EP2425405A1 - Secure programming and management system for locks comprising contactless communication means that can be controlled by a portable nfc telephone - Google Patents

Secure programming and management system for locks comprising contactless communication means that can be controlled by a portable nfc telephone

Info

Publication number
EP2425405A1
EP2425405A1 EP10727057A EP10727057A EP2425405A1 EP 2425405 A1 EP2425405 A1 EP 2425405A1 EP 10727057 A EP10727057 A EP 10727057A EP 10727057 A EP10727057 A EP 10727057A EP 2425405 A1 EP2425405 A1 EP 2425405A1
Authority
EP
European Patent Office
Prior art keywords
lock
key
user
site
cryptographic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP10727057A
Other languages
German (de)
French (fr)
Inventor
Pascal Metivier
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Assa Abloy AB
Original Assignee
Metivier Pascal
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Metivier Pascal filed Critical Metivier Pascal
Publication of EP2425405A1 publication Critical patent/EP2425405A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • G07C2009/00777Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by induction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • G07C2009/00841Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed by a portable device
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • G07C2009/00865Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed remotely by wireless communication

Definitions

  • the invention relates to locks controlled by means of a portable key-forming object cooperating with the lock by a non-galvanic mutual coupling of the NFC type (near-field communication).
  • This portable object can be a card or a contactless badge, but it can also be a mobile phone equipped with an NFC chip and an NFC antenna, the SIM card of the phone being used as a security element.
  • the NFC technology consists in coupling the portable object and the lock by varying a magnetic field produced by a coil (so-called "induction method” technique).
  • the lock comprises for this purpose an inductive circuit excited by an alternating signal which produces a variable magnetic field, detectable over a range of a few centimeters at most.
  • the portable object in this space receives the energy of the field (which makes it possible in particular to remote power the portable object, generally devoid of own power source) and modulates an internal load.
  • This modulation encoded by various data from the portable object (identifier, encryption key, etc.) is detected in turn by the lock, establishing the bidirectional communication sought.
  • the object of the invention is to propose a technique for programming and managing contactless locks of the NFC type, which has a level of increased security, particularly adapted to the use of a mobile phone with NFC circuits as the key to control this lock.
  • the principle of the invention is to provide a unique algorithm generated randomly for each lock at the time of manufacture thereof, and kept by a secure, non-public site.
  • this algorithm can be downloaded by a mobile phone from this secure site, after checking all the conditions required to authenticate the user and the lock.
  • the phone will be able to download from the secure site other security elements such as cryptographic keys, identifiers, etc. that can be used to ensure, when programming the lock, the integration of all the security elements providing the security. maximum level of protection sought.
  • the principle of secure management of the invention is based on the division between two groups of entities 10, 12 that can communicate with each other only in a restricted and secure manner as is symbolized by the screen 14.
  • Group 10 gathers specific secure entities, including the lock manufacturer 16 and a site 18 specific to the lock manager.
  • Group 12 includes a number of non-user-specific entities, including a mobile network operator 20.
  • This operator includes a service provider module (block 22) which communicates a number of non-user-specific entities. part (interface 24) with the secure site 18 and secondly (interface 26) with a user 28 via an ordinary communication means 30 such as web, WAP, "hotline", etc.
  • the telephone 32 of the user 28 is, in turn, interfaced with the service provider 22 of the mobile network operator via a trusted service provider (TSM) 34, able to ensure efficiently and safely the various data downloading procedures between the remote management site 18 and the mobile phone 32 via the service provider 22 of the mobile network operator.
  • TSM trusted service provider
  • the portable object is a mobile phone, it is an unmarked object, which is not a priori associated with a given lock. It includes a SIM card that identifies the user, and an IMEI identifier that uniquely identifies the phone, but initially the lock does not know these identifiers and will not recognize them when a phone is approached the lock.
  • the secure management site 18 contains a cryptographic engine capable of generating for each lock to manufacture a unique, random algorithm, as well as a unique identifier and transport keys.
  • the unique random algorithm adds to the conventional cryptographic mechanism, and adds an extra level of security to existing cryptographic techniques.
  • the unique identifier, designated PUID (Public Unique IDentifier) is a non-modifiable identifier allowing to recognize the lock between all in a unique and definitive way.
  • the manufacturer 16 When the manufacturer 16 manufactures a lock, it receives from the management site 18, via a secure encrypted communication, the corresponding PUID identifier and the associated transport keys (this information can possibly be generally acquired in the form of batches) . It will be noted that the unique algorithm is not transmitted to the manufacturer 16 by the management site 18, which stores it internally, knowing however which identifier PUID it corresponds to. The manufacturer 16 then programs each lock 36 with its unique identifier and its corresponding transport key. I! program also cards called "emergency cards" 38 with the same key transport. These cards will make it possible to maneuver the lock during its installation, by involving only simplified algorithms based on the temporary transport key, this until the definitive programming where this key will be neutralized and replaced by a definitive cryptographic key. The locks can then be shipped in order to be installed by the user 28 at their final location 40. Once this has been done, the lock must be "programmed” to implement the algorithms, the elements of the lock. advanced cryptography and the definitive keys to obtain the high degree of security sought.
  • This programming can be carried out by means of a portable telephone 32 provided with NFC circuits, which can be coupled by bidirectional NFC communication with the lock 40, as shown schematically by the wireless link 42.
  • the user To proceed with the programming, the user must identify himself and register with the management site 18, which he contacts by any appropriate means via the interface 26 of the mobile network operator.
  • the user provides the operator 22 with the unique identifier PUID of the lock 40, which information is transmitted to the management site 18 by the secure interface 24.
  • the manager site 18 recognizes the identifier PUID in its database and sends in return to the mobile network operator, via the secure interface 24: the unique algorithm of the lock, the cryptographic keys corresponding to this lock, and the corresponding transport key.
  • the site also verifies that the telephone 32 used is a telephone equipped with NFC functionalities.
  • the exchanges between the telephone and the managing site, as well as between the telephone and the lock, can be managed by means of a specific application of the "applet" type (applet) previously downloaded by the telephone.
  • This applet once loaded and activated, will automatically implement the various steps necessary for the exchange of data with the management site 18 and the programming of the lock 40, in a perfectly secure manner.
  • the user Once all the required data loaded into the phone 32, it is sufficient for the user to simply present the phone in front of the lock 40 to be programmed so as to establish the bidirectional coupling 42 by NFC.
  • the phone first clears the lock by disabling the transport key, thus rendering inoperative the emergency cards delivered with the lock. It then loads into the lock the necessary elements to implement the security procedures, including the unique random algorithm, the final cryptographic key and the user key.
  • the secure cryptographic procedure can then be activated, and the programming phase is completed.
  • the applet of the phone can then read the contents of the card, recognize in it the transport key (loaded at the time of manufacture of the lock) and check that this key corresponds to that transmitted by the manager 18 at the same time. time as the definitive cryptographic key. If this is the case, the applet disables the transport key and replaces it with the cryptographic key and a copy of the user key.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a system comprising a lock (40) provided with NFC circuits, a mobile phone (32) also provided with NFC circuits, a remote lock management site (18), and a mobile network operator (20). For each lock, the management site generates a unique random algorithm, a unique identifier (PUID) and transport keys and transmits the identifier and the transport keys to a lock manufacturer (16). The mobile network operator receives a unique lock identifier (PUID) from the user and transmits same to the handling site which, in return, transmits the unique random algorithm, the cryptographic key, the transport key and the user key corresponding to the lock to the phone. The phone implements the initial programming of the lock, by loading the unique random algorithm, the cryptographic key and the user key onto the lock and, subsequently, the phone activates a secure cryptographic procedure.

