselaustausch- oder -ableitungsprotokoll ist hierbei ein Vorgang in der Kryptographie zu verstehen, um zwei oder mehreren Kommunikationspartnern einen gemeinsamen, geheimen Schlüssel zugänglich zu machen, ohne diesen im Klartext zu übertragen. Dies kann geschehen, indem jemand einen Schlüssel an alle beteiligten Partner überträgt oder indem während der Durchführung des Protokolls ein neuer Schlüssel erzeugt oder abgeleitet wird. Das Schlüsselaustausch-oder -ableitungsprotokoll legt dabei die genaue Verfahrensweise fest. Der Sitzungsschlüssel wird anschließend verwendet, um die zwischen dem Identifikationsmedium und der Zutrittskontrollvorrichtung übermittelten Daten mittels eines symmetrischen Verschlüsselungsverfahrens zu vier- und entschlüsseln und deren Authentizität zu wahren.It is also essential to the invention to set up a secure transmission channel, whereby the session key required for this purpose is made accessible by a key exchange or derivation protocol. A 5x key exchange or derivation protocol is understood here to mean a process in cryptography in order to make two or more communication partners access a common, secret key without transmitting it in plain text. This can be done by someone transferring a key to all partners involved or by creating or deriving a new key during the execution of the protocol. The key exchange or derivation protocol specifies the exact procedure. The session key is then used to quadruple and decrypt the data transmitted between the identification medium and the access control device by means of a symmetric encryption method and to maintain their authenticity.
Erfindungsgemäß wird so vorgegangen, dass der wenigstens eine Sitzungsschlüssel im elektronischen Identifikationsmedium und in der zutrittskontrollvorrichtung auf Grundlage eines zutrittskontrollvorrichtungsindividuellen Zutrittscodes erzeugt oder abgeleitet wird, bevorzugt weiters auf Grundlage einer vom Identifikationsmedium und einer von der Zutrittskontrollvorrichtung erzeugten Zufallszahl und/oder von einer vom Identifikationsmedium und einer von der Zutrittskontrollvorrichtung erzeugten Laufnummer.According to the invention, the at least one session key is generated or derived in the electronic identification medium and in the access control device on the basis of an access control device-specific access code, preferably on the basis of a random number generated by the identification medium and a random access number generated by the access control device and / or one of the identification medium and one run number generated by the access control device.
Die Übertragungssicherheit kann noch dadurch erhöht werden, dass das Schlüsselaustauschprotokoll die Generierung eines Kryptogramms unter Verwendung des Sitzungsschlüssels in der Zutrittskontrollvorrichtung und die Übersendung desselben an das Identifikationsmedium umfasst, wobei das Kryptogramm im Identifikationsmedium unter Verwendung des Sitzungsschlüssels verifiziert wird. Dieser Vorgang kann zusätzlich auch in der umgekehrten Richtung verwendet werden. In diesem Fall umfasst das Schlüsselaustauschprotokoll die Generierung eines Kryptogramms unter Verwendung des Sitzungsschlüssels im Identifikationsmedium und die Übersendung desselben an die Zutrittskontrollvorrichtung, wobei das Kryptogramm in der Zutrittskontrollvorrichtung unter Verwendung des Sitzungsschlüssels verifiziert wird.The transmission security can be further increased by the fact that the key exchange protocol, the generation of a cryptogram using the session key in the access control device and the transmission of the same the identification medium, wherein the cryptogram is verified in the identification medium using the session key. This process can also be used in the opposite direction. In this case, the key exchange protocol comprises generating a cryptogram using the session key in the identification medium and transmitting it to the access control device, verifying the cryptogram in the access control device using the session key.
Der Vorteil der erfindungsgemäßen Verfahrensweise ist, dass alle Daten, die nicht dem Aufbau des sicheren Übertragungskanals dienen, in diesem sicheren, sitzungsspezifischen Kanal übertragen werden, wodurch die Integrität, Authentizität und Vertraulichkeit der Daten gewährleistet ist. So werden beispielsweise die Zutrittsrechtsdaten über den sicheren Kanal übermittelt, wobei eine ergänzende Authentifizierung bevorzugt dadurch gelingt, dass die Zutrittsrechtsdaten von einer zutrittskontrollzentrale signiert und gemeinsam mit der Signatur über den sicheren Kanal vom elektronischen Identifikationsmedium an die Zutrittskontrollvorrichtung übermittelt werden.The advantage of the inventive method is that all data that does not serve the construction of the secure transmission channel are transmitted in this secure, session-specific channel, whereby the integrity, authenticity and confidentiality of the data is ensured. Thus, for example, the access rights data are transmitted via the secure channel, wherein a complementary authentication preferably succeeds by signing the access right data from an access control center and transmitting it together with the signature via the secure channel from the electronic identification medium to the access control device.
Ein weiterer Vorteil der erfindungsgemäßen Verfahrensweise ist, dass die Zutrittskontrollvorrichtung weder an die Zutrittskontrollzentrale noch an eine Zertifizierungsstelle drahtlos oder drahtgebunden angebunden sein muss. Vielmehr erfolgt die Ermittlung der Zutrittsberechtigung in der Zutrittskontrollvorrichtung einschließlich der Authentifizierung des elektronischen Identifikationsmediums, der Durchführung des Schlüsselaustausch- bzw. -ableitungsprotokolls und der Einrichtung des sicheren Übertragungskanals ausschließlich auf Grund von zwischen der Zutrittskontrollvorrichtung und dem elektronischen Identifikationsmedium übermittelten oder einmalig und dauerhaft in der Zutrittskontrollvorrichtung abgespeicherten Daten, wie z.B. einer herstellerseitig abgespeicherten Zutrittskontrollvorrichtungsidentifizierung.Another advantage of the procedure according to the invention is that the access control device neither to the access control center still be connected to a certification authority wireless or wired. Rather, the determination of the access authorization in the access control device, including the authentication of the electronic identification medium, the execution of the key exchange and the establishment of the secure transmission channel exclusively due to between the access control device and the electronic identification medium transmitted or once and permanently in the access control device stored data, such as a manufacturer-stored access control device identification.
