ES2217968B1 - SYSTEM AND PROCESS OF PERSONAL IDENTIFICATION BEFORE ELECTRONIC LOCKS AND OTHER COMPUTER SYSTEMS. - Google Patents

Abstract

The object of this invention is a system and process of personal identification before electronic locks and other computer systems. Basically, it allows the individual to authenticate before a multitude of locks (also allowing them to handle them mechanically), computer systems or services existing therein, using a single element similar to a house or car key. It consists of key (personal) and lock (in the system that offers the service) both electronic, some of which may lack native power. When the key is inserted into the lock, a set of contacts between the two are enabled. Some make it possible that if one of the two does not have its own power, it will be fed by the other; others, allow the transfer of data between them. By means of these contacts, key and lock identify each other biunivocally and exclusively using, for example, an asymmetric key system. Upon identification, both partners will act accordingly.

Description

Personal identification system and process before electronic locks and other computer systems.

Field of application of the invention

The personal identification system and process before electronic locks, referred to in this invention will be applicable in all those industries of locksmith, both housing and automobile, access to banking services and computer media, in which it is intended obtain a maximum of security, regarding the suitability of the user to use the system.

State of the art

Every day, we have to identify personally to access the use of devices and services We use regularly. Both to open or close the door of our house or office, as if to start the car, to access a multitude of services on the Internet, to use the ATM networks or to activate or deactivate the alarm of our house; It is necessary to identify ourselves in some way.

According to the current state of the art, this Identification is done using very diverse mechanisms. At case of the door of our house, as in almost all vehicles, we identify ourselves by the fact that only we have the corresponding key, and a different key For each lock. Before ATMs we use a credit card accompanied by the corresponding access code, or before services on the Internet, through our password, with a different card and a different code for each service.

As for the locks of homes, buildings or vehicles that currently exist, these can be divided into two classes, the mechanics , in which only those keys that mechanically fit the lock are allowed to open or close. And the electronic ones , in which the function of the key is performed by a magnetic card, a numeric keypad, a fingerprint identification or some other identifier.

In the case of the first, the mechanical locks , these are composed of a mechanical lock and several identical keys, from which copies can be obtained with greater or lesser difficulty.

Among the main disadvantages of this type of locks we can highlight the fact that a different key is necessary for each lock. This creates the need for a person to carry a multitude of keys to open various doors of homes, vehicles, etc.

Another important problem is the fact that the Loss of a key makes it advisable to change the lock. Being necessary to replace the rest of the keys distributing them to the people who were previously given.

An important limitation of this type of locks is the one that is not possible to restrict the access of any of the keys at certain days or at certain times.

It is also a limitation, which the lock does not  Identify which of the existing keys is the one inserted in every moment, this prevents conditioning your access so Independent.

Being a mechanical element, due to the complexity that would entail, no type of information about the history of accesses that occur by said lock.

In the case of electronic locks, its main characteristic is that the decision to enable access is made computationally. That is, after identifying the key (card, numerical key or other identification element) that is inserted into the lock, a computing process decides whether or not opening or closing is possible.

The electronic locks existing in the currently, they need external power supply and sometimes wiring is also necessary to communicate the lock with other computer systems (usually a computer central). For its installation, works by both conditioning that allow electrical cables to be carried up they. In addition, its dependence on the state of electrical systems of the building can be a problem. Since in a situation of emergency (fire or catastrophe) it is easy for systems electrical failures, at times when the locks must Run with the greatest efficiency.

As for the use of magnetic cards , very widespread both in the environment of electronic locks and in that of ATMs. These are basically characterized by having a magnetic strip in which sufficient information is recorded to identify it. This information can be read later by any card reader of the corresponding type.

Among the disadvantages of using these cards as an identification system we can highlight the fact that they are basically a passive and visible component. Passive in the sense that they can only offer information being read (or written), but cannot process such information. And visible because any reader can get the information they contain.

The fact that they are a passive element makes the cardholder cannot identify reliably to the other party, that is to the system that reads the card. By what your identity can be easily supplanted. This is the \ It \ him Magnetic card based system does not assure the holder of the card the identity of the reader system in which it is inserted.

