EP1678683B1 - A lock system and a method of configuring a lock system. - Google Patents
A lock system and a method of configuring a lock system. Download PDFInfo
- Publication number
- EP1678683B1 EP1678683B1 EP04775530A EP04775530A EP1678683B1 EP 1678683 B1 EP1678683 B1 EP 1678683B1 EP 04775530 A EP04775530 A EP 04775530A EP 04775530 A EP04775530 A EP 04775530A EP 1678683 B1 EP1678683 B1 EP 1678683B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- certificate
- lock system
- door access
- manufacturer
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000009434 installation Methods 0.000 abstract description 8
- 238000007726 management method Methods 0.000 description 20
- 230000009466 transformation Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00817—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
Definitions
- the present invention relates generally to lock systems and more particularly to a lock system which can be set up in an easy and yet secure way and be operated with a high security level.
- Electronic or electro-mechanical lock systems having locks or the like that are connected to a central computer or system by means of a cable network have been in use for many years.
- the operation of these systems are managed from the central computer which communicate the applicable rules via a local network (LAN) to individual door access control (DAC) units.
- LAN local network
- DAC door access control
- the DAC units in turn communicate e.g. log information to the central computer.
- One way of achieving secure communication on a pre-existing network is to use encrypted data for communication between the central computer and the individual DAC units.
- the different units communicating must have encryption/decryption keys installed. These keys could be installed by skilled personnel that provide each and every unit with the required keys.
- One problem associated with this solution is that the persons normally installing such lock systems are not skilled personnel in the sense that they are not familiar with computer hardware and software. Thus, installation of encryption/decryption keys would be performed by expensive personnel in a separate step after the physical installation of the system, leading to increased costs. Also, the use of individuals for installing software is a security risk in itself.
- a problem in prior art is thus to provide a lock system which shows a high degree of security while the installation and set-up of the system can be effected in an easy way.
- US-B1-6 615 350 discloses computer systems wherein cryptographic policies involving certificates are implemented
- WO-A-01/66888 discloses secure distribution of key and lock devices between manufacturer, distributor and end users.
- An object of the present invention is to provide a lock system wherein the prior art drawbacks are avoided and in which encryption keys can be installed in an easy and yet secure way. This means that one specific object is that installation of components must be as simple as possible.
- Another object is that security breach by customer mistakes must not affect other customers or the manufacturer.
- Yet another object is to provide a system and method wherein existing standards and implementations are used as much as possible.
- Still yet another object is to provide a method wherein system requirements are kept as small as possible.
- the invention is based on the realisation that the use of certificates in combination with asymmetric and symmetric encryption in a lock system provides a secure yet efficient solution to the above described problem.
- a unique symmetric encryption key is used for each door access control unit. This ensures that the integrity of the lock system is maintained in the case one or more of the DAC units are taken over by a fraudulent person trying to gain unauthorized access to the premise in which the lock system is installed.
- lock system is intended to cover all types of electronic lock systems wherein the door access units control electronic or electro-mechanical locks, card readers, panic buttons etc. (not shown in the figures) and is thus not limited to systems comprising conventional lock cylinders or the like.
- FIG. 1 It is there shown a manufacturer computer system 10, which comprises computer hardware with peripherals etc. and access to the Internet.
- the manufacturer computer system runs software adapted for processing of customer certificates.
- the management system is divided into a front end system that collects signature request and a back end system that holds the manufacturer's private key used for signing of a customer public key.
- the subsystem that contain the private key responsible for signing customers certificate is not exposed to public networks
- a number of customer lock systems each comprises a customer management computer 110 connected to a plurality of door access control (DAC) units 120 via a local area network (LAN) 130.
- DAC door access control
- LAN local area network
- the LAN could be Ethernet-based but the invention does not exclude other kinds of networks.
- the management computer 110 is the computer wherein all rules relating to the lock system 100 is managed and stored. These rules can be related to which individuals are authorised to open which doors, temporal restrictions to access to doors etc. These rules are downloaded to the individual DAC units 120 which effect the physical control of the doors by means of actuators etc.
