EP3567555B1 - Method for operating an access system - Google Patents

Description

The invention relates to a method for operating an access system for an access device, in particular for a garbage container.

For the disposal of household waste, large-scale garbage containers are often provided, which are used by several households. Such garbage containers can, for example, belong to a house community or also to a municipality. Such garbage containers usually include an access device so that authorized users have access to such garbage containers. The authorization can also be blocked again, for example if the disposal costs are not paid. This type of access can be implemented using a wide variety of electronic systems. It is known from the prior art, for example, that an identification code is assigned to a user. This identification code is entered, for example, via a number pad arranged on the garbage container. However, such systems are impractical for the user, since he must always have the access data at hand. Furthermore, a loss of the access data entails a complex administrative process.

The previous use of PIN input fields or RFID tags and cards also has the disadvantage that additional hardware and / or additional knowledge is required on the part of the user. Additional costs and administrative expenses are necessary because the user has to be handed or sent the hardware. Furthermore, protection against abuse turns out to be difficult, depending on the specific procedure. A time limit for access is difficult or even impossible to implement; With key-based access, for example, all locks would have to be exchanged and all keys redistributed.

the US 2015/307273 A1 discloses a method according to the preamble of claim 1.

The object of the present invention is to provide an improved method for operating an access system for an access device.

This object is achieved by a method according to claim 1.

Access to a garbage container with restricted access by an access device is thus granted to the user as comfortably as possible, since he only needs to have a communication device at hand. The solution works without additional hardware and without additional knowledge on the part of the customer. At the time of access, an active connection to the central system (for data transmission and authentication) is not absolutely necessary. Protection against misuse is guaranteed, as the copying of commercially available cards (and thus misuse) is eliminated. Furthermore, access can be restricted regionally and time-wise. The solution is easily scalable and easily configurable for changing users.

The authentication data preferably authorize access to several access devices, in particular garbage containers.

A predetermined area of validity is preferably to be understood as a period of validity. For example, this is to be understood as the term of the contract between a user and a corresponding disposal company.

A predetermined area of validity can cumulatively or alternatively also be understood to be a spatial area of validity. Accordingly, the access of a user could be restricted to several access devices, preferably garbage containers, in a certain spatial area, such as a house community, a commune or the like.

A communication channel should be understood as a transmission path. Such a transmission path connects a transmitter and a receiver. This transmitter or receiver is advantageously part of a communication interface. The communication device accordingly has a first communication interface. The first communication interface is connected to a third communication interface of the data management system via a first communication channel, the connection being understood to mean the possibility of data exchange. The communication device also has a second communication interface which is connected to the fourth communication interface of the access device by means of the second communication channel, whereby at least the authentication data is transmitted to the access device by means of wireless technology.

Access to the access device can be understood to mean, for example, unlocking a garbage lock or unlocking a lock that closes the garbage container.

According to a particularly preferred embodiment, the communication device is a portable data processing device, for example a mobile phone, a smartphone, a tablet or a laptop. Of course, the present invention is not restricted to this list and other similar data processing devices can also be considered for the application. The use of mobile telephones or smartphones is so widespread that the vast majority of the members of a corresponding house community or municipality own such a smartphone. The user therefore does not need any further devices for registration or authentication, or he has to memorize the corresponding access data.

The communication device preferably has a control device on which software, also known as an app, is installed, by means of which the registration of the user with the data management system is enabled and / or by means of which the data exchange via a second communication channel between the communication device and the access device, respectively can be controlled between the first communication interface of the communication device and the third communication interface of the data management system. The communication device advantageously comprises a display device.

According to a further preferred embodiment, the first communication channel is a cellular connection. The cellular connection is preferably a GSM connection or a UMTS connection or a GPRS connection or an LTE connection. Of course, other connections such as radio connections, for example in the ISM band or WLAN, can also be considered.

According to a particularly preferred embodiment, the wireless connection of the second communication channel, or the wireless technology, is an NFC (near field communication) connection / technology or an RFID (radio-frequency identification) connection / technology. However, it would also be conceivable to use other wireless technologies such as Bluetooth or wireless LAN. The second communication interface of the communication device and the fourth communication interface of the file management system are accordingly equipped with the corresponding wireless technology.

