EP2284803A1 - Secure system for programming electronically controlled lock devices using encoded acoustic verifications - Google Patents

Abstract

The system has secured transmission units for securely transmitting encrypted acoustic accreditation data from a remote management site (10) to a mobile telephone (20) of a master user. A lock (22) includes an electro-acoustic transducer i.e. microphone (54), for picking up acoustic accreditations reproduced by the telephone previously placed near the lock. Recognizing, analyzing and authenticating units recognize, analyze and authenticate the picked-up acoustic accreditations and permit programming of access rights and/or additional data upon recognizing a compliant accreditation.

Description

The invention relates to lock devices electrically controlled by means of a portable object forming a key, such as a card or a contactless badge, or also a mobile phone equipped with coupling means (inductive, radiofrequency, acoustic, .. .) to the lock.

By "lock device" is meant not only a lock stricto sensu, that is to say a mechanism placed for example on a door to condemn the opening, but also any device to achieve a comparable result, for example a lock gun considered in isolation, or a more specific locking device comprising various members not grouped in the same lock box, the ultimate goal being to obtain the conviction by mechanical means of physical access to a place or given space, and access to this place or space by unlocking the lock device, on the order of a user, after verification that this user has access rights (i) that are specific to him and (ii) who are specific to the lock device. The lock device may also include, or be associated with, an alarm system that is to disable to allow access to a given space, or conversely activate to protect this space before or after the to have left.

For simplicity of description, we will speak later simply "lock", but this term must be understood in its broadest sense, without any restrictive character to a particular type of equipment. The invention relates more precisely to the programming of these locks by the "access rights" which correspond to them, that is to say the indication of the users authorized to open such or such lock, with for each of them a definition of the rights that are specific to it, rights that may for example be limited in time (expiry of the right of access), or limited to certain days of the week, or at certain times, etc. In some systems, each lock is connected to a network for centralized access management and rights control. These systems are well suited to corporate or hotel environments, but much less so to residential-type applications, or to the modernization of pre-existing facilities where it would be difficult to imagine creating a local network, including all the difficulties of wiring that would imply.

The invention aims more particularly, but not exclusively, at another type of installation, where the locks are autonomous devices, each of them memorizing internally the access rights attached thereto (authorized users and, for each, possible restrictions of access).

The programming of this type of lock involves an on-site intervention of an operator (hereinafter "master-user") equipped with a device that can be coupled to the lock to register or update the access rights. . The update can also relate to various other operating parameters of the lock such as date and time, identification data, calculation algorithms, cryptographic elements, etc.

In practice, programming such autonomous locks is a delicate operation, requiring specific and expensive equipment and prior learning, forcing most of the time to use a professional operator.

These disadvantages are a major obstacle to the deployment of these autonomous lock systems.

It would be desirable in this regard to have a simple programming means to implement and not requiring specific equipment, so that the programming can be performed by simple manipulations, within the reach of everyone.

This would in particular allow the development of residential applications, where customers wish to be able to program themselves the locks they have acquired, and / or update them themselves without recourse to a professional, in particular whenever it is necessary. modify access rights or create new ones.

One of the aims of the present invention is to propose a new programming technique for these locks, which can be easily implemented by means of a mobile telephone, and in a manner sufficiently simple to be within the reach of a non-professional master user of average skill.

Another object of the invention is to propose a lock programming technique having a maximum level of security, a very great flexibility of implementation, and which can be used with any conventional mobile phone, pre-existing, without the need for master-user does not need to use a particular programming device. The system of the invention can thus be immediately generalizable and usable by everyone, benefiting from the security and flexibility of modern cryptographic techniques.

The principle of the invention is based on the use of encrypted acoustic accreditations for programming the lock. These acoustic accreditations are for example in the form of a coded series of tones (DTMF tones or other), emitted by the speaker of a transmitting device and picked up by the microphone of a receiving device. In the case of the invention, these encrypted acoustic accreditations are "downward" accreditations, that is to say they come from a remote management site and transmitted to the mobile phone of the master user. To use the accreditation, the master user approaches his phone lock and triggers the emission of the series of tones corresponding to the acoustic accreditation encrypted by the speaker of his phone, so that these tones can be captured by a built-in microphone or coupled to the lock. The latter decodes the accreditation, verifies it and in case of program compliance or reprograms the access rights in its internal memory.

