EP3997674A1 - System zur entriegelung von gebäudezugängen und zugehöriges verfahren - Google Patents
System zur entriegelung von gebäudezugängen und zugehöriges verfahrenInfo
- Publication number
- EP3997674A1 EP3997674A1 EP20750731.0A EP20750731A EP3997674A1 EP 3997674 A1 EP3997674 A1 EP 3997674A1 EP 20750731 A EP20750731 A EP 20750731A EP 3997674 A1 EP3997674 A1 EP 3997674A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- server
- code
- control unit
- access
- portable electronic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 49
- 238000013475 authorization Methods 0.000 claims abstract description 224
- 230000005540 biological transmission Effects 0.000 claims description 90
- 238000012795 verification Methods 0.000 claims description 36
- 230000000007 visual effect Effects 0.000 claims description 16
- 238000003860 storage Methods 0.000 claims description 6
- 230000003287 optical effect Effects 0.000 claims description 3
- 230000009467 reduction Effects 0.000 claims description 3
- 230000003466 anti-cipated effect Effects 0.000 claims description 2
- 238000012217 deletion Methods 0.000 claims description 2
- 230000037430 deletion Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 10
- 238000007726 management method Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000004140 cleaning Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000004913 activation Effects 0.000 description 5
- 230000004075 alteration Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 3
- 230000005764 inhibitory process Effects 0.000 description 3
- 230000002123 temporal effect Effects 0.000 description 3
- 102100039642 Rho-related GTP-binding protein RhoN Human genes 0.000 description 2
- 108050007497 Rho-related GTP-binding protein RhoN Proteins 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 238000003287 bathing Methods 0.000 description 2
- 235000021152 breakfast Nutrition 0.000 description 2
- 230000002045 lasting effect Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000013497 data interchange Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000005284 excitation Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00182—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00571—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00182—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
- G07C2009/00238—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00182—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
- G07C2009/00238—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed
- G07C2009/00246—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed periodically, e.g. after a time period
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
- G07C2009/00785—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by light
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
- G07C2009/00793—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by Hertzian waves
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00857—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
- G07C2009/0088—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed centrally
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/08—With time considerations, e.g. temporary activation, valid time window or time limitations
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/60—Indexing scheme relating to groups G07C9/00174 - G07C9/00944
- G07C2209/63—Comprising locating means for detecting the position of the data carrier, i.e. within the vehicle or within a certain distance from the vehicle
- G07C2209/64—Comprising locating means for detecting the position of the data carrier, i.e. within the vehicle or within a certain distance from the vehicle using a proximity sensor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
Definitions
- the present invention relates to the field of access control systems and in detail refers to a structure accesses unlocking system and a method of authentication and access to structures or buildings.
- a system (1 ) of unlocking of accesses (2) of a structure comprising:
- an interface (4a) to a portable electronic device (5) said interface (4a) being configured for detecting the presence of a portable electronic device (5) in proximity of the interface (4a) itself, said interface (4a) comprising a receiving stage configured for receiving at least an authentication signal or code (20, 21 ), for the request of authorization for the unlock of an access control device (3), by said portable electronic device (5);
- control unit (4) conceived for being in use operatively connected to an access control device (3), wherein:
- control unit (4) comprises a server interface (4c), configured for automatically retransmitting the authentication signal or code (20, 21 ) to a remote server (6) and for waiting an authorization signal (10e) from said server (6);
- control unit (4) is configured for causing at least an unlock of the access control device (3) at the reception of an authorization signal (10e) from the server (6).
- control unit (4) is configured for: at first automatically retransmitting said authentication signal or code (20, 21 ) received by the portable electronic device (5), and/or an access authorization code contained in the authentication signal or code (20, 21 ) received by the portable electronic device (5) to the server (6) and subsequently for waiting for the reception of said authorization signal (10e) from the server (6).
- said authentication signal or code (20, 21 ) in turn comprises an alphanumeric type access authorization code.
- control unit (4) is configured for being mechanically connected to the access control device (3) and/or is configured for being electrically connected to a servo-actuator of said access control device (3) and/or integrates said access control device (3), or is mechanically connected to the access control device (3) and/or is configured for being electrically connected to a servo-actuator of said access control device (3).
- the access control device (3) is a lock and/or a part of a lock and/or an openable turnstile or gate.
- said authentication signal or code (20, 21 ) comprises a QR code and/or a visual code and/or an OTP alphanumeric code, and/or a single use password, and/or a time stamp.
- the OTP alphanumeric code and/or the single use password are or comprise dynamic type codes.
- the authentication signal or code is a code
- (20, 21 ) is automatically generated by the portable electronic device (5) for the access to the structure (2) and/or at an approximation of the portable electronic device (5) to the control unit (4) and/or to the interface (4a).
- said control unit (4) is also configured for extracting the access authorization code from the authentication signal (20, 21 ) within a predetermined time, and/or for retransmitting said access authorization code, without alteration, within a predetermined time, optionally wherein said predetermined time is an expiry time stored on said server (6).
- said predetermined time is between 10s and 45s, more preferably between 20s and 30s or on intervals comprised between 5s, 10s and 15s.
- said access authorization code is a dynamic code, having a predetermined and limited time validity, after which it is no longer usable for accessing said structure, optionally said dynamic code being cyclically regenerated by said server (6).
- said access authorization code is a dynamic code, having a predetermined and limited temporal validity, after which it is no longer usable for accessing said structure, optionally said dynamic code being cyclically regenerated by said portable electronic device (5).
- the code is regenerated cyclically at each said predetermined time interval, in particular with a predetermined time interval comprised between 10s and 45s, more preferably between 20s and 30s or on intervals between 5s, 10s and 15s.
- the control unit (4) is configured for: at first automatically retransmitting said access authorization code received from the portable electronic device (5) to the server (6) and then for waiting for the reception of said authorization signal (10e) from the server (6).
- control unit (4) is configured for extracting the access authorization code from the authentication signal (20, 21 ) within a predetermined time, and/or for retransmitting said access authorization code, without alteration, within a predetermined time.
- said predetermined time is an expiry time stored on said server (6).
- the interface (4a) to the portable electronic device (5) is, alternatively:
- control unit (4) separated from the body of the control unit (4), and comprises a camera (4a) for optical code reading and/or a receiver suitable for receiving a radio signal comprising a predefined code; said interface (4a) being configured for being installed in a space outside the structure delimited by said access (2); or
- control unit (4) is integrated into the body of the control unit (4), and preferably comprises a radio receiver stage.
- the radio receiver is a short- distance communication receiver, optionally of NFC or Bluetooth type.
- the radio signal is an encrypted radio signal.
- control unit (4) comprises a memory, optionally a non-volatile memory, within which it is possible to store an electronic address of a user to which address the transmission of a control signal, said control signal being indicative of an access or an attempt to access the structure and being determined by the reception, by the control unit (4) and/or the interface (4a) of an access authorization code; said control unit (4) being configured for transmitting or causing the transmission of said access signal when the control unit (4) has received an access authorization code.
- the system comprises a server (6), operatively connected to the control unit (4), optionally configured for being at least temporarily operatively connected to the portable electronic device (5).
- the server comprises a memory, optionally a non-volatile memory, within which it is possible to store an electronic address of a user to which address the transmission of a control signal, said control signal being indicative of an access or of an attempted access to the structure and being determined by the reception, by the control unit (4) and/or the interface (4a) of an access authorization code; said server (6) being configured for transmitting said access signal when the control unit (4) has received an access authorization code.
