EP3107073A1 - Invalidation of an electronic key - Google Patents

Invalidation of an electronic key Download PDF

Info

Publication number
EP3107073A1
EP3107073A1 EP15172118.0A EP15172118A EP3107073A1 EP 3107073 A1 EP3107073 A1 EP 3107073A1 EP 15172118 A EP15172118 A EP 15172118A EP 3107073 A1 EP3107073 A1 EP 3107073A1
Authority
EP
European Patent Office
Prior art keywords
invalidation
electronic key
central
command
confirmation message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP15172118.0A
Other languages
German (de)
French (fr)
Other versions
EP3107073B1 (en
Inventor
Stefan STRÖMBERG
Johan Gärde
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Assa Abloy AB
Original Assignee
Assa Abloy AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy AB filed Critical Assa Abloy AB
Priority to EP15172118.0A priority Critical patent/EP3107073B1/en
Priority to PCT/EP2016/063623 priority patent/WO2016202795A1/en
Publication of EP3107073A1 publication Critical patent/EP3107073A1/en
Application granted granted Critical
Publication of EP3107073B1 publication Critical patent/EP3107073B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • G07C2009/00865Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed remotely by wireless communication

Definitions

  • the invention relates to a method, an invalidation device, a computer program and a computer program product for invalidating an electronic key, e.g. when the key has been reported lost.
  • Locks and keys are evolving from the traditional pure mechanical locks. These days, there are wireless interfaces for electronic locks, e.g. by interacting with an electronic key. In some installations, to save power and complexity, the electronic locks are offline without communication ability with a central access control system.
  • a major issue is when an electronic key is lost. In such a case, an attacker should be prevented to gain access to closed spaces by using the lost electronic key.
  • the identity of the electronic key can be added to a black list in the central access control system, and the black list can be sent to the electronic lock. In this way, the electronic lock can block entry for any electronic key on the black list, thus stopping an attacker having found or stolen the lost electronic key.
  • a method for invalidating an electronic key for access to a physical space comprising the steps of: receiving a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discovering a presence of the electronic key over short range radio; and transmitting a local invalidation command to the electronic key.
  • the method may further comprise the steps of: receiving a local confirmation message from the electronic key, the local confirmation message indicating a successful invalidation; and transmitting a central confirmation message to the central server, the central confirmation message indicating a successful invalidation.
  • the central confirmation message may comprise an indicator of a position of the invalidation device.
  • the central invalidation command may comprise a main command and an integrity indicator.
  • the integrity indicator may be derived using the main command and a private electronic key.
  • the step of discovering may comprise discovering the presence of the electronic key using Bluetooth low energy, BLE.
  • the step of receiving a central invalidation command may comprise receiving the central invalidation command over a wide area network.
  • an invalidation device for invalidating an electronic key for access to a physical space.
  • the invalidation device comprises: a processor; and a memory storing instructions that, when executed by the processor, cause the invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key.
  • the invalidation device may further comprise instructions that, when executed by the processor, cause the invalidation device to: receive a local confirmation message from the electronic key, the local confirmation message indicating a successful invalidation; and transmit a central confirmation message to the central server, the central confirmation message indicating a successful invalidation.
  • the central confirmation message may comprise an indicator of a position of the invalidation device.
  • the central invalidation command may comprise a main command and an integrity indicator.
  • the invalidation device may form part of a mobile phone.
  • the invalidation device may be a device dedicated to the purpose of invalidating electronic keys.
  • a computer program for invalidating an electronic key for access to a physical space comprises computer program code which, when run on an invalidation device, causes the invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key.
  • a computer program product comprising a computer program according to the third aspect and a computer readable means on which the computer program is stored.
  • Fig 1 is a schematic diagram showing an environment in which embodiments presented herein can be applied.
  • Access to a physical space 16 is restricted by a physical barrier 15 which is selectively unlockable.
  • the physical barrier 15 stands between the restricted physical space 16 and an accessible physical space 14.
  • the accessible physical space 14 can be a restricted physical space in itself, but in relation to this physical barrier 15, the accessible physical space 14 is accessible.
  • the barrier 15 can be a door, gate, hatch, window, drawer, etc.
  • an access control device 13 is provided in order to unlock the barrier 15, an access control device 13 is provided.
  • the access control device 13 is connected to a physical lock device 12, which is controllable by the access control device 13 to be set in an unlocked state or locked state. In this embodiment, the access control device 13 is mounted close to the physical lock device 12.
  • the barrier 15 is provided in a surrounding fixed structure, such as a wall or fence.
  • the access control device 13 is able to receive and send signals from/to an electronic key 2 over a communication channel 3 which may be a short range wireless interface or a conductive (i.e. galvanic/electric) connection.
  • the electronic key 2 is any suitable device portable by a user and which can be used for authentication over the communication channel 3.
