EP2284803B1 - Secure system for programming electronically controlled lock devices using encoded acoustic verifications - Google Patents
Secure system for programming electronically controlled lock devices using encoded acoustic verifications Download PDFInfo
- Publication number
- EP2284803B1 EP2284803B1 EP09167248A EP09167248A EP2284803B1 EP 2284803 B1 EP2284803 B1 EP 2284803B1 EP 09167248 A EP09167248 A EP 09167248A EP 09167248 A EP09167248 A EP 09167248A EP 2284803 B1 EP2284803 B1 EP 2284803B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- telephone
- accreditation
- acoustic
- lock
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Not-in-force
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00817—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00817—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
- G07C2009/00825—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed remotely by lines or wireless communication
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00817—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
- G07C2009/00841—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed by a portable device
Definitions
- the invention relates to lock devices electrically controlled by means of a portable object forming a key, such as a card or a contactless badge, or also a mobile phone equipped with coupling means (inductive, radiofrequency, acoustic, .. .) to the lock.
- a portable object forming a key such as a card or a contactless badge
- a mobile phone equipped with coupling means inductive, radiofrequency, acoustic, .. .
- lock device is meant not only a lock stricto sensu, that is to say a mechanism placed for example on a door to condemn the opening, but also any device to achieve a comparable result, for example a lock gun considered in isolation, or a more specific locking device comprising various members not grouped in the same lock box, the ultimate goal being to obtain the conviction by mechanical means of physical access to a place or given space, and access to this place or space by unlocking the lock device, on the order of a user, after verification that this user has access rights (i) that are specific to him and (ii) who are specific to the lock device.
- the lock device may also include, or be associated with, an alarm system that is to disable to allow access to a given space, or conversely activate to protect this space before or after the to have left.
- each lock is connected to a network for centralized access management and rights control.
- the invention aims more particularly, but not exclusively, at another type of installation, where the locks are autonomous devices, each of them memorizing internally the access rights attached thereto (authorized users and, for each, possible restrictions of access).
- the programming of this type of lock involves an on-site intervention of an operator (hereinafter "master-user") equipped with a device that can be coupled to the lock to register or update the access rights. .
- the update can also relate to various other operating parameters of the lock such as date and time, identification data, calculation algorithms, cryptographic elements, etc.
- One of the aims of the present invention is to propose a new programming technique for these locks, which can be easily implemented by means of a mobile telephone, and in a manner sufficiently simple to be within the reach of a non-professional master user of average skill.
- Another object of the invention is to propose a lock programming technique having a maximum level of security, a very great flexibility of implementation, and which can be used with any conventional mobile phone, pre-existing, without the need for master-user does not need to use a particular programming device.
- the system of the invention can thus be immediately generalizable and usable by everyone, benefiting from the security and flexibility of modern cryptographic techniques.
- the principle of the invention is based on the use of encrypted acoustic accreditations for programming the lock.
- acoustic accreditations are for example in the form of a coded series of tones (DTMF tones or other), emitted by the speaker of a transmitting device and picked up by the microphone of a receiving device.
- these encrypted acoustic accreditations are "downward" accreditations, that is to say they come from a remote management site and transmitted to the mobile phone of the master user.
- the master user approaches his phone lock and triggers the emission of the series of tones corresponding to the acoustic accreditation encrypted by the speaker of his phone, so that these tones can be captured by a built-in microphone or coupled to the lock.
- the latter decodes the accreditation, verifies it and in case of program compliance or reprograms the access rights in its internal memory.
- This document describes a technique for securing logical access to a computer network by a remote terminal, for example by a computer connected to this network via the Internet.
- the user connects to the network with his computer, simultaneously lights his mobile phone, and calls through it a control site interfaced with the network to which access is requested.
- the network sends a sound signal (Acoustic Accreditation) to the remote computer that has just connected, a signal that is reproduced by the speaker of the computer.
- This sound signal is picked up by the telephone, transmitted to the remote control site via the mobile telephone network operator and "listened to" by the control site, who can then check accreditation and authorize access to the computer network by the terminal.
- the acoustic accreditation is picked up by the microphone of the telephone which transmits it to the control site. Knowing the recipient of the phone call, the control site can identify the user through the mobile phone used for this operation, and thus allow logical access to the network by the terminal located near the phone identified.
- the present invention relates to a system of the general type disclosed by the WO03 / 093997 A1 above, comprising the elements set forth in the preamble of claim 1.
- the invention proposes to combine the elements listed in the characteristic part of claim 1.
- One of the essential elements of the invention is a secure management site 10 centralizing in a DB 12 database information for identifying and identifying a number of locks with their associated access rights data, including a list of authorized users with, for each, the authorized access conditions: access reserved for certain days or certain time slots, expiry date of the access right, etc.
- the database also lists for each lock a Unique IDentifier (UID) that is uniquely assigned and uniquely identifies the lock. in the various data exchange protocols.
- the lock can also be identified by a free name ("entrance”, “garage”, “cellar”, etc.), in particular to facilitate the selection by a user of one of several locks, in the same way as a label which would be attached to a traditional key.
- Other data may also be stored by the database, including the algorithms used by the lock, one or more cryptographic keys, etc.
- the management site 10 also comprises a cryptographic engine forming a generator 14 of accreditation data.
- the "credentials" are encrypted acoustic accreditations in the form of single-use audio signals, for example (but not limited to) consisting of a succession of tones double DTMF. These audio signals are designed so that they can be conveyed by audio transmission channels and reproduced as such by acoustic transducers.
- the programming of a lock involves, in the first place, defining or updating in the database DB the list of authorized users, with for each the corresponding access conditions. This information will be communicated to the management site 10 by an authorized operator (hereinafter referred to as "master user") during an initial phase.
- master user an authorized operator
- the programming may also involve, in addition to the determination of the access rights, the updating of other information specific to the lock and relating to its operation, such as: date and time, algorithm used for recognition and decoding of acoustic accreditations, cryptographic key, and free denomination.
- the entry by the master-user of the lists of authorized users and the corresponding access rights can be done conveniently by means of a microcomputer 16 connected to the management site 10 by a secure link, for example an IP link of type https 18.
- microcomputer 16 The use of a microcomputer 16 is however not essential, the master operator can also enter the data relating to rights of access by means of his mobile phone 20, the latter operating during this initial phase as a terminal connected to the remote management site 10 via a mobile operator.
- the basic principle of the invention is to operate this programming by reproducing by the speaker of the mobile phone 20 of the master user, as an audio signal, an encrypted acoustic accreditation containing the various information necessary for the programming , the mobile phone 20 being approached to the lock 22 which includes a microphone for capturing this encrypted acoustic accreditation.
- the acoustic accreditations, generated by the cryptographic engine 14, can be sent to the mobile telephone 20 via the network of the mobile operator or MNO ( Mobile Network Operator ) 24, itself coupled to the management site 10 by a secure link, for example, an IP link of the https type , or simply by a PGW ( Phone GateWay ) 26 audio telephone gateway for conveying the acoustic accreditations from the generator 14 to the telephone 20 via the audio transmission channels (voice channel) of the network.
- MNO Mobile Network Operator
- PGW Phone GateWay
- TSM Trusted Service Manager
- the encrypted acoustic accreditations can be transmitted from the management site 10 to the telephone 20 via the microcomputer 16, by appropriate coupling means 28 such as: wired connection (USB cable) or wireless connection ( Bluetooth ), via an intermediate storage device (SD or MicroSD card, or USB dongle ), or by acoustic coupling between the speaker of the microcomputer and the microphone of the mobile telephone 20 (since the acoustic accreditations are in the form of audio signals).
- appropriate coupling means 28 such as: wired connection (USB cable) or wireless connection ( Bluetooth ), via an intermediate storage device (SD or MicroSD card, or USB dongle ), or by acoustic coupling between the speaker of the microcomputer and the microphone of the mobile telephone 20 (since the acoustic accreditations are in the form of audio signals).
- the Figure 2 illustrates, in block diagram form, the main organs of the mobile telephone 20 and the lock 22.
- the telephone 20 comprises a microcontroller 30 coupled to various peripheral devices such as transmission / reception circuit 32, display 34, keyboard 36, data memory 38, UICC card ( Universal Integrated Circuit Card, corresponding to the "SIM card” for GSM telephony functions) 40, and acoustic transducer 42.
- peripheral devices such as transmission / reception circuit 32, display 34, keyboard 36, data memory 38, UICC card ( Universal Integrated Circuit Card, corresponding to the "SIM card” for GSM telephony functions) 40, and acoustic transducer 42.
- the lock has its own power supply means in the form of a battery 52, so as to make it electrically autonomous. An external power supply is nevertheless possible.
- the lock 22 is further provided with an acoustic transducer in the form of a microphone 54 making it possible to pick up the surrounding sound signals, in particular the acoustic accreditation which will be reproduced by the loudspeaker 42 of the telephone 20, and transforming the sensed acoustic signals into electrical signals applied to the microcontroller 44 for decoding, checking, and programming or reprogramming in the memory 50 of the various modifiable data indicated above.
- an acoustic transducer in the form of a microphone 54 making it possible to pick up the surrounding sound signals, in particular the acoustic accreditation which will be reproduced by the loudspeaker 42 of the telephone 20, and transforming the sensed acoustic signals into electrical signals applied to the microcontroller 44 for decoding, checking, and programming or reprogramming in the memory 50 of the various modifiable data indicated above.