Description

Système de programmation et de gestion sécurisées pour serrures comportant des moyens de communication sans contact et commandables par un téléphone portable NFC Secure programming and management system for locks comprising contactless communication means and controllable by an NFC mobile phone
L'invention concerne les serrures commandées au moyen d'un objet portatif formant clef, coopérant avec la serrure par un couplage mutuel non- galvanique de type NFC (communication en champ proche). Cet objet portatif peut être une carte ou un badge sans contact, mais il peut être également un téléphone portable équipé d'une puce NFC et d'une antenne NFC, la carte SIM du téléphone étant utilisée comme élément de sécurité.The invention relates to locks controlled by means of a portable key-forming object cooperating with the lock by a non-galvanic mutual coupling of the NFC type (near-field communication). This portable object can be a card or a contactless badge, but it can also be a mobile phone equipped with an NFC chip and an NFC antenna, the SIM card of the phone being used as a security element.
La technologie NFC consiste à coupler l'objet portatif et la serrure en faisant varier un champ magnétique produit par une bobine (technique dite "procédé par induction"). La serrure comporte à cet effet un circuit inductif excité par un signal alternatif qui produit un champ magnétique variable, détectable sur une portée de quelques centimètres tout au plus. L'objet portatif se trouvant dans cet espace reçoit l'énergie du champ (qui permet notamment de téléalimenter l'objet portatif, généralement dépourvu de source d'alimentation propre) et module une charge interne. Cette modulation, codée par diverses données issues de l'objet portatif (identifiant, clef de cryptage, etc.) est détectée à son tour par la serrure, établissant ainsi la communication bidirectionnelle recherchée. Il existe diverses techniques de codage et de cryptage pour sécuriser la communication sans contact entre l'objet portatif et la serrure, et protéger cette dernière contre tout risque de fraude.The NFC technology consists in coupling the portable object and the lock by varying a magnetic field produced by a coil (so-called "induction method" technique). The lock comprises for this purpose an inductive circuit excited by an alternating signal which produces a variable magnetic field, detectable over a range of a few centimeters at most. The portable object in this space receives the energy of the field (which makes it possible in particular to remote power the portable object, generally devoid of own power source) and modulates an internal load. This modulation, encoded by various data from the portable object (identifier, encryption key, etc.) is detected in turn by the lock, establishing the bidirectional communication sought. There are various coding and encryption techniques to secure contactless communication between the portable object and the lock, and protect the lock against any risk of fraud.
Ces techniques de protection mettent en oeuvre des algorithmes et clefs implémentés dans la serrure et dans les cartes ou badges destinés à être utilisés avec cette dernière. Lorsqu'un téléphone portable équipé de moyens de communication NFC est utilisé comme clef, les risques peuvent se trouver accrus, dans la mesure où ce téléphone est un objet banalisé, au surplus relié au réseau public de l'opérateur mobile, et non un objet spécifique, individualisé comme dans le cas de la carte ou du badge. Le but de l'invention est de proposer une technique de programmation et de gestion de serrures sans contact de type NFC, qui présente un niveau de sécurité accru, adapté notamment à l'utilisation d'un téléphone portable muni de circuits NFC comme clef de commande de cette serrure. Le principe de l'invention consiste à prévoir un algorithme unique, généré de manière aléatoire pour chaque serrure au moment de la fabrication de celle-ci, et conservé par un site sécurisé, non public. Lors de la programmation initiale de la serrure, cet algorithme pourra être téléchargé par un téléphone portable depuis ce site sécurisé, après vérification de toutes les conditions requises pour authentifier l'utilisateur et la serrure. Outre cet algorithme unique, le téléphone pourra télécharger du site sécurisé d'autres éléments de sécurité tels que des clefs cryptographiques, identifiants, ... propres à assurer lors de la programmation de la serrure l'intégration de tous les éléments de sécurité procurant le niveau maximal de protection recherché.These protection techniques implement algorithms and keys implemented in the lock and in the cards or badges intended to be used with the latter. When a mobile phone equipped with NFC communication means is used as a key, the risks can be increased, insofar as this phone is a trivial object, moreover connected to the public network of the mobile operator, and not an object specific, individualized as in the case of the card or badge. The object of the invention is to propose a technique