EP0965106A1 - Selbstkontrollverfahren eines elektronischen schlüssels in einem zugangskontrollsystem und elektronischer schlüssel dafür - Google Patents

Selbstkontrollverfahren eines elektronischen schlüssels in einem zugangskontrollsystem und elektronischer schlüssel dafür

Info

Publication number
EP0965106A1
EP0965106A1 EP99900507A EP99900507A EP0965106A1 EP 0965106 A1 EP0965106 A1 EP 0965106A1 EP 99900507 A EP99900507 A EP 99900507A EP 99900507 A EP99900507 A EP 99900507A EP 0965106 A1 EP0965106 A1 EP 0965106A1
Authority
EP
European Patent Office
Prior art keywords
key
electronic key
verification
access
self
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99900507A
Other languages
English (en)
French (fr)
Inventor
Patrick Langlet
Yves Thorigne
Marc Girault
Fabrice Clerc
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LA POSTE
Original Assignee
LA POSTE
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LA POSTE filed Critical LA POSTE
Publication of EP0965106A1 publication Critical patent/EP0965106A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/21Individual registration on entry or exit involving the use of a pass having a variable access code

Definitions

  • the present invention relates to a method of self-checking an electronic key in a system for controlling access to a resource, as well as an electronic key implementing such a method.
  • the invention applies more particularly to access control systems using a portable means of access to resources, called an electronic key, having a large calculation potential and autonomous in energy, so as to be able to maintain a time clock. while the accessed resource has only limited potential for verifying access rights.
  • an electronic signature can be obtained using various cryptographic mechanisms, such as encryption mechanisms, or authentication. It can for example be obtained using a secret key signature algorithm or a public key signature algorithm.
  • This protocol generally includes at least verification of the electronic signature of the validity range.
  • the validity range can be either the actual period during which it is possible to access the resource, or the period of validity of a signature key of the accessing resource allowing it to authenticate vis-à-vis of the accessed resource, or any other parameter making it possible to limit in time an attack by fraudulent use of the accessing resource.
  • the main advantage of a logical means of access to a resource compared to a physical means of access generally lies in the possibility of allowing access to the resource only within a relatively short time slot.
  • predetermined also called predetermined validity range.
  • Document FR-A-2 722 596 describes an access control system limited to authorized and renewable time periods by means of a portable storage medium. This system, based on cryptographic mechanisms, makes it possible to limit the period of validity of access rights to a short duration, in order to avoid illegitimate use in the event of loss, theft, transfer or illegal duplication.
  • the solution described has the drawback of relying solely on the control potential of the accessed resource. This leaves considerable latitude to a fraudster, having in his possession an electronic key, in an attempt to inhibit the control potential of the resource to which he seeks to have access, for example by deactivating the real time clock of the lock. electronic.
  • the present invention aims to remedy the aforementioned drawbacks by providing the electronic key with an internal self-checking and self-invalidation device, based on the real time clock of the key, on certain internal data stored in the key, as well as its cryptographic potential, allowing it to perform a certain number of verifications.
  • the present invention proposes a self-checking protocol for an electronic key provided with a real time clock delivering a time variable and an access right, with which is associated a signature value of the range.
  • this self-checking protocol by this electronic key consists at least of: (a) a verification of the signature value of the range of validity relating to this access right, this verification step being carried out using a specific verification key; (b) a comparison of whether the time variable belongs to the range of validity;
  • steps (c) a step of self-invalidation of the electronic key on negative response to one of the steps of verification, respectively of comparison.
  • steps (a) and (b) can be reversed.
  • the specific verification key can be a public or secret key.
  • the aforementioned range of validity may include several separate ranges of validity.
  • the validity range is an interval comprising two limits each expressed as a date in day, month, year and a timetable in hours, minutes, seconds.
  • the self-invalidation step consists, with respect to data stored in the registers protected access memory, either to assign a set of internal status data to an arbitrary value causing the electronic key to be locked in the out-of-service position, or to trigger the complete erasure of a plurality of these status data , or to cause the short-circuit of the autonomous electrical energy supply.
