EP2624223B1 - Method and apparatus for access control - Google Patents

Description

The invention relates to a method for access control, in particular in buildings, in which bidirectional data transmission takes place between an electronic identification medium and an access control device and data processing, wherein the data transmission comprises the transmission of access right data from the electronic identification medium to the access control device, wherein the access right data in the access control device for Determining the access authorization to be evaluated and depending on the detected access authorization a blocking means for selectively enabling or blocking the access is controlled.

Furthermore, the invention relates to a device comprising an access control device with a blocking means for selectively enabling or disabling the access and a transmitting / receiving device to allow bidirectional data transmission between an electronic identification medium and the access control device, wherein the access control device data processing means for controlling the data transmission and the Determining the access authorization based on received access right data and the data processing means interact with the blocking means for selectively enabling or disabling the access.

There are several possibilities for electronic access control with non-contact systems. Previously known RFID systems consist of an electronic identification medium, such as an electronic key, on which access rights data, such as an identification or access code and / or access conditions such as authorized access time, legitimate access, authorized access date a user and the like., Are stored electronically and which is often referred to as a "transponder", and a reader. The transponder is usually constructed without its own energy source and the required energy is obtained from the electromagnetic field of the reader. Furthermore, radio systems are also known in which the electronic identification medium is an active transmitter with its own energy source (eg remote opening of the central locking system for motor vehicles).

For larger locking systems with a plurality of locking units and electronic identification media or keys, the access authorizations for easier management are usually stored in an access control center. In this case, the access control center usually has a database in which the individual locking units, the keys and the respective access authorizations can be managed. Via a writing device connected to the access control center, the electronic identification media can be programmed in accordance with the respectively desired access authorizations with access right data.

In the WO 2009/094683 A1 has been proposed in this context to make the programming of the key with access rights data over a wireless telecommunications network, the access right data is sent from the access control center to a wireless mobile telecommunications device of the respective desired user or key holder. The access rights data received from the mobile telecommunication device can be made available to a suitable identification medium, which receives a key function in this manner. According to the invention, a kind of "online key" is thus created, since the key can be reprogrammed via the mobile telecommunications network and the corresponding mobile terminal in order to change the access right data and thus the access authorization of the key holder in this manner.

Due to the possibility of remote programming of keys it is no longer necessary to change the access authorizations to obtain access directly to the individual locking units. The locking units can work as autonomous units after installation and initialization and in particular require no network connection.

Although the electronic validation of access authorization generally offers a number of advantages, such as: the possibility of rapid change of authorization data and a much greater coding variety and complexity than a mechanical authorization query, electronically present access authorization data, especially those that are wirelessly transmitted, can be easily and unnoticed intercepted or copied and misused inadequate security precautions.

With the transmission of access rights data from the access control center to mobile telecommunications equipment, for example, the risk associated with the access rights data manipulated or intercepted by unauthorized persons. Security critical attack points also provides the data transfer between the identification medium and the access control device. Furthermore, the access control device itself can be the target of attacks for example, aimed at destroying the electronic components or circuits responsible for access control.

In the context of the invention, access control devices or closing units are to be understood as meaning electrical, electronic or mechatronic closing units, in particular locks. Closing units may in this case comprise various components, such as e.g. Access devices for identification media, in particular electronic keys, a locking electronics and the like. Access control devices or locking units serve in particular to block access to rooms depending on the access authorization or release and are accordingly intended for installation in doors, windows and the like. Among mechanical clamping units, e.g. to understand cylinder locks. Mechatronic clamping units are e.g. electric motor driven locking devices, in particular e-cylinder. Electric locking units are e.g. electric door opener.

Under a release agent is within the scope of the invention, e.g. a mechanically acting blocking element which can be moved between a blocking and a releasing position, a mechanical or magnetic coupling element comprising an actuating element, e.g. a handle coupled or decoupled with a locking member, or an electrically locking and / or releasable locking member, such as e.g. an electric door opener, to understand.

The document US 2007/198848 A1 discloses an identification device, for example an access control device, and a cooperating token, wherein the token in the identification of the user must not be affected.

The document US 2005/060555 A1 discloses an access control method wherein a mobile device has stored a plurality of private keys that are uniquely associated with different doors and that are also stored by the respective access control devices.

The document GB 2427055 A discloses a portable token for authenticating a user to various access control devices, wherein the access information is stored in the token and the user has the ability to manage that information.

The present invention therefore aims to increase the safety of electronically operating access control systems.