The use of acoustic accreditations is not in itself new, it has already been proposed in other contexts and for other applications, for example by the WO 2008/107595 A2 (Tagattitude).

This document describes a technique for securing logical access to a computer network by a remote terminal, for example by a computer connected to this network via the Internet. The user connects to the network with his computer, simultaneously lights his mobile phone, and calls through it a control site interfaced with the network to which access is requested. To verify the user's authorization, the network sends a sound signal (Acoustic Accreditation) to the remote computer that has just connected, a signal that is reproduced by the speaker of the computer. The user having placed his telephone in front of this loudspeaker, this sound signal is picked up by the telephone, transmitted to the remote control site via the mobile telephone network operator and "listened to" by the control site, who can then check accreditation and authorize access to the computer network by the terminal. Note that in this case it is a "rising" accreditation: the acoustic accreditation is picked up by the microphone of the telephone which transmits it to the control site. Knowing the recipient of the phone call, the control site can identify the user through the mobile phone used for this operation, and thus allow logical access to the network by the terminal located near the phone identified.

More specifically, the present invention relates to a secure locking device opening control system comprising, in a manner known per se: at least one lock device provided with electronic circuits for the conditional control of mechanical locking members / unlocking according to pre-defined access rights; a mobile phone available to a master user; and a remote management site.

In a characteristic way of the invention, the remote management site comprises: a database of lock devices and authorized users, with for each lock device an associated unique identifier, a list of authorized users with corresponding data of access rights, and possibly additional data; and an accreditation data generator, the accreditations being encrypted acoustic accreditations in the form of single-use audio signals, capable of allowing the programming of the lock devices by the access rights listed in the database and / or by additional data. Furthermore, the system comprises means for securely transmitting said credentials from the management site to the mobile telephone of the master user, and the telephone comprises an electro-acoustic transducer able to reproduce the acoustic accreditations. As for the lock device, it comprises an electro-acoustic transducer capable of capturing the acoustic accreditations reproduced by the telephone transducer previously placed near the lock device, as well as means for recognizing, analyzing and authenticating the acoustic accreditations received by the transducer, and operate a programming of access rights and / or additional data on recognition of a conforming accreditation.

The means for securely transmitting the accreditation data from the management site to the mobile phone of the master user may comprise means for coupling this mobile telephone with a computer terminal connected to the management site, and / or a mobile network operator coupled to the management site and the telephone of the master user. Advantageously, for the generation of the accreditation data to be transmitted to the telephone, the management site can combine the access rights data authorized users with additional data specific to the lock and obtained at the manager site, and generate a Acoustic accreditation functions both of said access rights data and said additional data.

Alternatively or additionally, the telephone may combine the accreditation data transmitted by the management site with additional data inherent to the telephone and obtained locally, and generate an acoustic accreditation function of both said accreditation data and said additional data. . These additional data may include, in particular, geographical location information of the telephone at the time of the programming operation, the lock device then comprising means for storing this geographical location information in the programming, and subsequently comparing it with location information. geographical location of a user's phone when an attempt is made to open the lock device by this user.

• le téléphone est apte à : préalablement à la reproduction des accréditations acoustiques de programmation des droits d'accès, reproduire une accréditation spécifique d'ouverture de session propre à faire entrer le dispositif de serrure dans un mode de programmation ; et éventuellement, après reproduction des accréditations acoustiques de programmation, reproduire une accréditation spécifique de fermeture de session propre à faire sortir le dispositif de serrure dudit mode de programmation ;
• le dispositif de serrure comprend un transducteur électro-acoustique apte à reproduire des signaux acoustiques en retour, générés par le dispositif de serrure et codés par des données propres au dispositif de serrure, et le téléphone comprend un transducteur électro-acoustique apte à capter lesdits signaux en retour, ainsi que des moyens pour décoder les signaux en retour et afficher le cas échéant à destination de l'utilisateur un message fonction des données propres au dispositif de serrure, et/ou pour transmettre au site gestionnaire les signaux en retour codés par les données propres au dispositif de serrure ;

• le téléphone comprend des moyens pour mémoriser et mettre à jour une liste de dispositifs de serrure déjà programmés et de dispositifs de serrure non encore programmés ;
• le système comprend des moyens pour conditionner la reproduction de l'accréditation acoustique par le transducteur du téléphone à la présentation préalable d'une donnée personnelle de validation délivrée par l'utilisateur-maître au téléphone.

