EP3358534A1 - Délégation de droits d'accès - Google Patents

Délégation de droits d'accès Download PDF

Info

Publication number
EP3358534A1
EP3358534A1 EP17154714.4A EP17154714A EP3358534A1 EP 3358534 A1 EP3358534 A1 EP 3358534A1 EP 17154714 A EP17154714 A EP 17154714A EP 3358534 A1 EP3358534 A1 EP 3358534A1
Authority
EP
European Patent Office
Prior art keywords
access
data carrier
rights
access rights
based resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP17154714.4A
Other languages
German (de)
English (en)
Inventor
Gero FIEGE
Alexander FANARJI
Martin Wolf
Dieter Schwarz
Ivan KRAVCHENKO
Stephan GIERNICH
Werner Hirtsiefer
Andreas Schmidt
Simone ESCH
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dormakaba Deutschland GmbH
Original Assignee
Dormakaba Deutschland GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dormakaba Deutschland GmbH filed Critical Dormakaba Deutschland GmbH
Priority to EP17154714.4A priority Critical patent/EP3358534A1/fr
Publication of EP3358534A1 publication Critical patent/EP3358534A1/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/04Access control involving a hierarchy in access rights

Definitions

  • the present invention is related to the field of access control systems for controlling access to one or more specific areas in a building.
  • EAC systems electronic access control systems are often used to control access to certain areas or physical spaces within the building.
  • These electronic access control systems (which will be also referred to in the following as EAC systems) usually comprise a door lock that gives access to that specific physical space of the building; a user who wants to access this space is in possession of some sort of mobile data carrier with an identification code stored therein.
  • the identification code is read by the reader, and if the read identification code is valid, then access to the space secured by the door lock is given to the holder of the mobile data carrier.
  • the identification code stored in the mobile data carrier which upon being determined as valid gives access to the physical space is provided by a control access server.
  • this access control server is the element of the EAC system in charge of establishing these identification codes when setting up the EAC system; the access control server then provides these identification codes to the mobile data carrier and to the door lock.
  • Different identification codes are usually given to every user of the EAC system who requests access that specific space.
  • Each identification code may be valid to gain access to a single space within the building, or it may provide access to several spaces or areas within the building (their office or the cafeteria in a business building), but not to others (the servers area in the IT department or the safe deposit room in the account department).
  • the identification code may be valid any time, or its validity may be temporarily restricted (so that an employee has access on weekdays and at certain time slots, but not during the weekend).
  • the invention provides an access control system for delegating access rights to non-users of the system in a flexible and simple manner.
  • access control system of the present invention it is possible to provide access rights to a user so that this user can access specific spaces within the system.
  • These access rights can be provided so as to access one or more access-based resources within the access control system.
  • these access rights can be time-limited or not, depending on what the previously-registered user of the access control system decides to do.
  • an access control system for a physical space within a building comprising:
  • the access control server upon receiving a request of delegation of access rights from the first data carrier, is configured to define access rights for a second data carrier, so that access to the physical space can be granted to the second data carrier upon the access-based resource validating the access rights of the second data carrier, the request of delegation of access rights from the first data carrier comprising data related to the second data carrier or related to a user of the second data carrier.
  • the access control server is usually a remote access control server managing several access-based resources located within the same building or in different buildings.
  • the access control server is preferably cloud-based, and communication between the access control server with the other elements is carried out via a wireless communication network.
  • the access control server is not remotely located from the access-based resources it controls, and the communication network may be wired.
  • the access control system comprises an access-based resource, and in some embodiments it comprises several access-based resources managed by the same access control server or by several access control servers.
  • the access-based resource has communication capabilities to communicate with the access control server and with the first data carrier. The capability of the access-based resource to communicate with the data carrier(s) is ensured at the production process by adding a secret for decrypting the communication with the data carrier, including the encrypted access rights.
  • the access-based resource is an electronic or intelligent lock mounted in a door (or similar) which gives access to the physical space in the building.
  • the electronic lock usually comprises a reader which is able to read access rights stored in the first data carrier; it is also possible that the reader is implemented as an element physically separate of the electronic lock.
  • the access-based resource is configured to grant access to the physical space upon reading and validating access rights presented to it by the first data carrier.
  • the first data carrier (preferably a mobile data carrier) can be any mobile device or portable electronic device that has processing and communication capabilities, so as to process signals and exchange information with other elements, such as the access control server and the access-based resource.