- the present invention uses the well-known Public Key Infrastructure (PKI) which uses techniques for public-key encryption, also referred to as asymmetric encryption.
- PKI Public Key Infrastructure
- each entity has a public key and a corresponding private key.
- the public key defines an encryption transformation
- the private key defines the associated decryption transformation.
- Any entity wishing to send a message to another entity A obtains an authentic copy of A's public key, uses the encryption transformation to obtain the cipher text, and transmits this cipher text to A. To decrypt the cipher text, A applies the decryption transformation to obtain the original message.
- the public key need not be kept secret, and, in fact, may be widely available - only its authenticity is required to guarantee that A is indeed the only party who knows the corresponding private key.
- a primary advantage of such systems is that providing authentic public keys is generally easier than distributing secret keys securely, as required in symmetric key systems.
- A's encryption transformation is public knowledge, public-key encryption alone does not provide data origin authentication or data integrity. Such assurances must be provided through use of additional techniques, including message authentication codes and digital signatures. Public-key encryption schemes are typically substantially slower than symmetric-key encryption algorithms.
- Public-key decryption may also provide authentication guarantees in entity authentication and authenticated key establishment protocols.
- the Public Key Infrastructure in a lock system will now be described with reference to fig. 2 , wherein part of the environment shown in fig. 1 is detailed. More specifically, the manufacturer computer system 10, a management computer 110, and a DAC unit 120 are shown therein, but not the physical interconnections (the Internet, LAN). It is here seen that the manufacturer functions as an upper level Certificate Authority - CA level 1 - and the lock system owner as a lower level CA - CA level 2. To achieve a scalable installation of the DAC units 120 and to restrict problems of a comprised management computer to a customer domain, part of the PKI have been arranged as this hierarchy.
- the manufacturer public key is installed in the DAC unit at a trusted factory.
- a security feature is boot-strapped into the DAC units in the form of a certificate trusting the manufacturer's software. This means that the DAC units' software can only be installed under the manufacturer's control.
- Each and every DAC unit 120 is thus provided with the manufacturer public key. This is a more efficient and reliable way than providing the public key when the DAC unit already has been installed.
- This method also provides DAC units that are essentially identical before delivery, facilitating logistics and storage.
- each DAC unit is provided with a unique serial number. However, this is not important for the present invention.
- a DAC unit When a DAC unit boots for the first time it retrieves the installer program image, checks the signature against the factory installed manufacturer public key and starts to execute upon match.
- the temporary installer application is capable of verifying the manufacturer's signature of the customer's public key and could verify that the certificate presented by the management computer 110 has been signed by the manufacturer computer 10.
- the manufacturer public certificate is bundled with the installer image, which is signed by manufacturer private key.
- the DAC units only trust the manufacturer at delivery, the customers do not have full control over their own system, which in their view is unacceptable.
- This certificate is delivered on-line through a procedure, wherein the receiver is obliged to identify himself or herself. More specifically, the receiver is indicated in the certificate as attributes. This ensures that a specific individual is responsible, increasing the security level of the inventive concept.
- the certificate signed by the manufacturer is used in a further step to install a certificate trusting the customer. In that way, the customer gets full control of the system except for software updating, see below.
- a lock system owner buys the management computer software and obtains media together with a unique code
- the name of the lock system owner is registered in the manufacturer computer 10 together with the software version.
- the lock system owner is then instructed to contact the manufacturer to get its management computer public key signed by the manufacturer, i.e., the upper level CA.
- the lock system owner's management computer public certificate is then added in a database located in the manufacturer computer 10.
- the management computer 110 When the lock system owner installs the lock system software or when the lock system 100 is about to be set up, the management computer 110 generates a symmetric encryption key pair and makes available the certificate signed by the manufacturer. In that way, the management computer 110 becomes a CA of itself.
- the installer program image that has been installed in the DAC unit accepts the management computer public certificate signed by the manufacturer.
