EP2898483A1

EP2898483A1 - Method and system for the configuration of small locking systems

Info

Publication number: EP2898483A1
Application number: EP13776980.8A
Authority: EP
Inventors: Ludger Voss
Original assignee: SimonsVoss Technologies GmbH
Current assignee: SimonsVoss Technologies GmbH
Priority date: 2012-09-21
Filing date: 2013-09-20
Publication date: 2015-07-29
Anticipated expiration: 2033-09-20
Also published as: US20150235497A1; US9811960B2; EP2898483B1; WO2014044832A1

Abstract

The present invention relates to a method and a system for the configuration of small locking systems with electronic locks, preferably electronic locking cylinders, which can preferably communicate with passive RFID cards. The present invention particularly relates to a method and system with which not only the locks/locking cylinders, but also corresponding RFID cards, can be easily configured, preferably using a smartphone.

Description

The invention relates to a method and a system for configuring electronic circuits

Small locking systems with electronic locks, preferably electronic locking cylinders, which can preferably communicate with passive RFID cards. In particular, the present invention relates to a method and system with which not only the locks / lock cylinders but also corresponding electronic identification media for unlocking the locks / lock cylinders can be easily configured, preferably using a smartphone.

BACKGROUND OF THE INVENTION

Electronic locking systems have the advantage over mechanical locking systems that each lock or each access-authorized key, for example in the form of a transponder or RFID card, is individually configurable. To prevent manipulation, however, a complex system for the allocation and management of access rights, as well as for the generation of key data is necessary, consisting of database servers and user interface clients, as well as a programming infrastructure with programming devices and / or network infrastructure. It has to be ensured that the appropriate computer systems are constructed safely and equipped with suitable software. Since the costs for this infrastructure are not negligible, electronic locking systems are typically only available from a certain number of lock cylinders / locks / fittings (hereinafter referred to as closure ) used. The average locking system size is approx. 100 cylinders / fittings and approx. 250 locking media (transponders). Such systems very well support medium sized plants and large plants. Small locking systems in the order of typically less than 100, for example, about 10 locks were, however, rarely equipped with the technically advantageous electronic locks. Reasons for this include the relatively high investment in programming environments (hardware and software), but also the relatively high training costs for a software that is actually intended for larger applications. In addition, the effort for smaller locking systems, for example, for smaller offices with a few locks and few people entitled to access, perceived as a deterrent. The object of the invention is therefore to provide a simplified method or system with which preferably fast, reliable and user-friendly electronic small locking systems can be configured.

SUMMARY OF THE INVENTION

This object is achieved by the method of independent claim 1. Further preferred embodiments of the invention are claimed in the dependent claims.

In particular, with the present invention, a complete solution for smaller locking systems is provided with the preferably on a complex installation of appropriate software in their own company is unnecessary. According to the invention, the locking system, which preferably comprises electronic locks and RFID cards for actuating the locks, can be configured by means of a smartphone.

As a smart phone is commonly referred to a mobile phone that provides more computer functionality and connectivity than a conventional advanced mobile phone. Current smartphones can usually be upgraded with additional functions by the user via additional programs (so-called "apps"). A smartphone can also be understood as a small portable computer (PDA or tablet computer), preferably a small portable computer with additional functionality of a mobile phone. The smartphone. equipped with appropriate software (an app), is used according to the invention as a link between the locks and the complex system for the management and generation of appropriate records for the operation of the locks. In the following, individual system components which can form part of the system / method according to the invention are described in more detail.

Admin app on mobile phone of the administrator

Preferably, all configuration tasks for an inventive

Locking system or Klcinschließanlage (hereinafter referred to as SOHO-locking system, SmallOfficeHomeOffice-Schiießanlage) by an administrator via an "Admin-App" are performed, which is preferably executable on a smartphone and / or a small portable computer. For example, at least one of the following tasks can be counted for the administrative tasks according to the invention: (i) The registration and creation of a new locking system, preferably including the creation of admin accounts on a SOHO cloud server and an OTA key server (OverTheAir key server).