To achieve this object, according to a first aspect of the invention, in a method of the type mentioned in the introduction, the data processing comprises an authentication of the electronic identification medium on the basis of at least one digital certificate and the data transmission comprises the use of a key exchange or derivation protocol, whereby the at least one secret, shared session key is accessed, whereupon the at least one session key is used to establish a secure transmission channel between the electronic identification medium and the access control device, and the access rights data are electronically transmitted over the secure channel Identification medium are transmitted to the access control device, wherein the at least one session key in the electronic identification medium and in the access control device based on an access control device individual access code is generated, preferably further based on a random number generated by the identification medium and an access control device and / or one of the identification medium and a run number generated by the access control device. By virtue of the fact that the electronic identification medium is authenticated on the basis of at least one digital certificate, non-system-aware and therefore non-certified or invalidly certified subscribers of the access control system can be identified. Preferably, it is provided that the at least one digital certificate is issued by an access control center. Preferably, the at least one digital certificate is additionally signed by the access control center, so that the certificate can also be checked for authenticity and validity. A digital certificate here is to be understood as a digital data record which confirms certain properties of the identification medium and whose authenticity and integrity can be tested by cryptographic methods. In particular, this is a public-key certificate, which confirms the identification medium as the owner and other properties of a public cryptographic key. It is thus a proof that the public key of an asymmetric encryption method belongs to the identification medium. In particular, the digital certificate is used as part of a dynamic asymmetric authentication method.

It is also essential to the invention to set up a secure transmission channel, whereby the session key required for this purpose is made accessible by a key exchange or derivation protocol. A 5x key exchange or derivation protocol is understood here to mean a process in cryptography in order to make two or more communication partners access a common, secret key without transmitting it in plain text. This can be done by someone transferring a key to all partners involved or by creating or deriving a new key during the execution of the protocol. The key exchange or derivation protocol specifies the exact procedure. The session key is then used to quadruple and decrypt the data transmitted between the identification medium and the access control device by means of a symmetric encryption method and to maintain their authenticity.

According to the invention, the at least one session key is generated or derived in the electronic identification medium and in the access control device on the basis of an access control device-specific access code, preferably on the basis of a random number generated by the identification medium and a random access number generated by the access control device and / or one of the identification medium and one run number generated by the access control device.

The transmission security can be further increased by the fact that the key exchange protocol, the generation of a cryptogram using the session key in the access control device and the transmission of the same the identification medium, wherein the cryptogram is verified in the identification medium using the session key. This process can also be used in the opposite direction. In this case, the key exchange protocol comprises generating a cryptogram using the session key in the identification medium and transmitting it to the access control device, verifying the cryptogram in the access control device using the session key.

The advantage of the inventive method is that all data that does not serve the construction of the secure transmission channel are transmitted in this secure, session-specific channel, whereby the integrity, authenticity and confidentiality of the data is ensured. Thus, for example, the access rights data are transmitted via the secure channel, wherein a complementary authentication preferably succeeds by signing the access right data from an access control center and transmitting it together with the signature via the secure channel from the electronic identification medium to the access control device.

Another advantage of the procedure according to the invention is that the access control device neither to the access control center still be connected to a certification authority wireless or wired. Rather, the determination of the access authorization in the access control device, including the authentication of the electronic identification medium, the execution of the key exchange and the establishment of the secure transmission channel exclusively due to between the access control device and the electronic identification medium transmitted or once and permanently in the access control device stored data, such as a manufacturer-stored access control device identification.

A further increase in security succeeds in that the data transfer is purely passive by loading the electromagnetic field between the electronic identification medium and the access control device. This data transfer works only over a very limited range of about 10 cm, so that listening is difficult.

To solve the problem underlying the invention is provided according to a second aspect of the invention in a device of the type mentioned that the data processing means comprise at least one microcontroller and a Secure Access Module (SAM), wherein the SAM is configured to perform cryptographic functions, and the transmitting / receiving device is arranged in a first area of the access control device and the SAM is arranged in a second area of the access control device. It can thus as many critical operations, such as the construction of a secure transmission channel, cryptographic Operations, access decisions, log file, blacklists and the like., In a dedicated component, namely the Secure Access Module (SAM) are bundled, the SAM can be arranged in a separate from the transmitting / receiving unit area of the access control device. Preferably, the design here is such that the first area (in which the transmitting / receiving unit is arranged) an unprotected area and the second area (in which the SAM is arranged) is a structurally protected area. This ensures that the SAM is better protected against destruction or manipulation by force or other destructive influences, especially against physical attacks of all kinds.

Advantageously, the microcontroller is arranged in the second area. The microcontroller is preferably connected so that it connects the transmitting / receiving device with the SAM. The microcontroller is preferably arranged interchangeably in the access control device.

As a protected area, for example, the area behind a drill protection or on one of the access side (eg the room outside) facing away (eg the room inside) to understand. In particular, it may be provided that the access control device is designed for installation in a door and is provided with at least one first handle, such as a knob or a pusher, wherein the first portion of the first handle and the second portion of a for receiving in an opening of the door leaf provided area or a second, the first handle opposite, second handle is formed.

To enhance the security of the authorization request, the SAM preferably includes authentication means to authenticate the electronic identification medium based on at least one digital certificate, and is programmed with a key exchange protocol. Furthermore, the SAM is preferably designed or programmed to set up a secure transmission channel between the electronic identification medium and the access control device. Furthermore, it is preferably provided that the SAM comprises an evaluation circuit for determining the access authorization on the basis of the received access right data. The evaluation circuit can be designed as a hardware circuit or realized by software.

The SAM is particularly preferably designed as a microcontroller in chip card or SIM card design, in particular in IC design. Advantageously, the SAM can be interchangeably accommodated in an interface, in particular in a slot, so that, for example, the encryption type and the encryption strength can be changed in a simple manner by exchanging the SAM or changing the application running in the SAM.