- the master user When he wishes to program or reprogram a lock, the master user receives from the management site 10 the data that must be entered or updated in the memory 50 of the lock 22, via the microcomputer 16 and the coupling 28, or directly via the mobile operator 24.
- the data received from the remote management site 10 may comprise, in addition to the access rights attached to each authorized user, a certain number of lock-specific information such as: algorithm used, cryptographic key, abbreviated name, etc.
- the update may also concern the date and time of the internal clock of the microcontroller 44, remotely from the management site 10.
- the user presents his phone 20 in front of the lock 22 that he wishes to program and triggers the transmission, in the form of an audible signal, of the corresponding acoustic accreditation.
- This broadcast can also be triggered (as will be explained below) by the simple answer or the stall to a downward call to the attention of the mobile phone of the master user from the remote manager site.
- the acoustic accreditation, picked up by the microphone 54 of the lock, is analyzed by the microcontroller 44 which, in the event of conformity, controls the programming or the updating of the corresponding information in the memory 50.
- a precaution to increase the security consists in providing additional validation by the user, for example the entry of a personal code type "PIN code” before the issuance of acoustic accreditation, or a biometric type validation by a biometric reader incorporated in the telephone or by means of a voice recognition system using the microphone of the telephone (the specific biometric fingerprint can be stored in the memory 38 of the telephone, or in the UICC card 40, or in the database 12).
- the lock 22 is provided with means making it possible to send back an acoustic signal validating the proper execution of the programming operation.
- transducer 54 of the lock it is possible to use for this purpose the transducer 54 of the lock by operating in reverse mode (to emit sound signals instead of capturing them), or to provide a specific transducer to reproduce sound signals.
- the audible signal thus emitted by the lock will be picked up by the microphone of the telephone 20 and translated by an applet of the telephone in an audible or visual message to the master user to confirm (or deny) the proper execution of the programming.
- the applet can also keep a record of the locks that have been programmed and those that have not yet been programmed, for example by displaying a list of locks, to alert the master user if he has forgotten to program some of them.
- this data or information can be advantageously sent to the management site via the mobile network 24, thus taking advantage of the establishment by the master user of a link in the downstream direction (from the management site to the lock) to retrace information in the opposite direction (from the lock to the management site).
- the master user during programming or reprogramming, becomes for the system a source of information.
- This way of proceeding is particularly advantageous here, because it concerns locks of stand alone type , that is to say operating in a completely autonomous way without being connected to any local network which would allow the exchange of data or transmit certain status or fault messages.
- the phone 20 before operating the programming itself, the phone 20 reproduces a specific logon accreditation, able to bring the lock into a programming mode different from its normal operation.
- another specific acoustic accreditation removes the lock from the programming mode and returns it to its normal operating mode.
- This way of proceeding is particularly advantageous for increasing security when the lock is an acoustically controlled lock, that is to say that the subsequent unlocking by the authorized user will be done by issuing an encrypted acoustic accreditation, a nature similar to the acoustic accreditation used in programming.
- the lock 22 stores the geographical location information (GPS coordinates or other) of the phone 20 when the latter operates the programming.
- the lock also comprises means for collecting the geographic location information of the user's phone who will later appear as an authorized user, and compare these coordinates to those that have been stored at the time of programming, and the opening does not will be allowed only if the information matches, to a given margin of error.
- the location data used will be the most recent data obtained before the loss of contact, with in this case a higher margin of error, defined by the system administrator.
- the management site 10 can issue the accreditation to the mobile telephone 20, in particular when this delivery takes place via the network of the mobile operator 24.
- the master user comes into contact with the management site 10 by any appropriate means. This can be obtained by calling a telephone number, or by a call back method: in this case, the master user contacts the telephone or by a message (SMS, MMS, e-mail, e-mail instant, etc.) with the manager site, which does not respond immediately, but after hanging up rings the mobile phone 20 for the master user to establish contact with the management site (the number called back by the manager site) being the subscriber number, listed in the DB database, of the master user or any other user authorized by the latter).
- SMS Ses, MMS, e-mail, e-mail instant, etc.
- the latter delivers the acoustic accreditation directly to the master user, "online", without intermediate storage. .
- This embodiment is particularly simple to implement, insofar as it suffices to use the existing infrastructure without adaptation. prior to the phone, including without any need to load an applet or applet, including midlet or cardlet type .
- the invention can thus be implemented with any type of mobile phone, even very simple, and without any prior intervention on it.
- Another advantage lies in the possibility of verifying in real time the authorization of the master user.
- it is possible to have at the management site information on the use made of acoustic accreditation, including the date and time of the programming, and possibly the geographical location. this operation (by identifying the network cell from which the master user calls).
- this mode implies having access to the mobile network, which is not always possible (cellars, uncovered areas, etc.).
- This mode is usable in particular if access to the network is not assured at the time of use.
- the master user connects in advance to the management site and receives from it the accreditation corresponding to the lock he wants to program, or more of these accreditations, in case of plurality of locks to program.
- These accreditations are stored securely in the phone or in a peripheral memory of the phone (for example an SD or MicroSD card ).
- the prior contact with the management site 10 can be established either directly on sending to the site of a request sent by the mobile phone of the master user, or via a descendant message sent by the remote management site to a number subscriber number previously specified by the master user (or the number of any other user authorized by the latter).
- the application allowing this implementation is an applet stored in the phone, previously sent to it by the mobile network operator, or by downloading to an external medium (SD or MicroSD card ), or via a connection Internet.
- the management site will have previously sent a message such as "push SMS” or "WAP push” to the phone, to identify the brand and model of this one and present to the master-user a link allowing the download of the applet.
- the acoustic accreditations are generated locally, by the telephone itself.
- the phone contains an applet or applet, including cardlet type (stored in the UICC card 40) or midlet (stored in the memory 38 of the telephone).
- This applet is downloaded by any appropriate means, in the same way as that used in the previous implementation mode: download via the mobile operator, via the internet, etc., or preloaded in the phone to the acquisition of the one -this.
- the management site 10 sends the telephone 20 an "accreditation data", which here is no longer the acoustic accreditation itself, but a cryptographic key, stored in the UICC card 40 for security reasons.
- This cryptographic key combined with the applet, will constitute a cryptographic generator within the telephone 20.
- the master user controls the generation of acoustic accreditation by the internal applet and its reproduction by the transducer of his phone.
- This mode of implementation is a variant of the semi-in-line mode.
- the difference is mainly because the accreditations are not sent by the voice channel of the mobile network, but in the form of a file attached to a message type email, MMS or IM.
- the advantage of this solution is to use the means of downloading pre-existing files into the phone, especially with the phones with sophisticated smartphone- type functions , and this without the need to download beforehand a specific application, from keep it in the phone and have it run when the time comes.
- the file can also be downloaded via the microcomputer 16 and the coupling 28 with the telephone 20.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Lock And Its Accessories (AREA)
- Telephonic Communication Services (AREA)
Description
L'invention concerne les dispositifs de serrure commandés électriquement au moyen d'un objet portatif formant clé, tel qu'une carte ou un badge sans contact, ou également un téléphone mobile équipé de moyens de couplage (inductif, radiofréquence, acoustique, ...) à la serrure.The invention relates to lock devices electrically controlled by means of a portable object forming a key, such as a card or a contactless badge, or also a mobile phone equipped with coupling means (inductive, radiofrequency, acoustic, .. .) to the lock.
Par "dispositif de serrure" on entendra non seulement une serrure stricto sensu, c'est-à-dire un mécanisme posé par exemple sur une porte pour en condamner l'ouverture, mais également tout dispositif permettant d'aboutir à un résultat comparable, par exemple un canon de serrure considéré isolément, ou un dispositif de verrouillage plus spécifique comprenant divers organes non regroupés dans un même coffre de serrure, le but final étant d'obtenir la condamnation par des moyens mécaniques de l'accès physique à un lieu ou espace donné, et l'accès à ce lieu ou espace par déverrouillage du dispositif de serrure, sur commande d'un utilisateur, après vérification que cet utilisateur dispose bien des droits d'accès (i) qui lui sont propres et (ii) qui sont propres au dispositif de serrure. Le dispositif de serrure peut également comprendre, ou être associé à, un système d'alarme qu'il s'agit de désactiver pour permettre l'accès à un espace donné, ou inversement d'activer pour protéger cet espace avant ou après l'avoir quitté.By "lock device" is meant not only a lock stricto sensu, that is to say a mechanism placed for example on a door to condemn the opening, but also any device to achieve a comparable result, for example a lock gun considered in isolation, or a more specific locking device comprising various members not grouped in the same lock box, the ultimate goal being to obtain the conviction by mechanical means of physical access to a place or given space, and access to this place or space by unlocking the lock device, on the order of a user, after verification that this user has access rights (i) that are specific to him and (ii) who are specific to the lock device. The lock device may also include, or be associated with, an alarm system that is to disable to allow access to a given space, or conversely activate to protect this space before or after the to have left.