According to various other advantageous subsidiary features:

• the telephone is capable of: prior to the reproduction of the acoustic accreditations for programming the access rights, reproduce a specific logon accreditation able to bring the lock device into a programming mode; and possibly, after reproducing the acoustic accreditation programming, reproduce a specific logoff accreditation own to get out the lock device of said programming mode;
• the lock device comprises an electro-acoustic transducer adapted to reproduce acoustic feedback signals generated by the lock device and encoded by data specific to the lock device, and the telephone comprises an electro-acoustic transducer adapted to pick up said signals; in return, as well as ways to decode the feedback signals and display if necessary to the user a message depending on the data specific to the lock device, and / or to transmit to the management site the feedback signals coded by the data specific to the lock device;

• the telephone comprises means for memorizing and updating a list of already programmed lock devices and lock devices not yet programmed;
• the system comprises means for conditioning the reproduction of the acoustic accreditation by the telephone transducer to the prior presentation of a personal validation data delivered by the master user over the telephone.

In a first embodiment, the system comprises means capable of: verifying the authorization of the master user to operate a programming of the lock device; generate acoustic accreditation by the manager site generator; and transmit this accreditation to the telephone, for direct reproduction by the transducer thereof previously placed near the transducer of the lock device.

In a second form of implementation, the system comprises means capable of: verifying the authorization of the master user to operate a programming of the lock device; generate acoustic accreditation by the manager site generator; and activate an internal applet of the phone to download said accreditation and store it in a memory of the phone; then, in a second step, activate the internal applet for reproduction of the accreditation by the telephone transducer previously placed near the transducer of the lock device.

In a third form of implementation, the phone contains an internal applet forming, in combination with a cryptographic key, cryptographic generator. In this case, the accreditation data transmitted by the remote management site to the telephone is said cryptographic key, so as to allow, on command of the master user, the generation of acoustic accreditation by the internal applet and its reproduction by the transducer of the telephone previously placed near the transducer of the lock device.

In a fourth form of implementation, the system comprises means capable of: verifying the authorization of the master user to operate a programming of the lock device; generate acoustic accreditation by the manager site generator and convert this accreditation into an audio file; transmit this audio file to the phone for download and storage in a phone memory; then, in a second step, to reproduce the audio file by the transducer of the telephone previously placed near the transducer of the lock device.

• La Figure 1 illustre de façon schématique les principaux éléments contribuant au fonctionnement du système selon l'invention.
• La Figure 2 illustre plus précisément, sous forme de schéma par blocs, les principaux organes constitutifs du téléphone mobile et de la serrure avec laquelle ce dernier est couplé.

Various embodiments of the invention will now be described with reference to the appended drawings in which the same reference numerals designate identical or functionally similar elements from one figure to another.

• The Figure 1 schematically illustrates the main elements contributing to the operation of the system according to the invention.
• The Figure 2 illustrates more precisely, in block diagram form, the main components of the mobile phone and the lock with which it is coupled.

The principle and the implementation of the invention will be explained with reference to Figures 1 and 2 .

One of the essential elements of the invention is a secure management site 10 centralizing in a DB 12 database information for identifying and identifying a number of locks with their associated access rights data, including a list of authorized users with, for each, the authorized access conditions: access reserved for certain days or certain time slots, expiry date of the access right, etc.

In addition to the authorized users, the database also lists for each lock a Unique IDentifier (UID) that is uniquely assigned and uniquely identifies the lock. in the various data exchange protocols. The lock can also be identified by a free name ("entrance", "garage", "cellar", etc.), in particular to facilitate the selection by a user of one of several locks, in the same way as a label which would be attached to a traditional key.

Other data may also be stored by the database, including the algorithms used by the lock, one or more cryptographic keys, etc.

The management site 10 also comprises a cryptographic engine forming a generator 14 of accreditation data.

In a characteristic way of the invention, the "credentials" ( cre-dentials) are encrypted acoustic accreditations in the form of single-use audio signals, for example (but not limited to) consisting of a succession of tones double DTMF. These audio signals are designed so that they can be conveyed by audio transmission channels and reproduced as such by acoustic transducers.