Preferably, the identification medium is integrated in a mobile telecommunication device, in particular a mobile phone. The training is in this case preferably further developed in that the transmitting / receiving device for the wireless, preferably inductive data transmission in particular according to the NFC or RFID standard (ISO / IEC 14443) is formed.

The invention will be explained in more detail with reference to embodiments shown schematically in the drawing. In this shows Fig. 1 the schematic structure of an access control system in a first embodiment, Fig. 2 a further training of an access control system, Fig. 3 a modified embodiment of an access control system, Fig. 4 a block diagram of an access control device used in an access control system according to the Fig. 1 . 2 or 3 can be used, and Fig. 5 a diagram of the simplified protocol flow during a locking process.

In Fig. 1 is an access control center labeled 1. The objects to which the access is to be controlled by means of the access control system are designated 2 and schematically represented in the present case as houses. The objects 2 each have a door with a closing unit based on RFID, for example. An administrator 3 manages the access control center 1 and can assign access authorizations. The access control center 1 is connected to a telecommunications network 4, such as a LAN, WLAN, GSM, GPRS or UMTS network and can send via the network 4 access rights data to mobile telecommunications equipment 5. The mobile telecommunication devices 5 are, for example, mobile phones that are equipped with a key function. The cell phones have, for example, an NFC or RFID module in whose memory the access rights data obtained from the access control center 1 can be written. Now, when the telecommunication device 5 used as a key is brought close to a closing unit, bidirectional data transmission between the corresponding NFC or RFID interface of the telecommunication device 5 and a transmitting / receiving unit of the closing unit is started, in the course of which the access right data is sent to the closing unit be transmitted. If the closing unit a Access authorization, the lock is released.

From the illustration in Fig. 2 now arise various applications. The access control center is again designated 1 and the administrator 3. The access control center 1 has a database 6 or is connected to such a database on which the access right data is stored and managed. The access control center 1 is further connected to a writing unit 7, which is designed, for example, as a writing instrument for RFID tags or transponders. With 8 an RFID transponder is shown, which can be described by the writing unit 7. This corresponds in principle to the conventional method of how RFID transponders can be programmed.

A data connection between a mobile telecommunication device 5 and the access control center 1 can now according to the illustration in Fig. 2 done in different ways. For example, a wireless connection via various connection protocols, such as WLAN, GSM or UMTS can be made with the Internet 9, wherein the access control center 1 is connected to the Internet 9. Alternatively or additionally, an SMS gateway 10 may be provided so that the data exchange between the access control center 1 and the mobile telecommunication device 5 via a short message service or another push service.

The user 11 of the mobile telecommunication device 5 can in this case, as indicated by the line 12, access the access control center 1 and, if he has the required Has access rights to the access control center 1, manage the access rights. If the user 11 is not the administrator 3, the access granted to the access control center 1 is such that he can only manage and, if necessary, change his own access authorizations. Access to the access control center 1 can take place, for example, via a web interface so that the user 11 can manage his access authorizations with the aid of any internet-capable computer.

This in Fig. 2 denoted by 5 mobile telecommunications device may be a cell phone that is equipped with an NFC module. In this case, the access rights data obtained from the access control center 1 are made available to the built-in NFC module, so that the access right data can be transmitted in the sequence via an NFC connection to the locking unit 13.

In Fig. 2 another mobile telecommunication device 14 is shown, which itself does not perform a key function. Instead, the access rights data transmitted by the access control center 1 are transferred to an external RFID transponder 15. The RFID transponder 15 can then be used independently of the mobile telecommunication device 14 to block locking units 13.

In Fig. 3 a modified access control system is shown in which, as in the system according to Fig. 2 an access control center 1 via any communication connection, for example, via the Internet 9, mobile telecommunications devices 5 can provide access rights data. This can also be done via an SMS gateway 10 or another Push service done. A client computer 16 of a user is also connected to the Internet 9 and can mediate access rights data issued by the access control center 1 as a proxy. The client computer 16 is connected to a writing unit 17, which is designed, for example, as a writing instrument for RFID tags or transponders. 18, an RFID transponder is shown, which can be described by the writing unit 17.

In Fig. 3 In addition, a certification authority 19 is now additionally integrated into the access control system, which is connected to the access control center 1. The provisioning of the components in the access control system is done as follows, which is usually only required once when a new component is added to the system. The certification authority 19 creates a digital certificate (corresponds to "cert _MK " in Fig. 5 ) For the mobile telecommunication device 5 or arranged in this module or built-in module, which performs the key function, such as a secure element, in particular a secure access module, or the SIM card of the telecommunication device 5. The module is based on a unique in the system ID ("ID _MK " in Fig. 5 ) identified. Furthermore, the certification authority 19 creates a digital certificate (corresponds to "cert _L " in Fig. 5 ) for a secure element, in particular a Secure Access Module, the access control device or closing unit 13. The module of the access control device 13 is also based on a unique in the system ID ("ID _L " in Fig. 5 ) identified.

