Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/20—Individual registration on entry or exit involving the use of a pass
  • G07C9/21—Individual registration on entry or exit involving the use of a pass having a variable access code

Definitions

• the present invention relates to a method of self-checking an electronic key in a system for controlling access to a resource, as well as an electronic key implementing such a method.
• the invention applies more particularly to access control systems using a portable means of access to resources, called an electronic key, having a large calculation potential and autonomous in energy, so as to be able to maintain a time clock. while the accessed resource has only limited potential for verifying access rights.
• an electronic signature can be obtained using various cryptographic mechanisms, such as encryption mechanisms, or authentication. It can for example be obtained using a secret key signature algorithm or a public key signature algorithm.
• This protocol generally includes at least verification of the electronic signature of the validity range.
• the validity range can be either the actual period during which it is possible to access the resource, or the period of validity of a signature key of the accessing resource allowing it to authenticate vis-à-vis of the accessed resource, or any other parameter making it possible to limit in time an attack by fraudulent use of the accessing resource.
• the main advantage of a logical means of access to a resource compared to a physical means of access generally lies in the possibility of allowing access to the resource only within a relatively short time slot.
• predetermined also called predetermined validity range.
• Document FR-A-2 722 596 describes an access control system limited to authorized and renewable time periods by means of a portable storage medium. This system, based on cryptographic mechanisms, makes it possible to limit the period of validity of access rights to a short duration, in order to avoid illegitimate use in the event of loss, theft, transfer or illegal duplication.
• the solution described has the drawback of relying solely on the control potential of the accessed resource. This leaves considerable latitude to a fraudster, having in his possession an electronic key, in an attempt to inhibit the control potential of the resource to which he seeks to have access, for example by deactivating the real time clock of the lock. electronic.
• the present invention aims to remedy the aforementioned drawbacks by providing the electronic key with an internal self-checking and self-invalidation device, based on the real time clock of the key, on certain internal data stored in the key, as well as its cryptographic potential, allowing it to perform a certain number of verifications.
• the present invention proposes a self-checking protocol for an electronic key provided with a real time clock delivering a time variable and an access right, with which is associated a signature value of the range.
• this self-checking protocol by this electronic key consists at least of: (a) a verification of the signature value of the range of validity relating to this access right, this verification step being carried out using a specific verification key; (b) a comparison of whether the time variable belongs to the range of validity;
• steps (c) a step of self-invalidation of the electronic key on negative response to one of the steps of verification, respectively of comparison.
• steps (a) and (b) can be reversed.
• the specific verification key can be a public or secret key.
• the aforementioned range of validity may include several separate ranges of validity.
• the validity range is an interval comprising two limits each expressed as a date in day, month, year and a timetable in hours, minutes, seconds.
• the self-invalidation step consists, with respect to data stored in the registers protected access memory, either to assign a set of internal status data to an arbitrary value causing the electronic key to be locked in the out-of-service position, or to trigger the complete erasure of a plurality of these status data , or to cause the short-circuit of the autonomous electrical energy supply.
• the present invention also provides an electronic key comprising, arranged on a portable support, a calculation unit, storage registers, with protected access, of a set of internal state data and a real time clock delivering a time variable, the electronic key being provided with an access right, which is associated with a signature value of the range of validity relating to this access right, the electronic key being remarkable in that it further comprises: - a module verifying the signature value of the range of validity relating to this access right, this verification module comprising at least one specific verification key, as well as a verification algorithm; a module for comparing the membership of the time variable in the validity range, and, commanded by the verification module and the comparison module, a module for self-invalidation of the electronic key on negative response, ie from the module or the comparison module.
• FIG. 1 is a flowchart of the self-checking protocol of the present invention, in a particular embodiment
• - Figure 2 shows schematically a particular embodiment of the short-circuiting electric power supply in the access control system of the present invention
• FIG. 3 schematically represents an electronic key in accordance with the present invention, in a particular embodiment.
• the electronic key and lock have a calculation unit.
• the electronic key is produced in a portable support which can have the shape of a gun, a rod, a card, or any other form deemed appropriate.
• the key is provided with an autonomous electrical energy supply, which maintains a real time clock in the key.
• This real-time clock delivers a time variable, for example in the form of a current hourly value VH, expressed in day, month, year, hours, minutes, seconds.
• VH current hourly value
• PH [VH1, VH2], or more broadly as a meeting of such intervals:
• a first step 1001 of the method consists in reading or establishing, in the key, an electronic signature S (PH) of the predetermined time slot PH.
• This electronic signature S (PH) may have been calculated beforehand, for example by an external entity for calculating signatures, independent of the key.
• a validation entity transfers and stores the signature S (PH) in the key before this key is put into service.
• the key can itself establish the signature, if the private key necessary for this operation, as well as the cryptographic signature algorithm, has been stored in the electronic key, and if this electronic key has the necessary computing resources.
• the electronic signature S (PH) can be calculated using a public key algorithm, of the RSA (Rivest Shamir Adleman) type for example, or using a secret key algorithm, of the DES type ( Data Encryption Standard) for example.
• a process of self-control of the right of access of this key to this lock is first of all implemented in the key.
• the current hourly value VH delivered by the real time clock of the key is stored in the key.
• the electronic signature S (PH) of the validity range PH as well as the current hourly value VH are transmitted to internal self-checking modules of the key.
• the signature S (PH) stored in the key is checked. If the signature calculation algorithm is a public key algorithm, step 1004 consists, for the electronic key, in applying the public key K P , previously stored in the key, to the verification algorithm.
