LU92861B1 - Digital lock system - Google Patents

Digital lock system Download PDF

Info

Publication number
LU92861B1
LU92861B1 LU92861A LU92861A LU92861B1 LU 92861 B1 LU92861 B1 LU 92861B1 LU 92861 A LU92861 A LU 92861A LU 92861 A LU92861 A LU 92861A LU 92861 B1 LU92861 B1 LU 92861B1
Authority
LU
Luxembourg
Prior art keywords
error
string
user
lock
error detection
Prior art date
Application number
LU92861A
Other languages
German (de)
Inventor
Armin Babaei
Davari Masoud
Arvin MossadeghPour
Original Assignee
Cryptolock Gbr
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cryptolock Gbr filed Critical Cryptolock Gbr
Priority to LU92861A priority Critical patent/LU92861B1/en
Application granted granted Critical
Publication of LU92861B1 publication Critical patent/LU92861B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Abstract

The invention pertains to a digital lock system, comprising a digital lock (LK) and a server (SRV), whereby a first registered user may lock the digital lock (LK) and may request generation of a key for locking and unlocking (AP), whereby the server (SRV), the digital lock (LK) and the first user's communication device (SPI) each comprise a public key and a private key, whereby said first registered user by usage of a user's communication device (SPI) and said digital lock (LK) each may communicate with the server (SRV), and whereby the first registered user may by usage of a user's communication device (SPI) communicate with the digital lock (LK), whereby the server (SRV) stores public keys of the digital lock (LK) and said first user communication device (SPI) as well as challenges (CLK, CSPi) for the users communication device (SPI) and the digital lock (LK1) and a response (RSPi) for the challenge for the user's communication device