  • the electronic key 2 is typically carried or worn by the user and may be implemented as a physical key, a key fob, wearable device, etc.
  • the short range wireless interface is a radio frequency wireless interface and could e.g. be using Bluetooth, Bluetooth Low Energy (BLE), ZigBee, any of the IEEE 802. 11 standards, any of the IEEE 802.15 standards, wireless USB, etc.
  • BLE Bluetooth Low Energy
  • ZigBee any of the IEEE 802. 11 standards
  • any of the IEEE 802.15 standards wireless USB, etc.
  • the access control device 13 sends an unlock signal to the lock device 12, whereby the lock device 12 is set in an unlocked state.
  • this can e.g. imply a signal over a wire-based communication interface, e.g. using Universal Serial Bus (USB), Ethernet, a serial connection (e.g. RS-485 or RS-232) or even a simple electric connection (e.g. to the lock device 12), or alternatively signal over a wireless communication interface.
  • USB Universal Serial Bus
  • the barrier 15 can be opened and when the lock device 12 is in a locked state, the barrier 15 cannot be opened. In this way, access to a closed space 16 is controlled by the access control device 13.
  • the access control device 13 and/or the lock device 12 can be mounted in the fixed structure 16 by the physical barrier 15 (as shown) or in the physical barrier 15 itself (not shown).
  • the lock device 12 and access control device 13 are combined in one unit.
  • the lock device (optionally combined with the access control device) is in the form of a padlock or any other suitable implementation.
  • the access control device 13 can be implemented as an offline device, without the ability to directly communicate with a central server of an access control system. In this way, the access control device 13 is easier to implement and uses less power. This allows the access control device 13 to be powered for a long time using a battery or by the electronic key. Optionally, energy harvesting of mechanical user actions and/or environmental power (solar power, wind, etc.) can be utilised to prolong the life span of the battery or event to allow the battery to be omitted.
  • FIG 2 is a schematic diagram illustrating a situation where an electronic key is invalidated using an invalidation device.
  • a central server 10 of the access control system is responsible for managing keys and locks.
  • the central server 10 can be accessed by an operator to thereby perform management tasks in the access control system.
  • first invalidation device 1a There is a first invalidation device 1a and a second invalidation device 1b. Each one of the first and second invalidation devices are described in more detail below, and can e.g. be implemented as part of a mobile phone or as a dedicated invalidation device.
  • the invalidation devices 1a-b can communicate with an electronic key for invalidation, as explained below, and optionally also for other purposes.
  • a user has lost an electronic key 2' or has had the electronic key 2' stolen.
  • the electronic key 2' then needs to be invalidated to prevent an attacker from gaining access to closed physical spaces, otherwise accessible using the lost electronic key 2'.
  • the central server 10 is made aware of the lost electronic key 2', e.g. by an operator indicating that the electronic key 2' is lost.
  • the central server 10 then sends a central invalidation command to all relevant invalidation devices 1a-b as explained more below.
  • the second invalidation device 1b is within range 7 to communicate over a short range radio interface 5 with the lost electronic key 2'. This allows the second invalidation device 1b to communicate with the lost electronic key 2'. In this way, the second invalidation device 1b can send a local invalidation command to the electronic key 2'.
  • the range 7 depends on the type of short range radio which can be used and radio conditions in the vicinity of the electronic key 2'.
  • the short range radio interface 5 may be the same as the communication channel 3.
  • the short range radio interface 5 is not the same as the communication channel 3.
  • the short range radio interface 5 may optionally be used for other purposes, e.g. other maintenance purposes for the electronic key 2'.
  • the first invalidation device 1a is outside the range 7 of the lost electronic key 2', whereby it is unable to invalidate the lost electronic key 2'
  • Fig 3 is a sequence diagram illustrating communication for invalidation of an electronic key, e.g. in the environment shown in Fig 2 .
  • the sequence is performed to perform invalidation of an electronic key.
  • the electronic key to be invalidated is referred to as a lost electronic key.
  • there may be other reasons for invalidating the electronic key e.g. the electronic key being stolen or that an employee has ended employment and whose electronic key needs to be invalidated.
  • the central server 10 sends a central invalidation command 30 to all relevant invalidation devices 1.
  • This can e.g. be all possible invalidation devices or only invalidation devices in a specific area, e.g. within a specific range from a last known location of the lost electronic key 2'.
  • An invalidation device 1 detects the presence 31 of the lost electronic key 2' (e.g. as shown for the second invalidation device 1b of Fig 2 ). The invalidation device 1 detects that the identity of the electronic key 2' matches the identity of the central invalidation command 30 and thus proceeds with an invalidation. It is to be noted that when an electronic key is detected which does not have an identity matching any received central invalidation command, the invalidation device 1 does not proceed with the invalidation.
  • the invalidation device 1 transmits a local invalidation command 32 to the lost electronic key 2'.
  • the lost electronic key 2' makes itself invalid.
  • the electronic key 2' verifies the integrity of the invalidation command (as explained below) prior to performing its invalidation procedure.
  • the electronic key 2' sends a local confirmation message 33 to the invalidation device 1.
  • the invalidation device 1 can then send a central confirmation message 34 to the central server 10.
  • the central server 10 can initiate an invalidation using all relevant invalidation devices and can optionally be informed of when the invalidation has been successful.
