Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/20—Individual registration on entry or exit involving the use of a pass
  • G07C9/215—Individual registration on entry or exit involving the use of a pass the system having a variable access-code, e.g. varied as a function of time
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/20—Individual registration on entry or exit involving the use of a pass
  • G07C9/21—Individual registration on entry or exit involving the use of a pass having a variable access code

Definitions

• the present invention relates to a method and a system for controlling access, by an accessing resource or electronic key, devoid of real time clock, to an accessed resource or electronic lock, also devoid of real time clock, this access being limited at certain time slots.
• the invention applies more particularly to the control of access to accessed resources which are not autonomous in energy and / or which have only a limited potential for verifying a valid time slot, in particular resources which do not have real time clock.
• the validity range can be either the actual period during which it is possible to access the resource, or any other parameter making it possible to limit in time an attack by fraudulent use of the accessing resource.
• the main advantage of a logical means of access to a resource compared to a physical means of access generally lies in the possibility of allowing access to the resource only within a relatively short time slot. predetermined. Under these conditions, if the electronic key is lost, stolen, assigned or duplicated, it will not allow its illegitimate holder to access the resource outside the predetermined time slot. However, this assumes that the accessed resource is able to verify that this time range is respected. This generally implies that the resource accessed has a real time clock.
• document FR-A-2 722 596 describes an access control system limited to authorized and renewable time slots by means of a portable storage medium.
• This system based on cryptographic mechanisms, makes it possible to limit the period of validity of access rights to a short duration, in order to avoid illegitimate use in the event of unlawful loss, theft, transfer or duplication.
• the solution described is based on the highly restrictive assumption that the resource accessed is energy independent, in order to maintain a real-time clock enabling it to check the validity of the time slot in which the access attempt takes place by the accessing resource.
• Access control methods and systems are also known in which the accessed resource does not include a real-time clock, but only a counter, updated after a successful access attempt from the accessing resource to the accessed resource.
• the resetting of the counter in the accessed resource is generally carried out by the accessing resource, by means of a real time clock with which the accessing resource is provided.
• a drawback of this solution is that it requires ensuring the energy autonomy of the accessing resource, so that the latter can permanently maintain its real time clock.
• the present invention aims to remedy the aforementioned drawbacks by allowing an accessed resource to verify a range of validity associated with an access right presented by an accessing resource while eliminating the need for the presence of a real-time clock, not only in the accessed resource, but also in the accessing resource.
• the present invention provides a method of controlling access from at least one electronic key to at least one electronic lock, within a predetermined time range, according to which:
• step (d) the time range and the test time value are transmitted from the electronic key to the electronic lock, and in the electronic lock: (e) it is verified that the transmitted hourly test value is within the predetermined time range, and that it is later than the control hourly value stored in the lock; (f) if the verifications carried out in step (e) are satisfied, access is authorized, and the control hourly value is updated, from the transmitted hourly test value;
• step (bl) in step (b) we read, in addition to the time slot, or instead of the time slot, an electronic signature of this time slot, previously calculated and stored in the electronic key;
• step (dl) in step (d), the electronic key is transmitted to the electronic lock, on the one hand, said electronic signature in addition to or instead of the time slot and, on the other hand, the hourly test value, and in the electronic lock:
• step (e) before step (e), the transmitted signature is verified, using a specific verification key
• step (fl) in step (f) access is authorized, and the control hourly value is not updated, from the transmitted test hourly value, unless the checks carried out in steps ( el) and (e) are satisfied;
• step (gl) in step (g) access from the key to the lock is prohibited if the transmitted hourly test value is outside the time range, or if it is earlier than the hourly value of control memorized in the lock, or if the verification carried out in step (el) is not satisfied.
• steps (el) and (e) can be reversed.
• the specific verification key used in step (el) can be a public or secret key.
• step (c2) in step (c), one calculates and stores, in addition to the value test schedule, an electronic signature of this test schedule value;
• step (d2) in step (dl) the electronic signature of the hourly test value is also transmitted from the electronic key to the electronic lock, and in the electronic lock:
• step (e2) before or after step (e), the signature of the test value is verified, using a second specific public or secret verification key; (f2) in step (f), access is authorized, and the check hourly value is updated, only if the checks carried out in steps (e), (el) and (e2) are satisfied;