Description

Digital lock system
Background
Locks and keys therefore are known since the antique. As such locks and keys are used for granting access.
Nowadays almost everybody is in possession of a plurality of keys allowing to open and/or close respective locks.
In the past, complete new schemes of renting developed. Most of these schemes relate to vehicles and allow for renting cars on a need basis either at specific points or at the point where they were left by the last renter. Most of these schemes are internet based and allow for booking of a vehicle e.g. via a pre-registered smart phone.
They same scenario may be seen in context of housing. Nowadays, it is possible to rent a flat for a certain time from the owner or main tenant via internet. But also parking space is rented via such internet based platforms.
Within all these scenarios, a key problem is the key allowing access to a vehicle, a flat, a parking lot...
This is because nobody likes to share the real key while being away but at the same time the key is necessary for having access. While large firms may have found solutions for this problem, the problem still exists for those individuals participating in such scenarios as offerer.
Typically it is not always possible to provide for a key exchange in person, e.g. because a flat is offered while being away for vacation, or a parking lot is offered while away for business.
The same problem may arise when storing goods within a safe deposit box for exchange.
Numerous attempts have been made so far but none of these attempts allowed for a reliable key exchange. However, so far it was possible to provide for a reliable and secure exchange.
It is therefore an object of the invention to provide for a new solution which circumvents the pitfalls of so far solutions.
Brief description of the invention
The object is solved by a Digital lock system, comprising a digital lock and a server, whereby a first registered user may lock the digital lock and may request generation of a key for locking and unlocking, whereby the server, the digital lock and the first user each comprise a public key and a private key, whereby said first registered user by usage of a user's communication device and said digital lock each may communicate with the server, and whereby the first registered user may by usage of a user's communication device communicate with the digital lock, whereby the server stores public keys of the digital lock and said first user as well as challenges for the user and the digital lock and a response for the challenge for the user.
Further advantageous embodiments are subject of the dependent claims and the accompanying description and figures.
BRIEF DESCRIPTION OF THE FIGURES
Fig. 1 shows a schematic flowchart of processes associated to aspects of embodiments of the invention, and
Fig. 2 shows a further schematic flowchart of further processes associated to aspects of embodiments of the invention
DETAILED DESCRIPTION
The present disclosure describes preferred embodiments with reference to the Figures, in which like reference signs represent the same or similar elements. Reference throughout this specification to "one embodiment," "an embodiment," or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases "in one embodiment," "in an embodiment," and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
The described features, structures, or characteristics of the invention may be combined in any suitable manner in one or more embodiments. In the description, numerous specific details are recited to provide a thorough understanding of embodiments of the invention. I.e., unless indicated as alternative only any feature of an embodiment may also be utilized in another embodiment.
In addition, even though at some occurrences certain features will be described with reference to a single entity, such a description is for illustrative purpose only and actual implantations of the invention may also comprise one or more of these entities. I.e. usage of singular also encompasses plural entities unless indicated.
In the following we will first refer to a general lock system and later-on exemplify certain use cases which may benefit from the described inventive technology.
The digital key system according to the invention may be based on so called PUF technology. PUF technology - so called physical unclonable functions -, which are typically implemented in hardware. PUFs represent an innovative primitive which may be used for authentication and secret key storage without the requirement of secure EEPROMs and other expensive hardware. This is achieved, because - instead of storing secrets in digital memory - PUFs derive a secret from the physical characteristics of an integrated circuit. This physical characteristic is corresponding to a fingerprint of a human. PUF technology is based on challenge response authentication. Each PUF can be modeled as a blackbox challenge-response system.
In other words, a PUF is passed an input challenge c, and returns a response r =f(c) as a function of the challenge c. E.g. In a system there are parties SP1 and SP2. Suppose that SP1 has challenge-response list of SP2. Hence, when SP1 sends a challenge "c" to SP2, and SP2 runs the function f(c) leading to the response "r", SP1 will authenticate SP2 if the response is "r".
With this understanding one may turn towards a situation where a user wants to use a lock.
In the invention, the user has a smart device, preferably being hardware enabled to provide PUF functionality. However, this is no pre-condition. Such a smart device may be a smart phone, a tablet computer or any other kind device which allows for communicating with a server and a lock as will be described later-on.
Now suppose that the three (electronic) parties in this scenario, the server SRV, the (user's) smart phone SP1 and the digital lock LK each comprise associated public and private keys.
To distinguish these keys, said keys are displayed in the figures by respective shadings, i.e. the public key Pul of the server SRV is indicated by hatching from bottom left to top right will the private key Prl of the server SRV is indicated by hatching from top left to bottom right. The public key Pu2 of the smart phone SP1 is indicated by horizontal lines while the private key Pr2 of the smart phone SP1 is indicated by vertical lines. The public key Pu3 of the digital lock LK is indicated by a chess pattern while the private key Pr3 of the digital lock LK is indicated by a dotted pattern.
Within the invention digital locks LK may be sold for different purposes.
We now assume that a first user has acquired such an inventive digital lock LK.
The first user needs to register to a server SRV.
This can be done by a registration process as follows. The first user may use his smart phone SP1 and download an application, e.g. from an application store. The link thereto may be published or may be provided in a step 100 along with a digital lock, either electronically, or printed (e.g. a QR code) on the digital lock LK itself or on packing thereof. E.g. such a link may be provided via a respective wired (e.g. USB or the like) or wireless interface (e.g. NFC).
Registration may be based on a unique user name and may also be secured by a password.
The user's smart phone SP1 may allow for PUF by means of an integrated circuit. If no such PUF functionality is provided, additional security may be provided by a combination of cloud services and intrinsic device characteristics (IMEI code, phone Number, User's Fingerprint, etc.)
Next, in a step 200 a challenge CSpi and response RSPi pair is generated on the smart phone SP1 (e.g. by the app).