- the server (6) comprises:
- a time counter configured for automatically carrying out at least one counting of time that elapses between a first time instant wherein the server (6) generates a random or pseudo-random number and/or an access authorization code to be transmitted to the portable electronic device, and a second time instant wherein the server (6) receives the access authorization code retransmitted by the control unit (4);
- the system comprises a server (6), operatively connected to the control unit (4), having a data transceiver interface from and to the control unit (4) respectively;
- said server (6) being configured for generating an OTP alphanumeric code, and/or a single use password, and/or a timestamp at the reception of an OTP alphanumeric code, and/or a single use password, and/or a timestamp retransmitted from the control unit (4) to the server (6);
- said server (6) being configured for generating the authorization signal (10e), and for automatically transmitting the authorization signal (10e) to the control unit (4) when the OTP alphanumeric code generated by the server (6) is identical to the OTP alphanumeric code retransmitted from the control unit (4) to the server (6), and/or when the single-use password generated by the server (6) is identical to the single-use password retransmitted from the control unit (4) to the server (6) and/or when the timestamp generated by the server (6) is identical to the timestamp retransmitted from the control unit (4) to the server (6).
- the server (6) is configured for generating the OTP alphanumeric code, and/or the single-use password, and/or the timestamp at the reception of an OTP alphanumeric code, and/or a single-use password and/or a timestamp/s retransmitted from the control unit (4) to the server (6) by electronically accessing a memory associated to the server (6) and accessing a seed stored in an account corresponding to the user profile (798) and/or of the portable electronic device (5) that has generated the authentication signal or code (20, 21 ).
- said time counter is in particular configured for causing the transmission of the authorization signal from the server to the control unit only when the following conditions take place:
- a time span between the first and the second time instant is shorter with respect to a predetermined value, said predetermined value being optionally stored in the server itself,
- the access authorization code retransmitted by the control unit (4) to the server (6) is identical to a copy of the access authorization code stored on said server (6).
- control unit (4) comprises a power control element, optionally a key, physical or electronic, which provides power to the data processing unit of the control unit (4) and/or to the control unit (4) in its entirety in a time limited manner, said control unit (4) being configured for making impossible to implement the access control device (3) and/or performing the retransmission of data to the server (6) and/or the reception of data from the server (6), without the activation of said power control element, optionally without pressing said key.
- a power control element optionally a key, physical or electronic
- control unit (4) comprises an electronic circuit that disables the power supply of the control unit (4) for a predetermined period of time, and optionally increasing at the number of failed access attempts, optionally when the authentication signal (20, 21 ), or part of it, transmitted from said portable electronic device (5) to the control unit (4) is incorrect or corrupted.
- a method of authentication and access to structures or buildings comprises: - a step of approaching (900) of a portable electronic device (5) to a control unit (4),
- step of authentication (904) of the portable electronic device (5) wherein the transmission of an authentication signal from the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlock system takes place, wherein said authentication signal (20, 21 ) comprises an access authorization code, said access authorization code being a dynamic code;
- the server (6) carries out a transmission (907; 908) to said control unit, of alternatively one of the two following signals:
- the system (1 ) comprises a server (6) operatively connected to the control unit (4) through a data interchange network and configured for being connected to at least one, preferably a plurality of, portable electronic devices (5).
- the system (1 ) is configured for carrying out a pre-authentication (903) of the portable electronic device (5) wherein the server (6) is configured for generating and transmitting (10b) to the portable electronic device (5) an authorization code for the access to the structure, and the system (1 ) is further configured for carrying out an authentication (904) of the portable electronic device (5) subsequent to the pre-authentication (903), wherein in the authentication (904) the control unit (4) automatically retransmits the authentication signal or code (20, 21 ) to the remote server (6) and waits for an authorization signal (10e) from the server (6); the authentication (904) of the portable electronic device (5) taking place only if said pre-authentication (903) has been carried out.
- the server (6) is configured for setting itself in a configuration of waiting for the generation request (902) of the authorization code for the access to the structure wherein the server (6) waits for a transmission of a request signal (10a) from the portable electronic device (5).
- the server (6) is configured for automatically transmitting (10b) to the portable electronic device (5) said authorization code for the access to the structure after the reception of said request signal (10a).
- the server (6) is configured for setting itself in waiting for a public key of encryption of a timestamp, and/or is configured for memorizing a public key of encryption of a timestamp, wherein the timestamp is transmitted by the portable electronic device (5) and is operatively associated to said authentication signal or code.
- the public key of encryption of the timestamp is operatively associated to a specific and single portable electronic device (5).
- the server (6) is configured for transmitting a plurality of public keys authorized for decrypting a timestamp to the control unit (4) and the control unit (4) comprises a memory within which it is stored at least said plurality of public keys.
- control unit (4) is configured for causing the unlock of the access control device (3) at a correct decoding of a timestamp ciphered with a private key operatively associated to a determined portable electronic device (5) and deciphered with a public key of said plurality of public keys, stored in the control unit (4).
- step of authentication (904) of the portable electronic device (5) wherein the transmission of an authentication signal or code (20, 21 ) from the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlock system takes place, wherein said authentication signal or code (20, 21 ) comprises an access authorization code;
- step of verification wherein the server (6) electronically compares the access authorization code received by the control unit (4) with a secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) itself;
- the server (6) carries out a transmission (907; 908) to said control unit (4), alternatively of one of the two following signals:
- said authorization signal (10e) is transmitted only when the step of verification (906) ends with an identity result between the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) and the authentication signal or code (20, 21 ) and/or of the access authorization code received by the server (6).
- the rejection signal is transmitted when the step of verification (906) ends with a lack of identity result, or of at least partial difference, between the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code generated by the server (6) and the authentication signal or code (20, 21 ) and/or of the access authorization code received by the server (6).
- the unlock authorization signal can be transmitted by the server (6) to the control unit (4) when the access authorization code received by the control unit (4) and/or retransmitted by the latter to the server (6) is identical to the copy of the access authorization code temporarily stored on said server (6); the rejection signal is transmitted by the server (6) to the control unit (4) if the access authorization code received by the control unit (4) and/or retransmitted by the latter to the server (6) is different with respect to the copy of the access authorization code temporarily stored on said server (6).
- the access authorization code is a dynamic code and/or comprises a single use password and/or an OTP code.
- the secondary version of the authentication signal or code (20, 21 ) and/or of the access authorization code is electronically generated, in said step of verification (906) by the server starting from a seed electronically retrieved by the server (6) in a memory operatively associated to it, wherein the seed is stored in an account previously created and associated, optionally uniquely associated, to the portable electronic device (5) and/or to a user (798) uniquely associated to said portable electronic device (5).
- said server (6) in said step of verification (906) said server (6) generates a secondary version of said dynamic code and/or of the single use password and/or OTP code starting from said seed, and electronically compares the dynamic code and/or the single use password with the dynamic code and/or single use password received by the control unit (4).
- step of pre- authentication comprising a reception of an access authorization code, wherein the portable electronic device (5) receives the access authorization code generated by the server, said pre-authentication taking place prior to the step of authentication (904).
- the step of pre-authentication (903) comprises a transmission of a request signal (10a) or is anticipated by a step of request of code generation (902) to said server (6), wherein said transmission is carried out by the portable electronic device (5) and being addressed to said server (6).
- the method comprises a step of generation of a timestamp by the portable electronic device (5) and comprises also a step of encryption of said timestamp through an asymmetric public/private key ciphering, the method comprising a step of introduction of the encrypted timestamp through said asymmetric ciphering in the authentication signal or code (20, 21 ).
- the method comprises a decoding or an attempt of decoding of said timestamp sent by the portable electronic device (5) by means of a predefined public key, said decoding or attempt of decoding being carried out by the control unit (4), the unlocking of the access control device (3) being possible only in case of a correct decoding of said timestamp through a public key previously memorized on the server (6) and/or on the control unit (4).
- the method comprises a step of transmission of at least one public key from said server (6) to the control unit (4).
- the method comprises a step of generation of a timestamp by the portable electronic device (5) and of the transmission of said timestamp in association and/or within said authentication signal or code (20, 21 ); said method comprising a step of timestamp comparison, wherein the control unit (4) compares the timestamp received from the portable electronic device (5) with a time indication retrieved by the control unit (4) itself, and if a difference between the timestamp and the time indication is greater than a predefined time interval, the step of sending of the authentication signal or code (20, 21 ) and/or of the access authorization code, received from the control unit (4) to the server (6) is prevented.