Pour la simplicité de la description, on parlera par la suite simplement de "serrure", mais ce terme doit être entendu dans son sens le plus large, sans aucun caractère restrictif à un type d'équipement particulier. L'invention concerne plus précisément la programmation de ces serrures par les "droits d'accès" qui leur correspondent, c'est-à-dire l'indication des utilisateurs habilités à ouvrir telle ou telle serrure, avec pour chacun d'entre eux une définition des droits qui lui sont propres, droits qui peuvent par exemple être limités dans le temps (péremption du droit d'accès), ou limités à certains jours de la semaine, ou à certaines plages horaires, etc. Dans certains systèmes, chaque serrure est reliée à un réseau permettant une gestion centralisée des accès et du contrôle des droits. Ces systèmes sont bien adaptés à des environnements d'entreprise ou hôteliers, mais beaucoup moins à des applications de type résidentiel, ou bien à la modernisation d'installations préexistantes où il serait difficilement envisageable de créer un réseau local, avec notamment toutes les difficultés de câblage que cela impliquerait.For simplicity of description, we will speak later simply "lock", but this term must be understood in its broadest sense, without any restrictive character to a particular type of equipment. The invention relates more precisely to the programming of these locks by the "access rights" which correspond to them, that is to say the indication of the users authorized to open such or such lock, with for each of them a definition of the rights that are specific to it, rights that may for example be limited in time (expiry of the right of access), or limited to certain days of the week, or at certain times, etc. In some systems, each lock is connected to a network for centralized access management and rights control. These systems are well suited to corporate or hotel environments, but much less so to residential-type applications, or to the modernization of pre-existing facilities where it would be difficult to imagine creating a local network, including all the difficulties of wiring that would imply.
L'invention vise plus particulièrement, mais de façon non exclusive, un autre type d'installations, où les serrures sont des dispositifs autonomes, chacune d'entre elles mémorisant en interne les droits d'accès qui lui sont attachés (utilisateurs habilités et, pour chacun, restrictions éventuelles d'accès).The invention aims more particularly, but not exclusively, at another type of installation, where the locks are autonomous devices, each of them memorizing internally the access rights attached thereto (authorized users and, for each, possible restrictions of access).
La programmation de ce type de serrure implique une intervention sur place d'un opérateur (ci-après "utilisateur-maître") muni d'un appareil qui puisse être couplé à la serrure pour y inscrire ou mettre à jour les droits d'accès. La mise à jour peut également concerner divers autres paramètres de fonctionnement de la serrure tels que date et heure, données d'identification, algorithmes de calcul, éléments cryptographiques, etc.The programming of this type of lock involves an on-site intervention of an operator (hereinafter "master-user") equipped with a device that can be coupled to the lock to register or update the access rights. . The update can also relate to various other operating parameters of the lock such as date and time, identification data, calculation algorithms, cryptographic elements, etc.
Les
En pratique, la programmation de telles serrures autonomes est une opération délicate, nécessitant un appareillage spécifique et coûteux ainsi qu'un apprentissage préalable, obligeant la plupart du temps à recourir à un opérateur professionnel.In practice, programming such autonomous locks is a delicate operation, requiring specific and expensive equipment and prior learning, forcing most of the time to use a professional operator.
Ces inconvénients sont un frein important au déploiement de ces systèmes de serrures autonomes.These disadvantages are a major obstacle to the deployment of these autonomous lock systems.
Il serait à cet égard souhaitable de pouvoir disposer d'un moyen de programmation simple à mettre en oeuvre et ne nécessitant pas d'appareillage spécifique, de sorte que la programmation puisse être réalisée par des manipulations simples, à la portée de tout un chacun.It would be desirable in this regard to have a simple programming means to implement and not requiring specific equipment, so that the programming can be performed by simple manipulations, within the reach of everyone.
Ceci permettrait notamment de développer les applications résidentielles, où les clients souhaitent pouvoir programmer eux-mêmes les serrures qu'ils ont acquises, et/ou les mettre à jour eux-mêmes sans recours à un professionnel, notamment chaque fois qu'il est nécessaire de modifier les droits d'accès ou en créer de nouveaux.This would in particular allow the development of residential applications, where customers wish to be able to program themselves the locks they have acquired, and / or update them themselves without recourse to a professional, in particular whenever it is necessary. modify access rights or create new ones.
L'un des buts de la présente invention est de proposer une nouvelle technique de programmation de ces serrures, qui puisse être mise en oeuvre aisément au moyen d'un téléphone mobile, et d'une façon suffisamment simple pour être à la portée d'un utilisateur-maître non professionnel d'habileté moyenne.One of the aims of the present invention is to propose a new programming technique for these locks, which can be easily implemented by means of a mobile telephone, and in a manner sufficiently simple to be within the reach of a non-professional master user of average skill.
Un autre but de l'invention est de proposer une technique de programmation de serrures présentant un niveau de sécurité maximal, une très grande souplesse de mise en oeuvre, et qui soit utilisable avec n'importe quel téléphone mobile conventionnel, préexistant, sans que l'utilisateur-maître n'ait besoin de recourir à un appareil de programmation particulier. Le système de l'invention pourra être ainsi immédiatement généralisable et utilisable par tout un chacun, en bénéficiant de la sécurité et de la souplesse propres aux techniques cryptographiques modernes.Another object of the invention is to propose a lock programming technique having a maximum level of security, a very great flexibility of implementation, and which can be used with any conventional mobile phone, pre-existing, without the need for master-user does not need to use a particular programming device. The system of the invention can thus be immediately generalizable and usable by everyone, benefiting from the security and flexibility of modern cryptographic techniques.
Le principe de l'invention repose sur l'utilisation d'accréditations acoustiques chiffrées pour la programmation de la serrure. Ces accréditations acoustiques se présentent par exemple sous forme d'une série codée de tonalités (tonalités DTMF ou autres), émises par le haut-parleur d'un dispositif émetteur et captées par le microphone d'un dispositif récepteur. Dans le cas de l'invention, ces accréditations acoustiques chiffrées sont des accréditations "descendantes", c'est-à-dire qu'elles sont issues d'un site gestionnaire distant et transmises au téléphone mobile de l'utilisateur-maître. Pour utiliser l'accréditation, l'utilisateur-maître approche son téléphone de la serrure et déclenche l'émission de la série de tonalités correspondant à l'accréditation acoustique chiffrée par le haut-parleur de son téléphone, de manière que ces tonalités puissent être captées par un microphone incorporé ou couplé à la serrure. Cette dernière décode l'accréditation, la vérifie et en cas de conformité programme ou reprogramme les droits d'accès dans sa mémoire interne.The principle of the invention is based on the use of encrypted acoustic accreditations for programming the lock. These acoustic accreditations are for example in the form of a coded series of tones (DTMF tones or other), emitted by the speaker of a transmitting device and picked up by the microphone of a receiving device. In the case of the invention, these encrypted acoustic accreditations are "downward" accreditations, that is to say they come from a remote management site and transmitted to the mobile phone of the master user. To use the accreditation, the master user approaches his phone lock and triggers the emission of the series of tones corresponding to the acoustic accreditation encrypted by the speaker of his phone, so that these tones can be captured by a built-in microphone or coupled to the lock. The latter decodes the accreditation, verifies it and in case of program compliance or reprograms the access rights in its internal memory.
L'utilisation d'accréditations acoustiques n'est pas en elle-même nouvelle, elle a déjà été proposée dans d'autres contextes et pour d'autres applications, par exemple par le
Ce document décrit une technique de sécurisation de l'accès logique à un réseau informatique par un terminal distant, par exemple par un ordinateur relié à ce réseau via internet. L'utilisateur se connecte au réseau avec son ordinateur, allume en même temps son téléphone mobile, et appelle au moyen de celui-ci un site de contrôle interfacé avec le réseau auquel l'accès est demandé. Pour vérifier l'habilitation de l'utilisateur, le réseau envoie un signal sonore (l'accréditation acoustique) vers l'ordinateur distant qui vient de se connecter, signal qui est reproduit par le haut-parleur de l'ordinateur. L'utilisateur ayant placé son téléphone devant ce haut-parleur, ce signal sonore est capté par le téléphone, transmis au site de contrôle distant via l'opérateur de réseau téléphonique mobile et "écouté" par le site de contrôle, qui peut alors vérifier l'accréditation et autoriser l'accès au réseau informatique par le terminal. On notera que dans ce cas il s'agit d'une accréditation "remontante" : l'accréditation acoustique est captée par le microphone du téléphone qui la retransmet au site de contrôle. Connaissant le destinataire de l'appel téléphonique, le site de contrôle peut identifier l'utilisateur par le biais du téléphone mobile utilisé pour cette opération, et ainsi autoriser l'accès logique au réseau par le terminal situé à proximité du téléphone ainsi identifié.This document describes a technique for securing logical access to a computer network by a remote terminal, for example by a computer connected to this network via the Internet. The user connects to the network with his computer, simultaneously lights his mobile phone, and calls through it a control site interfaced with the network to which access is requested. To verify the user's authorization, the network sends a sound signal (Acoustic Accreditation) to the remote computer that has just connected, a signal that is reproduced by the speaker of the computer. The user having placed his telephone in front of this loudspeaker, this sound signal is picked up by the telephone, transmitted to the remote control site via the mobile telephone network operator and "listened to" by the control site, who can then check accreditation and authorize access to the computer network by the terminal. Note that in this case it is a "rising" accreditation: the acoustic accreditation is picked up by the microphone of the telephone which transmits it to the control site. Knowing the recipient of the phone call, the control site can identify the user through the mobile phone used for this operation, and thus allow logical access to the network by the terminal located near the phone identified.
Plus précisément, la présente invention concerne un système du type général divulgué par le
Pour atteindre les buts indiqués plus haut, l'invention propose d'y combiner les éléments énoncés dans la partie caractéristique de la revendication 1.To achieve the aims indicated above, the invention proposes to combine the elements listed in the characteristic part of claim 1.