The programming of a lock involves, in the first place, defining or updating in the database DB the list of authorized users, with for each the corresponding access conditions. This information will be communicated to the management site 10 by an authorized operator (hereinafter referred to as "master user") during an initial phase.

As will be explained later, the programming may also involve, in addition to the determination of the access rights, the updating of other information specific to the lock and relating to its operation, such as: date and time, algorithm used for recognition and decoding of acoustic accreditations, cryptographic key, and free denomination.

The entry by the master-user of the lists of authorized users and the corresponding access rights can be done conveniently by means of a microcomputer 16 connected to the management site 10 by a secure link, for example an IP link of type https 18.

The use of a microcomputer 16 is however not essential, the master operator can also enter the data relating to rights of access by means of his mobile phone 20, the latter operating during this initial phase as a terminal connected to the remote management site 10 via a mobile operator.

Once the various rights of access data entered and entered into the database 12, it is appropriate to program or reprogram a corresponding lock 22 with these access rights, and / or possibly with other information specific to the lock. : date and time, algorithms, cryptographic key, free name, etc.

The basic principle of the invention is to operate this programming by reproducing by the speaker of the mobile phone 20 of the master user, as an audio signal, an encrypted acoustic accreditation containing the various information necessary for the programming , the mobile phone 20 being approached to the lock 22 which includes a microphone for capturing this encrypted acoustic accreditation.

The acoustic accreditations, generated by the cryptographic engine 14, can be sent to the mobile telephone 20 via the network of the mobile telephone operator or MNO ( Mobile Network Operator ) 24, itself coupled to the management site 10 by a secure link, for example, an IP link of the https type , or simply by a PGW ( Phone GateWay ) 26 audio telephone gateway for conveying the acoustic accreditations from the generator 14 to the telephone 20 via the audio transmission channels (voice channel) of the network. mobile telephony. Securing the connection between the mobile network 24 and the mobile phone 20 can be operated via a trusted service provider or TSM ( Trusted Service Manager ), able to ensure efficiently and safely the various procedures that the exchange or downloading of information between the management site 10 and the mobile telephone 20 of the master user via the mobile network operator 24 will be described below.

As a variant or in addition, the encrypted acoustic accreditations can be transmitted from the management site 10 to the telephone 20 via the microcomputer 16, by appropriate coupling means 28 such as: wired connection (USB cable) or wireless connection ( Bluetooth ), via an intermediate storage device (SD or MicroSD card, or USB dongle ), or by acoustic coupling between the speaker of the microcomputer and the microphone of the mobile telephone 20 (since the acoustic accreditations are in the form of audio signals).

The Figure 2 illustrates, in block diagram form, the main organs of the mobile telephone 20 and the lock 22.

The telephone 20 comprises a microcontroller 30 coupled to various peripheral devices such as transmission / reception circuit 32, display 34, keyboard 36, data memory 38, UICC card ( Universal Integrated Circuit Card, corresponding to the "SIM card" for GSM telephony functions) 40, and acoustic transducer 42.

• la liste des utilisateurs habilités, ces utilisateurs étant chacun répertorié de façon univoque par un identifiant unique UID (Unique IDentifier) d'une clef constituée d'un objet portatif mis à disposition de l'utilisateur habilité, objet qui peut être - de façon non limitative - une carte ou badge à couplage sans contact avec la serrure (de type RFID notamment), ou bien une télécommande radio ou acoustique, ou encore un téléphone mobile identifié par son numéro d'abonné ;
• pour chaque utilisateur, les conditions d'accès autorisées (jours ou plages horaires, date d'expiration du droit d'accès...) ;
• l'identifiant unique UID de la serrure, qui est un identifiant programmable, répertorié dans la base de données DB du site gestionnaire et permettant de reconnaître la serrure entre toutes, de manière univoque ;
• une dénomination libre ("entrée", "garage", ...) ;
• des algorithmes de reconnaissance et de décodage ;
• des clés cryptographiques.