(ii) The inventory of a locking system, in which the associated locks (for example locks / lock cylinders / fittings) and identification media (electronic locks)

Key; e.g. RFID cards, smartphones, transponders) are detected and / or managed.

(iii) The visualization of the locking system in the form of a "touch-and-drag", preferably scrollable, and optionally retractable key identities matrix, which matrix is preferably created as part of an inventory process and / or by manual addition of not yet inventoried locks , or ident media takes place.

(iv) The handling and visualization of programmable target / actual states, wherein for the determination of programming needs preferably a cloud service can be used.

(v) assigning access permissions, preferably by tapping

Authorization field in the lock identification media matrix.

(vi) The allocation of identification media of specific time restrictions (for example: valid from ... to valid on ...), preferably after tapping ident media in the

Closures-Identmcdien matrix.

(vii) The storage of such created locking system data in the cloud (SO HO Cloud

Server and / or OTA MobileKey server).

(viii) download lock data for matrix visualization and program log files for the programming of locks and, optionally, non-OTA-capable ident media (eg key cards).

(ix) The programming of locks and / or ident media via

Programming protocols, for example via a wireless interface (e.g.

Interface, Bluetooth interface) or wired interface.

According to the invention, sensitive data of the locking system are stored outside of the smartphone and preferably also outside the company that wishes to use the locking system. This is achieved, for example, in that these data are stored centrally, preferably centrally in specially equipped facilities that are provided by the provider / manufacturer of the locking system. This central facility Part of this cloud provides a so-called SOHO cloud LSM service, which will be explained in more detail below: Preferably, the admin app accesses this SOHO cloud LSM service, to save locking system data centrally _" in the cloud" and to request key and programming data.

For example, a key server can be used to distribute key data, preferably a mobile-key server that can distribute key data to mobile phones / smartphones. The distribution of key data to mobile phones / smartphones preferably takes place wirelessly, so that an appealing mobile key server is also referred to as an OTA mobile key server. According to a preferred embodiment, the admin app can directly access the (OTA) mobile key server. Alternatively or additionally, the (OTA) mobile key server can also be addressed via the cloud.

SOHO cloud LSM Service

Preferably, a "SOHO cloud LSM service", which is preferably part of the cloud, serves as the central service of the SOHO infrastructure. Here, the user data and / or user profiles (admin access data, authorization matrix, etc.) of the user are stored and / or managed. The preferred central storage of the data "in the cloud" makes it possible to conveniently manage a SOHO locking system from different devices Security-related data such as the locking system password are preferably not stored in the cloud, but this is also conceivable: The SOHO cloud Preferably, the LSS service is addressed by the Admin app and communicates with a record service (see, for example, Figure 1) .The programming needs calculation as well as key records and programming protocols may be provided by the record service.

Record Service

The data record service according to the invention is preferably one of the SOHO cloud

Service used by the LSM server, which can generate key and / or programming data sets for the locks (eg locks / lock cylinders) of the locking system. The generated datasets are preferably returned from the dataset service to the SOHO Cloud LSM service and can be delivered from there to the admin app on the administrator's smartphone (lock programming, creation of conventional keycards) and / or on the one described above Mobile key server, preferably on deposited on the Ο TA Mobile Key Server. Preferably, the record service is addressed directly by the SOHO cloud LSM service.

(OTA) Mobile Key Server

A mobile-key server according to the invention is preferably used for distributing key data to suitable media, i.e., mobile telephones serving as keys, transponders serving as electronic keys or RFID cards serving electronic keys. Preferably, the distribution of key data from the Mobile Key Server is wireless, i.e., Over The Air (OTA). In the following, this is also referred to as OTA distribution of keys or OTA key rollout. Preferably, the OTA mobile key server is addressed by the admin app for rolling out / distributing the key data. For example, the Admin App stores key data on the OTA Mobile Key Server. In addition or as an alternative, key data can also be stored on the OTA Mobile Key Server by the SOHO Cloud LSM Service.

closure

The locking system according to the invention can manage a variety of different electronic-mechanical locking mechanisms (locks), such as special electronic locks, electronic lock cylinders, electronic fittings, etc. Since the spirit of the invention is not in the nature of the electronic-mechanical locking mechanisms used, commonly used term is closure include all these locking mechanisms.