  • the present invention also provides an electronic key comprising, arranged on a portable support, a calculation unit, storage registers, with protected access, of a set of internal state data and a real time clock delivering a time variable, the electronic key being provided with an access right, which is associated with a signature value of the range of validity relating to this access right, the electronic key being remarkable in that it further comprises: - a module verifying the signature value of the range of validity relating to this access right, this verification module comprising at least one specific verification key, as well as a verification algorithm; a module for comparing the membership of the time variable in the validity range, and, commanded by the verification module and the comparison module, a module for self-invalidation of the electronic key on negative response, ie from the module or the comparison module.
  • FIG. 1 is a flowchart of the self-checking protocol of the present invention, in a particular embodiment
  • - Figure 2 shows schematically a particular embodiment of the short-circuiting electric power supply in the access control system of the present invention
  • FIG. 3 schematically represents an electronic key in accordance with the present invention, in a particular embodiment.
  • the electronic key and lock have a calculation unit.
  • the electronic key is produced in a portable support which can have the shape of a gun, a rod, a card, or any other form deemed appropriate.
  • the key is provided with an autonomous electrical energy supply, which maintains a real time clock in the key.
  • This real-time clock delivers a time variable, for example in the form of a current hourly value VH, expressed in day, month, year, hours, minutes, seconds.
  • VH current hourly value
  • PH [VH1, VH2], or more broadly as a meeting of such intervals:
  • a first step 1001 of the method consists in reading or establishing, in the key, an electronic signature S (PH) of the predetermined time slot PH.
  • This electronic signature S (PH) may have been calculated beforehand, for example by an external entity for calculating signatures, independent of the key.
  • a validation entity transfers and stores the signature S (PH) in the key before this key is put into service.
  • the key can itself establish the signature, if the private key necessary for this operation, as well as the cryptographic signature algorithm, has been stored in the electronic key, and if this electronic key has the necessary computing resources.
  • the electronic signature S (PH) can be calculated using a public key algorithm, of the RSA (Rivest Shamir Adleman) type for example, or using a secret key algorithm, of the DES type ( Data Encryption Standard) for example.
  • a process of self-control of the right of access of this key to this lock is first of all implemented in the key.
  • the current hourly value VH delivered by the real time clock of the key is stored in the key.
  • the electronic signature S (PH) of the validity range PH as well as the current hourly value VH are transmitted to internal self-checking modules of the key.
  • the signature S (PH) stored in the key is checked. If the signature calculation algorithm is a public key algorithm, step 1004 consists, for the electronic key, in applying the public key K P , previously stored in the key, to the verification algorithm.
  • the positive verification of the signature makes it possible to ensure the authenticity of the range of validity, ie [VH1, VH2] in the particular non-limiting case of a range of validity limited to an interval, said range being obtained, either by restoration of the message during the signature verification step, either by simple reading if it was transmitted in clear with the signature.
  • the consistency between the current hourly value transmitted VH and the predetermined time range PH is checked. For example, in the case of a time slot reduced to an interval ⁇ [VHl, VH2], it is verified that VH is later than VHl and earlier than VH2.
  • step 1004 and 1005 If the checks carried out in steps 1004 and 1005 are satisfied, the key being by default in a validated state, access to the electronic lock remains possible, the validated state allowing the progress of a key - lock dialogue, this is ie the exchange of messages or data allowing a logical access control to be carried out.
  • the key is self-validating, thus preventing access to the lock.
  • the self-invalidation step, represented at 1006 in FIG. 1, can be carried out in various ways.
  • the key can be provided with storage registers with protected access, containing a state variable HS of binary type.
  • the protected access storage registers benefit from a level of protection corresponding to that of the protected memory areas of a microprocessor card.
  • a first value of the variable HS corresponds to a “in service” state, in which the key is validated and can have access to the lock.
  • a second value of the variable HS corresponds to an “out of service” state.
  • the self-invalidation of the key consists in assigning this second value to the state variable HS and in storing it in the storage registers with protected access. This has the effect of locking the key and preventing its access to the lock.
  • the “in service” state can only be restored by a legitimate validation authority, during a key reloading session, using a validation terminal for example.
  • the self-invalidation step may consist in deleting, in the key storage registers, data used by the key to access the lock, such as the key public or private signing key, for example. These data can be reintroduced later in the key by means of a validation terminal, as well as previously.
