WO2021009641A1 - A structure accesses unlocking system and associated method - Google Patents

A structure accesses unlocking system and associated method Download PDF

Info

Publication number
WO2021009641A1
WO2021009641A1 PCT/IB2020/056511 IB2020056511W WO2021009641A1 WO 2021009641 A1 WO2021009641 A1 WO 2021009641A1 IB 2020056511 W IB2020056511 W IB 2020056511W WO 2021009641 A1 WO2021009641 A1 WO 2021009641A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
code
control unit
access
portable electronic
Prior art date
Application number
PCT/IB2020/056511
Other languages
French (fr)
Inventor
Manfred Olaf CARUSO
Paolo Ferrari
Andrea VIZZARI
Stefano MARCHINA
Original Assignee
Matichotels Srl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matichotels Srl filed Critical Matichotels Srl
Priority to EP20750731.0A priority Critical patent/EP3997674A1/en
Publication of WO2021009641A1 publication Critical patent/WO2021009641A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • G07C2009/00238Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • G07C2009/00238Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed
    • G07C2009/00246Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed periodically, e.g. after a time period
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • G07C2009/00785Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by light
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • G07C2009/00793Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by Hertzian waves
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • G07C2009/0088Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed centrally
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/08With time considerations, e.g. temporary activation, valid time window or time limitations
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/60Indexing scheme relating to groups G07C9/00174 - G07C9/00944
    • G07C2209/63Comprising locating means for detecting the position of the data carrier, i.e. within the vehicle or within a certain distance from the vehicle
    • G07C2209/64Comprising locating means for detecting the position of the data carrier, i.e. within the vehicle or within a certain distance from the vehicle using a proximity sensor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks

Definitions

  • the present invention relates to the field of access control systems and in detail refers to a structure accesses unlocking system and a method of authentication and access to structures or buildings.
  • a system (1 ) of unlocking of accesses (2) of a structure comprising:
  • an interface (4a) to a portable electronic device (5) said interface (4a) being configured for detecting the presence of a portable electronic device (5) in proximity of the interface (4a) itself, said interface (4a) comprising a receiving stage configured for receiving at least an authentication signal or code (20, 21 ), for the request of authorization for the unlock of an access control device (3), by said portable electronic device (5);
  • control unit (4) conceived for being in use operatively connected to an access control device (3), wherein:
  • control unit (4) comprises a server interface (4c), configured for automatically retransmitting the authentication signal or code (20, 21 ) to a remote server (6) and for waiting an authorization signal (10e) from said server (6);
  • control unit (4) is configured for causing at least an unlock of the access control device (3) at the reception of an authorization signal (10e) from the server (6).
  • control unit (4) is configured for: at first automatically retransmitting said authentication signal or code (20, 21 ) received by the portable electronic device (5), and/or an access authorization code contained in the authentication signal or code (20, 21 ) received by the portable electronic device (5) to the server (6) and subsequently for waiting for the reception of said authorization signal (10e) from the server (6).
  • said authentication signal or code (20, 21 ) in turn comprises an alphanumeric type access authorization code.
  • control unit (4) is configured for being mechanically connected to the access control device (3) and/or is configured for being electrically connected to a servo-actuator of said access control device (3) and/or integrates said access control device (3), or is mechanically connected to the access control device (3) and/or is configured for being electrically connected to a servo-actuator of said access control device (3).
  • the access control device (3) is a lock and/or a part of a lock and/or an openable turnstile or gate.
  • said authentication signal or code (20, 21 ) comprises a QR code and/or a visual code and/or an OTP alphanumeric code, and/or a single use password, and/or a time stamp.
  • the OTP alphanumeric code and/or the single use password are or comprise dynamic type codes.
  • the authentication signal or code is a code
  • (20, 21 ) is automatically generated by the portable electronic device (5) for the access to the structure (2) and/or at an approximation of the portable electronic device (5) to the control unit (4) and/or to the interface (4a).
  • said control unit (4) is also configured for extracting the access authorization code from the authentication signal (20, 21 ) within a predetermined time, and/or for retransmitting said access authorization code, without alteration, within a predetermined time, optionally wherein said predetermined time is an expiry time stored on said server (6).
  • said predetermined time is between 10s and 45s, more preferably between 20s and 30s or on intervals comprised between 5s, 10s and 15s.
  • said access authorization code is a dynamic code, having a predetermined and limited time validity, after which it is no longer usable for accessing said structure, optionally said dynamic code being cyclically regenerated by said server (6).
  • said access authorization code is a dynamic code, having a predetermined and limited temporal validity, after which it is no longer usable for accessing said structure, optionally said dynamic code being cyclically regenerated by said portable electronic device (5).
  • the code is regenerated cyclically at each said predetermined time interval, in particular with a predetermined time interval comprised between 10s and 45s, more preferably between 20s and 30s or on intervals between 5s, 10s and 15s.
  • the control unit (4) is configured for: at first automatically retransmitting said access authorization code received from the portable electronic device (5) to the server (6) and then for waiting for the reception of said authorization signal (10e) from the server (6).
  • control unit (4) is configured for extracting the access authorization code from the authentication signal (20, 21 ) within a predetermined time, and/or for retransmitting said access authorization code, without alteration, within a predetermined time.
  • said predetermined time is an expiry time stored on said server (6).
  • the interface (4a) to the portable electronic device (5) is, alternatively:
  • control unit (4) separated from the body of the control unit (4), and comprises a camera (4a) for optical code reading and/or a receiver suitable for receiving a radio signal comprising a predefined code; said interface (4a) being configured for being installed in a space outside the structure delimited by said access (2); or
  • control unit (4) is integrated into the body of the control unit (4), and preferably comprises a radio receiver stage.
  • the radio receiver is a short- distance communication receiver, optionally of NFC or Bluetooth type.
  • the radio signal is an encrypted radio signal.
  • control unit (4) comprises a memory, optionally a non-volatile memory, within which it is possible to store an electronic address of a user to which address the transmission of a control signal, said control signal being indicative of an access or an attempt to access the structure and being determined by the reception, by the control unit (4) and/or the interface (4a) of an access authorization code; said control unit (4) being configured for transmitting or causing the transmission of said access signal when the control unit (4) has received an access authorization code.
  • the system comprises a server (6), operatively connected to the control unit (4), optionally configured for being at least temporarily operatively connected to the portable electronic device (5).
  • the server comprises a memory, optionally a non-volatile memory, within which it is possible to store an electronic address of a user to which address the transmission of a control signal, said control signal being indicative of an access or of an attempted access to the structure and being determined by the reception, by the control unit (4) and/or the interface (4a) of an access authorization code; said server (6) being configured for transmitting said access signal when the control unit (4) has received an access authorization code.
  • the server (6) comprises:
  • a time counter configured for automatically carrying out at least one counting of time that elapses between a first time instant wherein the server (6) generates a random or pseudo-random number and/or an access authorization code to be transmitted to the portable electronic device, and a second time instant wherein the server (6) receives the access authorization code retransmitted by the control unit (4);
  • the system comprises a server (6), operatively connected to the control unit (4), having a data transceiver interface from and to the control unit (4) respectively;
  • said server (6) being configured for generating an OTP alphanumeric code, and/or a single use password, and/or a timestamp at the reception of an OTP alphanumeric code, and/or a single use password, and/or a timestamp retransmitted from the control unit (4) to the server (6);
  • said server (6) being configured for generating the authorization signal (10e), and for automatically transmitting the authorization signal (10e) to the control unit (4) when the OTP alphanumeric code generated by the server (6) is identical to the OTP alphanumeric code retransmitted from the control unit (4) to the server (6), and/or when the single-use password generated by the server (6) is identical to the single-use password retransmitted from the control unit (4) to the server (6) and/or when the timestamp generated by the server (6) is identical to the timestamp retransmitted from the control unit (4) to the server (6).
  • the server (6) is configured for generating the OTP alphanumeric code, and/or the single-use password, and/or the timestamp at the reception of an OTP alphanumeric code, and/or a single-use password and/or a timestamp/s retransmitted from the control unit (4) to the server (6) by electronically accessing a memory associated to the server (6) and accessing a seed stored in an account corresponding to the user profile (798) and/or of the portable electronic device (5) that has generated the authentication signal or code (20, 21 ).
  • said time counter is in particular configured for causing the transmission of the authorization signal from the server to the control unit only when the following conditions take place:
  • a time span between the first and the second time instant is shorter with respect to a predetermined value, said predetermined value being optionally stored in the server itself,
  • the access authorization code retransmitted by the control unit (4) to the server (6) is identical to a copy of the access authorization code stored on said server (6).
  • control unit (4) comprises a power control element, optionally a key, physical or electronic, which provides power to the data processing unit of the control unit (4) and/or to the control unit (4) in its entirety in a time limited manner, said control unit (4) being configured for making impossible to implement the access control device (3) and/or performing the retransmission of data to the server (6) and/or the reception of data from the server (6), without the activation of said power control element, optionally without pressing said key.
  • a power control element optionally a key, physical or electronic
  • control unit (4) comprises an electronic circuit that disables the power supply of the control unit (4) for a predetermined period of time, and optionally increasing at the number of failed access attempts, optionally when the authentication signal (20, 21 ), or part of it, transmitted from said portable electronic device (5) to the control unit (4) is incorrect or corrupted.
  • a method of authentication and access to structures or buildings comprises: - a step of approaching (900) of a portable electronic device (5) to a control unit (4),
  • step of authentication (904) of the portable electronic device (5) wherein the transmission of an authentication signal from the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlock system takes place, wherein said authentication signal (20, 21 ) comprises an access authorization code, said access authorization code being a dynamic code;
  • the server (6) carries out a transmission (907; 908) to said control unit, of alternatively one of the two following signals:
  • the system (1 ) comprises a server (6) operatively connected to the control unit (4) through a data interchange network and configured for being connected to at least one, preferably a plurality of, portable electronic devices (5).
  • the system (1 ) is configured for carrying out a pre-authentication (903) of the portable electronic device (5) wherein the server (6) is configured for generating and transmitting (10b) to the portable electronic device (5) an authorization code for the access to the structure, and the system (1 ) is further configured for carrying out an authentication (904) of the portable electronic device (5) subsequent to the pre-authentication (903), wherein in the authentication (904) the control unit (4) automatically retransmits the authentication signal or code (20, 21 ) to the remote server (6) and waits for an authorization signal (10e) from the server (6); the authentication (904) of the portable electronic device (5) taking place only if said pre-authentication (903) has been carried out.
  • the server (6) is configured for setting itself in a configuration of waiting for the generation request (902) of the authorization code for the access to the structure wherein the server (6) waits for a transmission of a request signal (10a) from the portable electronic device (5).
  • the server (6) is configured for automatically transmitting (10b) to the portable electronic device (5) said authorization code for the access to the structure after the reception of said request signal (10a).
  • the server (6) is configured for setting itself in waiting for a public key of encryption of a timestamp, and/or is configured for memorizing a public key of encryption of a timestamp, wherein the timestamp is transmitted by the portable electronic device (5) and is operatively associated to said authentication signal or code.
  • the public key of encryption of the timestamp is operatively associated to a specific and single portable electronic device (5).
  • the server (6) is configured for transmitting a plurality of public keys authorized for decrypting a timestamp to the control unit (4) and the control unit (4) comprises a memory within which it is stored at least said plurality of public keys.
  • control unit (4) is configured for causing the unlock of the access control device (3) at a correct decoding of a timestamp ciphered with a private key operatively associated to a determined portable electronic device (5) and deciphered with a public key of said plurality of public keys, stored in the control unit (4).
  • step of authentication (904) of the portable electronic device (5) wherein the transmission of an authentication signal or code (20, 21 ) from the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlock system takes place, wherein said authentication signal or code (20, 21 ) comprises an access authorization code;
  • step of verification wherein the server (6) electronically compares the access authorization code received by the control unit (4) with a secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) itself;
  • the server (6) carries out a transmission (907; 908) to said control unit (4), alternatively of one of the two following signals:
  • said authorization signal (10e) is transmitted only when the step of verification (906) ends with an identity result between the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) and the authentication signal or code (20, 21 ) and/or of the access authorization code received by the server (6).
  • the rejection signal is transmitted when the step of verification (906) ends with a lack of identity result, or of at least partial difference, between the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) and the authentication signal or code (20, 21 ) and/or of the access authorization code received by the server (6).
  • the unlock authorization signal can be transmitted by the server (6) to the control unit (4) when the access authorization code received by the control unit (4) and/or retransmitted by the latter to the server (6) is identical to the copy of the access authorization code temporarily stored on said server (6); the rejection signal is transmitted by the server (6) to the control unit (4) if the access authorization code received by the control unit (4) and/or retransmitted by the latter to the server (6) is different with respect to the copy of the access authorization code temporarily stored on said server (6).
  • the access authorization code is a dynamic code and/or comprises a single use password and/or an OTP code.
  • the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code is electronically generated, in said step of verification (906) by the server starting from a seed electronically retrieved by the server (6) in a memory operatively associated to it, wherein the seed is stored in an account previously created and associated, optionally uniquely associated, to the portable electronic device (5) and/or to a user (798) uniquely associated to said portable electronic device (5).
  • said server (6) in said step of verification (906) said server (6) generates a secondary version of said dynamic code and/or of the single use password and/or OTP code starting from said seed, and electronically compares the dynamic code and/or the single use password with the dynamic code and/or single use password received by the control unit (4).
  • step of pre- authentication comprising a reception of an access authorization code, wherein the portable electronic device (5) receives the access authorization code generated by the server, said pre-authentication taking place prior to the step of authentication (904).
  • the step of pre-authentication (903) comprises a transmission of a request signal (10a) or is anticipated by a step of request of code generation (902) to said server (6), wherein said transmission is carried out by the portable electronic device (5) and being addressed to said server (6).
  • the method comprises a step of generation of a timestamp by the portable electronic device (5) and comprises also a step of encryption of said timestamp through an asymmetric public/private key ciphering, the method comprising a step of introduction of the encrypted timestamp through said asymmetric ciphering in the authentication signal or code (20, 21 ).
  • the method comprises a decoding or an attempt of decoding of said timestamp sent by the portable electronic device (5) by means of a predefined public key, said decoding or attempt of decoding being carried out by the control unit (4), the unlocking of the access control device (3) being possible only in case of a correct decoding of said timestamp through a public key previously memorized on the server (6) and/or on the control unit (4).
  • the method comprises a step of transmission of at least one public key from said server (6) to the control unit (4).
  • the method comprises a step of generation of a timestamp by the portable electronic device (5) and of the transmission of said timestamp in association and/or within said authentication signal or code (20, 21 ); said method comprising a step of timestamp comparison, wherein the control unit (4) compares the timestamp received from the portable electronic device (5) with a time indication retrieved by the control unit (4) itself, and if a difference between the timestamp and the time indication is greater than a predefined time interval, the step of sending of the authentication signal or code (20, 21 ) and/or of the access authorization code, received from the control unit (4) to the server (6) is prevented.
  • the request signal (10a) comprises a hash of the current time of generation of the request signal (10a) itself.
  • the server (6) performs a comparison between a first time instant wherein the server (6) itself has generated and temporarily stored the access authorization code and a second time instant wherein to the server (6) arrives the access authorization code transmitted by the control unit (5) and/or wherein to the control unit (4) arrives the access authorization code transmitted by the portable electronic device (5).
  • the method comprises a step of storage of at least an account uniquely associated to a user (798) in a memory operatively connected to said server (6) and a subsequent step of storage, in said account, of at least a limited validity authorization code, usable for a predefined number of times, and wherein in said step of verification (906), the server (6) electronically compares a limited validity code received from, and/or read through, the control unit (4) with a limited validity code previously stored in said account, and sends the authorization signal (10e) for the unlocking of the access control device (3) to the structure (2) through the control unit (4) if the comparison result proves identity between the two limited validity authorization codes; said method comprising a step of reduction of the number of times wherein said limited validity authorization code can be used and/or comprising a deletion of said limited validity authorization code from said account.
  • the access authorization code transmitted by the control unit (4) to the server (6) is identical to the access authorization code stored by the server (6), it is carried out the transmission to said control unit of the authorization signal for unlocking an access control device through the control unit;
  • the server (6) after the transmission of the request signal (10a), the server (6) carries out a procedure of generation of a random or pseudo-random number on which basing the generation of the access authorization code, and carries out a step of lasting time counting for a predetermined time interval, after which the access authorization code is no longer usable and/or is replaced and/or after which it automatically generates a new random or pseudo-random number and/or a new access authorization code, said step of time counting determining the first time instant, said time interval being determined by the time distance between the first time interval and the second time interval.
  • the server (6) when the server (6) receives the authentication signal or code (20, 21 ) and/or the access authorization code that has/have been transmitted from the control unit (4), to the server (6) itself, it generates a plurality of possible secondary versions of the authentication signal or code (20, 21 ) and/or of the access authorization code, on the basis of said seed, starting from said base time instant to, in the time intervals [(to-At) ⁇ (to+At)] where At is a predetermined time instant;
  • said server (6) transmitting said authorization signal (10e) only if at least one of the possible secondary versions of said plurality of possible secondary versions of the authentication signal or code (20, 21 ) and/or of the access authorization code, on the basis of said seed, starting from the said base time to, in the time intervals [(to-At) ⁇ (to+At)] coincides with the authentication signal or code (20, 21 ) and/or the access authorization code that has/have been transmitted from the control unit (4) to the server (6) itself.
  • a transmission of the authorization code for the access to the portable electronic device is automatically carried out.
  • the step of verification (906) is followed by the transmission of the authorization signal for the unlocking of an access control device (3) only when this verification is carried out within the predetermined time frame and only when the access authorization code transmitted by the control unit is equal to the access authorization code generated by the server (6).
  • the method comprises a step of activation of an actuator of the access control device (3), optionally of said lock (3), said actuator being contained within the body of said control unit (4) and acting directly on the access control device (3), optionally on said lock (3), said activation taking place after the transmission of the authorization signal for the unlocking of the access control device (3), optionally on said lock (3).
  • At least a deadbolt of said lock (3) is moved to eliminate the removable joint of said access with the portion of said structure.
  • the transmission of the access authorization code from the server (20, 21 ) to the portable electronic device (6) takes place within said predetermined time frame and/or within the second time instant.
  • said access authorization code comprises a visual code, in particular a QR code
  • said authentication signal is a light signal and/or a representation of said visual code, in particular said QR code, on a display (5d) of said portable electronic device (5).
  • the interface (4a) to the portable electronic device (5) comprises a camera, said method comprising the positioning of the portable electronic device (5) in correspondence of said camera (4a), so that said camera can read the visual code, in particular said QR code, from the display of said portable electronic device (5).
  • the interface (4a) comprises an optical and/or radio receiver stage.
  • said receiver stage and/or said interface (4a) comprises, in particular, a radio receiver configured for receiving a radio signal incorporating said access authorization code; said method comprising a reception stage of said radio signal transmitted by the portable electronic device so that the control unit receives said access authorization code.
  • said method comprises receiving a control signal on an input of the control unit (4), said control signal being a signal of start and/or end of access to that structure; said method comprises the inhibition of the transmission of said authorization signal for the unlocking of an access control device (3) through the control unit (4), and/or the activation of the actuator when said control signal is configured in an inhibition configuration, said inhibition configuration being optionally present before a check-in date of a user within that structure.
  • said unlock authorization signal is a signal with a first hierarchy
  • the control signal is a signal with a second hierarchy lower than the first hierarchy.
  • the method comprises a step of transmission of an access signal to the structure, said transmission being carried out either by the control unit (4), or by the server (6) with the permission of the control unit (4), at the transmission of an access authorization code from a portable electronic device (5) to the control unit (4) and/or at the verification of the identity between the access authorization code transmitted to the control unit (4) from the portable electronic device (5) to the control unit (4) or retransmitted from the control unit (4) to the server (6) and the access authorization code temporarily stored on the server (6).