  • Communication between the first data carrier and the access-based resource is preferably done via a short-range communication channel (infrared, NFC, Bluetooth® or BLE, WiFi, etc).
  • Communication between the first data carrier and the access control server is preferably done using any telecommunications network (3G, LTE, etc).
  • this first data carrier comprises memory means for storing access rights, which are readable by the access-based resource. These access rights include preferably encrypted data, more preferably in binary form.
  • the first data carrier may just serve as carrier and storing means for the access rights; the first data carrier does not need to be able to process or understand these access rights; the access-based resource is able to read and process these preferably encrypted access rights; obviously, the access control server is also able to process these access rights.
  • the memory means of the first data carrier also store user rights, which enable a user of the first data carrier to access the access control server; these user rights also enable the user of the first data carrier to delegate access rights to other users.
  • the user of the first data carrier may use their user rights to request of delegation of their access rights to a second data carrier;
  • the request of delegation of access rights comprises data related to the second data carrier (IMSI, MSISDN, or any other set of data that uniquely identifies a mobile device) or data related to a user of the second data carrier (such as an email address or a username or a social network identity of the user, reachable from the second data carrier).
  • the access control server is configured to define access rights for a second data carrier.
  • the access control server is configured to send the access rights of the second data carrier directly to the second data carrier, preferably via means of an encrypted data package. It could also be possible that the access control server is configured to send the access rights of the second data carrier to the first data carrier or another intermediate data carrier in the system, which in turn is configured to send them to the second data carrier.
  • access to the physical space secured by the access-based resource is granted upon validation of the access rights stored in the first data carrier or in the second data carrier.
  • Validation of the access rights is preferably done at the access-based resource; this validation is preferably carried out offline, without establishing any communication with the access control server at the time of validation, thereby saving resources from the access-based resource.
  • Validation of the access rights could also be done at the access control server.
  • the access control system further comprises one or more traffic point terminals, which are usually located close to the access-based resource(s), and validation is carried out by these terminals. Regardless of who carries out the validation of the access rights (the access-based resource, the access control server or the traffic point terminals), the access-based resource, upon validation of the access rights of the first data carrier or of the second data carrier, is configured to give access to the physical space in the building.
  • the user of the first data carrier who is a user previously registered in the system and has user rights, may decide to provide access rights to one or more access-based resources within the access control system.
  • the access rights provided to the second data carrier are equivalent to the access rights stored in the first data carrier That is, it is possible that the user of the second data carrier is provided with equivalent access rights as the user of the first data carrier has in the system (they are equivalent but not actually the same, since their encryption is not necessarily equal); this solution may prove helpful if the user of the first data carrier (the "delegating user”) completely trusts the user of the second data carrier (the “delegated user”) and wants to grant "total” access rights (timewise and regarding the access-based resources) to this delegated user in a simple and rapid fashion.
  • These access rights can be time-limited or not, depending on what the user of the first data carrier wishes to establish for the user of the second data carrier. In case the access rights are provided to the second data carrier for a predetermined period of time, these access rights will advantageously expire by themselves, offline; that is, there is no need for the user of the first data carrier to connect to the access control server to remove the delegated access rights.
  • Another aspect of the invention refers to a method for delegating access rights for accessing a physical space within a building, the method comprising:
  • Validation of the access rights of the second data carrier is preferably carried out by the access-based resource, not requiring communication with the access control server at the time of validation.
  • the method further comprises the access control server sending the defined access rights for the second data carrier directly to the second data carrier; since the access rights are generated and defined by the access control server, from a security point of view it is preferred are directly sent to the second data carrier in an encrypted data package.
  • the method Prior to sending the access rights of the second data carrier, either directly to the second data carrier, or via another element (such as the first data carrier), the method further comprises encrypting the access rights, preferably in binary form. Any access rights defined by the access control server are preferably encapsulated in an encrypted data package, and are then provided to the first data carrier, when the EAC system is set up, and to other data carriers upon request.
  • the method further comprises sending additional data to the second data carrier, the additional data being related to the access-based resource and/or being related to a user of the access-based resource.