  • the lost electronic key 2' can be invalidated even though it has no direct communication link with the central server 10.
  • Fig 4 is a flow chart illustrating a method for invalidating an electronic key for access to a physical space. The method is performed in the invalidation device of Figs 2 and 3 . The method corresponds to the actions of the invalidation device 1 in Fig 3 .
  • a central invalidation command is received from the central server.
  • the central invalidation command comprises an identifier of the electronic key to be invalidated, e.g. of a lost electronic key.
  • the central invalidation command can e.g. be received over a wide area network, such as the Internet.
  • the central invalidation command can comprise a main command and an integrity indicator.
  • the integrity can e.g. be derived using the main command and a private electronic key, e.g. using a cryptographic hash function such as SHA-2 (Secure Hash Algorithm 2) or MD-5 (Message Digest algorithm 5).
  • SHA-2 Secure Hash Algorithm 2
  • MD-5 Message Digest algorithm 5
  • a presence of the electronic key to be invalidated is discovered over short range radio. This can e.g. be performed by discovering the presence of the electronic key using BLE. Any other short range radio technology is equally applicable.
  • a local invalidation command is transmitted to the electronic key to be invalidated.
  • the main command and the integrity indicator of the central invalidation command can form part of the local invalidation command. This allows the electronic key to verify the source of the invalidation, i.e. from the central server. In this way, third parties are prevented from invalidating keys.
  • the content of the central invalidation command 30 and the local invalidation command 32 is the same.
  • both can contain an invalidation package which can be encrypted and/or signed for the lost electronic key 2', i.e. using an integrity indicator. This allows the lost electronic key 2' to validate authenticity of the local invalidation command.
  • the locating device 1 routes the invalidation package to the lost key 2' and does not (or cannot) examine the contents of the invalidation package.
  • a local confirmation message is received from the electronic key to be invalidated.
  • the local confirmation message indicates a successful invalidation.
  • a central confirmation message is transmitted to the central server.
  • the central confirmation message indicates a successful invalidation.
  • the central confirmation message comprises an indicator of a position (e.g. in form of a longitude and a latitude) of the invalidation device, e.g. obtained using GPS (Global Positioning System) or any other suitable positioning technology.
  • the central confirmation message can comprise an estimated distance (e.g. in metres) to the electronic key from the position of the invalidation device.
  • the distance can be estimated using any suitable method. For instance, the distance can be estimated by measuring received signal strength (i.e. using a received signal strength indicator) and comparing this to transmission power. More specifically, an indicator of the transmission power which is used can be transmitted as part of the message.
  • the receiver can then compare the received signal strength with the power used to transmit it and can thus estimate the distance based on the attenuation of the signal.
  • two-way ranging can be used, measuring the time it takes to transmit a signal and receive its response, which gives a distance indication when divided by two multiplied by the speed of light. The position and optional estimated distance simplifies the retrieval of the electronic key to be able to reprogram and reuse the lost electronic key.
  • Fig 5 is a schematic diagram showing some components of the invalidation device of Figs 2 and 3 .
  • a processor 60 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), application specific integrated circuit etc., capable of executing software instructions 66 stored in a memory 64, which can thus be a computer program product.
  • the processor 60 can be configured to execute the method described with reference to Fig 4 above.
  • the memory 64 can be any combination of read and write memory (RAM) and read only memory (ROM).
  • the memory 64 also comprises persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • a data memory 66 is also provided for reading and/or storing data during execution of software instructions in the processor 60.
  • the data memory 66 can be any combination of read and write memory (RAM) and read only memory (ROM).
  • the invalidation device 1 further comprises an I/O interface 67 for communicating with other external entities.
  • the I/O interface 67 also includes a user interface.
  • Fig 6 is a schematic diagram illustrating an invalidation device 1 provided as part of a mobile phone 4. In such a case, components of the mobile phone 4 can be utilised also by the invalidation device 1.
  • the invalidation device 1 is a device dedicated to the purpose of invalidating electronic keys.
  • the dedicated invalidation device 1 can be placed in a location where there is a large chance of discovering a lost electronic key.
  • the dedicated invalidation device can be placed by the entrance of a building or by a public transport gateway (e.g. underground turnstiles).
  • the dedicated invalidation device 1 does not need to be portable and can thus be connected to a power socket and wireless and/or wire based communication links for communication with the central server. In this way, the dedicated invalidation device 1 can be continuously active.
  • Fig 7 shows one example of a computer program product comprising computer readable means.
  • a computer program 91 can be stored, which computer program can cause a processor to execute a method according to embodiments described herein.
  • the computer program product is an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc.
  • the computer program product could also be embodied in a memory of a device, such as the computer program product 64 of Fig 5 .
  • the computer program 91 is here schematically shown as a track on the depicted optical disk, the computer program can be stored in any way which is suitable for the computer program product, such as a removable solid state memory, e.g. a Universal Serial Bus (USB) drive.
  • USB Universal Serial Bus