The application of the access authorizations to the mobile telecommunication device 5 takes place as follows. The access rights data to be transmitted to the mobile telecommunication device 5 are generated in the access control center 1. The access rights data consist, for example, of a secret access control device-specific key (corresponds to "LT" in FIG Fig. 5 ) and a temporal permission restriction (corresponds to "Calendar" in Fig. 5 ). This temporal authorization restriction is signed by the certification authority 19 (see "s _c " in _FIG Fig. 5 ) to ensure their authenticity. For this purpose, the authorization restriction is transmitted from the access control center 1 to the certification authority 19, which then returns the signed authorization restriction to the access control center 1. There, the individual access right data, which consists of the access control device-specific key and the time restriction of authorization signed by the certification authority 19, are then summarized.

Between the access control center 1 and the module of the mobile telecommunication device 5, a secure connection is established via the mobile telecommunication device 5 with the aid of the digital certificates that were applied during the provisioning. This means that the module of the mobile telecommunication device 5 and the access control center 1 as it were communicate directly, the mobile telecommunication device 5 serves only as a mediator (proxy).

About this secure connection, which can run over an insecure communication network 9, the access control data is transmitted to the mobile telecommunications device 5 and stored in the module secured.

1. 1. SMS: Die Zutrittskontrollzentrale 1 sendet eine SMS über das SMS Gateway 10 an das mobile Telekommunikationsgerät 5, und das mobile Telekommunikationsgerät 5 baut darauf hin die gesicherte Verbindung zur Zutrittskontrollzentrale 1 auf, über welche die Zutrittsrechtsdaten gesichert übertragen werden.
2. 2. Polling: Das mobile Telekommunikationsgerät 5 fragt periodisch die Zutrittskontrollzentrale 1 nach neuen Zutrittsrechtsdaten, die Übertragung erfolgt wie bei 1.
3. 3. Push: Das mobile Telekommunikationsgerät 5 ist an der Zutrittskontrollzentrale 1 dauerhaft registriert (z.B. durch Hinterlegung der IP-Adresse oder Rufnummer) und sendet eine Nachricht an das mobile Telekommunikationsgerät 5, welches daraufhin eine gesicherte Verbindung zur Zutrittskontrollzentrale 1 aufbaut, die Übertragung erfolgt wie bei 1.
4. 4. Der Benutzer startet am mobilen Telekommunikationsgerät 5 eine Applikation, welche die gesicherte Verbindung aufbaut, die Übertragung erfolgt wie bei 1.

The establishment of the secure connection between the access control center 1 and the module of the mobile telecommunications device 5 can be done in several ways:

1. 1. SMS: The access control center 1 sends an SMS via the SMS gateway 10 to the mobile telecommunication device 5, and the mobile telecommunication device 5 then builds on the secure connection to the access control center 1, via which the access right data is transmitted securely.
2. 2. Polling: The mobile telecommunication device 5 periodically asks the access control center 1 for new access right data, the transmission takes place as in 1.
3. 3. Push: The mobile telecommunication device 5 is permanently registered at the access control center 1 (eg by depositing the IP address or telephone number) and sends a message to the mobile telecommunication device 5, which then establishes a secure connection to the access control center 1, the transmission takes place at 1.
4. 4. The user starts the mobile telecommunication device 5 an application that builds the secure connection, the transmission takes place as in 1.

In Fig. 4 Now, the structure of the access control device 13 is explained in more detail. The access control device 13 has an unprotected area 20, eg an outside area, and a protected area 21, eg an inside area. In the unprotected area 20, the transmitting / receiving unit 22 is arranged, which is designed, for example, as RFID read / write device and can exchange data with a passive RFID medium integrated in the mobile telecommunication device 5 or a passive RFID chip card 18. The data transmission can be done, for example, in NFC card emulation mode expire. In the protected area 21, a microcontroller 23, a Secure Access Module (SAM) 24, a circuit 25 for the electromechanical or electrical driving of a blocking means, not shown, and a hardware clock 26 are arranged. The blocking means can in this case be moved between a locking position and a release position for selectively enabling or disabling the access. The microcontroller 23 controls the basic functions of the access control device 13 and connects the SAM 24 with the transceiver unit 22. The communication between the secure module of the mobile telecommunication device 5 or the chip card 18 and the SAM via ISO / IEC 7816-4 Commands (APDUs), wherein the microcontroller 23 assumes the function of an APDU proxy. In this case, the application protocol data unit (APDU) generally refers to a communication unit between a chip card and a chip card application (eg according to the ISO / IEC 7816 standard). The SAM 24 contains the access control logic and a secure memory, as described in particular with reference to the description of Fig. 5 will be explained in more detail. The microcontroller 23 cooperates with a schematically indicated acoustic and / or visual signal generator 27, such as a light ring and a buzzer, to signal the user various operating conditions.

In Fig. 5 Now the basic sequence of communication between the electronic identification medium 5, in particular the secure module of the mobile telecommunication device 5 or the chip card 18, and the SAM 24 of the access control device 13 is shown. This is not the actual protocol, but a simplified representation of the underlying principles of the protocol. On the part of the access control device 13 is both the microcontroller 23 and the SAM are involved in the communication. On the secure module of the mobile telecommunication device 5 or the smart card 18 is in Fig. 5 with the keychain application 28.