  • additional data may comprise geographical and/or geolocation data to facilitate the user of the second data carrier to reach the access-based resource.
  • additional data may be sent to the second data carrier together with the access rights of the second data carrier using a same communications channel, preferably wirelessly.
  • the additional data need not be encrypted, just the access rights are preferably encrypted.
  • the method comprises further sending to the second data carrier a one-time access to the access control server, which may be in the form of a link to the access control server.
  • a one-time access to the access control server, which may be in the form of a link to the access control server.
  • this one-time access allows to the second data carrier to access the server and download the additional data.
  • the method prior to granting access to the physical space by the access-based resource, the method further comprises validating code provided by the first data carrier or by the second data carrier.
  • This code to be provided by the first or the second data carriers usually upon request to carry out some action with the data carrier, may be gesture-based code (such as a shaking gesture with the first or the second data carrier), or it may be a PIN code or similar, previously introduced in the first or the second data carrier.
  • This additional step of validating code at the user side, not just at the access control server side enhances the security in case the first and/or the second data carrier(s) are lost by their authentic user(s).
  • the access-based resource grants access to the physical space upon validation of the access rights preferably at the remote control server.
  • the method further comprises establishing a short-range communications channel between the access-based resource and the first data carrier, this short-range communications channel allowing the first data carrier to carry out one or more of the following actions:
  • this short-range communications channel preferably a Bluetooth Low Energy channel
  • this short-range communications channel provides numerous end-user oriented features, which were previously not possible for the user of the first data carrier.
  • the user of the first data carrier may block the access-based resource from their first data carrier, so that the access-based resource cannot be opened from any data carrier, regardless of the access control server. Also, it is possible to establish that the access-based resource is openable by certain data carriers, established by the user of the first data carrier.
  • Another aspect of the invention refers to an access control server for a physical space within a building, the access control server comprising:
  • the access control server of the invention may in some embodiments be in charge of validating the access rights, for which purpose it further comprises validation means.
  • the access control server comprises means for sending the access rights defined for the second data carrier directly to the second data carrier, preferably by means of an encrypted data package.
  • the access control server also preferably comprises encrypting means for encrypting the access rights defined for the second data carrier; in such case, the access-based resource is capable of reading the encrypted access rights.
  • This invention provides a flexible and simple solution to the problem previously posed in the background section with an access control system for delegating access rights to third party users.
  • the example described in the following corresponds to a parcel delivery service, where a customer of the service and owner of a house wishes to grant temporary access to this house to a parcel courier.
  • the access control system provided by the present disclosure is also applicable to and useful in other services such as nursing services or building management (for managing access to doors, locker facilities and IT communications cabinets), where a flexible and efficient key management systems is required.
  • data processing units are assumed to include standardized cryptography modules and algorithms.
  • Figure 1 shows the main elements of the access control system 100 of the invention, and how they are interrelated.
  • This electronic lock 10 is burglar-proof, for example, an XS-Pro cylinder with a Legic® reader, complemented with Bluetooth or BLE functionality.
  • Mr. Smith also has a mobile smartphone 20, where he can download an application (an Android or iOS App) associated with the access control system 100 and therefore become a user of the system by registering (with his mobile phone number and/or email address) and getting one or more administrator usernames and passwords.
  • an application an Android or iOS App
  • the house holder acquires user rights for accessing an access control server 30 and for setting access rights to the electronic lock 10. It is also possible to become a user of the system via the corresponding webpage.
  • the access control server 30 provides a web-based software that is in charge of generating the individual, time-related and lock-specific access rights, and of maintaining these access rights afterwards. These access rights generated by the access control server 30 were provided to Mr. Smith's mobile smartphone 20, once Mr. Smith registered himself in the system.
  • the corresponding validation rule which is necessary for the secure communication between the mobile smartphone and the electronic lock was included in the electronic lock 10 when the electronic lock 10 was manufactured (a secret for decrypting the communication with the data carrier was provided to the electronic lock): the electronic lock 10 checks if the access rights correspond to that specific lock 10 which is represented by a unique ID as part of the encrypted access rights, and also verifies if the access rights are valid at the specific date and time.
  • the downloaded application also enables Mr.