NFC technology and RFID technology use high-frequency alternating magnetic fields for data transmission. RFID technology is usually a so-called "connectionless" transmission. A passive transponder is used here, which is supplied with energy by the alternating field of a reader. NFC technology also provides what is known as "connection-based" transmission. In connection-based transmission or also peer-to-peer transmission, a transmission is established between two equivalent transmitters.

In the meantime, a large number of commercially available smartphones have been equipped with an NFC facility. Only two participants can be involved in a data transmission, a so-called initiator who acts as a sender of information and a receiver who receives this information.

NFC technology also provides "connectionless" transmission analogous to RFID technology. Such a transmission is often referred to as a passive transmission. Here only the initiator generates the high-frequency magnetic field. The receiver can transmit data by means of load modulation. Energy is absorbed from the magnetic field by a specially tuned oscillating circuit of the receiver, whereupon the initiator reacts.

In the case of "connected" or active transmission, both the initiator and the receiver generate a high-frequency magnetic field. First, a so-called "handshake" is carried out in which authentication takes place and in which various settings, such as the optimal transmission speed, are selected. The data exchange is then carried out. Due to the authentication, this active transmission is considered to be much more secure compared to the passive transmission.

According to a preferred embodiment, the access device is activated before the data exchange is initiated. This can be done, for example, using a button or a similar element. Alternatively, it can be activated by a "Low Power Card Detection" (LPCD), which automatically detects the presence of an NFC-enabled communication device in the immediate vicinity.

According to a further preferred embodiment, the second communication interface of the communication device must be activated, i.e. the NFC function is activated.

The software / app preferably remains active in the background so that the NFC function remains activated. The user can thus obtain access to the access device by means of the communication device at any time after successful registration.

According to a preferred embodiment, the access device has a second control device which, if the user is authorized, controls an unlocking device accordingly. In the preferred embodiment as a garbage container, a garbage lock is thus unlocked. The user can thus throw his rubbish into the container. At the time of data exchange via the second communication channel, the communication device does not have to be connected to the data management system by means of a first communication channel in order to unlock the access device.

According to a further preferred embodiment, user identification data, device identification data of the communication device and a registration code, which is made available by an operator, transmitted to the data management system through the communication device.

The authentication data preferably include key data, validity information and a region code. The control device of the access device can use this data to check whether access is granted. If the current time is available on the control device of the access device, this data can also be used to check the temporal validity independently of the control device of the communication device.

The operator is a waste disposal company, a municipality or the like. The file management system first imports the user data from the operator. This user data includes the name and address of the user, user identification data such as the contract number, a region code and two registration codes. The registration codes are transmitted to the user, for example by means of a letter, email or the like.

The spatial area of validity is preferably determined by means of the region code.

A predetermined number of authentication data can preferably be made available to a user. The user can accordingly equip several communication devices with corresponding authentication data, so that they can access the access device by means of several communication devices.

According to a preferred embodiment, the user identification data and the registration code can be read in using a QR scanner of the communication device. This enables particularly fast registration.

During the use of the communication device (5) on the access device, the communication device preferably has no connection to the file management system via the first communication channel. This ensures that the access device can be opened even if there is poor or no network coverage on the access device. A regular connection to the data management system is preferably required in order to regularly extend the time-limited authentication of the communication device.

According to a preferred embodiment, the communication device comprises a control device which controls the transmission of the authentication data on the basis of the validity data. Accordingly, no authentication data are sent to an access device if the user is in a non-permitted area of validity.

According to the invention, the communication device automatically carries out a request for the authorization of the user in the data management system at a predetermined time interval. The communication device preferably communicates with the data management system via a first communication channel. For security reasons, it makes sense for the communication device to make contact with the data management system at regular intervals in order to update the user's authorization. According to the invention, the authentication data are deleted in the event of a lack of authorization. This is done by the control device of the communication device or the software. The authentication data are accordingly no longer transmitted to the access device. The user preferably receives a notification that the access authorization has been withdrawn.

The predetermined time interval can be the predetermined period of validity (contract term) or a smaller time interval. This time interval can be predetermined globally or can be specified for specific groups of authentication data, for example for specific regions.

The request for authorization of the user is preferably attempted after approximately 50% of the predetermined time interval or the period of validity. If a connection to the data management system cannot be established, further attempts will be made.

Shortly before the remaining time, the user is presented with a corresponding notification that a connection to the data management system is required.