• Identifikationsmedium, nachfolgend auch Mobile Key (MK) genannt:

  ID_MK:

  eine eindeutige Identifikation des MK

  cert_RCA:

  Zertifikat der Zertifizierungsstelle, das den öffentlichen Schlüssel pub_RCA der Zertifizierungsstelle enthält

  cert_MK:

  Zertifikat des MK (enthält unter anderem Identifizierungsdaten des MK und den öffentlichen Schlüssel pubK_MK des MK und ist signiert mit dem privaten Schlüssel priv_RCA der Zertifizierungsstelle)

  pubK_MK:

  öffentlicher Schlüssel des MK

  privK_MK:

  privater Schlüssel des MK

  LT:

  "Lock Token", geheimer zutrittskontrollvorrichtungsindividueller Schlüssel

  Calendar:

  zeitliche Berechtigungseinschränkung

  s_c:

  Signatur der zeitlichen Berechtigungseinschränkung

For the intended authorization and authentication functions, the access control device and the electronic identification medium in the initial state have stored the following data:

• Identification medium, also referred to below as Mobile Key (MK):

  ID _MK :

  a clear identification of the MK

  cert _RCA :

  Certificate of the certification authority containing the public key pub _{RCA of} the certification authority

  cert _MK :

  Certificate of the MK (contains among other things identification data of the MK and the public key pubK _{MK of} the MK and is signed with the private key priv _{RCA of} the certification authority)

  pubK _MK :

  public key of MK

  privK _MK :

  private key of MK

  LT:

  "Lock token", secret access control device individual key

  Calendar:

  temporal authorization restriction

  s _c :

  Signature of the temporal authorization restriction

A record of LT, Calendar and _c s is the access rights data, each record of an access control device identification ID is assigned to _L.

ID_L:

eine eindeutige Identifikation des Lock

cert_RCA:

Zertifikat der Zertifizierungsstelle, das den öffentlichen Schlüssel pub_RCA der Zertifizierungsstelle enthält

cert_L:

Zertifikat des Lock (enthält unter anderem Identifizierungsdaten des Lock und den öffentlichen Schlüssel pubK_L des Lock und ist signiert mit dem privaten Schlüssel priv_RCA der Zertifizierungsstelle)

pubK_L:

öffentlicher Schlüssel des Lock

privK_L:

privater Schlüssel des Lock

LT:

"Lock Token", geheimer zutrittskontrollvorrichtungsindividueller Schlüssel

Access control device, also called Lock (L) below:

ID _L :

a clear identification of the lock

cert _RCA :

Certificate of the certification authority containing the public key pub _{RCA of} the certification authority

cert _L :

Certificate of the lock (contains among other things identification data of the lock and the public key pubK _{L of} the lock and is signed with the private key priv _{RCA of} the certification authority)

PubK _L :

public key of the lock

privK _L :

private key of the lock

LT:

"Lock token", secret access control device individual key

• Zuerst wird durch die Sende-/Empfangseinheit 22 der Zutrittskontrollvorrichtung 13 ein potentiell im RF-Feld befindlicher, nicht selbst aktiv sendender (passiver) Mobile Key (MK) 28 detektiert, woraufhin die Wake-Up-Sequenz gemäß der verwendeten Norm zur Übertragung (z.B. ISO/IEC 14443-3) durchgeführt wird.
  • In Schritt 1 startet die Zutrittskontrollvorrichtung die Kommunikation durch Übermittlung der eindeutigen Zutrittskontrollvorrichtungsidentifizierung ID_L
  • In Schritt 2 werden durch die Schlüsselbundapplikation 28 des MK die Zutrittsrechtsdaten bestimmt, welche der im Schritt 1 empfangenen Zutrittskontrollvorrichtungsidentifizierung ID_L zugeordnet sind. Wenn kein ID_L gefunden wird, bedeutet dies, dass der MK nicht berechtigt ist, diese Zutrittskontrollvorrichtung 13 zu betätigen.
  • In Schritt 3 wird in der Schlüsselbundapplikation 28 eine Zufallszahl rand_MK erzeugt und zwischengespeichert.
  • In Schritt 4 werden durch die Schlüsselbundapplikation 28 folgende Daten an das SAM 24 der Zutrittskontrollvorrichtung 13 übermittelt:
    • die generierte Zufallszahl rand_MK
    • die eindeutige Identifikation des MK ID_MK
    • das Zertifikat cert_MK
  • In Schritt 5 wird vom SAM 24 das empfangene Zertifikat cert_MK unter Verwendung von pub_RCA, welches in cert_RCA enthalten ist, überprüft.
  • In Schritt 6 werden im SAM 24 der Zutrittskontrollvorrichtung 13 folgende Werte erzeugt:
    • die Zufallszahl rand_L
    • die digitale Signatur S_L, die dazu dient, den Besitz des privaten Schlüssels privK_L nachzuweisen: S_L = sigprivK_L(ID_MK||rand_MK||rand_L), wobei die Operation "||" eine Aneinanderreihung von Parametern darstellt.
    • einen aus LT und den Zufallszahlen abgeleiteten Sitzungsschlüssel SK_ENC: SK_ENC = deriveEnc_LT (rand_MK||rand_L)
    • einen aus LT und den Zufallszahlen abgeleiteten Sitzungsschlüssel SK_MAC für ein Message Authentication Codes (MACs) : SK_MAC = deriveMac_LT(rand_L||rand_MK) (dieser ist von SK_ENC verschieden, da die Ableitungsfunktionen (derivation function) Unterscheidungen aufweisen). Die beiden Sitzungsschlüssel dienen der sitzungsspezifischen Absicherung der Kommunikation. Dies umfasst die Integrität, die Authentizität als auch die Vertraulichkeit der nachfolgend übertragenen Daten.
    • ein Kryptogramm C_L wird unter Verwendung des Sitzungsschlüssels SK_MAC, ID_L und den Zufallszahlen generiert, welches die Kenntnis des schlossspezifischen Zutrittscodes LT des SAMs 24 der Zutrittskontrollvorrichtung 13 nachweist: C_L = MACsk_MAC (rand_MK||rand_L||ID_L).
  • In Schritt 7 werden durch die Zutrittskontrollvorrichtung 13 folgende Daten an die Schlüsselbundapplikation 28 übermittelt:
    • die generierte Zufallszahl rand_L
    • das Zertifikat cert_L
    • die Signatur S_L
    • das zutrittskontrollvorrichtungsseitige Kryptogramm C_L
  • In Schritt 8 überprüft die Schlüsselbundapplikation 28 das Zertifikat cert_L mit Hilfe von pub_RCA, welches im Zertifikat cert_RCA enthalten ist.
  • In Schritt 9 wird die digitale Signatur S_L mit Hilfe des Zertifikats cert_L überprüft, was deshalb möglich ist, weil die Schlüsselbundapplikation 28 im Besitz von ID_MK und der Zufallszahlen ist.
  • In Schritt 10 weiß die Schlüsselbundapplikation 28, dass die Zutrittskontrollvorrichtung 13 im Besitz des Schlüssels priv_KL ist, der zum öffentlichen Schlüssel in cert_L gehört, und führt folgende Operationen aus:
    • Erzeugen eines aus LT und den Zufallszahlen abgeleiteten SKENC: SKENC = deriveEncLT (randMK||randL)
    • Erzeugen eines aus LT und den Zufallszahlen abgeleiteten Sitzungsschlüssels SK_MAC für einen Message Authentication Code (MAC): SK_MAC = deriveMac_LT (rand_L||rand_MK)
    • Überprüfen von C_L durch Erzeugen eines MAC c'_L = MACsk_MAC(rand_MK||rand_L||ID_L) und Überprüfen, ob c'_L == C_L. Wenn die Überprüfung erfolgreich ist, weiß die Schlüsselbundapplikation 28, dass die Zutrittskontrollvorrichtung 13 LT kennt und dass es unter Verwendung von ID_L kommuniziert.
    • Erzeugen einer digitalen Signatur S_MK, die dazu dient, den Besitz des privaten Schlüssels privK_MK nachzuweisen: S_MK = sigprivK_MK (ID_L||rand_L||rand_MK).
    • Erzeugen eines Kryptogramms C_MK unter Verwendung des Sitzungsschlüssels SK_MAC, ID_MK und der Zufallszahlen: C_MK = MACsk_MAC (rand_L||rand_MK||ID_MK). Das Kryptogramm C_MK weist der Zutrittskontrollvorrichtung 13 die Kenntnis des schlossspezifischen Zutrittscodes LT nach.
  • In Schritt 11 wird nach der Erzeugung von SK_ENC und SK_MAC auf beiden Seiten ein sicherer Kanal aufgebaut. Die weitere Kommunikation wird mit SK_ENC verschlüsselt und mit SK_MAC authentifiziert.
  • Um den Authentifizierungs- und Autorisierungsvorgang zu beenden, sendet die Schlüsselbundapplikation 28 in Schritt 12 C_MK, S_MK und das dem ID_L entsprechende Calendar zusammen mit der Signatur S_c zur Zutrittskontrollvorrichtung 13.
  • In Schritt 13 führt die Zutrittskontrollvorrichtung 13 die folgenden Operationen aus:
    • Die Zutrittskontrollvorrichtung 13 überprüft die Signatur S_MK mit Hilfe des Zertifikats cert_MK, das es zuvor erhalten hat, und weiß dann, dass die Schlüsselbundapplikation 28 im Besitz des privaten Schlüssels privK_MK ist, der zum öffentlichen Schlüssel pubK_MK in cert_MK gehört. Mit diesem Schritt hat die Zutrittskontrollvorrichtung 13 die Schlüsselbundapplikation 28 erfolgreich authentifiziert.
    • Die Zutrittskontrollvorrichtung 13 überprüft C_MK, indem es einen MAC c'_MK = MACsk_MAC (rand_L||rand_MK||ID_MK) erzeugt und prüft, ob c'_MK == C_MK. Wenn die Überprüfung erfolgreich ist, weiß die Zutrittskontrollvorrichtung 13, dass die Schlüsselbundapplikation 28 LT kennt und dass es authentisch mit MK kommuniziert.
    • Die Zutrittskontrollvorrichtung 13 überprüft Calendar mit Hilfe von s_c und dem Zertifikat cert_RCA und überprüft, ob die Schlüsselbundapplikation 28 nun autorisiert ist. Wenn die Autorisierung festgestellt wurde, wurde die Schlüsselbundapplikation 28 erfolgreich dahingehend autorisiert, dass sie die Zutrittskontrollvorrichtung 13 betätigen darf.
  • Um das Protokoll in Schritt 14 abzuschließen, werden Statusdaten von der Zutrittskontrollvorrichtung 13 an die Schlüsselbundapplikation 28 übermittelt und es werden Blacklist-Einträge für ID_L, sofern vorhanden, an die Zutrittskontrollvorrichtung 13 übermittelt und dort gespeichert.
  • Wenn alle Schritte erfolgreich abgeschlossen wurden, kann die Zutrittskontrollvorrichtung 13 in Schritt 15 das Schloss betätigen und die Kommunikation mit der Schlüsselbundapplikation 28 beenden.