Les sous-revendications exposent diverses mises en oeuvre possible de l'invention, ainsi que des perfectionnements avantageux.The subclaims disclose various possible implementations of the invention as well as advantageous improvements.
On va maintenant décrire divers exemples de mise en oeuvre de l'invention, en référence aux dessins annexés où les mêmes références numériques désignent d'une figure à l'autre des éléments identiques ou fonctionnellement semblables.
- La
Figure 1 illustre de façon schématique les principaux éléments contribuant au fonctionnement du système selon l'invention. - La
Figure 2 illustre plus précisément, sous forme de schéma par blocs, les principaux organes constitutifs du téléphone mobile et de la serrure avec laquelle ce dernier est couplé.
- The
Figure 1 schematically illustrates the main elements contributing to the operation of the system according to the invention. - The
Figure 2 illustrates more precisely, in block diagram form, the main components of the mobile phone and the lock with which it is coupled.
On va expliquer le principe et la mise en oeuvre de l'invention, en référence aux
L'un des éléments essentiels de l'invention est un site gestionnaire sécurisé 10 centralisant dans une base de données DB 12 les informations permettant de recenser et d'identifier un certain nombre de serrures avec leurs données de droits d'accès associées, comprenant une liste d'utilisateurs habilités avec pour chacun les conditions d'accès autorisées : accès réservé à certains jours ou certaines plages horaires, date d'expiration du droit d'accès, etc.One of the essential elements of the invention is a
Outre les utilisateurs habilités, la base de données recense également pour chaque serrure un identifiant UID (Unique IDentifier) qui est attribué de manière unique et permet d'identifier de façon univoque la serrure dans les divers protocoles d'échange de données. La serrure peut être également identifiée par une dénomination libre ("entrée", "garage", "cave", etc.), notamment pour faciliter la sélection par un utilisateur d'une serrure parmi plusieurs, de la même manière qu'une étiquette qui serait attachée à une clé traditionnelle.In addition to the authorized users, the database also lists for each lock a Unique IDentifier (UID) that is uniquely assigned and uniquely identifies the lock. in the various data exchange protocols. The lock can also be identified by a free name ("entrance", "garage", "cellar", etc.), in particular to facilitate the selection by a user of one of several locks, in the same way as a label which would be attached to a traditional key.
D'autres données peuvent également être conservées par la base de données, notamment les algorithmes utilisés par la serrure, une ou plusieurs clés cryptographiques, etc.Other data may also be stored by the database, including the algorithms used by the lock, one or more cryptographic keys, etc.
Le site gestionnaire 10 comprend également un moteur cryptographique formant générateur 14 de données d'accréditation.The
De façon caractéristique de l'invention, les "données d'accréditation" (cre-dentials) sont des accréditations acoustiques chiffrées en forme de signaux audio à usage unique, par exemple (mais de façon non limitative) constituées d'une succession de tonalités doubles DTMF. Ces signaux audio sont conçus de manière à pouvoir être véhiculés par des canaux de transmission audio et reproduits tels quels par des transducteurs acoustiques.In a characteristic way of the invention, the "credentials" ( cre-dentials) are encrypted acoustic accreditations in the form of single-use audio signals, for example (but not limited to) consisting of a succession of tones double DTMF. These audio signals are designed so that they can be conveyed by audio transmission channels and reproduced as such by acoustic transducers.
La programmation d'une serrure implique, en premier lieu, de définir ou mettre à jour dans la base de données DB la liste des utilisateurs habilités, avec pour chacun les conditions d'accès correspondantes. Ces différentes informations seront communiquées au site gestionnaire 10 par un opérateur autorisé ( ci-après désigné "utilisateur-maître") lors d'une phase initiale.The programming of a lock involves, in the first place, defining or updating in the database DB the list of authorized users, with for each the corresponding access conditions. This information will be communicated to the
Comme on l'expliquera par la suite, la programmation peut également impliquer, outre la détermination des droits d'accès, la mise à jour d'autres informations propres à la serrure et relatives à son fonctionnement, telles que : date et heure, algorithme utilisé pour la reconnaissance et le décodage des accréditations acoustiques, clé cryptographique, et dénomination libre.As will be explained later, the programming may also involve, in addition to the determination of the access rights, the updating of other information specific to the lock and relating to its operation, such as: date and time, algorithm used for recognition and decoding of acoustic accreditations, cryptographic key, and free denomination.
La saisie par l'utilisateur-maître des listes d'utilisateurs habilités et des droits d'accès correspondants peut se faire commodément au moyen d'un micro-ordinateur 16 relié au site gestionnaire 10 par une liaison sécurisée, par exemple une liaison IP de type https 18.The entry by the master-user of the lists of authorized users and the corresponding access rights can be done conveniently by means of a
L'utilisation d'un micro-ordinateur 16 n'est cependant pas indispensable, l'opérateur-maître pouvant également saisir les données relatives aux droits d'accès au moyen de son téléphone mobile 20, celui-ci opérant lors de cette phase initiale en tant que terminal connecté au site gestionnaire distant 10 via un opérateur de téléphonie mobile.The use of a
Une fois les diverses données de droits d'accès saisies et introduites dans la base de données 12, il convient de programmer ou reprogrammer une serrure correspondante 22 avec ces droits d'accès, et/ou éventuellement avec d'autres informations propres à la serrure : date et heure, algorithmes, clé cryptographique, dénomination libre, etc.Once the various rights of access data entered and entered into the
Le principe de base de l'invention consiste à opérer cette programmation en faisant reproduire par le haut-parleur du téléphone mobile 20 de l'utilisateur-maître, en tant que signal audio, une accréditation acoustique chiffrée contenant les différentes informations nécessaires à la programmation, le téléphone mobile 20 étant approché de la serrure 22 qui comporte un microphone permettant de capter cette accréditation acoustique chiffrée.The basic principle of the invention is to operate this programming by reproducing by the speaker of the
Les accréditations acoustiques, générées par le moteur cryptographique 14, peuvent être envoyées au téléphone mobile 20 via le réseau de l'opérateur de téléphonie mobile ou MNO (Mobile Network Operator) 24, lui-même couplé au site gestionnaire 10 par une liaison sécurisée, par exemple une liaison IP de type https, ou simplement par une passerelle téléphonique audio PGW (Phone GateWay) 26 permettant de véhiculer les accréditations acoustiques depuis le générateur 14 jusqu'au téléphone 20 par les canaux de transmission audio (canal voix) du réseau de téléphonie mobile. La sécurisation de la liaison entre le réseau mobile 24 et le téléphone mobile 20 peut être opérée par l'intermédiaire d'un fournisseur de services de confiance ou TSM (Trusted Service Manager), propre à assurer de manière efficace et sûre les diverses procédures que l'on décrira ci-après d'échange ou de téléchargement d'informations entre le site gestionnaire 10 et le téléphone mobile 20 de l'utilisateur-maître via l'opérateur de réseau mobile 24.The acoustic accreditations, generated by the cryptographic engine 14, can be sent to the
En variante ou en complément, les accréditations acoustiques chiffrées peuvent être transmises du site gestionnaire 10 au téléphone 20 via le micro-ordinateur 16, par des moyens de couplage appropriés 28 tels que : liaison filaire (câble USB) ou sans fil (Bluetooth), via un dispositif de stockage intermédiaire (carte SD ou MicroSD, ou dongle USB), ou encore par couplage acoustique entre le haut-parleur du micro-ordinateur et le microphone du téléphone mobile 20 (puisque les accréditations acoustiques se présentent sous forme de signaux audio).As a variant or in addition, the encrypted acoustic accreditations can be transmitted from the
La
Le téléphone 20 comporte un microcontrôleur 30 couplé à divers organes périphériques tels que circuit d'émission/réception 32, afficheur 34, clavier 36, mémoire de données 38, carte UICC (Universal Integrated Circuit Card, correspondant à la "carte SIM" pour les fonctions de téléphonie GSM) 40, et transducteur acoustique 42.The
La serrure 22, quant à elle, comprend un microcontrôleur 44 ainsi qu'un système électromécanique 46 permettant de commander le déverrouillage d'un pêne ou d'une poignée 48 sur ordre du microcontrôleur 44. Une mémoire de données 50 conserve diverses données modifiables propres à la serrure, notamment :
- la liste des utilisateurs habilités, ces utilisateurs étant chacun répertorié de façon univoque par un identifiant unique UID (Unique IDentifier) d'une clef constituée d'un objet portatif mis à disposition de l'utilisateur habilité, objet qui peut être - de façon non limitative - une carte ou badge à couplage sans contact avec la serrure (de type RFID notamment), ou bien une télécommande radio ou acoustique, ou encore un téléphone mobile identifié par son numéro d'abonné ;
- pour chaque utilisateur, les conditions d'accès autorisées (jours ou plages horaires, date d'expiration du droit d'accès...) ;
- l'identifiant unique UID de la serrure, qui est un identifiant programmable, répertorié dans la base de données DB du site gestionnaire et permettant de reconnaître la serrure entre toutes, de manière univoque ;
- une dénomination libre ("entrée", "garage", ...) ;
- des algorithmes de reconnaissance et de décodage ;
- des clés cryptographiques.