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

It is provided a method for invalidating an electronic key for access to a physical space. The method is performed in an invalidation device and comprises the steps of: receiving a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discovering a presence of the electronic key over short range radio; and transmitting a local invalidation command to the electronic key.

Description

    TECHNICAL FIELD
  • The invention relates to a method, an invalidation device, a computer program and a computer program product for invalidating an electronic key, e.g. when the key has been reported lost.
    • BACKGROUND
  • Locks and keys are evolving from the traditional pure mechanical locks. These days, there are wireless interfaces for electronic locks, e.g. by interacting with an electronic key. In some installations, to save power and complexity, the electronic locks are offline without communication ability with a central access control system.
  • A major issue is when an electronic key is lost. In such a case, an attacker should be prevented to gain access to closed spaces by using the lost electronic key. When the electronic lock is online, the identity of the electronic key can be added to a black list in the central access control system, and the black list can be sent to the electronic lock. In this way, the electronic lock can block entry for any electronic key on the black list, thus stopping an attacker having found or stolen the lost electronic key.
  • However, when the electronic lock is offline, there is no natural way to send a black list to the electronic lock.
    • SUMMARY
  • It is an object to provide a way to invalidate an electronic key which lacks ability to directly communicate with a central server.
  • According to a first aspect, it is provided a method for invalidating an electronic key for access to a physical space. The method is performed in an invalidation device and comprises the steps of: receiving a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discovering a presence of the electronic key over short range radio; and transmitting a local invalidation command to the electronic key.
  • The method may further comprise the steps of: receiving a local confirmation message from the electronic key, the local confirmation message indicating a successful invalidation; and transmitting a central confirmation message to the central server, the central confirmation message indicating a successful invalidation.
  • The central confirmation message may comprise an indicator of a position of the invalidation device.
  • The central invalidation command may comprise a main command and an integrity indicator.
  • The integrity indicator may be derived using the main command and a private electronic key.
  • The step of discovering may comprise discovering the presence of the electronic key using Bluetooth low energy, BLE.
  • The step of receiving a central invalidation command may comprise receiving the central invalidation command over a wide area network.
  • According to a second aspect, it is provided an invalidation device for invalidating an electronic key for access to a physical space. The invalidation device comprises: a processor; and a memory storing instructions that, when executed by the processor, cause the invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key.
  • The invalidation device may further comprise instructions that, when executed by the processor, cause the invalidation device to: receive a local confirmation message from the electronic key, the local confirmation message indicating a successful invalidation; and transmit a central confirmation message to the central server, the central confirmation message indicating a successful invalidation.
  • The central confirmation message may comprise an indicator of a position of the invalidation device.
  • The central invalidation command may comprise a main command and an integrity indicator.
  • The invalidation device may form part of a mobile phone.
  • The invalidation device may be a device dedicated to the purpose of invalidating electronic keys.
  • According to a third aspect, it is provided a computer program for invalidating an electronic key for access to a physical space. The computer program comprises computer program code which, when run on an invalidation device, causes the invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key.
  • According to a fourth aspect, it is provided a computer program product comprising a computer program according to the third aspect and a computer readable means on which the computer program is stored.
  • Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the element, apparatus, component, means, step, etc." are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The invention is now described, by way of example, with reference to the accompanying drawings, in which:
    • Fig 1 is a schematic diagram showing an environment in which embodiments presented herein can be applied;
    • Fig 2 is a schematic diagram illustrating a situation where a lost electronic key is invalidated using an invalidation device;
    • Fig 3 is a sequence diagram illustrating communication for invalidation of an electronic key;
    • Fig 4 is a flow chart illustrating a method for invalidating an electronic key, performed in the invalidation device of Figs 2 and 3;
    • Fig 5 is a schematic diagram illustrating some components of an invalidation device according to Figs 2 and 3;
    • Fig 6 is a schematic diagram illustrating an invalidation device provided as part of a mobile phone; and
    • Fig 7 shows one example of a computer program product comprising computer readable means.
    DETAILED DESCRIPTION
  • The invention will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout the description.
  • Fig 1 is a schematic diagram showing an environment in which embodiments presented herein can be applied. Access to a physical space 16 is restricted by a physical barrier 15 which is selectively unlockable. The physical barrier 15 stands between the restricted physical space 16 and an accessible physical space 14. Note that the accessible physical space 14 can be a restricted physical space in itself, but in relation to this physical barrier 15, the accessible physical space 14 is accessible. The barrier 15 can be a door, gate, hatch, window, drawer, etc. In order to unlock the barrier 15, an access control device 13 is provided. The access control device 13 is connected to a physical lock device 12, which is controllable by the access control device 13 to be set in an unlocked state or locked state. In this embodiment, the access control device 13 is mounted close to the physical lock device 12. The barrier 15 is provided in a surrounding fixed structure, such as a wall or fence.