  • the previous self-invalidation operations may be replaced or accompanied by a short circuit in the electrical power supply to the key.
  • the supply of electrical energy 1, of the electric cell or battery type for example can be connected to a short-circuiting module 2 which may have any known structure deemed appropriate, such as a switch constituted by a transistor TB and a resistor for limiting current Rd, according to a conventional arrangement, the transistor being controlled by an invalidation command.
  • the self-checking protocol which is the subject of the invention, instead of using a signature value of the time range of validity, it is possible to use a variable chosen arbitrarily, apply to this variable a coding or compression algorithm determined from a password and store the variable thus coded or compressed in the electronic key.
  • the verification step 1004 consists, in this case, in applying a decoding or decompression algorithm previously stored in the electronic key from the same password and corresponding to operations opposite to those performed by the coding algorithm or compression.
  • Such coding / decoding or compression / decompression algorithms are commercially available.
  • the verification step whether verifying a signature value or any other variable, can be entirely omitted.
  • the step 1001 described above is omitted; in step 1003, only the current hourly value VH is transmitted to the internal self-checking modules of the electronic key; step 1004 is deleted; step 1005 is maintained; in step 1006, the key is self-invalidating only if the comparison of the current hourly value VH with the time range PH indicates that VH is outside of PH.
  • the two previous embodiments although having a much lower degree of security, make it possible to reduce the necessary calculation potential of the key, and therefore, to reduce costs.
  • a particular embodiment of an electronic key in accordance with the present invention will now be described with the aid of FIG. 3.
  • the electronic key 3 comprises a module 30 for autonomous energy supply, comprising the supply 1 mentioned above, possibly provided with a short-circuiting module such as the module 2 described above.
  • the module 30 supplies an internal real time clock 31 which delivers a current hourly value VH as defined above.
  • the key 3 also includes storage registers with protected access 32, in which are stored in particular the current hourly value VH, the electronic signature S (PH) of the validity range PH, and the binary state variable HS indicating the "in service” or "out of service” status of the electronic key.
  • the storage registers 32 are accessible in read and write. They can for example be produced in the form of one or more random access memories of the RAM type.
  • the registers 32 are connected to a calculation unit 34, which controls the key self-control protocol, via a validation command CDV sent to a verification module 330, which verifies the electronic signature S (PH) stored in the registers 32.
  • the verification module 330 has for this purpose the specific verification key associated with the algorithm which made it possible to calculate the signature S (PH).
  • the verification module 330 receives the signature S (PH) of the validity range and, in the case where the signature calculation algorithm used is a public key algorithm, applies the public key K P to the signature S (PH) received.
  • the calculation unit 34 is also connected to the circuits for transmitting and receiving messages or data from the electronic key 3.
  • the comparison module 331 tests whether VH> VH1 and VH ⁇ VH2.
  • the verification module 330 and the comparison module 331 are connected to a self-invalidation module 332 and control the operation thereof. Indeed, in the event of a negative response, either at the end of step 1004, or at the end of step 1005 described above, the self-invalidation module 332 is controlled so as to prohibit the use of the electronic key, by acting, as described above, either on a binary state variable “in use” / “out of service” HS and / or other operating data stored in the registers 32, or on the power supply module 30.
  • the self-invalidation module 332 can be included in an electrically reprogrammable memory of the EPROM or EEPROM type 33, in which are stored program modules corresponding to the execution of the operations illustrated by the flowchart of FIG. 1 described previously.
  • the present invention finds an application particularly suitable for access, by mail attendants, to mailboxes, which are not energy independent.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)
  • Storage Device Security (AREA)
EP99900507A 1998-01-08 1999-01-08 Selbstkontrollverfahren eines elektronischen schlüssels in einem zugangskontrollsystem und elektronischer schlüssel dafür Withdrawn EP0965106A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR9800126A FR2773426B1 (fr) 1998-01-08 1998-01-08 Procede d'auto-controle d'une cle electronique dans un systeme de controle d'acces a une ressource et cle electronique mettant en oeuvre un tel procede
FR9800126 1998-01-08
PCT/FR1999/000022 WO1999035616A1 (fr) 1998-01-08 1999-01-08 Procede d'auto-controle d'une cle electronique dans un systeme de controle d'acces a une ressource et cle electronique mettant en oeuvre un tel procede