The preferably wireless communication with the closure preferably takes place via an APDU-based protocol. APDU (Application Protocol Data Unit) usually refers to a communication unit between a chip card and an chip card application according to the ISO 7816 standard. The APDU is typically a communication unit at the application level (in the OSI layer model, this corresponds to layer 7). The APDU is differentiated, for example, from command APDUs, which transmit commands to the chip card, and response APDUs, which transmit the card's response to a command. This communication takes place after establishment of the communication by means of Answer to Reset and optional Protocol Type Selection. The structure of command APDU and response APDU are in the ISO standard 7816-4 set. Accordingly, it is advantageous if the closure supports the following two modes of operation:

(a) During programming, the closure behaves like a passive card, which is read out via APDU commands and described with programming protocols.

(b) To read out key data, the closure behaves like a reader that reads key data records from an identification medium (iCarte, key card, etc.) via APDU commands.

According to the invention, the following behavior of the closure is preferred (which may be changed subsequently also with existing locks, for example by changing the firmware): After waking up, the closure searches for a field coming from a reader. If a field is present, the closure switches to card emulation mode and can be read out accordingly via external commands and programmed with programming protocols. If no field is present, the closure will now actively attempt to read a key (key data) from a ID medium (key card, iCarte adapter, etc.) as a reader.

The inventive method enables a simple, safe and efficient configuration of a locking system comprising at least one electronic closure and at least one identification medium for actuating the closure. Preferably, a locking system according to the invention comprises a plurality of locks and a plurality of identification media, wherein a configuration on the one hand serves for the inventory of the locks and ident media, ie it is determined which locks and which ident media belong to the locking system. In addition, the configuration of the locking system is used to assign access rights, ie it is determined which ident medium to open which closures are used. The configuration preferably includes the following steps. First, a smartphone with software (admin app) should be provided for configuration, the smartphone can communicate with the locks and the identification medium via radio. On the one hand, this serves to uniquely identify the locks and the ID medium and, on the other hand, to program the locks and identification media. According to the invention, an identification and programming of the closures and identification media takes place by simply "coming off". Subsequently, ie, for already-identified locks and identification media, an assignment of access rights with regard to the data media to the locks can be made using the Admin-App on the Smartphone. Preferably, this assignment of access rights by means of a locks ident media matrix, which is visualized on the display of the smartphone. First, these access rights and their assignment will be stored locally on the smartphone. Subsequently, data required for the management of the locking system is transmitted to the cloud. Preferably, these data contain the assignment of the access rights, data relating to the locks of the locking system and / or data relating to the identification media of Schließanlagc, possibly even user data. Based on this data, a new data record is generated in the cloud, which preferably contains encrypted programming data or unencrypted programming data, which is used to program the shutters. In addition, this newly generated record preferably contains key data that can be stored on ident media and used to operate the locks. The newly generated data record preferably contains encrypted or unencrypted programming data and / or encrypted or unencrypted key data, which are transmitted from the cloud to the smartphone. This enables the smartphone to transmit the key data to ident media and / or transmit the programming data to the locks so that the ident media can now be used to operate the locks according to the particular assignment. According to the invention, a closure can be, for example, a device from the group: electronic lock cylinder, electronic lock and electronic fitting. According to the invention, an identification medium can be, for example, a device from the group: RFID card, key card, smartphone with RFID functionality and transponder. An RFID functionality of a smartphone can be achieved, for example, with the aid of an adapter. Thus, it is possible with a smartphone that contains the Admin App to configure the locking system. If the smartphone also or alternatively the "Mobile-Key-App" is installed, then it is possible, the (encrypted) key data for receiving or download and then to open the locks of the locking system for which access rights are set as authorized.