  • The access control device 13 is able to receive and send signals from/to an electronic key 2 over a communication channel 3 which may be a short range wireless interface or a conductive (i.e. galvanic/electric) connection. The electronic key 2 is any suitable device portable by a user and which can be used for authentication over the communication channel 3. The electronic key 2 is typically carried or worn by the user and may be implemented as a physical key, a key fob, wearable device, etc. The short range wireless interface is a radio frequency wireless interface and could e.g. be using Bluetooth, Bluetooth Low Energy (BLE), ZigBee, any of the IEEE 802. 11 standards, any of the IEEE 802.15 standards, wireless USB, etc. Using the communication channel 3, the authenticity of the electronic key 2 can be checked, e.g. using a challenge and response scheme, after which the access control device 13 grants or denies access.
  • When access is granted, the access control device 13 sends an unlock signal to the lock device 12, whereby the lock device 12 is set in an unlocked state. In this embodiment, this can e.g. imply a signal over a wire-based communication interface, e.g. using Universal Serial Bus (USB), Ethernet, a serial connection (e.g. RS-485 or RS-232) or even a simple electric connection (e.g. to the lock device 12), or alternatively signal over a wireless communication interface. When the lock device 12 is in an unlocked state, the barrier 15 can be opened and when the lock device 12 is in a locked state, the barrier 15 cannot be opened. In this way, access to a closed space 16 is controlled by the access control device 13. It is to be noted that the access control device 13 and/or the lock device 12 can be mounted in the fixed structure 16 by the physical barrier 15 (as shown) or in the physical barrier 15 itself (not shown). Optionally, the lock device 12 and access control device 13 are combined in one unit. In one embodiment, the lock device (optionally combined with the access control device) is in the form of a padlock or any other suitable implementation.
  • The access control device 13 can be implemented as an offline device, without the ability to directly communicate with a central server of an access control system. In this way, the access control device 13 is easier to implement and uses less power. This allows the access control device 13 to be powered for a long time using a battery or by the electronic key. Optionally, energy harvesting of mechanical user actions and/or environmental power (solar power, wind, etc.) can be utilised to prolong the life span of the battery or event to allow the battery to be omitted.
  • Fig 2 is a schematic diagram illustrating a situation where an electronic key is invalidated using an invalidation device. A central server 10 of the access control system is responsible for managing keys and locks. The central server 10 can be accessed by an operator to thereby perform management tasks in the access control system.
  • There is a first invalidation device 1a and a second invalidation device 1b. Each one of the first and second invalidation devices are described in more detail below, and can e.g. be implemented as part of a mobile phone or as a dedicated invalidation device. The invalidation devices 1a-b can communicate with an electronic key for invalidation, as explained below, and optionally also for other purposes.
  • In this example, a user has lost an electronic key 2' or has had the electronic key 2' stolen. The electronic key 2' then needs to be invalidated to prevent an attacker from gaining access to closed physical spaces, otherwise accessible using the lost electronic key 2'. The central server 10 is made aware of the lost electronic key 2', e.g. by an operator indicating that the electronic key 2' is lost. The central server 10 then sends a central invalidation command to all relevant invalidation devices 1a-b as explained more below.
  • The second invalidation device 1b is within range 7 to communicate over a short range radio interface 5 with the lost electronic key 2'. This allows the second invalidation device 1b to communicate with the lost electronic key 2'. In this way, the second invalidation device 1b can send a local invalidation command to the electronic key 2'. The range 7 depends on the type of short range radio which can be used and radio conditions in the vicinity of the electronic key 2'. When communication channel 3 of Fig 1 is wireless, the short range radio interface 5 may be the same as the communication channel 3. However, when the communication channel 3 of Fig 1 is based on a conductive connection, the short range radio interface 5 is not the same as the communication channel 3. The short range radio interface 5 may optionally be used for other purposes, e.g. other maintenance purposes for the electronic key 2'.
  • It is to be noted that the first invalidation device 1a is outside the range 7 of the lost electronic key 2', whereby it is unable to invalidate the lost electronic key 2'
  • Fig 3 is a sequence diagram illustrating communication for invalidation of an electronic key, e.g. in the environment shown in Fig 2. The sequence is performed to perform invalidation of an electronic key. Hereinafter, the electronic key to be invalidated is referred to as a lost electronic key. However, there may be other reasons for invalidating the electronic key, e.g. the electronic key being stolen or that an employee has ended employment and whose electronic key needs to be invalidated.
  • Once the central server 10 is made aware of the lost key, the central server 10 sends a central invalidation command 30 to all relevant invalidation devices 1. This can e.g. be all possible invalidation devices or only invalidation devices in a specific area, e.g. within a specific range from a last known location of the lost electronic key 2'.
  • An invalidation device 1 detects the presence 31 of the lost electronic key 2' (e.g. as shown for the second invalidation device 1b of Fig 2). The invalidation device 1 detects that the identity of the electronic key 2' matches the identity of the central invalidation command 30 and thus proceeds with an invalidation. It is to be noted that when an electronic key is detected which does not have an identity matching any received central invalidation command, the invalidation device 1 does not proceed with the invalidation.
  • Once the match is confirmed between the lost electronic key 2' and the central invalidation command 30, the invalidation device 1 transmits a local invalidation command 32 to the lost electronic key 2'. Upon receipt of the local invalidation command 32, the lost electronic key 2' makes itself invalid. Optionally, the electronic key 2' verifies the integrity of the invalidation command (as explained below) prior to performing its invalidation procedure. Optionally, the electronic key 2' sends a local confirmation message 33 to the invalidation device 1. The invalidation device 1 can then send a central confirmation message 34 to the central server 10.
