EP2898483B1 - Method and system for the configuration of small locking systems - Google Patents

Description

The invention relates to a method and a system for configuring electronic small locking systems with electronic locks, preferably electronic locking cylinders, which can preferably communicate with passive RFID cards. In particular, the present invention relates to a method and system with which not only the locks / lock cylinders but also corresponding electronic identification media for unlocking the locks / lock cylinders can be easily configured, preferably using a smartphone.

BACKGROUND OF THE INVENTION

Electronic locking systems have the advantage over mechanical locking systems that each lock or each access-authorized key, for example in the form of a transponder or RFID card, is individually configurable. To prevent manipulation, however, a complex system for the allocation and management of access rights, as well as for the generation of key data is necessary, consisting of database servers and user interface clients, as well as a Programmierinfrasturktur with programming devices and / or network infrastructure. It must be ensured that appropriate computer systems are set up safely and equipped with suitable software. Since the costs of this infrastructure are not negligible, electronic locking systems are typically used only from a certain number of lock cylinder / locks / fittings (hereinafter referred to as closure). The average locking system size is approx. 100 cylinders / fittings and approx. 250 locking media (transponders). Such systems very well support medium sized plants and large plants. Small locking systems in the order of typically less than 100, for example, about 10 locks were, however, rarely equipped with the technically advantageous electronic locks. Reasons for this include the relatively high investment in programming environments (hardware and software), but also the relatively high training costs for a software that is actually intended for larger applications. In addition, the effort for smaller locking systems, for example, for smaller offices with a few locks and few people entitled to access, perceived as a deterrent.

The US2012 / 0213362A1 shows a method for configuring a key / lock system by means of a smartphone, which communicates via radio with a central server.

The object of the invention is therefore to provide a simplified method or system with which preferably fast, reliable and user-friendly electronic small locking systems can be configured.

SUMMARY OF THE INVENTION

This object is achieved by the method of independent claim 1. Further preferred embodiments of the invention are claimed in the dependent claims.

In particular, with the present invention, a complete solution for smaller locking systems is provided with the preferably on a complex installation of appropriate software in their own company is unnecessary. According to the invention, the locking system, which preferably comprises electronic locks and RFID cards for actuating the locks, can be configured by means of a smartphone.

As a smart phone is commonly referred to a mobile phone that provides more computer functionality and connectivity than a conventional advanced mobile phone. Current smartphones can usually be upgraded with additional functions by the user via additional programs (so-called "apps"). A smartphone can also be understood as a small portable computer (PDA or tablet computer), preferably a small portable computer with additional functionality of a mobile phone. The smartphone, which is equipped with appropriate software (an app), is used according to the invention as a link between the locks and the complex system for managing and generating corresponding data sets for operating the locks. In the following, individual system components which can form part of the system / method according to the invention are described in more detail.

Admin app on mobile phone of the administrator

1. (i) Die Registrierung und Erstellung einer neuen Schließanlage, vorzugsweise inklusiv Anlegen von Admin-Accounts auf einem SOHO-Cloud-Server und einem OTA-Key Server (OverTheAir-Schlüssel Server).
2. (ii) Die Inventarisierung einer Schließanlage, bei der die zugehörigen Schließungen (z.B. Schlösser/SchließzylinderBeschläge) und Identmedien (elektronische Schlüssel; z.B. RFID Karten, Smartphones, Transponder) erfasst und/oder verwaltet werden.
3. (iii) Das Visualisieren der Schließanlage in Form einer per "Touch-and-Drag", vorzugsweise scrollbaren sowie optional aufziehbaren Schließungen-Identmedien-Matrix, wobei diese Matrix vorzugsweise im Rahmen eines Inventarisierungsprozesses entsteht und/oder durch manuelles Hinzufügen von noch nicht inventarisierten Schließungen, bzw. Identmedien erfolgt.
4. (iv) Das Handling und die Visualisierung von Programmier-Soll/Ist-Zuständen, wobei zur Ermittlung von Programmierbedürfnissen vorzugsweise auf einen Cloud-Service zurückgegriffen werden kann.
5. (v) Das Vergeben von Zugangsberechtigungen, vorzugsweise per Antippen von Berechtigungsfeldern in der Schließungen-Identmedien-Matrix.
6. (vi) Die Vergabe Identmedien spezifischer zeitlicher Beschränkungen (z.B.: gültig von ... bis ...; gültig am ...), vorzugsweise nach Antippen von Identmedien in der Schließungen-Identmedien-Matrix.
7. (vii) Das Ablegen so erstellter Schließanlagendaten in der Cloud (SOHO Cloud Server und/oder OTA MobileKey Server).
8. (viii) Das Herunterladen von Schließanlagendaten für die Matrixvisualisierung sowie von Programmierprotokollen für die Programmierung von Schlössern und optional auch von nicht-OTA-fähigen Identmedien (z. B. Schlüsselkarten).
9. (ix) Die Programmierung von Schlössern und/oder Identmedien über Programmierprotokolle, beispielsweise über eine drahtlose Schnittstelle (z.B. NFC-Schnittstelle, Bluetooth-Schnittstelle) oder eine kabelgebundene Schnittstelle.