Eine weitere Erhöhung der Sicherheit gelingt dadurch, dass die Datenübermittlung rein passiv durch Belastung des elektromagnetischen Feldes zwischen dem elektronischen Identifikationsmedium und der Zutrittskontrollvorrichtung erfolgt. Diese Datenübermittlung funktioniert lediglich über eine sehr begrenzte Reichweite von ca. 10 cm, sodass ein Abhören erschwert wird.A further increase in security succeeds in that the data transfer is purely passive by loading the electromagnetic field between the electronic identification medium and the access control device. This data transfer works only over a very limited range of about 10 cm, so that listening is difficult.
Zur Lösung der der Erfindung zugrundeliegenden Aufgabe ist gemäß einem zweiten Aspekt der Erfindung bei einer Vorrichtung der eingangs genannten Art vorgesehen, dass die Datenverarbeitungsmittel wenigstens einen Mikrokontroller und ein Secure Access Module (SAM) umfassen, wobei das SAM zur Ausführung kryptographischer Funktionen eingerichtet ist, und dass die Sende-/Empfangseinrichtung in einem ersten Bereich der Zutrittskontrollvorrichtung und das SAM in einem zweiten Bereich der Zutrittskontrollvorrichtung angeordnet ist. Es können somit möglichst viele kritische Operationen, wie z.B. der Aufbau eines sicheren Übertragungskanals, kryptographische Operationen, Zutrittsentscheidungen, Logdatei, Blacklists und dgl., in einem eigens hierfür vorgesehenen Bauteil, nämlich dem Secure Access Module (SAM) gebündelt werden, wobei das SAM in einem von der Sende-/Empfangseinheit gesonderten Bereich der Zutrittskontrollvorrichtung angeordnet werden kann. Bevorzugt ist die Ausbildung hierbei so getroffen, dass der erste Bereich (in dem die Sende-/Empfangseinheit angeordnet ist) ein ungeschützter Bereich und der zweite Bereich (in dem das SAM angeordnet ist) ein baulich geschützter Bereich ist. Dies gewährleistet, dass das SAM gegen Zerstörung oder Manipulation durch Krafteinwirkung oder andere zerstörende Einflüsse, insbesondere gegen physische Angriffe aller Art besser geschützt ist.To solve the problem underlying the invention is provided according to a second aspect of the invention in a device of the type mentioned that the data processing means comprise at least one microcontroller and a Secure Access Module (SAM), wherein the SAM is configured to perform cryptographic functions, and the transmitting / receiving device is arranged in a first area of the access control device and the SAM is arranged in a second area of the access control device. It can thus as many critical operations, such as the construction of a secure transmission channel, cryptographic Operations, access decisions, log file, blacklists and the like., In a dedicated component, namely the Secure Access Module (SAM) are bundled, the SAM can be arranged in a separate from the transmitting / receiving unit area of the access control device. Preferably, the design here is such that the first area (in which the transmitting / receiving unit is arranged) an unprotected area and the second area (in which the SAM is arranged) is a structurally protected area. This ensures that the SAM is better protected against destruction or manipulation by force or other destructive influences, especially against physical attacks of all kinds.
Mit Vorteil ist auch der Mikrokontroller im zweiten Bereich angeordnet. Der Mikrokontroller ist bevorzugt so verschaltet, dass er die Sende-/Empfangseinrichtung mit dem SAM verbindet. Der Mikrokontroller ist bevorzugt austauschbar in der Zutrittskontrollvorrichtung angeordnet.Advantageously, the microcontroller is arranged in the second area. The microcontroller is preferably connected so that it connects the transmitting / receiving device with the SAM. The microcontroller is preferably arranged interchangeably in the access control device.
Als geschützter Bereich ist zum Beispiel der Bereich hinter einem Aufbohrschutz oder auch an einer der Zutrittsseite (z.B. der Raumaußenseite) abgewandten Seite (z.B. der Rauminnenseite) zu verstehen. Insbesondere kann vorgesehen sein, dass die Zutrittskontrollvorrichtung zum Einbau in eine Tür ausgebildet ist und mit wenigstens einer ersten Handhabe, wie z.B. einem Knauf oder einem Drücker, versehen ist, wobei der erste Bereich von der ersten Handhabe und der zweite Bereich von einem zur Aufnahme in einer Durchbrechung des Türblattes vorgesehenen Bereich oder einer zweiten, der ersten Handhabe gegenüberliegenden, zweiten Handhabe gebildet ist.As a protected area, for example, the area behind a drill protection or on one of the access side (eg the room outside) facing away (eg the room inside) to understand. In particular, it may be provided that the access control device is designed for installation in a door and is provided with at least one first handle, such as a knob or a pusher, wherein the first portion of the first handle and the second portion of a for receiving in an opening of the door leaf provided area or a second, the first handle opposite, second handle is formed.