• step (g2) in step (g) access of the electronic key to the electronic lock is prohibited if one of the verifications carried out in steps (e), (el) or (e2) is not satisfied.
• the introduction of an electronic signature of the test value aims to protect the electronic key and lock against a type of fraud which would consist, for a pirate with a time slot value and an hourly value d 'authentic test, to modify the hourly test value so that it becomes later than the hourly control value contained in the lock while remaining within the validity range.
• the aforementioned time slot may include several separate time slots.
• the time slot is an interval comprising two limits each expressed as a date in day, month, year and a schedule in hours, minutes, seconds.
• the present invention also provides an electronic access control system, within a predetermined time range, comprising at least one electronic lock and at least one electronic key, in which the key comprises:
• a communication module for transmitting to the lock a predetermined time range and the test time value, and in which the lock comprises:
• the communication module for transmitting to the lock a predetermined time range and the test hourly value is accompanied by a module for transmitting to the lock an electronic signature of the time slot and an electronic signature of the test hourly value, and the lock further comprises a module for verifying the electronic signatures transmitted by the key.
• the storage module comprises an electrically reprogrammable non-volatile memory.
• the electronic key communicates with the electronic lock using a contactless transmission module, by electromagnetic induction.
• This contactless transmission module may include a first electromagnetic coil provided in the key and a second electromagnetic coil provided in the lock. These two windings can be concentric.
• the present invention also provides an electronic key comprising at least one logical key calculation unit, a transmission - reception module for key access control signals for implementing an access control method between this electronic key and an electronic lock from lock access control signals generated by this electronic lock, this key being remarkable in that it further comprises:
• the present invention further provides an electronic lock comprising at least one logical unit for calculating a lock and a module for transmitting - receiving lock access control signals for implementing an access control method. between this electronic lock and an electronic key from key access control signals and a power signal generated by this electronic key, this lock being remarkable in that it further comprises:
• lock transfer module for the key and lock access control signals and the power signal, the lock transfer module comprising at least one winding interconnected with the transmission module - reception of control signals lock access;
• FIG. 1 is a flow diagram of the access control method of the present invention, in a first particular embodiment
• - Figure 2 is a flowchart of the access control method of the present invention, in a second particular embodiment
• FIG. 3 is a flowchart of the access control method of the present invention, in a third particular embodiment
• FIG. 4 schematically represents the access control system of the present invention, in a first particular embodiment
• FIG. 5 schematically represents the access control system of the present invention, in a second particular embodiment
• - Figure 6 shows schematically the access control system of the present invention, in a third particular embodiment
• FIG. 7 partially reproduces FIG. 1a of the French patent application for filing number 98 10396
• - Figure 8 shows schematically the contactless transmission module allowing the electronic key to communicate with the electronic lock, in a particular embodiment.
• the electronic key and lock have a calculation unit.
• An external validation entity is provided with a real-time clock.
• This real-time clock delivers a current hourly value VH, expressed for example in day, month, year, hours, minutes, seconds.
• a first step 1001 of the method consists in storing in the electronic lock a time value VH S , current time value delivered by the real time clock of the aforementioned validation entity.
• VH S current time value delivered by the real time clock of the aforementioned validation entity.
• this hourly value VH S is called “hourly control value VH S ".
• This situation can be expressed in various ways, depending on the form and nature of the supports containing the key and the lock.
• the access attempt is made by introducing the tubular part into a complementary tubular cavity of the lock, or into a complementary slot, respectively.
• a protocol for verifying the right of access of this key to this lock is then implemented successively in the key and in the lock.
• a hourly value VH C is stored in the key, current hourly value delivered by the real time clock of the aforementioned validation entity.
• this hourly value VH C is called “hourly test value VH C ".
• the range of validity PH and the hourly test value VH C are transmitted to the lock. The following verification steps then take place in the lock.
• VH C is posterior to VHl and prior to VH2, and that VH C is posterior to VH S.
• steps 1005 and 1006 If one of the verifications carried out in steps 1005 and 1006 gives rise to a negative response, the access of this key to this lock is prohibited.
• VH S is updated by replacing it, for example, with the hourly test value VH C.
• right of access is meant the electronic signature of a range of validity.