- An encrypted and authenticated channel is then established, such as by means of an SSL-session using asymmetric encryption, between the management computer and the DAC unit.
- the DAC unit then installs the symmetric secret key from the management computer. From this moment asymmetric methods are replaced by symmetric by terminating the asymmetrically encrypted channel and establishing a symmetrically encrypted tunnel and the DAC unit could thereafter only be controlled by the management computer to prevent hostile takeover from other management computer systems.
- the factory installed manufacturer public key remains in the DAC unit to verify software from the manufacturer. This prevents customers to remote install unauthorized software in the DAC unit.
- Asymmetric encryption is more demanding on hardware, which is inconvenient when taking hardware costs into consideration. This is one reason why the lock system according to the invention operates in a secure yet efficient way.
- the manufacturer public key is distributed on-line.
- the manufacturer public key can also be distributed on compact disc, for example, when the software product is purchased.
- the receiver of the manufacturer certificate is indicated as attributes in the certificate.
- each certificate has a unique serial number distinguishing it from other certificates. It is also preferred that the certificate is protected by means of some kind of password, such as a PIN code.
- the manufacturer computer system and management computers have been described as interconnected via the Internet. It will be appreciated that some of the management computers are not connected to the outside. In that case communication between the manufacturer computer system and management computers can be effected via other media, such as diskettes, compact discs etc.
- manufacturer computer system has been described as one single computer. It will be appreciated that there can be more than one computer at the manufacturer having different functions.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
- Storage Device Security (AREA)
- Maintenance And Management Of Digital Transmission (AREA)
- Exchange Systems With Centralized Control (AREA)
- Interface Circuits In Exchanges (AREA)
- Automobile Manufacture Line, Endless Track Vehicle, Trailer (AREA)
- Computer And Data Communications (AREA)
- Input Circuits Of Receivers And Coupling Of Receivers And Audio Equipment (AREA)
Abstract
Description
- The present invention relates generally to lock systems and more particularly to a lock system which can be set up in an easy and yet secure way and be operated with a high security level.
- Electronic or electro-mechanical lock systems having locks or the like that are connected to a central computer or system by means of a cable network have been in use for many years. The operation of these systems are managed from the central computer which communicate the applicable rules via a local network (LAN) to individual door access control (DAC) units. The DAC units in turn communicate e.g. log information to the central computer.
- It is of vital importance that the communication between the central computer and the individual DAC units is secure, i.e., that it cannot be intercepted and interpreted or manipulated by a fraudulent person trying to gain unauthorized access to the premise in which the lock system is installed.
- In prior art lock systems this high level of security has been achieved by the use of proprietary communication protocols, shielded communication wires etc. However, today's users are not prepared to install a separate protected cable network for a lock system in parallel with a computer network already installed in the office, such as an Ethernet based network, or to use proprietary systems tying them to one or a limited number of suppliers.
- One way of achieving secure communication on a pre-existing network is to use encrypted data for communication between the central computer and the individual DAC units. However, before using encrypted communication, the different units communicating must have encryption/decryption keys installed. These keys could be installed by skilled personnel that provide each and every unit with the required keys. One problem associated with this solution is that the persons normally installing such lock systems are not skilled personnel in the sense that they are not familiar with computer hardware and software. Thus, installation of encryption/decryption keys would be performed by expensive personnel in a separate step after the physical installation of the system, leading to increased costs. Also, the use of individuals for installing software is a security risk in itself.
- A problem in prior art is thus to provide a lock system which shows a high degree of security while the installation and set-up of the system can be effected in an easy way.
-
US-B1-6 615 350 discloses computer systems wherein cryptographic policies involving certificates are implementedWO-A-01/66888 - An object of the present invention is to provide a lock system wherein the prior art drawbacks are avoided and in which encryption keys can be installed in an easy and yet secure way. This means that one specific object is that installation of components must be as simple as possible.
- Another object is that security breach by customer mistakes must not affect other customers or the manufacturer.
- Yet another object is to provide a system and method wherein existing standards and implementations are used as much as possible.