Preferably, all configuration tasks for a locking system according to the invention or small locking system (hereinafter also referred to as SOHO locking system; SmallOfficeHomeOffice locking system) can be performed by an administrator via an "Admin App", which can preferably be executed on a smartphone and / or a small portable computer is. For example, at least one of the following tasks can be counted for the administrative tasks according to the invention:

1. (i) The registration and creation of a new locking system, preferably including the creation of admin accounts on a SOHO cloud server and an OTA key server (OverTheAir key server).
2. (ii) The inventory of a locking system in which the associated locks (eg locks / lock cylinder fittings) and identification media (electronic keys, eg RFID cards, smartphones, transponders) are recorded and / or managed.
3. (iii) The visualization of the locking system in the form of a "touch-and-drag", preferably scrollable and optionally windable locks identification media matrix, this matrix preferably arises as part of an inventory process and / or by manually adding not yet inventoried locks , or ident media takes place.
4. (iv) The handling and visualization of programming target / actual states, wherein for the determination of programming needs preferably on a cloud service can be used.
5. (v) Assigning access permissions, preferably by tapping authorization fields in the lock identity media matrix.
6. (vi) The assignment of identification media of specific time restrictions (eg: valid from ... to ..., valid on ...), preferably after tapping on ident media in the lock identification media matrix.
7. (vii) The storage of such created locking system data in the cloud (SOHO Cloud Server and / or OTA MobileKey Server).
8. (viii) Download lock data for matrix visualization and programming protocols for the programming of locks and, optionally, non-OTA enabled identifiers (eg key cards).
9. (ix) The programming of locks and / or identification media via programming protocols, for example via a wireless interface (eg NFC interface, Bluetooth interface) or a wired interface.

According to the invention, sensitive data of the locking system are stored outside of the smartphone and preferably also outside the company that wishes to use the locking system. This is achieved, for example, in that these data are stored centrally, preferably centrally in specially equipped facilities that are provided by the provider / manufacturer of the locking system. This central facility Part of this cloud provides a so-called SOHO cloud LSM service, which will be explained in more detail below: Preferably, the admin app accesses this SOHO cloud LSM service, to save locking system data centrally "in the cloud" and to request key and programming data.

For example, a key server can be used to distribute key data, preferably a mobile-key server that can distribute key data to mobile phones / smartphones. The distribution of key data to mobile phones / smartphones preferably takes place wirelessly, so that an appealing mobile key server is also referred to as an OTA mobile key server. According to a preferred embodiment, the admin app can directly access the (OTA) mobile key server. Alternatively or additionally, the (OTA) mobile key server can also be addressed via the cloud.

SOHO cloud LSM Service

Preferably, a "SOHO cloud LSM service", which is preferably part of the cloud, serves as the central service of the SOHO infrastructure. Here, the user data and / or user profiles (admin access data, authorization matrix, etc.) of the user are stored and / or managed. The preferred central storage of the data "in the cloud" makes it possible to conveniently manage a SOHO locking system from different devices. Security-relevant data such as the locking system password are preferably not stored in the cloud, but this is also conceivable. The SOHO cloud LSM service is preferably addressed by the admin app and communicates with a record service (see for example Fig. 1 ). Programming requirement calculation as well as key data records and programming protocols can be provided by the record service.