• An electronic signature can be obtained using various cryptographic mechanisms, such as encryption mechanisms, or authentication. It can for example be obtained using a secret key signature algorithm or a public key signature algorithm.
• a protocol verification of the right of access is implemented. In this embodiment, this protocol includes, in addition to checking the range of validity, checking the electronic signature of this range of validity.
• the validity range can be either the period proper during which it is possible to access the resource, or the period of validity of a signature key of the accessing resource allowing it to authenticate vis-à-vis the accessed resource, or any other parameter making it possible to limit in time an attack by fraudulent use of the accessing resource.
• a first step 2001 consists, as in step 1001 in the previous embodiment, in storing in the electronic lock a control hourly value VH S , issued by the validation entity.
• the public key K P for verifying the signature is stored in the electronic lock .
• This public verification key K p must be stored so that it cannot be modified by an unauthorized entity.
• the key K p will if necessary be stored in a physically protected memory.
• the electronic signature S can also be calculated using a secret key algorithm, of the DES (Data Encryption Standard) type for example.
• DES Data Encryption Standard
• the verification key which is stored in the lock in step 2001 is secret. Therefore, it will have to be stored in a memory physically protected, so that it cannot be read or modified by an unauthorized entity.
• one reads or establishes an electronic signature S (PH) of the predetermined time slot PH.
• This step takes place, either in addition to or in place of step 1002 of reading the time slot PH of the previous embodiment.
• This electronic signature S (PH) may have been calculated beforehand, for example by an external entity for calculating signatures, independent of the key.
• the aforementioned validation entity transfers and stores the signature S (PH) in the key before this key is put into service.
• the key can itself establish the signature, if the private key necessary for this operation, as well as the cryptographic signature algorithm, has been stored in the electronic key, and if this key has the necessary computing resources.
• test hourly value VH C delivered by the validation entity is stored in the key.
• step 2004 the electronic signature S (PH) of the validity range and the hourly test value VH C are transmitted to the lock. If, in step 2002, the time range PH was read in addition to the signature S (PH), we transmit also this time slot PH at the lock in step 2004.
• step 2005 we verify the signature transmitted. If the signature calculation algorithm is a public key algorithm, step 2005 consists, for the electronic lock, of applying the public key K P , previously stored in the lock, to the verification algorithm.
• the positive verification of the signature makes it possible to ensure the authenticity of the range of validity [VH1, VH2], said range being obtained either by re-establishing the message during the signature verification stage, or by simple reading if it was transmitted in clear with the signature.
• VH C is posterior to VHl and prior to VH2, and that VH C is posterior to VH S.
• VH S is updated by replacing it, for example, with the hourly test value VH C.
• the steps 3001 and 3002 illustrated in FIG. 3 are respectively identical to the steps 2001 and 2002 of the previous embodiment and will not be described again.
• test hourly value VH C delivered by the validation entity is stored in the key.
• an electronic signature S (VH C ) of the hourly test value VH C received from the validation entity is calculated and stored in the key.
• this electronic signature S (VH C ) can be calculated by a signature calculation unit independent of the key, for example contained in the validation entity.
• the validation entity upon delivery of the hourly test value VH C , the validation entity also transfers and stores the signature S (VH C ) in the key.
• the key can itself establish the signature of the test value VH C , if the private key necessary for this operation, as well as the cryptographic signature algorithm, has been stored in the electronic key, and if this key has the necessary computing resources. Then is transmitted to the lock, in 3004, the electronic signatures S (PH) of the PH validity range and S (VH C) of the hourly value VH C test, and the value VH C Test schedule. If, in step 3002, the time range PH has been read in addition to the signature S (PH), this time range PH is also transmitted to the lock in step 3004.
• step 3005 consists, for the electronic lock, of applying the public key K P , previously stored in the lock, to the verification algorithm.
• the positive verification of the signature S (PH) makes it possible to ensure the authenticity of the range of validity [VH1, VH2], this range being obtained, either by restoring the message during the stage of verification of signature, or by simple reading if it was transmitted in clear with the signature.
• VH C The positive verification of the signature S (VH C ) ensures the authenticity of the hourly test value VH C.
• steps 3006 and 3007 are respectively identical to the steps 2006 and 2007 of the previous embodiment and will not be described again.
• VH S is updated by replacing it, for example, with the hourly test value VH C , as in the previous embodiments.
• the system includes an electronic key 1 and an electronic lock 2.
• the electronic key 1 comprises a memory 13, in which the validity range PH is stored and a hourly test value VH C , such as that delivered by the external validation entity (not shown in FIG. 4) as part of the access control method described above.