- Still yet another object is to provide a method wherein system requirements are kept as small as possible.
- The invention is based on the realisation that the use of certificates in combination with asymmetric and symmetric encryption in a lock system provides a secure yet efficient solution to the above described problem.
- According to the invention there are provided method of installing a lock system as defined in
claim 1 and a lock system as defined in claim 9. - By providing a lock system which is set up by means of both asymmetric and symmetric communication between the units in the system both simple installation and high security are achieved.
- In a particularly preferred embodiment, a unique symmetric encryption key is used for each door access control unit. This ensures that the integrity of the lock system is maintained in the case one or more of the DAC units are taken over by a fraudulent person trying to gain unauthorized access to the premise in which the lock system is installed.
- Further preferred embodiments are defined by the dependent claims.
- The invention is now described, by way of example, with reference to the accompanying drawings, in which:
-
fig. 1 is an overall view of a the hardware including a manufacturer and customer lock systems; -
fig. 2 is a block diagram showing a Public Key Infrastructure implemented in the lock system according to the invention; -
fig. 3 is a simplified diagram showing the different steps in the method according to the invention; and -
fig. 4 is a detailed diagram showing the different steps in the method according to the invention. - In the following a detailed description of a preferred embodiment of the present invention will be given.
- In the present description, the term "lock system" is intended to cover all types of electronic lock systems wherein the door access units control electronic or electro-mechanical locks, card readers, panic buttons etc. (not shown in the figures) and is thus not limited to systems comprising conventional lock cylinders or the like.
- An environment in which the present invention is implemented will now be described with reference to
figure 1 . It is there shown amanufacturer computer system 10, which comprises computer hardware with peripherals etc. and access to the Internet. The manufacturer computer system runs software adapted for processing of customer certificates. The management system is divided into a front end system that collects signature request and a back end system that holds the manufacturer's private key used for signing of a customer public key. The subsystem that contain the private key responsible for signing customers certificate is not exposed to public networks - A number of customer lock systems, generally designated 100, two of which are shown in the figure, each comprises a
customer management computer 110 connected to a plurality of door access control (DAC)units 120 via a local area network (LAN) 130. The LAN could be Ethernet-based but the invention does not exclude other kinds of networks. - The
management computer 110 is the computer wherein all rules relating to thelock system 100 is managed and stored. These rules can be related to which individuals are authorised to open which doors, temporal restrictions to access to doors etc. These rules are downloaded to theindividual DAC units 120 which effect the physical control of the doors by means of actuators etc. - The present invention uses the well-known Public Key Infrastructure (PKI) which uses techniques for public-key encryption, also referred to as asymmetric encryption. In public-key encryption systems each entity has a public key and a corresponding private key. The public key defines an encryption transformation, while the private key defines the associated decryption transformation. Any entity wishing to send a message to another entity A obtains an authentic copy of A's public key, uses the encryption transformation to obtain the cipher text, and transmits this cipher text to A. To decrypt the cipher text, A applies the decryption transformation to obtain the original message.
- The public key need not be kept secret, and, in fact, may be widely available - only its authenticity is required to guarantee that A is indeed the only party who knows the corresponding private key. A primary advantage of such systems is that providing authentic public keys is generally easier than distributing secret keys securely, as required in symmetric key systems.
- Since A's encryption transformation is public knowledge, public-key encryption alone does not provide data origin authentication or data integrity. Such assurances must be provided through use of additional techniques, including message authentication codes and digital signatures. Public-key encryption schemes are typically substantially slower than symmetric-key encryption algorithms.
- Public-key decryption may also provide authentication guarantees in entity authentication and authenticated key establishment protocols.