Um die Sicherheit der Berechtigungsabfrage zu erhöhen, umfasst das SAM bevorzugt Authentifizierungsmittel, um das elektronische Identifikationsmedium auf Grundlage wenigstens eines digitalen Zertifikats zu authentifizieren, und ist mit einem Schlüsselaustauschprotokoll programmiert. Weiters ist das SAM bevorzugt zur Einrichtung eines sicheren Übertragungskanals zwischen dem elektronischen Identifikationsmedium und der Zutrittskontrollvorrichtung ausgebildet oder programmiert. Weiters ist bevorzugt vorgesehen, dass das SAM eine Auswerteschaltung zur Feststellung der Zutrittsberechtigung auf Grund der empfangenen Zutrittsrechtsdaten umfasst. Die Auswerteschaltung kann als Hardwareschaltung ausgebildet oder softwaremäßig realisiert sein.To enhance the security of the authorization request, the SAM preferably includes authentication means to authenticate the electronic identification medium based on at least one digital certificate, and is programmed with a key exchange protocol. Furthermore, the SAM is preferably designed or programmed to set up a secure transmission channel between the electronic identification medium and the access control device. Furthermore, it is preferably provided that the SAM comprises an evaluation circuit for determining the access authorization on the basis of the received access right data. The evaluation circuit can be designed as a hardware circuit or realized by software.
Das SAM ist besonders bevorzugt als Mikrokontroller in Chipkarten- oder SIM-Karten-Bauform, insbesondere in IC-Bauform ausgebildet. Vorteilhafterweise kann das SAM austauschbar in einer Schnittstelle, insbesondere in einem Steckplatz aufgenommen sein, sodass beispielsweise die Verschlüsselungsart und die Verschlüsselungsstärke in einfacher Weise durch Austausch des SAMs oder Ändern der im SAM laufenden Applikation geändert werden kann.The SAM is particularly preferably designed as a microcontroller in chip card or SIM card design, in particular in IC design. Advantageously, the SAM can be interchangeably accommodated in an interface, in particular in a slot, so that, for example, the encryption type and the encryption strength can be changed in a simple manner by exchanging the SAM or changing the application running in the SAM.
Bevorzugt ist das Identifikationsmedium in ein mobiles Telekommunikationsgerät, insbesondere ein Mobiltelefon integriert. Die Ausbildung ist in diesem Fall bevorzugt dahingehend weitergebildet, dass die Sende-/Empfangseinrichtung für die drahtlose, bevorzugt induktive Datenübertragung insbesondere nach dem NFC- bzw. RFID-Standard (ISO/IEC 14443) ausgebildet ist.Preferably, the identification medium is integrated in a mobile telecommunication device, in particular a mobile phone. The training is in this case preferably further developed in that the transmitting / receiving device for the wireless, preferably inductive data transmission in particular according to the NFC or RFID standard (ISO / IEC 14443) is formed.
Die Erfindung wird nachfolgend anhand von in der Zeichnung schematisch dargestellten Ausführungsbeispielen näher erläutert. In dieser zeigt
In
Aus der Darstellung in
Eine Datenverbindung zwischen einem mobilen Telekommunikationsgerät 5 und der Zutrittskontrollzentrale 1 kann nun gemäß der Darstellung in
Der Benutzer 11 des mobilen Telekommunikationsgeräts 5 kann hierbei, wie mit der Linie 12 angedeutet, auf die Zutrittskontrollzentrale 1 zugreifen und, wenn er die erforderlichen Zugriffsrechte auf die Zutrittskontrollzentrale 1 aufweist, die Zutrittsberechtigungen verwalten. Wenn es sich bei dem Benutzer 11 nicht um den Administrator 3 handelt, so ist der ihm auf die Zutrittskontrollzentrale 1 gewährte Zugriff derart gestaltet, dass er lediglich seine eigenen Zutrittsberechtigungen verwalten und gegebenenfalls ändern kann. Der Zugriff auf die Zutrittskontrollzentrale 1 kann beispielsweise über ein Webinterface erfolgen, sodass der Benutzer 11 seine Zutrittsberechtigungen mit Hilfe jedes internetfähigen Computers verwalten kann.The
Das in
In
In
In
Das Aufbringen der Zutrittsberechtigungen auf das mobile Telekommunikationsgerät 5 erfolgt wie folgt. Die an das mobile Telekommunikationsgerät 5 zu übertragenden Zutrittsrechtsdaten werden in der Zutrittskontrollzentrale 1 generiert. Die Zutrittsrechtsdaten bestehen z.B. aus einem geheimen zutrittskontrollvorrichtungsindividuellen Schlüssel (entspricht "LT" in
Zwischen der Zutrittskontrollzentrale 1 und dem Modul des mobilen Telekommunikationsgeräts 5 wird über das mobile Telekommunikationsgerät 5 eine gesicherte Verbindung mit Hilfe der digitalen Zertifikate, welche bei der Provisionierung aufgebracht wurden, aufgebaut. Das bedeutet, dass das Modul des mobilen Telekommunikationsgeräts 5 und der Zutrittskontrollzentrale 1 gleichsam direkt kommunizieren, das mobile Telekommunikationsgerät 5 dient dabei nur als Vermittler (Proxy).Between the
Über diese gesicherte Verbindung, welche über ein unsicheres Kommunikationsnetzwerk 9 laufen kann, werden die Zutrittskontrolldaten an das mobile Telekommunikationsgerät 5 übertragen und im Modul gesichert abgelegt.About this secure connection, which can run over an
Das Aufbauen der gesicherten Verbindung zwischen der Zutrittskontrollzentrale 1 und dem Modul des mobilen Telekommunikationsgeräts 5 kann auf mehrere Arten erfolgen:
- 1. SMS:
Die Zutrittskontrollzentrale 1 sendet eine SMS überdas SMS Gateway 10 an dasmobile Telekommunikationsgerät 5, und dasmobile Telekommunikationsgerät 5 baut darauf hin die gesicherte Verbindung zur Zutrittskontrollzentrale 1 auf, über welche die Zutrittsrechtsdaten gesichert übertragen werden. - 2. Polling: Das
mobile Telekommunikationsgerät 5 fragt periodisch dieZutrittskontrollzentrale 1 nach neuen Zutrittsrechtsdaten, die Übertragungerfolgt wie bei 1. - 3. Push: Das
mobile Telekommunikationsgerät 5 ist ander Zutrittskontrollzentrale 1 dauerhaft registriert (z.B. durch Hinterlegung der IP-Adresse oder Rufnummer) und sendet eine Nachricht an dasmobile Telekommunikationsgerät 5, welches daraufhin eine gesicherte Verbindung zur Zutrittskontrollzentrale 1 aufbaut, die Übertragungerfolgt wie bei 1. - 4. Der Benutzer startet
am mobilen Telekommunikationsgerät 5 eine Applikation, welche die gesicherte Verbindung aufbaut, die Übertragungerfolgt wie bei 1.
