PL242627B1 - Device for translation of tags transmitted in the BLE protocol to the RFID tags and method for generation of BLE and RFID keys - Google Patents

Abstract

The device for translating tags sent in the BLE protocol into RFID tags has an antenna in the BLE standard (1), a processor with a BLE radio chip (2), a "connected tag" EEPROM memory, a card protocol emulation chip or a dedicated ASIC chip (3), an antenna RFID/inductive loop (4) and LED indicators (5). The device connects in the BLE system to the end user's mobile device, RFID card reader and access control system, SKD and communicates with a trusted third party through the user's mobile device. The method of generating BLE and RFID keys is that the user, using the MAC address of the mobile device, generates an RFID key and sends it via a trusted third party to the administrator, who, through a translator (6), generates a BLE key and encrypts the RFID key with it, and then sends BLE key to the user through a trusted third party.

Description

Description of the invention

The subject of the invention is a system for translating tags transmitted in the BLE protocol into RFID tags and a method for generating BLE and RFID keys by a trusted third party, used in particular for electronic access control.

The following systems for controlling access to rooms are known: the RFID passive tag system, the use of BLE (Bluetooth Low Energy) protocols and the use of biometric readers.

The most common system is the RFID passive tag system, where the user receives a card with an individual tag, which is interrogated by RFID readers, and if the tag from the card is paired with the tag stored in the access control system, authentication takes place. Older systems operate in the Hitag and Unique standards, and the newer ones in the Mifare and HID standards.

It is also known to use BLE protocols in access control systems, which require building a completely new access control system with readers and locks working in BLE technology.

The aim of the invention is to develop a solution based on RFID and BLE technology, which can be widely used in particular in offices, industrial premises, shops, warehouses, offices, banks, health facilities, hotels, sports and cultural facilities, in transport and public transport, in car parks or in public areas in residential buildings.

Currently, the RFID passive tag system is the most widely used, which is a barrier to the development of systems based on BLE protocols that require costly infrastructure replacement.

From the description of the invention US 9087246 B1, a selective adapter is known, i.e. a device that communicates in the BLE protocol with the user's mobile device and authenticates it in the device's BLE module. In case of successful verification, the BLE module turns on the switch that closes the circuit of the RFID module. The RFID closed circuit is read by the reader. In this solution, the RFID module has one RFID tag programmed, which means that regardless of who is the user and authenticated, the access control system registers the entry of the same person as an event. At the same time, the RFID tag assigned to a given device remains on it permanently, which requires the implementation of additional security solutions that allow you to delete the tag in a situation of potential threat. Each individual selective adapter must have its own RFID tag that needs to be entered into the access control system database, which makes the administrator's job difficult, especially since RFID tags are assigned to users in databases, not to access control readers.

The disclosed solution is applicable in the adaptation of existing access control systems using RFID technology in the following standards: Q5, EM4102, UNIQUE, Hitag1/2/S, FDX-B, Indala, HID Prox, Verichip, FlexPass, Awid (for the frequency of 125 kHz) and ISO14443A - NFC, Mifare Classic 1K/4K, Mifare Ultralight, ISO 15693 - HID iClass (at 13.56 MHz); for solutions that eliminate the need to issue and hold physical RFID cards while maintaining the existing functionality of the access control system. The device is glued to the existing RFID card reader, inductively powered and works without interfering with the use of physical cards. The device interrogated by the reader provides RFID tags individually assigned to the end user.

The essence of the invention is a system for translating tags sent in the BLE protocol into RFID tags through known devices using BLE technology, in particular telephones, tablets, computers, smartwatches, glasses and devices included in the category of the Internet of Things, which is characterized by the fact that it contains, among others . device (6) consisting of an antenna operating in the BLE standard (1), a processor with a BLE radio chip (2), a "connected tag" EEPROM memory, a card protocol emulation chip or a dedicated ASIC chip (3), an RFID reading inductive loop ( 4), at least one signaling LED (5), interconnected in such a way that the device interrogates in the BLE protocol in search of BLE devices, and after pairing receives a signal which is a BLE key; the device decrypts the received key to extract the RFID key, and then using the key, it emulates a passive RFID tag that communicates with the RFID reader of the access control system. If a given RFID key is paired with an authorized key contained in the access control system database, authentication takes place. The key is then deleted electronically from memory.