for programming and managing contactless locks of the NFC type, which has a level of increased security, particularly adapted to the use of a mobile phone with NFC circuits as the key to control this lock. The principle of the invention is to provide a unique algorithm generated randomly for each lock at the time of manufacture thereof, and kept by a secure, non-public site. During the initial programming of the lock, this algorithm can be downloaded by a mobile phone from this secure site, after checking all the conditions required to authenticate the user and the lock. In addition to this unique algorithm, the phone will be able to download from the secure site other security elements such as cryptographic keys, identifiers, etc. that can be used to ensure, when programming the lock, the integration of all the security elements providing the security. maximum level of protection sought.
00
Un exemple de mise en œuvre de l'invention est donné en référence à la Figure 1.An exemplary implementation of the invention is given with reference to FIG.
Le principe de gestion sécurisé de l'invention repose sur la division entre deux groupes d'entités 10, 12 ne pouvant communiquer entre elles que de façon restreinte et sécurisée comme cela est symbolisé par l'écran 14.The principle of secure management of the invention is based on the division between two groups of entities 10, 12 that can communicate with each other only in a restricted and secure manner as is symbolized by the screen 14.
Le groupe 10 rassemble des entités spécifiques sécurisées, comprenant le fabricant de serrures 16 et un site 18 propre au gestionnaire de serrures.Group 10 gathers specific secure entities, including the lock manufacturer 16 and a site 18 specific to the lock manager.
Le groupe 12, à l'opposé, rassemble un certain nombre d'entités non spé- cifiques côté utilisateur, avec notamment un opérateur de réseau mobile 20. Cet opérateur comprend un module de fournisseur de services (bloc 22) qui communique d'une part (interface 24) avec le site sécurisé 18 et d'autre part (interface 26) avec un utilisateur 28 via un moyen de communication banalisé 30 tel que web, WAP, "hotline", etc. Le téléphone 32 de l'utilisateur 28 est, quant à lui, interface avec le fournisseur de services 22 de l'opérateur de réseau mobile via un fournisseur de services de confiance (TSM) 34, propre à assurer de manière efficace et sûre les diverses procédures de téléchargement de données entre le site gestionnaire distant 18 et le téléphone portable 32 via le fournisseur de services 22 de l'opérateur de réseau mobile. En effet, dans le cas d'une carte ou d'un badge, une part importante de la sécurité est assurée par la remise physique de cet objet à l'utilisateur légitime, de la même façon que la remise d'un jeu de clefs. En revanche, si l'objet portatif est un téléphone portable, il s'agit d'un objet banalisé, qui n'est a priori pas associé à une serrure donnée. Il comporte certes une carte SIM qui identifie l'utilisateur, et un identifiant IMEI qui identifie le téléphone de manière unique, mais au départ la serrure ne connaît pas ces identifiants et ne saura pas les reconnaître lorsqu'un téléphone sera approché de la serrure. II est donc nécessaire, une fois la serrure posée, de procéder à une opération dite "programmation" consistant à apprendre à celle-ci à identifier tel téléphone qui lui est présenté comme étant bien celui de l'utilisateur habilité, puis à basculer ensuite dans un mode où seul ce téléphone pourra commander la serrure (cette opération pouvant bien entendu être répé- tée pour d'autres téléphones, si l'on souhaite habiliter plusieurs personnes).Group 12, on the other hand, includes a number of non-user-specific entities, including a mobile network operator 20. This operator includes a service provider module (block 22) which communicates a number of non-user-specific entities. part (interface 24) with the secure site 18 and secondly (interface 26) with a user 28 via an ordinary communication means 30 such as web, WAP, "hotline", etc. The telephone 32 of the user 28 is, in turn, interfaced with the service provider 22 of the mobile network operator via a trusted service provider (TSM) 34, able to ensure efficiently and safely the various data downloading procedures between the remote management site 18 and the mobile phone 32 via the service provider 22 of the mobile network operator. Indeed, in the case of a card or a badge, an important part of the security is ensured by the physical delivery of this object to the legitimate user, in the same way as the delivery of a set of keys . On the other hand, if the portable object is a mobile phone, it is an unmarked object, which is not a priori associated with a given lock. It includes a SIM card that identifies the user, and an IMEI identifier that uniquely identifies the phone, but initially the lock does not know these identifiers and will not recognize them when a phone is approached the lock. It is therefore necessary, once the lock is placed, to carry out a so-called "programming" operation consisting in teaching the latter to identify a telephone that is presented to it as being that of the authorized user, and then to switch to a mode where only this phone can control the lock (this operation can of course be repeated for other phones, if you want to empower several people).