The lock 22, in turn, comprises a microcontroller 44 and an electromechanical system 46 for controlling the unlocking of a bolt or a handle 48 by order of the microcontroller 44. A data memory 50 retains various clean modifiable data lock, including:

• the list of authorized users, these users being each unambiguously listed by a unique identifier UID ( Unique IDentifier ) of a key consisting of a portable object made available to the authorized user, an object that can be - in a non limiting - a card or badge coupling without contact with the lock (RFID type in particular), or a radio or acoustic remote control, or a mobile phone identified by its subscriber number;
• for each user, the authorized access conditions (days or time slots, expiry date of the access right ...);
• the unique identifier UID of the lock, which is a programmable identifier, listed in the database DB management site and to recognize the lock between all, unequivocally;
• a free name ("entrance", "garage", ...);
• recognition and decoding algorithms;
• cryptographic keys.

The lock has its own power supply means in the form of a battery 52, so as to make it electrically autonomous. An external power supply is nevertheless possible.

Characteristically, the lock 22 is further provided with an acoustic transducer in the form of a microphone 54 making it possible to pick up the surrounding sound signals, in particular the acoustic accreditation which will be reproduced by the loudspeaker 42 of the telephone 20, and transforming the sensed acoustic signals into electrical signals applied to the microcontroller 44 for decoding, checking, and programming or reprogramming in the memory 50 of the various modifiable data indicated above.

Implementation of the invention

Several procedures will now be described for the implementation of the invention with the various elements of the system that has just been described.

1. 1. accès sécurisé (par login + mot de passe) au site gestionnaire 10 ;
2. 2. saisie des UID des serrures et des UID des clés des utilisateurs habilités ;
3. 3. le cas échéant, saisie des numéros d'abonnés mobile des utilisateurs habilités à utiliser un téléphone mobile pour ouvrir les serrures (voire même accrédités pour la programmation) ;
4. 4. affectation éventuelle de noms abrégés de ports aux UID des serrures, et/ou de noms abrégés d'utilisateurs aux UID des clés ;
5. 5. affectation des droits et conditions d'accès aux différents utilisateurs ;
6. 6. validation des saisies précédentes ;
7. 7. le cas échéant (voir plus bas), délivrance par le site gestionnaire du (des) numéro(s) d'appel(s) montant(s) à composer par l'utilisateur-maître pour programmer chaque serrure, cette information pouvant également lui être envoyée par SMS, MMS, e-mail, messagerie instantanée, etc.

Beforehand, if the lists of authorized users and rights of access are not yet in the database DB of the management site 10, or if these data must be updated, the master user (or another user accredited by the latter) must enter them and communicate them to the managing site, by the following successive steps:

1. 1. secure access (by login + password) to the management site 10;
2. 2. entry of lock UIDs and key UIDs of authorized users;
3. 3. where applicable, entry of mobile subscriber numbers of users authorized to use a mobile phone to open locks (or even accredited for programming);
4. 4. possible assignment of short port names to lock UIDs, and / or short user names to key UIDs;
5. 5. assignment of rights and conditions of access to different users;
6. 6. validation of previous entries;
7. 7. if applicable (see below), issuance by the managing site of the number (s) of call (s) amount (s) to be dialed by the master user to program each lock, this information may It can also be sent by SMS, MMS, e-mail, instant messenger, etc.

When he wishes to program or reprogram a lock, the master user receives from the management site 10 the data that must be entered or updated in the memory 50 of the lock 22, via the microcomputer 16 and the coupling 28, or directly via the mobile operator 24.

As indicated above, the data received from the remote management site 10 may comprise, in addition to the access rights attached to each authorized user, a certain number of lock-specific information such as: algorithm used, cryptographic key, abbreviated name, etc. The update may also concern the date and time of the internal clock of the microcontroller 44, remotely from the management site 10.

• la date et l'heure, lorsque l'on veut mettre à jour ces informations depuis le téléphone mobile au lieu de le faire depuis le site gestionnaire 10);
• le numéro IMEI qui identifie le téléphone de manière unique ;
• l'identifiant de la carte UICC 40 (identifiant de carte SIM) ;
• éventuellement, des informations de localisation géographique donnant la position du téléphone 20 au moment de la programmation (coordonnées GPS si le téléphone est équipé de cette fonction, ou localisation approchée d'après la cellule du réseau depuis laquelle émet le téléphone).

The programming data may also include data that is specific to the mobile phone of the master user, such as:

• the date and time, when we want to update this information from the mobile phone instead of from the manager site 10);
• the IMEI number that uniquely identifies the phone;
• the identifier of the UICC 40 card (SIM card identifier);
• possibly, geographical location information giving the position of the telephone 20 at the time of programming (GPS coordinates if the phone is equipped with this function, or approximate location according to the cell of the network from which the phone is transmitting).