• the positive verification of the signature makes it possible to ensure the authenticity of the range of validity, ie [VH1, VH2] in the particular non-limiting case of a range of validity limited to an interval, said range being obtained, either by restoration of the message during the signature verification step, either by simple reading if it was transmitted in clear with the signature.
• the consistency between the current hourly value transmitted VH and the predetermined time range PH is checked. For example, in the case of a time slot reduced to an interval ⁇ [VHl, VH2], it is verified that VH is later than VHl and earlier than VH2.
• step 1004 and 1005 If the checks carried out in steps 1004 and 1005 are satisfied, the key being by default in a validated state, access to the electronic lock remains possible, the validated state allowing the progress of a key - lock dialogue, this is ie the exchange of messages or data allowing a logical access control to be carried out.
• the key is self-validating, thus preventing access to the lock.
• the self-invalidation step, represented at 1006 in FIG. 1, can be carried out in various ways.
• the key can be provided with storage registers with protected access, containing a state variable HS of binary type.
• the protected access storage registers benefit from a level of protection corresponding to that of the protected memory areas of a microprocessor card.
• a first value of the variable HS corresponds to a “in service” state, in which the key is validated and can have access to the lock.
• a second value of the variable HS corresponds to an “out of service” state.
• the self-invalidation of the key consists in assigning this second value to the state variable HS and in storing it in the storage registers with protected access. This has the effect of locking the key and preventing its access to the lock.
• the “in service” state can only be restored by a legitimate validation authority, during a key reloading session, using a validation terminal for example.
• the self-invalidation step may consist in deleting, in the key storage registers, data used by the key to access the lock, such as the key public or private signing key, for example. These data can be reintroduced later in the key by means of a validation terminal, as well as previously.
• the previous self-invalidation operations may be replaced or accompanied by a short circuit in the electrical power supply to the key.
• the supply of electrical energy 1, of the electric cell or battery type for example can be connected to a short-circuiting module 2 which may have any known structure deemed appropriate, such as a switch constituted by a transistor TB and a resistor for limiting current Rd, according to a conventional arrangement, the transistor being controlled by an invalidation command.
• the self-checking protocol which is the subject of the invention, instead of using a signature value of the time range of validity, it is possible to use a variable chosen arbitrarily, apply to this variable a coding or compression algorithm determined from a password and store the variable thus coded or compressed in the electronic key.
• the verification step 1004 consists, in this case, in applying a decoding or decompression algorithm previously stored in the electronic key from the same password and corresponding to operations opposite to those performed by the coding algorithm or compression.
• Such coding / decoding or compression / decompression algorithms are commercially available.
• the verification step whether verifying a signature value or any other variable, can be entirely omitted.
• the step 1001 described above is omitted; in step 1003, only the current hourly value VH is transmitted to the internal self-checking modules of the electronic key; step 1004 is deleted; step 1005 is maintained; in step 1006, the key is self-invalidating only if the comparison of the current hourly value VH with the time range PH indicates that VH is outside of PH.
• the two previous embodiments although having a much lower degree of security, make it possible to reduce the necessary calculation potential of the key, and therefore, to reduce costs.
• a particular embodiment of an electronic key in accordance with the present invention will now be described with the aid of FIG. 3.
• the electronic key 3 comprises a module 30 for autonomous energy supply, comprising the supply 1 mentioned above, possibly provided with a short-circuiting module such as the module 2 described above.
• the module 30 supplies an internal real time clock 31 which delivers a current hourly value VH as defined above.
• the key 3 also includes storage registers with protected access 32, in which are stored in particular the current hourly value VH, the electronic signature S (PH) of the validity range PH, and the binary state variable HS indicating the "in service” or "out of service” status of the electronic key.
• the storage registers 32 are accessible in read and write. They can for example be produced in the form of one or more random access memories of the RAM type.
• the registers 32 are connected to a calculation unit 34, which controls the key self-control protocol, via a validation command CDV sent to a verification module 330, which verifies the electronic signature S (PH) stored in the registers 32.
• the verification module 330 has for this purpose the specific verification key associated with the algorithm which made it possible to calculate the signature S (PH).
• the verification module 330 receives the signature S (PH) of the validity range and, in the case where the signature calculation algorithm used is a public key algorithm, applies the public key K P to the signature S (PH) received.
• the calculation unit 34 is also connected to the circuits for transmitting and receiving messages or data from the electronic key 3.
• the comparison module 331 tests whether VH> VH1 and VH ⁇ VH2.
• the verification module 330 and the comparison module 331 are connected to a self-invalidation module 332 and control the operation thereof. Indeed, in the event of a negative response, either at the end of step 1004, or at the end of step 1005 described above, the self-invalidation module 332 is controlled so as to prohibit the use of the electronic key, by acting, as described above, either on a binary state variable “in use” / “out of service” HS and / or other operating data stored in the registers 32, or on the power supply module 30.
• the self-invalidation module 332 can be included in an electrically reprogrammable memory of the EPROM or EEPROM type 33, in which are stored program modules corresponding to the execution of the operations illustrated by the flowchart of FIG. 1 described previously.
• the present invention finds an application particularly suitable for access, by mail attendants, to mailboxes, which are not energy independent.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Lock And Its Accessories (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=9521600

Family Applications (1)

Country Status (4)

Families Citing this family (1)

Family Cites Families (6)

• 1998
  • 1998-01-08 FR FR9800126A patent/FR2773426B1/fr not_active Expired - Lifetime
• 1999
  • 1999-01-08 WO PCT/FR1999/000022 patent/WO1999035616A1/fr not_active Application Discontinuation
  • 1999-01-08 JP JP53578299A patent/JP2001517413A/ja active Pending
  • 1999-01-08 EP EP99900507A patent/EP0965106A1/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events