- The Public Key Infrastructure in a lock system according to the invention will now be described with reference to
fig. 2 , wherein part of the environment shown infig. 1 is detailed. More specifically, themanufacturer computer system 10, amanagement computer 110, and aDAC unit 120 are shown therein, but not the physical interconnections (the Internet, LAN). It is here seen that the manufacturer functions as an upper level Certificate Authority - CA level 1 - and the lock system owner as a lower level CA -CA level 2. To achieve a scalable installation of theDAC units 120 and to restrict problems of a comprised management computer to a customer domain, part of the PKI have been arranged as this hierarchy. - The installation procedure for the lock system shown in
fig. 1 will now be explained in detail with reference tofig. 3 , which shows the major steps of the procedure, andfig. 4 , which is a more detailed representation. - As a first step, the manufacturer public key is installed in the DAC unit at a trusted factory. A security feature is boot-strapped into the DAC units in the form of a certificate trusting the manufacturer's software. This means that the DAC units' software can only be installed under the manufacturer's control.
- Each and every
DAC unit 120 is thus provided with the manufacturer public key. This is a more efficient and reliable way than providing the public key when the DAC unit already has been installed. This method also provides DAC units that are essentially identical before delivery, facilitating logistics and storage. Optionally, each DAC unit is provided with a unique serial number. However, this is not important for the present invention. - When a DAC unit boots for the first time it retrieves the installer program image, checks the signature against the factory installed manufacturer public key and starts to execute upon match. The temporary installer application is capable of verifying the manufacturer's signature of the customer's public key and could verify that the certificate presented by the
management computer 110 has been signed by themanufacturer computer 10. The manufacturer public certificate is bundled with the installer image, which is signed by manufacturer private key. - Because the DAC units only trust the manufacturer at delivery, the customers do not have full control over their own system, which in their view is unacceptable. Each customer wants control of its own system. Therefore, the customer receives a certificate signed by the manufacturer. This certificate is delivered on-line through a procedure, wherein the receiver is obliged to identify himself or herself. More specifically, the receiver is indicated in the certificate as attributes. This ensures that a specific individual is responsible, increasing the security level of the inventive concept.
- The certificate signed by the manufacturer is used in a further step to install a certificate trusting the customer. In that way, the customer gets full control of the system except for software updating, see below.
- When a lock system owner buys the management computer software and obtains media together with a unique code, the name of the lock system owner is registered in the
manufacturer computer 10 together with the software version. The lock system owner is then instructed to contact the manufacturer to get its management computer public key signed by the manufacturer, i.e., the upper level CA. The lock system owner's management computer public certificate is then added in a database located in themanufacturer computer 10. - When the lock system owner installs the lock system software or when the
lock system 100 is about to be set up, themanagement computer 110 generates a symmetric encryption key pair and makes available the certificate signed by the manufacturer. In that way, themanagement computer 110 becomes a CA of itself. - After having been connected to the
LAN 130, when theDAC unit 120 is turned on, the installer program image that has been installed in the DAC unit accepts the management computer public certificate signed by the manufacturer. An encrypted and authenticated channel is then established, such as by means of an SSL-session using asymmetric encryption, between the management computer and the DAC unit. By means of this communication channel, the DAC unit then installs the symmetric secret key from the management computer. From this moment asymmetric methods are replaced by symmetric by terminating the asymmetrically encrypted channel and establishing a symmetrically encrypted tunnel and the DAC unit could thereafter only be controlled by the management computer to prevent hostile takeover from other management computer systems. - In the preferred embodiment, the factory installed manufacturer public key remains in the DAC unit to verify software from the manufacturer. This prevents customers to remote install unauthorized software in the DAC unit.
- After the set-up of the
lock system 100 has been completed, further communications between themanagement computer 110 and theDAC 120 are effected by means of symmetric encryption. A unique symmetric encryption key is used for each DAC unit, i.e., the management computer uses different symmetric encryption keys for the DAC units. This ensures that the integrity of the lock system is maintained in the case one or more of the DAC units are taken over by a fraudulent person trying to gain unauthorized access to the premise in which the lock system is installed. - Asymmetric encryption is more demanding on hardware, which is inconvenient when taking hardware costs into consideration. This is one reason why the lock system according to the invention operates in a secure yet efficient way.
- It has been described how the manufacturer public key is distributed on-line. However, the manufacturer public key can also be distributed on compact disc, for example, when the software product is purchased.