On va maintenant décrire le déroulement des diverses étapes du procédé selon l'invention.The course of the various steps of the process according to the invention will now be described.
Le site gestionnaire sécurisé 18 contient un moteur cryptographique ca- pable de générer pour chaque serrure à fabriquer un algorithme unique, aléatoire, ainsi qu'un identifiant unique et des clefs de transport. L'algorithme aléatoire unique vient s'ajouter au mécanisme cryptographique conventionnel, et ajoute un niveau de sécurité supplémentaire aux techniques cryptographiques existantes. L'identifiant unique, désigné PUID (Public Unique IDentifier) est un identifiant non modifiable permettant de reconnaître la serrure entre toutes de manière unique et définitive.The secure management site 18 contains a cryptographic engine capable of generating for each lock to manufacture a unique, random algorithm, as well as a unique identifier and transport keys. The unique random algorithm adds to the conventional cryptographic mechanism, and adds an extra level of security to existing cryptographic techniques. The unique identifier, designated PUID (Public Unique IDentifier) is a non-modifiable identifier allowing to recognize the lock between all in a unique and definitive way.
Lorsque le fabricant 16 fabrique une serrure, il reçoit du site gestionnaire 18, par l'intermédiaire d'une communication cryptée sécurisée, l'identifiant PUID correspondant et les clefs de transport associées (ces informations pouvant éventuellement être globalement acquises sous forme de lots). On notera que l'algorithme unique n'est pas transmis au fabricant 16 par le site gestionnaire 18, qui le conserve en interne, en sachant toutefois à quel identifiant PUID il correspond. Le fabricant 16 programme ensuite chaque serrure 36 avec son identifiant unique et sa clef de transport correspondante. I! programme également des cartes dites "cartes d'urgence" 38 avec la même clef de transport. Ces cartes permettront de manœuvrer la serrure pendant son installation, en ne faisant intervenir que des algorithmes simplifiés basés sur la clef de transport provisoire, ceci jusqu'à la programmation définitive où cette clef sera neutralisée et remplacée par une clef cryptographique définitive. Les serrures peuvent être alors expédiées afin d'être installées par l'utilisateur 28 à leur emplacement définitif 40. Une fois cette pose effectuée, la serrure doit faire l'objet d'une "programmation" pour y implémenter les algorithmes, les éléments de cryptographie avancés et les clefs définitives permettant d'obtenir le haut degré de sécurité recherché.When the manufacturer 16 manufactures a lock, it receives from the management site 18, via a secure encrypted communication, the corresponding PUID identifier and the associated transport keys (this information can possibly be generally acquired in the form of batches) . It will be noted that the unique algorithm is not transmitted to the manufacturer 16 by the management site 18, which stores it internally, knowing however which identifier PUID it corresponds to. The manufacturer 16 then programs each lock 36 with its unique identifier and its corresponding transport key. I! program also cards called "emergency cards" 38 with the same key transport. These cards will make it possible to maneuver the lock during its installation, by involving only simplified algorithms based on the temporary transport key, this until the definitive programming where this key will be neutralized and replaced by a definitive cryptographic key. The locks can then be shipped in order to be installed by the user 28 at their final location 40. Once this has been done, the lock must be "programmed" to implement the algorithms, the elements of the lock. advanced cryptography and the definitive keys to obtain the high degree of security sought.
Cette programmation peut être effectuée au moyen d'un téléphone porta- ble 32 pourvu de circuits NFC, pouvant être couplé par une communication bidirectionnelle NFC avec la serrure 40, comme cela est schématisé en par la liaison sans fil 42.This programming can be carried out by means of a portable telephone 32 provided with NFC circuits, which can be coupled by bidirectional NFC communication with the lock 40, as shown schematically by the wireless link 42.