- the list of authorized users, these users being each unambiguously listed by a unique identifier UID ( Unique IDentifier ) of a key consisting of a portable object made available to the authorized user, an object that can be - in a non limiting - a card or badge coupling without contact with the lock (RFID type in particular), or a radio or acoustic remote control, or a mobile phone identified by its subscriber number;
- for each user, the authorized access conditions (days or time slots, expiry date of the access right ...);
- the unique identifier UID of the lock, which is a programmable identifier, listed in the database DB management site and to recognize the lock between all, unequivocally;
- a free name ("entrance", "garage", ...);
- recognition and decoding algorithms;
- cryptographic keys.
La serrure comporte ses propres moyens d'alimentation sous forme d'une batterie 52, de manière à la rendre autonome sur le plan électrique. Une alimentation externe est néanmoins possible.The lock has its own power supply means in the form of a
De façon caractéristique, la serrure 22 est en outre pourvue d'un transducteur acoustique sous forme d'un microphone 54 permettant de capter les signaux sonores environnants, en particulier l'accréditation acoustique qui sera reproduite par le haut-parleur 42 du téléphone 20, et de transformer les signaux acoustiques captés en signaux électriques appliqués au microcontrôleur 44 pour décodage, vérification, et programmation ou reprogrammation dans la mémoire 50 des diverses données modifiables indiquées plus haut.Characteristically, the
On va maintenant décrire plusieurs modes opératoires pour la mise en oeuvre de l'invention avec les différents éléments du système que l'on vient de décrire.Several procedures will now be described for the implementation of the invention with the various elements of the system that has just been described.
Au préalable, si les listes d'utilisateurs habilités et de droits d'accès ne sont pas encore dans la base de données DB du site gestionnaire 10, ou si ces données doivent être mises à jour, l'utilisateur-maître (ou un autre utilisateur accrédité par ce dernier) doit les saisir et les communiquer au site gestionnaire, par les étapes successives suivantes :
- 1. accès sécurisé (par login + mot de passe) au site gestionnaire 10 ;
- 2. saisie des UID des serrures et des UID des clés des utilisateurs habilités ;
- 3. le cas échéant, saisie des numéros d'abonnés mobile des utilisateurs habilités à utiliser un téléphone mobile pour ouvrir les serrures (voire même accrédités pour la programmation) ;
- 4. affectation éventuelle de noms abrégés de ports aux UID des serrures, et/ou de noms abrégés d'utilisateurs aux UID des clés ;
- 5. affectation des droits et conditions d'accès aux différents utilisateurs ;
- 6. validation des saisies précédentes ;
- 7. le cas échéant (voir plus bas), délivrance par le site gestionnaire du (des) numéro(s) d'appel(s) montant(s) à composer par l'utilisateur-maître pour programmer chaque serrure, cette information pouvant également lui être envoyée par SMS, MMS, e-mail, messagerie instantanée, etc.
- 1. secure access (by login + password) to the
management site 10; - 2. entry of lock UIDs and key UIDs of authorized users;
- 3. where applicable, entry of mobile subscriber numbers of users authorized to use a mobile phone to open locks (or even accredited for programming);
- 4. possible assignment of short port names to lock UIDs, and / or short user names to key UIDs;
- 5. assignment of rights and conditions of access to different users;
- 6. validation of previous entries;
- 7. if applicable (see below), issuance by the managing site of the number (s) of call (s) amount (s) to be dialed by the master user to program each lock, this information may It can also be sent by SMS, MMS, e-mail, instant messenger, etc.
Lorsqu'il souhaite programmer ou reprogrammer une serrure, l'utilisateur-maître reçoit du site gestionnaire 10 les données qu'il y a lieu d'inscrire ou de mettre à jour dans la mémoire 50 de la serrure 22, via le micro-ordinateur 16 et le couplage 28, ou bien directement via l'opérateur de téléphonie mobile 24.When he wishes to program or reprogram a lock, the master user receives from the
Comme indiqué plus haut, les données reçues du site gestionnaire distant 10 peuvent comprendre, outre les droits d'accès attachés à chaque utilisateur habilité, un certain nombre d'informations propres à la serrure telles que : algorithme utilisé, clé cryptographique, nom abrégé, etc. La mise à jour pourra également concerner la date et l'heure de l'horloge interne du microcontrôleur 44, à distance depuis le site gestionnaire 10.As indicated above, the data received from the
Les données de programmation peuvent également comprendre des données qui sont propres au téléphone mobile 20 de l'utilisateur-maître, telles que :
- la date et l'heure, lorsque l'on veut mettre à jour ces informations depuis le téléphone mobile au lieu de le faire depuis le site gestionnaire 10);
- le numéro IMEI qui identifie le téléphone de manière unique ;
- l'identifiant de la carte UICC 40 (identifiant de carte SIM) ;
- éventuellement, des informations de localisation géographique donnant la position du téléphone 20 au moment de la programmation (coordonnées GPS si le téléphone est équipé de cette fonction, ou localisation approchée d'après la cellule du réseau depuis laquelle émet le téléphone).
- the date and time, when we want to update this information from the mobile phone instead of from the manager site 10);
- the IMEI number that uniquely identifies the phone;
- the identifier of the
UICC 40 card (SIM card identifier); - possibly, geographical location information giving the position of the
telephone 20 at the time of programming (GPS coordinates if the phone is equipped with this function, or approximate location according to the cell of the network from which the phone is transmitting).
Pour programmer la serrure, l'utilisateur présente son téléphone 20 devant la serrure 22 qu'il souhaite programmer et déclenche l'émission, sous forme de signal sonore, de l'accréditation acoustique correspondante. Cette émission peut également être déclenchée (comme on l'expliquera plus bas) par la simple réponse ou le décrochage à un appel descendant à l'attention du téléphone mobile de l'utilisateur-maître provenant du site gestionnaire distant.To program the lock, the user presents his
L'accréditation acoustique, captée par le microphone 54 de la serrure, est analysée par le microcontrôleur 44 qui, en cas de conformité, commande la programmation ou la mise à jour des informations correspondantes dans la mémoire 50.The acoustic accreditation, picked up by the
Le fait que l'accréditation acoustique chiffrée soit une accréditation à usage unique empêche toute fraude par enregistrement et duplication de l'accréditation.The fact that encrypted audio accreditation is a one-time accreditation prevents fraud by registration and duplication of accreditation.
Une précaution permettant d'augmenter la sécurité consiste à prévoir une validation supplémentaire par l'utilisateur, par exemple l'entrée d'un code personnel de type "PIN code" avant la délivrance de l'accréditation acoustique, ou une validation de type biométrique, par un lecteur biométrique incorporé au téléphone ou au moyen d'un système de reconnaissance d'empreintes vocales utilisant le microphone du téléphone (l'empreinte biométrique spécifique pouvant être stockée dans la mémoire 38 du téléphone, ou bien dans la carte UICC 40, ou encore dans la base de données 12).A precaution to increase the security consists in providing additional validation by the user, for example the entry of a personal code type "PIN code" before the issuance of acoustic accreditation, or a biometric type validation by a biometric reader incorporated in the telephone or by means of a voice recognition system using the microphone of the telephone (the specific biometric fingerprint can be stored in the
Avantageusement, la serrure 22 est pourvue de moyens permettant d'émettre en retour un signal acoustique validant la bonne exécution de l'opération de programmation.Advantageously, the
Il est possible d'utiliser à cet effet le transducteur 54 de la serrure en le faisant fonctionner en mode inversé (pour émettre des signaux sonores au lieu de les capter), ou bien de prévoir un transducteur spécifique pour reproduire des signaux sonores.It is possible to use for this purpose the
Le signal sonore ainsi émis par la serrure sera capté par le microphone du téléphone 20 et traduit par une appliquette du téléphone en un message sonore ou visuel à destination de l'utilisateur-maître pour confirmer (ou infirmer) la bonne exécution de la programmation. L'appliquette peut également garder une trace des serrures qui ont été programmées et de celles qui ne l'ont pas encore été, par exemple par affichage d'une liste de serrures, pour alerter l'utilisateur-maître s'il a oublié de programmer certaines d'entre elles.The audible signal thus emitted by the lock will be picked up by the microphone of the
Avantageusement, il est possible de profiter du retour d'informations après programmation de la serrure pour récupérer des données mémorisées dans cette dernière, ou des informations d'état telles que signal de batterie faible, besoin d'entretien, dysfonctionnement, preuve d'ouverture, etc. Ces données ou informations pourront être traduites par l'appliquette du téléphone en messages d'alerte ("batterie faible", ...) affichés sur l'écran du téléphone, ces messages étant répétés si nécessaire à intervalles réguliers.Advantageously, it is possible to take advantage of the feedback after programming the lock to recover data stored in the latter, or status information such as low battery signal, need for maintenance, malfunction, opening evidence. etc. This data or information can be translated by the applet of the phone into alert messages ( "low battery", ...) displayed on the phone screen, these messages being repeated if necessary at regular intervals.