Record Service

The record service according to the invention is a service preferably used by the SOHO cloud LSM server, which can generate key and / or programming data sets for the locks (eg locks / lock cylinders) of the locking system. The generated data records preferably go back to the SOHO Cloud LSM service from the record service and can be delivered from there to the Admin app on the administrator's smartphone (lock programming, creation of conventional key cards) and / or on the one described above Mobile key server, preferably on deposited with the OTA Mobile Key Server. Preferably, the record service is addressed directly by the SOHO cloud LSM service.

(OTA) Mobile-key server

A mobile-key server according to the invention is preferably used for distributing key data to suitable media, i.e., mobile phones that serve as keys, transponders that serve as electronic keys, or RFID cards that can serve as electronic keys. Preferably, the distribution of key data from the Mobile Key Server is wireless, i.e., Over The Air (OTA). Hereinafter, this is also referred to as keys OTA distribution or OTA key rollout. Preferably, the OTA mobile key server is addressed by the admin app for rolling out / distributing the key data. For example, the Admin App stores key data on the OTA Mobile Key Server. In addition or as an alternative, key data can also be stored on the OTA Mobile Key Server by the SOHO Cloud LSM Service.

closure

The locking system according to the invention can manage a variety of different electronic-mechanical locking mechanisms (locks), such as special electronic locks, electronic lock cylinders, electronic fittings, etc. Since the spirit of the invention is not in the nature of the electronic-mechanical locking mechanisms used, commonly used term is closure include all these locking mechanisms.

1. (a) Bei der Programmierung verhält sich die Schließung wie eine passive Karte, die über APDU-Kommandos ausgelesen und mit Programmierprotokollen beschrieben wird.
2. (b) Zum Auslesen von Schlüsseldaten verhält sich die Schließung wie ein Leser, der über APDU-Kommandos Schlüsseldatensätze aus einem Identmedium (iCarte, Schlüsselkarte, ...) liest.

The preferably wireless communication with the closure preferably takes place via an APDU-based protocol. APDU (Application Protocol Data Unit) usually refers to a communication unit between a chip card and an chip card application according to the ISO 7816 standard. The APDU is typically a communication unit at the application level (in the OSI layer model, this corresponds to layer 7). The APDU is differentiated, for example, from command APDUs, which transmit commands to the chip card, and response APDUs, which transmit the card's response to a command. This communication takes place after establishment of the communication by means of Answer to Reset and optional Protocol Type Selection. The structure of command APDU and response APDU are in the ISO standard 7816-4 set. Accordingly, it is advantageous if the closure supports the following two modes of operation:

1. (a) During programming, the closure behaves like a passive card, which is read out via APDU commands and described with programming protocols.
2. (b) To read out key data, the closure behaves like a reader that uses APDU commands to read key data records from an ID medium (iCarte, key card, ...).

According to the invention, the following behavior of the closure is preferred (which may be changed subsequently also with existing locks, for example by changing the firmware): After waking up, the closure searches for a field coming from a reader. If a field is present, the closure switches to card emulation mode and can be read out accordingly via external commands and programmed with programming protocols. If no field is present, the closure will now actively attempt as a reader to read a key (key data) from an ID medium (key card, iCarte adapter, etc.).

The inventive method enables a simple, safe and efficient configuration of a locking system comprising at least one electronic closure and at least one identification medium for actuating the closure. Preferably, a locking system according to the invention comprises a plurality of locks and a plurality of identification media, wherein a configuration on the one hand serves for the inventory of the locks and ident media, ie it is determined which locks and which ident media belong to the locking system. In addition, the configuration of the locking system is used to assign access rights, ie it is determined which ident medium to open which closures are used. The configuration preferably includes the following steps. First, a smartphone with a software (admin app) should be provided for configuration, the smartphone can communicate with the locks and the identification medium via radio. On the one hand, this serves to uniquely identify the locks and the ID medium and, on the other hand, to program the locks and identification media. According to the invention, an identification and programming of the closures and identification media takes place by simply "coming off". Subsequently, ie, for already-identified locks and identification media, an assignment of access rights with regard to the data media to the locks can be made using the Admin-App on the Smartphone. Preferably, this assignment of access rights by means of a locks ident media matrix, which is visualized on the display of the smartphone. First, these access rights and their assignment are stored locally on the smartphone. Subsequently, data required for managing the locking system is transmitted to the cloud. Preferably, these data contain the assignment of the access rights, data relating to the locks of the locking system and / or data relating to the ident media of the locking system, possibly even user data. Based on this data, a new data record is generated in the cloud, which preferably comprises encrypted programming data or unencrypted programming data, which is used to program the shutters. In addition, this newly generated record preferably contains key data that can be stored on ident media and used to operate the locks. The newly generated data record preferably contains encrypted or unencrypted programming data and / or encrypted or unencrypted key data, which are transmitted from the cloud to the smartphone. This enables the smartphone to transmit the key data to ident media and / or transmit the programming data to the locks so that the ident media can now be used to operate the locks according to the particular assignment. According to the invention, a closure can be, for example, a device from the group: electronic lock cylinder, electronic lock and electronic fitting. According to the invention, an identification medium can be, for example, a device from the group: RFID card, key card, smartphone with RFID functionality and transponder. An RFID functionality of a smartphone can be achieved, for example, with the aid of an adapter. Thus, it is possible with a smartphone that contains the Admin App to configure the locking system. If the smartphone also or alternatively the "Mobile-Key-App" is installed, then it is possible, the (encrypted) key data for receiving or download and then to open the locks of the locking system for which access rights are set as authorized.