  • the transmission of said access signal takes place towards a predetermined recipient, optionally towards a recipient whose address is previously stored in a memory of the control unit (4) and/or of the server (6).
  • a software program is described here, suitable for being executed by a computer; said software program comprising portions of code which, when executed, cause the execution of the steps of the method according to one or more of the present aspects.
  • step of authentication (904) of a portable electronic device (5) wherein a reception of an authentication signal transmitted by the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlocking system takes place, wherein said authentication signal (20, 21 ) comprises an access authorization code, said access authorization code being a dynamic code;
  • said software causes the execution of a step of verification (906), wherein the server (6) electronically compares the access authorization code received from the control unit (4) with an original version of the access authorization code;
  • reception takes place after the step of verification (906) and wherein said one of the two previous signals is transmitted by the server (6).
  • non-transient memory medium comprising said software program
  • step of authentication (904) of a portable electronic device (5) wherein the transmission of an authentication signal takes place from the portable electronic device (5) to an interface (4a) of a control unit (4) of an access unlocking system, wherein said authentication signal (20, 21 ) comprises an access authorization code, where the access authorization code is a dynamic code and wherein the step of authentication (904) takes place after a step of approaching (900) of a portable electronic device (5) to the control unit (4);
  • step of verification wherein the server (6) electronically compares the access authorization code received from the control unit (4) with an original version of the access authorization code
  • the server (6) transmits (907; 908) to said control unit, alternatively one of the two following signals:
  • the use of the system and/or the use of the method according to one or more of the preceding aspects for the access to structures is described, said structures optionally comprising at least one among the buildings in the following list: houses, warehouses, apartments, cottages, hotels, motels, bed and breakfast, sanitary structures and/or parts or rooms of sanitary structures, security areas, detention centers, police stations, shelters, train cabins, bathing and/or spa structures.
  • FIG. 1 illustrates a simplified scheme of a first form of realization of a system subject of the present disclosure
  • FIG. 2 illustrates a simplified scheme of a second embodiment of the system subject of the present disclosure
  • FIG. 3 shows a scheme representing a data transceiving part between a portable electronic device and a control unit according to the first embodiment of the system here described;
  • FIG. 4 shows a scheme of a data transceiving part between a portable electronic device and a control unit according to the second embodiment of the system here described;
  • FIG. 5 shows a simplified time diagram, where it is represented a time scale indicating a first and a second time value, which together define a time interval within which an access authorization code, temporarily stored on a server memory, must be retransmitted to the latter;
  • FIG. 6 illustrates a flowchart illustrating some steps of a process of data exchange between a portable electronic device of a user, a control unit part of the system object of the present disclosure, and a server also part of the same system;
  • FIG. 7 illustrates a flowchart, illustrating some steps of a process of booking a structure according to a first alternative configuration in which the user is not profiled
  • - Figure 8 illustrates a flowchart, illustrating some steps of a booking process of a structure according to a second alternative configuration in which the user is profiled;
  • FIG. 9 illustrates a simplified scheme, in which the subjects involved in the booking of said structure are identified
  • FIG. 10 illustrates a temporal relational diagram, from which the information exchange flows between the subjects involved in the booking of the structure according to the first configuration can be deduced;
  • FIG. 11 illustrates a temporal relational diagram, from which the flows of information exchange between the subjects involved in the booking of the structure according to the second configuration can be deduced;
  • FIG. 12 illustrates a schematic illustration of a further embodiment of the present invention.
  • FIG. 13 illustrates a block diagram that partially illustrates the functionality of the other embodiment previously described.
  • FIG. 1 With reference to Figure 1 , with the reference number 1 is overall indicated a structure accesses unlocking system. According to the present disclosure, it is intended for accesses doors or portals, or windows, or entrances allowing individuals or vehicles to access a structure.
  • a door 2 having an access control device 3, in particular and non-limiting a lock, which engages in a 2 m portion of the wall in front of it.
  • the access control device 3 is equipped with at least one movable deadbolt between a first position wherein it releases the door 2 from the engagement with the 2 m portion of the wall and a second position wherein it engages the door 2 with said 2 m portion of the wall, in particular by constraining the door in a predetermined position.
  • the access control device can, alternatively and non-exhaustively, be an opening doorway and/or a turnstile.
  • the system 1 subject of the present invention comprises at least one control unit 4, provided with an interface 4a to a portable electronic device 5 provided to the user, in particular the user who wishes to open the door 2 through the system here described.
  • the interface 4a is in particular configured for detecting the presence of a portable electronic device 5, e.g. via a proximity sensor or directly via the interface 4a.
  • the portable electronic device 5 can be any telephone equipped with technology allowing data exchange via wireless network or cellular radio network, or a transceiver, or a portable computer or tablet PC.
  • a software program (or application) is conveniently installed on such a telephone or computer or tablet that performs determined predefined steps to carry out the method that is the subject of the present disclosure.
  • the portable electronic device 5 can also be a short-distance radio communication device of the active type, or alternatively of the semi-active or passive type.
  • the device of passive type can be preferably equipped with a ROM to store an appropriate code, comprising for example an emergency code for operating the access control device 3.
  • Protocols and/or standards usable for radio communication can be non-exhaustively Bluetooth, in particular BLE, or NFC, or ZigBee, ISO 14443 and/or ISO 15693 protocol for contactless smartcards.
  • the use of a short-distance communication protocol reduces the risk of fraudulent interception of communications by third parties, and therefore contributes to the security of the system here described.
  • the control unit 4 is configured for being operatively connected to a server 6, which is typically installed remotely with respect to the control unit 4.
  • "connected operatively” or “operatively connected” means a control unit 4 connected by wired or wireless data transmission between the server 6 and the control unit 4 itself.
  • the data transmission can be either wired or wireless, e.g. a radio channel.
  • the portion of the control unit 4 that is responsible for managing the exchange of data with the server 6 is defined server interface 4c.
  • control unit 4 comprises an actuator, or servo actuator or servomechanism, indicated with reference number 8, which is mechanically interfaced with the access control device 3 in order to allow its movement between open configuration and closed configuration and/or in order to allow at least temporary switching between a first configuration wherein the access to the structure 2 is prevented and a second configuration wherein the access to the structure 2 is allowed for at least a user.
  • actuator or servo actuator or servomechanism
  • the actuator can comprise an electro-actuated solenoid, e.g. integrated in a relay, which e.g. controls the opening of the lock latch and/or temporarily releases during its excitation the lock of a turnstile.
  • control unit 4 can conveniently be equipped with a physical security device to prevent attacks by malicious users.
  • control unit 4 can be equipped with a key, physical or electronic, that provides power to the data processing unit of the control unit 4 in a timed manner, without the pressure of which it is not possible to carry out the retransmission of the data to the server 6 and/or it is not possible to receive data from the server 6 according to one or more portions of the present disclosure and/or an electronic circuit that disables the power to the control unit 4 for a predetermined period of time, and optionally increasing to the number of failed access attempts.
  • a first transmission is indicated with reference 10a, and is a transmission of a request signal which takes place from the portable electronic device 5 to the server 6.
  • this transmission takes place when, more precisely after, the recognition or identification of a portable electronic device 5 by the control unit 4.
  • a second transmission is indicated with reference 10b, and is a transmission of an access authorization code from the server 6 to the portable electronic device 5 that has carried out the request.
  • the second transmission 10b takes place after the first transmission 10a, and takes place preferably automatically; both the first transmission 10a and the second transmission 10b take place at least partly on a wireless transmission channel, in particular at least partly on a mobile cellular radio channel and/or on a radio channel of a wireless local area network. This allows to have much flexibility in establishing the authentication request with the server in terms of the positioning of the portable electronic device 5.
  • a third transmission is a transmission of the authorization code for the access to the structure from the portable electronic device 5 to the control unit, and in particular to interface 4a of the control unit. If no anomaly is found, the access authorization code transmitted from the server 6 to the portable electronic device 5 is identical to the access authorization code that the portable electronic device 5 transmits to the interface 4a of the control unit. Otherwise, if there are anomalies, or in the event of a fraud attempt, this code can also be different.
  • a fourth transmission is indicated with reference 10d, and is a retransmission of the access authorization code received from the control unit 4. The control unit retransmits this code, in particular without alterations, to the server 6.
  • a fifth transmission is indicated with the reference number 10e and is a transmission of alternatively either an authorization signal for the unlocking of the access control device 3 or of a denial signal for the unlocking of the access control device 3.
  • the transmission of the authorization signal for the unlocking of the access control device 3 or of the denial to the unlocking of the access control device 3 depends on a comparative verification that the server 6 is configured for automatically carrying out.
  • the access authorization code is automatically and temporarily stored in the memory of the server 6 and is retained for at least the time necessary for the second transmission 10b, the third transmission 10c, and the fourth transmission 10d to take place.
  • the transmission of the access authorization signal for the unlocking of the access control device 3 is the result of a comparison of equality.
  • the control unit 4 is in the form of a single body installed at door 2 and in particular in proximity of the access control device 3; in this case, the interface 4a to the portable electronic device 5 is preferably a wireless interface, in particular a radio interface.
  • the access authorization code is therefore a code transmitted in an authorization signal transmitted from the portable electronic device 5 to the interface, which then extracts the code from said signal.
  • the interface 4a is an interface comprising a camera or equivalent means of recording.
  • the body of the control unit 4 is separated from the interface 4a: while the latter is installed in front of the door 2, and is therefore accessible from outside the structure, the body of the control unit 4 is positioned within the door 2, or in any case behind it, so as to be more difficult to access.
  • the camera is configured for capturing an image contained on the display 5d.
  • the access authorization code on the portable electronic device 5 is therefore a visual code and preferably, though non-limiting, a code of QR type.
  • This visual code can be an always valid code, with unlimited validity over time and/or for an indefinite number of accesses, or a code with limited validity, usable only for a finite number of times, greater or equal to one.
  • This code is a static code.
  • This configuration advantageously allows reducing the generation of radio signals and makes the transmission of the access authorization signal difficult to detect by malicious persons.
  • This configuration also allows the management of security operations and/or emergency situations as described in the subsequent part of the patent application.
  • the operational connection between the body of the control unit 4 and the interface 4a can be on wired or wireless channel.
  • one of the peculiarities of the system subject of the present disclosure is that after the second transmission 10b, the server 6 performs the generation an ideally pure random number, or at least an opportunely inseminated pseudo-random number, through which it generates a copy of the access authorization code and transmits it to the portable electronic device 5.
  • This code is temporarily stored for a predetermined period of time, e.g. and non-limiting to comprised between 10s and 45s, even more preferably between 20s and 30s, on a server memory.
  • the instant of storage of the access authorization code on the server 6, or its generation equivalently corresponds to a first and predefined time instant ti.
  • the access authorization code on the server 6 is generated on the basis of a first random or pseudo-random RNDi number.
  • the control unit 4 transmits to the server 6 the copy of the access authorization code previously received by the transmission carried out from the portable electronic device 5, and this retransmission takes place at a second time instant t2, it is verified whether the access authorization code stored on the server is identical to the one retransmitted by the control unit, and if so, the fifth transmission 10e is carried out with an authorization signal for the unlocking of the access control device 3.
  • the server 6 also verifies whether the retransmission is carried out within the predefined time period tmax, which is provided for security.
  • Figure 5 shows in particular a configuration wherein the retransmission at the second time instant t2 takes place within the predefined time period tmax. If, in fact, fraud attempts are made, it is easy for them to occur by retransmitting the access authorization code well beyond the default time period t m a X ; the server 6 is automatically configured for generating a new random or pseudo-random RND2 number, and thus a new access authorization code, and for deleting the previously generated one from memory.
  • the access authorization code here described is defined as a dynamic code, i.e. a code that varies over time.
  • the first transmission 10a takes place via a request signal that contains a hash of the current time and an access key also known to the server 6.
  • This hash is a hash according to the SFIA3 standard. This allows to increase the computer toughness of the system to hacking attempts.
  • the control unit 4 allows the access to the structure only under certain conditions, while in others it prevents the access to the structure 2 by not acting on the access control device 3.
  • the control unit 4 is configured for receiving a control signal of the start and end of the access to the structure.
  • This signal is placed in a hardware or software input of the control unit, and depending on its typology, it allows enabling or disabling the control of the opening of the access control device 3 through the actuator of the control unit 4 independently from the reception of a correct access authorization code.
  • this control signal is at a higher hierarchical level than the reception (possibly in the correct time) of the access authorization code.
  • control unit 4 is introduced into a wider reservation management system, where it is desirable that the user does not have access to the structure outside predetermined dates. For this reason, when the control signal signals the start of access to the structure, the implementation of the access control unit 3 is possible and takes place as described here. Otherwise, when the control signal signals the end of access to the structure, the implementation of access control device 3 is made impossible.
  • the control signal can signal the start or end of access to the structure, e.g. with a value equal to zero or different from zero respectively, or with a different coding and/or modulation between the start condition and the end condition of access to the structure.
  • the control unit 4 can optionally comprise a memory, on which is stored at least one address, in particular an electronic address, of a user - in particular, as it will be better explained in the following portion of the description - a host managing the structure to which access is to be gained.
  • the control unit 4 Upon reception of an access authorization code, transmitted by the portable electronic device 5, the control unit 4 retrieves the saved electronic address and transmits an access message to the predetermined user. It should be noted that the transmission can take place either without checking whether the access authorization code is valid and/or transmitted in due time, or with control of the latter case, e.g. and non-limiting by differentiating the typology of the message transmitted (message having attempting access with incorrect code, or access made with valid code).
  • control unit will be responsible for notifying to the server the access or attempted access through an appropriate signal, and the server 6 will be responsible for transmitting to the user, whose electronic address has been stored in the memory, the notification of the access in the manner above described.
  • control unit 4 it is therefore possible to carry out a method of authentication and access to structures or buildings, which first comprises a step of approaching (shown in figure 6 with reference number 900) of a portable electronic device 5 to the control unit 4 itself, followed by other steps as here described.
  • a step of code generation request (indicated with reference number 902) to the server 6 takes place, wherein a transmission of the request signal 10a to the server 6 takes place, and wherein the transmission is carried out by the portable electronic device 5 associated to the user.
  • a request signal 10a which comprises a hash of the current time of generation of the request signal itself.
  • the server 6 After the transmission of the request signal 10a, the server 6 performs a procedure of generation of a random or pseudo-random number on which basing the generation of the access authorization code, and carries out a step of time counting lasting for a predetermined time interval, after which the access authorization code is no longer usable and/or is replaced and/or after which it automatically generates a new random or pseudo-random number and/or a new access authorization code.
  • the step of time counting determines the first time instant ti, and the time interval is determined by the time distance between the first time interval ti and the second time interval t2 which corresponds to the time instant when the server 6 receives the copy of the access authorization code retransmitted by the control unit 4 downstream of the transmission carried out by the portable electronic device 5 and/or which corresponds to the time instant when the control unit 4 receives this access authorization code from the portable electronic device 5.
  • the time of retransmission of the access authorization code from the control unit 4 to the server 6 equal to zero.
  • a transmission of the access authorization code to the portable electronic device 5 is automatically carried out.
  • the transmission takes place as quickly as possible, and takes place within said predetermined time interval and/or within the second time instant t2.
  • a reception of an access authorization code takes place, wherein the portable electronic device 5 receives the access authorization code generated by the server 6; this reception effectively ends the step of pre authentication and enables the step of authentication indicated with reference number 904, wherein the portable electronic device 5 is authenticated on the control unit 4 when the user wishes to access the structure.
  • step 904 of the portable electronic device 5 wherein the transmission of an authentication signal 20, 21 takes place from the portable electronic device 5 to the interface 4a of the control unit 4, where the authentication signal 20, 21 comprises an access authorization code of dynamic type, as it varies over time in the ways above described.
  • a step of verification is carried out, which is referred to with reference number 906.
  • the server 6 electronically compares the access authorization code received from the control unit 4 with an original version of the access authorization code.
  • the server 6 carries out a comparison between a first time instant when the server 6 itself has generated and temporarily stored the access authorization code and a second time instant when to the server 6 arrives the access authorization code transmitted by the control unit 4 and/or wherein to the control unit 4 arrives the transmission of the access authorization code from the portable electronic device 5. If the time interval between the first time instant and the second time instant is shorter than a predetermined value:
  • the transmission of the rejection signal to said control unit is carried out, which prevents the opening of said lock 3 through the control unit 4.
  • the server 6 After the step of verification 906, the server 6 carries out a transmission (indicated with reference numbers 907; 908) to said control unit, of alternatively one of the following two signals: - an authorization signal for the unlocking of an access control device 3 through the control unit 4; or
  • step of verification 906 is followed by the transmission of the unlocking authorization signal of an access control device 3 only when this verification is carried out within the predetermined time frame and only when the access authorization code transmitted by the control unit 4 is equal to the access authorization code generated by the server 6.
  • said access authorization code comprises and/or is associated to a visual code, in particular a QR code
  • said authentication signal is a light signal and/or a representation of said visual code, in particular said QR code, on a display 5d of the portable electronic device 5.
  • the interface 4a to the portable electronic device 5 comprises a camera, and there is a step comprising the positioning of the portable electronic device 5 in correspondence of said camera 4a so that said camera can read the visual code, in particular said QR code, from the display of the portable electronic device 5.
  • the access authorization code is an alphanumeric code
  • this alphanumeric code is transmitted by radio, and therefore the transmission of a radio signal takes place on a wireless channel between the portable electronic device 5 and the interface 4a, which comprises a radio receiver.
  • the radio receiver stage is configured for receiving a radio signal incorporating said access authorization code; this method comprising a step of reception of said radio signal transmitted by the portable electronic device such that the control unit receives said access authorization code.
  • the radio signal can be an ciphered and/or encrypted radio signal in such a way that only the control unit 4 actually receiving it can decode it.
  • Software programs can also be carried out on the server to manage a user's reservation; such software programs can either be stand-alone programs, or be integrated, for example through a subroutine, into the program that manages the user authentication through the portable electronic device 5 according to the preceding description.
  • - control body 796 e.g. and non-limiting, a police or public security command, or police Headquarters or Prefecture, or a registry or government identity management department, which holds identity data of a plurality of subjects, which is provided with an information system suitable for sending at least a confirmation data of identity data of one or more of these subjects after a request order for verification from an external body or system;
  • - host 797 which is the natural or legal person who manages the structure 2 to which users can access and who preferably has means - for example a personal computer - to receive electronic bookings from one or more external booking sources (for example, and non-limiting, Booking, Airbnb, etc.);