The fact that the information contained in the card is easily visible makes it also easily duplicable, which is inconvenient on a device that has the function of identifying its owner. To avoid the phishing of the card owner, the system reader can ask the cardholder for the introduction of a secret number, as is the case in ATM networks automatic This requirement guarantees the identity of the card owner before the reader system, but not authenticate the reader system to the card owner. Is say, someone could put a card reader on the track public, simulating the cashier of a banking entity for example, read the contents of the card and then ask the user for secret number The user, believing to be before a valid interlocutor, would write the secret number, putting disposition of the imposter to your card information and your number secret, information is enough to impersonate the user before the corresponding entities. In the case of the use of credit cards for purchase on the Internet, the situation is more worrying, because due to the danger of requesting the Internet secret code to the user, the most used protocol it consists of simply requesting the card number, which It is visible and therefore usable by many employees of establishments, where the card is used. This fact is one of the reasons that has slowed Internet sales the most.

As for the use of access codes , today it is one of the safest ways to validate a user's identity. However, in the vast majority of user protocols used today, for example in ATM networks or Internet services, the interlocutor offering the services (this is the ATM or Internet server), is not reliably identifies the user. You can do it using a certificate, this mechanism requires the intervention of third parties. This, as we have already mentioned in the previous paragraph, is an important problem. Another important problem regarding the use of access codes is the fact that each service carries an access code, being convenient to increase security, that these are different for each entity or service. It is therefore necessary to memorize many of these codes, which is difficult or at least cumbersome.

Regarding the state of the art about personal identification by means of biometric parameters , the most significant advances are those aimed at identification by fingerprint or retina. All of them are complex to obtain, and generally sensitive to the current state of the person in question. On the other hand, being visible, they are reproducible and therefore, with greater or lesser difficulty, make possible the impersonation of the user's identity. In any case, these systems are also passive. In other words, they allow the user to be identified, but they do not allow the user to identify the other party. It is perhaps worth noting that although it is not usually considered as such, the use of pasword or secret key is basically a biometric parameter, since it reflects information that has a biological support inserted in the individual to be identified, exclusively. The advantage in this case is that said biological parameter is not visible and yet it is easy to obtain, if the requirement that the individual's will be in favor is fulfilled.

As for electronic cards , they are mostly used as electronic purses. Their physical form limits them since they are not designed to feed or mechanically handle the system that houses them, nor do they have the possibility to monitor the data they contain directly. Electronic cards are not designed to easily replace traditional locks.

Cryptographic techniques, and in particular the digital signature , if they provide sufficient mechanisms to identify several interlocutors mutually and securely. However, they have not just solved the problem of personal identification in an effective way. The problem in this case is not the cryptographic algorithms used, but the physical resources and devices used to process and store them. That is, the state of cryptographic techniques allows, for example, using asymmetric keys, to identify two interlocutors in a safe and mutual way. What is not well resolved is how to get the user to carry these keys (which, because they are personal, must accompany the person) and the resources necessary to use them, so that the user can personally validate himself before the various mechanisms or services, physically dispersed, and with different mechanical, electrical, or access to information requirements; These are locks, ATMs, computers, alarm systems, vehicles, Internet services ... An example of this is the current use of the digital signature or certificates on the Internet, which in the case of home users are associated with a file which is stored in computers with very little protection. In addition, for security reasons, the file must not leave that machine, so it cannot be used by the user outside it.

Description of the invention

The personal identification system and process before electronic locks and other computer systems that Quote, it is essentially composed of two attachable elements, a key and a lock, respectively provided with a connector male and a female connector, intended to be coupled at the time of  Its use.

The male connector of the key is equipped with a battery and a computer system that includes a keyboard and a LED, liquid crystal or other monitoring system kind; while the female connector in the lock, presents a computer system and the actuators precise electromechanical and electronic connectors to handle the  mechanical resources or to transfer information to the system that the houses. This lock computing system can be endowed with its own food or lack it since it is provided that, when the key is inserted, the same battery that powers the  male connector of it, can activate the system of the lock, or conversely, the power of the lock, can activate the key system, in which case the battery is not required power supply, or if the battery is rechargeable, it can be recharged, with no more operation than leaving the key inserted in the lock.

The key, easily transportable by the user, both by shape and dimensions, will be of the type normally used for any door of housing, building, car or vehicle type, alarm system, ATM, personal computer or of all kinds of type, connected or not to a computer network or a computer system of any kind.