- the request signal (10a) comprises a hash of the current time of generation of the request signal (10a) itself.
- the server (6) performs a comparison between a first time instant wherein the server (6) itself has generated and temporarily stored the access authorization code and a second time instant wherein to the server (6) arrives the access authorization code transmitted by the control unit (5) and/or wherein to the control unit (4) arrives the access authorization code transmitted by the portable electronic device (5).
- the method comprises a step of storage of at least an account uniquely associated to a user (798) in a memory operatively connected to said server (6) and a subsequent step of storage, in said account, of at least a limited validity authorization code, usable for a predefined number of times, and wherein in said step of verification (906), the server (6) electronically compares a limited validity code received from, and/or read through, the control unit (4) with a limited validity code previously stored in said account, and sends the authorization signal (10e) for the unlocking of the access control device (3) to the structure (2) through the control unit (4) if the comparison result proves identity between the two limited validity authorization codes; said method comprising a step of reduction of the number of times wherein said limited validity authorization code can be used and/or comprising a deletion of said limited validity authorization code from said account.
- the access authorization code transmitted by the control unit (4) to the server (6) is identical to the access authorization code stored by the server (6), it is carried out the transmission to said control unit of the authorization signal for unlocking an access control device through the control unit;
- the server (6) after the transmission of the request signal (10a), the server (6) carries out a procedure of generation of a random or pseudo-random number on which basing the generation of the access authorization code, and carries out a step of lasting time counting for a predetermined time interval, after which the access authorization code is no longer usable and/or is replaced and/or after which it automatically generates a new random or pseudo-random number and/or a new access authorization code, said step of time counting determining the first time instant, said time interval being determined by the time distance between the first time interval and the second time interval.
- the server (6) when the server (6) receives the authentication signal or code (20, 21 ) and/or the access authorization code that has/have been transmitted from the control unit (4), to the server (6) itself, it generates a plurality of possible secondary versions of the authentication signal or code (20, 21 ) and/or of the access authorization code, on the basis of said seed, starting from said base time instant to, in the time intervals [(to-At) ⁇ (to+At)] where At is a predetermined time instant;
- said server (6) transmitting said authorization signal (10e) only if at least one of the possible secondary versions of said plurality of possible secondary versions of the authentication signal or code (20, 21 ) and/or of the access authorization code, on the basis of said seed, starting from the said base time to, in the time intervals [(to-At) ⁇ (to+At)] coincides with the authentication signal or code (20, 21 ) and/or the access authorization code that has/have been transmitted from the control unit (4) to the server (6) itself.
- a transmission of the authorization code for the access to the portable electronic device is automatically carried out.
- the step of verification (906) is followed by the transmission of the authorization signal for the unlocking of an access control device (3) only when this verification is carried out within the predetermined time frame and only when the access authorization code transmitted by the control unit is equal to the access authorization code generated by the server (6).
- the method comprises a step of activation of an actuator of the access control device (3), optionally of said lock (3), said actuator being contained within the body of said control unit (4) and acting directly on the access control device (3), optionally on said lock (3), said activation taking place after the transmission of the authorization signal for the unlocking of the access control device (3), optionally on said lock (3).
- At least a deadbolt of said lock (3) is moved to eliminate the removable joint of said access with the portion of said structure.
- the transmission of the access authorization code from the server (20, 21 ) to the portable electronic device (6) takes place within said predetermined time frame and/or within the second time instant.
- said access authorization code comprises a visual code, in particular a QR code
- said authentication signal is a light signal and/or a representation of said visual code, in particular said QR code, on a display (5d) of said portable electronic device (5).
- the interface (4a) to the portable electronic device (5) comprises a camera, said method comprising the positioning of the portable electronic device (5) in correspondence of said camera (4a), so that said camera can read the visual code, in particular said QR code, from the display of said portable electronic device (5).
- the interface (4a) comprises an optical and/or radio receiver stage.
- said receiver stage and/or said interface (4a) comprises, in particular, a radio receiver configured for receiving a radio signal incorporating said access authorization code; said method comprising a reception stage of said radio signal transmitted by the portable electronic device so that the control unit receives said access authorization code.
- said method comprises receiving a control signal on an input of the control unit (4), said control signal being a signal of start and/or end of access to that structure; said method comprises the inhibition of the transmission of said authorization signal for the unlocking of an access control device (3) through the control unit (4), and/or the activation of the actuator when said control signal is configured in an inhibition configuration, said inhibition configuration being optionally present before a check-in date of a user within that structure.
- said unlock authorization signal is a signal with a first hierarchy
- the control signal is a signal with a second hierarchy lower than the first hierarchy.
- the method comprises a step of transmission of an access signal to the structure, said transmission being carried out either by the control unit (4), or by the server (6) with the permission of the control unit (4), at the transmission of an access authorization code from a portable electronic device (5) to the control unit (4) and/or at the verification of the identity between the access authorization code transmitted to the control unit (4) from the portable electronic device (5) to the control unit (4) or retransmitted from the control unit (4) to the server (6) and the access authorization code temporarily stored on the server (6).
- the transmission of said access signal takes place towards a predetermined recipient, optionally towards a recipient whose address is previously stored in a memory of the control unit (4) and/or of the server (6).
- a software program is described here, suitable for being executed by a computer; said software program comprising portions of code which, when executed, cause the execution of the steps of the method according to one or more of the present aspects.
- step of authentication (904) of a portable electronic device (5) wherein a reception of an authentication signal transmitted by the portable electronic device (5) to an interface (4a) of the control unit (4) of an access unlocking system takes place, wherein said authentication signal (20, 21 ) comprises an access authorization code, said access authorization code being a dynamic code;
- said software causes the execution of a step of verification (906), wherein the server (6) electronically compares the access authorization code received from the control unit (4) with an original version of the access authorization code;
- reception takes place after the step of verification (906) and wherein said one of the two previous signals is transmitted by the server (6).
- non-transient memory medium comprising said software program
- step of authentication (904) of a portable electronic device (5) wherein the transmission of an authentication signal takes place from the portable electronic device (5) to an interface (4a) of a control unit (4) of an access unlocking system, wherein said authentication signal (20, 21 ) comprises an access authorization code, where the access authorization code is a dynamic code and wherein the step of authentication (904) takes place after a step of approaching (900) of a portable electronic device (5) to the control unit (4);
- step of verification wherein the server (6) electronically compares the access authorization code received from the control unit (4) with an original version of the access authorization code
- the server (6) transmits (907; 908) to said control unit, alternatively one of the two following signals:
- the use of the system and/or the use of the method according to one or more of the preceding aspects for the access to structures is described, said structures optionally comprising at least one among the buildings in the following list: houses, warehouses, apartments, cottages, hotels, motels, bed and breakfast, sanitary structures and/or parts or rooms of sanitary structures, security areas, detention centers, police stations, shelters, train cabins, bathing and/or spa structures.
- FIG. 1 illustrates a simplified scheme of a first form of realization of a system subject of the present disclosure
- FIG. 2 illustrates a simplified scheme of a second embodiment of the system subject of the present disclosure
- FIG. 3 shows a scheme representing a data transceiving part between a portable electronic device and a control unit according to the first embodiment of the system here described;
- FIG. 4 shows a scheme of a data transceiving part between a portable electronic device and a control unit according to the second embodiment of the system here described;
- FIG. 5 shows a simplified time diagram, where it is represented a time scale indicating a first and a second time value, which together define a time interval within which an access authorization code, temporarily stored on a server memory, must be retransmitted to the latter;
- FIG. 6 illustrates a flowchart illustrating some steps of a process of data exchange between a portable electronic device of a user, a control unit part of the system object of the present disclosure, and a server also part of the same system;
- FIG. 7 illustrates a flowchart, illustrating some steps of a process of booking a structure according to a first alternative configuration in which the user is not profiled
- - Figure 8 illustrates a flowchart, illustrating some steps of a booking process of a structure according to a second alternative configuration in which the user is profiled;
- FIG. 9 illustrates a simplified scheme, in which the subjects involved in the booking of said structure are identified
- FIG. 10 illustrates a temporal relational diagram, from which the information exchange flows between the subjects involved in the booking of the structure according to the first configuration can be deduced;
- FIG. 11 illustrates a temporal relational diagram, from which the flows of information exchange between the subjects involved in the booking of the structure according to the second configuration can be deduced;
- FIG. 12 illustrates a schematic illustration of a further embodiment of the present invention.