Pour procéder à la programmation, l'utilisateur doit s'identifier et s'enregistrer auprès du site gestionnaire 18, qu'il contacte par tout moyen appro- prié via l'interface 26 de l'opérateur de réseau mobile. L'utilisateur fournit à l'opérateur 22 l'identifiant unique PUID de la serrure 40, information qui est transmise au site gestionnaire 18 par l'interface sécurisée 24. Le site gestionnaire 18 reconnaît l'identifiant PUID dans sa base de données et envoie en retour à l'opérateur de réseau mobile, via l'interface sécurisée 24 : l'algorithme unique de la serrure, les clefs cryptographiques correspondant à cette serrure, ainsi que la clef de transport correspondante. Le site vérifie également que le téléphone 32 utilisé est bien un téléphone pourvu de fonctionnalités NFCTo proceed with the programming, the user must identify himself and register with the management site 18, which he contacts by any appropriate means via the interface 26 of the mobile network operator. The user provides the operator 22 with the unique identifier PUID of the lock 40, which information is transmitted to the management site 18 by the secure interface 24. The manager site 18 recognizes the identifier PUID in its database and sends in return to the mobile network operator, via the secure interface 24: the unique algorithm of the lock, the cryptographic keys corresponding to this lock, and the corresponding transport key. The site also verifies that the telephone 32 used is a telephone equipped with NFC functionalities.
Les échanges entre le téléphone et le site gestionnaire, ainsi qu'entre le téléphone et la serrure, peuvent être gérés au moyen d'une application spécifique de type "applet" (appliquette) téléchargée au préalable par le téléphone. Cette applet, une fois chargée et activée, mettra en œuvre automatiquement les différentes étapes nécessaires à l'échange de données avec le site gestionnaire 18 et à la programmation de la serrure 40, et ce de manière parfaitement sécurisée. Une fois toutes les données requises chargées dans le téléphone 32, il suffit à l'utilisateur de simplement présenter le téléphone devant la serrure 40 à programmer de manière à établir le couplage bidirectionnel 42 par voie NFC. Le téléphone remet tout d'abord à zéro la serrure en désactivant la clef de transport, rendant donc inopérantes les cartes d'urgence livrées avec la serrure. Il charge ensuite dans la serrure les éléments nécessaires à la mise en œuvre des procédures de sécurité, notamment l'algorithme aléatoire unique, la clef cryptographique définitive et la clef utilisateur. La pro- cédure cryptographique sécurisée peut alors être activée, et la phase de programmation est achevée.The exchanges between the telephone and the managing site, as well as between the telephone and the lock, can be managed by means of a specific application of the "applet" type (applet) previously downloaded by the telephone. This applet, once loaded and activated, will automatically implement the various steps necessary for the exchange of data with the management site 18 and the programming of the lock 40, in a perfectly secure manner. Once all the required data loaded into the phone 32, it is sufficient for the user to simply present the phone in front of the lock 40 to be programmed so as to establish the bidirectional coupling 42 by NFC. The phone first clears the lock by disabling the transport key, thus rendering inoperative the emergency cards delivered with the lock. It then loads into the lock the necessary elements to implement the security procedures, including the unique random algorithm, the final cryptographic key and the user key. The secure cryptographic procedure can then be activated, and the programming phase is completed.
Avantageusement, il est en outre proposé à l'utilisateur, après que celui-ci ait accepté la clef cryptographique définitive et chargé celle-ci ainsi que la clef utilisateur dans son téléphone, de dupliquer ces clefs sur une des car- tes d'urgence 34.Advantageously, it is also proposed to the user, after the latter has accepted the final cryptographic key and loaded it and the user key in his phone, to duplicate these keys on one of the emergency cards 34.
Pour ce faire, il suffit à l'utilisateur de prendre l'une des cartes d'urgence se trouvant dans l'emballage de la serrure et d'appliquer celle-ci contre son téléphone de manière à coupler ces deux éléments par voie NFC. L'applet du téléphone pourra alors lire le contenu de la carte, reconnaître dans celle-ci la clef de transport (chargée au moment de la fabrication de la serrure) et vérifier que cette clef correspond bien à celle transmise par le gestionnaire 18 en même temps que la clef cryptographique définitive. Si tel est le cas, l'applet neutralise la clef de transport et la remplace par la clef cryptographique et une copie de la clef utilisateur. To do this, it is sufficient for the user to take one of the emergency cards in the lock package and apply it against his phone so as to couple these two elements NFC. The applet of the phone can then read the contents of the card, recognize in it the transport key (loaded at the time of manufacture of the lock) and check that this key corresponds to that transmitted by the manager 18 at the same time. time as the definitive cryptographic key. If this is the case, the applet disables the transport key and replaces it with the cryptographic key and a copy of the user key.