The assignment of access rights of Idenmedien to corresponding closures can be made according to the invention preferably very easily by means of a locks ident media matrix, which is shown on the display of the smartphone.

The cloud includes at least two services, a record service and a cloud LSM service. The smartphone preferably communicates with the cloud LSM service wherein this cloud LSM service preferably communicates with the record service. The data record service is preferably used for generating key data and / or programming data that are preferably part of a data record that is generated by the data record service. In particular, user data is also stored or generated on the basis of the allocations on the cloud LSM service.

To transfer the key data generated in the cloud to smartphones, the cloud may include a mobile key server. Preferably, this mobile-key server is realized as an OverTheAir mobile-key server, so that the key data can be sent wirelessly, preferably via the mobile network to a smartphone with appropriate software (mobile key app).

The method according to the invention makes it possible to already inventorize existing locking systems and also to add further locks and / or identification media to the locking system by means of an inventory. In addition, it is also possible according to the invention to reconfigure a new locking system from the beginning. For this it is necessary to first inventory the locks and / or ident media.

In the following, a process of a configuration of the locking system will be briefly described. The user / admin orders and gets delivered: i Lock cylinder with RFID / NFC interface; j Cards Mifare Classic (blank) or Mifare DESFire (pre-formatted); Adapter Attachments / microSDs for Mifare Classic / DESFire Emulation. The user starts AdminApp on the smartphone and assigns a password for his newly created locking system. Subsequently, the user taps lock cylinder and assigns names for these closures. Then he tapes the cards / iCartes and assigns usernames. This creates a matrix in which he then assigns authorizations. If you tap on "Save to Cloud", the currently generated locking plan data is sent via https to the "cloud" or to the "SOHO cloud service". Lock plan data may include, for example, locker password, unique hardware identifiers of the locks along with the user-assigned names, unique IDs of the cards / adapters along with user-assigned usernames, lock permissions, who closes where, and may have time constraints.

A subordinate service then generates programming logs for all affected devices (locks, cards, adapters / iCartes) and sends them back to the user's smartphone. There they are first cached (in a place without special Safety requirements). If the user then subsequently taps the individual devices in any order a second time, the programming protocols prepared for the respective device are run. This process can be so fast that even a single session (from the user's point of view) is sufficient. The device data is recorded and sent together with the locking plan data to the SOHO cloud server, where it is processed and resulting programming protocols are sent back to the smartphone and immediately programmed into the respective device (lock / card / ICarte adapter).

The communication to the cloud servers is preferably secured https. The admin phone is preferably safe. It is operated by the person who has the sovereignty over the locking system anyway. Programming data records are digitally signed by the SOHO Cloud Service and the signature is verified by the respective closure so that no manipulation is possible on the way between server and closure. In addition: The communication between record service via Mobile-Key Server to the adapters is preferably encrypted end-to-end (adapters (iCartes) / microSDs are initialized once by the admin with a key-data-key, then they can with the OTA servers communicate without the help of the admins.