  • - user 798 which is the subject who accesses the structure 2, and in particular is the subject equipped with the portable electronic device 5;
  • - external booking source 795 which is conceived to manage electronic bookings of a plurality of structures by receiving electronic data of the Applicant, possibly a payment, dates and/or times of check-in and check-out; for example and non-limiting this structure can be AirBnB or Booking.
  • the Applicant has conceived a particular embodiment in which the user is profiled.
  • the host 797 receives a booking from a user 798 through an external booking source 795.
  • the user 798 checks in online, using the platform of the booking source external to the system, by introducing its private data that allow the sending of a specific signal containing a key to access the system.
  • This private data can comprise, for example, an e-mail address or telephone number, preferably associated to the portable electronic device 5 equipped to the user.
  • the user 798 receives an electronic key from the host 797 through the sending of a specific signal to the portable electronic device 5, e.g. via email or SMS.
  • the system subject of the present disclosure comes into play, which first (in a step indicated in Figure 7 with reference number 803), and automatically, immediately after the sending of the electronic key to the portable electronic device 5, generates a collection of data of the user 798 which are sent to the control body 796 and then, albeit optionally, generates an invoice, in particular an electronic invoice concerning the residence tax (step indicated in Figure 7 with reference number 804).
  • the system subject of the present disclosure On the basis of data obtained from the external booking source, the system subject of the present disclosure also receives data relating to the check- out of the user 798, in particular the date of check-out. On the basis of these data, the system subject of the present disclosure can optionally automatically generate booking requests for the cleaning of the structure 2 to which the user 798 has access. These data are automatically sent ( Figure 7, reference number 805) to a structure cleaning company or to a person in charge of cleaning structure 2.
  • the system subject of the present disclosure also generates the random and/or pseudo-random number as previously described.
  • the generation of the random number is carried out when the user 798 approaches the access control device 3 for the first time.
  • the booking management program can include an electronic chat, where the host 797 and the user 798 can contact each other; this facilitates the access to the structure 2 should the user 798 encounter any problems of any kind.
  • control unit 4 can be configured for interfacing with the program here described so that for each access carried out by the user 798 to the structure through the opening of the access control device 3 through the portable electronic device 5, the host 797 is alerted by means of the sending of an appropriate signal, preferably an access signal transmitted for example on a wireless channel; in this way the host 797 is constantly informed of the moment of the access by the user 798.
  • This control signal can also be sent if there is an attempt to access the structure 2 with an access authorization code which is either incorrect or is transmitted to the control unit 4 after the predetermined time frame and/or after the second time instant t2.
  • the host 797 is able to get immediate information about unauthorized or otherwise non-compliant attempts to access the structure and can possibly take measures such as contacting a private security services control centre.
  • the control unit 4 can preferably receive from the server 6 a control signal for the start and end of access to the structure, and this signal is transmitted when the current date, and/or the current date and time exceed the date - respectively the date and time - set for the check-out in the booking made at the external booking source. In doing so, when the control unit 4 has received the termination signal of the access to the structure, even admissible access authorization codes are no longer accepted, and the implementation of the opening of the access control device 3 by the control unit 4 is uninhibited. This ensures that users 798 cannot access the structure 2 for longer than expected. Clearly, when the user 798 attempts to access the structure prior to the date, respectively date and time, of check-in, the control unit 4 will be configured again to prevent the opening of the access control device 3.
  • the host 797 can also access the program here described to manage its structure(s), and preferably does so through a transmission of a management authorization code of a dynamic type, which in a preferred but non limiting embodiment, is modified every time interval comprised between 10s and 45s, more preferably every 20s-30s.
  • FIGs 8 and 11 An alternative embodiment for the program here described is characterized by carrying out a user profiling.
  • This alternative implementation is represented in diagrams in Figures 8 and 11.
  • a software application is provided to be installed on the portable electronic device 5 of the user 798.
  • the selection of the structure no longer takes place through the passage from the external booking source to the system here described, but directly through this software application.
  • a first step indicated in Figure 8 with reference number 810 comprises the download of a software application on the portable electronic device 5.
  • the user 798 selects the structure of interest by means of the software application installed on his/her portable electronic device 5, and at the time of selection (block 811 , figure 8), the user decides (block 812, figure 8) the check-in and check-out dates that will determine the enabling and - respectively - disabling, of the opening of the access control device 3 by means of the control unit.
  • the software program that is run on the server upon the reception of an appropriate occurred booking confirmation signal, generates a collection of data of the user 798 which is sent to the control body 796 (step indicated in figure 8 with reference number 803) and subsequently, although optionally, generates an invoice, in particular an electronic invoice for the residence tax (step indicated in figure 8 with reference number 804).
  • this sending is represented with a first arrow between the software application and the control body 796 and a second arrow between the server 6 and the control body.
  • the sending can be totally managed through the software program that is carried out on the server 6 or, alternatively, can be controlled upstream by an approval signal of the sending transmitted by the application itself.
  • the system subject of the present disclosure On the basis of the data obtained from the external source of bookings, the system subject of the present disclosure also receives data relating to the check-out of the user 798, in particular the date of check-out. On the basis of these data, the system subject of the present disclosure can optionally automatically generate booking requests for the cleaning of the structure 2 to which the user 798 accesses. These data are automatically sent ( Figure 8, reference number 805) to a structure cleaning company or to a person in charge of carrying out the cleaning of the structure 2.
  • the system subject of the present disclosure also generates the random and/or pseudo-random number as above described.
  • the random number is generated when the user 798 approaches the access control device 3 for the first time.
  • the booking management program can comprise an electronic chat, where the host 797 and the user 798 can contact each other; this facilitates the access to the structure 2 should the user 798 encounter any problems of various kind.
  • control unit 4 can be configured for interfacing with the program here described so that at the time of each access made by the user 798 to the structure through the opening of the access control device 3 through the portable electronic device 5, the host 797 is alerted by the sending of an appropriate signal, preferably a periodic control signal transmitted for example on a wireless channel; in this way the host 797 is constantly informed of the moment of access by the user 798.
  • This control signal can also be sent if there is an attempt to access the structure 2 with an access authorization code which is either incorrect or is transmitted to the control unit 4 after the predetermined time period and/or after the second time period t2.
  • the control unit 4 can preferably receive from the server 6 a control signal of start and end of access to the structure, and this signal is transmitted when the current date, and/or the current date and day time, exceed the date - respectively the date and time - set for the check-out in the booking made at the external booking source.
  • this signal is transmitted when the current date, and/or the current date and day time, exceed the date - respectively the date and time - set for the check-out in the booking made at the external booking source.
  • the host 797 can also access the program here described to manage its structure(s), and preferably does so through a transmission of a control authorization code of dynamic type, which in a preferred but non-limiting embodiment, is modified every time interval comprised between 10s and 45s, more preferably every 20s-30s.
  • a control authorization code of dynamic type which in a preferred but non-limiting embodiment, is modified every time interval comprised between 10s and 45s, more preferably every 20s-30s.
  • the embodiment without user profiling allows greater flexibility since it is based on external structures already managed and tested, the embodiment with user profiling advantageously allows a higher treatment efficacy of the electronic identity of the user by the system subject of the present disclosure.
  • Parts of the process described herein can be implemented by means of a data processing unit or control unit, technically replaceable by one or more computers designed to carry out a portion of software program or firmware loaded on a memory medium.
  • Such software program can be written in any programming language of known type. If the number of computers is two or more, they can be connected to each other by means of a data connection in such a way that their computing power is shared in any way; the computers themselves can therefore also be installed in geographically different locations, creating a distributed computing environment by means of the above-mentioned data connection.
  • the data processing unit, or control unit can be a general purpose type processor specifically configured for carrying out one or more parts of the process identified in the present disclosure through the software or firmware program, or be an ASIC or dedicated processor or an FPGA, specifically programmed to carry out at least part of the process operations described herein.
  • the memory medium can be non-transitory and can be internal or external to the processor, or control unit, or data processing unit, and can - specifically - be geographically located remotely with respect to the computer.
  • the memory medium can also be physically divided into multiple portions, or in the form of a “cloud”, and the software program or firmware can be physically stored on geographically divided portions of memory.
  • a distributed computing environment can be designed, which according to what has been described so far is configured for carrying out the following steps:
  • step of authentication 904 of a portable electronic device 5 wherein takes place the transmission of an authentication signal from the portable electronic device 5 to an interface 4a of a control unit 4 of an access unlocking system, wherein said authentication signal 20, 21 comprises an access authorization code, wherein the access authorization code is a dynamic code and wherein the step of authentication 904 takes place after a step of approaching 900 of a portable electronic device 5 to the control unit 4;
  • the server 6 carries out a transmission 907; 908 to said control unit, alternatively of one the following two signals:
  • an account 6a is created on the server 6 for each user 798 on which a seed generated through a pseudo-random number (ideally a random number) is stored.
  • This seed is transmitted, preferably automatically, to a software application installed on the portable electronic device 5 supplied to the user 798.
  • the transmission preferably takes place at the time of the account generation (step indicated with the reference number 1000).
  • a first step (schematically represented by arrow 1001 ) the user 798 approaches the portable electronic device 5 to the interface 4a of the control unit 4, and transmits an authentication signal which comprises an OTP code and optionally a timestamp generated by the portable electronic device 5 itself.
  • OTP code is intended a single use password, i.e. a password which is only valid for a single access session.
  • the use of OTP allows the reduction of the risk of system hacking.
  • for timestamp is intended a time mark with a sequence of characters that represent an indicative date and/or time of the occurrence of a predetermined event (in the above described case, the instant of generation and/or of the transmission of the authentication signal).
  • the timestamp follows the ISO 8601 standard, and therefore comprises both a complete date indication and a current time indication.
  • the OTP code represents a pseudo-random first number, or alphanumeric sequence RNDi.
  • the control unit 4 receives this authentication signal, it retransmits (step indicated by the arrow 1002) the OTP code and, optionally, the timestamp, to the server 6.
  • the transmission to the server 6 takes place immediately after the reception of the authentication signal by the control unit 4.
  • the control unit 4 can also itself carry out a comparison between the timestamp received from the portable electronic device 5 and a time indication found by itself, carrying out an electronic matching check. In case the time difference between the time of the timestamp transmitted by the portable electronic device 5 and the time indication is greater than a predetermined time period, e.g. more than 5s, or more than 10s, or more than 15s, the control unit 4 provides for automatically transmitting a rejection of the OTP transmitted by the portable electronic device 5, which will therefore not be transmitted to the server 5.
  • a predetermined time period e.g. more than 5s, or more than 10s, or more than 15s
  • the timestamp operatively associated to the authentication signal or code is digitally signed by the user, and in particular it is digitally signed with the portable electronic device 5 of the user.
  • This digital signature comprises two keys:
  • the public key is in any case operatively associated to a specific and single portable electronic device 5, so that logical pairs [d, - q] are made between an i-th portable electronic device and an i-th public key q.
  • each portable electronic device 5 is operatively associated to its own private key.
  • the server 6 contains (or is operatively associated therewith) a memory in which a plurality of public keys is stored. These public keys can be shared with the control unit 4. In a particular and non-limiting embodiment, at least a part of these public keys is cyclically, or anyway at least once, transmitted to the control unit 4, which in turn stores a plurality of public keys. This allows the correct decryption of the timestamp through an appropriate public key even if there is no possibility of operational communication between the control unit 4 and the server 6.
  • the control unit transmits the timestamp to be decrypted to the server 6 or, alternatively, that the server 6 transmits the correct public key to the control unit 4, and if the operating communication is not possible (for example due to a fault in the WAN, LAN network or similar that connects the server 6 with the control unit) the decryption cannot take place, with the consequent impossibility of unlocking the lock. Otherwise, if a plurality of multiple public keys is stored on the control unit, the permanence and integrity of this operational communication is no longer necessary at the specific time of decryption.
  • an authentication method comprises the introduction of the timestamp (operatively associated to the authentication signal or code 20, 21 , and encrypted as above described through asymmetric public/private key encryption), into the authentication signal or code that the portable electronic device 5 transmits to the control unit 4.
  • the above mentioned step of introduction follows a step of generation of said timestamp by the portable electronic device 5.
  • the method comprises a decryption (or at least a decryption attempt) of the timestamp sent by the portable electronic device 5 by means of a predefined public key, and this decryption (or decryption attempt) is carried out by the control unit 4.
  • the unlocking of the lock with the authorization signal 10e for the unlocking is thus only possible in case of a correct decryption of the timestamp by means of a public key present on the server 6 and/or on the control unit.
  • the method comprises a step of download of a plurality of public keys from the server 6 to the control unit 4, and can optionally comprise new downloads or cadenced updates (at predetermined time intervals, e.g. once a week) of at least part of the public keys stored in the operatively accessible memory of the server 6 to the control unit 4.
  • this second OTP code represents a pseudo-random number or alphanumeric sequence, RND2.
  • RND2 pseudo-random number or alphanumeric sequence
  • the connection between the control unit 4 and the server 6 takes place with the establishing of an encrypted end-to-end communication, preferably using a TLS or SSL algorithm.
  • the server 6 also identifies the control unit 4 that has carried out the transmission: if TLS or SSL algorithms are used, this identification takes place by means of the security certificate specific to these algorithms.
  • Id_serr1 In order to identify the control unit 4, on the server 6 are stored different identification codes Id_serr1 , Id_serr2, Id_serr3, each of which relates to a respective control unit 4. These identification codes are schematically represented by reference 6b.
  • the server then accesses the memory and verifies whether for the determined control unit 4 there are access reservations for the structure 2. If not, it sends a denial command. If the OTP code generated by the server 6 is identical to the OTP code generated by the portable electronic device of the user 798, then the server 6 transmits to the control unit the authorization signal 10e for the opening of the access control device 3. This operation is schematically represented by the arrow 1004. Otherwise, a denial signal is transmitted.
  • the server 6 verifies whether the OTP code generated by the portable electronic device 5 of the user 798 is generated within a predetermined time frame starting from the timestamp. Only when the server 6 receives the OTP within a predetermined time with respect to the timestamp, the permission to the transmission of the authorization signal 10e can be provided.
  • the control unit 4 transmits at least the OTP code to the server 6 (block 911 , figure 13). Subsequently, in a first step, if the server 6 verifies that the OTP code has been generated by an application installed on a portable electronic device 5, the seed associated to the account of the user 798 that has generated the OTP code is searched for, and subsequently the current server timestamp, at a time to, is considered.
  • the server 6 It is then read the latency time set for that specific structure, which according to the present disclosure is indicated as At, which can vary according to various factors among which - and non-limiting thereto - the speed and/or connection latency between the server 6 and the control unit 4 and/or the portable electronic device 5.
  • the server 6 then generates a plurality of possible OTP codes (or, equivalently, a plurality of numbers or pseudo-random alphanumeric RND sequences generated starting from the predefined seed) for that user 798 on the basis of the seed retrieved in the account (block 912, figure 13), from the instant to - At to the instant to + At.
  • the server 6 verifies that the OTP code has been generated by a portable electronic device 5 different from a Smartphone telephone, but by a dedicated radio transmitter device such as and in a non limiting extent a BLE tag or a smartcard or an NFC/RFId tag, firstly all the seeds of all the devices assigned to the user 798 are retrieved and subsequently it is considered the current server timestamp, at a time to.
  • the latency time set for that specific structure is subsequently read, which according to the present disclosure is indicated as At, which can vary according to various factors among which - and non-limiting thereto - the speed and/or connection latency between the server 6 and the control unit 4 and/or the portable electronic device 5.
  • the server 6 then generates a plurality of possible OTPs for that user 798 on the basis of the seed retrieved in the account, from the instant to - At to the instant to + At. If one of the calculated OTPs corresponds to the one transmitted by the user 798, then it is authorized the access through the sending of the authorization code 10e to the control unit 4; otherwise the permission to unlocking is denied and therefore the access control device 3 is not opened.
  • the embodiment here described has the advantage of not needing a data connection (e.g. Wi-Fi or cellular radio network) for the portable electronic device 5, which therefore does not need to establish direct communications with the server 6.
  • the QR code shown on the display of the portable electronic device 5 can be an example of authorization signal.
  • the transmission of the authentication signal can also be replaced by a reading of a QR code printed on a business card.
  • this is a QR code that can be used only once, if the user 798 loses or anyway does not have the portable electronic device 5 with him.
  • the server 6 verifies that the OTP code is associated to a visual code, for example and non-limiting to QR, printed, first of all it is verified whether the code is compatible with a list of non-dynamic codes (then, always valid and according to the present disclosure described as security codes) for the specific user 798 who made the request. If this code is compatible with those stored for the specific account, then we proceed with the sending of the authorization code 10e to the control unit 4.
  • the security code can then be considered as a pas-partout code. This code can be of the type that can be used only once or several times. If the code can be used only once, it is erased from the memory by an action of the server 6.
  • the server 6 verifies that the OTP code is associated to a portable electronic device 5 of passive type, such as for example an NFC tag, firstly the server 6 performs an electronic search for all the devices associated to the account of the user 798 who has the portable electronic device 5 and subsequently the device corresponding to the generated OTP code is identified. If this code is compatible with the OTP code generated by the portable electronic device 5, then we proceed with the access authorization through the transmission of the authorization code 10e to the control unit 4.
  • a portable electronic device 5 of passive type such as for example an NFC tag
  • the software application stored on the portable electronic device 5 can optionally comprise emergency codes that are associated to the specific access control device 3 and/or equivalently to the specific control unit 4.
  • the emergency code is not retransmitted to server 6 for a further verification.
  • the control unit 4 that directly performs the operations necessary to the opening of the access control device 3.
  • the emergency code is a single use code.
  • QR code morphology is not to be understood in a limiting way, as it is also possible to use other visual codes such as, in a non-exhaustive list, a linear barcode according to Codabar, or Code 25, or Code 39, or EAN 2 or EAN 5, or also a two-dimensional or matrix visual code such as for example Aztec, or CrontoSign, or Datamatrix according to IEC 16022 standards.
  • visual codes such as, in a non-exhaustive list, a linear barcode according to Codabar, or Code 25, or Code 39, or EAN 2 or EAN 5, or also a two-dimensional or matrix visual code such as for example Aztec, or CrontoSign, or Datamatrix according to IEC 16022 standards.
  • the single use password, or OTP code herein described which comprises the "code” itself represented by the alphanumeric or numeric only or alphabetic only string, can be integrated in any visual code, in particular in one of the codes according to the standards above described.
  • the processing units of system 1 here described will take care for having the computational capacity to decipher the visual code in order to extract the appropriate alphanumeric code.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Lock And Its Accessories (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Debugging And Monitoring (AREA)
  • Hardware Redundancy (AREA)