Publications (1)

Publication Number Publication Date
EP0965106A1 true EP0965106A1 (de) 1999-12-22

Family

ID=9521600

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99900507A Withdrawn EP0965106A1 (de) 1998-01-08 1999-01-08 Selbstkontrollverfahren eines elektronischen schlüssels in einem zugangskontrollsystem und elektronischer schlüssel dafür

Country Status (4)

Country Link
EP (1) EP0965106A1 (de)
JP (1) JP2001517413A (de)
FR (1) FR2773426B1 (de)
WO (1) WO1999035616A1 (de)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10212158A1 (de) * 2002-03-19 2003-10-02 Metanomics Gmbh & Co Kgaa Population transgener Pflanzen, davon abgeleitetes biologisches Material, entsprechende Plasmidkollektion und Population transformierter Wirtsorganismen, sowie deren Verwendung und Verfahren zu deren Erzeugung

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH01259483A (ja) * 1988-04-08 1989-10-17 Minolta Camera Co Ltd Icカード
FR2666671B1 (fr) * 1990-09-12 1994-08-05 Gemplus Card Int Procede de gestion d'un programme d'application charge dans un support a microcircuit.
WO1993003246A1 (en) * 1991-08-05 1993-02-18 Supra Products, Inc. Improved electronic security systems
FR2704081B1 (fr) * 1993-04-16 1995-05-19 France Telecom Procédé de mise à jour d'une carte à mémoire et carte à mémoire pour la mise en Óoeuvre de ce procédé.
FR2704341B1 (fr) * 1993-04-22 1995-06-02 Bull Cp8 Dispositif de protection des clés d'une carte à puce.
FR2722596A1 (fr) * 1994-07-13 1996-01-19 France Telecom Systeme de controle d'acces limites a des places horaires autorisees et renouvables au moyen d'un support de memorisation portable

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9935616A1 *

Also Published As

Publication number Publication date
JP2001517413A (ja) 2001-10-02
WO1999035616A1 (fr) 1999-07-15
FR2773426A1 (fr) 1999-07-09
FR2773426B1 (fr) 2000-03-03

Similar Documents

Publication Publication Date Title
EP0719438B1 (de) Zugangskontrollsystem mit autorisierten und mittels eines tragbaren speicherträgers erneuerbaren stundenbereichen
EP0941525B1 (de) Authentifizierungssystem mit chipkarte
EP3547270B1 (de) Überprüfungsverfahren einer biometrischen authentifizierung
EP1055203B1 (de) Zugangskontrollprotokoll zwischen einem schlüssel und einem elektronischen schloss
EP2720199B1 (de) Gesichertes Steuerungsverfahren zum Öffnen von Verschlussvorrichtungen mit Hilfe von Meldungen, die eine symmetrische Verschlüsselung auslösen
EP0055986A2 (de) Sicherheitsverfahren und -vorrichtung zur Dreieckkommunikation von vertraulichen Daten
FR2892252A1 (fr) Procede et dispositif de creation d'une signature de groupe et procede et dispositif de verification d'une signature de groupe associes.
EP2909963A1 (de) Elektronische unterschriftsverfahren mit ephemerer signatur
CA2407288A1 (fr) Procede et dispositif de controle d'habilitation d'un appareil electrique connecte a un reseau
EP3965361B1 (de) Datenaustausch zwischen einem client und einem fernen gerät, z.b. ein geschützten modul
WO1997036264A1 (fr) Systeme de controle d'acces a une fonction, dans lequel le chiffrement implique plusieurs variables dynamiques
EP0960406B1 (de) System zum sicheren transport von gegenständen in einem sicheren behälter mit mindestens einer transportfähigen bestimmungsstelle
EP0965106A1 (de) Selbstkontrollverfahren eines elektronischen schlüssels in einem zugangskontrollsystem und elektronischer schlüssel dafür
FR2877453A1 (fr) Procede de delegation securisee de calcul d'une application bilineaire
EP1044433B1 (de) Auf bestimmte stundenbereiche begrenztes zugangskontrollsystem zu einem betriebsmittel und dazugehöriges verfahren
WO2004084525A2 (fr) Procede de protection d’un terminal de telecommunication de type telephone mobile
EP1149361A1 (de) Auf bestimmte stundenbereiche begrenztes zugangskontrollsystem zu einem betriebsmittel und dazugehöriges verfahren, wobei die betriebsmittel mit einer echtzeitmessungsvorrichtung versehen sind
WO2004029873A1 (fr) Entite electronique securisee avec gestion du temps
FR2786903A1 (fr) Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires, a partir d'un compteur dynamique
EP1802026A2 (de) Verfahren zur Freigabe einer Ressource mittels einer kontaktlosen Vorrichtung
FR3137769A1 (fr) Procédé de sauvegarde de données personnelles sensibles sur une chaîne de blocs
EP4278282A1 (de) Verfahren und system zur zugangskontrolle
WO2012152581A1 (fr) Systeme d'identification d'un individu
WO2017037351A1 (fr) Gestion d'un parc de compteurs d'energie et/ou de fluide, l'energie et/ou le fluide etant fournis en quantites prepayees
WO2013140078A1 (fr) Procede de generation et de verification d'identite portant l'unicite d'un couple porteur-objet

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19990916

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

RBV Designated contracting states (corrected)

Designated state(s): AT BE CH DE ES FR GB IT LI NL SE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20050319