Preferably, even after the time interval or the period of validity has expired, attempts are made to periodically contact the data management system and renew the authentication data. A corresponding note is also presented to the user. According to a preferred embodiment, the user can deregister using the

Communication device. The control unit of the communication device preferably deletes the authentication data on the communication device. The data management system preferably continues to assign the deregistered authentication data to the user, so a history of the user remains visible.

According to a preferred embodiment, the user can block the authentication data assigned to a communication device. When the communication device is used for the first time after it has been blocked, the access device preferably uses the second communication channel to send commands for overwriting the authentication data on the communication device. This function is required when the communication device is no longer authorized to gain access to the access device. This can be the case, for example, if the communication device is lost or sold, or if the owner moves to another area. The communication device can be identified on the basis of the device identification data. The associated authentication data are thus set to lost in the data management system.

Should the communication device contact the data management system, the period of validity is preferably no longer extended and the user is given appropriate feedback that this communication device may no longer be used.

According to a preferred embodiment, the communication by means of the second communication channel is an HCE (host based card emulation) communication. HCE communication has been offered by Android since version 4.4. The HCE communication is based on ISO 14443-A and ISO 7816. That is, a so-called command is always sent by the NFC hardware of the access device, to which the communication device responds with a so-called "response". Contact is preferably established between the access device and the communication device using an ISO 7816 Select Aid command. Any data can then be exchanged in the command-response pairs.

After the Select AID command, the communication device replies with the (latest) version of the HCE protocol supported on the communication device and the (virtual) UID of the communication device. The Select Aid command is processed by the Android system and the app that has registered for the given Aid in the system is started. If several apps have registered for the same aid, the user is asked which app should be addressed.

The access device preferably asks the communication device actively by means of a command whether a “response” response is available on the communication device. This means that the communication device cannot initiate a data transfer during HCE communication. The response from the communication device is preferably immediate.

The data exchange between the communication device and the access device preferably consists of the transmission of application commands, which consist of a command and data to be transmitted.

According to a further preferred embodiment, a transport protocol is used to transmit application commands, whereby the application commands are broken down into one or more segment (s) and transmitted as a function of the data size of the application command.

According to a further aspect of the invention, the object is achieved by an access system for carrying out a method according to one of the preceding embodiments.

The access system can have one or more features already mentioned for the method. Accordingly, all features of the method should also be considered disclosed with regard to the access system.

Further advantages, objectives and properties of the present invention are explained on the basis of the following description of the attached figures. Components of the same type can have the same reference symbols in the various embodiments.

Fig.1

eine Übersichtsdarstellung des Zugangssystems;

Fig.2a bis 2i

beispielhafte Abfolge einer Anzeige auf dem Smartphone beim ersten Start der App.

In the figures show:

Fig.1

an overview of the access system;

Fig. 2a to 2i

exemplary sequence of a display on the smartphone when the app is started for the first time.

1. a. Registrieren des Nutzers (4) durch ein Kommunikationsgerät (5) bei einem Datenmanagementsystem (6) mittels eines ersten Kommunikationskanals (7);
2. b. Übersenden eines Datensatzes durch das Datenmanagementsystem (6) über den ersten Kommunikationskanal (7) an das Kommunikationsgerät (5), wobei der Datensatz Authentifikationsdaten und Gültigkeitsdaten umfasst;
3. c. Initiieren eines Datenaustauschs über einen zweiten Kommunikationskanal (8) zwischen dem Kommunikationsgerät (5) und der Zugangsvorrichtung (2), wobei zumindest die Authentifikationsdaten an die Zugangsvorrichtung (2) übertragen werden, wobei der zweite Kommunikationskanal (8) eine drahtlose Verbindung ist und
4. d. Überprüfen der Authentifikationsdaten durch eine Steuereinrichtung (9) der Zugangsvorrichtung (2) auf eine Berechtigung des Nutzers;

wobei die Registrierung einmalig erfolgt und die Authentifikationsdaten in einem vorbestimmten Gültigkeitsbereich zum Zugang der Zugangsvorrichtung (2) berechtigen.In Figure 1 an overview of the access system (1) is shown. On the access system there is a method for operating an access system (1) with an access device (2), in particular for a garbage container (3), comprising the following steps:

1. a. Registering the user (4) by a communication device (5) in a data management system (6) by means of a first communication channel (7);
2. b. Sending a data record by the data management system (6) via the first communication channel (7) to the communication device (5), the data record comprising authentication data and validity data;
3. c. Initiating a data exchange via a second communication channel (8) between the communication device (5) and the access device (2), at least the authentication data being transmitted to the access device (2), the second communication channel (8) being a wireless connection and
4. d. Checking the authentication data by a control device (9) of the access device (2) for authorization of the user;

the registration being carried out once and the authentication data authorizing access to the access device (2) in a predetermined range of validity.