The generated challenge and response pair C/RSP1 is encrypted by public key Pul and forwarded to the server SRV in a step 300. I.e. the server now knows the challenge and response pair C/RSPiof the user's smart phone SP1. This challenge and response pair C/RSPi is stored. We will refer to this challenge and response pair C/RSPi also as "MPUF Package". Additionally or within a separate step the public key Pu2 is transferred to the server SRV and may be stored there.
Now the smart phone may be used within the invention.
Next we assume that the lock shall be registered into the system.
This can be done by a registration process as follows. The first user may use again his smart phone SP1 and connect with the digital lock LK. This may be embodied in separate steps 400 and 500 or may be integrated into a connection as detailed above with respect to step 100.
While connecting, the smart phone SP1 of the user acquires an identification of the lock LK|D and the public key PU3 of the digital lock.
The public key PU3 may be published or may be provided in a step 100 along with a digital lock, either electronically, or printed (e.g. a QR code) on the lock itself or on packing thereof. E.g. such a link may be provided via a respective wired (e.g. USB or the like) or wireless interface (e.g. NFC).
Now, as the smart phone SP1 is in possession of the public key Pu3 of the digital lock, said public key may be forwarded in step 600 towards the server SRV. Again said step may be embodied as a separate step or may be integrated into step 300.
It may also be foreseen that the forwarded public key Pu3 of the digital lock LK is encrypted by the public key Pul of the server SRV either by the digital lock itself (step 500) or by the smart phone SP1 (step 100 respectively 600). We will refer to this as "SPLUF1 Package"
In order to be able to use the digital lock LK, the digital lock LK is initialized for usage by the first user.
Therefore, the server SRV generates and stores a challenge CLK. The challenge is CLK encrypted at least by the public key Pu3 and forwarded to the first user's smart phone SP1 in a step 700.
Obviously, said forwarded message may be super-encrypted by the public key Pu2 of the smart phone SP1. If it is additionally encrypted, it will be decrypted by the private key Pr2 of the smart phone after receipt.
The smart phone SP1 then forwards in step 800 the encrypted challenge towards the digital lock via a respective communication means. The digital lock in turn decrypts the challenge CLKand performs the respective function thereby generating the response RLK. The response RLK is encrypted by the public key Pul of the server and forwarded to the smart phone SP1 in step 900.
Obviously, said forwarded message may be super-encrypted by the public key Pu2 of the smart phone SP1. If it is additionally encrypted, it will be decrypted by the private key Pr2 of the smart phone SP1 after receipt. The digital lock LK may have acquired the public key Pu2 of the smart phone SP1 in step 400 and/or 800.
The smart phone SP1 forwards the encrypted message towards the server SRV in step 1000.
Now the server SRV is in possession of challenge and response pairs for the smart phone C/RSPi and for the lock C/RLK.
For usage of the digital lock, the server now generates an access package for the user. This access package comprises: • challenge response pair C/RSP of the smart phone SP1, whereby the C/RSP is encrypted by response RLK of the digital lock • challenge of the lock CL«
The access package itself is encrypted by the public key Pu3 of the digital lock LK.
This access package is forwarded to the user's smart phone SP1 in step 1100.
Obviously, said forwarded message may be super-encrypted by the public key Pu2 of the smart phone SP1. If it is additionally encrypted, it will be decrypted by the private key Pr2 of the smart phone SP1 after receipt.
Now having detailed aspects relating to the registration of the user, smart phone and lock as well as initialization of a lock for usage by a user, we may now turn to the actual locking/unlocking procedures.
These procedures are from the perspective of the system similar and will be detailed with reference to figure 2.
We assume that the Access Package (provided in step 1100) is stored in the first user's smart phone SP1.
Now the smart phone SP1 is brought into connection (wired or wireless) to the digital lock LK and the Access Package AP is transferred to the digital lock in step 2100.
The digital lock LK deciphers in step 2300 the access package by use of the private key Pr3 of the digital lock LK. The result of this process is the challenge CLK and the still encrypted challenge/response pair of the smart phone SP1.
Using the challenge - response function with the challenge CLK will result again in the response RLK.
Using the response RLK for deciphering of the still encrypted challenge/response pair of the smart phone SP1 will lead in step 2400 to the challenge/response pair C/RSPi.
Now that the digital lock knows the challenge/response pair C/RSP1of the user's smart phone SP1, the digital lock LK responds in step 2500 with the challenge CSPi.
Obviously, said forwarded message may be encrypted by the public key Pu2 of the smart phone SP1. If it is additionally encrypted, it will be decrypted by the private key Pr2 of the smart phone SP1 after receipt.
The smart phone SP1 will generate a response RSpito the challenge CSPi in step 2600 and forward the result to the digital lock in step 2700.
Obviously, said forwarded message may be encrypted by the public key Pu3 of the digital lock. If it is additionally encrypted, it will be decrypted by the private key Pr3 of the digital lock after receipt.
The digital lock compares the received result RSPi with the expected result contained in the deciphered challenge/response pair C/RSP1. In case of a match a locking/unlocking operation is authorized, in case of mismatch no operation is allowed.
As such a user may have a plurality of digital locks associated to him. The respective access packages may be stored in the smart phone SP1 of the users.
Also a plurality of users may be equipped with access to a same digital lock as is apparent from the above. In this case after all users are registered it is only necessary to provide user specific access packages towards the respective users, e.g. an access package with respect to a first user's smart phone SP1 and another access package with respect to a second user's smart phone SP2. E.g. a user may grant access by allowing generation of access keys via the server SRV.
It is to be appreciated that the access packages may provide for additional features. E.g. an access package may contain information with respect to a certain number of locking operations, a certain time within said access package may validly be used, etc.
Even though described with reference to a smart phone, there might also be cases where there are other means available. E.g. in emergency cases, in which a smart phone might not be accessible, a programmable digital key may be provided. Such a digital key may (as well as the digital lock) comprise a PUF integrated circuit. This digital key may also be replaced as detailed above by another smart phone.
To program the digital key it can be connected to smart phone, laptop or desktop via USB. The digital key may be used as a Master key or "Mainkey". "Mainkey" will be replaced by all of keys in key chain. By using "Mainkey" as backup key, user can be sure that he/she will never be locked out. Each Mainkey is unique. The technology behind Mainkey makes duplicating nearly impossible. I.e. by using Mainkey as backup key, this backup key cannot be copied by hackers and thieves. Mainkey may contain a rechargeable backup battery and/or a micro USB port. By connecting micro USB port to smart phone SP1, the smart phone may even be charged.