- Further communication between the manufacturer and the customer can be on-line by means of the Internet, for example, or by means of other media, such as compact disks.
- In the described embodiment, the receiver of the manufacturer certificate is indicated as attributes in the certificate. As an alternative, each certificate has a unique serial number distinguishing it from other certificates. It is also preferred that the certificate is protected by means of some kind of password, such as a PIN code.
- A preferred embodiment of a lock system according to the invention has been described. A person skilled in the art realises that this could be varied within the scope of the appended claims.
- The manufacturer computer system and management computers have been described as interconnected via the Internet. It will be appreciated that some of the management computers are not connected to the outside. In that case communication between the manufacturer computer system and management computers can be effected via other media, such as diskettes, compact discs etc.
- For ease of understanding, the manufacturer computer system has been described as one single computer. It will be appreciated that there can be more than one computer at the manufacturer having different functions.
Claims (10)
- A method of configuring a lock system (100) owned by a lock system owner and comprising a management computer (110) connected to a plurality of door access control units (120), said method comprising the following steps:a) installing in the door access control units a first certificate issued and signed by a manufacturer (10) of the lock system;b) installing at the management computer (110) a second certificate assigned to the lock system owner and issued and signed by the manufacturer;c) transmitting from the management computer to a first door access control unit of the door access units the signed second certificate together with a symmetric encryption key used by the lock system owner;d) installing by means of asymmetric encryption the second certificate at the first door access control unit after checking the authenticity of the signed second certificate by means of the installed first certificate; ande) establishing of symmetric encryption communication between the management computer and the first door access unit.
- The method according to claim 1, wherein a unique symmetric encryption key is used for each door access control unit.
- The method according to claim 1 or 2, wherein the step of installing a first certificate is performed under the control of a boot strapped security feature in the door access control unit.
- The method according to any of claims 1-3, wherein the step of providing at the management computer a second certificate is performed on-line through a procedure, wherein a receiver identifies himself or herself.
- The method according to claim 4, wherein the identity of the receiver is indicated in the second certificate as attributes.
- The method according to any of claims 1-5, wherein the step of providing a second certificate comprises providing a symmetric encryption key pair.
- The method according to any of claims 1-6, wherein the step of transmitting from the management computer to a first door access control unit the signed second certificate is preformed as an SSL-session.
- The method according to any of claims 1-7, wherein the step of installing the second certificate involves keeping the first certificate so as to verify data from the manufacturer.
- A lock system (100) owned by a lock system owner and comprising a management computer (110) connected to a plurality of door access control units (120), which lock system is arranged to communicate with a manufacturer system (10) of a manufacturer of the lock system, characterized by- a first certificate issued and signed by the manufacturer system (10) and provided in the door access control units (120);- a second certificate assigned to the lock system owner, issued and signed by the manufacturer system and provided in the management computer (110);- a symmetric encryption key pair provided in the management computer and a respective door access control unit (120); and- a public asymmetric encryption key for the manufacturer provided in the door access control units.