Claims

REVENDICATIONS
1. Un système comprenant :1. A system comprising:
- au moins une serrure (40) munie de circuits électroniques d'émission/réception par voie NFC et de circuits électriques pour la commande d'organes mécaniques de verrouillage/déverrouillage ;- At least one lock (40) provided with NFC transmit / receive electronic circuits and electrical circuits for controlling mechanical locking / unlocking members;
- un téléphone portable (32) muni de circuits lui permettant de fonctionner en mode NFC ;a mobile telephone (32) provided with circuits enabling it to operate in NFC mode;
- un site distant (18) gestionnaire de serrures ;a remote site (18) lock manager;
- un site distinct (16) d'un fabricant de serrures ; eta separate site (16) of a lock manufacturer; and
- un opérateur de réseau mobile (20) interface avec le site gestionnaire (18), avec le téléphone mobile (32) et avec un utilisateur (28), système caractérisé :a mobile network operator (20) interface with the management site (18), with the mobile telephone (32) and with a user (28), characterized by:
- en ce que le site gestionnaire est apte à générer, pour chaque serrure un algorithme aléatoire unique, un identifiant unique (PUID) et une clef de transport, et à transmettre au site distinct (16) du fabricant de serrures, pour chaque serrure fabriquée, ledit identifiant unique et ladite clef de transport ;in that the managerial site is able to generate, for each lock, a unique random algorithm, a unique identifier (PUID) and a transport key, and to transmit to the separate site (16) of the lock manufacturer, for each lock manufactured , said unique identifier and said transport key;
- en ce que le fabricant de serrures est apte à programmer chaque serrure avec son identifiant unique et sa clef de transport correspondante ;in that the lock manufacturer is able to program each lock with its unique identifier and its corresponding transport key;
- en ce que l'opérateur de réseau mobile (20) communique avec le site gestionnaire par une interface sécurisée (24), et avec le téléphone mobile (32) via un fournisseur de services de confiance (34) ;- in that the mobile network operator (20) communicates with the management site via a secure interface (24), and with the mobile phone (32) via a trusted service provider (34);
- en ce que l'opérateur de réseau mobile est apte à recevoir de l'utilisateur un identifiant unique (PUID) d'une serrure et à transmettre celui-ci au site gestionnaire pour reconnaissance préalable ;in that the mobile network operator is able to receive from the user a unique identifier (PUID) of a lock and to transmit it to the management site for prior recognition;
- en ce que le site gestionnaire est apte à transmettre en retour au téléphone, via ladite interface sécurisée (24) de l'opérateur de réseau mobile et via ledit fournisseur de services de confiance (34) : l'algorithme aléatoire unique, une clef cryptographique, la clef de transport et une clef utilisateur qui correspondent à cette serrure ; etin that the management site is able to transmit back to the telephone, via said secure interface (24) of the mobile network operator and via said trusted service provider (34): the unique random algorithm, a key cryptographic, the transport key and a user key that correspond to this lock; and
- et en ce que le téléphone comporte des moyens pour opérer une programmation initiale de la serrure par chargement dans la serrure de l'algorithme aléatoire unique, de la clef cryptographique et de la clef utilisateur, et par activation d'une procédure cryptographique sécurisée. - And in that the telephone comprises means for operating an initial programming of the lock by loading in the lock of the unique random algorithm, the cryptographic key and the user key, and by activation of a secure cryptographic procedure.
2. Le système de la revendication 1 , comprenant en outre :The system of claim 1, further comprising:
- au moins une carte d'urgence (38) initialement programmée par le fabricant de serrures avec ladite clef de transport, etat least one emergency card (38) initially programmed by the lock manufacturer with said transport key, and
- des moyens pour dupliquer ladite clef cryptographique et ladite clef utilisateur sur la carte d'urgence, après acceptation par l'utilisateur de cette clef cryptographique et chargement de celle-ci ainsi que de la clef utilisateur dans le téléphone.means for duplicating said cryptographic key and said user key on the emergency card, after acceptance by the user of this cryptographic key and loading it and the user key in the telephone.
3. Le système de la revendication 2, dans lequel les moyens pour dupliquer la clef cryptographique et la clef utilisateur sur la carte d'urgence comprennent des moyens pour : lire le contenu de cette carte d'urgence ; reconnaître dans celle-ci la clef de transport chargée au moment de la fabrication de la serrure ; vérifier que cette clef correspond bien à celle transmise par le site gestionnaire (18) en même temps que la clef cryptographique définitive ; et si tel est le cas, neutraliser la clef de transport et la remplacer par la clef cryptographique et la clef utilisateur. 3. The system of claim 2, wherein the means for duplicating the cryptographic key and the user key on the emergency card comprise means for: reading the contents of this emergency card; recognize in it the transport key loaded at the time of manufacture of the lock; verify that this key corresponds to that transmitted by the manager site (18) at the same time as the final cryptographic key; and if so, disable the transport key and replace it with the cryptographic key and the user key.
EP10727057A 2009-04-30 2010-04-28 Secure programming and management system for locks comprising contactless communication means that can be controlled by a portable nfc telephone Withdrawn EP2425405A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0952857A FR2945177A1 (en) 2009-04-30 2009-04-30 SECURE PROGRAMMING AND MANAGEMENT SYSTEM FOR LOCKS HAVING CONTACTLESS AND COMMANDABLE COMMUNICATION MEANS BY AN NFC PORTABLE TELEPHONE
PCT/FR2010/050809 WO2010125309A1 (en) 2009-04-30 2010-04-28 Secure programming and management system for locks comprising contactless communication means that can be controlled by a portable nfc telephone