The communication device (5) comprises a control device (10) which controls the transmission of the authentication data on the basis of the validity data.

In the following, the term app can also be understood to mean the control device (10) of the communication device (5), since the app is installed on this control device (10) and the control device carries out the corresponding actions.

It is not necessary to start the app (10) manually to open the lock. The app (10) should open automatically and disappear again after a specified time.

All registered key owners are managed in the data management system or web portal. Their smartphone IDs (also called (virtual) key IDs in the following) correspond to the tag IDs used to date. These can also be deactivated / blocked again there. This may be necessary if a user changes or loses his smartphone or is no longer authorized to access garbage locks. In this case, the ID of the app (10) is entered in a prohibited list (black list).

Other necessary information that still has to be assigned to the keys are the identification features of the smartphone (5) (unique device ID and name of the smartphone) and functions that must be implemented on the web portal.

The apps need to be distributed. For this purpose, the app is stored in a web shop (15) (e.g. Google Play Store).

• Importieren der Nutzerdaten (13) (Name, Adresse, Vertragsnummer, Regionscode, Registrierungscode, Registrierungscode 2).
• Informationsschreiben (14) mit Registrierungscode und Registrierungscode 2 an Nutzer (4) durch die Kommune bzw. Entsorger (12). In diesem Schreiben sollte auch die Vertragsnummer ersichtlich sein. Die Vertragsnummer und der zugehörige Registrierungscode sollten im Schreiben auch als QR-Code enthalten sein, um die Anmeldung mit der App (10) zu vereinfachen. Es muss dann zur Anmeldung mit der App (10) lediglich der QR-Code gescannt werden. Das Informationsschreiben (14) enthält zudem eine Beschreibung, wo die App heruntergeladen werden kann (Empfehlung: inkl. zweiter QR-Code mit Link zur App im Web-Shop (15) und wie der Registrierungsprozess erfolgt.

The (virtual) key IDs for the smartphone app (10) can be generated, for example, by a key generator which ensures the uniqueness of the generated key IDs. In order to be able to use a smartphone (5) as an access key for the access device (2), a registration and authentication process and an assignment of the user ID (usually the contract number) are required. For this, preparations must be made in the data management system (6) and by the municipality or the waste disposal company (12):

• Import the user data (13) (name, address, contract number, region code, registration code, registration code 2).
• Information letter (14) with registration code and registration code 2 to user (4) from the municipality or disposal company (12). This letter should also include the contract number. The contract number and the corresponding registration code should also be included in the letter as a QR code to simplify registration with the app (10). To register with the app (10), all you have to do is scan the QR code. The information letter (14) also contains a description of where the app can be downloaded (recommendation: including a second QR code with a link to the app in the web shop (15) and how the registration process takes place.

Based on the information letter (14), the user (4) knows in which app store (15) the virtual key app for the access device can be purchased and how the smartphone (5) can be registered.

• Der Registrierungsprozess wird abgebrochen, wenn der Registrierungscode mehrfach falsch eingegeben wurde. Dann muss eine erneute Freischaltung des Registrierungscodes bei der Supportstelle angefordert werden.
• Für jede Nutzer-ID (Vertragsnummer) ist die maximale Anzahl an erlaubten Keys (5) anzugeben. Ein Key (5) ist ein Tag, eine Karte oder ein Smartphone (5) mit installierter App und aktiviertem NFC. Hiermit authentifiziert sich der Benutzer (4). Diese maximale Anzahl erlaubter Keys (5) zählt nur die dem Nutzer (4) zugeordneten Keys (5) mit dem Status "aktiv". Einem Nutzer (4) können somit beliebig viele Keys (5) in einem anderen Status (z.B. "verloren") zugeordnet sein. Jedes registrierte Smartphone (5) wird dabei vom Web-Portal als Key (5) gezählt und es können somit mit einem Registrierungscode keine Smartphones (5) mehr registriert werden, wenn das Maximum an (aktiven) Keys (5) erreicht ist.