- FIG. 13 illustrates a block diagram that partially illustrates the functionality of the other embodiment previously described.
- FIG. 1 With reference to Figure 1 , with the reference number 1 is overall indicated a structure accesses unlocking system. According to the present disclosure, it is intended for accesses doors or portals, or windows, or entrances allowing individuals or vehicles to access a structure.
- a door 2 having an access control device 3, in particular and non-limiting a lock, which engages in a 2 m portion of the wall in front of it.
- the access control device 3 is equipped with at least one movable deadbolt between a first position wherein it releases the door 2 from the engagement with the 2 m portion of the wall and a second position wherein it engages the door 2 with said 2 m portion of the wall, in particular by constraining the door in a predetermined position.
- the access control device can, alternatively and non-exhaustively, be an opening doorway and/or a turnstile.
- the system 1 subject of the present invention comprises at least one control unit 4, provided with an interface 4a to a portable electronic device 5 provided to the user, in particular the user who wishes to open the door 2 through the system here described.
- the interface 4a is in particular configured for detecting the presence of a portable electronic device 5, e.g. via a proximity sensor or directly via the interface 4a.
- the portable electronic device 5 can be any telephone equipped with technology allowing data exchange via wireless network or cellular radio network, or a transceiver, or a portable computer or tablet PC.
- a software program (or application) is conveniently installed on such a telephone or computer or tablet that performs determined predefined steps to carry out the method that is the subject of the present disclosure.
- the portable electronic device 5 can also be a short-distance radio communication device of the active type, or alternatively of the semi-active or passive type.
- the device of passive type can be preferably equipped with a ROM to store an appropriate code, comprising for example an emergency code for operating the access control device 3.
- Protocols and/or standards usable for radio communication can be non-exhaustively Bluetooth, in particular BLE, or NFC, or ZigBee, ISO 14443 and/or ISO 15693 protocol for contactless smartcards.
- the use of a short-distance communication protocol reduces the risk of fraudulent interception of communications by third parties, and therefore contributes to the security of the system here described.
- the control unit 4 is configured for being operatively connected to a server 6, which is typically installed remotely with respect to the control unit 4.
- "connected operatively” or “operatively connected” means a control unit 4 connected by wired or wireless data transmission between the server 6 and the control unit 4 itself.
- the data transmission can be either wired or wireless, e.g. a radio channel.
- the portion of the control unit 4 that is responsible for managing the exchange of data with the server 6 is defined server interface 4c.
- control unit 4 comprises an actuator, or servo actuator or servomechanism, indicated with reference number 8, which is mechanically interfaced with the access control device 3 in order to allow its movement between open configuration and closed configuration and/or in order to allow at least temporary switching between a first configuration wherein the access to the structure 2 is prevented and a second configuration wherein the access to the structure 2 is allowed for at least a user.
- actuator or servo actuator or servomechanism
- the actuator can comprise an electro-actuated solenoid, e.g. integrated in a relay, which e.g. controls the opening of the lock latch and/or temporarily releases during its excitation the lock of a turnstile.
- control unit 4 can conveniently be equipped with a physical security device to prevent attacks by malicious users.
- control unit 4 can be equipped with a key, physical or electronic, that provides power to the data processing unit of the control unit 4 in a timed manner, without the pressure of which it is not possible to carry out the retransmission of the data to the server 6 and/or it is not possible to receive data from the server 6 according to one or more portions of the present disclosure and/or an electronic circuit that disables the power to the control unit 4 for a predetermined period of time, and optionally increasing to the number of failed access attempts.
- a first transmission is indicated with reference 10a, and is a transmission of a request signal which takes place from the portable electronic device 5 to the server 6.
- this transmission takes place when, more precisely after, the recognition or identification of a portable electronic device 5 by the control unit 4.
- a second transmission is indicated with reference 10b, and is a transmission of an access authorization code from the server 6 to the portable electronic device 5 that has carried out the request.
- the second transmission 10b takes place after the first transmission 10a, and takes place preferably automatically; both the first transmission 10a and the second transmission 10b take place at least partly on a wireless transmission channel, in particular at least partly on a mobile cellular radio channel and/or on a radio channel of a wireless local area network. This allows to have much flexibility in establishing the authentication request with the server in terms of the positioning of the portable electronic device 5.
- a third transmission is a transmission of the authorization code for the access to the structure from the portable electronic device 5 to the control unit, and in particular to interface 4a of the control unit. If no anomaly is found, the access authorization code transmitted from the server 6 to the portable electronic device 5 is identical to the access authorization code that the portable electronic device 5 transmits to the interface 4a of the control unit. Otherwise, if there are anomalies, or in the event of a fraud attempt, this code can also be different.
- a fourth transmission is indicated with reference 10d, and is a retransmission of the access authorization code received from the control unit 4. The control unit retransmits this code, in particular without alterations, to the server 6.
- a fifth transmission is indicated with the reference number 10e and is a transmission of alternatively either an authorization signal for the unlocking of the access control device 3 or of a denial signal for the unlocking of the access control device 3.
- the transmission of the authorization signal for the unlocking of the access control device 3 or of the denial to the unlocking of the access control device 3 depends on a comparative verification that the server 6 is configured for automatically carrying out.
- the access authorization code is automatically and temporarily stored in the memory of the server 6 and is retained for at least the time necessary for the second transmission 10b, the third transmission 10c, and the fourth transmission 10d to take place.
- the transmission of the access authorization signal for the unlocking of the access control device 3 is the result of a comparison of equality.
- the control unit 4 is in the form of a single body installed at door 2 and in particular in proximity of the access control device 3; in this case, the interface 4a to the portable electronic device 5 is preferably a wireless interface, in particular a radio interface.
- the access authorization code is therefore a code transmitted in an authorization signal transmitted from the portable electronic device 5 to the interface, which then extracts the code from said signal.
- the interface 4a is an interface comprising a camera or equivalent means of recording.
- the body of the control unit 4 is separated from the interface 4a: while the latter is installed in front of the door 2, and is therefore accessible from outside the structure, the body of the control unit 4 is positioned within the door 2, or in any case behind it, so as to be more difficult to access.
- the camera is configured for capturing an image contained on the display 5d.
- the access authorization code on the portable electronic device 5 is therefore a visual code and preferably, though non-limiting, a code of QR type.
- This visual code can be an always valid code, with unlimited validity over time and/or for an indefinite number of accesses, or a code with limited validity, usable only for a finite number of times, greater or equal to one.
- This code is a static code.
- This configuration advantageously allows reducing the generation of radio signals and makes the transmission of the access authorization signal difficult to detect by malicious persons.
- This configuration also allows the management of security operations and/or emergency situations as described in the subsequent part of the patent application.
- the operational connection between the body of the control unit 4 and the interface 4a can be on wired or wireless channel.
- one of the peculiarities of the system subject of the present disclosure is that after the second transmission 10b, the server 6 performs the generation an ideally pure random number, or at least an opportunely inseminated pseudo-random number, through which it generates a copy of the access authorization code and transmits it to the portable electronic device 5.
- This code is temporarily stored for a predetermined period of time, e.g. and non-limiting to comprised between 10s and 45s, even more preferably between 20s and 30s, on a server memory.
- the instant of storage of the access authorization code on the server 6, or its generation equivalently corresponds to a first and predefined time instant ti.
- the access authorization code on the server 6 is generated on the basis of a first random or pseudo-random RNDi number.