To program the lock, the user presents his phone 20 in front of the lock 22 that he wishes to program and triggers the transmission, in the form of an audible signal, of the corresponding acoustic accreditation. This broadcast can also be triggered (as will be explained below) by the simple answer or the stall to a downward call to the attention of the mobile phone of the master user from the remote manager site.

The acoustic accreditation, picked up by the microphone 54 of the lock, is analyzed by the microcontroller 44 which, in the event of conformity, controls the programming or the updating of the corresponding information in the memory 50.

The fact that encrypted audio accreditation is a one-time accreditation prevents fraud by registration and duplication of accreditation.

A precaution to increase the security consists in providing additional validation by the user, for example the entry of a personal code type "PIN code" before the issuance of acoustic accreditation, or a biometric type validation by a biometric reader incorporated in the telephone or by means of a voice recognition system using the microphone of the telephone (the specific biometric fingerprint can be stored in the memory 38 of the telephone, or in the UICC card 40, or in the database 12).

Advantageously, the lock 22 is provided with means making it possible to send back an acoustic signal validating the proper execution of the programming operation.

It is possible to use for this purpose the transducer 54 of the lock by operating in reverse mode (to emit sound signals instead of capturing them), or to provide a specific transducer to reproduce sound signals.

The audible signal thus emitted by the lock will be picked up by the microphone of the telephone 20 and translated by an applet of the telephone in an audible or visual message to the master user to confirm (or deny) the proper execution of the programming. The applet can also keep a record of the locks that have been programmed and those that have not yet been programmed, for example by displaying a list of locks, to alert the master user if he has forgotten to program some of them.

Advantageously, it is possible to take advantage of the feedback after programming the lock to recover data stored in the latter, or status information such as low battery signal, need for maintenance, malfunction, opening evidence. etc. This data or information can be translated by the applet of the phone into alert messages ( "low battery", ...) displayed on the phone screen, these messages being repeated if necessary at regular intervals.

Moreover, this data or information can be advantageously sent to the management site via the mobile network 24, thus taking advantage of the establishment by the master user of a link in the downstream direction (from the management site to the lock) to retrace information in the opposite direction (from the lock to the management site). In other words, the master user, during programming or reprogramming, becomes for the system a source of information. This way of proceeding is particularly advantageous here, because it concerns locks of stand alone type , that is to say operating in a completely autonomous way without being connected to any local network which would allow the exchange of data or transmit certain status or fault messages.

Advantageously, before operating the programming itself, the phone 20 reproduces a specific logon accreditation, able to bring the lock into a programming mode different from its normal operation. Once the programming has been completed, another specific acoustic accreditation removes the lock from the programming mode and returns it to its normal operating mode. This way of proceeding is particularly advantageous for increasing security when the lock is an acoustically controlled lock, that is to say that the subsequent unlocking by the authorized user will be done by issuing an encrypted acoustic accreditation, a nature similar to the acoustic accreditation used in programming.

Another improvement is to avoid fraud consisting of removing a lock already programmed to remount, as such, to another location. For this purpose, the lock 22 stores the geographical location information (GPS coordinates or other) of the phone 20 when the latter operates the programming. The lock also comprises means for collecting the geographic location information of the user's phone who will later appear as an authorized user, and compare these coordinates to those that have been stored at the time of programming, and the opening does not will be allowed only if the information matches, to a given margin of error. In the absence of network or GPS coverage at the time of access is requested by the user, the location data used will be the most recent data obtained before the loss of contact, with in this case a higher margin of error, defined by the system administrator.

Several ways are now described in which the management site 10 can issue the accreditation to the mobile telephone 20, in particular when this delivery takes place via the network of the mobile operator 24.

1 °) Online mode (direct issue of accreditation)

When he wishes to program the lock 22, the master user comes into contact with the management site 10 by any appropriate means. This can be obtained by calling a telephone number, or by a call back method: in this case, the master user contacts the telephone or by a message (SMS, MMS, e-mail, e-mail instant, etc.) with the manager site, which does not respond immediately, but after hanging up rings the mobile phone 20 for the master user to establish contact with the management site (the number called back by the manager site) being the subscriber number, listed in the DB database, of the master user or any other user authorized by the latter).