BRIEF DESCRIPTION OF THE DRAWINGS

Fig. 1

einen schematischen Überblick der Grundstrukturen des erfindungsgemäßen Schließsystems;

Fig. 2

eine Schließungen-Identmedien-Matrix wie sie auf einem Display eines Smartphones dargestellt wird;

Fig. 3, 4und 5

ein bevorzugtes Design einer Schließungen-Identmedien-Matrix wie sie auf einem Display eines Smartphones dargestellt wird;

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings. Show it:

Fig. 1

a schematic overview of the basic structures of the locking system according to the invention;

Fig. 2

a lock identity media matrix as displayed on a display of a smartphone;

3, 4 and 5

a preferred design of a lock ID media matrix as displayed on a display of a smartphone;

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

FIG. 1 shows as a first embodiment of the invention a schematic overview of the basic structures of a system according to the invention. An advantage of the invention
is that the locking system - preferably comprising a plurality of electronic locks - preferably installed and / or managed by using an admin app 1, which can be preferably carried out on a mobile phone, a smartphone, a tablet computer and / or a computer can be. In particular, the admin app may be considered as an implementation of a system component according to the invention that represents a user interface. The admin app preferably provides at least one of the following features:

Login or registration

Preferably, authentication of an administrator by the admin app is initially preferred in order to prevent manipulation. For example, an administrator can authenticate himself in a login window with input field for user name and password (login password), whereby the password can also be the locking system password. Alternatively, the login password and the locking system password may be different passwords / passwords. For example, when you log in for the first time, an entry field appears for creating a new user name plus password including password repetition. If a secure item is available on the smartphone, for example a secure element for NFC running the admin app, the password can be stored in the secure element, so that for subsequent logins, for example, a short PIN is considered sufficient for authentication can.

The thus authenticated user (administrator) can now, for example, identify media (for example key card 11 in FIG Fig. 1 ), locks (for example, lock 10 in Fig. 1 ) invest. In other words, first the locks of the locking system are registered with the corresponding identification media. In addition, the administrator can specify with which ID media which locks can be opened, ie, an assignment of access rights of the ID media to the locks can take place, which are visualized, for example, in a lock ID media matrix. For example, in Fig. 2 a closure identifier matrix is shown generally, and more particularly in FIG Fig. 3 shown. Preferably, the assignment of closure to identification medium (initially) is cached locally only in the smartphone.

If later, a "Save to Cloud" command (for example, in the matrix window, see Fig. 3 ) is executed, new "accounts" are created according to the allocations in the cloud, preferably on a SOHO cloud server 101.

The inventive method allows in addition to the creation of closures "Success" pop-up and then gets the locks ident media matrix and identification media and the inventory of locks and ID media. After a successful login on the admin app, for example, you get a short display of the smartphone (see Figures 2 and 3 ). Here you can also display two icons, "Add Lock" and "Add Key". The lock identification media matrix can then be changed by adding new locks (Add Lock) or new identifiers (Add Key).

According to a preferred embodiment, after each successful login, it may / must first be checked on the SOHO cloud server whether there is already locking system data for this account. If so, they are downloaded and visualized in the matrix. A successful download is therefore in this case preferably a prerequisite for a subsequent work on the locking plan.

If you tap on one of the "Add" symbols (Add Key, Add Lock), an additional empty column or row is created in the matrix and the lower half of the display shows a keyboard so that you now have a name for the closure to be added / Ident medium can assign (see Fig. 4 ). The name should preferably be entered at the right place in the matrix when typing. For this purpose, the matrix is preferably automatically scrolled so that the name field to be described is visible. After entering the name you press "Return" (or "Done"), the keyboard disappears and you are back in the view of Fig. 3 , Preferably, the newly created closure is highlighted (eg blue background) and the font is eg italic (this is the indication that the closure is not yet inventoried). Now the user / administrator has the choice to immediately tap this marked closure with the smartphone or touch one of the "Add" icons again. If a closure is tapped, ie, wireless communication between the smartphone and the closure is established, the closure is inventoried by name and UID / PHI and then preferably appears in normal font in the matrix, symbolizing a completed process. If, on the other hand, it has not been tapped, the typeface remains italic, so that the closure is not yet inventoried. The inventory can preferably be made up at any time by marking the name of the closure to be inventoried by tapping on the smartphone (eg causes a blue deposit). Then you tap the closure in question; As a result, its hardware identifier (UID for cards, PHI for closures) is clearly assigned to the name chosen by the administrator. The just illustrated inventory of closures can be done accordingly for ident media, ie, the method in the above-described section is also applicable if the term closure is replaced in ident medium. Preferably, the process of creating and inventorying is repeated until the complete locking system is detected.