- 1. SMS: The
access control center 1 sends an SMS via theSMS gateway 10 to themobile telecommunication device 5, and themobile telecommunication device 5 then builds on the secure connection to theaccess control center 1, via which the access right data is transmitted securely. - 2. Polling: The
mobile telecommunication device 5 periodically asks theaccess control center 1 for new access right data, the transmission takes place as in 1. - 3. Push: The
mobile telecommunication device 5 is permanently registered at the access control center 1 (eg by depositing the IP address or telephone number) and sends a message to themobile telecommunication device 5, which then establishes a secure connection to theaccess control center 1, the transmission takes place at 1. - 4. The user starts the
mobile telecommunication device 5 an application that builds the secure connection, the transmission takes place as in 1.
In
In
Für die vorgesehenen Autorisierungs- und Authentifizierungsfunktionen haben die Zutrittskontrollvorrichtung und das elektronische Identifikationsmedium im Ausgangszustand die folgenden Daten gespeichert:
- Identifikationsmedium, nachfolgend auch Mobile Key (MK) genannt:
- IDMK:
- eine eindeutige Identifikation des MK
- certRCA:
- Zertifikat der Zertifizierungsstelle, das den öffentlichen Schlüssel pubRCA der Zertifizierungsstelle enthält
- certMK:
- Zertifikat des MK (enthält unter anderem Identifizierungsdaten des MK und den öffentlichen Schlüssel pubKMK des MK und ist signiert mit dem privaten Schlüssel privRCA der Zertifizierungsstelle)
- pubKMK:
- öffentlicher Schlüssel des MK
- privKMK:
- privater Schlüssel des MK
- LT:
- "Lock Token", geheimer zutrittskontrollvorrichtungsindividueller Schlüssel
- Calendar:
- zeitliche Berechtigungseinschränkung
- sc:
- Signatur der zeitlichen Berechtigungseinschränkung
- Identification medium, also referred to below as Mobile Key (MK):
- ID MK :
- a clear identification of the MK
- cert RCA :
- Certificate of the certification authority containing the public key pub RCA of the certification authority
- cert MK :
- Certificate of the MK (contains among other things identification data of the MK and the public key pubK MK of the MK and is signed with the private key priv RCA of the certification authority)
- pubK MK :
- public key of MK
- privK MK :
- private key of MK
- LT:
- "Lock token", secret access control device individual key
- Calendar:
- temporal authorization restriction
- s c :
- Signature of the temporal authorization restriction
Ein Datensatz aus LT, Calendar und sc bildet die Zutrittsrechtsdaten, wobei jeder Datensatz einer Zutrittskontrollvorrichtungsidentifizierung IDL zugeordnet ist.A record of LT, Calendar and c s is the access rights data, each record of an access control device identification ID is assigned to L.
Zutrittskontrollvorrichtung, nachfolgend auch Lock (L) genannt:
- IDL:
- eine eindeutige Identifikation des Lock
- certRCA:
- Zertifikat der Zertifizierungsstelle, das den öffentlichen Schlüssel pubRCA der Zertifizierungsstelle enthält
- certL:
- Zertifikat des Lock (enthält unter anderem Identifizierungsdaten des Lock und den öffentlichen Schlüssel pubKL des Lock und ist signiert mit dem privaten Schlüssel privRCA der Zertifizierungsstelle)
- pubKL:
- öffentlicher Schlüssel des Lock
- privKL:
- privater Schlüssel des Lock
- LT:
- "Lock Token", geheimer zutrittskontrollvorrichtungsindividueller Schlüssel
- ID L :
- a clear identification of the lock
- cert RCA :
- Certificate of the certification authority containing the public key pub RCA of the certification authority
- cert L :
- Certificate of the lock (contains among other things identification data of the lock and the public key pubK L of the lock and is signed with the private key priv RCA of the certification authority)
- PubK L :
- public key of the lock
- privK L :
- private key of the lock
- LT:
- "Lock token", secret access control device individual key
Das vereinfachte Kommunikationsprotokoll ist nun wie folgt vorgesehen:
- Zuerst wird durch die Sende-/
Empfangseinheit 22der Zutrittskontrollvorrichtung 13 ein potentiell im RF-Feld befindlicher, nicht selbst aktiv sendender (passiver) Mobile Key (MK) 28 detektiert, woraufhin die Wake-Up-Sequenz gemäß der verwendeten Norm zur Übertragung (z.B. ISO/IEC 14443-3) durchgeführt wird.- In
Schritt 1 startet die Zutrittskontrollvorrichtung die Kommunikation durch Übermittlung der eindeutigen Zutrittskontrollvorrichtungsidentifizierung IDL - In
Schritt 2 werden durch dieSchlüsselbundapplikation 28 des MK die Zutrittsrechtsdaten bestimmt, welche derim Schritt 1 empfangenen Zutrittskontrollvorrichtungsidentifizierung IDL zugeordnet sind. Wenn kein IDL gefunden wird, bedeutet dies, dass der MK nicht berechtigt ist,diese Zutrittskontrollvorrichtung 13 zu betätigen. - In
Schritt 3 wird inder Schlüsselbundapplikation 28 eine Zufallszahl randMK erzeugt und zwischengespeichert. - In
Schritt 4 werden durch dieSchlüsselbundapplikation 28 folgende Daten andas SAM 24der Zutrittskontrollvorrichtung 13 übermittelt:- die generierte Zufallszahl randMK
- die eindeutige Identifikation des MK IDMK
- das Zertifikat certMK
- In
Schritt 5 wird vomSAM 24 das empfangene Zertifikat certMK unter Verwendung von pubRCA, welches in certRCA enthalten ist, überprüft. - In
Schritt 6werden im SAM 24der Zutrittskontrollvorrichtung 13 folgende Werte erzeugt:- die Zufallszahl randL
- die digitale Signatur SL, die dazu dient, den Besitz des privaten Schlüssels privKL nachzuweisen: SL = sigprivKL(IDMK||randMK||randL), wobei die Operation "||" eine Aneinanderreihung von Parametern darstellt.