The simplified communication protocol is now provided as follows:

• First, by the transmitting / receiving unit 22 of the access control device 13, a (passive) Mobile Key (MK) 28 potentially located in the RF field, not itself actively transmitting, whereupon the wake-up sequence according to the standard used for transmission (eg ISO / IEC 14443-3).
  • In step 1, the access control device starts the communication by transmitting the unique access control device identification ID _L
  • In step 2, the keychain application 28 of the MK determines the access right data associated with the access control device identification ID _L received in step 1. If no ID _{L is} found, this means that the MK is not authorized to operate this access control device 13.
  • In step 3, a random number edge _{MK is} generated in the keychain application 28 and buffered.
  • In step 4, the keyfob application 28 transmits the following data to the SAM 24 of the access control device 13:
    • the generated random number edge _MK
    • the unique identification of the MK ID _MK
    • the certificate cert _MK
  • In step 5, the SAM 24 checks the received cert cert _MK using pub _RCA , which is included in cert _RCA .
  • In step 6, the SAM 24 of the access control device 13 generates the following values:
    • the random number edge _L
    • the digital signature S _L , which serves to prove ownership of the private key privK _L : S _L = sigprivK _L (ID _MK || edge _MK || edge _L ), where the operation "||" represents a sequence of parameters.
    • a session key SK _ENC derived from LT and the random numbers: SK _ENC = deriveEnc _LT (edge _MK || edge _L )
    • a session key SK _MAC for a message authentication code (MAC) derived from LT and the random numbers: SK _MAC = deriveMac _LT (edge _L || edge _MK ) (this is different from SK _ENC because the derivation functions have distinctions) , The two session keys are used for session-specific security of the communication. This includes the integrity, the authenticity as well as the confidentiality of the subsequently transmitted data.
    • a cryptogram C _L is generated using the session key SK _MAC , ID _L and the random numbers, which is the knowledge of the lock-specific Access codes LT of the SAM 24 of the access control device 13 proves: C _L = MACsk _MAC (edge _MK || edge _L || ID _L ).
  • In step 7, the following data is transmitted to the keychain application 28 by the access control device 13:
    • the generated random number edge _L
    • the cert cert _L
    • the signature S _L
    • the access control device-side cryptogram C _L
  • In step 8, the keychain application 28 verifies the cert cert _L using pub _RCA , which is included in the certificate cert _RCA .
  • In step 9, the digital signature S _{L is} checked with the aid of the cert cert _L , which is possible because the keychain application 28 is in the possession of ID _MK and the random numbers.
  • In step 10, the keychain application 28 knows that the access control device 13 is in possession of the priv _KL key belonging to the public key in cert _L , and performs the following operations:
    • Generating a SKENC derived from LT and the random numbers: SKENC = deriveEncLT (randMK || randL)
    • Generating a session key SK _MAC derived from LT and the random numbers for a message authentication code (MAC): SK _MAC = deriveMac _LT (edge _L || edge _MK )
    • Check C _L by generating a MAC c ' _L = MACsk _MAC (edge _MK || border _L || ID _L ) and check if c' _L == C _L. If the verification is successful, the keychain application 28 knows that the access control device 13 knows LT and that it communicates using ID _L.
    • Generation of a digital signature S _MK , which serves to prove the ownership of the private key privK _MK : S _MK = sigprivK _MK (ID _L || edge _L || edge _MK ).
    • Generating a cryptogram C _MK using the session key SK _MAC , ID _MK and the random numbers: C _MK = MACsk _MAC (edge _L || edge _MK || ID _MK ). The cryptogram C _MK instructs the access control device 13 to know the lock-specific access code LT.
  • In step 11, after the generation of SK _ENC and SK _MAC, a secure channel is established on both sides. Further communication is encrypted with SK _ENC and authenticated with SK _MAC .
  • To end the authentication and authorization process, the keychain application 28 sends in step 12 C _MK , S _MK and the ID _L corresponding calendar together with the signature S _c to the access control device 13th
  • In step 13, the access control device 13 performs the following operations:
    • The access control device 13 verifies the signature S _MK with the aid of the cert cert _MK , which it has previously received, and then knows that the keychain application 28 is in possession of the private key privK _MK , which belongs to the public key pubK _MK in cert _MK . With this step, the access control device 13 has successfully authenticated the keychain application 28.
    • The access control device 13 checks C _MK by generating a MAC c ' _MK = MACsk _MAC (edge _L || edge _MK || ID _MK ) and checks if c' _MK == C _MK . If the verification is successful, the access control device 13 knows that the keychain application 28 knows LT and that it communicates authentically with MK.
    • The access control device 13 checks Calendar with the aid of s _c and the certificate cert _RCA and checks whether the keychain application 28 is now authorized. When the authorization has been established, the keyfob application 28 has been successfully authorized to operate the access control device 13.
  • To complete the protocol in step 14, status data is transmitted from the access control device 13 to the keychain application 28, and blacklist entries for ID _L , if any, are communicated to the access control device 13 and stored there.
  • When all the steps have been successfully completed, the access control device 13 may, in step 15, actuate the lock and terminate communication with the keychain application 28.