- the control unit 4 transmits to the server 6 the copy of the access authorization code previously received by the transmission carried out from the portable electronic device 5, and this retransmission takes place at a second time instant t2, it is verified whether the access authorization code stored on the server is identical to the one retransmitted by the control unit, and if so, the fifth transmission 10e is carried out with an authorization signal for the unlocking of the access control device 3.
- the server 6 also verifies whether the retransmission is carried out within the predefined time period tmax, which is provided for security.
- Figure 5 shows in particular a configuration wherein the retransmission at the second time instant t2 takes place within the predefined time period tmax. If, in fact, fraud attempts are made, it is easy for them to occur by retransmitting the access authorization code well beyond the default time period t m a X ; the server 6 is automatically configured for generating a new random or pseudo-random RND2 number, and thus a new access authorization code, and for deleting the previously generated one from memory.
- the access authorization code here described is defined as a dynamic code, i.e. a code that varies over time.
- the first transmission 10a takes place via a request signal that contains a hash of the current time and an access key also known to the server 6.
- This hash is a hash according to the SFIA3 standard. This allows to increase the computer toughness of the system to hacking attempts.
- the control unit 4 allows the access to the structure only under certain conditions, while in others it prevents the access to the structure 2 by not acting on the access control device 3.
- the control unit 4 is configured for receiving a control signal of the start and end of the access to the structure.
- This signal is placed in a hardware or software input of the control unit, and depending on its typology, it allows enabling or disabling the control of the opening of the access control device 3 through the actuator of the control unit 4 independently from the reception of a correct access authorization code.
- this control signal is at a higher hierarchical level than the reception (possibly in the correct time) of the access authorization code.
- control unit 4 is introduced into a wider reservation management system, where it is desirable that the user does not have access to the structure outside predetermined dates. For this reason, when the control signal signals the start of access to the structure, the implementation of the access control unit 3 is possible and takes place as described here. Otherwise, when the control signal signals the end of access to the structure, the implementation of access control device 3 is made impossible.
- the control signal can signal the start or end of access to the structure, e.g. with a value equal to zero or different from zero respectively, or with a different coding and/or modulation between the start condition and the end condition of access to the structure.
- the control unit 4 can optionally comprise a memory, on which is stored at least one address, in particular an electronic address, of a user - in particular, as it will be better explained in the following portion of the description - a host managing the structure to which access is to be gained.
- the control unit 4 Upon reception of an access authorization code, transmitted by the portable electronic device 5, the control unit 4 retrieves the saved electronic address and transmits an access message to the predetermined user. It should be noted that the transmission can take place either without checking whether the access authorization code is valid and/or transmitted in due time, or with control of the latter case, e.g. and non-limiting by differentiating the typology of the message transmitted (message having attempting access with incorrect code, or access made with valid code).
- control unit will be responsible for notifying to the server the access or attempted access through an appropriate signal, and the server 6 will be responsible for transmitting to the user, whose electronic address has been stored in the memory, the notification of the access in the manner above described.
- control unit 4 it is therefore possible to carry out a method of authentication and access to structures or buildings, which first comprises a step of approaching (shown in figure 6 with reference number 900) of a portable electronic device 5 to the control unit 4 itself, followed by other steps as here described.
- a step of code generation request (indicated with reference number 902) to the server 6 takes place, wherein a transmission of the request signal 10a to the server 6 takes place, and wherein the transmission is carried out by the portable electronic device 5 associated to the user.
- a request signal 10a which comprises a hash of the current time of generation of the request signal itself.
- the server 6 After the transmission of the request signal 10a, the server 6 performs a procedure of generation of a random or pseudo-random number on which basing the generation of the access authorization code, and carries out a step of time counting lasting for a predetermined time interval, after which the access authorization code is no longer usable and/or is replaced and/or after which it automatically generates a new random or pseudo-random number and/or a new access authorization code.
- the step of time counting determines the first time instant ti, and the time interval is determined by the time distance between the first time interval ti and the second time interval t2 which corresponds to the time instant when the server 6 receives the copy of the access authorization code retransmitted by the control unit 4 downstream of the transmission carried out by the portable electronic device 5 and/or which corresponds to the time instant when the control unit 4 receives this access authorization code from the portable electronic device 5.
- the time of retransmission of the access authorization code from the control unit 4 to the server 6 equal to zero.
- a transmission of the access authorization code to the portable electronic device 5 is automatically carried out.
- the transmission takes place as quickly as possible, and takes place within said predetermined time interval and/or within the second time instant t2.
- a reception of an access authorization code takes place, wherein the portable electronic device 5 receives the access authorization code generated by the server 6; this reception effectively ends the step of pre authentication and enables the step of authentication indicated with reference number 904, wherein the portable electronic device 5 is authenticated on the control unit 4 when the user wishes to access the structure.
- step 904 of the portable electronic device 5 wherein the transmission of an authentication signal 20, 21 takes place from the portable electronic device 5 to the interface 4a of the control unit 4, where the authentication signal 20, 21 comprises an access authorization code of dynamic type, as it varies over time in the ways above described.
- a step of verification is carried out, which is referred to with reference number 906.
- the server 6 electronically compares the access authorization code received from the control unit 4 with an original version of the access authorization code.
- the server 6 carries out a comparison between a first time instant when the server 6 itself has generated and temporarily stored the access authorization code and a second time instant when to the server 6 arrives the access authorization code transmitted by the control unit 4 and/or wherein to the control unit 4 arrives the transmission of the access authorization code from the portable electronic device 5. If the time interval between the first time instant and the second time instant is shorter than a predetermined value:
- the transmission of the rejection signal to said control unit is carried out, which prevents the opening of said lock 3 through the control unit 4.
- the server 6 After the step of verification 906, the server 6 carries out a transmission (indicated with reference numbers 907; 908) to said control unit, of alternatively one of the following two signals: - an authorization signal for the unlocking of an access control device 3 through the control unit 4; or
- step of verification 906 is followed by the transmission of the unlocking authorization signal of an access control device 3 only when this verification is carried out within the predetermined time frame and only when the access authorization code transmitted by the control unit 4 is equal to the access authorization code generated by the server 6.
- said access authorization code comprises and/or is associated to a visual code, in particular a QR code
- said authentication signal is a light signal and/or a representation of said visual code, in particular said QR code, on a display 5d of the portable electronic device 5.
- the interface 4a to the portable electronic device 5 comprises a camera, and there is a step comprising the positioning of the portable electronic device 5 in correspondence of said camera 4a so that said camera can read the visual code, in particular said QR code, from the display of the portable electronic device 5.
- the access authorization code is an alphanumeric code
- this alphanumeric code is transmitted by radio, and therefore the transmission of a radio signal takes place on a wireless channel between the portable electronic device 5 and the interface 4a, which comprises a radio receiver.
- the radio receiver stage is configured for receiving a radio signal incorporating said access authorization code; this method comprising a step of reception of said radio signal transmitted by the portable electronic device such that the control unit receives said access authorization code.
- the radio signal can be an ciphered and/or encrypted radio signal in such a way that only the control unit 4 actually receiving it can decode it.
- Software programs can also be carried out on the server to manage a user's reservation; such software programs can either be stand-alone programs, or be integrated, for example through a subroutine, into the program that manages the user authentication through the portable electronic device 5 according to the preceding description.
- - control body 796 e.g. and non-limiting, a police or public security command, or police Headquarters or Prefecture, or a registry or government identity management department, which holds identity data of a plurality of subjects, which is provided with an information system suitable for sending at least a confirmation data of identity data of one or more of these subjects after a request order for verification from an external body or system;
- - host 797 which is the natural or legal person who manages the structure 2 to which users can access and who preferably has means - for example a personal computer - to receive electronic bookings from one or more external booking sources (for example, and non-limiting, Booking, Airbnb, etc.);
- - user 798 which is the subject who accesses the structure 2, and in particular is the subject equipped with the portable electronic device 5;
- - external booking source 795 which is conceived to manage electronic bookings of a plurality of structures by receiving electronic data of the Applicant, possibly a payment, dates and/or times of check-in and check-out; for example and non-limiting this structure can be AirBnB or Booking.