Abstract

The present invention is related to a system (1) of unlocking of accesses (2) of a structure, said system comprising: - an interface (4a) to a portable electronic device (5), said interface (4a) being configured for detecting the presence of a portable electronic device (5) in proximity of the interface itself (4a), said interface (4a) comprising a receiver stage configured for receiving at least an authentication signal (20, 21), for the request of authorization to unlock the access control device, from said portable electronic device, said authentication signal (20, 21) in turn comprising an access authorization code; - a control unit (4), designed to be in use operatively connected to an access control device (3), wherein: - the control unit (4) comprises a server interface (4c), configured for automatically retransmitting the access authorization code received from the portable electronic device (5) to a remote server (6) and for waiting for an authorization signal from said server (6); - and wherein the control unit (4) is configured for causing at least an unlocking of said lock (3) at the reception of an authorization signal (10e) from the server (6).

Description

A STRUCTURE ACCESSES UNLOCKING SYSTEM AND ASSOCIATED METHOD
Field of the invention The present invention relates to the field of access control systems and in detail refers to a structure accesses unlocking system and a method of authentication and access to structures or buildings.
Prior art With the spread of systems of remote booking and electronic management of the access to structures, in particular apartments and hotel rooms, systems that enable to interact with the locks of apartments and hotel rooms without intermediaries have spread, i.e. without the presence of the hotelier or building owner; these systems typically use software applications and a hardware operating on interested locks.
Systems of known type are characterized by limits in the safety management and by considerable complexity. The main issues related to the safety are given by the location of the hardware interfaced with the locks, often of easily access for possible intruders, and/or are also related to the control management of the user access credentials truthfulness. The Applicant has in fact observed that the access management systems are easily subject to hackers actions, who can fraudulently withdraw through software some access codes in order to carry out fraudulent accesses.
Among the objectives that the subject of the present invention has, there is the description of an access unlocking system of a structure that is capable of solving the drawbacks of the known art.
Furthermore, among the objectives that the subject of the present invention has there are the description of a method of authentication and access to structures, which is capable of solving the drawbacks of the known art. Summary of the invention
The subject of the present disclosure will be now described according to one or more aspects, combinable among them or with claims or portions of the following detailed description.
According to a first aspect, it is realized a system (1 ) of unlocking of accesses (2) of a structure, said system comprising:
- an interface (4a) to a portable electronic device (5), said interface (4a) being configured for detecting the presence of a portable electronic device (5) in proximity of the interface (4a) itself, said interface (4a) comprising a receiving stage configured for receiving at least an authentication signal or code (20, 21 ), for the request of authorization for the unlock of an access control device (3), by said portable electronic device (5);
- a control unit (4), conceived for being in use operatively connected to an access control device (3), wherein:
- the control unit (4) comprises a server interface (4c), configured for automatically retransmitting the authentication signal or code (20, 21 ) to a remote server (6) and for waiting an authorization signal (10e) from said server (6);
- and wherein the control unit (4) is configured for causing at least an unlock of the access control device (3) at the reception of an authorization signal (10e) from the server (6).
According to another non-limiting aspect, the control unit (4) is configured for: at first automatically retransmitting said authentication signal or code (20, 21 ) received by the portable electronic device (5), and/or an access authorization code contained in the authentication signal or code (20, 21 ) received by the portable electronic device (5) to the server (6) and subsequently for waiting for the reception of said authorization signal (10e) from the server (6).
According to another non-limiting aspect, said authentication signal or code (20, 21 ) in turn comprises an alphanumeric type access authorization code.
According to another non-limiting aspect, the control unit (4) is configured for being mechanically connected to the access control device (3) and/or is configured for being electrically connected to a servo-actuator of said access control device (3) and/or integrates said access control device (3), or is mechanically connected to the access control device (3) and/or is configured for being electrically connected to a servo-actuator of said access control device (3).
According to another non-limiting aspect, the access control device (3) is a lock and/or a part of a lock and/or an openable turnstile or gate.
According to another non-limiting aspect, said authentication signal or code (20, 21 ) comprises a QR code and/or a visual code and/or an OTP alphanumeric code, and/or a single use password, and/or a time stamp.
According to another non-limiting aspect, the OTP alphanumeric code and/or the single use password are or comprise dynamic type codes.
According to another non-limiting aspect, the authentication signal or code
(20, 21 ) is automatically generated by the portable electronic device (5) for the access to the structure (2) and/or at an approximation of the portable electronic device (5) to the control unit (4) and/or to the interface (4a).
According to another non-limiting aspect, said control unit (4) is also configured for extracting the access authorization code from the authentication signal (20, 21 ) within a predetermined time, and/or for retransmitting said access authorization code, without alteration, within a predetermined time, optionally wherein said predetermined time is an expiry time stored on said server (6).
According to another non-limiting aspect, said predetermined time is between 10s and 45s, more preferably between 20s and 30s or on intervals comprised between 5s, 10s and 15s.
According to another non-limiting aspect, said access authorization code is a dynamic code, having a predetermined and limited time validity, after which it is no longer usable for accessing said structure, optionally said dynamic code being cyclically regenerated by said server (6).
According to another non-limiting aspect, said access authorization code is a dynamic code, having a predetermined and limited temporal validity, after which it is no longer usable for accessing said structure, optionally said dynamic code being cyclically regenerated by said portable electronic device (5).
According to another non-limiting aspect, the code is regenerated cyclically at each said predetermined time interval, in particular with a predetermined time interval comprised between 10s and 45s, more preferably between 20s and 30s or on intervals between 5s, 10s and 15s. According to another non-limiting aspect, the control unit (4) is configured for: at first automatically retransmitting said access authorization code received from the portable electronic device (5) to the server (6) and then for waiting for the reception of said authorization signal (10e) from the server (6).
According to another non-limiting aspect, the control unit (4) is configured for extracting the access authorization code from the authentication signal (20, 21 ) within a predetermined time, and/or for retransmitting said access authorization code, without alteration, within a predetermined time.
According to another non-limiting aspect, said predetermined time is an expiry time stored on said server (6).
According to another non-limiting aspect, the interface (4a) to the portable electronic device (5) is, alternatively:
- separated from the body of the control unit (4), and comprises a camera (4a) for optical code reading and/or a receiver suitable for receiving a radio signal comprising a predefined code; said interface (4a) being configured for being installed in a space outside the structure delimited by said access (2); or
- is integrated into the body of the control unit (4), and preferably comprises a radio receiver stage.
According to another non-limiting aspect, the radio receiver is a short- distance communication receiver, optionally of NFC or Bluetooth type.
According to another non-limiting aspect, the radio signal is an encrypted radio signal.
According to another non-limiting aspect, the control unit (4) comprises a memory, optionally a non-volatile memory, within which it is possible to store an electronic address of a user to which address the transmission of a control signal, said control signal being indicative of an access or an attempt to access the structure and being determined by the reception, by the control unit (4) and/or the interface (4a) of an access authorization code; said control unit (4) being configured for transmitting or causing the transmission of said access signal when the control unit (4) has received an access authorization code.
According to another non-limiting aspect, the system comprises a server (6), operatively connected to the control unit (4), optionally configured for being at least temporarily operatively connected to the portable electronic device (5). According to another non-limiting aspect, the server comprises a memory, optionally a non-volatile memory, within which it is possible to store an electronic address of a user to which address the transmission of a control signal, said control signal being indicative of an access or of an attempted access to the structure and being determined by the reception, by the control unit (4) and/or the interface (4a) of an access authorization code; said server (6) being configured for transmitting said access signal when the control unit (4) has received an access authorization code.
According to another non-limiting aspect, the server (6) comprises:
- a data transceiver interface from and to the control unit (4) respectively;
- a time counter, configured for automatically carrying out at least one counting of time that elapses between a first time instant wherein the server (6) generates a random or pseudo-random number and/or an access authorization code to be transmitted to the portable electronic device, and a second time instant wherein the server (6) receives the access authorization code retransmitted by the control unit (4);
- optionally a data transceiver interface from and to the portable electronic device (5) respectively.
According to another non-limiting aspect, the system comprises a server (6), operatively connected to the control unit (4), having a data transceiver interface from and to the control unit (4) respectively;
said server (6) being configured for generating an OTP alphanumeric code, and/or a single use password, and/or a timestamp at the reception of an OTP alphanumeric code, and/or a single use password, and/or a timestamp retransmitted from the control unit (4) to the server (6);
said server (6) being configured for generating the authorization signal (10e), and for automatically transmitting the authorization signal (10e) to the control unit (4) when the OTP alphanumeric code generated by the server (6) is identical to the OTP alphanumeric code retransmitted from the control unit (4) to the server (6), and/or when the single-use password generated by the server (6) is identical to the single-use password retransmitted from the control unit (4) to the server (6) and/or when the timestamp generated by the server (6) is identical to the timestamp retransmitted from the control unit (4) to the server (6). According to another non-limiting aspect, the server (6) is configured for generating the OTP alphanumeric code, and/or the single-use password, and/or the timestamp at the reception of an OTP alphanumeric code, and/or a single-use password and/or a timestamp/s retransmitted from the control unit (4) to the server (6) by electronically accessing a memory associated to the server (6) and accessing a seed stored in an account corresponding to the user profile (798) and/or of the portable electronic device (5) that has generated the authentication signal or code (20, 21 ).
According to another non-limiting aspect, said time counter is in particular configured for causing the transmission of the authorization signal from the server to the control unit only when the following conditions take place:
- a time span between the first and the second time instant is shorter with respect to a predetermined value, said predetermined value being optionally stored in the server itself,
- the access authorization code retransmitted by the control unit (4) to the server (6) is identical to a copy of the access authorization code stored on said server (6).
According to another non-limiting aspect, the control unit (4) comprises a power control element, optionally a key, physical or electronic, which provides power to the data processing unit of the control unit (4) and/or to the control unit (4) in its entirety in a time limited manner, said control unit (4) being configured for making impossible to implement the access control device (3) and/or performing the retransmission of data to the server (6) and/or the reception of data from the server (6), without the activation of said power control element, optionally without pressing said key.
According to another non-limiting aspect, the control unit (4) comprises an electronic circuit that disables the power supply of the control unit (4) for a predetermined period of time, and optionally increasing at the number of failed access attempts, optionally when the authentication signal (20, 21 ), or part of it, transmitted from said portable electronic device (5) to the control unit (4) is incorrect or corrupted.
According to another aspect, a method of authentication and access to structures or buildings is described, which comprises: - a step of approaching (900) of a portable electronic device (5) to a control unit (4),
- a step of authentication (904) of the portable electronic device (5), wherein the transmission of an authentication signal from the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlock system takes place, wherein said authentication signal (20, 21 ) comprises an access authorization code, said access authorization code being a dynamic code;
- the sending of the access authorization code, received from the control unit (4), to a remote server (6), said sending being carried out by the control unit (4);
- a step of verification (906), wherein the server (6) electronically compares the access authorization code received from the control unit (4) with an original version of the access authorization code.
According to another non-limiting aspect, after the verification step (906) the server (6) carries out a transmission (907; 908) to said control unit, of alternatively one of the two following signals:
- an authorization signal for the unlocking of an access control device (3) to a structure (2) through the control unit (4); or
- a rejection signal, that prevents the opening of the access control device (3) to a structure (2) through the control unit (4).
According to another non-limiting aspect, the system (1 ) comprises a server (6) operatively connected to the control unit (4) through a data interchange network and configured for being connected to at least one, preferably a plurality of, portable electronic devices (5).
According to another non-limiting aspect, the system (1 ) is configured for carrying out a pre-authentication (903) of the portable electronic device (5) wherein the server (6) is configured for generating and transmitting (10b) to the portable electronic device (5) an authorization code for the access to the structure, and the system (1 ) is further configured for carrying out an authentication (904) of the portable electronic device (5) subsequent to the pre-authentication (903), wherein in the authentication (904) the control unit (4) automatically retransmits the authentication signal or code (20, 21 ) to the remote server (6) and waits for an authorization signal (10e) from the server (6); the authentication (904) of the portable electronic device (5) taking place only if said pre-authentication (903) has been carried out.
According to another non-limiting aspect, in the pre-authentication (903), the server (6) is configured for setting itself in a configuration of waiting for the generation request (902) of the authorization code for the access to the structure wherein the server (6) waits for a transmission of a request signal (10a) from the portable electronic device (5).
According to another non-limiting aspect, the server (6) is configured for automatically transmitting (10b) to the portable electronic device (5) said authorization code for the access to the structure after the reception of said request signal (10a).
According to another non-limiting aspect, the server (6) is configured for setting itself in waiting for a public key of encryption of a timestamp, and/or is configured for memorizing a public key of encryption of a timestamp, wherein the timestamp is transmitted by the portable electronic device (5) and is operatively associated to said authentication signal or code.
According to another non-limiting aspect, the public key of encryption of the timestamp is operatively associated to a specific and single portable electronic device (5).
According to another non-limiting aspect, the server (6) is configured for transmitting a plurality of public keys authorized for decrypting a timestamp to the control unit (4) and the control unit (4) comprises a memory within which it is stored at least said plurality of public keys.
According to another non-limiting aspect, the control unit (4) is configured for causing the unlock of the access control device (3) at a correct decoding of a timestamp ciphered with a private key operatively associated to a determined portable electronic device (5) and deciphered with a public key of said plurality of public keys, stored in the control unit (4).
According to another aspect, it is described a method of authentication and access to structures, said method comprising:
- a step of approaching (900) of a portable electronic device (5) to a control unit (4),
- a step of authentication (904) of the portable electronic device (5), wherein the transmission of an authentication signal or code (20, 21 ) from the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlock system takes place, wherein said authentication signal or code (20, 21 ) comprises an access authorization code;
- the sending of the authentication signal or code (20, 21 ) and/or of the access authorization code, received by the control unit (4), to a remote server (6), said sending being carried out by the control unit (4);
- a step of verification (906), wherein the server (6) electronically compares the access authorization code received by the control unit (4) with a secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) itself;
- wherein after the step of verification (906) the server (6) carries out a transmission (907; 908) to said control unit (4), alternatively of one of the two following signals:
- an authorization signal (10e) for the unlocking of an access control device (3) to a structure (2) through the control unit (4); or
- a rejection signal, that prevents the opening of the access control device (3) to a structure (2) through the control unit (4).
According to another non-limiting aspect, said authorization signal (10e) is transmitted only when the step of verification (906) ends with an identity result between the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) and the authentication signal or code (20, 21 ) and/or of the access authorization code received by the server (6).
According to another non-limiting aspect, the rejection signal is transmitted when the step of verification (906) ends with a lack of identity result, or of at least partial difference, between the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) and the authentication signal or code (20, 21 ) and/or of the access authorization code received by the server (6).
According to another non-limiting aspect, the unlock authorization signal can be transmitted by the server (6) to the control unit (4) when the access authorization code received by the control unit (4) and/or retransmitted by the latter to the server (6) is identical to the copy of the access authorization code temporarily stored on said server (6); the rejection signal is transmitted by the server (6) to the control unit (4) if the access authorization code received by the control unit (4) and/or retransmitted by the latter to the server (6) is different with respect to the copy of the access authorization code temporarily stored on said server (6).
According to another non-limiting aspect, the access authorization code is a dynamic code and/or comprises a single use password and/or an OTP code.
According to another non-limiting aspect, the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code is electronically generated, in said step of verification (906) by the server starting from a seed electronically retrieved by the server (6) in a memory operatively associated to it, wherein the seed is stored in an account previously created and associated, optionally uniquely associated, to the portable electronic device (5) and/or to a user (798) uniquely associated to said portable electronic device (5).
According to another non-limiting aspect, in said step of verification (906) said server (6) generates a secondary version of said dynamic code and/or of the single use password and/or OTP code starting from said seed, and electronically compares the dynamic code and/or the single use password with the dynamic code and/or single use password received by the control unit (4).
According to another non-limiting aspect, there is a step of pre- authentication (903), comprising a reception of an access authorization code, wherein the portable electronic device (5) receives the access authorization code generated by the server, said pre-authentication taking place prior to the step of authentication (904).
According to another non-limiting aspect, the step of pre-authentication (903) comprises a transmission of a request signal (10a) or is anticipated by a step of request of code generation (902) to said server (6), wherein said transmission is carried out by the portable electronic device (5) and being addressed to said server (6).
According to another non-limiting aspect, the method comprises a step of generation of a timestamp by the portable electronic device (5) and comprises also a step of encryption of said timestamp through an asymmetric public/private key ciphering, the method comprising a step of introduction of the encrypted timestamp through said asymmetric ciphering in the authentication signal or code (20, 21 ). According to another non-limiting aspect, in the step of authentication (904) and/or in the step of verification (906) the method comprises a decoding or an attempt of decoding of said timestamp sent by the portable electronic device (5) by means of a predefined public key, said decoding or attempt of decoding being carried out by the control unit (4), the unlocking of the access control device (3) being possible only in case of a correct decoding of said timestamp through a public key previously memorized on the server (6) and/or on the control unit (4).
According to another non-limiting aspect, the method comprises a step of transmission of at least one public key from said server (6) to the control unit (4).
According to another non-limiting aspect, the method comprises a step of generation of a timestamp by the portable electronic device (5) and of the transmission of said timestamp in association and/or within said authentication signal or code (20, 21 ); said method comprising a step of timestamp comparison, wherein the control unit (4) compares the timestamp received from the portable electronic device (5) with a time indication retrieved by the control unit (4) itself, and if a difference between the timestamp and the time indication is greater than a predefined time interval, the step of sending of the authentication signal or code (20, 21 ) and/or of the access authorization code, received from the control unit (4) to the server (6) is prevented.
According to another non-limiting aspect, the request signal (10a) comprises a hash of the current time of generation of the request signal (10a) itself.
According to another non-limiting aspect, in the step of verification (906) the server (6) performs a comparison between a first time instant wherein the server (6) itself has generated and temporarily stored the access authorization code and a second time instant wherein to the server (6) arrives the access authorization code transmitted by the control unit (5) and/or wherein to the control unit (4) arrives the access authorization code transmitted by the portable electronic device (5).
According to another non-limiting aspect, the method comprises a step of storage of at least an account uniquely associated to a user (798) in a memory operatively connected to said server (6) and a subsequent step of storage, in said account, of at least a limited validity authorization code, usable for a predefined number of times, and wherein in said step of verification (906), the server (6) electronically compares a limited validity code received from, and/or read through, the control unit (4) with a limited validity code previously stored in said account, and sends the authorization signal (10e) for the unlocking of the access control device (3) to the structure (2) through the control unit (4) if the comparison result proves identity between the two limited validity authorization codes; said method comprising a step of reduction of the number of times wherein said limited validity authorization code can be used and/or comprising a deletion of said limited validity authorization code from said account.
According to another non-limiting aspect,
- if the time interval between the first time instant and the second time instant is lower with respect to a predetermined value:
- if the access authorization code transmitted by the control unit (4) to the server (6) is identical to the access authorization code stored by the server (6), it is carried out the transmission to said control unit of the authorization signal for unlocking an access control device through the control unit; or
- if the access authorization code transmitted by the control unit (4) to the server (6) is different with respect to the access authorization code stored by the server (6), it is carried out (908) the transmission to said control unit of the rejection signal, which prevents the opening of said lock (3) through the control unit (4);
and, alternatively,
- if the time interval between the first time instant and the second time instant is greater with respect to the predetermined value, it is carried out (908) the transmission to said control unit of the rejection signal, which prevents the opening of said lock (3) through the control unit (4).
According to another non-limiting aspect, after the transmission of the request signal (10a), the server (6) carries out a procedure of generation of a random or pseudo-random number on which basing the generation of the access authorization code, and carries out a step of lasting time counting for a predetermined time interval, after which the access authorization code is no longer usable and/or is replaced and/or after which it automatically generates a new random or pseudo-random number and/or a new access authorization code, said step of time counting determining the first time instant, said time interval being determined by the time distance between the first time interval and the second time interval.
According to another non-limiting aspect,
- defined to as the time when the control unit (4) receives said authentication signal or code (20, 21 ) and/or access authorization code,
- when the server (6) receives the authentication signal or code (20, 21 ) and/or the access authorization code that has/have been transmitted from the control unit (4), to the server (6) itself, it generates a plurality of possible secondary versions of the authentication signal or code (20, 21 ) and/or of the access authorization code, on the basis of said seed, starting from said base time instant to, in the time intervals [(to-At) ÷ (to+At)] where At is a predetermined time instant;
- said server (6) transmitting said authorization signal (10e) only if at least one of the possible secondary versions of said plurality of possible secondary versions of the authentication signal or code (20, 21 ) and/or of the access authorization code, on the basis of said seed, starting from the said base time to, in the time intervals [(to-At) ÷ (to+At)] coincides with the authentication signal or code (20, 21 ) and/or the access authorization code that has/have been transmitted from the control unit (4) to the server (6) itself.
According to another non-limiting aspect, after the generation of the random or pseudo-random number, and/or after the generation of the access authorization code, a transmission of the authorization code for the access to the portable electronic device is automatically carried out.
According to another non-limiting aspect, the step of verification (906) is followed by the transmission of the authorization signal for the unlocking of an access control device (3) only when this verification is carried out within the predetermined time frame and only when the access authorization code transmitted by the control unit is equal to the access authorization code generated by the server (6).
According to another non-limiting aspect, the method comprises a step of activation of an actuator of the access control device (3), optionally of said lock (3), said actuator being contained within the body of said control unit (4) and acting directly on the access control device (3), optionally on said lock (3), said activation taking place after the transmission of the authorization signal for the unlocking of the access control device (3), optionally on said lock (3).
According to another non-limiting aspect, after the activation of the actuator, at least a deadbolt of said lock (3) is moved to eliminate the removable joint of said access with the portion of said structure.
According to another non-limiting aspect, the transmission of the access authorization code from the server (20, 21 ) to the portable electronic device (6) takes place within said predetermined time frame and/or within the second time instant.
According to another non-limiting aspect, said access authorization code comprises a visual code, in particular a QR code, and wherein said authentication signal is a light signal and/or a representation of said visual code, in particular said QR code, on a display (5d) of said portable electronic device (5).
According to another non-limiting aspect, the interface (4a) to the portable electronic device (5) comprises a camera, said method comprising the positioning of the portable electronic device (5) in correspondence of said camera (4a), so that said camera can read the visual code, in particular said QR code, from the display of said portable electronic device (5).
According to another non-limiting aspect, the interface (4a) comprises an optical and/or radio receiver stage.
According to another non-limiting aspect, said receiver stage and/or said interface (4a) comprises, in particular, a radio receiver configured for receiving a radio signal incorporating said access authorization code; said method comprising a reception stage of said radio signal transmitted by the portable electronic device so that the control unit receives said access authorization code.