Such a locking system can be easily visualized on the display of the smartphone by means of the closures ident media matrix according to the invention (see Fig. 5 ). For example, in Fig. 5 the following is shown: the lock facility name ("Peter's Lockplan"); the locks / locks ("Main Entrance", Door lock No 1, ...), the identification media ("Master Key", Peter Martens, ...), the authorization structure (see below), markings (eg deposit), Programming requirements (lightning symbol), possible time restrictions for ident media (clock symbol). Preferably, this matrix is scrollable by "touch and drag". For example, scrolling to the right or left leaves the locks (in the example above "Peter's Lockplan") and the names of the locks, while the names of the keys follow the movement of the matrix window. For example, scrolling up or down will cause the names of the locks to follow the movement of the matrix window while the lock facility name and the keys' names remain idle. Preferably, the matrix can be wound up so that the input fields can be enlarged in such a way that it is easy to set or remove authorization crosses using a fingertip.

The assignment of access authorizations is preferably done by tapping authorization fields in the matrix. The withdrawal of access authorizations is preferably carried out by tapping again. This usually creates programming needs, which after a "Save to Cloud" (see Fig. 3 ) and automatic download of the programming data (see below) is visualized with programming demand flashes. Programming requirements are preferably displayed both in the affected locks and in the affected ident media.

The matrix according to the invention also allows a clear visualization of programming target and actual states. There are preferably four possibilities for the authorization state, which can be visualized as follows: (i) no cross displayed, ID medium should not be authorized and is not authorized (no programming requirement); (ii) cross in italics or shown in a thin line, identification medium should be authorized if closed, but not yet authorized (program requirement); (iii) cross bold (bold) shown thin, ident medium authorized and is also eligible (no programming needs); (iv) Cross displayed in reverse, identification medium should not be authorized, but is still eligible (programming requirement).

Another advantage of the locking system according to the invention lies in the allocation of device specific properties, i. in the assignment of specific properties for individual closure (s) and / or individual Identmedium / Identmedien. Device specific properties are assigned, for example, by tapping Devices (locks or ID media) twice in the matrix (alternative: long tap). After tapping the name of a device for the first time, this will be e.g. deposited (In this state, which is reached after a single tap, one could inventorize a device that has not yet been inventoried by means of an appendage, see above). If you tap the name of the just-selected device a second time, the following specific properties can preferably be assigned.

For a closure, a dialog window with editable input fields can be opened in which the name of the closure and / or how long the closure should remain open after opening can be entered. If the closure is already inventoried and a "save to cloud" has already taken place, then in addition e.g. a question mark symbol that releases a transparent information field with closing data after clicking.

Similar dialog boxes can be edited for an ident medium, ie, for example, the name of the key ("Name of Key") and / or periods at which the identification medium has access to the key ("Key shall be valid from", "Key shall expire"). ). If the identification medium has already been completely inventoried and the system has determined that it is a smartphone, further input fields may appear which determine how long the identification medium is valid after a download ("Key shall be valid for hours after download of key data ").

The storage of locking system data in the cloud, as well as the passage of key data received from the cloud for smartphones to the OTA key server is preferably carried out after tapping the button "Save to Cloud" in the matrix base view. For example, after tapping "Save to Cloud" in the matrix base view, a dialog box will be displayed showing the process progress with progress bar. In this process, for example, web service-based functionalities can store all administrator-generated locking system data in the SV locker database of the SOHO cloud server. These functionalities form the so-called SIK (Software Integration Kit) interface to already managed locking system data. Conversely, all data can be downloaded from the cloud for a visualization in the matrix after successful login of the admin. In addition, preferably also a service is available, which can determine all programming needs.

After a successful upload of the locking system data ("Save to Cloud"), in turn, programming data records for all locks and identification media are determined or calculated by a central service (record service 102) and then sent back to the admin smartphone and stored there. For example, key data (data for the identification media) for smartphones can also be sent to the OTA key server 103, from where they can always be fetched by the MobileKey users (MobileKey App). This is in the Fig. 1 For example, with the arrow "deposit key data" shown. Alternatively or additionally, the key data may also be sent from the SOHO cloud LSM service 101 directly to the OTA key server 103 (not directly shown in FIG Fig. 1 ).