- The lock system according to claim 9, wherein a unique symmetric encryption key is provided for each door access control unit.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE0302733A SE525847C2 (en) | 2003-10-16 | 2003-10-16 | Ways to configure a locking system and locking system |
PCT/SE2004/001448 WO2005038727A1 (en) | 2003-10-16 | 2004-10-12 | A lock system and a method of configuring a lock system. |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1678683A1 EP1678683A1 (en) | 2006-07-12 |
EP1678683B1 true EP1678683B1 (en) | 2009-12-09 |
Family
ID=29398746
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP04775530A Active EP1678683B1 (en) | 2003-10-16 | 2004-10-12 | A lock system and a method of configuring a lock system. |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP1678683B1 (en) |
AT (1) | ATE451672T1 (en) |
AU (1) | AU2004281437A1 (en) |
DE (1) | DE602004024567D1 (en) |
NO (1) | NO336212B1 (en) |
SE (1) | SE525847C2 (en) |
WO (2) | WO2005038727A1 (en) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7706778B2 (en) | 2005-04-05 | 2010-04-27 | Assa Abloy Ab | System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone |
WO2007045051A1 (en) * | 2005-10-21 | 2007-04-26 | Honeywell Limited | An authorisation system and a method of authorisation |
US9985950B2 (en) | 2006-08-09 | 2018-05-29 | Assa Abloy Ab | Method and apparatus for making a decision on a card |
US8074271B2 (en) | 2006-08-09 | 2011-12-06 | Assa Abloy Ab | Method and apparatus for making a decision on a card |
US9704313B2 (en) | 2008-09-30 | 2017-07-11 | Honeywell International Inc. | Systems and methods for interacting with access control devices |
IT1392268B1 (en) * | 2008-12-02 | 2012-02-22 | Sata Hts Hi Tech Services S P A | AUTHENTICATION PROCESS VIA TOKEN GENERANTE ONE TIME PASSWORD |
WO2010099575A1 (en) | 2009-03-04 | 2010-09-10 | Honeywell International Inc. | Systems and methods for managing video data |
EP2408984B1 (en) | 2009-03-19 | 2019-11-27 | Honeywell International Inc. | Systems and methods for managing access control devices |
FR2945177A1 (en) * | 2009-04-30 | 2010-11-05 | Pascal Metivier | SECURE PROGRAMMING AND MANAGEMENT SYSTEM FOR LOCKS HAVING CONTACTLESS AND COMMANDABLE COMMUNICATION MEANS BY AN NFC PORTABLE TELEPHONE |
US9280365B2 (en) | 2009-12-17 | 2016-03-08 | Honeywell International Inc. | Systems and methods for managing configuration data at disconnected remote devices |
US9894261B2 (en) | 2011-06-24 | 2018-02-13 | Honeywell International Inc. | Systems and methods for presenting digital video management system information via a user-customizable hierarchical tree interface |
US9344684B2 (en) | 2011-08-05 | 2016-05-17 | Honeywell International Inc. | Systems and methods configured to enable content sharing between client terminals of a digital video management system |
US10362273B2 (en) | 2011-08-05 | 2019-07-23 | Honeywell International Inc. | Systems and methods for managing video data |
CN104137154B (en) | 2011-08-05 | 2019-02-01 | 霍尼韦尔国际公司 | Systems and methods for managing video data |
EP2821970B2 (en) | 2013-07-05 | 2019-07-10 | Assa Abloy Ab | Access control communication device, method, computer program and computer program product |
EP2821972B1 (en) | 2013-07-05 | 2020-04-08 | Assa Abloy Ab | Key device and associated method, computer program and computer program product |
US9443362B2 (en) | 2013-10-18 | 2016-09-13 | Assa Abloy Ab | Communication and processing of credential data |
US10523903B2 (en) | 2013-10-30 | 2019-12-31 | Honeywell International Inc. | Computer implemented systems frameworks and methods configured for enabling review of incident data |
ES2976646T3 (en) | 2014-09-10 | 2024-08-06 | Assa Abloy Ab | First Entry Notification |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5787172A (en) * | 1994-02-24 | 1998-07-28 | The Merdan Group, Inc. | Apparatus and method for establishing a cryptographic link between elements of a system |
US6615350B1 (en) * | 1998-03-23 | 2003-09-02 | Novell, Inc. | Module authentication and binding library extensions |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5506905A (en) * | 1994-06-10 | 1996-04-09 | Delco Electronics Corp. | Authentication method for keyless entry system |
SE517465C2 (en) * | 2000-03-10 | 2002-06-11 | Assa Abloy Ab | Method of authorizing a key or lock device, electromechanical key and lock device and key and lock system |
-
2003
- 2003-10-16 SE SE0302733A patent/SE525847C2/en not_active IP Right Cessation
-
2004
- 2004-10-12 DE DE602004024567T patent/DE602004024567D1/en active Active
- 2004-10-12 EP EP04775530A patent/EP1678683B1/en active Active
- 2004-10-12 WO PCT/SE2004/001448 patent/WO2005038727A1/en active Application Filing
- 2004-10-12 AU AU2004281437A patent/AU2004281437A1/en not_active Abandoned
- 2004-10-12 AT AT04775530T patent/ATE451672T1/en not_active IP Right Cessation
- 2004-10-18 WO PCT/SE2004/001491 patent/WO2005038728A1/en active Application Filing