Preferably such a Main Key for a digital lock comprises a display for showing e.g. location information of digital locks LK able to be un-locked by the key.
Imagine a first user wants to share his key with a second user. To transfer an access package to the second smart phone SP2, the following steps may be performed:
The first user connects his backup digital key "Main key" to any smart phone (e.g. via micro USB or Bluetooth). The server will authenticate backup digital key by running a challenge response process. The connection of backup key to server is via smart phone or Laptop( By SMS or Online). After running this process, the first user is allowed to request the server to generate an access package for the second user. The server generates an access package for the second user's smart phone SP2 based on respective data stored on the server.
Note, communication of the digital lock LK and a user's communication device SP1, SP2 may be wired, e.g. via a respective interface such as (micro-) USB and/or wireless. In case of a wireless communication, near field communication, such as NFC, RFID, ZigBee, Bluetooth, Bluetooth low energy, WLAN etc. is preferred.
In addition the digital lock LK may also be equipped in certain scenarios, such as usage for locking vehicles, with a second alternative communication device.
Said second communication device is different from the first communication device. Preferably said second communication device allows for accessing the server respectively allows the server SRV to directly access the digital lock LK. E.g. the second communication device may allow access to a mobile communication system such as the GSM, UMTS, LTE system or any other comparable mobile communication system allowing for data transport.
Furthermore, in some embodiments the digital lock may also be tracked with respect to its location. Tracking may be performed by an integrated location detector such as a GPS system within the digital lock LK and/or by usage of location information derived from the first and or second communication system, e.g. via triangulation, delay measurements, etc.
Still further, the digital lock may also comprise one or more sensors allowing for detecting theft attempts. Such sensors may be pressure sensors measuring sharp pressure changes but also location sensors indicating a certain displacement. Such sensors may also sense integrity of certain parts of a vehicle and may be integrated into the vehicle. In case a theft attempt is detected, such a theft attempt may be reported to the registered user SP1, security and/or the person attempting theft.
Additionally the digital lock LK may further comprise alarm equipment, whereby the alarm equipment is activated when a theft attempt is detected. Such detection may be performed locally and stand-alone or it may be alternatively or additionally be performed within or by a communication network or by the server SRV.
Suppose the digital lock LK is a lock used for a vehicle such as a bicycle. In such cases it may be beneficial if the digital lock LK further comprises a lamp. Preferably, the lamp is equipped with a detector for detecting ambient light conditions, whereby the lamp is switched on in response to a detected lack of ambient light.
As such a digital lock may be used in connection with any kind of vehicle such as a land craft, an air craft or a sea craft.
Usage of a digital lock system with respect to a vehicle will be further described with respect to a digital bike lock.
The digital bike lock LK may be used by users to lock / unlock bicycles with any smart phone SP1.
The communication between lock LK and smart phone SP1 may be provided by Bluetooth Low Energy. A user - by installing and using the respective app - may be granted access to a map in order to find a bike at a certain location. The location may also be provided to track an individual bike.
This digital bike lock LK may be equipped with Internet access via first and/or second communication means and a GPS device, thus bikes can be easily traced to create a new access and also remove an access to a bike.
Imagine user "A" wants to get a bike to go from point "Al" to "A2", he would checkout the mobile application and find a nearest bike around "Al", then he will purchase a digital code from the server SRV via a mobile app. The digital access code is limited to a certain time interval, when users don't extend the access time the code will be automatically revoked.
The digital bike lock LK may also benefits from anti-theft functionality. E.g. there may be sensors provided e.g. in the chain and/or the frame of the lock which detect temperature and pressure changes and thereby activate a respective sensor leading e.g. to an alarm buzzing and may also trigger a notification towards the owner of the bike.
In addition to the theft alarm, the sensors may also be beneficial to detect crashes.
Imagine a kid sing a bike equipped with a digital bike lock LK according to the invention. Such a bike may easily be customized by the supervising persons, such as the parents. E.g. in case of danger, such as a detected accident, a certain person may automatically be informed of the location of the accident event. Also it may be provided for a certain allowed range within which the children may move. If the digital bike lock is detected to be outside of the allowed range, the digital bike lock LK and/or the server SRV may activate a respective notice towards the supervising person. Obviously, such functionality may not only be beneficial for underage persons but also for grown up persons.
In some embodiments, the digital bike lock LK may also be equipped with energy storage such as a (super) capacitor, rechargeable batteries, etc.
Furthermore, in some embodiments of the digital bike lock LK the energy storage allows for powering by energy harvesting, such as energy harvesting from mechanical energy, solar power e.g. via respective solar cells, a DC generator being arranged for powering a head light of the bicycle, piezoelectricity, etc.
Obviously, by usage of the digital bike lock LK according to the invention also sharing of a bike is enabled. I.e. as described before a first user may trigger the generation of an access package for a second user and thereby allow usage of the bike.
It is noted that knowledge about the type of digital lock also may be beneficial in the analysis of habits of users.
For instance, one may deduce where bikes are accumulating, how many km are travelled in a certain time, where bikers go mostly to visit, where bikers eat food, ....
But the digital bike lock is not only beneficial for individuals but may also be used in renting scenarios as will be highlighted in the following.
Suppose there is a bike retailer owning a plurality of bikes equipped with digital bike locks LK according to the invention. The retailer may than monitor all bikes e.g. via a web based application. At a certain moment a user searches via his smart phone app for a nearest bike location. Then he rents a bike through his mobile application for 1.5 hour. The renting process leads to the generation of an access package AP as detailed above, which will be forwarded to the user.
The user goes to the bike and by connecting his mobile phone to the digital bike lock LK, the digital bike lock LK will be opened in the manner as described above.
Suppose that twilight is beginning, the lamp integrated into the digital bike lock may be activated.
After the pre-booked time the user is warned that the booked time is over. The user may then lock the digital bike lock LK again by use of the smart phone and the access package. Once locked, the position of the bike may be updated either by the user's smart phone and or by the digital bike lock LK via a respective communication interface itself.