According to another non-limiting aspect, said method comprises receiving a control signal on an input of the control unit (4), said control signal being a signal of start and/or end of access to that structure; said method comprises the inhibition of the transmission of said authorization signal for the unlocking of an access control device (3) through the control unit (4), and/or the activation of the actuator when said control signal is configured in an inhibition configuration, said inhibition configuration being optionally present before a check-in date of a user within that structure. According to another non-limiting aspect, said unlock authorization signal is a signal with a first hierarchy, and the control signal is a signal with a second hierarchy lower than the first hierarchy.
According to another non-limiting aspect, the method comprises a step of transmission of an access signal to the structure, said transmission being carried out either by the control unit (4), or by the server (6) with the permission of the control unit (4), at the transmission of an access authorization code from a portable electronic device (5) to the control unit (4) and/or at the verification of the identity between the access authorization code transmitted to the control unit (4) from the portable electronic device (5) to the control unit (4) or retransmitted from the control unit (4) to the server (6) and the access authorization code temporarily stored on the server (6).
According to another non-limiting aspect, the transmission of said access signal takes place towards a predetermined recipient, optionally towards a recipient whose address is previously stored in a memory of the control unit (4) and/or of the server (6).
According to another aspect, a software program is described here, suitable for being executed by a computer; said software program comprising portions of code which, when executed, cause the execution of the steps of the method according to one or more of the present aspects.
According to another aspect, it is in particular described a software program which, when executed, causes the execution of:
- a step of authentication (904) of a portable electronic device (5), wherein a reception of an authentication signal transmitted by the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlocking system takes place, wherein said authentication signal (20, 21 ) comprises an access authorization code, said access authorization code being a dynamic code;
- a step of electronic extraction of said access authorization code from the authentication signal;
- the sending of the previously electronically extracted access authorization code to a remote server (6), said sending being carried out by the control unit (4);
- wherein, with said sending, said software causes the execution of a step of verification (906), wherein the server (6) electronically compares the access authorization code received from the control unit (4) with an original version of the access authorization code;
- a step of reception on the data processing unit (4), alternatively, of one of the two following signals,
- an authorization signal for the unlocking of an access control device
(3) through the control unit (4); or
- a rejection signal, which prevents the opening of said access control device (3) through the control unit (4),
wherein the reception takes place after the step of verification (906) and wherein said one of the two previous signals is transmitted by the server (6).
According to another aspect, a non-transient memory medium, comprising said software program, is also described.
According to another aspect, it is also described a distributed computing environment, configured for carrying out:
- a step of authentication (904) of a portable electronic device (5), wherein the transmission of an authentication signal takes place from the portable electronic device (5) to an interface (4a) of a control unit (4) of an access unlocking system, wherein said authentication signal (20, 21 ) comprises an access authorization code, where the access authorization code is a dynamic code and wherein the step of authentication (904) takes place after a step of approaching (900) of a portable electronic device (5) to the control unit (4);
- the sending of the access authorization code, received from the control unit (4), to a remote server (6), this sending being performed by the control unit
(4);
- a step of verification (906), wherein the server (6) electronically compares the access authorization code received from the control unit (4) with an original version of the access authorization code;
- wherein, after the step of verification (906), the server (6) transmits (907; 908) to said control unit, alternatively one of the two following signals:
- an authorization signal for the unlocking of an access control device via the control unit; or
- a rejection signal, which prevents the opening of said lock via the control unit. According to another aspect, the use of the system and/or the use of the method according to one or more of the preceding aspects for the access to structures is described, said structures optionally comprising at least one among the buildings in the following list: houses, warehouses, apartments, cottages, hotels, motels, bed and breakfast, sanitary structures and/or parts or rooms of sanitary structures, security areas, detention centers, police stations, shelters, train cabins, bathing and/or spa structures.
Description of the figures
The invention will be now described by referring to one or more non-limiting embodiments described by means of the attached figures:
- Figure 1 illustrates a simplified scheme of a first form of realization of a system subject of the present disclosure;
- Figure 2 illustrates a simplified scheme of a second embodiment of the system subject of the present disclosure;
- Figure 3 shows a scheme representing a data transceiving part between a portable electronic device and a control unit according to the first embodiment of the system here described;
- Figure 4 shows a scheme of a data transceiving part between a portable electronic device and a control unit according to the second embodiment of the system here described;
- Figure 5 shows a simplified time diagram, where it is represented a time scale indicating a first and a second time value, which together define a time interval within which an access authorization code, temporarily stored on a server memory, must be retransmitted to the latter;
- Figure 6 illustrates a flowchart illustrating some steps of a process of data exchange between a portable electronic device of a user, a control unit part of the system object of the present disclosure, and a server also part of the same system;
- Figure 7 illustrates a flowchart, illustrating some steps of a process of booking a structure according to a first alternative configuration in which the user is not profiled; - Figure 8 illustrates a flowchart, illustrating some steps of a booking process of a structure according to a second alternative configuration in which the user is profiled;
- Figure 9 illustrates a simplified scheme, in which the subjects involved in the booking of said structure are identified;
- Figure 10 illustrates a temporal relational diagram, from which the information exchange flows between the subjects involved in the booking of the structure according to the first configuration can be deduced;
- Figure 11 illustrates a temporal relational diagram, from which the flows of information exchange between the subjects involved in the booking of the structure according to the second configuration can be deduced;
- Figure 12 illustrates a schematic illustration of a further embodiment of the present invention;
- Figure 13 illustrates a block diagram that partially illustrates the functionality of the other embodiment previously described.
Detailed description of the invention.
With reference to Figure 1 , with the reference number 1 is overall indicated a structure accesses unlocking system. According to the present disclosure, it is intended for accesses doors or portals, or windows, or entrances allowing individuals or vehicles to access a structure. In particular, in figure 2 is shown a door 2, having an access control device 3, in particular and non-limiting a lock, which engages in a 2 m portion of the wall in front of it. More precisely, the access control device 3 is equipped with at least one movable deadbolt between a first position wherein it releases the door 2 from the engagement with the 2 m portion of the wall and a second position wherein it engages the door 2 with said 2 m portion of the wall, in particular by constraining the door in a predetermined position. The access control device can, alternatively and non-exhaustively, be an opening doorway and/or a turnstile.
Although the system described here has been primarily conceived for the access to rented apartments, it is clear that this use should not be understood as exhaustive, as it is also possible to use - non-exhaustively - the system here described for the access to one or more of the following structures: houses, warehouses, apartments, cottages, hotels, motels, bed and breakfast, sanitary structures and/or parts or rooms of sanitary structures, security areas, detention centers, police stations, shelters, train cabins, bathing and/or spa structures, ports or parts of ports and/or airports, stadiums or luggage storage structures.
The system 1 subject of the present invention comprises at least one control unit 4, provided with an interface 4a to a portable electronic device 5 provided to the user, in particular the user who wishes to open the door 2 through the system here described. The interface 4a is in particular configured for detecting the presence of a portable electronic device 5, e.g. via a proximity sensor or directly via the interface 4a. The portable electronic device 5 can be any telephone equipped with technology allowing data exchange via wireless network or cellular radio network, or a transceiver, or a portable computer or tablet PC. A software program (or application) is conveniently installed on such a telephone or computer or tablet that performs determined predefined steps to carry out the method that is the subject of the present disclosure. The portable electronic device 5 can also be a short-distance radio communication device of the active type, or alternatively of the semi-active or passive type. The device of passive type can be preferably equipped with a ROM to store an appropriate code, comprising for example an emergency code for operating the access control device 3. Protocols and/or standards usable for radio communication can be non-exhaustively Bluetooth, in particular BLE, or NFC, or ZigBee, ISO 14443 and/or ISO 15693 protocol for contactless smartcards. The use of a short-distance communication protocol reduces the risk of fraudulent interception of communications by third parties, and therefore contributes to the security of the system here described.
The control unit 4 is configured for being operatively connected to a server 6, which is typically installed remotely with respect to the control unit 4. According to the present invention, "connected operatively" or "operatively connected" means a control unit 4 connected by wired or wireless data transmission between the server 6 and the control unit 4 itself. The data transmission can be either wired or wireless, e.g. a radio channel. The portion of the control unit 4 that is responsible for managing the exchange of data with the server 6 is defined server interface 4c. Finally, the control unit 4 comprises an actuator, or servo actuator or servomechanism, indicated with reference number 8, which is mechanically interfaced with the access control device 3 in order to allow its movement between open configuration and closed configuration and/or in order to allow at least temporary switching between a first configuration wherein the access to the structure 2 is prevented and a second configuration wherein the access to the structure 2 is allowed for at least a user. Although not shown, it is possible to provide a configuration where the control unit 4 integrates within the body the access control device 3. The actuator is in this case preferably contained within the control unit 4. The actuator can comprise an electro-actuated solenoid, e.g. integrated in a relay, which e.g. controls the opening of the lock latch and/or temporarily releases during its excitation the lock of a turnstile.
In order to reduce the risk of remote attacks or brute force, and therefore in the wider scope of contributing overall to the computer security of the system 1 in synergy also with the components described in the present disclosure, the control unit 4 can conveniently be equipped with a physical security device to prevent attacks by malicious users. For example, but in a non-limiting extent, the control unit 4 can be equipped with a key, physical or electronic, that provides power to the data processing unit of the control unit 4 in a timed manner, without the pressure of which it is not possible to carry out the retransmission of the data to the server 6 and/or it is not possible to receive data from the server 6 according to one or more portions of the present disclosure and/or an electronic circuit that disables the power to the control unit 4 for a predetermined period of time, and optionally increasing to the number of failed access attempts.
In a first embodiment, between the elements of system 1 , and in particular between the portable electronic device 5 and the server 6, a plurality of data transmissions takes place, carried out according to a predetermined scheme, better described in the following portion of the text. A first transmission is indicated with reference 10a, and is a transmission of a request signal which takes place from the portable electronic device 5 to the server 6. Preferably, this transmission takes place when, more precisely after, the recognition or identification of a portable electronic device 5 by the control unit 4. A second transmission is indicated with reference 10b, and is a transmission of an access authorization code from the server 6 to the portable electronic device 5 that has carried out the request. The second transmission 10b takes place after the first transmission 10a, and takes place preferably automatically; both the first transmission 10a and the second transmission 10b take place at least partly on a wireless transmission channel, in particular at least partly on a mobile cellular radio channel and/or on a radio channel of a wireless local area network. This allows to have much flexibility in establishing the authentication request with the server in terms of the positioning of the portable electronic device 5.
A third transmission, indicated with reference 10c, is a transmission of the authorization code for the access to the structure from the portable electronic device 5 to the control unit, and in particular to interface 4a of the control unit. If no anomaly is found, the access authorization code transmitted from the server 6 to the portable electronic device 5 is identical to the access authorization code that the portable electronic device 5 transmits to the interface 4a of the control unit. Otherwise, if there are anomalies, or in the event of a fraud attempt, this code can also be different. A fourth transmission is indicated with reference 10d, and is a retransmission of the access authorization code received from the control unit 4. The control unit retransmits this code, in particular without alterations, to the server 6. A fifth transmission is indicated with the reference number 10e and is a transmission of alternatively either an authorization signal for the unlocking of the access control device 3 or of a denial signal for the unlocking of the access control device 3. The transmission of the authorization signal for the unlocking of the access control device 3 or of the denial to the unlocking of the access control device 3 depends on a comparative verification that the server 6 is configured for automatically carrying out. The access authorization code is automatically and temporarily stored in the memory of the server 6 and is retained for at least the time necessary for the second transmission 10b, the third transmission 10c, and the fourth transmission 10d to take place. In particular, the transmission of the access authorization signal for the unlocking of the access control device 3 is the result of a comparison of equality.
In a first embodiment, shown in figure 1 , the control unit 4 is in the form of a single body installed at door 2 and in particular in proximity of the access control device 3; in this case, the interface 4a to the portable electronic device 5 is preferably a wireless interface, in particular a radio interface. The access authorization code is therefore a code transmitted in an authorization signal transmitted from the portable electronic device 5 to the interface, which then extracts the code from said signal.
In a second embodiment, shown in Figure 2, the interface 4a is an interface comprising a camera or equivalent means of recording. The body of the control unit 4 is separated from the interface 4a: while the latter is installed in front of the door 2, and is therefore accessible from outside the structure, the body of the control unit 4 is positioned within the door 2, or in any case behind it, so as to be more difficult to access. In particular, the camera is configured for capturing an image contained on the display 5d. The access authorization code on the portable electronic device 5 is therefore a visual code and preferably, though non-limiting, a code of QR type. This visual code can be an always valid code, with unlimited validity over time and/or for an indefinite number of accesses, or a code with limited validity, usable only for a finite number of times, greater or equal to one. This code is a static code. This configuration advantageously allows reducing the generation of radio signals and makes the transmission of the access authorization signal difficult to detect by malicious persons. This configuration also allows the management of security operations and/or emergency situations as described in the subsequent part of the patent application. The operational connection between the body of the control unit 4 and the interface 4a can be on wired or wireless channel.
As shown in Figure 5, one of the peculiarities of the system subject of the present disclosure is that after the second transmission 10b, the server 6 performs the generation an ideally pure random number, or at least an opportunely inseminated pseudo-random number, through which it generates a copy of the access authorization code and transmits it to the portable electronic device 5. This code is temporarily stored for a predetermined period of time, e.g. and non-limiting to comprised between 10s and 45s, even more preferably between 20s and 30s, on a server memory. According to the present invention, the instant of storage of the access authorization code on the server 6, or its generation equivalently, corresponds to a first and predefined time instant ti. The access authorization code on the server 6 is generated on the basis of a first random or pseudo-random RNDi number. When the control unit 4 transmits to the server 6 the copy of the access authorization code previously received by the transmission carried out from the portable electronic device 5, and this retransmission takes place at a second time instant t2, it is verified whether the access authorization code stored on the server is identical to the one retransmitted by the control unit, and if so, the fifth transmission 10e is carried out with an authorization signal for the unlocking of the access control device 3. The server 6 also verifies whether the retransmission is carried out within the predefined time period tmax, which is provided for security. Figure 5 shows in particular a configuration wherein the retransmission at the second time instant t2 takes place within the predefined time period tmax. If, in fact, fraud attempts are made, it is easy for them to occur by retransmitting the access authorization code well beyond the default time period tmaX; the server 6 is automatically configured for generating a new random or pseudo-random RND2 number, and thus a new access authorization code, and for deleting the previously generated one from memory. In this case, even if the access authorization code retransmitted by the control unit 4 or by a fraudulent copy of it was actually correct, but occurred beyond the predetermined time period, it would no longer be identical to the one stored on the server 6, and consequently the server 6 would perform the fifth transmission 10e with a denial signal. For this reason, the access authorization code here described is defined as a dynamic code, i.e. a code that varies over time.
In addition, in a particular embodiment, the first transmission 10a takes place via a request signal that contains a hash of the current time and an access key also known to the server 6. This increases the security in the first step of user authentication. Preferably, though non-limiting, this hash is a hash according to the SFIA3 standard. This allows to increase the computer toughness of the system to hacking attempts.
The control unit 4 allows the access to the structure only under certain conditions, while in others it prevents the access to the structure 2 by not acting on the access control device 3. In this case the control unit 4 is configured for receiving a control signal of the start and end of the access to the structure. This signal is placed in a hardware or software input of the control unit, and depending on its typology, it allows enabling or disabling the control of the opening of the access control device 3 through the actuator of the control unit 4 independently from the reception of a correct access authorization code. In other words, this control signal is at a higher hierarchical level than the reception (possibly in the correct time) of the access authorization code. This control is carried out and is preferable since the control unit 4 is introduced into a wider reservation management system, where it is desirable that the user does not have access to the structure outside predetermined dates. For this reason, when the control signal signals the start of access to the structure, the implementation of the access control unit 3 is possible and takes place as described here. Otherwise, when the control signal signals the end of access to the structure, the implementation of access control device 3 is made impossible. The control signal can signal the start or end of access to the structure, e.g. with a value equal to zero or different from zero respectively, or with a different coding and/or modulation between the start condition and the end condition of access to the structure.
The control unit 4 can optionally comprise a memory, on which is stored at least one address, in particular an electronic address, of a user - in particular, as it will be better explained in the following portion of the description - a host managing the structure to which access is to be gained. Upon reception of an access authorization code, transmitted by the portable electronic device 5, the control unit 4 retrieves the saved electronic address and transmits an access message to the predetermined user. It should be noted that the transmission can take place either without checking whether the access authorization code is valid and/or transmitted in due time, or with control of the latter case, e.g. and non-limiting by differentiating the typology of the message transmitted (message having attempting access with incorrect code, or access made with valid code). Alternatively further, it is possible to notify to the user only in cases where access is validly carried out, or even only in cases wherein the access attempt was unsuccessful because either the access authorization code was wrong (different from the one temporarily stored on the server) or transmitted too late. Although reference has been made to a memory built into the control unit, it is clear that this memory can also be of the server 6. In the latter case, the control unit will be responsible for notifying to the server the access or attempted access through an appropriate signal, and the server 6 will be responsible for transmitting to the user, whose electronic address has been stored in the memory, the notification of the access in the manner above described.
Through the use of the control unit 4 it is therefore possible to carry out a method of authentication and access to structures or buildings, which first comprises a step of approaching (shown in figure 6 with reference number 900) of a portable electronic device 5 to the control unit 4 itself, followed by other steps as here described.
In a subsequent step of pre-authentication (indicated with reference number 903), first of all a step of code generation request (indicated with reference number 902) to the server 6 takes place, wherein a transmission of the request signal 10a to the server 6 takes place, and wherein the transmission is carried out by the portable electronic device 5 associated to the user. As already indicated, preferably is provided the transmission of a request signal 10a which comprises a hash of the current time of generation of the request signal itself.
After the transmission of the request signal 10a, the server 6 performs a procedure of generation of a random or pseudo-random number on which basing the generation of the access authorization code, and carries out a step of time counting lasting for a predetermined time interval, after which the access authorization code is no longer usable and/or is replaced and/or after which it automatically generates a new random or pseudo-random number and/or a new access authorization code. The step of time counting determines the first time instant ti, and the time interval is determined by the time distance between the first time interval ti and the second time interval t2 which corresponds to the time instant when the server 6 receives the copy of the access authorization code retransmitted by the control unit 4 downstream of the transmission carried out by the portable electronic device 5 and/or which corresponds to the time instant when the control unit 4 receives this access authorization code from the portable electronic device 5. According to the present disclosure, it is theoretically possible to consider the time of retransmission of the access authorization code from the control unit 4 to the server 6 equal to zero. After the generation of the access authorization code, a transmission of the access authorization code to the portable electronic device 5 is automatically carried out. Clearly, the transmission takes place as quickly as possible, and takes place within said predetermined time interval and/or within the second time instant t2.
At this point, a reception of an access authorization code takes place, wherein the portable electronic device 5 receives the access authorization code generated by the server 6; this reception effectively ends the step of pre authentication and enables the step of authentication indicated with reference number 904, wherein the portable electronic device 5 is authenticated on the control unit 4 when the user wishes to access the structure.
It is then provided a step of authentication (referred to with reference number 904) of the portable electronic device 5, wherein the transmission of an authentication signal 20, 21 takes place from the portable electronic device 5 to the interface 4a of the control unit 4, where the authentication signal 20, 21 comprises an access authorization code of dynamic type, as it varies over time in the ways above described.
This is where the sending of the access authorization code received from the control unit 4 to the server 6 takes place, said sending being carried out by the control unit 4 so that the portable electronic device 5 is discharged from this computational burden.
At this point, a step of verification is carried out, which is referred to with reference number 906. At this stage, the server 6 electronically compares the access authorization code received from the control unit 4 with an original version of the access authorization code.
More in particular, in the step of verification 906, the server 6 carries out a comparison between a first time instant when the server 6 itself has generated and temporarily stored the access authorization code and a second time instant when to the server 6 arrives the access authorization code transmitted by the control unit 4 and/or wherein to the control unit 4 arrives the transmission of the access authorization code from the portable electronic device 5. If the time interval between the first time instant and the second time instant is shorter than a predetermined value:
- if the access authorization code transmitted by the control unit 4 to the server 6 is identical to the access authorization code stored by the server 6, the transmission to said control unit of the authorization signal to unlock an access control device through the control unit is carried out; or
- if the access authorization code transmitted from the control unit 4 to the server 6 is different with respect to the access authorization code stored by the server 6, the transmission to said control unit of the rejection signal, which prevents the opening of said lock 3 through the control unit 4 is carried out (block 908).
Alternatively, if the time interval between the first time and the second time instant is longer than the predetermined value, the transmission of the rejection signal to said control unit is carried out, which prevents the opening of said lock 3 through the control unit 4.
After the step of verification 906, the server 6 carries out a transmission (indicated with reference numbers 907; 908) to said control unit, of alternatively one of the following two signals: - an authorization signal for the unlocking of an access control device 3 through the control unit 4; or
- a rejection signal, which prevents the opening of said lock through the control unit 4.
Therefore, the step of verification 906 is followed by the transmission of the unlocking authorization signal of an access control device 3 only when this verification is carried out within the predetermined time frame and only when the access authorization code transmitted by the control unit 4 is equal to the access authorization code generated by the server 6.
If said access authorization code comprises and/or is associated to a visual code, in particular a QR code, said authentication signal is a light signal and/or a representation of said visual code, in particular said QR code, on a display 5d of the portable electronic device 5. The interface 4a to the portable electronic device 5 comprises a camera, and there is a step comprising the positioning of the portable electronic device 5 in correspondence of said camera 4a so that said camera can read the visual code, in particular said QR code, from the display of the portable electronic device 5.
Otherwise, if the access authorization code is an alphanumeric code, this alphanumeric code is transmitted by radio, and therefore the transmission of a radio signal takes place on a wireless channel between the portable electronic device 5 and the interface 4a, which comprises a radio receiver. More specifically, the radio receiver stage is configured for receiving a radio signal incorporating said access authorization code; this method comprising a step of reception of said radio signal transmitted by the portable electronic device such that the control unit receives said access authorization code. Conveniently, the radio signal can be an ciphered and/or encrypted radio signal in such a way that only the control unit 4 actually receiving it can decode it.
