Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/409—Device specific authentication in transaction processing
  • G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/20—Individual registration on entry or exit involving the use of a pass
  • G07C9/21—Individual registration on entry or exit involving the use of a pass having a variable access code
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/20—Individual registration on entry or exit involving the use of a pass
  • G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration

Definitions

• the present invention relates to a secure access control system allowing the transfer of authorization to produce keys.
• the invention is particularly applicable to the field of access control to buildings, computer systems or all kinds of objects whose opening or use must be controlled.
• This system is based on the use of portable storage media such as smart cards (cards with integrated circuits) with flush or contactless contacts, magnetic cards, badges, electronic keys with contact or contactless. These materials are distributed to all users for whom access will be authorized.
• the storage media have in memory an electronic key giving a right of access.
• This key includes data corresponding to an access authorization period and a digital signature of this data.
• the period of use corresponds in practice to a date of use and a time slot for use so that the key is only valid for one day and for the defined time slot.
• These keys have a short lifespan and are particularly well suited to an application such as delivering or picking up mail by a attendant. The user of such a support must reload his support every day with a new valid key.
• This access control system is very effective in applications for which one does not wish to give a permanent or very long access right. However, it turns out not to be suitable in the opposite case.
• Older control systems provide a blacklist for stolen or lost media to prevent unauthorized people who hold such media from accessing the protected set.
• the secure access control system according to the invention makes it possible to solve this problem, the media delivered always remain valid even in the event of transfer of authorization to another person or more exactly to another means of production of keys.
• the invention more particularly relates to an access control system by means of a portable storage medium C on which is recorded an electronic key CL, comprising means LE for producing these electronic keys and means ensuring a function electronic lock L capable of authorizing access in the case where the storage medium includes the required electronic key, according to which the production means include enabling information HA to produce the keys CL, including a public key K, and the digital signature CER of this information, and in which an authorization transfer is effected to new means of production by recording a new public key K 'and the corresponding signature CER'.
• This new public key is, after verification of the authorization, recorded in the electronic lock L which verifies the keys CL produced by these means LE.
• the data relating to the means of production comprises an identification data ID, a validity period VAL and the public key K; the validity period assigned to the old key K has an end date which corresponds to the date of start of validity of the validity period of the new key K ', this date being able to be later (ie for example of one month).
• the lock compares and replaces the end date of the validity period of the old key with the start date of validity of the next key (new key ).
• the public keys K and K ' are obtained by the authority from a production function F KA with public key KA, with a secret key ka, the lock comprising in memory at the time of verification a verification function V KA and the key KA for the verification of these CER or CER 'signatures.
• the lock checks any new authorization.
• this means is declared to the lock which will control the keys produced by this means.
• the authority registers the authorization certificate with the lock and the KA key that it used for the calculation.
• the means of production can itself register its authorization with the lock.
• the transfer of authorization is carried out by secure loading of a new public key with the lock.
• an electronic signature S is calculated from a secret key algorithm k and a corresponding public key K by production means LE, the lock has in memory the public key K, a verification function V ⁇ of this signature S and of the means for implementing this verification function.
• the electronic key CL recorded on a support comprises a data item identifying the user and a data item identifying the support, for example the latter will take the serial number for manufacturing the support and the electronic signature of this data.
• FIG. 1 represents the diagram of a secure access control system according to the subject of the invention.
• an authority is understood to mean an organization possessing secret keys, means capable of issuing public keys and authorization data.
• secret key digital data which is known only to an organ of the authority or of the means of production.
• public key KA, K, K ' is meant digital data shared by several users, namely, the authority and the means of production of the electronic keys or the means of production and the electronic lock.
• key production means LE is understood to mean a device for processing digital information, for example a micro-computer, holding HA authorization information and having computing means for carrying out the digital signature of data implementing functions such as 'a classic public key algorithm.
• the term electronic key or logical key CL is understood to mean digital data or more data accompanied by their digital signature giving the right to access.
• the invention is described by way of example, in the application to managing access to buildings.
• the storage media C comprising the electronic keys distributed to authorized users may be either smart cards, or smart keys, or badges or magnetic cards.
• the transmission between the support C and the lock L can be made through electronic contacts or by radioelectric means or by reading a magnetic tape.
• a smart card has been chosen as the support.