  • In this way, the central server 10 can initiate an invalidation using all relevant invalidation devices and can optionally be informed of when the invalidation has been successful. Using this method, the lost electronic key 2' can be invalidated even though it has no direct communication link with the central server 10.
  • Fig 4 is a flow chart illustrating a method for invalidating an electronic key for access to a physical space. The method is performed in the invalidation device of Figs 2 and 3. The method corresponds to the actions of the invalidation device 1 in Fig 3.
  • In a receive central invalidation command step 40, a central invalidation command is received from the central server. The central invalidation command comprises an identifier of the electronic key to be invalidated, e.g. of a lost electronic key. The central invalidation command can e.g. be received over a wide area network, such as the Internet.
  • Furthermore, the central invalidation command can comprise a main command and an integrity indicator. The integrity can e.g. be derived using the main command and a private electronic key, e.g. using a cryptographic hash function such as SHA-2 (Secure Hash Algorithm 2) or MD-5 (Message Digest algorithm 5).
  • In a discover presence step 42, a presence of the electronic key to be invalidated is discovered over short range radio. This can e.g. be performed by discovering the presence of the electronic key using BLE. Any other short range radio technology is equally applicable.
  • In a transmit local invalidation command step 44, a local invalidation command is transmitted to the electronic key to be invalidated. The main command and the integrity indicator of the central invalidation command can form part of the local invalidation command. This allows the electronic key to verify the source of the invalidation, i.e. from the central server. In this way, third parties are prevented from invalidating keys.
  • Optionally, the content of the central invalidation command 30 and the local invalidation command 32 is the same. For instance, both can contain an invalidation package which can be encrypted and/or signed for the lost electronic key 2', i.e. using an integrity indicator. This allows the lost electronic key 2' to validate authenticity of the local invalidation command. In such a case, the locating device 1 routes the invalidation package to the lost key 2' and does not (or cannot) examine the contents of the invalidation package.
  • In a receive local confirmation message step 46, a local confirmation message is received from the electronic key to be invalidated. The local confirmation message indicates a successful invalidation.
  • In a transmit central confirmation message step 48, a central confirmation message is transmitted to the central server. The central confirmation message indicates a successful invalidation. Optionally, the central confirmation message comprises an indicator of a position (e.g. in form of a longitude and a latitude) of the invalidation device, e.g. obtained using GPS (Global Positioning System) or any other suitable positioning technology. Also, the central confirmation message can comprise an estimated distance (e.g. in metres) to the electronic key from the position of the invalidation device. The distance can be estimated using any suitable method. For instance, the distance can be estimated by measuring received signal strength (i.e. using a received signal strength indicator) and comparing this to transmission power. More specifically, an indicator of the transmission power which is used can be transmitted as part of the message. The receiver can then compare the received signal strength with the power used to transmit it and can thus estimate the distance based on the attenuation of the signal. Alternatively, two-way ranging can be used, measuring the time it takes to transmit a signal and receive its response, which gives a distance indication when divided by two multiplied by the speed of light. The position and optional estimated distance simplifies the retrieval of the electronic key to be able to reprogram and reuse the lost electronic key.
  • Fig 5 is a schematic diagram showing some components of the invalidation device of Figs 2 and 3. A processor 60 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), application specific integrated circuit etc., capable of executing software instructions 66 stored in a memory 64, which can thus be a computer program product. The processor 60 can be configured to execute the method described with reference to Fig 4 above.
  • The memory 64 can be any combination of read and write memory (RAM) and read only memory (ROM). The memory 64 also comprises persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • A data memory 66 is also provided for reading and/or storing data during execution of software instructions in the processor 60. The data memory 66 can be any combination of read and write memory (RAM) and read only memory (ROM).
  • The invalidation device 1 further comprises an I/O interface 67 for communicating with other external entities. Optionally, the I/O interface 67 also includes a user interface.
  • Other components of the invalidation device 1 are omitted in order not to obscure the concepts presented herein.
  • Fig 6 is a schematic diagram illustrating an invalidation device 1 provided as part of a mobile phone 4. In such a case, components of the mobile phone 4 can be utilised also by the invalidation device 1.
  • In another embodiment, the invalidation device 1 is a device dedicated to the purpose of invalidating electronic keys. In such a case, the dedicated invalidation device 1 can be placed in a location where there is a large chance of discovering a lost electronic key. For instance, the dedicated invalidation device can be placed by the entrance of a building or by a public transport gateway (e.g. underground turnstiles). The dedicated invalidation device 1 does not need to be portable and can thus be connected to a power socket and wireless and/or wire based communication links for communication with the central server. In this way, the dedicated invalidation device 1 can be continuously active.
  • Fig 7 shows one example of a computer program product comprising computer readable means. On this computer readable means a computer program 91 can be stored, which computer program can cause a processor to execute a method according to embodiments described herein. In this example, the computer program product is an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc. As explained above, the computer program product could also be embodied in a memory of a device, such as the computer program product 64 of Fig 5. While the computer program 91 is here schematically shown as a track on the depicted optical disk, the computer program can be stored in any way which is suitable for the computer program product, such as a removable solid state memory, e.g. a Universal Serial Bus (USB) drive.
  • The invention has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims.