• the memory 13 is connected to a module 14 for communication of the key with the lock.
• the module 14 allows the key, during each access attempt, to transmit to a communication module 21 included in the lock 2 the time range PH as well as the test time value VH C delivered by the validation entity , the values PH and VH C being stored in memory 13.
• the module 21 for communicating the lock with the key is connected to a memory 22 which can be read and written, in which a hourly control value VH S is stored, such as that delivered by the external validation entity in the context the access control method described above.
• the control hourly value VH S is updated, for example using the test hourly value VH C transmitted by the key 1, on each successful access attempt.
• the memory 22 is for example an electrically reprogrammable memory of the EPRO or EEPROM type.
• the electronic key 1 can, by way of nonlimiting example, be produced in a form analogous to that of an assembly described in relation to FIG. 7 of this application.
• the content of the aforementioned application No. 98 10396 is incorporated by reference in the present description.
• the electronic key 1 includes a transmission module - receiving 1 2 control signals key access.
• This module 1 2 can advantageously comprise a module for transmitting the key access control signals and a module for receiving the lock access control signals.
• the key access control signals designate the access control signals emitted by the key towards the lock
• the lock access control signals designate the access control signals emitted by the lock towards the key.
• the electronic key 1 also comprises, as indicated above, a calculation unit, called the logical key calculation unit l x .
• the logical key calculation unit li makes it possible to control all of the operating operations of the electronic key 1.
• the electronic lock 2 also comprises, as indicated above, a calculation unit, called the logical lock calculation unit 2 ⁇ , and a transmission / reception module 2 2 of lock access control signals.
• the logic unit for calculating the lock 2 X also makes it possible to control all of the operating operations of the electronic lock 2.
• the transmission - reception modules for key and lock access control signals 1 2 and 2 2 allow the implementation of an access control protocol between the electronic key 1 and the electronic lock 2 .
• the assembly shown in Figure 7 of this application further comprises, at the electronic key 1, a module 1 3 generator of a power signal.
• the power module 1 3 can be supplied by an external electrical energy source (not shown). As a variant, but not necessarily, the power module 1 3 can be powered by an optional power supply module. energy 11, shown in Figures 4, 5 and 6 of this application, by way of non-limiting example.
• the power module 1 3 can be controlled by the logical key calculation unit l ⁇ .
• all of the functional modules for transmitting - receiving 1 2 of key access control signals and power generator 1 3 are connected by a link to the logical key calculation unit l x and controlled by this last.
• the electronic key 1 comprises a first transfer circuit called key transfer circuit 1 4 , allowing in particular the transfer of key access control signals and lock as well as the signal power generated by the power module 1 3 . More specifically, the key transfer circuit 1 4 is connected, on the one hand, to the power module 1 3 and on the other hand, to the module for transmitting reception of key access control signals 1 2 .
• the electronic lock 2 has a second transfer circuit, said lock transfer circuit 2 4 allowing in particular the transfer of key and lock access control signals and the power signal mentioned above.
• the electronic lock 2 also includes a module 2 5 for ensuring the storage and therefore the recovery of the electrical energy conveyed by the power signal.
• the lock 2 can also be provided with a module 2 3 for recovering a clock signal.
• the functional modules constituting the electronic lock 2 that is to say, in the particular mode of embodiment of FIG. 7, the transmission module - reception of the lock access control signals 2 2 , the electrical energy storage module 2 5 and, if necessary, the clock recovery module 2 3 , are connected via a link to the logic unit for calculating lock 2.
• the lock transfer circuit 2 4 is connected, on the one hand, to the transmission - reception module 2 2 of the lock access control signals and, on the other hand, to the energy storage module 2 5 as well as, if necessary, to the clock recovery module 2 3 .
• the transfer circuit 1 of the key and the transfer circuit 2 4 of the lock can be constituted by the primary winding and the secondary winding of a transformer .
• the primary windings, denoted Li, and secondary, denoted L 2 are coupled from the electromagnetic point of view when the electronic key and the electronic lock are brought into contact, this contacting being carried out for make an access attempt.
• the comparison module 25 tests if VH C > VH1 and VH C ⁇ VH2, and if VH C > VH S.
• the key 1 may further comprise a power supply module 11 for supplying the lock 2 with the energy necessary for verification operations performed by the comparison module 25, as well as the energy necessary for the operation of updating the hourly control value VH S stored in the memory 22 in the event of a successful access attempt.
• the key 1 does not include any energy supply module and the energy necessary for the verification and updating operations is supplied by an external electrical energy source.