Suppose another use case. Here, we assume that the digital lock LK is for a safe within a digital lock system. Again the digital lock LK is enabled for communicating with a communication device SP1 of a user via a near filed communication system. Near filed communication near field communication may be embodied e.g. as NFC, RFID, ZigBee, Bluetooth, Bluetooth low energy, WLAN etc.
The user may by use of the communication device SP1 and the access package AP lock/un-lock the digital lock LK of the safe via communicating with the digital lock LK via the near field communication system. In case the digital lock authenticates the challenge and response of the user's communication device SP1 physical access to the safe compartment is allowed in step 2800.
Again the digital lock LK may be equipped with a second communication device allowing for access of a wireless communication system.
Said second communication device is different from the first communication device. Preferably said second communication device allows for accessing the server respectively allows the server SRV to directly access the digital lock LK. E.g. the second communication device may allow access to a mobile communication system such as the GSM, UMTS, LTE system or any other comparable mobile communication system allowing for data transport.
Furthermore, in some embodiments the digital lock may also be tracked with respect to its location. Tracking may be performed by an integrated location detector such as a GPS system within the digital lock LK and/or by usage of location information derived from the first and or second communication system, e.g. via triangulation, delay measurements, etc.
Still further, the digital lock may also comprise one or more sensors allowing for detecting theft attempts. Such sensors may be pressure sensors measuring sharp pressure changes but also location sensors indicating a certain displacement. In case a theft attempt is detected, such a theft attempt may be reported to the registered user SP1, security and/or the person attempting theft.
Additionally the digital lock LK may further comprise alarm equipment, whereby the alarm equipment is activated when a theft attempt is detected. Such detection may be performed locally and stand-alone or it may be alternatively or additionally be performed within or by a communication network or by the server SRV.
The digital lock LK may further comprise a shaft movable relative to the housing, the digital lock further comprising a compartment for storing physical subjects.
The housing itself may also comprise means for recognizing objects such that the stored physical objects, e.g. a physical key allowing access to an apartment, may be removed temporarily, and integrity of returned physical key is ensured. E.g. imagine another authorized user is using a first user's physical key stored in the safe. Then the first user can be sure that a physical key put back into the storage compartment is the same as the one which has been put in there by the first user.
Means for recognizing may be optical means such as a (light field) camera and/or a scale weighing a key, just to mention some.
That is, by means of the invention a first user may share his physical key with another user, even though there is no physical access to a person in a manner of time and location. Using a digital lock for a safe according to the invention allows users to lock their key inside the safe compartment. Location of the Digital lock LK comprising the physical key may be determined as detailed above. The location and the generated access package AP for the second user may then be send to the second user for accessing the digital lock safe LK. This digital lock safe LK may again use different energy harvesting methods such as solar cell and DC generator which promises the long life time of the digital lock safe LK.
In another scenario, the digital lock LK is intended for a door within a digital lock system.
Again the digital lock LK is enabled for communicating with a communication device SP1 of a user via a near filed communication system. Near filed communication near field communication may be embodied e.g. as NFC, RFID, ZigBee, Bluetooth, Bluetooth low energy, WLAN etc.
The user may by use of the communication device SP1 and the access package AP lock/un-lock the digital lock LK of the safe via communicating with the digital lock LK via the near field communication system. In case the digital lock authenticates the challenge and response of the user's communication device SP1 opening of the door is allowed in step 2800.
Again the digital lock LK may be equipped with a second communication device allowing for access of a wireless communication system.
Said second communication device is different from the first communication device. Preferably said second communication device allows for accessing the server respectively allows the server SRV to directly access the digital lock LK. E.g. the second communication device may allow access to a mobile communication system such as the GSM, UMTS, LTE system or any other comparable mobile communication system allowing for data transport.
Still further, the digital lock LK may also comprise one or more sensors allowing for detecting housebreaking attempts. Such sensors may be pressure sensors measuring sharp pressure changes but also location sensors indicating a certain displacement. In case a housebreaking attempt is detected, such a theft attempt may be reported to the registered user SP1, security and/or the person attempting theft.
Additionally the digital lock LK may further comprise alarm equipment, whereby the alarm equipment is activated when a housebreaking attempt is detected. Such detection may be performed locally and stand-alone or it may be alternatively or additionally be performed within or by a communication network or by the server SRV.
By usage of the digital door lock LK in the form of a conventionally shaped locking cylinder, ease replacement of the new technology for standard locking cylinders is ensured thereby allowing for easy upgrade. Thereby users are enabled to lock and unlock the door with their mobile app.
This digital lock LK is equipped with internet connectivity, and Bluetooth low energy communication. Users may communicate with the device via their smart phone app and also through the web based application. Simply, when a user is close to the door, the digital lock may be unlocked.
Again, a user may grant access to another user by instructing the Server SRV to generate an access package AP for the second user.
In all of the above described embodiments, the digital lock LK may further comprise a physical I/O interface allowing for wired access to the digital lock for locking /unlocking operations. E.g. when a user's smart phone SP1 is out of battery, he may directly connect the smart phone SP1 to the physical I/O interface such as an USB port provided in the digital lock LK and therefore the use will be enabled to unlock / lock the digital lock LK.
As is apparent from the above, the digital lock system may be practiced in different scenarios. I.e. a first user may use his Smart Phone for locking/unlocking e.g. vehicles equipped with a digital lock according to the invention while at the same time he may provide access to a second user to his flat by use of a digital door look LK according to the invention.
Hence, by the invention a secure and reliable exchange of keys among different users having different needs is provided.
The inventive system allows for added functionality such as increased security options and allows for new business models.