• It includes an I / O input / output interface 100 and an electrically writable non-volatile memory 101.
• the personalization of a support C consists in particular of recording in memory an identification information IDA of the user A comprising for example his name, the number of his apartment and the own data D p A which is assigned to him. According to a preferred example, realization, the date of personalization of its storage medium.
• the personalization of the supports is made by the LE device (and the person who uses it) who holds an HA authorization (ID, KA, CER, K).
• the LE production device is for example produced by a microcomputer of the PC type, provided with a card reader.
• FIG. 1 schematically represents the different functional blocks of this LE device.
• the production apparatus LE includes a microprocessor type processing unit 200 connected by a bus 201 to memories.
• a volatile working memory type RAM .202 contains the application data.
• An EEPROM type non-volatile memory includes in the protected area the secret key k used for the production of the electronic keys. It also includes the electronic key production program. This program implements a production algorithm of the public key algorithm type F ⁇ using the secret key k and the corresponding public key K.
• the memory 203 also includes the personalization program which consists in writing the own data, that is to say according to the preferred embodiment the date D p A of the personalization day (plus the time if necessary). This information is obtained from an internal clock.
• Own data can also be obtained by a counter whose value is increased (incremented by 1 for example) with each new version of key.
• the volatile memory 203 can also contain the public key KA and the authorization certificate CER.
• This CER certificate is therefore the digital signature of a data set including the identity of the authorized person ID, his public key K and its validity period VAL such as:
• F KA being the public key algorithm
• ka being the secret key for calculating the certificate
• KA the corresponding public key. This calculation is made by the AT authority.
• the electronic locks CL are constituted by an apparatus of the chip card reader or microcomputer type equipped with a chip card reader interface for the example of embodiment described.
• the lock L comprises a processing unit 300, an electrically programmable non-volatile memory 301 and a working memory 302.
• the memory 301 comprises the key verification program implementing a verification function V ⁇ CL electronic keys.
• This memory 301 also contains the public key K corresponding to the secret key k which was used for the production of the keys CL. Lock L can detect false electronic keys.
• the lock compares the date of personalization D p A of the key CL to the date of personalization that it has in memory for the same medium (IDA identification).
• the lock allows access. If the date DpA> on the date of personalization present in the lock, then it is a new version of key, the lock updates its list of keys, that is to say that it saves the new date of personalization in place of the old.
• the pair public key K and certificate CER of the device LE for producing the keys as well as the key KA are recorded by the authority in the lock in working memory for example, to allow the lock to perform an authorization check.
• the lock also contains the certificate verification program, this program implementing a V KA certificate verification function. At the end of this verification, if the certificate corresponds to the public key K, this key is recorded in EEPROM memory, the certificate and the KA key is not kept.
• a certificate CER 'for a new key K' is calculated by the authority AT and loaded into the device LE as illustrated by the diagram in FIG.
• this change of authorization consists in using a new public key K 'and in assigning this new key K' to the device.
• Electronic keys CL calculated by the device which had the old public key K will always be valid as well as the new ones which are produced by a device which has the key K ', from the moment when the lock has verified this new authorization.
• We choose the period of validity assigned to the key K so that it has an end of validity date equal to the start date of the period of validity assigned to the key K 'or a slightly later date (one month for example) .
• the lock can check the access conditions set out in the first part of the description and also compare the date D p A at the period of validity of the public key of the device. This comparison will make it possible, for example, to detect the CL keys that would have been produced when the LE production device no longer had the authorization.
• the DpA customization dates fall either in one or the other of the VAL or VAL 'validity periods of the K or K keys.
• the lock can then compare the date of personalization with the period of validity of the corresponding public key.
• the lock authorizes access when, after this verification, it finds that the date D p A is within the period of validity of the corresponding public key.

Landscapes

• Business, Economics & Management (AREA)
• Engineering & Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Physics & Mathematics (AREA)
• Accounting & Taxation (AREA)
• Theoretical Computer Science (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Computer Networks & Wireless Communication (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Computer Security & Cryptography (AREA)
• Finance (AREA)
• Storage Device Security (AREA)
• Lock And Its Accessories (AREA)

Applications Claiming Priority (5)

Publications (1)

Family

ID=26232663

Family Applications (1)

Country Status (6)

Families Citing this family (7)

Family Cites Families (6)

• 1997
  • 1997-04-15 JP JP9537775A patent/JP2000509452A/ja active Pending
  • 1997-04-15 EP EP97918234A patent/EP0900429A1/de not_active Withdrawn
  • 1997-04-15 US US09/171,212 patent/US6380843B1/en not_active Expired - Fee Related
  • 1997-04-15 CA CA002252002A patent/CA2252002A1/fr not_active Abandoned
  • 1997-04-15 WO PCT/FR1997/000677 patent/WO1997040474A1/fr not_active Application Discontinuation
  • 1997-04-15 AU AU26434/97A patent/AU724348B2/en not_active Ceased

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events