Claims (15)

  1. A method for invalidating an electronic key (2') for access to a physical space (16), the method being performed in an invalidation device (1, 1a, 1b) and comprising the steps of:
    receiving (40) a central invalidation command (30) from a central server (10), the central invalidation command (30) comprising an identifier of an electronic key (2');
    discovering (42) a presence of the electronic key (2') over short range radio; and
    transmitting (44) a local invalidation command (32) to the electronic key.
  2. The method according to claim 1, further comprising the steps of:
    receiving (46) a local confirmation message (33) from the electronic key (2'), the local confirmation message (33) indicating a successful invalidation; and
    transmitting (48) a central confirmation message (34) to the central server, the central confirmation message (34) indicating a successful invalidation.
  3. The method according to claim 2, wherein the central confirmation message (34) comprises an indicator of a position of the invalidation device (1, 1a, 1b).
  4. The method according to any one of the preceding claims, wherein the central invalidation command (30) comprises a main command and an integrity indicator.
  5. The method according to claim 4, wherein the integrity indicator is derived using the main command and a private electronic key.
  6. The method according to any one of the preceding claims, wherein the step of discovering (42) comprises discovering the presence of the electronic key (2') using Bluetooth low energy, BLE.
  7. The method according to any one of the preceding claims, wherein the step of receiving (40) a central invalidation command comprises receiving the central invalidation command over a wide area network.
  8. An invalidation device (1, 1a, 1b) for invalidating an electronic key for access to a physical space (16), the invalidation device (1, 1a, 1b) comprising:
    a processor (60); and
    a memory (64) storing instructions (66) that, when executed by the processor, cause the invalidation device (1, 1a, 1b) to:
    receive a central invalidation command from a central server (10), the central invalidation command (30) comprising an identifier of an electronic key (2');
    discover a presence of the electronic key (2') over short range radio; and
    transmit a local invalidation command (31) to the electronic key.
  9. The invalidation device (1, 1a, 1b) according to claim 8, further comprising instructions (66) that, when executed by the processor, cause the invalidation device (1, 1a, 1b) to:
    receive a local confirmation message (33) from the electronic key (2'), the local confirmation message (33) indicating a successful invalidation; and
    transmit a central confirmation message (34) to the central server, the central confirmation message (34) indicating a successful invalidation.
  10. The invalidation device (1, 1a, 1b) according to claim 9, wherein the central confirmation message (34) comprises an indicator of a position of the invalidation device (1, 1a, 1b).
  11. The invalidation device (1, 1a, 1b) according to claim 9 or 10, wherein the central invalidation command (30) comprises a main command and an integrity indicator.
  12. The invalidation device (1, 1a, 1b) according to any one of claims 9 to 11, wherein the invalidation device forms part of a mobile phone.
  13. The invalidation device (1, 1a, 1b) according to any one of claims 9 to 11, wherein the invalidation device is a device dedicated to the purpose of invalidating electronic keys.
  14. A computer program (90) for invalidating an electronic key for access to a physical space (16), the computer program comprising computer program code which, when run on an invalidation device (1, 1a, 1b), causes the invalidation device (1, 1a, 1b) to:
    receive a central invalidation command from a central server (10), the central invalidation command (30) comprising an identifier of an electronic key (2');
    discover a presence of the electronic key (2') over short range radio; and
    transmit a local invalidation command (31) to the electronic key.
  15. A computer program product (91) comprising a computer program according to claim 14 and a computer readable means on which the computer program is stored.
EP15172118.0A 2015-06-15 2015-06-15 Invalidation of an electronic key Active EP3107073B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP15172118.0A EP3107073B1 (en) 2015-06-15 2015-06-15 Invalidation of an electronic key
PCT/EP2016/063623 WO2016202795A1 (en) 2015-06-15 2016-06-14 Invalidation of an electronic key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP15172118.0A EP3107073B1 (en) 2015-06-15 2015-06-15 Invalidation of an electronic key