  • Mr. Smith wishes to temporarily give access rights to the parcel courier, so that the parcel courier can deliver a parcel at his house, where there is no one in at the estimated time the courier will deliver the parcel.
  • Mr. Smith can access the access control server 30, where a list associated to him as a user is stored; this list includes inter alia, the electronic locks he wishes to have controlled and managed by the system, the users he wants to give access to and to which electronic lock(s) each user has access to, and whether the access authorization is time restricted or not.
  • Mr. Smith accesses the access control server 30 with the application in his mobile smartphone or via the corresponding webpage, and indicates that he wishes to delegate access rights to the electronic lock 10 to the parcel courier for a time slot around the estimated delivery time. To do so, Mr. Smith includes the parcel courier's mobile phone number and/or email address in his list, associating the parcel courier's data with the electronic lock 10 and during the required time period.
  • the access control server defines encrypted access rights for the parcel courier's mobile phone which are readable by the electronic lock 10, and which will permit the parcel courier to open the electronic door 10 during the time period defined by Mr. Smith, by using his mobile phone 40.
  • These encrypted access rights are sent to the parcel courier's mobile phone 40, via an encrypted data package.
  • the parcel courier has already downloaded the application, as a frequent user of the system; and upon receiving the access rights delegated by Mr. Smith, he may open the electronic lock 10 with his mobile phone 40 and leave the parcel inside Mr. Smith's house.
  • a one-time access to a public application store (such as Google Play Store or Apple App Store) is sent to the mobile device via SMS or email so as to download the application and be able to open the electronic lock.
  • a public application store such as Google Play Store or Apple App Store
  • the owner of the mobile device may also register himself into the access control system; then the encrypted access rights for the electronic lock 10 are sent to the mobile device.
  • the access rights provided to the parcel courier are time restricted to the time interval chosen by Mr. Smith.
  • the access control server configures these access rights as valid for the specific time interval and then they expire by themselves offline. There is no need to synchronize with the access control server in order to terminate the validity of the access rights. So in case of losing the smartphone, a possible intruder that takes the smartphone will not be able to open the electronic door: since validation is carried out offline and the smartphone is used as an AoC ('access on card') to open the electronic lock 10, the 'AoC' access rights which are time restricted will not open the electronic lock after the time interval chosen by Mr. Smith, which can be made to a single day or even some hours.
  • the time period in which the access rights is valid is set by the access control server, typically to 1-3 days. This means that if the access rights are not time restricted the encrypted access rights file is not valid after this time period and must be refreshed (sent again) by the access control server.
  • the parcel courier may get in his mobile phone 40 data to locate Mr. Smith's house.
  • These data can be a picture of the front door, that Mr. Smith has previously uploaded in the access control server 30 making use of his user rights; if the picture of the front door is too heavy, instead of the picture itself, the parcel courier may receive a link to the URL direction where the picture is stored in the access control server 30.
  • These data can also include additional contact details of Mr. Smith, such as Mr. Smith's mobile phone number, so that the parcel courier may contact him if necessary. Or these data may include geolocalisation data or navigation directions to Mr. Smith's front door.
  • Mr. Smith may decide that the electronic lock 10 of his front door 11 is only openable if, in addition to presenting access rights validated by the access control server 30, a valid PIN code is entered by the user of the smartphone mobile phone. Or he may also establish that a specific action or gesture has be done with the smartphone. In such case, Mr. Smith with his user rights can do so by executing the application in his smartphone, accessing the access control server, and entering the should specific PIN code or gesture-based action that is needed to additionally input to open the electronic lock of his front door.
  • This two-step validation provides a security feature in case Mr. Smith loses his smartphone 20, since if the PIN or gesture-based action request is activated, the user must know the required PIN or gesture-based action, enter the PIN or do the gesture, and hold the device again in front of the electronic lock to open it.
  • third parties such as family and friends as well as to a number of pre-selected service providers
  • third parties are provided with a permanent and/or temporary electronic key (access rights) via a wireless network upon a request to do so by a user having such user rights.
  • the short-range communication channel established between the smartphone of Mr. Smith and the electronic lock 10 is implemented in the present invention with Bluetooth Low Energy technology.
  • This communications channel can be used inter alia for the following end-user oriented features:
  • the data organization within the communications channel is flexible and scalable.
  • the method for delegating access rights of the present invention includes sequences of messages and commands for reading the access rights, validating the access rights at the access control server, and granting access to the access-based resource.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
EP17154714.4A 2017-02-03 2017-02-03 Délégation de droits d'accès Withdrawn EP3358534A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP17154714.4A EP3358534A1 (fr) 2017-02-03 2017-02-03 Délégation de droits d'accès