Par ailleurs, ces données ou informations pourront être avantageusement envoyées vers le site gestionnaire par l'intermédiaire du réseau mobile 24, profitant ainsi de l'établissement par l'utilisateur-maître d'une liaison dans le sens descendant (du site gestionnaire vers la serrure) pour faire remonter des informations en sens inverse (de la serrure jusqu'au site gestionnaire). En d'autres termes, l'utilisateur-maître, lors de la programmation ou reprogrammation, devient pour le système une source d'informations. Cette manière de procéder est particulièrement avantageuse ici, car il s'agit de serrures de type stand alone, c'est-à-dire fonctionnant de manière entièrement autonome sans être raccordées à un quelconque réseau local qui permettrait d'échanger des données ou de transmettre certains messages d'état ou d'anomalie.Moreover, this data or information can be advantageously sent to the management site via the
Avantageusement, avant d'opérer la programmation proprement dite, le téléphone 20 reproduit une accréditation spécifique d'ouverture de session, propre à faire entrer la serrure dans un mode de programmation différent de son fonctionnement normal. Une fois achevée la programmation, une autre accréditation acoustique spécifique fait sortir la serrure du mode de programmation et la replace dans son mode de fonctionnement normal. Cette manière de procéder est particulièrement avantageuse pour augmenter la sécurité lorsque la serrure est une serrure à commande acoustique, c'est-à-dire que le déverrouillage ultérieur par l'utilisateur autorisé se fera par émission d'une accréditation acoustique chiffrée, d'une nature semblable à l'accréditation acoustique ayant servi à la programmation.Advantageously, before operating the programming itself, the
Un autre perfectionnement vise à éviter une fraude consistant à démonter une serrure déjà programmée pour la remonter, telle quelle, à un autre emplacement. A cet effet, la serrure 22 mémorise les informations de localisation géographique (coordonnées GPS ou autres) du téléphone 20 au moment où celui-ci opère la programmation. La serrure comprend par ailleurs des moyens pour recueillir les informations de localisation géographique du téléphone de l'utilisateur qui se présentera ultérieurement comme un utilisateur habilité, et comparer ces coordonnées à celles qui ont été mémorisées au moment de la programmation, et l'ouverture ne sera autorisée que si les informations concordent, à une marge d'erreur donnée près. En absence de couverture réseau ou GPS au moment où l'accès est demandé par l'utilisateur, la donnée de localisation utilisée sera la donnée la plus récente obtenue avant la perte de contact, avec dans ce cas une marge d'erreur supérieure, définie par l'administrateur du système.Another improvement is to avoid fraud consisting of removing a lock already programmed to remount, as such, to another location. For this purpose, the
On va maintenant décrire plusieurs manières dont le site gestionnaire 10 peut délivrer l'accréditation au téléphone mobile 20, notamment lorsque cette délivrance intervient via le réseau de l'opérateur mobile 24.Several ways are now described in which the
Lorsqu'il souhaite programmer la serrure 22, l'utilisateur-maître entre en contact avec le site gestionnaire 10 par tout moyen approprié. Ceci peut être obtenu par l'appel d'un numéro téléphonique, ou par un procédé de type call back : dans ce cas, l'utilisateur-maître entre en contact téléphonique ou par un message (SMS, MMS, e-mail, messagerie instantanée, etc.) avec le site gestionnaire, qui ne lui répond pas immédiatement, mais après raccrochage fait sonner le téléphone mobile 20 pour que l'utilisateur-maître établisse à nouveau le contact avec le site gestionnaire (le numéro rappelé par le site gestionnaire étant le numéro d'abonné, répertorié dans la base de données DB, de l'utilisateur-maître ou de tout autre utilisateur autorisé par ce dernier).When he wishes to program the
Si les paramètres de programmation ont été préalablement définis de la manière indiquée plus haut, il suffit à l'utilisateur-maître de valider ces paramètres ainsi que son numéro d'abonné de téléphonie mobile auprès du site gestionnaire 10.If the programming parameters have been previously defined in the manner indicated above, it is sufficient for the master user to validate these parameters as well as his mobile telephone subscriber number with the
La simple réponse du site gestionnaire à l'appel de l'utilisateur-maître, ou en cas de call-back le décrochage par ce dernier, provoque la transmission immédiate et directe de l'autorisation l'accréditation acoustique chiffrée.The simple response of the management site to the call of the master user, or in case of call-back the stall by the latter, causes the immediate and direct transmission of authorization encrypted acoustic accreditation.
Dans ce mode de réalisation, quelle que soit la manière dont l'utilisateur-maître entre en contact avec le site gestionnaire distant, celui-ci délivre l'accréditation acoustique directement à l'utilisateur-maître, "en ligne", sans stockage intermédiaire.In this embodiment, regardless of how the master user contacts the remote management site, the latter delivers the acoustic accreditation directly to the master user, "online", without intermediate storage. .
Ce mode de réalisation est particulièrement simple à mettre en oeuvre, dans la mesure où il suffit d'utiliser l'infrastructure existante, sans adaptation préalable du téléphone, notamment sans aucun besoin de charger une appliquette ou applet, notamment de type midlet ou cardlet. L'invention peut être ainsi mise en oeuvre avec n'importe quel type de téléphone mobile, même très simple, et sans aucune intervention préalable sur celui-ci. Un autre avantage réside dans la possibilité de vérifier en temps réel l'habilitation de l'utilisateur-maître. De plus, grâce à ce mode en ligne, il est possible de disposer au niveau du site gestionnaire d'informations sur l'utilisation faite de l'accréditation acoustique, notamment la date et l'heure de la programmation, et éventuellement la situation géographique de cette opération (par identification de la cellule du réseau d'où l'utilisateur-maître appelle).This embodiment is particularly simple to implement, insofar as it suffices to use the existing infrastructure without adaptation. prior to the phone, including without any need to load an applet or applet, including midlet or cardlet type . The invention can thus be implemented with any type of mobile phone, even very simple, and without any prior intervention on it. Another advantage lies in the possibility of verifying in real time the authorization of the master user. Moreover, thanks to this online mode, it is possible to have at the management site information on the use made of acoustic accreditation, including the date and time of the programming, and possibly the geographical location. this operation (by identifying the network cell from which the master user calls).
En revanche, ce mode implique de disposer d'un accès au réseau mobile, ce qui n'est pas toujours possible (caves, zones non couvertes, etc.). D'autre part il ne permet pas en principe de disposer, au choix de l'utilisateur, de plusieurs accréditations correspondant à plusieurs serrures possibles, dans la mesure où il est nécessaire d'avoir une correspondance "un pour un" entre accréditation et serrure.On the other hand, this mode implies having access to the mobile network, which is not always possible (cellars, uncovered areas, etc.). On the other hand it does not in principle allow to have, at the user's choice, several accreditations corresponding to several possible locks, to the extent that it is necessary to have a "one for one" correspondence between accreditation and lock .
En cas de pluralité de serrures, il est possible de prévoir une validation par étapes après chaque serrure, ou bien d'utiliser un numéro d'appel différent pour chaque serrure.In case of plurality of locks, it is possible to provide a step validation after each lock, or to use a different call number for each lock.
Ce mode est utilisable notamment si l'accès au réseau n'est pas assuré au moment de l'utilisation. Dans ce cas, l'utilisateur-maître se connecte à l'avance au site gestionnaire et reçoit de celui-ci l'accréditation correspondant à la serrure qu'il veut programmer, ou plusieurs de ces accréditations, en cas de pluralité de serrures à programmer. Ces accréditations sont stockées de façon sûre dans le téléphone ou dans une mémoire périphérique du téléphone (par exemple une carte SD ou MicroSD).This mode is usable in particular if access to the network is not assured at the time of use. In this case, the master user connects in advance to the management site and receives from it the accreditation corresponding to the lock he wants to program, or more of these accreditations, in case of plurality of locks to program. These accreditations are stored securely in the phone or in a peripheral memory of the phone (for example an SD or MicroSD card ).
Ici encore, le contact préalable avec le site gestionnaire 10 peut être établi soit directement sur envoi au site d'une requête émise par le téléphone mobile de l'utilisateur-maître, soit via un message descendant émis par le site gestionnaire distant vers un numéro d'abonné préalablement spécifié par l'utilisateur-maître (ou le numéro de tout autre utilisateur autorisé par ce dernier).Here again, the prior contact with the
Lorsque l'utilisateur-maître veut programmer une serrure, il lance une application intégrée à son téléphone qui recherche l'accréditation correspondante parmi celles qui ont été stockées, la reproduit pour programmer la serrure, puis la supprime de la mémoire. Et ainsi de suite pour utiliser les accréditations suivantes.When the master user wants to program a lock, he launches an application integrated into his phone that searches for the corresponding accreditation among those that have been stored, reproduces it to program the lock, and then deletes it from memory. And so on to use the following accreditations.
L'application permettant cette mise en oeuvre est une appliquette conservée dans le téléphone, préalablement envoyée à celui-ci par l'opérateur de réseau mobile, ou bien par téléchargement sur un support externe (carte SD ou MicroSD), ou encore via une connexion internet. Dans le cas d'un téléchargement via l'opérateur de réseau mobile, le site gestionnaire aura envoyé au préalable un message par exemple de type "push SMS" ou "WAP push" au téléphone, afin d'identifier la marque et le modèle de celui-ci et présenter à l'utilisateur-maître un lien permettant le téléchargement de l'appliquette.The application allowing this implementation is an applet stored in the phone, previously sent to it by the mobile network operator, or by downloading to an external medium (SD or MicroSD card ), or via a connection Internet. In the case of a download via the mobile network operator, the management site will have previously sent a message such as "push SMS" or "WAP push" to the phone, to identify the brand and model of this one and present to the master-user a link allowing the download of the applet.