- the Applicant has conceived a particular embodiment in which the user is profiled.
- the host 797 receives a booking from a user 798 through an external booking source 795.
- the user 798 checks in online, using the platform of the booking source external to the system, by introducing its private data that allow the sending of a specific signal containing a key to access the system.
- This private data can comprise, for example, an e-mail address or telephone number, preferably associated to the portable electronic device 5 equipped to the user.
- the user 798 receives an electronic key from the host 797 through the sending of a specific signal to the portable electronic device 5, e.g. via email or SMS.
- the system subject of the present disclosure comes into play, which first (in a step indicated in Figure 7 with reference number 803), and automatically, immediately after the sending of the electronic key to the portable electronic device 5, generates a collection of data of the user 798 which are sent to the control body 796 and then, albeit optionally, generates an invoice, in particular an electronic invoice concerning the residence tax (step indicated in Figure 7 with reference number 804).
- the system subject of the present disclosure On the basis of data obtained from the external booking source, the system subject of the present disclosure also receives data relating to the check- out of the user 798, in particular the date of check-out. On the basis of these data, the system subject of the present disclosure can optionally automatically generate booking requests for the cleaning of the structure 2 to which the user 798 has access. These data are automatically sent ( Figure 7, reference number 805) to a structure cleaning company or to a person in charge of cleaning structure 2.
- the system subject of the present disclosure also generates the random and/or pseudo-random number as previously described.
- the generation of the random number is carried out when the user 798 approaches the access control device 3 for the first time.
- the booking management program can include an electronic chat, where the host 797 and the user 798 can contact each other; this facilitates the access to the structure 2 should the user 798 encounter any problems of any kind.
- control unit 4 can be configured for interfacing with the program here described so that for each access carried out by the user 798 to the structure through the opening of the access control device 3 through the portable electronic device 5, the host 797 is alerted by means of the sending of an appropriate signal, preferably an access signal transmitted for example on a wireless channel; in this way the host 797 is constantly informed of the moment of the access by the user 798.
- This control signal can also be sent if there is an attempt to access the structure 2 with an access authorization code which is either incorrect or is transmitted to the control unit 4 after the predetermined time frame and/or after the second time instant t2.
- the host 797 is able to get immediate information about unauthorized or otherwise non-compliant attempts to access the structure and can possibly take measures such as contacting a private security services control centre.
- the control unit 4 can preferably receive from the server 6 a control signal for the start and end of access to the structure, and this signal is transmitted when the current date, and/or the current date and time exceed the date - respectively the date and time - set for the check-out in the booking made at the external booking source. In doing so, when the control unit 4 has received the termination signal of the access to the structure, even admissible access authorization codes are no longer accepted, and the implementation of the opening of the access control device 3 by the control unit 4 is uninhibited. This ensures that users 798 cannot access the structure 2 for longer than expected. Clearly, when the user 798 attempts to access the structure prior to the date, respectively date and time, of check-in, the control unit 4 will be configured again to prevent the opening of the access control device 3.
- the host 797 can also access the program here described to manage its structure(s), and preferably does so through a transmission of a management authorization code of a dynamic type, which in a preferred but non limiting embodiment, is modified every time interval comprised between 10s and 45s, more preferably every 20s-30s.
- FIGs 8 and 11 An alternative embodiment for the program here described is characterized by carrying out a user profiling.
- This alternative implementation is represented in diagrams in Figures 8 and 11.
- a software application is provided to be installed on the portable electronic device 5 of the user 798.
- the selection of the structure no longer takes place through the passage from the external booking source to the system here described, but directly through this software application.
- a first step indicated in Figure 8 with reference number 810 comprises the download of a software application on the portable electronic device 5.
- the user 798 selects the structure of interest by means of the software application installed on his/her portable electronic device 5, and at the time of selection (block 811 , figure 8), the user decides (block 812, figure 8) the check-in and check-out dates that will determine the enabling and - respectively - disabling, of the opening of the access control device 3 by means of the control unit.
- the software program that is run on the server upon the reception of an appropriate occurred booking confirmation signal, generates a collection of data of the user 798 which is sent to the control body 796 (step indicated in figure 8 with reference number 803) and subsequently, although optionally, generates an invoice, in particular an electronic invoice for the residence tax (step indicated in figure 8 with reference number 804).
- this sending is represented with a first arrow between the software application and the control body 796 and a second arrow between the server 6 and the control body.
- the sending can be totally managed through the software program that is carried out on the server 6 or, alternatively, can be controlled upstream by an approval signal of the sending transmitted by the application itself.
- the system subject of the present disclosure On the basis of the data obtained from the external source of bookings, the system subject of the present disclosure also receives data relating to the check-out of the user 798, in particular the date of check-out. On the basis of these data, the system subject of the present disclosure can optionally automatically generate booking requests for the cleaning of the structure 2 to which the user 798 accesses. These data are automatically sent ( Figure 8, reference number 805) to a structure cleaning company or to a person in charge of carrying out the cleaning of the structure 2.
- the system subject of the present disclosure also generates the random and/or pseudo-random number as above described.
- the random number is generated when the user 798 approaches the access control device 3 for the first time.
- the booking management program can comprise an electronic chat, where the host 797 and the user 798 can contact each other; this facilitates the access to the structure 2 should the user 798 encounter any problems of various kind.
- control unit 4 can be configured for interfacing with the program here described so that at the time of each access made by the user 798 to the structure through the opening of the access control device 3 through the portable electronic device 5, the host 797 is alerted by the sending of an appropriate signal, preferably a periodic control signal transmitted for example on a wireless channel; in this way the host 797 is constantly informed of the moment of access by the user 798.
- This control signal can also be sent if there is an attempt to access the structure 2 with an access authorization code which is either incorrect or is transmitted to the control unit 4 after the predetermined time period and/or after the second time period t2.
- the control unit 4 can preferably receive from the server 6 a control signal of start and end of access to the structure, and this signal is transmitted when the current date, and/or the current date and day time, exceed the date - respectively the date and time - set for the check-out in the booking made at the external booking source.
- this signal is transmitted when the current date, and/or the current date and day time, exceed the date - respectively the date and time - set for the check-out in the booking made at the external booking source.
- the host 797 can also access the program here described to manage its structure(s), and preferably does so through a transmission of a control authorization code of dynamic type, which in a preferred but non-limiting embodiment, is modified every time interval comprised between 10s and 45s, more preferably every 20s-30s.
- a control authorization code of dynamic type which in a preferred but non-limiting embodiment, is modified every time interval comprised between 10s and 45s, more preferably every 20s-30s.
- the embodiment without user profiling allows greater flexibility since it is based on external structures already managed and tested, the embodiment with user profiling advantageously allows a higher treatment efficacy of the electronic identity of the user by the system subject of the present disclosure.
- Parts of the process described herein can be implemented by means of a data processing unit or control unit, technically replaceable by one or more computers designed to carry out a portion of software program or firmware loaded on a memory medium.
- Such software program can be written in any programming language of known type. If the number of computers is two or more, they can be connected to each other by means of a data connection in such a way that their computing power is shared in any way; the computers themselves can therefore also be installed in geographically different locations, creating a distributed computing environment by means of the above-mentioned data connection.
- the data processing unit, or control unit can be a general purpose type processor specifically configured for carrying out one or more parts of the process identified in the present disclosure through the software or firmware program, or be an ASIC or dedicated processor or an FPGA, specifically programmed to carry out at least part of the process operations described herein.
- the memory medium can be non-transitory and can be internal or external to the processor, or control unit, or data processing unit, and can - specifically - be geographically located remotely with respect to the computer.
- the memory medium can also be physically divided into multiple portions, or in the form of a “cloud”, and the software program or firmware can be physically stored on geographically divided portions of memory.