After downloading and installing the app, the user (4) is asked to enter his contract number along with the registration code received. This information is transmitted to the data management system via a secure connection (https) together with a unique ID of the smartphone and the device name, where it is checked for compliance. The following additional precautions are taken to increase security:

• The registration process will be canceled if the registration code has been entered incorrectly several times. Then a renewed activation of the registration code must be requested from the support center.
• The maximum number of allowed keys (5) must be specified for each user ID (contract number). A key (5) is a tag, a card or a smartphone (5) with an installed app and activated NFC. This is used to authenticate the user (4). This maximum number of allowed keys (5) only counts the keys (5) assigned to the user (4) with the status "active". Any number of keys (5) in a different status (eg "lost") can thus be assigned to a user (4). Every registered smartphone (5) is counted as a key (5) by the web portal and cannot be used with a registration code Smartphones (5) can be registered more when the maximum number of (active) keys (5) is reached.

If the contract number and registration code match and the maximum number of active keys has not yet been reached, information relevant to access is transferred to the app (10), including unique key IDs (those from the web portal from the pool of available virtual key IDs is selected and set to active), region code, key type, encryption and validity dates. This information is partially transmitted to the app (10) within an authentication data record that is created by the data management system. Only then is it possible to use the smartphone (5) to open an access device with the same region code

To open a garbage lock (2) via smartphone (5), NFC only needs to be activated. The app runs in the background and therefore does not have to be restarted specifically for disposal. It is enough to switch on the smartphone (5). Depending on the embodiment, the smartphone (5) can be held in the detection area of the antenna immediately (i.e. without further action at the garbage lock (2) or by pressing a button). As soon as the smartphone (5) has been recognized by the garbage lock (2), a message appears on the smartphone screen. The lock opens if the region code and key status match.

When using a smartphone (5) at a lock (2), the smartphone (5) does not necessarily have to have a GSM connection. This ensures that it can be opened even if there is poor or no network coverage at the location of the garbage lock (2). However, a regular connection to the data management system (6) is required in order to regularly extend the time-limited authentication of the app (10). The required regeneration of the authentication data takes place automatically in the background using the Virtual Key App (10). This means that the virtual key apps (10) can be deactivated again via the portal if users (4) change or lose their smartphone (5) or are no longer authorized for other reasons.

A virtual key app (10) can also be deactivated using the existing blacklist function of a garbage lock (2). To do this, the status must be set to "lost" in the data management system (6) for the key ID of the smartphone concerned (5). After the blacklist has been transferred to the garbage locks concerned (2), the opening function of the app (10) is deactivated if a lost key is detected.

For security reasons, the invention provides that the app (10) makes contact with the portal at time intervals (validity period) and obtains the authorization to open locks (2) again.

If the key ID of a smartphone (5) is no longer marked as active in the web portal (6), the smartphone (5) no longer receives this authorization - thus opening the lock (2) with this smartphone (5) is also included this unique identification number is no longer possible. When the authorization to open is withdrawn, the app (10) deletes the authentication data so that it can no longer be transferred to a garbage lock (2). The user (4) receives a message that the authorization to open garbage locks (2) has been withdrawn.

The following is based on the Figures 2a to 2i an exemplary sequence of a display on the smartphone when the app (10) is started for the first time is shown. If the app is not yet (or no longer) registered, the user will be asked to register:
Figure 2a : Has the device not yet been registered. The screen for unlocking the device then appears. The contract number and registration code are entered. The data management system (6) checks whether the data are valid. A QR code scanner is provided so that the user does not have to enter the required information by hand ( Figure 2b ).

Each time the app is started, it is checked whether NFC is active. If NFC is not active, the user is informed and given the opportunity to switch to the settings ( Figure 2c ). If the app is already registered (and NFC is active), the screen after Figure 2d shown: If the period of validity of the authentication data has expired, a corresponding message is displayed. If the authentication data has been deleted, the user is informed of this fact and then asked to re-register. After the app has been successfully registered, a help wizard will appear in accordance with the Figures 2e to 2g appears, which briefly shows the use of the app.

During the opening process, depending on the status, a success message is sent according to Figure 2h or a screen with an error message according to Figure 2i displayed.