Claims (8)

Übersetzung der AnsprücheTranslation of the claims 1. Verfahren zum Kodieren eines binären Strings (SB), aufweisend die Schritte: • empfangen des binären Bitstrings (SB), • wandeln des binären Bitstrings (SB) in einen ternären String (STi, ST2,... STN), wobei jeder ternäre String eindeutig durch eine Sequenz von zwei Nukleinbasen, ausgewählt aus der Gruppe aufweisend Adenin (A), Cytosin (C), Thymin (T) und Guanin (G), repräsentiert ist, • wobei für jeden aufeinanderfolgenden ternären String (STi, ST2, - STN) eine Fehlererkennungs-Nukleinbase (ETi, ET2, - ETN) aus der Gruppe aufweisend Adenin (A), Cytosin (C), Thymin (T) und Guanin (G) ausgewählt wird, wobei jeder ternäre String und seine ausgewählte Fehlererkennungs-Nukleinbase einen fehlergeschützten Block bilden, • wobei die Fehlererkennungs-Nukleinbase gemäß einen Auswahlschema ausgewählt ist, welches zumindest einen vorherigen fehlergeschützten Block in Betracht zieht, falls vorhanden.A method of encoding a binary string (SB), comprising the steps of: • receiving the binary bit string (SB), • converting the binary bit string (SB) into a ternary string (STi, ST2, ... STN), each one ternary string is uniquely represented by a sequence of two nucleobases selected from the group comprising adenine (A), cytosine (C), thymine (T) and guanine (G), • where for each successive ternary string (STi, ST2, - STN) an error detection nucleic base (ETi, ET2, - ETN) is selected from the group comprising adenine (A), cytosine (C), thymine (T) and guanine (G), each ternary string and its selected error detection Nucleus bases form an error-protected block, wherein the error-detection nucleus base is selected according to a selection scheme which takes into account at least one previous error-protected block, if present. 2. Verfahren gemäß Anspruch 1, wobei das Muster TTT oder GGG oder CCC oder AAA ist.2. The method according to claim 1, wherein the pattern is TTT or GGG or CCC or AAA. 3. Verfahren zum Dekodieren eines binären Strings (SB), wobei der binäre String als ein ternärer String (STi, ST2, - STN) kodiert ist, aufweisend die Schritte: • empfangen von drei aufeinanderfolgenden Nukleinbasen, welche einen fehlergeschützten Block (Βυ B2,... BN) bilden, wobei jede Nukleinbase aus der Gruppe aufweisend Adenin (A), Cytosin (C), Thymin (T) und Guanin (G) ausgewählt ist, wobei die erste und die zweite Nukleinbase Information repräsentieren und die dritte Nukleinbase eine Fehlererkennungs-Nukleinbase repräsentiert, • überprüfen jedes fehlergeschützten Blocks (Bn B2,... BN) auf Basis der ersten und zweiten Nukleinbase und einer hierzu erwarteten Fehlererkennungs-Nukleinbase und der empfangenen Fehlererkennungs-Nukleinbase, ob der Block (Bi, B2,... BN) fehlerfrei ist, • wobei die erwartete Fehlererkennungs-Base gemäß einen Auswahlschema ausgewählt ist, welches zumindest einen vorherigen fehlergeschützten Block in Betracht zieht, falls vorhanden, • für jeden fehlerfreien Block (B1; B2,... BN) wandeln der ersten beiden Nukleinbasen in einen binären Bitstrings.A method of decoding a binary string (SB), wherein the binary string is encoded as a ternary string (STi, ST2, -STN), comprising the steps of: • receiving three consecutive nucleobases containing an error-protected block (Βυ B2, BN), wherein each nucleobase is selected from the group comprising adenine (A), cytosine (C), thymine (T) and guanine (G), wherein the first and the second nucleic base represent information and the third nucleic base represents one Error detection nucleic base represents, • check each error-protected block (Bn B2, ... BN) based on the first and second Nucleinbase and an expected error detection Nukleinbase and the received error detection Nukleinbase whether the block (Bi, B2, .. BN) is error-free, wherein the expected error detection base is selected according to a selection scheme which takes into account at least one previous error-protected block, if any, for each error-free block (B1; B2, ... BN) convert the first two nucleobases into a binary bit string. 4. Verfahren gemäß Anspruch 1, wobei das Muster TTT oder GGG oder CCC oder AAA ist.4. The method according to claim 1, wherein the pattern is TTT or GGG or CCC or AAA. 5. Verfahren gemäß Anspruch 3 oder 4, wobei zumindest 5 aufeinanderfolgende Nukleinbasen empfangen werden, wobei für die erste und zweite empfangene Nukleinbase eine erwartete Fehlererkennungs-Base bestimmt wird und mit der dritten empfangenen Nukleinbase verglichen wird, wobei für die zweite und dritte empfangene Nukleinbase eine erwartete Fehlererkennungs-Base bestimmt wird und mit der vierten empfangenen Nukleinbase verglichen wird, wobei für die dritte und vierte empfangene Nukleinbase eine erwartete Fehlererkennungs-Base bestimmt wird und mit der fünften empfangene Nukleinbase verglichen wird, wobei wenn eine erwartete Nukleinbase nicht mit der empfangenen Nukleinbase übereinstimmt die entsprechenden Nukleinbasen nicht als Blockbildend gelten.The method of claim 3 or 4, wherein at least 5 consecutive nucleobases are received, wherein for the first and second received nucleic base an expected error detection base is determined and compared with the third received nucleobase, wherein for the second and third received nucleobase a expected error detection base is determined and compared to the fourth received nucleic base, wherein for the third and fourth received nucleic base an expected error detection base is determined and compared with the fifth received nucleic base, wherein if an expected nucleic base does not match the received nucleic base the corresponding nucleic bases are not regarded as blocking. 