-
2006
- 2006-05-15 NO NO20062179A patent/NO336212B1/en unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5787172A (en) * | 1994-02-24 | 1998-07-28 | The Merdan Group, Inc. | Apparatus and method for establishing a cryptographic link between elements of a system |
US6615350B1 (en) * | 1998-03-23 | 2003-09-02 | Novell, Inc. | Module authentication and binding library extensions |
Also Published As
Publication number | Publication date |
---|---|
AU2004281437A1 (en) | 2005-04-28 |
NO336212B1 (en) | 2015-06-15 |
SE525847C2 (en) | 2005-05-10 |
WO2005038728A1 (en) | 2005-04-28 |
DE602004024567D1 (en) | 2010-01-21 |
NO20062179L (en) | 2006-05-15 |
SE0302733L (en) | 2005-04-17 |
WO2005038727A1 (en) | 2005-04-28 |
EP1678683A1 (en) | 2006-07-12 |
ATE451672T1 (en) | 2009-12-15 |
SE0302733D0 (en) | 2003-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1678683B1 (en) | A lock system and a method of configuring a lock system. | |
US7904952B2 (en) | System and method for access control | |
US8412927B2 (en) | Profile framework for token processing system | |
US6134327A (en) | Method and apparatus for creating communities of trust in a secure communication system | |
CN101421968B (en) | Authentication system for networked computer applications | |
US5872847A (en) | Using trusted associations to establish trust in a computer network | |
US5692124A (en) | Support of limited write downs through trustworthy predictions in multilevel security of computer network communications | |
AU2006278422B2 (en) | System and method for user identification and authentication | |
US7685421B2 (en) | System and method for initializing operation for an information security operation | |
CA2573101C (en) | System and method for implementing digital signature using one time private keys | |
US6490679B1 (en) | Seamless integration of application programs with security key infrastructure | |
US6212636B1 (en) | Method for establishing trust in a computer network via association | |
US6931549B1 (en) | Method and apparatus for secure data storage and retrieval | |
EP0936530A1 (en) | Virtual smart card | |
EP1191743B1 (en) | Method and device for performing secure transactions | |
US20060253702A1 (en) | Secure gaming server | |
US20140089437A1 (en) | Method and system for remote activation and management of personal security devices | |
US20060064582A1 (en) | Method and system for license management | |
US20080005339A1 (en) | Guided enrollment and login for token users | |
US20080209216A1 (en) | Method and system for automated authentication of a device to a management node of a computer network | |
US6215872B1 (en) | Method for creating communities of trust in a secure communication system | |
CN101816140A (en) | Token-based management system for PKI personalization process | |
WO2009002963A1 (en) | Method and apparatus for securing unlock password generation and distribution | |
US20050027979A1 (en) | Secure transmission of data within a distributed computer system | |
EP1501238B1 (en) | Method and system for key distribution comprising a step of authentication and a step of key distribution using a KEK (key encryption key) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20060510 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR |
|
17Q | First examination report despatched |
Effective date: 20061114 |
|
DAX | Request for extension of the european patent (deleted) | ||
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REF | Corresponds to: |
Ref document number: 602004024567 Country of ref document: DE Date of ref document: 20100121 Kind code of ref document: P |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: VDEP Effective date: 20091209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100409 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100320 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100309 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 Ref country code: BE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100310 |
|
26N | No opposition filed |
Effective date: 20100910 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101031 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101031 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101031 Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101102 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: ST Effective date: 20110630 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101012 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100610 Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20101012 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20091209 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20191010 Year of fee payment: 16 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20201012 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20201012 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20230912 Year of fee payment: 20 |