List of reference symbols

1

Access system

2

Access device

3

Dumpster

4th

Users

5

Communication device

6th

Data management system

7th

first communication channel

8th

second communication channel

9

Control device of the access device

10

Control device of the communication device

Claims (13)

1. Method for operating an access system (1) that comprises an access device (2), in particular for a refuse container (3), said method comprising the following steps:

   a. registering the user (4) using a communication apparatus (5) of a data management system (6) by means of a first communication channel (7);

   b. sending a data record to the communication apparatus (5) by means of the data management system (6) via the first communication channel (7), wherein the data record comprises authentication data and validation data;

   c. initiating the exchange of data between the communication apparatus (5) and the access device (2) via a second communication channel (8), wherein at least the authentication data are transferred to the access device (2), wherein the second communication channel (8) is a wireless connection;

   d. checking the authentication data for the authorisation of the user using a control means (9) of the access device (2);

   wherein the registration is carried out only once and the authentication data authorise access to the access device (2) in a predetermined validity range, wherein, when data are exchanged via the second communication channel (8), the communication apparatus (5) does not have to be connected to the data management system (6) by means of the first communication channel (7), characterised in that the communication apparatus (5) automatically queries the authorisation of the user from the data management system (6) within a predetermined period, the authentication data on the communication apparatus (5) being deleted and no longer transferred to the access device (2) if the user does not have authorisation.
2. Method for operating an access system (1) according to claim 1,

   characterised in that

   the communication apparatus (5) is a portable data-processing apparatus, for example a mobile phone, a smartphone, a tablet or a laptop, the communication apparatus (5) comprising a control means (10) on which software is installed, which makes it possible to register the user with the data management system and/or by means of which the exchange of data between the communication apparatus (5) and the access device (2) via a second communication channel (8) can be controlled.
3. Method for operating an access system (1) according to either claim 1 or claim 2,

   characterised in that

   the first communication channel (7) is a mobile connection and the wireless connection of the second communication channel is an NFC connection or an RFID connection, the mobile connection being a GSM connection or a UMTS connection or a GPRS connection or an LTE connection, for example.
4. Method for operating an access system (1) according to any of the preceding claims,

   characterised in that,

   in step a), user identification data, device identification data relating to the communication apparatus and a registration code, which is provided by an operator, are transmitted to the data management system (6) by means of the communication apparatus (5), the user identification data and the registration code being read in by means of a QR scanner of the communication apparatus (5).
5. Method for operating an access system (1) according to any of the preceding claims,

   characterised in that,

   when the communication apparatus (5) is used on the access device (2), the communication apparatus (5) is not connected to the data management system (6) via the first communication channel (7).
6. Method for operating an access system (1) according to any of the preceding claims,

   characterised in that

   the communication apparatus (5) comprises a control means (10), which controls the transmission of the authentication data on the basis of the validity data.
7. Method for operating an access system (1) according to any of the preceding claims,

   characterised in that

   a deregistration can be performed by means of the communication apparatus (5) by the user (4), the control means (10) of the communication apparatus (5) deleting the authentication data on the communication apparatus (5), the data management system (6) continuing to assign the deregistered authentication data to the user (6).
8. Method for operating an access system (1) according to any of the preceding claims,

   characterised in that

   the authentication data assigned to a communication apparatus (5) can be blocked by the user (4), the access device (2) sending commands to overwrite the authentication data on the communication apparatus (5) by means of the second communication channel (8) when the communication apparatus (5) is used for the first time since the authentication data were blocked.
9. Method for operating an access system (1) according to any of the preceding claims,

   characterised in that

   the communication via the second communication channel (8) is an HCE (Host based Card Emulation) communication, the contact between the access device (2) and the communication apparatus (5) being made by means of an ISO 7816 Select AID command.
10. Method for operating an access system (1) according to claim 9,

    characterised in that,

    by means of a command, the access device (2) actively asks the communication apparatus (5) whether a response on the communication apparatus (5) is given, the communication apparatus (5) responding directly.
11. Method for operating an access system (1) according to either preceding claim 9 or preceding claim 10,

    characterised in that,

    the exchange of data between the communication apparatus (5) and the access device (2) consists of transmitting application commands, which consist of both a command and data to be transmitted.
12. Method for operating an access system (1) according to any of preceding claims 9 to 11,

    characterised in that,

    in order to transmit application commands, a transport protocol is used, by means of which the application commands are broken down into one or more segments, depending on the data size of the application command, and transmitted.
13. Access system (1), comprising an access device (2) with a control means (9), a communication apparatus (5), a data management system (6) and a first (7) and a second communication channel (8), wherein the access system is configured for carrying out a method according to any of the preceding claims.

Images