A central service of the system according to the invention is the SOHO cloud LSM service. This service allows the storage and administration of user data and profiles (admin access data, authorization matrix, etc.) of the SOHO users on a central database server. The central storage of data "in the cloud" makes it easy to manage a SOHO locking system from different devices. Security relevant data such. However, the locking system password, for example, is not stored in the cloud. The SOHO Cloud LSM service is addressed by the Admin app and communicates with the record service.

The invention also includes the exact or exact terms, features, numerical values or ranges, etc. when, above or below, these terms, features, numerical values or ranges are used in conjunction with terms such as, for example. "about, about, essentially, in general, at least, at least", etc., were called (ie, "about 3" should also "3" or "substantially radially" should also include "radial"). The expression "or" means moreover "and / or".

Claims (11)

1. A method for the configuration of a locking system comprising at least one electronic locking (10) and at least one identification medium (11) for operating the locking, wherein the method comprises the following steps:

   a) Providing a smartphone (1) with a software (admin-app) for the configuration of the at least one locking (10) and the at least one identification medium (11) wherein the smartphone may communicate with the locking and the identification medium via wireless (F1, F2);

   b) allocating access rights of the identification medium (11) to the locking (10) via the software of the smartphone (1) and locally storing said allocation of access authorisations in the smartphone;

   c) reading out the identification data which are specific for the locking/identification medium and transmitting said data as well as the access authorisation data from b) to a cloud (100),

   d) generating programming data, preferably encoded programming data, and/or key data in the cloud (100) on the basis of the transmitted allocations;

   e) transmitting the programming data or the encoded programming data and/or key data from the cloud to the smartphone (1); and

   f) transmitting (F1) the key data from the smartphone to the at least one identification medium (11) and/or transmitting (F2) the programming data from the smartphone to the locking.
2. The method according to claim 1, wherein the locking system comprises a plurality of electronic lockings (10) and a plurality of identification media (11).
3. The method according to anyone of claims 1 or 2, wherein

   i) a locking may be a device from the group of: electronic locking cylinder, electronic lock and electronic fitting; and/or

   ii) an identification medium may be a device from the group of: RFID card, key card, smartphone (1) with RFID functionality and transponder.
4. The method according to any one of the preceding claims, wherein the smartphone (1) communicates with the locking (10) and/or the identification medium (11) by means of an adapter (3).
5. The method according to any one of the preceding claims, wherein the allocation of access authorisations from identification media to corresponding lockings may be visualized and configured by means of a locking-identification-media-matrix on the display of the smartphone.
6. The method according to any one of the preceding claims, wherein the cloud (100) provides a dataset service (102) and a cloud-LSM-service (101) wherein the smartphone (1) communicates with the cloud-LSM-service and the cloud-LSM-service communicates with the dataset service, wherein the key data and programming data preferably form part of a dataset which is generated by the dataset service.
7. The method according to any one of the preceding claims, wherein user data are stored or generated on the basis of the allocations by means of the cloud-LSM-service (101).
8. The method according to any one of the preceding claims, wherein the cloud (100) additionally comprises a mobile key server (103) for storing and distributing the key data,

   wherein the key data are used by an identification medium (11, 2) for opening a locking (10), and the mobile key server (103) transmits the key data to a smartphone (2) with a corresponding software (mobile key app).
9. The method according to claim 6, wherein the mobile key server (103) is an OverTheAir mobile key server (103) and the key data are sent wirelessly, preferably via the mobile communications network to a smartphone (2) having a corresponding software (mobile key app).
10. The method according to any one of the preceding claims, wherein between step a) and b) the step

    a1) for inventorying the at least one locking and/or the at least one identification medium is carried out, in which the at least one locking and/or the at least one identification medium is recorded and unambiguously identified and

    in step c) data regarding the recorded lockings and/or identification media are additionally transmitted to the cloud.
11. A locking system comprising:

    a plurality of electronic lockings (10),

    a plurality of identification media (11) for operating the lockings (10);

    a smartphone (1) with a software (admin-app) for the configuration of the lockings (10) and/or the identification media (11), wherein the smartphone is configured, by means of the software, such that access authorisations of the identification media (11) may be allocated to corresponding lockings (10) and said allocations are transmitted to a cloud (100),

    wherein programming data or encoded programming data and/or key data which are generated in the cloud (100) may be received by the smartphone and said encoded data may be transmitted from the smartphone to the lockings and/or identification media.

Images