Publications (1)

Publication Number Publication Date
EP2425405A1 true EP2425405A1 (en) 2012-03-07

Family

ID=41138755

Family Applications (1)

Application Number Title Priority Date Filing Date
EP10727057A Withdrawn EP2425405A1 (en) 2009-04-30 2010-04-28 Secure programming and management system for locks comprising contactless communication means that can be controlled by a portable nfc telephone

Country Status (4)

Country Link
US (1) US20120114122A1 (en)
EP (1) EP2425405A1 (en)
FR (1) FR2945177A1 (en)
WO (1) WO2010125309A1 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7706778B2 (en) 2005-04-05 2010-04-27 Assa Abloy Ab System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone
US8074271B2 (en) 2006-08-09 2011-12-06 Assa Abloy Ab Method and apparatus for making a decision on a card
US9985950B2 (en) 2006-08-09 2018-05-29 Assa Abloy Ab Method and apparatus for making a decision on a card
US8947200B2 (en) * 2011-11-17 2015-02-03 Utc Fire & Security Corporation Method of distributing stand-alone locks
US9472034B2 (en) * 2012-08-16 2016-10-18 Schlage Lock Company Llc Electronic lock system
CN103106714B (en) * 2012-12-31 2015-09-09 闵浩 Based on method for unlocking and the system of hand-held terminal device PDA and fingerprint identification technology
US9400895B2 (en) 2013-03-15 2016-07-26 Intel Corporation Mechanisms for locking computing devices
CH708199A2 (en) * 2013-05-29 2014-12-15 Kaba Ag A method for management of media suitable for wireless communication.
US9467859B2 (en) 2013-06-17 2016-10-11 Yale Security Inc. Virtual key ring
DK2821970T4 (en) 2013-07-05 2019-09-16 Assa Abloy Ab Communication device for access control, method, computer program and computer program product
EP2821972B1 (en) 2013-07-05 2020-04-08 Assa Abloy Ab Key device and associated method, computer program and computer program product
US9443362B2 (en) 2013-10-18 2016-09-13 Assa Abloy Ab Communication and processing of credential data
ES1106555Y (en) * 2014-01-30 2014-07-10 López Enrique Javier López Access and presence management device
US10115256B2 (en) 2014-04-07 2018-10-30 Videx, Inc. Remote administration of an electronic key to facilitate use by authorized persons
ES2976646T3 (en) 2014-09-10 2024-08-06 Assa Abloy Ab First Entry Notification
CA3098711C (en) 2018-03-23 2024-06-11 Schlage Lock Company Llc Power and communication arrangements for an access control system
US11010995B2 (en) 2019-09-06 2021-05-18 Videx, Inc. Access control system with dynamic access permission processing
CN114677786A (en) * 2020-12-24 2022-06-28 天扬精密科技股份有限公司 Electronic lock and electronic key system