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP17154714.4A EP3358534A1 (fr) 2017-02-03 2017-02-03 Délégation de droits d'accès

Publications (1)

Publication Number Publication Date
EP3358534A1 true EP3358534A1 (fr) 2018-08-08

Family

ID=58158772

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17154714.4A Withdrawn EP3358534A1 (fr) 2017-02-03 2017-02-03 Délégation de droits d'accès

Country Status (1)

Country Link
EP (1) EP3358534A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3671663A1 (fr) * 2018-12-20 2020-06-24 Assa Abloy AB Délégations co-signées
USD891901S1 (en) 2019-04-05 2020-08-04 Dormakaba Usa Inc. Knob
WO2021063811A1 (fr) * 2019-09-30 2021-04-08 Assa Abloy Ab Activation de déverrouillage à distance d'une serrure
WO2021214134A1 (fr) 2020-04-23 2021-10-28 Dormakaba Schweiz Ag Procédé et dispositifs de configuration de cadenas électroniques
US11339589B2 (en) 2018-04-13 2022-05-24 Dormakaba Usa Inc. Electro-mechanical lock core
SE2051379A1 (en) * 2020-11-26 2022-05-27 Assa Abloy Ab Configuring access rights for an electronic key
US11466473B2 (en) 2018-04-13 2022-10-11 Dormakaba Usa Inc Electro-mechanical lock core
EP4148693A1 (fr) 2021-09-09 2023-03-15 Axis AB Système de contrôle d'accès et procédé associé de gestion de l'accès à une ressource physique à accès restreint
US11913254B2 (en) 2017-09-08 2024-02-27 dormakaba USA, Inc. Electro-mechanical lock core
US11933076B2 (en) 2016-10-19 2024-03-19 Dormakaba Usa Inc. Electro-mechanical lock core

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140239647A1 (en) * 2013-02-28 2014-08-28 Tyto Life LLC Door lock assembly for a dwelling
US20140266573A1 (en) * 2013-03-15 2014-09-18 The Chamberlain Group, Inc. Control Device Access Method and Apparatus
EP2819103A1 (fr) * 2013-06-25 2014-12-31 Evva Sicherheitstechnologie GmbH Procédé de contrôle d'accès

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140239647A1 (en) * 2013-02-28 2014-08-28 Tyto Life LLC Door lock assembly for a dwelling
US20140266573A1 (en) * 2013-03-15 2014-09-18 The Chamberlain Group, Inc. Control Device Access Method and Apparatus
EP2819103A1 (fr) * 2013-06-25 2014-12-31 Evva Sicherheitstechnologie GmbH Procédé de contrôle d'accès