- einen aus LT und den Zufallszahlen abgeleiteten Sitzungsschlüssel SKENC: SKENC = deriveEncLT (randMK||randL)
- einen aus LT und den Zufallszahlen abgeleiteten Sitzungsschlüssel SKMAC für ein Message Authentication Codes (MACs) : SKMAC = deriveMacLT(randL||randMK) (dieser ist von SKENC verschieden, da die Ableitungsfunktionen (derivation function) Unterscheidungen aufweisen). Die beiden Sitzungsschlüssel dienen der sitzungsspezifischen Absicherung der Kommunikation. Dies umfasst die Integrität, die Authentizität als auch die Vertraulichkeit der nachfolgend übertragenen Daten.
- ein Kryptogramm CL wird unter Verwendung des Sitzungsschlüssels SKMAC, IDL und den Zufallszahlen generiert, welches die Kenntnis des schlossspezifischen Zutrittscodes LT des
SAMs 24der Zutrittskontrollvorrichtung 13 nachweist: CL = MACskMAC (randMK||randL||IDL).
- In
Schritt 7 werden durch dieZutrittskontrollvorrichtung 13 folgende Daten andie Schlüsselbundapplikation 28 übermittelt:- die generierte Zufallszahl randL
- das Zertifikat certL
- die Signatur SL
- das zutrittskontrollvorrichtungsseitige Kryptogramm CL
- In
Schritt 8 überprüft dieSchlüsselbundapplikation 28 das Zertifikat certL mit Hilfe von pubRCA, welches im Zertifikat certRCA enthalten ist. - In
Schritt 9 wird die digitale Signatur SL mit Hilfe des Zertifikats certL überprüft, was deshalb möglich ist,weil die Schlüsselbundapplikation 28 im Besitz von IDMK und der Zufallszahlen ist. - In
Schritt 10 weiß dieSchlüsselbundapplikation 28, dass dieZutrittskontrollvorrichtung 13 im Besitz des Schlüssels privKL ist, der zum öffentlichen Schlüssel in certL gehört, und führt folgende Operationen aus:- Erzeugen eines aus LT und den Zufallszahlen abgeleiteten SKENC: SKENC = deriveEncLT (randMK||randL)
- Erzeugen eines aus LT und den Zufallszahlen abgeleiteten Sitzungsschlüssels SKMAC für einen Message Authentication Code (MAC): SKMAC = deriveMacLT (randL||randMK)
- Überprüfen von CL durch Erzeugen eines MAC c'L = MACskMAC(randMK||randL||IDL) und Überprüfen, ob c'L == CL. Wenn die Überprüfung erfolgreich ist, weiß die
Schlüsselbundapplikation 28, dass dieZutrittskontrollvorrichtung 13 LT kennt und dass es unter Verwendung von IDL kommuniziert. - Erzeugen einer digitalen Signatur SMK, die dazu dient, den Besitz des privaten Schlüssels privKMK nachzuweisen: SMK = sigprivKMK (IDL||randL||randMK).
- Erzeugen eines Kryptogramms CMK unter Verwendung des Sitzungsschlüssels SKMAC, IDMK und der Zufallszahlen: CMK = MACskMAC (randL||randMK||IDMK). Das Kryptogramm CMK weist der Zutrittskontrollvorrichtung 13 die Kenntnis des schlossspezifischen Zutrittscodes LT nach.
- In
Schritt 11 wird nach der Erzeugung von SKENC und SKMAC auf beiden Seiten ein sicherer Kanal aufgebaut. Die weitere Kommunikation wird mit SKENC verschlüsselt und mit SKMAC authentifiziert. - Um den Authentifizierungs- und Autorisierungsvorgang zu beenden, sendet die Schlüsselbundapplikation 28 in Schritt 12 CMK, SMK und das dem IDL entsprechende Calendar zusammen mit der Signatur Sc zur Zutrittskontrollvorrichtung 13.
- In
Schritt 13 führt die Zutrittskontrollvorrichtung 13 die folgenden Operationen aus:Die Zutrittskontrollvorrichtung 13 überprüft die Signatur SMK mit Hilfe des Zertifikats certMK, das es zuvor erhalten hat, und weiß dann, dass dieSchlüsselbundapplikation 28 im Besitz des privaten Schlüssels privKMK ist, der zum öffentlichen Schlüssel pubKMK in certMK gehört. Mit diesem Schritt hat dieZutrittskontrollvorrichtung 13 die Schlüsselbundapplikation 28 erfolgreich authentifiziert.Die Zutrittskontrollvorrichtung 13 überprüft CMK, indem es einen MAC c'MK = MACskMAC (randL||randMK||IDMK) erzeugt und prüft, ob c'MK == CMK. Wenn die Überprüfung erfolgreich ist, weiß dieZutrittskontrollvorrichtung 13, dass dieSchlüsselbundapplikation 28 LT kennt und dass es authentisch mit MK kommuniziert.Die Zutrittskontrollvorrichtung 13 überprüft Calendar mit Hilfe von sc und dem Zertifikat certRCA und überprüft, ob dieSchlüsselbundapplikation 28 nun autorisiert ist. Wenn die Autorisierung festgestellt wurde, wurde dieSchlüsselbundapplikation 28 erfolgreich dahingehend autorisiert, dass sie dieZutrittskontrollvorrichtung 13 betätigen darf.