Dans ce mode de mise en oeuvre, les accréditations acoustiques sont générées localement, par le téléphone lui-même. A cet effet, le téléphone contient une appliquette ou applet, notamment de type cardlet (stockée dans la carte UICC 40) ou midlet (stockée dans la mémoire 38 de l'appareil téléphonique). Cette appliquette est téléchargée par tout moyen approprié, de la même manière que celle utilisée dans le mode de mise en oeuvre précédent : téléchargement via l'opérateur mobile, via internet, etc., ou bien préchargée dans le téléphone à l'acquisition de celui-ci.In this embodiment, the acoustic accreditations are generated locally, by the telephone itself. For this purpose, the phone contains an applet or applet, including cardlet type (stored in the UICC card 40) or midlet (stored in the
Le site gestionnaire 10 envoie au téléphone 20 une "donnée d'accréditation", qui ici n'est plus l'accréditation acoustique proprement dite, mais une clé cryptographique, conservée dans la carte UICC 40 pour des raisons de sécurité. Cette clé cryptographique, combinée à l'appliquette, permettra de constituer un générateur cryptographique au sein du téléphone 20. Lorsqu'il souhaite programmer une serrure, l'utilisateur-maître commande la génération de l'accréditation acoustique par l'appliquette interne et sa reproduction par le transducteur de son téléphone.The
Ce mode de mise en oeuvre est une variante du mode semi-en ligne.This mode of implementation is a variant of the semi-in-line mode.
La différence tient essentiellement au fait que les accréditations ne sont pas envoyées par le canal vocal du réseau de téléphonie mobile, mais sous forme d'un fichier annexé à un message de type e-mail, MMS ou messagerie instantanée.The difference is mainly because the accreditations are not sent by the voice channel of the mobile network, but in the form of a file attached to a message type email, MMS or IM.
L'avantage de cette solution est d'utiliser les moyens de téléchargement de fichiers préexistants dans le téléphone, notamment avec les téléphones comportant des fonctions élaborées de type smartphone, et ceci sans qu'il soit nécessaire de télécharger au préalable une appliquette spécifique, de conserver celle-ci dans le téléphone et de la faire exécuter par ce dernier le moment venu. Le fichier peut également être téléchargé via le micro-ordinateur 16 et le couplage 28 avec le téléphone 20.The advantage of this solution is to use the means of downloading pre-existing files into the phone, especially with the phones with sophisticated smartphone- type functions , and this without the need to download beforehand a specific application, from keep it in the phone and have it run when the time comes. The file can also be downloaded via the
Claims (16)
- A secure system for controlling the opening of lock devices, comprising:- a remote management site (10) comprising:• a database (12) of lock devices and of authorised users, with, for each lock device, an associated unique identifier, a list of authorised users with corresponding data of access rights, and optionally additional data;- at least one lock device (22) comprising:• a data memory (50) containing:i) a unique identifier of the lock, listed in the database of the management site and used for recognizing the lock amongst them all, on a one-to-one basis;ii) previously defined access rights; and• electronic circuits for the conditional control of mechanical locking/unlocking members as a function of the said access rights,
the said system being characterized in that the said access rights are defined byi) a list of authorised users, each listed on a one-to-one basis by a unique identifier of a key consisting of a portable object made available to this authorised user; andii) for each user, the authorised accessconditions,
and in that it also comprises:- in the management site:• a generator (14) of accreditation data suitable for allowing the programming of the lock devices by the access rights listed in the database, these accreditations being acoustic accreditations encrypted in the form of single-use audio signals;- a mobile telephone (20) made available to the master user, comprising an electro-acoustic transducer (42) capable of reproducing the said acoustic accreditations; and- means for secure transmission of the said accreditation data from the management site to the mobile telephone of the master user;- in the lock device (22):• an electro-acoustic transducer (54) capable of sensing the acoustic accreditations reproduced by the transducer of the telephone previously placed close to the lock device; and• means for recognizing, analysing and authenticating the acoustic accreditations sensed by the transducer and, on recognition of a correct acoustic accreditation, carrying out a programming or a reprogramming of the access rights. - The system of Claim 1, in which the means for secure transmission of the accreditation data from the management site to the mobile telephone of the master user comprise means (28) for coupling this mobile telephone with a computer terminal (16) connected to the management site.
- The system of Claim 1, in which the means for secure transmission of the accreditation data from the management site to the mobile telephone of the master user comprise a mobile network operator (24) coupled to the management site and to the telephone of the master user.
- The system of Claim 1, in which, for the generation of the accreditation data to be transmitted to the telephone, the management site is capable of combining the data of access rights specific to the authorised users with additional data specific to the lock and obtained at the management site, and of generating an acoustic accreditation as a function of both the said data of access rights and of the said additional data.
- The system of Claim 1, in which the telephone is capable of combining the accreditation data transmitted by the management site with additional data inherent in the telephone and obtained locally, and of generating an acoustic accreditation as a function of both the said accreditation data and the said additional data.
- The system of Claim 5, in which the said additional data also comprise an item of geographic location information of the telephone at the time of the programming operation, and the lock device also comprises means for storing this item of geographic location information on the programming, and subsequently comparing it with an item of geographic location information of a telephone of a user at the time of an attempt by this user to open the lock device.
- The system of Claim 1, in which the telephone is capable of:- prior to the reproduction of the acoustic accreditations of programming of the access rights, reproducing a specific accreditation for the opening of a session suitable for having the lock device entered in a programming mode; and- optionally, after reproduction of the said acoustic accreditations of programming, reproducing a specific accreditation of closure of a session suitable for having the lock device taken out of the said programming mode.
- The system of Claim 1, in which:- the lock device comprises an electro-acoustic transducer capable of reproducing the return acoustic signals, generated by the lock device and encoded by data specific to the lock device; and- the telephone comprises an electro-acoustic transducer capable of sensing the said return signals.
- The system of Claim 8, in which the telephone also comprises means for decoding the said return signals and displaying, as required, to the user a message as a function of the said data specific to the lock device.
- The system of Claim 8, in which the telephone also comprises means for transmitting to the management site the said return signals encoded by the said data specific to the lock device.
- The system of Claim 1, in which the telephone also comprises means for storing and updating a list of lock devices already programmed and of lock devices not yet programmed.
- The system of Claim 1, also comprising means for making the reproduction of the acoustic accreditation by the transducer of the telephone conditional upon the prior presentation of an item of personal validation data delivered by the master user to the telephone.
- The system of Claim 1, comprising means capable of:- verifying the authorisation of the master user to carry out a programming of the lock device;- generating an acoustic accreditation by the generator (14) of the management site; and- transmitting this accreditation to the telephone, for direct reproduction by the transducer of the latter previously placed close to the transducer of the lock device.
- The system of Claim 1, comprising means capable of:- verifying the authorization of the master user to carry out a programming of the lock device;- generating an acoustic accreditation by the generator (14) of the management site; and- activating an internal applet of the telephone in order to download the said accreditation and store the latter in a memory (32) of the telephone, then, secondly;- to activate the internal applet for reproduction of the accreditation by the transducer of the telephone previously placed close to the transducer of the lock device.
- The system of Claim 1, also comprising means for remotely updating, from the management site, the date and time of the internal clock of the lock device.