The assignment of access rights of Idenmedien to corresponding closures can be made according to the invention preferably very easily by means of a locks Identmedicn matrix, which is shown on the display of the smartphone.

The cloud includes at least two services, a record service and a cloud ESM service. The smartphone preferably communicates with the cloud LSM service wherein this cloud LSM service preferably communicates with the record service. The data record service is preferably used to generate key data and / or programming data that are preferably part of a data record that is generated by the data record service. In particular, user data is also stored or generated on the basis of the allocations on the cloud LSM service.

To transfer the key data generated in the cloud to smartphones, the cloud can have a mobile key server. Preferably, this mobile-key server is realized as an OverTheAir mobile-key server, so that the key data can be sent wirelessly, preferably via the mobile network to a smartphone with appropriate software (mobile key app).

The fiction, contemporary method allows already inventoried existing locking systems to configure and add more locks and / or ident media to the locking system by inventory. In addition, it is also possible according to the invention to reconfigure a new locking system from the beginning. For this it is necessary to first inventory the locks and / or ident media.

In the following, a process of a configuration of the locking system will be briefly described. The user / admin orders and gets delivered: i Lock cylinder with RFID / NFC interface; j Cards Mifare Classic (blank) or Mifare DESFire (pre-formatted); Adapter Attachments / microSDs for Mifare Ciassic / DESFire emulation. The user starts AdminApp on the smartphone and assigns a password for his newly created locking system. Subsequently, the user taps lock cylinder and assigns names for these closures. Then he tapes the cards / iCartes and assigns usernames. This creates a matrix in which he then assigns authorizations. When "Save to Cloud" is tapped, the locking data that has just been generated is sent via https to the "cloud" or to the "SOHO cloud service." For example, locking plan data can include a lock password, unique hardware identifications of the locks, and names assigned by the user , Unique IDs of the cards / adapters along with the usernames assigned by the user, closing permissions, whoever closes where, may still have time restrictions.

A downstream service then generates progamming protocols for all affected users

Devices (locks, cards, adapters / iCartes) and sends them back to the user's smartphone. There they are first cached (in a place without special Safety requirements). If the user then subsequently taps the individual devices a second time in any order, the programming protocol lc prepared for the respective device is skipped.

This process can be so fast that even a single session (from the user's point of view) is sufficient. The device data is recorded and sent together with the locking plan data to the SOHO cloud server, where it is processed and the resulting program logs are sent back to the smartphone and immediately programmed into the respective device (lock / card / ICarte adapter).

The communication to the cloud servers is preferably secured https. The admin phone is preferably safe. It is operated by the person who has the sovereignty over the locking system anyway. Programming data records are digitally signed by the SOHO Cloud Service and the signature is verified by the respective closure so that no manipulation is possible on the way between server and closure. In addition: The communication between record service via Mobile-Key Server to the adapters is preferably encrypted end-to-end (adapters (iCartes) / microSDs are initialized once by the admin with a key-data-key, then they can with the OTA servers communicate without the help of the admins.

BRIEF DESCRIPTION OF THE DRAWINGS

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings. Show it:

1 shows a schematic overview of the basic structures of the locking system according to the invention;

FIG. 2 shows a lock identity media matrix as it is displayed on a display of a smartphone; FIG.