Software programs can also be carried out on the server to manage a user's reservation; such software programs can either be stand-alone programs, or be integrated, for example through a subroutine, into the program that manages the user authentication through the portable electronic device 5 according to the preceding description. In the management of a user's booking, the following main subjects are identified: - control body 796, e.g. and non-limiting, a police or public security command, or Police Headquarters or Prefecture, or a registry or government identity management department, which holds identity data of a plurality of subjects, which is provided with an information system suitable for sending at least a confirmation data of identity data of one or more of these subjects after a request order for verification from an external body or system;
- host 797, which is the natural or legal person who manages the structure 2 to which users can access and who preferably has means - for example a personal computer - to receive electronic bookings from one or more external booking sources (for example, and non-limiting, Booking, Airbnb, etc.);
- user 798, which is the subject who accesses the structure 2, and in particular is the subject equipped with the portable electronic device 5;
- booking system 1 , which comprises the previously described server and/or the control unit 4 in any of the embodiments herein described;
- external booking source 795, which is conceived to manage electronic bookings of a plurality of structures by receiving electronic data of the Applicant, possibly a payment, dates and/or times of check-in and check-out; for example and non-limiting this structure can be AirBnB or Booking.
In particular, the Applicant has conceived a particular embodiment in which the user is profiled. In this embodiment, as illustrated in the diagram in figure 7, and as schematically represented in figure 9 and figure 10, in a first step (indicated in figure 7 with reference number 800), the host 797 receives a booking from a user 798 through an external booking source 795. Subsequently, in a second and subsequent step (shown in figure 7 with reference number 801 ), the user 798 checks in online, using the platform of the booking source external to the system, by introducing its private data that allow the sending of a specific signal containing a key to access the system. This private data can comprise, for example, an e-mail address or telephone number, preferably associated to the portable electronic device 5 equipped to the user.
Subsequently, at a later step (shown in Figure 7 with reference number 802), the user 798 receives an electronic key from the host 797 through the sending of a specific signal to the portable electronic device 5, e.g. via email or SMS. At this point, the system subject of the present disclosure comes into play, which first (in a step indicated in Figure 7 with reference number 803), and automatically, immediately after the sending of the electronic key to the portable electronic device 5, generates a collection of data of the user 798 which are sent to the control body 796 and then, albeit optionally, generates an invoice, in particular an electronic invoice concerning the residence tax (step indicated in Figure 7 with reference number 804). It should be noted that in the diagram in Figure 10 the sending to the control body 796 is represented by a first arrow placed between the host 797 and the control body 796 itself and by a second arrow placed between the server 6 and the control body 796. This representation is due to the fact that the sending, although described earlier as automatically carried out by the system, can also be manually controlled by the host 797.
On the basis of data obtained from the external booking source, the system subject of the present disclosure also receives data relating to the check- out of the user 798, in particular the date of check-out. On the basis of these data, the system subject of the present disclosure can optionally automatically generate booking requests for the cleaning of the structure 2 to which the user 798 has access. These data are automatically sent (Figure 7, reference number 805) to a structure cleaning company or to a person in charge of cleaning structure 2.
In any case, as shown in Figure 7 in the block with reference number 806, the system subject of the present disclosure also generates the random and/or pseudo-random number as previously described. In particular, the generation of the random number is carried out when the user 798 approaches the access control device 3 for the first time.
Optionally, the booking management program can include an electronic chat, where the host 797 and the user 798 can contact each other; this facilitates the access to the structure 2 should the user 798 encounter any problems of any kind.
Preferably, but in a non-limiting extent, the control unit 4 can be configured for interfacing with the program here described so that for each access carried out by the user 798 to the structure through the opening of the access control device 3 through the portable electronic device 5, the host 797 is alerted by means of the sending of an appropriate signal, preferably an access signal transmitted for example on a wireless channel; in this way the host 797 is constantly informed of the moment of the access by the user 798. This control signal can also be sent if there is an attempt to access the structure 2 with an access authorization code which is either incorrect or is transmitted to the control unit 4 after the predetermined time frame and/or after the second time instant t2. As a result of this aspect, the host 797 is able to get immediate information about unauthorized or otherwise non-compliant attempts to access the structure and can possibly take measures such as contacting a private security services control centre.
The control unit 4 can preferably receive from the server 6 a control signal for the start and end of access to the structure, and this signal is transmitted when the current date, and/or the current date and time exceed the date - respectively the date and time - set for the check-out in the booking made at the external booking source. In doing so, when the control unit 4 has received the termination signal of the access to the structure, even admissible access authorization codes are no longer accepted, and the implementation of the opening of the access control device 3 by the control unit 4 is uninhibited. This ensures that users 798 cannot access the structure 2 for longer than expected. Clearly, when the user 798 attempts to access the structure prior to the date, respectively date and time, of check-in, the control unit 4 will be configured again to prevent the opening of the access control device 3.
Furthermore, the host 797 can also access the program here described to manage its structure(s), and preferably does so through a transmission of a management authorization code of a dynamic type, which in a preferred but non limiting embodiment, is modified every time interval comprised between 10s and 45s, more preferably every 20s-30s.
An alternative embodiment for the program here described is characterized by carrying out a user profiling. This alternative implementation is represented in diagrams in Figures 8 and 11. In particular, a software application is provided to be installed on the portable electronic device 5 of the user 798. In this case the selection of the structure no longer takes place through the passage from the external booking source to the system here described, but directly through this software application. In particular, therefore, a first step indicated in Figure 8 with reference number 810 comprises the download of a software application on the portable electronic device 5. Subsequently, the user 798 selects the structure of interest by means of the software application installed on his/her portable electronic device 5, and at the time of selection (block 811 , figure 8), the user decides (block 812, figure 8) the check-in and check-out dates that will determine the enabling and - respectively - disabling, of the opening of the access control device 3 by means of the control unit.
As in the case of the embodiment above described, also in this case automatically, immediately after the confirmation of the booking made through the software application installed on the portable electronic device 5, the software program that is run on the server, upon the reception of an appropriate occurred booking confirmation signal, generates a collection of data of the user 798 which is sent to the control body 796 (step indicated in figure 8 with reference number 803) and subsequently, although optionally, generates an invoice, in particular an electronic invoice for the residence tax (step indicated in figure 8 with reference number 804). In Figure 11 this sending is represented with a first arrow between the software application and the control body 796 and a second arrow between the server 6 and the control body. In fact, the sending can be totally managed through the software program that is carried out on the server 6 or, alternatively, can be controlled upstream by an approval signal of the sending transmitted by the application itself.
On the basis of the data obtained from the external source of bookings, the system subject of the present disclosure also receives data relating to the check-out of the user 798, in particular the date of check-out. On the basis of these data, the system subject of the present disclosure can optionally automatically generate booking requests for the cleaning of the structure 2 to which the user 798 accesses. These data are automatically sent (Figure 8, reference number 805) to a structure cleaning company or to a person in charge of carrying out the cleaning of the structure 2.
In any case, as shown in Figure 8 in the block with reference number 806, the system subject of the present disclosure also generates the random and/or pseudo-random number as above described. In particular, the random number is generated when the user 798 approaches the access control device 3 for the first time.
Also in the case of the present embodiment, the booking management program can comprise an electronic chat, where the host 797 and the user 798 can contact each other; this facilitates the access to the structure 2 should the user 798 encounter any problems of various kind.
As in the case of the described above embodiment, in this case too, although non-limiting, the control unit 4 can be configured for interfacing with the program here described so that at the time of each access made by the user 798 to the structure through the opening of the access control device 3 through the portable electronic device 5, the host 797 is alerted by the sending of an appropriate signal, preferably a periodic control signal transmitted for example on a wireless channel; in this way the host 797 is constantly informed of the moment of access by the user 798. This control signal can also be sent if there is an attempt to access the structure 2 with an access authorization code which is either incorrect or is transmitted to the control unit 4 after the predetermined time period and/or after the second time period t2.
The control unit 4 can preferably receive from the server 6 a control signal of start and end of access to the structure, and this signal is transmitted when the current date, and/or the current date and day time, exceed the date - respectively the date and time - set for the check-out in the booking made at the external booking source. In so doing, when the control unit has received the signal for the end of access to the structure, even admissible access authorization codes are no longer accepted, and the implementation of the opening of the access control device 3 by the control unit 4 is uninhibited. This ensures that users cannot access the structure 2 for times longer than expected. Clearly, when the user 798 attempts to access the structure before the check-in date, respectively the check in date and hour, , the control unit 4 will be configured again for preventing the implementation of the opening of the access control device 3.
Furthermore, the host 797 can also access the program here described to manage its structure(s), and preferably does so through a transmission of a control authorization code of dynamic type, which in a preferred but non-limiting embodiment, is modified every time interval comprised between 10s and 45s, more preferably every 20s-30s.
Although the embodiment without user profiling allows greater flexibility since it is based on external structures already managed and tested, the embodiment with user profiling advantageously allows a higher treatment efficacy of the electronic identity of the user by the system subject of the present disclosure.
Parts of the process described herein can be implemented by means of a data processing unit or control unit, technically replaceable by one or more computers designed to carry out a portion of software program or firmware loaded on a memory medium. Such software program can be written in any programming language of known type. If the number of computers is two or more, they can be connected to each other by means of a data connection in such a way that their computing power is shared in any way; the computers themselves can therefore also be installed in geographically different locations, creating a distributed computing environment by means of the above-mentioned data connection.
The data processing unit, or control unit, can be a general purpose type processor specifically configured for carrying out one or more parts of the process identified in the present disclosure through the software or firmware program, or be an ASIC or dedicated processor or an FPGA, specifically programmed to carry out at least part of the process operations described herein.
The memory medium can be non-transitory and can be internal or external to the processor, or control unit, or data processing unit, and can - specifically - be geographically located remotely with respect to the computer. The memory medium can also be physically divided into multiple portions, or in the form of a “cloud”, and the software program or firmware can be physically stored on geographically divided portions of memory.
In particular, a distributed computing environment can be designed, which according to what has been described so far is configured for carrying out the following steps:
- a step of authentication 904 of a portable electronic device 5, wherein takes place the transmission of an authentication signal from the portable electronic device 5 to an interface 4a of a control unit 4 of an access unlocking system, wherein said authentication signal 20, 21 comprises an access authorization code, wherein the access authorization code is a dynamic code and wherein the step of authentication 904 takes place after a step of approaching 900 of a portable electronic device 5 to the control unit 4;
- the sending of the access authorization code, received from the control unit 4, to a remote server 6, said sending being carried out by the control unit 4; - a step of verification 906, wherein the server 6 electronically compares the access authorization code received from the control unit 4 with an original version of the access authorization code;
- wherein after the step of verification 906, the server 6 carries out a transmission 907; 908 to said control unit, alternatively of one the following two signals:
- an authorization signal for unlocking an access control device 3 through the control unit 4; or
- a rejection signal, which prevents the opening of said lock through the control unit 4.
An alternative embodiment is described below and is shown schematically in Figures 12 and 13 in terms of structure and operating process. In this embodiment, as represented in figure 12, an account 6a is created on the server 6 for each user 798 on which a seed generated through a pseudo-random number (ideally a random number) is stored. This seed is transmitted, preferably automatically, to a software application installed on the portable electronic device 5 supplied to the user 798. The transmission preferably takes place at the time of the account generation (step indicated with the reference number 1000).
Upon accessing the structure, in a first step (schematically represented by arrow 1001 ) the user 798 approaches the portable electronic device 5 to the interface 4a of the control unit 4, and transmits an authentication signal which comprises an OTP code and optionally a timestamp generated by the portable electronic device 5 itself. According to the present invention, for OTP code is intended a single use password, i.e. a password which is only valid for a single access session. The use of OTP allows the reduction of the risk of system hacking. According to the present invention, for timestamp is intended a time mark with a sequence of characters that represent an indicative date and/or time of the occurrence of a predetermined event (in the above described case, the instant of generation and/or of the transmission of the authentication signal). In a non limiting embodiment, the timestamp follows the ISO 8601 standard, and therefore comprises both a complete date indication and a current time indication.
In fact, therefore, the OTP code represents a pseudo-random first number, or alphanumeric sequence RNDi. When the control unit 4 receives this authentication signal, it retransmits (step indicated by the arrow 1002) the OTP code and, optionally, the timestamp, to the server 6. Preferably, although in a non-limiting extent, the transmission to the server 6 takes place immediately after the reception of the authentication signal by the control unit 4. The control unit 4 can also itself carry out a comparison between the timestamp received from the portable electronic device 5 and a time indication found by itself, carrying out an electronic matching check. In case the time difference between the time of the timestamp transmitted by the portable electronic device 5 and the time indication is greater than a predetermined time period, e.g. more than 5s, or more than 10s, or more than 15s, the control unit 4 provides for automatically transmitting a rejection of the OTP transmitted by the portable electronic device 5, which will therefore not be transmitted to the server 5.
In a particular embodiment, the timestamp operatively associated to the authentication signal or code is digitally signed by the user, and in particular it is digitally signed with the portable electronic device 5 of the user. This digital signature comprises two keys:
- a public key, which the portable electronic device 5, after the execution of said digital signature, sends - preferably automatically - to the server 6, and
- a private key, which the portable electronic device 5 of the user keeps stored in itself.
The public key is in any case operatively associated to a specific and single portable electronic device 5, so that logical pairs [d, - q] are made between an i-th portable electronic device and an i-th public key q.
The use of a private key, advantageously allows not only to have an encryption of the timestamp in a technical sense, so that the clear data of the timestamp is not visible and therefore is less attackable at a computer level, but also allows to provide a guarantee of authenticity of the user and/or of his/her portable electronic device 5. Technically, therefore, each portable electronic device 5 is operatively associated to its own private key.
The server 6 contains (or is operatively associated therewith) a memory in which a plurality of public keys is stored. These public keys can be shared with the control unit 4. In a particular and non-limiting embodiment, at least a part of these public keys is cyclically, or anyway at least once, transmitted to the control unit 4, which in turn stores a plurality of public keys. This allows the correct decryption of the timestamp through an appropriate public key even if there is no possibility of operational communication between the control unit 4 and the server 6. In fact, if the plurality of public keys is entirely stored on the server 6, in order to decrypt the timestamp it is necessary that the control unit transmits the timestamp to be decrypted to the server 6 or, alternatively, that the server 6 transmits the correct public key to the control unit 4, and if the operating communication is not possible (for example due to a fault in the WAN, LAN network or similar that connects the server 6 with the control unit) the decryption cannot take place, with the consequent impossibility of unlocking the lock. Otherwise, if a plurality of multiple public keys is stored on the control unit, the permanence and integrity of this operational communication is no longer necessary at the specific time of decryption.
Therefore, an authentication method comprises the introduction of the timestamp (operatively associated to the authentication signal or code 20, 21 , and encrypted as above described through asymmetric public/private key encryption), into the authentication signal or code that the portable electronic device 5 transmits to the control unit 4. The above mentioned step of introduction follows a step of generation of said timestamp by the portable electronic device 5. In the step of authentication 904, or in the step of verification 906, the method comprises a decryption (or at least a decryption attempt) of the timestamp sent by the portable electronic device 5 by means of a predefined public key, and this decryption (or decryption attempt) is carried out by the control unit 4. The unlocking of the lock with the authorization signal 10e for the unlocking is thus only possible in case of a correct decryption of the timestamp by means of a public key present on the server 6 and/or on the control unit.
The method comprises a step of download of a plurality of public keys from the server 6 to the control unit 4, and can optionally comprise new downloads or cadenced updates (at predetermined time intervals, e.g. once a week) of at least part of the public keys stored in the operatively accessible memory of the server 6 to the control unit 4.
When the server 6 receives the retransmission of the authentication signal from the control unit 4, it automatically proceeds with the generation of at least a second OTP code generated on the basis of the seed stored in the account for the predefined user 798. In fact, this second OTP code, or single use password, represents a pseudo-random number or alphanumeric sequence, RND2. This is made possible because the control unit 4, together with the authentication signal, transmits or makes accessible to the server the user ID 798 that serves to the server 6 to access the correct account associated to it. This operation is schematically represented by arrow 1003 in figure 12.
Preferably, although non-limiting thereto, the connection between the control unit 4 and the server 6 takes place with the establishing of an encrypted end-to-end communication, preferably using a TLS or SSL algorithm. The server 6 also identifies the control unit 4 that has carried out the transmission: if TLS or SSL algorithms are used, this identification takes place by means of the security certificate specific to these algorithms. In order to identify the control unit 4, on the server 6 are stored different identification codes Id_serr1 , Id_serr2, Id_serr3, each of which relates to a respective control unit 4. These identification codes are schematically represented by reference 6b.
The server then accesses the memory and verifies whether for the determined control unit 4 there are access reservations for the structure 2. If not, it sends a denial command. If the OTP code generated by the server 6 is identical to the OTP code generated by the portable electronic device of the user 798, then the server 6 transmits to the control unit the authorization signal 10e for the opening of the access control device 3. This operation is schematically represented by the arrow 1004. Otherwise, a denial signal is transmitted.
Optionally, though preferably, the server 6 verifies whether the OTP code generated by the portable electronic device 5 of the user 798 is generated within a predetermined time frame starting from the timestamp. Only when the server 6 receives the OTP within a predetermined time with respect to the timestamp, the permission to the transmission of the authorization signal 10e can be provided.
More in particular, from the typology of code received by the server, it is obtained which verification is to carry out and for each potentially authorized user 798 the following verifications are carried out.
After the approaching of the portable electronic device 6 to the control unit
4 (block 900, figure 13), and to the transmission of the OTP code from the portable electronic device 5 to the control unit 4 (block 910, figure 13), the control unit 4 transmits at least the OTP code to the server 6 (block 911 , figure 13). Subsequently, in a first step, if the server 6 verifies that the OTP code has been generated by an application installed on a portable electronic device 5, the seed associated to the account of the user 798 that has generated the OTP code is searched for, and subsequently the current server timestamp, at a time to, is considered. It is then read the latency time set for that specific structure, which according to the present disclosure is indicated as At, which can vary according to various factors among which - and non-limiting thereto - the speed and/or connection latency between the server 6 and the control unit 4 and/or the portable electronic device 5. The server 6 then generates a plurality of possible OTP codes (or, equivalently, a plurality of numbers or pseudo-random alphanumeric RND sequences generated starting from the predefined seed) for that user 798 on the basis of the seed retrieved in the account (block 912, figure 13), from the instant to - At to the instant to + At. If one of the calculated OTP codes corresponds to the one transmitted by the user 798 (block 913, figure 13, output S), then the access is authorized through the sending of the authorization code 10e to the control unit 4, and the access control device 3 is opened (block 914, figure 13); otherwise the permission to unlock is denied and therefore the access control device 3 is not opened (block 914, figure 13).
If on the other hand the server 6 verifies that the OTP code has been generated by a portable electronic device 5 different from a Smartphone telephone, but by a dedicated radio transmitter device such as and in a non limiting extent a BLE tag or a smartcard or an NFC/RFId tag, firstly all the seeds of all the devices assigned to the user 798 are retrieved and subsequently it is considered the current server timestamp, at a time to. The latency time set for that specific structure is subsequently read, which according to the present disclosure is indicated as At, which can vary according to various factors among which - and non-limiting thereto - the speed and/or connection latency between the server 6 and the control unit 4 and/or the portable electronic device 5. The server 6 then generates a plurality of possible OTPs for that user 798 on the basis of the seed retrieved in the account, from the instant to - At to the instant to + At. If one of the calculated OTPs corresponds to the one transmitted by the user 798, then it is authorized the access through the sending of the authorization code 10e to the control unit 4; otherwise the permission to unlocking is denied and therefore the access control device 3 is not opened. The embodiment here described has the advantage of not needing a data connection (e.g. Wi-Fi or cellular radio network) for the portable electronic device 5, which therefore does not need to establish direct communications with the server 6.
As in the case of the previously described embodiment, also in this case the QR code shown on the display of the portable electronic device 5 can be an example of authorization signal.
In the second embodiment, the transmission of the authentication signal can also be replaced by a reading of a QR code printed on a business card. In this case this is a QR code that can be used only once, if the user 798 loses or anyway does not have the portable electronic device 5 with him.
If on the other hand the server 6 verifies that the OTP code is associated to a visual code, for example and non-limiting to QR, printed, first of all it is verified whether the code is compatible with a list of non-dynamic codes (then, always valid and according to the present disclosure described as security codes) for the specific user 798 who made the request. If this code is compatible with those stored for the specific account, then we proceed with the sending of the authorization code 10e to the control unit 4. The security code can then be considered as a passe-partout code. This code can be of the type that can be used only once or several times. If the code can be used only once, it is erased from the memory by an action of the server 6.
If the server 6 verifies that the OTP code is associated to a portable electronic device 5 of passive type, such as for example an NFC tag, firstly the server 6 performs an electronic search for all the devices associated to the account of the user 798 who has the portable electronic device 5 and subsequently the device corresponding to the generated OTP code is identified. If this code is compatible with the OTP code generated by the portable electronic device 5, then we proceed with the access authorization through the transmission of the authorization code 10e to the control unit 4.
The software application stored on the portable electronic device 5 can optionally comprise emergency codes that are associated to the specific access control device 3 and/or equivalently to the specific control unit 4. In this case, the server 6, after the identification of the control unit 4 as above described, verifies whether for the specific control unit 4 exists stored in the memory the specific security code and if so retransmits the authorization signal 10e. Another option is also foreseeable wherein the emergency code is not retransmitted to server 6 for a further verification. In this case it is the control unit 4 that directly performs the operations necessary to the opening of the access control device 3. Preferably, in this case, the emergency code is a single use code.
Although explicit reference to a QR code has been made in the previous description, this visual code morphology is not to be understood in a limiting way, as it is also possible to use other visual codes such as, in a non-exhaustive list, a linear barcode according to Codabar, or Code 25, or Code 39, or EAN 2 or EAN 5, or also a two-dimensional or matrix visual code such as for example Aztec, or CrontoSign, or Datamatrix according to IEC 16022 standards.
It is also clear that the single use password, or OTP code herein described, which comprises the "code" itself represented by the alphanumeric or numeric only or alphabetic only string, can be integrated in any visual code, in particular in one of the codes according to the standards above described. The processing units of system 1 here described will take care for having the computational capacity to decipher the visual code in order to extract the appropriate alphanumeric code.
Although they are not described again, the notifications from and to the control body 796 and from and to the host 797, and/or with reference to the external reservation source 795 previously described, can also apply to the present embodiment.
The invention is not limited to the embodiments illustrated in the drawings; it is therefore understood that if characteristics mentioned in the claims are followed by reference numbers or signs, these numbers or signs are included solely for the purpose of increasing the intelligibility of the claims and are not to be considered as limiting.
Finally, it is clear that modifications or additions can be made to the object of the present disclosure, without thereby exiting from the scope of protection provided by the claims.