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
PT1336937E (en) * 2002-02-13 2004-10-29 Swisscom Ag ACCESS CONTROL SYSTEM, ACCESS CONTROL PROCESS AND ADEQUATE DEVICES
FR2839833B1 (en) * 2002-05-15 2004-11-19 Cogelec ACCESS CONTROL SYSTEM, PORTABLE PROGRAMMING TERMINAL, AND METHOD FOR PROGRAMMING THE ACCESS CONTROL SYSTEM
SE525847C2 (en) * 2003-10-16 2005-05-10 Solid Ab Ways to configure a locking system and locking system
EP1659810B1 (en) * 2004-11-17 2013-04-10 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Updating configuration parameters in a mobile terminal
US20060170533A1 (en) * 2005-02-03 2006-08-03 France Telecom Method and system for controlling networked wireless locks
JP4588646B2 (en) * 2006-02-14 2010-12-01 富士通株式会社 Portable communication device, portable communication device control program, and portable communication device control method
SE529849C2 (en) * 2006-04-28 2007-12-11 Sics Swedish Inst Of Comp Scie Access control system and procedure for operating the system
US20090153291A1 (en) * 2007-11-12 2009-06-18 Ge Security, Inc. Method and apparatus for communicating access to a lockbox
US20100042954A1 (en) * 2008-08-12 2010-02-18 Apple Inc. Motion based input selection

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2010125309A1 *

Also Published As

Publication number Publication date
WO2010125309A1 (en) 2010-11-04
US20120114122A1 (en) 2012-05-10
FR2945177A1 (en) 2010-11-05

Similar Documents

Publication Publication Date Title
EP2425405A1 (en) Secure programming and management system for locks comprising contactless communication means that can be controlled by a portable nfc telephone
EP2425581B1 (en) System for programming a lock comprising contactless nfc communication means
EP2008483B1 (en) Method of securing access to a proximity communication module in a mobile terminal
EP0941525B1 (en) Authenticating system with microcircuit card
EP2500872A1 (en) Secured method for controlling the opening of locking devices by means of a communication object such as a mobile phone
FR2854303A1 (en) METHOD FOR SECURING A MOBILE TERMINAL AND METHOD APPLICATIONS, THE EXECUTION OF APPLICATIONS REQUIRING A HIGH SECURITY LEVEL
FR2989799A1 (en) METHOD FOR TRANSFERRING A DEVICE TO ANOTHER RIGHTS OF ACCESS TO A SERVICE
FR2996947A1 (en) SECURE METHOD FOR OPENING CONTROL OF LOCK DEVICES FROM MESSAGES USING SYMMETRICAL ENCRYPTION
EP3014849B1 (en) Method for changing an authentication key
FR2970617A1 (en) PROTECTION OF A SAFETY ELEMENT COUPLED TO AN NFC CIRCUIT
FR2979726A1 (en) Electronic lock for safe utilized for selling e.g. goods, has keyboard actuated by operator, and smart card connected to reader by utilizing modem that is in communication with central server
EP2656578A1 (en) Managing communication channels in a telecommunication device coupled to an nfc circuit
WO2011033199A1 (en) System for the secure management of digitally controlled locks, operating by means of crypto acoustic credentials
EP2695353A1 (en) Test of the resistance of a security module of a telecommunication device coupled to an nfc circuit against communication channel diversion attacks
EP2612516A1 (en) Protection of a communication channel of a telecommunication device coupled to an nfc circuit against misrouting
EP1815638A1 (en) Method of securing a telecommunication terminal that is connected to terminal user identification module
CA2421850C (en) Method and device for certification of a transaction
EP2447880A1 (en) Method and system for controlling the performance of a function protected by user authentication, in particular for accessing a resource
EP3107030B1 (en) Method for deploying an application in a secure domain in a secure element
EP1263248A1 (en) Method for activating a function in a terminal subscribed to a network
EP1142193A1 (en) Method for secure data loading between two security modules
CA2324772A1 (en) Security arrangement for exchange of encrypted information
US20120190340A1 (en) Method for binding secure device to a wireless phone
GB2412544A (en) Visual verification of the user of a mobile device
CN115735205B (en) Method and system for commissioning or managing offline control equipment

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20111125

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ASSA ABLOY AB

RIN1 Information on inventor provided before grant (corrected)

Inventor name: METIVIER, PASCAL

17Q First examination report despatched

Effective date: 20141009

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20171103