Claims (16)

1. A method for access control, in particular in buildings, in which a bidirectional data transmission between an electronic identification medium and an access control device and data processing take place, said data transmission including the transmission of access authorization data from the electronic identification medium to the access control device, wherein the access authorization data are evaluated in the access control device for determining access authorization, and a blocking means for selectively authorizing or blocking the access is actuated as a function of the determined access authorization, characterized in that said data processing comprises the authentication of the electronic identification medium based on at least one digital certificate, and said data transmission comprises the use of a key exchange or key derivation protocol so as to make available to the electronic identification medium and the access control device at least one secret, joint session key, whereupon the at least one session key is used to create a secure transmission channel between the electronic identification medium and the access control device, and that the access authorization data are transmitted via the secure channel from the electronic identification medium to the access control device, wherein the at least one session key is generated in the electronic identification medium and in the access control device based on an access-control-device-individual access code, preferably further based on a random number created by the identification medium and a random number created by the access control device and/or a sequence number created by the identification medium and a sequence number created by the access control device.
2. A method according to claim 1, characterized in that the at least one digital certificate is signed by an access control center.
3. A method according to claim 1 or 2, characterized in that the key exchange or key derivation protocol comprises generating a cryptogram by using the session key in the access control device and sending the same to the identification medium, said cryptogram being verified in the identification medium by using the session key.
4. A method according to any one of claims 1 to 3, characterized in that the access authorization data are signed by an access control center and, together with the signature, are transmitted via the secure channel from the electronic identification medium to the access control device.
5. A method according to any one of claims 1 to 4, characterized in that the data transmission takes place purely passively by loading the electromagnetic field between the electronic identification medium and the access control device.
6. A device, in particular for carrying out the method according to any one of claims 1 to 5, including an access control device with a blocking means for selectively authorizing or blocking the access, and a transceiver device for enabling a bidirectional data transmission between an electronic identification medium and the access control device, wherein the access control device includes data processing means for controlling the data transmission and for determining the access authorization based on received access authorization data, and the data processing means cooperate with the blocking means for selectively authorizing or blocking the access, characterized in that the data processing means comprise at least one microcontroller (23) and a secure access module (SAM) (24), said SAM (24) being arranged to execute cryptographic functions, and that the transceiver device (22) is disposed in a first region (20) of the access control device (13) and the SAM (24) is disposed in a second region (21) of the access control device (13).
7. A device according to claim 6, characterized in that the microcontroller (23) is disposed in the second region (21).
8. A device according to claim 6 or 7, characterized in that the microcontroller (23) connects the transceiver device (22) to the SAM (24).
9. A device according to claim 6, 7 or 8, characterized in that the first region (20) is an unprotected region and the second region (21) is a structurally protected region.
10. A device according to any one of claims 6 to 9, characterized in that the access control device (13) is configured for mounting in a door and provided with at least one first handle, e.g. a knob or a pusher, wherein the first region (20) is formed by the first handle and the second region (21) is formed by a region provided for reception in an aperture of the door leaf or by a second handle located opposite the first handle.
11. A device according to any one of claims 6 to 10, characterized in that the SAM (24) comprises authentication means to authenticate the electronic identification medium (5) based on at least one digital certificate and is programmed with a key exchange or key derivation protocol.
12. A device according to any one of claims 6 to 11, characterized in that the SAM (24) is configured and programmed to create a secure transmission channel between the electronic identification medium (5) and the access control device (13.
13. A device according to any one of claims 6 to 12, characterized in that the SAM (24) comprises an evaluation circuit for determining the access authorization based on the received access authorization data.
14. A device according to any one of claims 6 to 13, characterized in that the SAM (24) is configured as a microcontroller (23) in chip card or SIM card design, yet in particular in IC design.
15. A device according to any one of claims 6 to 14, characterized in that the SAM (24) is exchangeably received in an interface, in particular a slot.
16. A device according to any one of claims 6 to 15, characterized in that the transceiver device (22) is configured for wireless, preferably inductive, data transmission, in particular according to the NFC or RFID standard (ISO/IEC 14443).

Images