If the programming parameters have been previously defined in the manner indicated above, it is sufficient for the master user to validate these parameters as well as his mobile telephone subscriber number with the management site 10.

The simple response of the management site to the call of the master user, or in case of call-back the stall by the latter, causes the immediate and direct transmission of authorization encrypted acoustic accreditation.

In this embodiment, regardless of how the master user contacts the remote management site, the latter delivers the acoustic accreditation directly to the master user, "online", without intermediate storage. .

This embodiment is particularly simple to implement, insofar as it suffices to use the existing infrastructure without adaptation. prior to the phone, including without any need to load an applet or applet, including midlet or cardlet type . The invention can thus be implemented with any type of mobile phone, even very simple, and without any prior intervention on it. Another advantage lies in the possibility of verifying in real time the authorization of the master user. Moreover, thanks to this online mode, it is possible to have at the management site information on the use made of acoustic accreditation, including the date and time of the programming, and possibly the geographical location. this operation (by identifying the network cell from which the master user calls).

On the other hand, this mode implies having access to the mobile network, which is not always possible (cellars, uncovered areas, etc.). On the other hand it does not in principle allow to have, at the user's choice, several accreditations corresponding to several possible locks, to the extent that it is necessary to have a "one for one" correspondence between accreditation and lock .

In case of plurality of locks, it is possible to provide a step validation after each lock, or to use a different call number for each lock.

2 °) Semi-online mode (offline online mode with download)

This mode is usable in particular if access to the network is not assured at the time of use. In this case, the master user connects in advance to the management site and receives from it the accreditation corresponding to the lock he wants to program, or more of these accreditations, in case of plurality of locks to program. These accreditations are stored securely in the phone or in a peripheral memory of the phone (for example an SD or MicroSD card ).

Here again, the prior contact with the management site 10 can be established either directly on sending to the site of a request sent by the mobile phone of the master user, or via a descendant message sent by the remote management site to a number subscriber number previously specified by the master user (or the number of any other user authorized by the latter).

When the master user wants to program a lock, he launches an application integrated into his phone that searches for the corresponding accreditation among those that have been stored, reproduces it to program the lock, and then deletes it from memory. And so on to use the following accreditations.

The application allowing this implementation is an applet stored in the phone, previously sent to it by the mobile network operator, or by downloading to an external medium (SD or MicroSD card ), or via a connection Internet. In the case of a download via the mobile network operator, the management site will have previously sent a message such as "push SMS" or "WAP push" to the phone, to identify the brand and model of this one and present to the master-user a link allowing the download of the applet.

3 °) Offline mode

In this embodiment, the acoustic accreditations are generated locally, by the telephone itself. For this purpose, the phone contains an applet or applet, including cardlet type (stored in the UICC card 40) or midlet (stored in the memory 38 of the telephone). This applet is downloaded by any appropriate means, in the same way as that used in the previous implementation mode: download via the mobile operator, via the internet, etc., or preloaded in the phone to the acquisition of the one -this.

The management site 10 sends the telephone 20 an "accreditation data", which here is no longer the acoustic accreditation itself, but a cryptographic key, stored in the UICC card 40 for security reasons. This cryptographic key, combined with the applet, will constitute a cryptographic generator within the telephone 20. When he wishes to program a lock, the master user controls the generation of acoustic accreditation by the internal applet and its reproduction by the transducer of his phone.

4 °) "Attachment" mode

This mode of implementation is a variant of the semi-in-line mode.

The difference is mainly because the accreditations are not sent by the voice channel of the mobile network, but in the form of a file attached to a message type email, MMS or IM.

The advantage of this solution is to use the means of downloading pre-existing files into the phone, especially with the phones with sophisticated smartphone- type functions , and this without the need to download beforehand a specific application, from keep it in the phone and have it run when the time comes. The file can also be downloaded via the microcomputer 16 and the coupling 28 with the telephone 20.