The device (6) communicates with the exchange platform, in the form of a cloud service, acting as a trusted third party (7), the end user's mobile device (8), the RFID card reader (9) and the SKD access control system (10). In the device according to the invention, the EEPROM memory (3) is used to temporarily store the RFID tag. After writing the tag, the EEPROM memory (3) together with the RFID antenna (4) emulate an RFID card, which is read by the reader (9). After reading and the appropriate event, i.e. pairing and authentication or refusal of authentication, according to the protocol written in the translator software (6), the RFID tag is deleted from the EEPROM memory (3).

The system allows you to store keys to many access control systems in one application at the same time. The use of a trusted third party secures the keys and their exchange by authorizing the user on the basis of the selected login and password and on the basis of the MAC number of the mobile device.

The translator can emulate a different card each time, according to the RFID tag assigned to a given device. The systems disclosed so far can emulate only one card with a tag assigned to the device and not to the user, according to the principle of the switch.

The essence of the invention is also a method of generating BLE and RFID keys by a trusted third party.

The end user receives the BLE private key in which the RFID tag assigned to him is encrypted. After authentication in the BLE module, the translator decrypts the RFID tag and uses it for authentication. According to the protocol written in the firmware, the RFID tag is saved in the EEPROM memory and immediately deleted after the event. Removing tags immediately prevents them from being stolen. User authentication takes place in the access control system, thanks to which the system records and reports events involving a specific user. Mounting the translator does not require the administrator to give it a specific RFID tag. The solution allows you to maintain the full functionality of the existing access control systems - each event is assigned to a specific user and reported in the existing system. At the same time, it provides further advanced access control capabilities. The method ensures a high level of security by building a private key exchange platform. A system where each administrator and each user has their own panel is a trusted third party. A trusted third party provides translators, registers them, assigns its own MAC numbers, secures and stores data in a secure cloud service container with administrator access authorization, generates BLE and RFID keys, delivers keys to selected mobile devices, verifies and renews key validity and reports.

The method of generating BLE and RFID keys by a trusted third party is characterized in that the user, using the MAC address of the mobile device (8), generates an RFID key and sends it via a trusted third party (7) to the administrator, who generates the key via a translator (6) BLE and encrypts the RFID key with it, then sends the BLE key back to the user via a trusted third party (7).

The system for translating tags sent in the BLE protocol into RFID tags and the method of generating BLE and RFID keys by a trusted third party hinders unauthorized access at a level inaccessible to existing solutions in RFID technology by using an advanced and secure authentication method using a trusted third party that performs a secure transaction confidential data between the administrator and the user using passwords deleted immediately after their use. The system and method of the invention eliminates selective adapter barriers.

The subject of the invention has been shown in the drawing, in which Fig. 1 shows a block diagram of the device for translating tags sent in the BLE protocol into RFID tags, Fig. 2 shows a block diagram of the practical use of the system in the field of access control.

Example I

The device (6) is equipped with an antenna operating in the BLE standard (1), a processor with a BLE radio chip (2), a "connected tag" EEPROM memory (3), an RFID/inductive loop antenna (4) and LED indicators (5) . The device [6] communicates/cooperates with an exchange platform, a cloud service acting as a trusted third party (7), an end user's mobile device (8), an RFID card reader (9) and an access control system, SKD (10).

Example II

Device (6) differs from example I in that it has a dedicated ASIC (3) instead of a "connected tag" EEPROM.

Example III

The device (6) differs from example I in that it has a circuit emulating the protocol of the card (3) instead of the "connected tag" EEPROM memory.