On the other hand the lock, coupled to the corresponding door, alarm system, etc., etc., is included in the mechanism that offers the services to the user, either be it opening or closing doors, vehicles or buildings, systems alarm, computer systems, computer networks, etc.

Both the key and the lock are equipped with  two connectors composed of various contacts, intended for feeding and charging, or to establish communication between lock and key computing system. The physical form of These connectors are defined so that when the key is inserted in the lock, the battery contained in the key, which already feeds the circuits of this, can also power the system lock computing, and in case the lock had its own power could charge the key battery Or feed your circuits. At the same time, the connections intended for data communication, establish a circuit that allows communication between the key computing system and the one with the lock. Through these contacts, key and lock identify each other biunivocally and exclusively using, for example, an asymmetric key system. Behind the identification, the system that houses the lock will work in consequence according to the guidelines associated with the interlocutor corresponding to the key identified.

Each key or lock has a device identification number (NID) and a set of exclusive public and private keys , which identify it and the difference from the rest of the existing locks or keys. Said identification number is associated with the identity of the owner of the key or lock . In the case of the key, it is possible to guarantee the identity of the owner, since he is the only one who owns it and is also the only one who can activate it, since he is the only one who knows his activation key (secret number). The lock works passively as a receiver, waiting to identify the user to offer their services. The key works actively, requesting the receiver (by insertion in the lock) to carry out a mutual identification process; After this identification, if applicable, the receiver will offer his services to the owner of the key.

It should be noted that the female connector, it will not always be the interlocutor with whom the user wishes identify. With regard to this fact, two types of connection between the partners:

1. Direct : From key to lock. In this case, the female connector has its own device identification number (NID) and its public and private keys and is identified as the other interlocutor of the interconnection. This will be the case of door locks in homes, vehicles, personal computers or alarm centers.

2. Indirect : In this case, the female connector (lock) is not the interlocutor with whom you want to identify the key, but an intermediary that allows the key to communicate with the system to which you want to identify. In this case, the lock will be included in a more general computer system to which the information from the key is transferred, so that it is transferred to the corresponding interlocutor, who is the one who will use his NID and keys to identify and identify himself before the owner of the key. This interlocutor can be in a remote machine until the computer system that houses the female connector will send the information, using any of the possible interconnections between present or future computers, that is through local network, point-to-point connections, Internet network, etc ... Some examples of this type of communication may be the case of ATMs, or Internet services.

In order for a lock to identify a key, there is an initial registration process, through which key and lock exchange their denominations, the public part of their asymmetric keys and sufficient information to maintain a sequence of secure subsequent connections , as well as a history of the same. Subsequently, the key and lock may identify each other each time the key is inserted into the lock.

The key has a small alphanumeric keypad that the owner can use to enter information such as an activation code at the beginning of each identification that prevents the key from being used by strangers in case of loss, or instructions for configuration of the key or lock in which it is inserted. To facilitate this operation, the key also includes a small monitor or display to display the corresponding information. Regardless of the above, the key may include other connection or communication resources that allow it to expand its operating characteristics.

Throughout its history, both keys and locks, store the information corresponding to its access sequence . This information will be accessible to the corresponding users, either through the user interface of the key (keyboard and monitor), or through the corresponding devices (computer systems that include the key or the lock and have an access interface).

In the case of door locks, by replacing the traditional mechanical gear system with a system such as the one described in this patent, the decision to enable the opening or closing is made computationally and not mechanically. This allows to identify the key individually, being able to prevent access to a key that has been lost, without changing the lock. In the same way the same key can be enabled in a multitude of locks, reducing the number of keys that a person must carry. After the identification process that occurs between key and lock, the action of closing or opening the bolt can be done electrically or by traditional manual traction. For cases where the action of physically running the bolt is done mechanically and manually (very convenient option for the consequent saving of energy stored in the key cell), the male connector of the key must be robust enough to support the manual rotation that transmits traction to run the bolt .

The described system has the property of mutually identifying the two partners , so that the owner of the key also ensures that it is before the appropriate partner.

The same system can be used to sign by digital signature or to process other cryptographic algorithms related to the identity or authorship of the key owner.

Optionally, the same key can define several levels of security against locks or different services, so, for example, whether or not the number inclusion is required secret. It is even possible that the same key contains several key sets that will be activated with secret numbers different.