- Um das Protokoll in
Schritt 14 abzuschließen, werden Statusdaten von der Zutrittskontrollvorrichtung 13 andie Schlüsselbundapplikation 28 übermittelt und es werden Blacklist-Einträge für IDL, sofern vorhanden, andie Zutrittskontrollvorrichtung 13 übermittelt und dort gespeichert. - Wenn alle Schritte erfolgreich abgeschlossen wurden, kann die
Zutrittskontrollvorrichtung 13 inSchritt 15 das Schloss betätigen und die Kommunikationmit der Schlüsselbundapplikation 28 beenden.
- In
- First, by the transmitting / receiving
unit 22 of theaccess control device 13, a (passive) Mobile Key (MK) 28 potentially located in the RF field, not itself actively transmitting, whereupon the wake-up sequence according to the standard used for transmission (eg ISO / IEC 14443-3).- In
step 1, the access control device starts the communication by transmitting the unique access control device identification ID L - In
step 2, thekeychain application 28 of the MK determines the access right data associated with the access control device identification ID L received instep 1. If no ID L is found, this means that the MK is not authorized to operate thisaccess control device 13. - In
step 3, a random number edge MK is generated in thekeychain application 28 and buffered. - In
step 4, thekeyfob application 28 transmits the following data to theSAM 24 of the access control device 13:- the generated random number edge MK
- the unique identification of the MK ID MK
- the certificate cert MK
- In
step 5, theSAM 24 checks the received cert cert MK using pub RCA , which is included in cert RCA . - In
step 6, theSAM 24 of theaccess control device 13 generates the following values:- the random number edge L
- the digital signature S L , which serves to prove ownership of the private key privK L : S L = sigprivK L (ID MK || edge MK || edge L ), where the operation "||" represents a sequence of parameters.
- a session key SK ENC derived from LT and the random numbers: SK ENC = deriveEnc LT (edge MK || edge L )
- a session key SK MAC for a message authentication code (MAC) derived from LT and the random numbers: SK MAC = deriveMac LT (edge L || edge MK ) (this is different from SK ENC because the derivation functions have distinctions) , The two session keys are used for session-specific security of the communication. This includes the integrity, the authenticity as well as the confidentiality of the subsequently transmitted data.
- a cryptogram C L is generated using the session key SK MAC , ID L and the random numbers, which is the knowledge of the lock-specific Access codes LT of the
SAM 24 of theaccess control device 13 proves: C L = MACsk MAC (edge MK || edge L || ID L ).
- In
step 7, the following data is transmitted to thekeychain application 28 by the access control device 13:- the generated random number edge L
- the cert cert L
- the signature S L
- the access control device-side cryptogram C L
- In
step 8, thekeychain application 28 verifies the cert cert L using pub RCA , which is included in the certificate cert RCA . - In
step 9, the digital signature S L is checked with the aid of the cert cert L , which is possible because thekeychain application 28 is in the possession of ID MK and the random numbers. - In
step 10, thekeychain application 28 knows that theaccess control device 13 is in possession of the priv KL key belonging to the public key in cert L , and performs the following operations:- Generating a SKENC derived from LT and the random numbers: SKENC = deriveEncLT (randMK || randL)
- Generating a session key SK MAC derived from LT and the random numbers for a message authentication code (MAC): SK MAC = deriveMac LT (edge L || edge MK )
- Check C L by generating a MAC c ' L = MACsk MAC (edge MK || border L || ID L ) and check if c' L == C L. If the verification is successful, the
keychain application 28 knows that theaccess control device 13 knows LT and that it communicates using ID L. - Generation of a digital signature S MK , which serves to prove the ownership of the private key privK MK : S MK = sigprivK MK (ID L || edge L || edge MK ).
- Generating a cryptogram C MK using the session key SK MAC , ID MK and the random numbers: C MK = MACsk MAC (edge L || edge MK || ID MK ). The cryptogram C MK instructs the
access control device 13 to know the lock-specific access code LT.
- In
step 11, after the generation of SK ENC and SK MAC, a secure channel is established on both sides. Further communication is encrypted with SK ENC and authenticated with SK MAC . - To end the authentication and authorization process, the
keychain application 28 sends in step 12 C MK , S MK and the ID L corresponding calendar together with the signature S c to the access control device 13th - In
step 13, theaccess control device 13 performs the following operations:- The
access control device 13 verifies the signature S MK with the aid of the cert cert MK , which it has previously received, and then knows that thekeychain application 28 is in possession of the private key privK MK , which belongs to the public key pubK MK in cert MK . With this step, theaccess control device 13 has successfully authenticated thekeychain application 28. - The
access control device 13 checks C MK by generating a MAC c ' MK = MACsk MAC (edge L || edge MK || ID MK ) and checks if c' MK == C MK . If the verification is successful, theaccess control device 13 knows that thekeychain application 28 knows LT and that it communicates authentically with MK. - The
access control device 13 checks Calendar with the aid of s c and the certificate cert RCA and checks whether thekeychain application 28 is now authorized. When the authorization has been established, thekeyfob application 28 has been successfully authorized to operate theaccess control device 13.
- The
- To complete the protocol in
step 14, status data is transmitted from theaccess control device 13 to thekeychain application 28, and blacklist entries for ID L , if any, are communicated to theaccess control device 13 and stored there. - When all the steps have been successfully completed, the
access control device 13 may, instep 15, actuate the lock and terminate communication with thekeychain application 28.