Claims

1. A structure (2) accesses unlocking system (1 ), said system comprising:
- an interface (4a) to a portable electronic device (5), said interface (4a) being configured for detecting the presence of a portable electronic device (5) in proximity of the interface (4a) itself, said interface (4a) comprising a receiver stage configured for receiving at least an authentication signal or code (20, 21 ), for the request of authorization to unlock an access control device (3), from said portable electronic device (5);
- a control unit (4), conceived to be in use operatively connected to an access control device (3), wherein:
- the control unit (4) comprises a server interface (4c), configured for automatically retransmitting the authentication signal or code (20, 21 ) toward a remote server (6) and for waiting for an authorization signal (10e) from said server (6);
- and wherein the control unit (4) is configured for causing at least an unlocking of the access control device (3) at the reception of an authorization signal (10e) from the server (6).
2. System according to claim 1 , wherein the control unit (4) is configured for: first automatically retransmitting said authentication signal or code (20, 21 ) received by the portable electronic device (5), and/or an access authorization code contained in the authentication signal or code (20, 21 ) received by the portable electronic device (5) to the server (6) and subsequently for waiting for the reception of said authorization signal (10e) from the server (6);
and wherein said authentication signal or code (20, 21 ) in turn comprises an access authorization code of alphanumeric type and/or comprises a QR code and/or a visual code and/or an OTP alphanumeric code, and/or a single use password, and/or a timestamp.
3. System according to claim 2, wherein said access authorization code is a dynamic code, having a predetermined and limited time validity, after which it is no longer usable for the access to said structure, optionally said dynamic code being cyclically regenerated by said portable electronic device (5).
4. System according to one or more of the preceding claims, comprising a server (6) operatively connected to the control unit (4) through a data exchange network and configured for being connected to at least one, preferably a plurality thereof, of portable electronic devices (5), and wherein:
- the system (1 ) is configured for performing a pre-authentication (903) of the portable electronic device (5) wherein the server (6) is configured for generating and transmit (10b) to the portable electronic device (5) an access authorization code to the structure, the system (1 ) being also configured for performing an authentication (904) of the portable electronic device (5) subsequent to the pre authentication (903), wherein in the authentication (904) the control unit (4) automatically retransmits the authentication signal or code (20, 21 ) to the remote server (6) and waits for an authorization signal (10e) from the server (6) and the authentication (904) of the portable electronic device (5) taking place only if said pre-authentication (903) has been carried out,
- in the pre-authentication (903), the server (6) is configured for being in a waiting configuration for the generation request (902) of the access authorization code to the structure wherein the server (6) waits for a transmission of a request signal (10a) from the portable electronic device (5),
- the server (6) is configured for automatically transmitting (10b) to the portable electronic device (5) said access authorization code to the structure after the reception of said request signal (10a).
5. System according to one or more of the preceding claims, wherein the server (6) is configured for waiting for a public key of encryption of a timestamp, and/or is configured for storing a public key of encryption of a timestamp, wherein the timestamp is transmitted by the portable electronic device (5) and is operatively associated to said authentication signal or code, and wherein the public key of encryption of the timestamp is operatively associated to a specific and single portable electronic device (5).
6. System according to claim 5, wherein:
- the server (6) is configured for transmitting a plurality of public keys authorized to the decryption of a timestamp to the control unit (4) and the control unit (4) comprises a memory within which at least said plurality of public keys is stored; and
- the control unit (4) is configured for causing the unlocking of the access control device (3) at the correct decryption of a timestamp encrypted with a private key operatively associated to a determined portable electronic device (5) and decrypted with a public key of said plurality of public keys, stored in the control unit (4).
7. System according to one or more of the preceding claims, wherein the control unit (4) is configured for being mechanically connected to the access control device (3) and/or is configured for being electrically connected to a servo actuator of said access control device (3) and/or integrates said access control device (3), or is mechanically connected to the access control device (3) and/or is configured for being electrically connected to a servo actuator of said access control device (3).
8. Access unlocking system according to one or more of the preceding claims, wherein the interface (4a) to the portable electronic device (5) is, alternatively:
- separate with respect to the body of the control unit (4), and comprises a camera (4a) for the optical code reading and/or a receiver suitable for receiving a radio signal comprising a predefined code; said interface (4a) being configured for being installed in a space outside the structure delimited by said access (2); or
- is integrated into the body of the control unit (4), and preferably comprises a radio receiver stage, optionally of NFC type.
9. System according to one or more of the preceding claims, comprising a server (6), operatively connected to the control unit (4), having a data transceiver interface to and from the control unit (4) respectively;
said server (6) being configured for generating an OTP alphanumeric code, and/or a single use password, and/or a timestamp at the reception of an OTP alphanumeric code, and/or a single use password and/or a timestamp retransmitted from the control unit (4) to the server (6);
said server (6) being configured for generating the authorization signal (10e), and for automatically transmitting the authorization signal (10e) to the control unit (4) when the OTP alphanumeric code generated by the server (6) is identical to the OTP alphanumeric code retransmitted from the control unit (4) to the server (6), and/or when the single use password generated by the server (6) is identical to the single use password retransmitted from the control unit (4) to the server (6) and/or when the timestamp generated by the server (6) is identical to the timestamp retransmitted from the control unit (4) to the server (6).
10. Method of authentication and access to structures, said method comprising:
- a step of approaching (900) of a portable electronic device (5) to a control unit (4),
- a step of authentication (904) of the portable electronic device (5), wherein the transmission of an authentication signal or code (20, 21 ) from the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlocking system takes place, wherein said authentication signal or code (20, 21 ) comprises an access authorization code;
- the sending of the authentication signal or code (20, 21 ) and/or of the access authorization code, received by the control unit (4), to a remote server (6), said sending being carried out by the control unit (4);
- a step of verification (906), wherein the server (6) electronically compares the access authorization code received by the control unit (4) with a secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) itself;
- wherein after the step of verification (906) the server (6) carries out a transmission (907; 908) to said control unit (4), of alternatively one of the following two signals:
- an authorization signal (10e) for the unlock of an access control device (3) to a structure (2) through the control unit (4); or
- a rejection signal, which prevents the opening of the access control device (3) to the structure (2) through the control unit (4).
11. Method according to claim 10, wherein there is a step of pre-authentication (903), comprising a reception of an access authorization code, wherein the portable electronic device (5) receives the access authorization code generated by the server, said pre-authentication taking place before the step of authentication (904), and wherein the step of pre-authentication (903) comprises a transmission of a request signal (10a) or is anticipated by a step of code generation request (902) to said server (6), wherein said transmission is carried out by the portable electronic device (5) and is addressed to said server (6).
12. Method according to claim 10 or claim 11 , comprising a step of generation of a timestamp by the portable electronic device (5) and also comprising a step of encryption of said timestamp through asymmetric public/private key encryption, the method comprising a step of introduction of the timestamp encrypted through said asymmetric encryption in the authentication signal or code (20, 21 ),
and wherein in the step of authentication (904) and/or in the step of verification (906) the method comprises a decryption or an attempt of decryption of said timestamp sent by the portable electronic device (5) by means of a predefined public key, said decryption or attempt of decryption being carried out by the control unit (4), the unlocking of the access control device (3) being possible only in case of a correct decryption of said timestamp through a public key previously stored on the server (6) and/or on the control unit (4).
13. Method according to claim 10, wherein the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code is electronically generated, in said stage of verification (906), by the server (6) starting from a seed electronically retrieved from the server (6) in a memory operatively associated therewith, wherein the seed is stored in an account previously created and associated, optionally uniquely associated, with the portable electronic device (5) and/or with a user (798) uniquely associated to said portable electronic device (5).
14. Method according to claim 13, comprising a step of generation of a timestamp by the portable electronic device (5) and of transmission of said timestamp in association and/or within said authentication signal or code (20, 21 ); said method comprising a step of timestamp comparison, wherein the control unit (4) compares the timestamp received from the portable electronic device (5) with a time indication retrieved by the control unit (4) itself, and if a difference between the timestamp and the time indication is greater than a predefined time interval, the step of sending of the authentication signal or code (20, 21 ) and/or of the access authorization code, received by the control unit (4), to the server (6) is prevented.
15. Method according to one or more of the preceding claims 10-14, comprising a step of storage of at least an account uniquely associated to a user (798) in a memory operatively connected to said server (6) and a subsequent step of storage, in said account, of at least a limited validity authorization code, usable for a predefined number of times, and wherein in said step of verification (906), the server (6) electronically compares a limited validity code received from, and/or read through, the control unit (4) with a limited validity code previously stored in said account, and sends the authorization signal (10e) for the access control device unlock (3) to the structure (2) through the control unit (4) if the comparison result proves identity between the two limited validity authorization codes; said method comprising a step of reduction of the number of times wherein said limited validity authorization code can be used and/or comprising a deletion of said limited validity authorization code from said account.
16. Method according to claim 13, wherein:
- defined to as the time instant when the control unit (4) receives said authentication signal or code (20, 21 ) and/or access authorization code,
- when the server (6) receives the authentication signal or code (20, 21 ) and/or the access authorization code that has/have been transmitted from the control unit (4), to the server (6) itself, it generates a plurality of possible secondary versions of the authentication signal or code (20, 21 ) and/or of the access authorization code, on the basis of said seed, starting from said base time instant to, in the time intervals [(to-At) ÷ (to+At)] where At is a predetermined time instant;
- said server (6) transmitting said authorization signal (10e) only if at least one among the possible secondary versions of said plurality of possible secondary versions of the authentication signal or code (20, 21 ) and/or of the access authorization code, based on said seed, starting from said base time instant to, in the time intervals [(to-At) ÷ (to+At)] coincides with the authentication signal or code (20, 21 ) and/or the access authorization code that has/have been transmitted from the control unit (4) to the server (6) itself.
PCT/IB2020/056511 2019-07-12 2020-07-10 A structure accesses unlocking system and associated method WO2021009641A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP20750731.0A EP3997674A1 (en) 2019-07-12 2020-07-10 A structure accesses unlocking system and associated method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT102019000011634 2019-07-12
IT102019000011634A IT201900011634A1 (en) 2019-07-12 2019-07-12 Access release system of a structure and associated method

Publications (1)

Publication Number Publication Date
WO2021009641A1 true WO2021009641A1 (en) 2021-01-21

Family

ID=68733453

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2020/056511 WO2021009641A1 (en) 2019-07-12 2020-07-10 A structure accesses unlocking system and associated method

Country Status (3)

Country Link
EP (1) EP3997674A1 (en)
IT (1) IT201900011634A1 (en)
WO (1) WO2021009641A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11281808B2 (en) * 2020-01-28 2022-03-22 International Business Machines Corporation Detection and repair of failed hardware components

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022254260A1 (en) * 2021-06-01 2022-12-08 Le Quang Nghia Electronic lock and implemantation process of said electronic lock

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050285716A1 (en) * 2001-12-27 2005-12-29 Triteq Lock And Security, Llc Electronic key control and management system for vending machines and the like
US20120068818A1 (en) * 2009-04-03 2012-03-22 Inventio Ag Access control system
US20140292481A1 (en) * 2011-03-17 2014-10-02 Unikey Technologies, Inc. Wireless access control system and related methods
US20160241559A1 (en) * 2015-02-17 2016-08-18 Sensormatic Electronics, LLC Method and System for Credential Management
EP3188136A1 (en) * 2015-12-28 2017-07-05 Marques, SA Electronic door lock and operation method thereof
US20180061164A1 (en) * 2016-05-27 2018-03-01 SkyBell Technologies, Inc. Doorbell package detection systems and methods
US20190180546A1 (en) * 2017-12-12 2019-06-13 Toyota Jidosha Kabushiki Kaisha Authentication information control system, authentication information control method, and non-transitory computer-readable recording medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050285716A1 (en) * 2001-12-27 2005-12-29 Triteq Lock And Security, Llc Electronic key control and management system for vending machines and the like
US20120068818A1 (en) * 2009-04-03 2012-03-22 Inventio Ag Access control system
US20140292481A1 (en) * 2011-03-17 2014-10-02 Unikey Technologies, Inc. Wireless access control system and related methods
US20160241559A1 (en) * 2015-02-17 2016-08-18 Sensormatic Electronics, LLC Method and System for Credential Management
EP3188136A1 (en) * 2015-12-28 2017-07-05 Marques, SA Electronic door lock and operation method thereof
US20180061164A1 (en) * 2016-05-27 2018-03-01 SkyBell Technologies, Inc. Doorbell package detection systems and methods
US20190180546A1 (en) * 2017-12-12 2019-06-13 Toyota Jidosha Kabushiki Kaisha Authentication information control system, authentication information control method, and non-transitory computer-readable recording medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11281808B2 (en) * 2020-01-28 2022-03-22 International Business Machines Corporation Detection and repair of failed hardware components

Also Published As

Publication number Publication date
EP3997674A1 (en) 2022-05-18
IT201900011634A1 (en) 2021-01-12

Similar Documents

Publication Publication Date Title
US10755507B2 (en) Systems and methods for multifactor physical authentication
US10614650B2 (en) System and method for managing distributed encrypted combination over-locks from a remote location
ES2414089T3 (en) Operation of a security system using a wireless device
EP2689399B1 (en) Standalone biometric authorization control device and method
EP0924657B1 (en) Remote idendity verification technique using a personal identification device
US8045960B2 (en) Integrated access control system and a method of controlling the same
US9953475B2 (en) 4D barcode
KR100680637B1 (en) Authentication system using biological information
US20180359635A1 (en) Securitization of Temporal Digital Communications Via Authentication and Validation for Wireless User and Access Devices
US10475115B2 (en) System and method for managing distributed encrypted combination over-locks from a remote location
EP2817788A2 (en) Method and system for providing identity, authentication, and access services
US10922747B2 (en) System and method for securing and removing over-locks from vacant storage units
US11094152B2 (en) System and method for applying over-locks without requiring unlock codes
EP3997674A1 (en) A structure accesses unlocking system and associated method
KR100422377B1 (en) System and method for maintenance of public security and exit and entrance control using bar code displayed liquid crystal display
CN109859350B (en) Remote authorized fingerprint self-service entry method and hotel self-service check-in method
CN110298947A (en) A kind of method for unlocking and electronic lock
CN112734989A (en) Bluetooth key distribution method of intelligent door lock
US20190199701A1 (en) Securitization of Temporal Digital Communications Via Authentication and Validation for Wireless User and Access Devices
JP6934441B2 (en) Management server, authentication method, computer program and service cooperation system
NL2018694B1 (en) Combination of a server, a lock controller, at least one lock, and an electronic device, and method for controlling a lock
US20220343416A1 (en) System and method for randomly generating and associating unlock codes and lock identifiers
EP4307258A1 (en) System and method for randomly generating and associating unlock codes and lock identifiers
TWM633269U (en) Cloud door lock control system using time-varying code and image dual authentication
FR3110748A1 (en) Programming of premises access badges.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20750731

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2020750731

Country of ref document: EP

Effective date: 20220214