We will now describe how our invention includes improvements over the prior art .

As for the locks of homes or vehicles , the invention object of this document, that is, the set formed by key and lock that we propose here, brings together the advantages of mechanical and electronic lock systems, while eliminating the disadvantages of these .

The object of this invention gains in versatility against mechanical locks, since both the decision of opening or closing as the identification of the key is made of computational form This fact also allows the use of a standard communications protocol with which, any key  It can be enabled in any lock. What makes possible using a single key to control several locks, instead of using a key for each lock. The locks may also set to restrict access for certain keys to a certain schedule and calendar. It is important also highlight that the history of connections that have taken place in each key and lock.

On the other hand, the object of this invention wins in autonomy and availability, compared to lock systems Electronic Since the key-lock assembly does not need external power, as we have mentioned the key It has an internal battery and the necessary connectors for feed with this not only your circuitry, but also that of the lock. To install the lock, it will therefore not be necessary carry out conditioning works to carry the cables electrical up to this. Changing a mechanical lock or a lock like the ones described in this document, it won't be more complex than that of a classic mechanical lock by another of the same kind.

Regarding personal identification systems, this invention basically solves the problem that the user can carry with them the content of the keys and the computing resources necessary to personally validate , by means of appropriate cryptography algorithms, before the various mechanisms or services that may be physically dispersed, or with different mechanical, electrical, or access to information requirements. That is, the user can personally identify themselves to locks, ATMs, computers, alarm systems, vehicles or Internet services, safely, using a single device and needing to remember a single key (the one that activates the key), since with That same key will be sufficient for any identification. Another important advantage is the security of the keys, since the private part of the key will be written in the internal memory of the key, and it can be made that it is only accessible by programming, if this programming is in the same ROM and we assume The entire system embedded within the same integrated circuit, the private part of the key will not be visible under any circumstances .

This invention basically proposes a hardware system with a suitable connector (the key) so that the interlocutor can be identified before any service (using the female connector or lock) using appropriate cryptography mechanisms, a communication protocol using asymmetric keys or any other type of which the state of the art of cryptographic techniques allow it today or in the future. This invention in turn allows to protect the improper use of the key by means of an access key to the same, being able to prevent it from being used before any service without previously including said key access code. We enable the fact that the identification system accompanies the person and can be used on any computer simply by entering the key in the lock (female connector on the computer) to be validated before any
service

The same key, without the user having to remember more than an access code (the key access, which it may be the same for all its activations), it can be used to control locks of housing, offices, vehicles, for enable access to services on the Internet to identify yourself from mutual and secure way before banking services or before the administration, to enable operation or access to computers of any kind, to identify before systems alarm, or ultimately to identify the presence of your owner and therefore validate the relevant operations.

In the same way, the object of this invention makes it possible for us to identify service users including in our system a female connector (lock), well either by including it in the lock of our house, building or office, where we can define with great versatility the access characteristics of each of the users to the case; good either through a network of ATMs, including in each of them the relevant female connector (lock), either via the Internet, now that the user may include in his relevant computer the necessary device (lock), in which you will insert the key, through which he will identify himself to the service and identify the same in a mutual and safe way.

Similarly, since the physical form of the key is similar to that of a housing or vehicle key existing today, can mechanically handle the bolt of vehicle or home locks. Being both robust and easily transportable.

In summary we can affirm that the object of this patent, due to its electrical and mechanical characteristics, can gather in a single device the ability to identify, so mutual and very secure, both to the user and to the entity that offers the service, in environments as diverse as the locks of buildings or vehicles, ATMs, programs computer, internet services, etc ...

Description of the drawings

A detailed description will be made below. of the accompanying drawings, in which simple is represented non-limiting example title, a preferred form of realization, susceptible to all those variations of detail that do not involve a fundamental alteration of the characteristics Essential system cited.

These drawings illustrate:

In Figure 1: General perspective view of the system key

In Figure 2: General perspective view with detail of its interior, of the system lock.

According to the example of execution represented, the system and process of personal identification before locks electronic and other computer systems that are recommended, is consisting of a key (1) the size of the keys used normally for cars and the like, equipped with a connector male (3) protruding from the body (5) where the system is included of computing a keyboard (13) and a battery (4) of power, the set included in the body (5) being constituted by a LED monitoring system, liquid crystal or any other type and in the outstanding male connector, in its expensive contacts (10).