- The system of Claim 1, also comprising means for remotely updating, from the management site:recognition and decoding algorithms, cryptographic keys and/or a free denomination, which items are kept in the data memory (50) of the lock device.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP09167248A EP2284803B1 (en) | 2009-08-05 | 2009-08-05 | Secure system for programming electronically controlled lock devices using encoded acoustic verifications |
ES09167248T ES2412333T3 (en) | 2009-08-05 | 2009-08-05 | Secure electronic control lock device programming system using encrypted acoustic accreditations |
PCT/FR2010/051501 WO2011015749A1 (en) | 2009-08-05 | 2010-07-16 | Secure system for programming electronically controlled locking devices by means of encrypted acoustic accreditations |
US13/388,779 US8620268B2 (en) | 2009-08-05 | 2010-07-16 | Secure system for programming electronically controlled locking devices by means of encrypted acoustic accreditations |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP09167248A EP2284803B1 (en) | 2009-08-05 | 2009-08-05 | Secure system for programming electronically controlled lock devices using encoded acoustic verifications |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2284803A1 EP2284803A1 (en) | 2011-02-16 |
EP2284803B1 true EP2284803B1 (en) | 2013-03-13 |
Family
ID=41285322
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP09167248A Not-in-force EP2284803B1 (en) | 2009-08-05 | 2009-08-05 | Secure system for programming electronically controlled lock devices using encoded acoustic verifications |
Country Status (4)
Country | Link |
---|---|
US (1) | US8620268B2 (en) |
EP (1) | EP2284803B1 (en) |
ES (1) | ES2412333T3 (en) |
WO (1) | WO2011015749A1 (en) |
Families Citing this family (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201234886A (en) * | 2011-01-07 | 2012-08-16 | Delphian Systems Llc | System and method for access control via mobile device |
MX340523B (en) * | 2012-02-13 | 2016-07-12 | Xceedid Corp | Credential management system. |
US9330514B2 (en) * | 2012-07-25 | 2016-05-03 | Utc Fire & Security Corporation | Systems and methods for locking device management |
US9472034B2 (en) | 2012-08-16 | 2016-10-18 | Schlage Lock Company Llc | Electronic lock system |
US9384613B2 (en) * | 2012-08-16 | 2016-07-05 | Google Inc. | Near field communication based key sharing techniques |
US9437062B2 (en) | 2012-08-16 | 2016-09-06 | Schlage Lock Company Llc | Electronic lock authentication method and system |
AU2013302377B2 (en) * | 2012-08-16 | 2016-10-20 | Schlage Lock Company Llc | Operation communication system |
CA2889008C (en) | 2012-10-23 | 2021-01-19 | Spectrum Brands, Inc. | Electronic lock having software based automatic multi-wireless profile detection and setting |
US9691207B2 (en) * | 2012-10-26 | 2017-06-27 | Spectrum Brands, Inc. | Electronic lock with user interface |
EP2912638B1 (en) * | 2012-10-26 | 2020-06-17 | Spectrum Brands, Inc. | Method of updating one or more lock settings of an electronic lock using a mobile device |
US20140145823A1 (en) * | 2012-11-27 | 2014-05-29 | Assa Abloy Ab | Access control system |
US10240365B2 (en) | 2012-12-12 | 2019-03-26 | Spectrum Brands, Inc. | Electronic lock system having proximity mobile device |
US10114938B2 (en) | 2013-03-22 | 2018-10-30 | Utc Fire And Security Americas Corporation, Inc. | Secure electronic lock |
US9516006B2 (en) * | 2013-10-23 | 2016-12-06 | Google Inc. | Re-programmable secure cryptographic device |
ES2864860T3 (en) * | 2013-10-24 | 2021-10-14 | Utc Fire & Security Americas | Systems and procedures for managing the interlock device, including time delay policies through the use of random time delays |
US10116655B2 (en) * | 2014-01-30 | 2018-10-30 | Schlage Lock Company Llc | Hybrid data managed lock system |
CA2968537A1 (en) | 2014-12-02 | 2016-06-09 | Carrier Corporation | Access control system with virtual card data |
MX369165B (en) | 2014-12-02 | 2019-10-30 | Carrier Corp | Capturing user intent when interacting with multiple access controls. |
WO2016089846A1 (en) * | 2014-12-02 | 2016-06-09 | Carrier Corporation | Remote programming for access control system with virtual card data |
WO2016185283A1 (en) * | 2015-05-20 | 2016-11-24 | Assa Abloy Ab | Use of mobile device to configure a lock |
WO2018075605A1 (en) | 2016-10-19 | 2018-04-26 | Best Access Solutions, Inc. | Electro-mechanical lock core |
AU2018330295B2 (en) | 2017-09-08 | 2023-11-30 | Dormakaba Usa Inc. | Electro-mechanical lock core |
CN107862184A (en) * | 2017-10-31 | 2018-03-30 | 美的智慧家居科技有限公司 | Voice change method, intelligent door lock and computer-readable storage |
US11658865B2 (en) * | 2018-03-20 | 2023-05-23 | Delphian Systems, LLC | Updating devices in a local network of interconnected devices |
WO2019200257A1 (en) | 2018-04-13 | 2019-10-17 | Dormakaba Usa Inc. | Electro-mechanical lock core |
US11466473B2 (en) | 2018-04-13 | 2022-10-11 | Dormakaba Usa Inc | Electro-mechanical lock core |
ES2728289A1 (en) * | 2018-04-23 | 2019-10-23 | Patemottre Echeverria Aquiles | System for access control to physical spaces or telematic networks through acoustic signals (Machine-translation by Google Translate, not legally binding) |
US10783731B2 (en) | 2018-04-27 | 2020-09-22 | Spectrum Brands, Inc. | Wireless tag-based lock actuation systems and methods |
CN112805636A (en) | 2019-09-13 | 2021-05-14 | 开利公司 | Building access system with programmed door locks |
US20220051502A1 (en) * | 2020-08-14 | 2022-02-17 | Big Belly Solar Llc | System and method of providing a wireless unlocking system for a group of battery-powered storage devices |
WO2022036215A1 (en) * | 2020-08-14 | 2022-02-17 | Big Belly Solar Llc | System and method of providing a wireless unlocking system for a group of battery-powered storage devices |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5933090A (en) * | 1996-08-23 | 1999-08-03 | Ut Automotive Dearborn, Inc. | Method and apparatus for field programming a remote control system |
EP1502181A4 (en) * | 2002-04-30 | 2010-01-27 | Ge Interlogix Inc | Lock box security system with improved communication |
EP1938157A4 (en) * | 2005-10-20 | 2009-04-01 | Harrow Products Llc | Lock programming device |
FR2911751A1 (en) | 2007-01-18 | 2008-07-25 | Tagattitude Sa | Telecommunication method for providing e.g. short message service, to mobile telephone user, involves generating data from activation link of page for emitting data at short range by terminal to personal equipment before data transmission |
-
2009
- 2009-08-05 ES ES09167248T patent/ES2412333T3/en active Active
- 2009-08-05 EP EP09167248A patent/EP2284803B1/en not_active Not-in-force
-
2010
- 2010-07-16 US US13/388,779 patent/US8620268B2/en active Active
- 2010-07-16 WO PCT/FR2010/051501 patent/WO2011015749A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
ES2412333T3 (en) | 2013-07-11 |
US8620268B2 (en) | 2013-12-31 |
US20120157080A1 (en) | 2012-06-21 |
EP2284803A1 (en) | 2011-02-16 |
WO2011015749A1 (en) | 2011-02-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2284803B1 (en) | Secure system for programming electronically controlled lock devices using encoded acoustic verifications | |
EP2306407B1 (en) | Secure system for programming electronically controlled lock devices using encoded acoustic verifications | |
EP2282297A1 (en) | Security system to control the opening of locking devices using encoded acoustic verifications | |
FR2996947A1 (en) | SECURE METHOD FOR OPENING CONTROL OF LOCK DEVICES FROM MESSAGES USING SYMMETRICAL ENCRYPTION | |
EP2500872A1 (en) | Secured method for controlling the opening of locking devices by means of a communication object such as a mobile phone | |
EP1678964B1 (en) | Authentication method and device in a telecommunication network using a portable device | |
WO2016108012A1 (en) | Method for signing up a user to a service for controlling at least one vehicle functionality by means of a user terminal | |
US20160173686A1 (en) | Method, system and electronic device for remotely recording and authenticating associated recorded files | |
FR2864289A1 (en) | Resource access controlling method, involves notifying comparison of biometric data and biometric references of user, to access terminal, by server that communicates simultaneously with terminal and access terminal | |
EP3166088A1 (en) | Method for managing access to a premises | |
EP1646176A2 (en) | Granting of the authorization to access a resource | |
FR3039687A1 (en) | METHOD FOR OPENING CONTROL OF A SINGLE-USE CODE LOCK | |
EP0950307A2 (en) | Method and system for ensuring the security of the supply of services of telecommunication operators | |
EP3195276B1 (en) | Device for unlocking at least one opening leaf and equipment for receiving objects, associated data storage assembly and associated object distribution system | |
FR3081663A1 (en) | METHOD FOR REMOTELY MANAGING THE OPENING OF AN ELECTRONIC LOCK WITH A USER INTERFACE, TERMINAL, LOCK AND COMPUTER PROGRAM | |
EP1277362A1 (en) | Installation and method for data exchange between telephones and service providers | |
FR3072202B1 (en) | INTERACTIVE CAB, ASSOCIATED METHOD | |
EP4165889A1 (en) | Access method and device for managing access to a secure communication session between participating communication terminals by a requesting communication terminal | |
WO2023089245A1 (en) | Access control system and device | |
FR3105482A1 (en) | Method of obtaining a password for access to a service | |
FR2868650A1 (en) | Visitor and resident communication method for e.g. apartment, involves communicating between electronic porter controlling access to building and terminal of selected resident for direct communication of visitor and resident terminals | |
TW201824082A (en) | System for door access control through passing identity data and method thereof | |
FR3030984A1 (en) | TERMINAL AND METHOD FOR CONTROLLING EQUIPMENT | |
FR2905544A1 (en) | Access controlling method for e.g. building, involves transmitting opening control in form of alphanumeric message, to interphony plates or sub-group of plates corresponding to transmitted identifier based on identifier transmission | |
EP1744525A2 (en) | Remote configuration of a telecommunication terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA RS |
|
17P | Request for examination filed |
Effective date: 20110412 |
|
17Q | First examination report despatched |
Effective date: 20110506 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 601200 Country of ref document: AT Kind code of ref document: T Effective date: 20130315 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: FRENCH |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602009013841 Country of ref document: DE Effective date: 20130508 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: T3 |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: TRGR |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2412333 Country of ref document: ES Kind code of ref document: T3 Effective date: 20130711 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130613 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130613 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 601200 Country of ref document: AT Kind code of ref document: T Effective date: 20130313 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130614 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130715 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130713 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
26N | No opposition filed |
Effective date: 20131216 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602009013841 Country of ref document: DE Effective date: 20131216 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20130805 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20130805 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20090805 Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130313 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 8 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 9 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 10 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: NL Payment date: 20190716 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: ES Payment date: 20190917 Year of fee payment: 11 Ref country code: SE Payment date: 20190809 Year of fee payment: 11 Ref country code: IT Payment date: 20190813 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: BE Payment date: 20190827 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20190704 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: CH Payment date: 20190715 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20200630 Year of fee payment: 12 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20200720 Year of fee payment: 12 |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: EUG |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MM Effective date: 20200901 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20200805 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200831 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200831 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20200831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200806 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200805 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200831 Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200805 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200901 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FD2A Effective date: 20220110 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602009013841 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200806 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210831 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220301 |