6. Verfahren gemäß Anspruch 3 oder 4 oder 5, wobei eine Vielzahl von Repräsentationen eines selben Blocks empfangen werden, wobei fehlerhafte Repräsentationen durch fehlerfreie Repräsentationen ersetzt werden.A method according to claim 3 or 4 or 5, wherein a plurality of representations of a same block are received, wherein erroneous representations are replaced by error-free representations. 7. System zum Kodieren eines binären Strings (SB), aufweisend • Mittel zum Empfangen des binären Bitstrings (SB), • Mittel zum Wandeln des binären Bitstrings (SB) in einen ternären String (STi, ST2, - STN), wobei jeder ternäre String eindeutig durch eine Sequenz von zwei Nukleinbasen, ausgewählt aus der Gruppe aufweisend Adenin (A), Cytosin (C), Thymin (T) und Guanin (G), repräsentiert ist, • wobei für jeden aufeinanderfolgenden ternären String (ST1, ST2,... STN) eine Fehlererkennungs-Nukleinbase (ETi, Et2, - ETn) aus der Gruppe aufweisend Adenin (A), Cytosin (C), Thymin (T) und Guanin (G) ausgewählt wird, • wobei jeder ternäre String und seine ausgewählte Fehlererkennungs-Nukleinbase einen fehlergeschützten Block B1( B2,... BN) bilden, • wobei die Fehlererkennungs-Nukleinbase gemäß einen Auswahlschema ausgewählt ist, welches zumindest einen vorherigen fehlergeschützten Block in Betracht zieht, falls vorhanden.A system for encoding a binary string (SB), comprising: means for receiving the binary bit string (SB), means for converting the binary bit string (SB) into a ternary string (STi, ST2, STN), each ternary String is uniquely represented by a sequence of two nucleobases selected from the group comprising adenine (A), cytosine (C), thymine (T) and guanine (G), • where for each successive ternary string (ST1, ST2 ,. .. STN) an error detection nucleinase (ETi, Et2, - ETn) is selected from the group comprising adenine (A), cytosine (C), thymine (T) and guanine (G), where each ternary string and its selected Error detection nucleobase forming an error-protected block B1 (B2, ... BN), wherein the error-detection nucleebase is selected according to a selection scheme which takes into account at least one previous error-protected block, if any. 8. System zum Dekodieren eines binären Strings (SB), wobei der binare String als ein ternären String (STX, ST2, - STn) kodiert ist, aufweisend • Mittel zum Empfangen von drei aufeinanderfolgenden Nukleinbasen, welche einen fehiergeschützten Block(Bl, B2,... BN) bilden, wobei jede Nukleinbase aus der Gruppe aufweisend Adenin (A), Cytosin (C), Thymin (T) und Guanin (G) ausgewählt ist, wobei die erste und die zweite Nukleinbase Information repräsentieren und die dritte Nukleinbase eine Fehlererkennungs-Nukleinbase repräsentiert, • Mittel zum Überprüfen jedes fehlergeschützten Blocks (Bl, B2,... BN) auf Basis der ersten und zweiten Nukleinbase und einer hierzu erwarteten Fehlererkennungs-Nukleinbase und der empfangenen Fehlererkennungs-Nukleinbase, ob der Block (Bl, B2,... BN) fehlerfrei ist, • wobei die erwartete Fehlererkennungs- Base gemäß einen Auswahlschema ausgewählt ist, welches zumindest einen vorherigen fehlergeschützten Block in Betracht zieht, falls vorhanden, • Mittel zum Wandeln der ersten zwei Nukleinbasen in einen binären Bitstrings.A system for decoding a binary string (SB), said binary string being encoded as a ternary string (STX, ST2, STn), comprising: means for receiving three consecutive nucleobases containing a block (B1, B2, BN), wherein each nucleobase is selected from the group comprising adenine (A), cytosine (C), thymine (T) and guanine (G), wherein the first and the second nucleic base represent information and the third nucleic base represents one Error detection nucleic base represents, • means for checking each error-protected block (Bl, B2, ... BN) based on the first and second Nukleinbase and an expected error detection Nukleinbase and the received error detection Nukleinbase whether the block (Bl, B2 , ... BN) is error-free, where the expected error detection base is selected according to a selection scheme which takes into account at least one previous error-protected block, if present, Means for converting the first two nucleobases into a binary bitstring.
LU92861A 2015-10-30 2015-10-30 Digital lock system LU92861B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
LU92861A LU92861B1 (en) 2015-10-30 2015-10-30 Digital lock system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
LU92861A LU92861B1 (en) 2015-10-30 2015-10-30 Digital lock system