Claims (16)

A secure locking device opening control system, comprising: - At least one lock device (22) provided with electronic circuits for the conditional control of mechanical locking / unlocking members according to previously defined access rights; - a mobile phone (20) available to a master user; and a remote management site (10), characterized in that : - the remote management site includes: A database (12) of lock devices and authorized users, with for each lock device an associated unique identifier, a list of authorized users with corresponding data of access rights, and possibly additional data ; and An accreditation data generator (14), the accreditations being acoustic accreditations encrypted in the form of single-use audio signals, capable of allowing the programming of the lock devices by the access rights listed in the database and / or by said additional data; the system comprises means for securely transmitting said credentials of the management site to the mobile telephone of the master user; the telephone (20) comprises an electro-acoustic transducer (42) capable of reproducing said acoustic accreditations; the lock device (22) comprises: An electro-acoustic transducer (54) adapted to capture the acoustic accreditations reproduced by the telephone transducer previously placed close to the lock device; and · Means for recognizing, analyzing and authenticating the acoustic accreditations captured by the transducer, and programming access rights and / or additional data on recognition of a conforming accreditation. The system of claim 1, wherein the means for securely transmitting the accreditation data from the management site to the mobile telephone of the master user comprises means (28) for coupling this mobile telephone with a computer terminal (16) connected to the management site. The system of claim 1, wherein the means for securely transmitting the credentials of the manager site to the mobile phone of the master user includes a mobile network operator (24) coupled to the manager site and the phone of the user master. The system of claim 1, wherein, for generating the accreditation data to be transmitted to the telephone, the managing site is able to combine the authorized access rights data with the authorized users with additional data specific to the lock and obtained at the manager site, and to generate an acoustic accreditation function of both said access rights data and said additional data. The system of claim 1, wherein the telephone is adapted to combine the accreditation data transmitted by the management site with additional data inherent to the telephone and obtained locally, and to generate an acoustic accreditation function both of said data of accreditation and said additional data. The system of claim 5, wherein said additional data further comprises geographic location information of the telephone at the time of the programming operation, and the lock device further comprises means for storing said geographic location information at the programming, and compare it later with a geographical location information of a user's phone at the time of an attempt to open the lock device by this user. The system of claim 1, wherein the phone is capable of: prior to the reproduction of the acoustic accreditations for programming the access rights, to reproduce a specific log-in accreditation able to bring the lock device into a programming mode; and - possibly, after reproduction of said acoustic accreditation programming, reproduce a specific logoff accreditation own to get out the lock device of said programming mode. The system of claim 1, wherein: the lock device comprises an electro-acoustic transducer capable of reproducing acoustic signals in return, generated by the lock device and coded by data specific to the lock device; and the telephone comprises an electro-acoustic transducer capable of sensing said signals in return. The system of claim 8, wherein the telephone further comprises means for decoding said feedback signals and optionally displaying to the user a message according to said lock device specific data. The system of claim 8, wherein the telephone further comprises means for transmitting to said management site said feedback signals encoded by said lock device specific data. The system of claim 1, wherein the telephone further comprises means for storing and updating a list of previously programmed lock devices and lockout devices not yet programmed. The system of claim 1, further comprising means for conditioning the reproduction of the acoustic accreditation by the transducer of the telephone to the prior presentation of a personal validation data delivered by the master user over the telephone. The system of claim 1 including means for: - check the authorization of the master user to operate a programming of the lock device; generating an acoustic accreditation by the generator (14) of the management site; and - Transmit this accreditation to the phone, for direct reproduction by the transducer thereof previously placed near the transducer of the lock device. The system of claim 1 including means for: - check the authorization of the master user to operate a programming of the lock device; generating an acoustic accreditation by the generator (14) of the management site; and - Activate an internal application of the phone to download said accreditation and store it in a memory (32) of the phone, then, in a second step: - Activate the internal applet to reproduce the accreditation by the transducer of the phone previously placed near the transducer of the lock device. The system of claim 1, wherein: the telephone contains an internal applet forming, in combination with a cryptographic key, a cryptographic generator; the accreditation data transmitted by the remote management site to the telephone is said cryptographic key, so as to allow, on command of the master user, the generation of acoustic accreditation by the inner applet and its reproduction by the transducer of the telephone previously placed near the transducer of the lock device. The system of claim 1 including means for: - check the authorization of the master user to operate a programming of the lock device; generating an acoustic accreditation by the generator (14) of the managing site and converting this accreditation into an audio file; - transmit on the phone this audio file for download and storage in a phone memory,
then, in a second step: - reproduce the audio file by the phone's transducer previously placed near the transducer of the lock device.

Images