- a distributed computing environment can be designed, which according to what has been described so far is configured for carrying out the following steps:
- step of authentication 904 of a portable electronic device 5 wherein takes place the transmission of an authentication signal from the portable electronic device 5 to an interface 4a of a control unit 4 of an access unlocking system, wherein said authentication signal 20, 21 comprises an access authorization code, wherein the access authorization code is a dynamic code and wherein the step of authentication 904 takes place after a step of approaching 900 of a portable electronic device 5 to the control unit 4;
- the server 6 carries out a transmission 907; 908 to said control unit, alternatively of one the following two signals:
- an account 6a is created on the server 6 for each user 798 on which a seed generated through a pseudo-random number (ideally a random number) is stored.
- This seed is transmitted, preferably automatically, to a software application installed on the portable electronic device 5 supplied to the user 798.
- the transmission preferably takes place at the time of the account generation (step indicated with the reference number 1000).
- a first step (schematically represented by arrow 1001 ) the user 798 approaches the portable electronic device 5 to the interface 4a of the control unit 4, and transmits an authentication signal which comprises an OTP code and optionally a timestamp generated by the portable electronic device 5 itself.
- OTP code is intended a single use password, i.e. a password which is only valid for a single access session.
- the use of OTP allows the reduction of the risk of system hacking.
- for timestamp is intended a time mark with a sequence of characters that represent an indicative date and/or time of the occurrence of a predetermined event (in the above described case, the instant of generation and/or of the transmission of the authentication signal).
- the timestamp follows the ISO 8601 standard, and therefore comprises both a complete date indication and a current time indication.
- the OTP code represents a pseudo-random first number, or alphanumeric sequence RNDi.
- the control unit 4 receives this authentication signal, it retransmits (step indicated by the arrow 1002) the OTP code and, optionally, the timestamp, to the server 6.
- the transmission to the server 6 takes place immediately after the reception of the authentication signal by the control unit 4.
- the control unit 4 can also itself carry out a comparison between the timestamp received from the portable electronic device 5 and a time indication found by itself, carrying out an electronic matching check. In case the time difference between the time of the timestamp transmitted by the portable electronic device 5 and the time indication is greater than a predetermined time period, e.g. more than 5s, or more than 10s, or more than 15s, the control unit 4 provides for automatically transmitting a rejection of the OTP transmitted by the portable electronic device 5, which will therefore not be transmitted to the server 5.
- a predetermined time period e.g. more than 5s, or more than 10s, or more than 15s
- the timestamp operatively associated to the authentication signal or code is digitally signed by the user, and in particular it is digitally signed with the portable electronic device 5 of the user.
- This digital signature comprises two keys:
- the public key is in any case operatively associated to a specific and single portable electronic device 5, so that logical pairs [d, - q] are made between an i-th portable electronic device and an i-th public key q.
- each portable electronic device 5 is operatively associated to its own private key.
- the server 6 contains (or is operatively associated therewith) a memory in which a plurality of public keys is stored. These public keys can be shared with the control unit 4. In a particular and non-limiting embodiment, at least a part of these public keys is cyclically, or anyway at least once, transmitted to the control unit 4, which in turn stores a plurality of public keys. This allows the correct decryption of the timestamp through an appropriate public key even if there is no possibility of operational communication between the control unit 4 and the server 6.
- the control unit transmits the timestamp to be decrypted to the server 6 or, alternatively, that the server 6 transmits the correct public key to the control unit 4, and if the operating communication is not possible (for example due to a fault in the WAN, LAN network or similar that connects the server 6 with the control unit) the decryption cannot take place, with the consequent impossibility of unlocking the lock. Otherwise, if a plurality of multiple public keys is stored on the control unit, the permanence and integrity of this operational communication is no longer necessary at the specific time of decryption.
- an authentication method comprises the introduction of the timestamp (operatively associated to the authentication signal or code 20, 21 , and encrypted as above described through asymmetric public/private key encryption), into the authentication signal or code that the portable electronic device 5 transmits to the control unit 4.
- the above mentioned step of introduction follows a step of generation of said timestamp by the portable electronic device 5.
- the method comprises a decryption (or at least a decryption attempt) of the timestamp sent by the portable electronic device 5 by means of a predefined public key, and this decryption (or decryption attempt) is carried out by the control unit 4.
- the unlocking of the lock with the authorization signal 10e for the unlocking is thus only possible in case of a correct decryption of the timestamp by means of a public key present on the server 6 and/or on the control unit.
- the method comprises a step of download of a plurality of public keys from the server 6 to the control unit 4, and can optionally comprise new downloads or cadenced updates (at predetermined time intervals, e.g. once a week) of at least part of the public keys stored in the operatively accessible memory of the server 6 to the control unit 4.
- this second OTP code represents a pseudo-random number or alphanumeric sequence, RND2.
- RND2 pseudo-random number or alphanumeric sequence
- the connection between the control unit 4 and the server 6 takes place with the establishing of an encrypted end-to-end communication, preferably using a TLS or SSL algorithm.
- the server 6 also identifies the control unit 4 that has carried out the transmission: if TLS or SSL algorithms are used, this identification takes place by means of the security certificate specific to these algorithms.
- Id_serr1 In order to identify the control unit 4, on the server 6 are stored different identification codes Id_serr1 , Id_serr2, Id_serr3, each of which relates to a respective control unit 4. These identification codes are schematically represented by reference 6b.
- the server then accesses the memory and verifies whether for the determined control unit 4 there are access reservations for the structure 2. If not, it sends a denial command. If the OTP code generated by the server 6 is identical to the OTP code generated by the portable electronic device of the user 798, then the server 6 transmits to the control unit the authorization signal 10e for the opening of the access control device 3. This operation is schematically represented by the arrow 1004. Otherwise, a denial signal is transmitted.
- the server 6 verifies whether the OTP code generated by the portable electronic device 5 of the user 798 is generated within a predetermined time frame starting from the timestamp. Only when the server 6 receives the OTP within a predetermined time with respect to the timestamp, the permission to the transmission of the authorization signal 10e can be provided.
- the control unit 4 transmits at least the OTP code to the server 6 (block 911 , figure 13). Subsequently, in a first step, if the server 6 verifies that the OTP code has been generated by an application installed on a portable electronic device 5, the seed associated to the account of the user 798 that has generated the OTP code is searched for, and subsequently the current server timestamp, at a time to, is considered.
- the server 6 It is then read the latency time set for that specific structure, which according to the present disclosure is indicated as At, which can vary according to various factors among which - and non-limiting thereto - the speed and/or connection latency between the server 6 and the control unit 4 and/or the portable electronic device 5.
- the server 6 then generates a plurality of possible OTP codes (or, equivalently, a plurality of numbers or pseudo-random alphanumeric RND sequences generated starting from the predefined seed) for that user 798 on the basis of the seed retrieved in the account (block 912, figure 13), from the instant to - At to the instant to + At.
- the server 6 verifies that the OTP code has been generated by a portable electronic device 5 different from a Smartphone telephone, but by a dedicated radio transmitter device such as and in a non limiting extent a BLE tag or a smartcard or an NFC/RFId tag, firstly all the seeds of all the devices assigned to the user 798 are retrieved and subsequently it is considered the current server timestamp, at a time to.
- the latency time set for that specific structure is subsequently read, which according to the present disclosure is indicated as At, which can vary according to various factors among which - and non-limiting thereto - the speed and/or connection latency between the server 6 and the control unit 4 and/or the portable electronic device 5.
- the server 6 then generates a plurality of possible OTPs for that user 798 on the basis of the seed retrieved in the account, from the instant to - At to the instant to + At. If one of the calculated OTPs corresponds to the one transmitted by the user 798, then it is authorized the access through the sending of the authorization code 10e to the control unit 4; otherwise the permission to unlocking is denied and therefore the access control device 3 is not opened.
- the embodiment here described has the advantage of not needing a data connection (e.g. Wi-Fi or cellular radio network) for the portable electronic device 5, which therefore does not need to establish direct communications with the server 6.