• FIG. 5 another embodiment of the access control system of the invention is described below, comprising an electronic key 41 and an electronic lock 42, which provides increased security with respect to in the embodiment of FIG. 4.
• the memory 13 of the key 41 contains not only the range of validity PH, but also the electronic signature S (PH) of this range of validity.
• the module 14 for communication of the key with the lock allows the key 41, during each access attempt, to transmit to the communication module 21 included in the lock 42, not only the hourly test value VH C and the time slot PH, stored in memory 13, but also the electronic signature S (PH) stored in memory 13.
• the lock 42 comprises, in addition to the module 21 for communication with the key, the memory 22 and the comparison module 25, described above, a signature verification module 24.
• the module 24 is connected to the module 21 for communication of the lock with the key and to the comparison module 25.
• the module 24 receives the signature S (PH) of the validity range and, in the case where the signature calculation algorithm used is a public key algorithm, verifies the signature S (PH) received by means of the public key K P.
• the key 41 may further comprise a power supply module 11, for supplying the lock 42 with the energy necessary for the verification operations performed by the verification module 24. signature and the comparison module 25, as well as the energy necessary for the operation of updating the hourly control value VH S stored in the memory 22 in the event of a successful access attempt.
• the key 41 does not include any energy supply module and the energy necessary for the verification and updating operations is supplied by an external electrical energy source.
• a third embodiment of the access control system of the invention is described below, with the aid of FIG. 6, also comprising an electronic key 41 and an electronic lock 42, which is capable of providing a increased security compared to previous embodiments.
• the memory 13 of the key 41 contains not only the range of validity PH and the electronic signature S (PH) of this range of validity, but also the electronic signature S (VH C ) of the hourly test value.
• the module 14 for communication of the key with the lock allows the key 41, during each access attempt, to transmit to the communication module 21 included in the lock 42, not only the hourly test value VH C , the time slot PH and the electronic signature S (PH), stored in memory 13, but also the electronic signature S (VH C ) stored in memory 13.
• the signature verification module 24 receives the signatures S (PH) of the validity range and S (VH C ) of the test value, in the case where the signature calculation algorithm used is a public key algorithm , verifies these signatures using the public key K P.
• the key 41 may further comprise a power supply module 11, for supplying the lock 42 with the energy necessary for the verification operations performed by the verification module 24. signature and the comparison module 25, as well as the energy necessary for the operation of updating the hourly control value VH S stored in the memory 22 in the event of a successful access attempt.
• the key 41 does not include any energy supply module and the energy necessary for the verification and updating operations is supplied by an external electrical energy source.
• FIG. 8 illustrates a particular hardware embodiment of the modules 14 and 21 for communication between the key and the lock, applicable both to the mode of embodiment of FIG. 4 than in the embodiments of FIGS. 5 and 6.
• the key 1 (or 41 in the case of the embodiments of FIGS. 5 and 6) comprises a rod 30 made of ferromagnetic material, furnished with copper windings 31 forming a first winding. This first winding is connected to the module
• the key 1 or 41 is housed in a tubular cavity 32 with a diameter slightly greater than the diameter of the rod 30.
• the cavity 32 is also furnished with copper windings 33 forming a second winding, connected to the module 21 for communication of the lock with the key.
• the two windings 31, 33 are then concentric, and the information is transmitted in binary coded form between the key and the lock 2 (or 42 in the case of the embodiment of FIG. 5) by electromagnetic induction.
• the present invention finds an application particularly suitable for access, by successive users, to resources which are only made accessible to a given user after having been released by a previous user, and which, after the access achieved by this given user no longer allows access to the previous user. It is thus possible to apply the invention to resources such as hotel rooms or lockers with automatic deposit.
• the security of the access control can be further strengthened by adding other data to the signature and time slot information transmitted by the key to the lock. For example, you can add a serial number identifying the electronic key.
• the lock can be fitted with a counting module, associated with this serial number. The beginning of the next time slot during which a key bearing this serial number can access the lock is memorized in this counting module.

Landscapes

• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Lock And Its Accessories (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=9541434

Family Applications (1)

Country Status (3)

Families Citing this family (3)

Family Cites Families (5)

• 1999
  • 1999-02-01 FR FR9901096A patent/FR2789203B1/fr not_active Expired - Lifetime
• 2000
  • 2000-01-26 EP EP00900664A patent/EP1149361A1/de not_active Withdrawn
  • 2000-01-26 WO PCT/FR2000/000172 patent/WO2000046757A1/fr not_active Application Discontinuation

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events