- In
Claims (16)
- A method for access control, in particular in buildings, in which a bidirectional data transmission between an electronic identification medium and an access control device and data processing take place, said data transmission including the transmission of access authorization data from the electronic identification medium to the access control device, wherein the access authorization data are evaluated in the access control device for determining access authorization, and a blocking means for selectively authorizing or blocking the access is actuated as a function of the determined access authorization, characterized in that said data processing comprises the authentication of the electronic identification medium based on at least one digital certificate, and said data transmission comprises the use of a key exchange or key derivation protocol so as to make available to the electronic identification medium and the access control device at least one secret, joint session key, whereupon the at least one session key is used to create a secure transmission channel between the electronic identification medium and the access control device, and that the access authorization data are transmitted via the secure channel from the electronic identification medium to the access control device, wherein the at least one session key is generated in the electronic identification medium and in the access control device based on an access-control-device-individual access code, preferably further based on a random number created by the identification medium and a random number created by the access control device and/or a sequence number created by the identification medium and a sequence number created by the access control device.
- A method according to claim 1, characterized in that the at least one digital certificate is signed by an access control center.
- A method according to claim 1 or 2, characterized in that the key exchange or key derivation protocol comprises generating a cryptogram by using the session key in the access control device and sending the same to the identification medium, said cryptogram being verified in the identification medium by using the session key.
- A method according to any one of claims 1 to 3, characterized in that the access authorization data are signed by an access control center and, together with the signature, are transmitted via the secure channel from the electronic identification medium to the access control device.
- A method according to any one of claims 1 to 4, characterized in that the data transmission takes place purely passively by loading the electromagnetic field between the electronic identification medium and the access control device.
- A device, in particular for carrying out the method according to any one of claims 1 to 5, including an access control device with a blocking means for selectively authorizing or blocking the access, and a transceiver device for enabling a bidirectional data transmission between an electronic identification medium and the access control device, wherein the access control device includes data processing means for controlling the data transmission and for determining the access authorization based on received access authorization data, and the data processing means cooperate with the blocking means for selectively authorizing or blocking the access, characterized in that the data processing means comprise at least one microcontroller (23) and a secure access module (SAM) (24), said SAM (24) being arranged to execute cryptographic functions, and that the transceiver device (22) is disposed in a first region (20) of the access control device (13) and the SAM (24) is disposed in a second region (21) of the access control device (13).
- A device according to claim 6, characterized in that the microcontroller (23) is disposed in the second region (21).
- A device according to claim 6 or 7, characterized in that the microcontroller (23) connects the transceiver device (22) to the SAM (24).
- A device according to claim 6, 7 or 8, characterized in that the first region (20) is an unprotected region and the second region (21) is a structurally protected region.
- A device according to any one of claims 6 to 9, characterized in that the access control device (13) is configured for mounting in a door and provided with at least one first handle, e.g. a knob or a pusher, wherein the first region (20) is formed by the first handle and the second region (21) is formed by a region provided for reception in an aperture of the door leaf or by a second handle located opposite the first handle.
- A device according to any one of claims 6 to 10, characterized in that the SAM (24) comprises authentication means to authenticate the electronic identification medium (5) based on at least one digital certificate and is programmed with a key exchange or key derivation protocol.
- A device according to any one of claims 6 to 11, characterized in that the SAM (24) is configured and programmed to create a secure transmission channel between the electronic identification medium (5) and the access control device (13.
- A device according to any one of claims 6 to 12, characterized in that the SAM (24) comprises an evaluation circuit for determining the access authorization based on the received access authorization data.
- A device according to any one of claims 6 to 13, characterized in that the SAM (24) is configured as a microcontroller (23) in chip card or SIM card design, yet in particular in IC design.
- A device according to any one of claims 6 to 14, characterized in that the SAM (24) is exchangeably received in an interface, in particular a slot.
- A device according to any one of claims 6 to 15, characterized in that the transceiver device (22) is configured for wireless, preferably inductive, data transmission, in particular according to the NFC or RFID standard (ISO/IEC 14443).