The lock (2), presents inside a female connector (6) intended to connect to the male (3) of the key, the computer system (7) of the lock, about electromechanical actuators (8) to handle mechanical resources or the anchor that allows manual traction of the bolt by means of the corresponding turn.

It also includes electronic connectors (9) to transfer information and power to the system, as well as contacts (11) for contact with the corresponding (10) of the key when it is inserted, and a tab (12) for holding the male contact (3) when it is introduced in the
lock.

Organized in this way the system constituted by key and lock, the whole operation will be like follow:

As for the key computing system , it must contain a microprocessor, RAM, ROM for storing the programming and its private key, FALSH or EEPROM for storing programs and information regarding the partners (other locks before which it has been enabled), the logic necessary to establish the connection with the interlocutor through the connections established during the insertion of the key in the lock, the logic necessary to handle the interfaces with the keyboard or monitoring system if there were one , the clock logic necessary for the operation of the system and the time control (it may contain a small independent battery for the clock) and the logic necessary for the miscellaneous functions of the system such as control of the state of the power, recharge control of the batteries , etc. The structure of the computer system, can be the typical structure of any microprocessor-based system, the only specific requirements are the existence of a communications interface that uses the male connector of the key, without this interface requiring any resource outside the known in the current state of the art.

To meet the requirements mechanics imposed in the case of the key, it will be enough with a mechanical design as can be seen in figure 1. The connector key male will have sufficient consistency to support the traction necessary for the rotation of bolts or other mechanisms of mechanical traction Its surface allows it to house power and data connections that must be established with the lock. The male connector of the key could be retractable, and You can also have a small slit that will help you pressure tab, existing in the lock, hold it once introduced in to it. The key module must be robust and compact enough to be transported personally (in the pocket). As we have already commented, Optionally you can include a keyboard and display.

As for the lock computing system , it must also contain a microprocessor, RAM, ROM for storing the programming and its private key, FALSH or EEPROM for storing programs and information regarding the partners (other keys that have been enabled before it), the logic necessary to establish the connection with the interlocutor through the connections established during the insertion of the key in the lock, the clock logic necessary for the operation of the system and the time control (may contain a small independent battery for the clock) and the necessary logic for the miscellaneous functions of the system such as control of the state of the power, control of recharge of the batteries if there were them, etc ... As in the case of the key, The structure of the computing system can be the typical structure of any microprocessor-based system, in the same way The only specific requirements are the existence of a communications interface that uses the female connector of the lock, without this interface requiring any resources, outside those already known in the current state of the art.

In the lock there are two other interfaces that will have to be done. On the one hand, in locks that must be handled mechanically elements, this is home lock or vehicles, there will be an actuator (which can be a turning motor or a magnetic anchor), which allows the rotation of the bolt. On the other hand, in the case of recessed locks in broader computer systems, such as computers  personal or ATM, there will be an interface of communication with the computer system that houses the lock through which a connection to it will be established, in this way the key can identify and identify remote partners using the telephone or network connections of the system computing that houses it. Both interconnection resources for this purpose, as the actuators necessary for handling mechanical of the mentioned elements, can be solved within the  Current state of the art.

Both the key and the battery are activated by Insert the key into the lock. This fact entails some special features regarding the connection between key (3) and lock (6) connectors. So that the activation occurs without problems it is advisable that first place the data connections are made, then the connection of power and finally the activation / deactivation connection. This fact can be achieved by adapting the length and placement of the connectors between key and lock. Those who must first interconnect must be longer in the key to activate the start of the introduction and stay connected when it is complete. These requirements can be satisfied with connectors (3 and 6-f.1) as indicated in the  Figures 1 and 2.

Then we will make the necessary assessments regarding the realization of the software necessary for the proper functioning of our invention.

Once the computer systems of the  key and lock after corresponding insertion and established the communication circuits between the two, it establishes a protocol between the key and the lock, destined to that both identify each other in a biunivocal and safe way. After the identification process, in the case of locks vehicles or homes will proceed to make the decision, for that concrete key and at the time of connection, to enable or not the bolt opening or closing. In the case of other systems of general computing, such as ATMs or Internet services, after identification will proceed to perform the consistent tasks to serve the user, to whom It has been identified by the key.