- the QR code shown on the display of the portable electronic device 5 can be an example of authorization signal.
- the transmission of the authentication signal can also be replaced by a reading of a QR code printed on a business card.
- this is a QR code that can be used only once, if the user 798 loses or anyway does not have the portable electronic device 5 with him.
- the server 6 verifies that the OTP code is associated to a visual code, for example and non-limiting to QR, printed, first of all it is verified whether the code is compatible with a list of non-dynamic codes (then, always valid and according to the present disclosure described as security codes) for the specific user 798 who made the request. If this code is compatible with those stored for the specific account, then we proceed with the sending of the authorization code 10e to the control unit 4.
- the security code can then be considered as a pas-partout code. This code can be of the type that can be used only once or several times. If the code can be used only once, it is erased from the memory by an action of the server 6.
- the server 6 verifies that the OTP code is associated to a portable electronic device 5 of passive type, such as for example an NFC tag, firstly the server 6 performs an electronic search for all the devices associated to the account of the user 798 who has the portable electronic device 5 and subsequently the device corresponding to the generated OTP code is identified. If this code is compatible with the OTP code generated by the portable electronic device 5, then we proceed with the access authorization through the transmission of the authorization code 10e to the control unit 4.
- a portable electronic device 5 of passive type such as for example an NFC tag
- the software application stored on the portable electronic device 5 can optionally comprise emergency codes that are associated to the specific access control device 3 and/or equivalently to the specific control unit 4.
- the emergency code is not retransmitted to server 6 for a further verification.
- the control unit 4 that directly performs the operations necessary to the opening of the access control device 3.
- the emergency code is a single use code.
- QR code morphology is not to be understood in a limiting way, as it is also possible to use other visual codes such as, in a non-exhaustive list, a linear barcode according to Codabar, or Code 25, or Code 39, or EAN 2 or EAN 5, or also a two-dimensional or matrix visual code such as for example Aztec, or CrontoSign, or Datamatrix according to IEC 16022 standards.
- visual codes such as, in a non-exhaustive list, a linear barcode according to Codabar, or Code 25, or Code 39, or EAN 2 or EAN 5, or also a two-dimensional or matrix visual code such as for example Aztec, or CrontoSign, or Datamatrix according to IEC 16022 standards.
- the single use password, or OTP code herein described which comprises the "code” itself represented by the alphanumeric or numeric only or alphabetic only string, can be integrated in any visual code, in particular in one of the codes according to the standards above described.
- the processing units of system 1 here described will take care for having the computational capacity to decipher the visual code in order to extract the appropriate alphanumeric code.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Lock And Its Accessories (AREA)
- Mobile Radio Communication Systems (AREA)
- Debugging And Monitoring (AREA)
- Hardware Redundancy (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IT102019000011634A IT201900011634A1 (it) | 2019-07-12 | 2019-07-12 | Sistema di sblocco di accessi di una struttura e metodo associato |
PCT/IB2020/056511 WO2021009641A1 (en) | 2019-07-12 | 2020-07-10 | A structure accesses unlocking system and associated method |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3997674A1 true EP3997674A1 (de) | 2022-05-18 |
Family
ID=68733453
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20750731.0A Pending EP3997674A1 (de) | 2019-07-12 | 2020-07-10 | System zur entriegelung von gebäudezugängen und zugehöriges verfahren |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3997674A1 (de) |
IT (1) | IT201900011634A1 (de) |
WO (1) | WO2021009641A1 (de) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11281808B2 (en) * | 2020-01-28 | 2022-03-22 | International Business Machines Corporation | Detection and repair of failed hardware components |
WO2022254260A1 (en) * | 2021-06-01 | 2022-12-08 | Le Quang Nghia | Electronic lock and implemantation process of said electronic lock |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050285716A1 (en) * | 2001-12-27 | 2005-12-29 | Triteq Lock And Security, Llc | Electronic key control and management system for vending machines and the like |
EP2237234A1 (de) * | 2009-04-03 | 2010-10-06 | Inventio AG | Verfahren und Vorrichtung zur Zugangskontrolle |
US20140292481A1 (en) * | 2011-03-17 | 2014-10-02 | Unikey Technologies, Inc. | Wireless access control system and related methods |
EP3259741B1 (de) * | 2015-02-17 | 2021-05-19 | Sensormatic Electronics LLC | Verfahren und system zur verwaltung von berechtigungsnachweisen |
EP3188136A1 (de) * | 2015-12-28 | 2017-07-05 | Marques, SA | Elektronisches türschloss und betriebsverfahren dafür |
US10043332B2 (en) * | 2016-05-27 | 2018-08-07 | SkyBell Technologies, Inc. | Doorbell package detection systems and methods |
JP6897536B2 (ja) * | 2017-12-12 | 2021-06-30 | トヨタ自動車株式会社 | 認証情報制御システム、認証情報制御方法、及び、認証情報制御プログラム |
-
2019
- 2019-07-12 IT IT102019000011634A patent/IT201900011634A1/it unknown
-
2020
- 2020-07-10 WO PCT/IB2020/056511 patent/WO2021009641A1/en unknown
- 2020-07-10 EP EP20750731.0A patent/EP3997674A1/de active Pending
Also Published As
Publication number | Publication date |
---|---|
WO2021009641A1 (en) | 2021-01-21 |
IT201900011634A1 (it) | 2021-01-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105279832B (zh) | 智能门锁系统及其控制方法 | |
US10614650B2 (en) | System and method for managing distributed encrypted combination over-locks from a remote location | |
ES2414089T3 (es) | Accionamiento de un sistema de seguridad utilizando un dispositivo inalámbrico | |
US20190147672A1 (en) | Systems and methods for multifactor physical authentication | |
US9953475B2 (en) | 4D barcode | |
EP2689399B1 (de) | Eigenständige steuerungsvorrichtung und verfahren für biometrische autorisierung | |
EP0924657B1 (de) | Technik zur Fernüberprüfung der Identität mit einer persönlichen Identifizierungsvorrichtung | |
US8045960B2 (en) | Integrated access control system and a method of controlling the same | |
US20180359635A1 (en) | Securitization of Temporal Digital Communications Via Authentication and Validation for Wireless User and Access Devices | |
KR100680637B1 (ko) | 생체 정보를 이용하는 인증 시스템 | |
US10475115B2 (en) | System and method for managing distributed encrypted combination over-locks from a remote location | |
EP2817788A2 (de) | Verfahren und system zur bereitstellung von identitäts-, authentifizierungs- und zugangsdiensten | |
US10922747B2 (en) | System and method for securing and removing over-locks from vacant storage units | |
US11094152B2 (en) | System and method for applying over-locks without requiring unlock codes | |
CN109859350B (zh) | 一种远程授权的指纹自助录入方法及酒店自助入住方法 | |
EP3997674A1 (de) | System zur entriegelung von gebäudezugängen und zugehöriges verfahren | |
KR100422377B1 (ko) | 액정 바코드를 이용한 보안 및 출입통제 시스템 및 그 방법 | |
CN112734989A (zh) | 一种智能门锁的蓝牙钥匙分发方法 | |
US20190199701A1 (en) | Securitization of Temporal Digital Communications Via Authentication and Validation for Wireless User and Access Devices | |
JP6934441B2 (ja) | 管理サーバ、認証方法、コンピュータプログラム及びサービス連携システム | |
NL2018694B1 (nl) | Combinatie van een server, een slotcontroller, ten minste één slot, en een elektronisch apparaat, en werkwijze voor het aansturen van een slot | |
US20220343416A1 (en) | System and method for randomly generating and associating unlock codes and lock identifiers | |
EP4307258A1 (de) | System und verfahren zur zufälligen erzeugung und zuordnung von entriegelungscodes und schlossidentifikatoren | |
TWM633269U (zh) | 應用時變碼及影像雙認證的雲端門鎖管制系統 | |
FR3110748A1 (fr) | Programmation de badges d’accès à des locaux. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20220112 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40074293 Country of ref document: HK |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230414 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20240313 |