Figures 3, 4 and 5 show a preferred design of a key ID media matrix as displayed on a display of a smartphone;

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

FIG. 1 shows as the first embodiment of the invention a schematic overview of the basic structures of a system according to the invention. An advantage of the invention is that the locking system - preferably comprising a plurality of electronic locks - preferably installed and / or managed by using an admin app 1, which can be preferably carried out on a mobile phone, a smartphone, a tablet computer and / or a computer can be. In particular, the admin app may be considered as an implementation of a system component according to the invention that represents a user interface. The admin app preferably provides at least one of the following functions:

Login or registration

Preferably, authentication of an administrator by the admin app is initially preferred in order to prevent manipulation. For example, an administrator can authenticate himself in a login window with input field for user name and password (login password), whereby the password can also be the locking system password. Alternatively, the login password and the locking system password may be different passwords / passwords. For example, when you log in for the first time, an entry field appears for creating a new user name plus password including password repetition. If a secure item is available on the smartphone, for example a secure element for NFC running the admin app, the password can be stored in the secure element, so that for subsequent logins, for example, a short PIN is considered sufficient for authentication can.

The thus authenticated user (administrator) can now, for example, create ident media (for example key card 11 in FIG. 1), create locks (for example lock 10 in FIG. 1). In other words, first the locks of the locking system are registered with the corresponding identification media. In addition, the administrator can specify which with which identification media which locks can be opened, that is, it can be an assignment of access rights of the identification media on the locks are visualized, for example, in a lock identification media matrix. For example, in FIG. 2, a key tag matrix is generally shown, and more particularly illustrated in FIG. Preferably, the assignment of closure to identification medium (initially) is cached locally only in the smartphone.

If later a "save to cloud" command is executed (for example in the matrix window, see FIG. 3), new "accounts" are created according to the allocations in the cloud, preferably on a SOHO cloud server 101. The method according to the invention makes it possible, in addition to creating closures, to "pop up success" and then obtain the locks identification media matrix and identity media as well as the inventory of locks and ident media. "After successful login to the admin app, for example, you get a short display of the smartphone (see Figures 2 and 3) Here two symbols can also be displayed, "Add Lock" and "Add Key." The Closing Identity Matrix can then be created by adding new locks (Add Lock) or new ident media (Add Key) to be changed.

According to a preferred embodiment, after each successful login, it must first be checked on the SOHO cloud server whether there is already locking system data for this account. If so, they are downloaded and visualized in the matrix. A successful download is therefore in this case preferably a prerequisite for a subsequent work on the locking plan.

If you tap on one of the "Add" symbols (Add Key, Add Lock), an additional empty column or row is created in the matrix and the lower half of the display shows a keyboard so that you now have a name for the closure to be added 4) The name should preferably be entered at the right place in the matrix when typing in. For this purpose, the matrix is preferably automatically scrolled in such a way that the name field to be described is visible one "Return" (or "Done"), the keyboard disappears and one is again in the view of Fig. 3. Preferably, the newly created closure is marked (eg blue background) and the font is eg in italics (this is the hint that the closure has not yet been inventoried.) Now the user / administrator has the option to immediately flick this marked closure with the smartphone or another of the Add "to tap icons. If a closure is tapped, ie if a wireless communication between the smartphone and the closure is established, the closure is inventoried by name and UID / PHI and then preferably appears in normal step in the matrix, symbolizing a completed process. If, on the other hand, it has not been tapped, the typeface remains italic, so that the closure is not yet inventoried. The inventory can preferably be made up at any time by marking the name of the closure to be inventoried by tapping on the smartphone (eg causes a blue deposit). Then you tap the closure in question; This will uniquely associate your hardware identi Her (UID for cards, PHl for locks) with the name chosen by the admin. The just illustrated inventory of closures can be done accordingly for ID media, ie, the method in the above-described section is also applicable if the term closing in ident medium is replaced. Preferably, the process of creating and inventorying is repeated until the complete locking system is detected.

A locking system designed in this way can be easily visualized on the display of the smartphone by means of the locking identities matrix according to the invention (see FIG. 5). For example, FIG. 5 shows the locking system name ("Peter's Lockplan"), the locks / locks ("Main Entrance", Lock # 1, ...), the identification media ("Master Key", Peter Martens) , ...), the authorization structure (see below), markings (eg deposit), need for programming (lightning symbol), possible time restrictions for ident media (clock symbol) Preferably this matrix can be scrolled via "Touch and Drag". For example, scrolling to the right or left will leave the lock system names (in the example above, "Peter's Lockplan"), as well as the names of the locks, while the names of the keys follow the movement of the Matrix window scrolled up or down, the names of the locks correspondingly follow the movement of the matrix window, while the locker name and the keys' names are left standing.Preferably, the matrix can be raised so that the input fields can be enlarged so as to be comfortable at the touch of a finger Set or remove authorization tokens.