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11933076B2 (en) 2016-10-19 2024-03-19 Dormakaba Usa Inc. Electro-mechanical lock core
US11913254B2 (en) 2017-09-08 2024-02-27 dormakaba USA, Inc. Electro-mechanical lock core
US11466473B2 (en) 2018-04-13 2022-10-11 Dormakaba Usa Inc Electro-mechanical lock core
US11339589B2 (en) 2018-04-13 2022-05-24 Dormakaba Usa Inc. Electro-mechanical lock core
US11447980B2 (en) 2018-04-13 2022-09-20 Dormakaba Usa Inc. Puller tool
EP3671663A1 (fr) * 2018-12-20 2020-06-24 Assa Abloy AB Délégations co-signées
WO2020127475A1 (fr) * 2018-12-20 2020-06-25 Assa Abloy Ab Délégations de co-signature
CN113228120A (zh) * 2018-12-20 2021-08-06 亚萨合莱有限公司 共同签名委托
US11869292B2 (en) 2018-12-20 2024-01-09 Assa Abloy Ab Co-signing delegations
CN113228120B (zh) * 2018-12-20 2023-08-22 亚萨合莱有限公司 共同签名委托
US11580806B2 (en) 2018-12-20 2023-02-14 Assa Abloy Ab Co-signing delegations
USD937655S1 (en) 2019-04-05 2021-12-07 Dormakaba Usa Inc. Knob
USD965407S1 (en) 2019-04-05 2022-10-04 Dormakaba Usa Inc Knob
USD891901S1 (en) 2019-04-05 2020-08-04 Dormakaba Usa Inc. Knob
USD926018S1 (en) 2019-04-05 2021-07-27 Dormakaba Usa Inc. Knob
WO2021063811A1 (fr) * 2019-09-30 2021-04-08 Assa Abloy Ab Activation de déverrouillage à distance d'une serrure
WO2021214134A1 (fr) 2020-04-23 2021-10-28 Dormakaba Schweiz Ag Procédé et dispositifs de configuration de cadenas électroniques
SE2051379A1 (en) * 2020-11-26 2022-05-27 Assa Abloy Ab Configuring access rights for an electronic key
EP4148693A1 (fr) 2021-09-09 2023-03-15 Axis AB Système de contrôle d'accès et procédé associé de gestion de l'accès à une ressource physique à accès restreint

Similar Documents

Publication Publication Date Title
EP3358534A1 (fr) Délégation de droits d'accès
US10755507B2 (en) Systems and methods for multifactor physical authentication
US10437977B2 (en) System and method for digital key sharing for access control
KR102308846B1 (ko) 복수의 장치로부터 데이터에 액세스하기 위한 시스템
US9741186B1 (en) Providing wireless access to a secure lock based on various security data
KR101296863B1 (ko) Nfc 도어락을 이용한 출입인증 시스템
EP2888855B1 (fr) Systèmes et procédés de gestion d'accès à un dispositif de verrouillage à l'aide de signaux sans fil
EP2383955B1 (fr) Attribution et distribution d'authentifications d'accès à des dispositifs de communication mobiles
US9384613B2 (en) Near field communication based key sharing techniques
US20170236350A1 (en) Electronic door lock system
US11570623B2 (en) Secure communication platform
US20190268169A1 (en) A physical key for provisioning a communication device with data allowing it to access a vehicle resource
CN110178160B (zh) 具有可信第三方的访问控制系统
KR20160047500A (ko) 출입문의 잠금 해제를 제어하기 위한 소유자의 액세스 포인트
CN104584521A (zh) 移动通信设备
US10776474B2 (en) Token execution system for access control
JP2005032241A (ja) リソースにアクセスする許可の付与
KR20220072657A (ko) 가상 블록체인이 결합된 이중 블록체인에 기반한 IoT 기기 플랫폼 보안 구축 방법 및 IoT 기기 플랫폼 보안 구축 시스템
US11176236B2 (en) Secure access to resources
KR102017337B1 (ko) 스마트 단말과 연동하여 동작하는 블루투스 기반 스마트 금고 및 이를 이용한 금고 계폐 서비스 제공 방법
US11348392B2 (en) Method for access control
KR102142906B1 (ko) 모바일 보안환경에서의 디지털 키 서비스 시스템
EP3358535A1 (fr) Procédé pour la localisation d'une serrure électronique
BG3945U1 (bg) Система за дистанционно управление на достъп
WO2019009971A1 (fr) Systèmes et procédés de co-authentification sans défi

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20190209