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ATA132/2012A AT512419A1 (en) | 2012-01-31 | 2012-01-31 | METHOD AND APPARATUS FOR ACCESS CONTROL |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2624223A2 EP2624223A2 (en) | 2013-08-07 |
EP2624223A3 EP2624223A3 (en) | 2013-08-14 |
EP2624223B1 true EP2624223B1 (en) | 2017-09-20 |
Family
ID=47713999
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP13450007.3A Active EP2624223B1 (en) | 2012-01-31 | 2013-01-29 | Method and apparatus for access control |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP2624223B1 (en) |
AT (1) | AT512419A1 (en) |
ES (1) | ES2653260T3 (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102013216446A1 (en) * | 2013-08-20 | 2015-02-26 | Siemens Aktiengesellschaft | Enable a network node through a message |
AT516288A1 (en) * | 2014-09-19 | 2016-04-15 | Evva Sicherheitstechnologie | Method and device for managing access authorizations |
DE102016223684A1 (en) | 2016-11-29 | 2018-05-30 | Bundesdruckerei Gmbh | Method for access control of a group of persons by means of several readers and several tokens |
CN111373452B (en) * | 2017-12-20 | 2022-07-19 | 因温特奥股份公司 | Portal monitoring system with radio identity authentication mechanism and password detection mechanism |
AT522608A1 (en) * | 2019-05-16 | 2020-12-15 | Evva Sicherheitstechnologie | Process for operating an access control system and access control system |
CN111057842A (en) * | 2019-12-28 | 2020-04-24 | 海城市鹏程镁矿有限公司 | Method for preparing magnesite powder ore green ball by carbon dioxide carbonization method |
CN111057841A (en) * | 2019-12-28 | 2020-04-24 | 海城市鹏程镁矿有限公司 | Magnesite powder ore pelletizing method using inorganic binder |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5679945A (en) * | 1995-03-31 | 1997-10-21 | Cybermark, L.L.C. | Intelligent card reader having emulation features |
US7114178B2 (en) * | 2001-05-22 | 2006-09-26 | Ericsson Inc. | Security system |
DE10216396A1 (en) * | 2002-04-12 | 2003-10-23 | Scm Microsystems Gmbh | Authentication of participating cryptographic instances involves second instance decoding challenge, comparing serial numbers, sending random number from challenge to first instance for comparison |
US7389530B2 (en) * | 2003-09-12 | 2008-06-17 | International Business Machines Corporation | Portable electronic door opener device and method for secure door opening |
US20050138380A1 (en) * | 2003-12-22 | 2005-06-23 | Fedronic Dominique L.J. | Entry control system |
US9454657B2 (en) * | 2004-12-03 | 2016-09-27 | Bce Inc. | Security access device and method |
GB2427055A (en) * | 2005-06-10 | 2006-12-13 | Sharp Kk | Portable token device with privacy control |
US8245052B2 (en) * | 2006-02-22 | 2012-08-14 | Digitalpersona, Inc. | Method and apparatus for a token |
EP2063400A1 (en) * | 2007-11-23 | 2009-05-27 | Gemalto SA | Virtual security access module |
-
2012
- 2012-01-31 AT ATA132/2012A patent/AT512419A1/en not_active Application Discontinuation
-
2013
- 2013-01-29 EP EP13450007.3A patent/EP2624223B1/en active Active
- 2013-01-29 ES ES13450007.3T patent/ES2653260T3/en active Active
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
EP2624223A3 (en) | 2013-08-14 |
AT512419A1 (en) | 2013-08-15 |
EP2624223A2 (en) | 2013-08-07 |
ES2653260T3 (en) | 2018-02-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2624223B1 (en) | Method and apparatus for access control | |
EP2238576B1 (en) | Method and device for regulating access control | |
EP3121795B9 (en) | Establishment of a communication connection with a user device over an access control device | |
EP3246839B1 (en) | Access control with a mobile radio device | |
EP2962439B1 (en) | Reading an attribute from an id token | |
AT513461B1 (en) | Access control procedure | |
DE60319514T2 (en) | METHOD AND ARRANGEMENT FOR ACCESS CONTROL | |
EP3156980B1 (en) | Method for programming ident media of an access control system | |
EP4128695B1 (en) | Personalized and server-specific authentication mechanism | |
EP3135546B1 (en) | Car key, communication system and method for same | |
EP3848911A1 (en) | Method and device for authenticating a user of a lock box system | |
DE102013100756B3 (en) | Method for performing authentication of using access system e.g. electronic lock, involves determining whether second key and encrypted second keys are valid based on second temporary session key | |
EP3739554A1 (en) | Access control system and method for operating an access control system | |
EP3882796A1 (en) | User authentication using two independent security elements | |
DE102013001733A1 (en) | Method for accessing a service of a server via an application of a terminal | |
EP3530023B1 (en) | Building or enclosure termination closing and/or opening apparatus, and method for operating a building or enclosure termination | |
EP3336736B1 (en) | Auxiliary id token for multi-factor authentication | |
DE102020123756B3 (en) | Procedure for release of use and function release device for this | |
DE102014110540A1 (en) | Delegable access control | |
EP2880810B1 (en) | Authentication of a document to a reading device | |
DE102006022585A1 (en) | Storage medium e.g. processor smart card, for use in e.g. mobile telephone, has integrated memory for storing pair of long duration keys assigned to user of medium and additional key material produced from integrated controller | |
EP4016339A1 (en) | Provisioning of a security applet on a mobile terminal | |
DE102021103997A1 (en) | User authentication using two independent security elements | |
DE102014211839A1 (en) | Method for authenticating an entity | |
AT13608U1 (en) | Method and device for controlling access control |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAL | Search report despatched |
Free format text: ORIGINAL CODE: 0009013 |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
AK | Designated contracting states |
Kind code of ref document: A3 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G07C 9/00 20060101AFI20130705BHEP |
|
17P | Request for examination filed |
Effective date: 20140212 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
17Q | First examination report despatched |
Effective date: 20160104 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20170517 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 930710 Country of ref document: AT Kind code of ref document: T Effective date: 20171015 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: GERMAN |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 502013008389 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: NV Representative=s name: OK PAT AG PATENTE MARKEN LIZENZEN, CH |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: TRGR |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: FP |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 6 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20171220 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2653260 Country of ref document: ES Kind code of ref document: T3 Effective date: 20180206 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20171220 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20171221 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180120 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 502013008389 Country of ref document: DE |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
26N | No opposition filed |
Effective date: 20180621 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180129 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20180131 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180131 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180129 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20130129 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 Ref country code: MK Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170920 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170920 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PFUS Owner name: EVVA SICHERHEITSTECHNOLOGIE GMBH, AT Free format text: FORMER OWNER: EVVA SICHERHEITSTECHNOLOGIE GMBH, AT |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20230125 Year of fee payment: 11 Ref country code: ES Payment date: 20230201 Year of fee payment: 11 Ref country code: CH Payment date: 20230130 Year of fee payment: 11 Ref country code: AT Payment date: 20221125 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: SE Payment date: 20230127 Year of fee payment: 11 Ref country code: GB Payment date: 20230127 Year of fee payment: 11 Ref country code: DE Payment date: 20230127 Year of fee payment: 11 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230510 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: NL Payment date: 20230126 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: NL Payment date: 20240126 Year of fee payment: 12 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: ES Payment date: 20240201 Year of fee payment: 12 |