The assignment of access authorizations is preferably carried out by tapping authorization folders in the matrix. The withdrawal of access authorizations is preferably carried out by tapping again. This usually results in programming requirements that are visualized with programming flashes after a "save to cloud" (see Fig. 3) and automatic download of the programming data (see below) Programming requirements are preferred for both the affected locks and the affected ident media displayed.

The matrix according to the invention also makes possible an illustrative visualization of

Programming target and actual states. There are preferably four possibilities for the authorization state, which can be visualized as follows: (i) no cross displayed, ID medium should not be authorized and is not authorized (no programming requirement); (ii) cross in italics or shown in a thin line, identification medium should be authorized if closed, but is not yet eligible (program requirement); (iii) cross bold (bold) shown thin, ident medium authorized and is also eligible (no programming needs); (iv) Cross displayed in reverse, identification medium should not be authorized, but is still authorized (programming condition).

Another advantage of the locking system according to the invention lies in the allocation of device specific properties, i. in the assignment of specific properties for individual closure (s) and / or individual Identmedium / Identmedien. Device specific properties are assigned, for example, by tapping Devices (locks or ID media) twice in the matrix (alternative: long tap). After tapping the name of a device for the first time, this will be e.g. deposited (In this state, which is reached after a single tap, one could inventorize a device that has not yet been inventoried by means of an appendage, see above). If you tap the name of the just-selected device a second time, the following specific properties can preferably be assigned.

For a closure, a dialog window with editable input fields can be opened in which the name of the closure and / or how long the closure should remain open after opening can be entered. If the closure has already been inventoried and a "Save to Cloud" has already taken place, an additional question / symbol appears, for example, which releases a transparent information field with closing data after clicking.

Similar dialog boxes can be edited for an ident medium, ie, for example, the name of the key ("Name of Key") and / or periods at which the identification medium has access to the key ("Key shall be valid from", "Key shall expire"). If the identification medium is already fully inventoried and the system has determined that it is a smartphone, then further input fields may appear which determine how long the identification medium is valid after a download ("Key shall be valid for hours after download of key data ").

The storage of locking system data in the cloud, as well as the passage of key data received from the cloud for smartphones to the OTA key server is preferably carried out after tapping the button "Save to Cloud" in the matrix-base-Vicw. For example, after tapping "Save to Cloud" in the matrix base view, a dialog box will be displayed showing the progress of the process with progress bars, for example, web services-based functionalities may include all admin-generated lock system data in the SV locker database of the system SOHO cloud servers can be stored in the cloud.These functions can be downloaded from the Cloud for a visualization in the matrix, after the successful login of the Admins a service that can determine all programming needs.

After a successful upload of the locking system data ("Save to Cloud"), programming data records for all locks and ID media are again determined or calculated by a central service (data record service 102) and then sent back to the admin smartphone and stored there Key data (data for the ident media) for smartphones are also sent to the OTA key server 103, from where they can always be picked up by the MobileKey users (MobileKey App) .This is shown in FIG deposit ". Alternatively or additionally, the key data may also be sent from the SOHO cloud LSM scrv 101 directly to the OTA key server 103 (not directly shown in FIG. 1).

A central service of the system according to the invention is the SOHO cloud LSM service. This service allows the storage and administration of user data and profiles (admin access data, authorization matrix, etc.) of the SOHO users on a central database server. The central storage of the data "in the cloud" makes it possible to conveniently manage a SOHO locking system from different devices, but security-relevant data such as the locking system password are not stored in the cloud - the SOHO cloud LSM service is addressed by the admin app and communicates with the record service.