Publications (1)

Publication Number Publication Date
LU92861B1 true LU92861B1 (en) 2017-05-02

Family

ID=54849680

Family Applications (1)

Application Number Title Priority Date Filing Date
LU92861A LU92861B1 (en) 2015-10-30 2015-10-30 Digital lock system

Country Status (1)

Country Link
LU (1) LU92861B1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110313922A1 (en) * 2009-06-22 2011-12-22 Mourad Ben Ayed System For NFC Authentication Based on BLUETOOTH Proximity
US20150067792A1 (en) * 2013-08-27 2015-03-05 Qualcomm Incorporated Owner access point to control the unlocking of an entry

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110313922A1 (en) * 2009-06-22 2011-12-22 Mourad Ben Ayed System For NFC Authentication Based on BLUETOOTH Proximity
US20150067792A1 (en) * 2013-08-27 2015-03-05 Qualcomm Incorporated Owner access point to control the unlocking of an entry

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"USA", 1 January 1997, CRC PRESS LLC, USA, article MENEZES ET AL: "Handbook of Applied Cryptography - Chapters10,13", XP055252492 *

Similar Documents

Publication Publication Date Title
CN102196431B (en) Internet of things application scene-based protection method of privacy query and private identity verification
US8078885B2 (en) Identity authentication and secured access systems, components, and methods
US20060085847A1 (en) Locking system and locking method
CN108009830A (en) Products in circulation tracking and system based on block chain
CN107438230A (en) Safe wireless ranging
JP5706029B1 (en) Apparatus and method for lending and returning rental object to user by input of dynamic encryption by user
CN107689097A (en) Synchronizing Passwords generation and checking system and its application based on frequency hopping
CN116318617B (en) Medical rescue material charity donation method based on RFID and blockchain
JP2017073158A (en) Rental system and rental method
CN109147103A (en) dynamic password intelligent unlocking system and method
US11395145B2 (en) Systems and methods of electronic lock control and audit
JP6593958B2 (en) Rental system
Wazid et al. Blockchain-envisioned secure authentication approach in AIoT: Applications, challenges, and future research
CN107424259B (en) Order processing method, smart lock, sharing articles and the system of sharing articles
US20220020235A1 (en) Blockchain-controlled and location-validated locking systems and methods
LU92861B1 (en) Digital lock system
NL2013502B1 (en) A method for providing a user authorization allowing operating a lock selected from a series of locks, and a lock system.
JP6054562B2 (en) Rental system
JP6600441B2 (en) Rental system
CN114333115B (en) Unlocking method and device based on dynamic password, electronic lock device and control system
Gala et al. Electric Bike Security: Biometric & GPS Integration for Intrusion Detection
JP6873524B2 (en) Rental system
JP6831956B2 (en) Rental system and rental method
JP6799868B2 (en) Rental system
Chhabria et al. Online Voting System using Blockchain

Legal Events

Date Code Title Description
FG Patent granted

Effective date: 20170502