Publications (2)

Publication Number Publication Date
EP3107073A1 true EP3107073A1 (en) 2016-12-21
EP3107073B1 EP3107073B1 (en) 2019-09-18

Family

ID=53404401

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15172118.0A Active EP3107073B1 (en) 2015-06-15 2015-06-15 Invalidation of an electronic key

Country Status (2)

Country Link
EP (1) EP3107073B1 (en)
WO (1) WO2016202795A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020079500A1 (en) 2018-10-16 2020-04-23 Edst, Llc Smart thermostat hub

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114882615B (en) * 2021-01-22 2023-09-22 博泰车联网科技(上海)股份有限公司 Vehicle starting method and device, electronic equipment and medium
CN113688380B (en) * 2021-10-26 2022-02-18 苏州浪潮智能科技有限公司 Password protection method, device and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1564691A2 (en) * 2004-02-16 2005-08-17 Kabushiki Kaisha Tokai Rika Denki Seisakusho Security control system
EP1568834A1 (en) * 2002-12-04 2005-08-31 Kabushiki Kaisha Toshiba Keyless entry system and keyless entry method
EP2207146A2 (en) * 2007-10-03 2010-07-14 Talleres De Escoriaza, S.A. Programmable electronic access control system
US20110140838A1 (en) * 2004-02-05 2011-06-16 Salto Systems, S.L. Access control system
EP2821970A1 (en) * 2013-07-05 2015-01-07 Assa Abloy Ab Access control communication device, method, computer program and computer program product

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1568834A1 (en) * 2002-12-04 2005-08-31 Kabushiki Kaisha Toshiba Keyless entry system and keyless entry method
US20110140838A1 (en) * 2004-02-05 2011-06-16 Salto Systems, S.L. Access control system
EP1564691A2 (en) * 2004-02-16 2005-08-17 Kabushiki Kaisha Tokai Rika Denki Seisakusho Security control system
EP2207146A2 (en) * 2007-10-03 2010-07-14 Talleres De Escoriaza, S.A. Programmable electronic access control system
EP2821970A1 (en) * 2013-07-05 2015-01-07 Assa Abloy Ab Access control communication device, method, computer program and computer program product

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020079500A1 (en) 2018-10-16 2020-04-23 Edst, Llc Smart thermostat hub
EP3867709A4 (en) * 2018-10-16 2021-12-15 Edst, Llc Smart thermostat hub
US11532189B2 (en) 2018-10-16 2022-12-20 Edst, Llc Smart thermostat hub
US11538295B2 (en) 2018-10-16 2022-12-27 Edst, Llc Smart thermostat hub
US11538294B2 (en) 2018-10-16 2022-12-27 Edst, Llc Smart thermostat hub
US11538296B2 (en) 2018-10-16 2022-12-27 Edst, Llc Smart thermostat hub
US11562607B2 (en) 2018-10-16 2023-01-24 Edst, Llc Smart thermostat hub
EP4319114A3 (en) * 2018-10-16 2024-04-10 Edst, Llc Smart thermostat hub

Also Published As

Publication number Publication date
EP3107073B1 (en) 2019-09-18
WO2016202795A1 (en) 2016-12-22

Similar Documents

Publication Publication Date Title
EP3107072B1 (en) Locating an electronic key
KR102669171B1 (en) Physical access control systems using geolocation-based intent detection
AU2016280664B2 (en) Credential cache
US20210319639A1 (en) System and method for managing electronic locks
US20170352207A1 (en) Authentication of a user for access to a physical space
US9747737B2 (en) Systems and methods for locking device management including time delay policies using random time delays
JP2011511350A (en) Access control management method and apparatus
US10911224B1 (en) Secure network-enabled lock
US10984620B2 (en) Access control device, access control system and access control method using the same
EP3107073B1 (en) Invalidation of an electronic key
EP3951727A1 (en) Mobile digital locking technology
JP2021156162A (en) Key system
JP4665649B2 (en) Lock control device and program
US20170164142A1 (en) A trusted geolocation beacon and a method for operating a trusted geolocation beacon
EP3754137A1 (en) Bolt identity
US11868917B1 (en) Sensor-based door lock confidence
WO2021052943A1 (en) Evaluating access to a physical space
WO2023094260A1 (en) Battery-powered gateway for enabling location-based access control by an access control server

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20170620

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20190426

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602015038113

Country of ref document: DE

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1182216

Country of ref document: AT

Kind code of ref document: T

Effective date: 20191015

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: NL

Ref legal event code: FP

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191218

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191218

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191219

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1182216

Country of ref document: AT

Kind code of ref document: T

Effective date: 20190918

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200120

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200224

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602015038113

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG2D Information on lapse in contracting state deleted

Ref country code: IS

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200119

26N No opposition filed

Effective date: 20200619

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200615

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20200630

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200630

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200630

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200630

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200615

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200630

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190918

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230530

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20230510

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20230511

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20240515

Year of fee payment: 10