The invention also includes the exact or exact terms, features, numerical values or ranges, etc. when, above or below, these terms, features, numerical values or ranges are used in conjunction with terms such as, for example. "About, about, um. essentially, in general, at least, have been named "at least", etc. (ie, "about 3" is also intended to include "3" or "substantially radial" and "radially" as well). also means ..and / or ".

Claims

1. A method for configuring a locking system comprising at least one electronic lock (10) and at least one identification medium (11) for actuating the lock, the method comprising the following steps:

a) providing a smartphone (1) with software (Admin App) for configuring the at least one closure (10) and the at least one identification medium (1 1), wherein the smartphone communicate with the closure and the Identrnedium via radio (F 1 , F2) can;

b) assigning access rights of the data medium (1 1) to the closure (10) by means of the software of the smartphone (1) and locally storing this assignment of the access rights in the smartphone; c) reading of closure / identification medium-specific identification data and transmission of these data, as well as the access right data from b) to a cloud (100),

d) generating programming data, preferably encrypted programming data, and / or key data in the cloud (100) based on the transmitted assignments;

e) transmitting the programming data or the encrypted programming data and / or key data from the cloud to the smartphone (1); and

f) transmitting (F1) the key data from the smartphone to the at least one Identrnedium (1 1) and / or transmitting (F2) the programming data from the smartphone to the closure.

2. The method of claim 1, wherein the locking system comprises a plurality of electronic locks (10) and a plurality of ident media (1 1).

3. The method according to claim 1 or 2, wherein

i) a closure may be a device from the group: electronic master cylinder, electronic lock and electronic fitting; and or

ii) an identification medium can be a device from the group: RFID card, key card, smartphone (1) with RFID functionality and transponder.

4. The method according to any one of the preceding claims, wherein the smartphone (1) with Hil fe an adapter (3) with the closure (10) and / or the identification medium (1 1) communicates.

5. The method according to any one of the preceding claims, wherein the assignment of access rights of Idcnmedien on corresponding closures by means of a closures ident media matrix on the display of the smartphone can be visualized and configured.

6. The method according to any one of the preceding claims, wherein the cloud

(100) a record service (102) and a cloud LSM service

(101), wherein the smartphone (1) communicates with the cloud LSM service and the cloud LSM service communicates with the record service, the key data and programming data preferably being part of a record generated by the record service become.

The method of any preceding claim, wherein user data is stored based on the associations by the cloud LSM service (101).

The method of any one of the preceding claims, wherein the cloud (100) additionally comprises a mobile key server (103) for storing and distributing the key data. wherein the key data from an identification medium (1 1, 2) are used to open a closure (10), and the mobile key server (103) the key data to a smartphone (2) with appropriate software (mobile key app ) transmitted.

9. The method of claim 6, wherein the mobile-key server (103) is an OverTheAir mobile-key server (103) and the key data wirelessly, preferably via the mobile network to a smartphone (2) with an appropriate software (Mobile-). Key App).

10. The method according to any one of the preceding claims, wherein between step a) and b) the step

al) is carried out for the inventory of the at least one closure and / or the at least one identification medium, in which the at least one closure and / or the at least one identification medium is detected and uniquely identified, and

in step c) additionally data concerning the detected closures and / or Identmedicn are transmitted to the cloud.

1 1. Locking system with:

several electronic locks (10);

several Identmedicn (1 1) for actuating the locks

(10);

a smartphone (1) with software (Admin-App) for configuring the locks (10) and / or the ident media (1 1), wherein the Smartphonc is configured with the help of software that access rights of the Idcnmedicn (1 1) on corresponding closures (10) can be assigned and these assignments are transmitted to a cloud (100),

wherein programming data or encrypted programming data and / or key data generated in the cloud (100) can be received by the smartphone and this encrypted data from the smartphone to the locks and / or ID media can be transferred.