Example IV

The method of generating BLE and RFID keys by a trusted third party is that the administrator registers the device's unique a number (6) on his own administrative profile (pa) established on a trusted third party (7), and then sticks the device (6) on the reader ( 9), guided by the indication of the diode (5), signaling effective power supply. Installing the device (6) does not interfere with the operation of the existing system and still allows the use of physical RFID cards. The administrator gives the device (6) an appropriate position in the hierarchy of access, additional security and events in the administration panel. The user downloads the application(s) of the trusted third party (7) on his own mobile device (8) and registers his profile with the trusted third party (7) by sharing the MAC address (β) of the mobile device (8). A trusted third party (7) generates a confidential user profile (pu). The administrator sends an invitation (from) to the user's profile on a trusted third party (7), which notifies (from) the user through the application. By accepting the invitation, the user generates an RFID key based on the MAC address of the mobile device (8) or another number - k(e). The key contains a generated EPC code with a unique address of the data management organization reserved for a trusted third party (7) and a unique serial number generated based on MAC. The user sends the RFID key k(e) to a trusted third party (7), who forwards it to the administrator, who authorizes the RFID key k(e) sent to him in the CB access control system (10). Based on the RFID key k(β) and the registered device address (6) α, the trusted third party (7) generates a BLE communication key k(ae) and delivers it to the user's application. The user locates within range of the BLE directional antenna (1). The device (6) sends the query and the application from the mobile device (8) sends the BLE key k(«e) to the device (6). The processor (2) decrypts the RFID key k(e) and stores it in the EEPROM memory (3), which in conjunction with the RFID antenna (4) transmits the k(β) signal to the reader (9). The key from the reader (9) k(e) is then transferred to the access control system (10) and there it is paired with the key provided to the administrator k(β) by a trusted third party (7) where authentication and access to the door is opened. The access control system (10) records the event. The processor (2) removes the RFID key record from the EEPROM/processor (3) and reports the event to the application on the mobile device (8), which forwards the event information to a trusted third party (7) which can notify the user profile or administrator profile of the occurrence of the event.

Claims (5)

1. A system for translating tags sent via the BLE protocol into RFID tags, comprising a device translating tags (6) applied to an RFID card reader (9), which reader is connected to the SKD access control system (10), characterized in that it comprises also a mobile device (8) for radio communication with a trusted third party (7) that generates and stores BLE/RFID keys and manages the user account of the mobile device (8), the trusted third party (7) being connected to the access control system SKD (10), thanks to which it is possible to synchronize RFID keys, while the connection is made offline or online. 2. A system for translating tags sent via the BLE protocol into RFID tags according to claim 1, characterized in that the device for translating tags (6) comprises an antenna in the BLE standard (1) connected to a processor with a BLE radio chip (2) connected to with a chip emulating the card protocol (3), connected to the RFID antenna/inductive loop (4) and includes a LED (5) signaling the effective power supply of the device (6) superimposed on the RFID card reader (9). 3. A system for translating tags sent via the BLE protocol into RFID tags according to claim 2, characterized in that the chip emulating the card protocol (3) is a connected tag EEPROM or a dedicated ASIC. 4. A method for translating tags transmitted in the BLE protocol into RFID tags, characterized in that it is implemented in a system according to any one of claims 1-3, consisting in that the user's mobile device (8) connects via radio with a trusted third party ( 7) where the registration of the user profile takes place and that a trusted third party (7) creates PL 242627 B1 profile for the device for translating the RFID tag (6), wherein the profile is created using the device identifier (6) and associated with the profile of the authorized user, and in that the trusted third party (7) collects offline or online RFID tags from the SKD access control system (10), which are performed during the system configuration phase, then in the case of user authorization - at the request of the mobile device (8), an RFID tag from the user's profile is sent, then the mobile device (8) creates a BLE connection with the device for translating RFID tags (6), the BLE/RFID tag is sent to the device for translating RFID tags (6), where the BLE/RFID tag is translated into an RFID tag, which is then sent to the RFID card reader (9), and after user authorization is completed, the RFID tag is removed from the device for translating RFID tags (6). 5. A method for translating tags transmitted in the BLE protocol into RFID tags according to claim 4, characterized in that each user profile is associated with unique keys of the mobile device (8).