The structure of the existing software in the key it should not be complex, since we consider it a system recessed does not require any operating system, being able to work As a single process. This process will be dedicated to serving the different operating protocols, through which the key and the lock will perform the functions to which they are destined

So that the key and the lock can be identified biunivocally, a system of asymmetric keys, where each one has a symmetric system of public key and exclusive private key, defined during the fabrication process.

The key-lock communication protocol must cover the different needs associated with the operation of the system. We will explain in detail the protocol destined to its most fundamental function, the mutual identification. This can be done using the following " protocol for the identification process ", which could be qualitatively defined by the following steps:

one.

Using the connection established to insert the key into the lock, the key sends to the lock a HELLO message indicating that you want to identify yourself to it, or the operation you want to perform.

2.

If the lock is active and ready to perform the operation requested, answer with an OK message that you send to the key.

3.

The key sends your identification number to the lock (unique, defined in the manufacturing process).

Four.

If the lock has no information regarding that number of identification (the key has not been enabled for that lock) request permission to validate it, and if you don't get it denies.

5.

If the lock knows the key will know your public key and will have information about your access history. Using mechanisms  random the lock builds a chain called CAIC (random lock identification code).

6.

The lock encrypts the CAIC chain using the public key of the key. The encrypted message also includes the number of Lock identification (NID lock), so that the key Can identify your caller.

7.

The lock sends the result of the previous step (CAIC + NID lock) to the key computing system.

8.

The key decrypts the message (CAIC + NID lock) using its private key, obtaining decoded CAIC and NID lock where you can know who your interlocutor is and therefore what key public and what symmetric key you should use.

9.

The key, using random mechanisms builds a string called CAIK (random identification code of the key).

10.

The key, build a chain with the CAIC of the lock and its CAIK and encrypts it using the symmetric key (SKO) agreed in the Last connection between both devices.

eleven.

The key takes the result from the previous step (CAIC + CAIK encrypted with symmetric key SKO) and re-encrypt it with the key public of the lock (which he met during the process of habilitation before this).

12.

The key sends the result of the previous step ((CAIC + CAIK)) to lock computing system using the established communication line.

13.

The lock decrypts the message ((CAIC + CAIK)) using your password private, obtaining (CAIC + CAIK) encoded by the symmetric key SKO that knows about the previous connection.

14.

The lock decrypts the message (CAIC + CAIK) using your password symmetric SKO, obtaining CAIC + CAIK decoded. If CAIC matches with the chain that the lock sent, the lock system knows that the interlocutor with whom you communicate is not a impostor.

fifteen.

Using random mechanisms the Lock builds a new symmetric NSK connection key. This symmetric key will be stored in the memory of the lock, since it will be used as SKO, the next time the key is Try to identify before the lock.

16.

The lock builds a chain with the CAIK that has deciphered from the key and the new symmetric key CAIK + NSK, and encrypt this string (CAIK + NSK) using the public key of the key.

17.

The lock sends the result of the previous step (CAIK + NSK) to key computing system.

18.

The key decrypts the message (CAIK + NSK) using your password private, obtaining decoded CAIK and NSK. If CAIK matches the one that sent, the key knows that the interlocutor of the lock does not It is an imposter and classifies it as valid.

Once the key and lock have been identified biunivocally, another series of protocols will define the process to be followed, either to communicate to other applications that the interlocutor is a valid interlocutor , so that in the case of building or vehicle locks would proceed to enable the opening or closing of the bolt, or in the case of other services, these services would be offered to the user as appropriate. Or to perform maintenance or control operations such as enabling a key in a lock, updating access rules in a lock, accessing information about the history of the lock, updating configuration of a key, access to key history information, or activation of the key by entering the secret code. The same key can be used to perform other tasks or cryptographic algorithms such as the digital signature, which allow identification or initiation of electronic documents, or any other task that requires identification by cryptographic methods of the owner of the key. All these processes can be performed using the mechanisms available in the state of cryptographic techniques.

We will now describe how the object of this patent is used . Its use can be aimed at two objectives, one the identification of the owner of the key before various computer systems and a second, less important, maintenance of the configuration and access to the information contained in the entities that compose it. We comment below, how our invention is used in each of these cases.

For identification it will be sufficient to enter the key in the lock. The communication protocol between the two is responsible for processing the flow of information until the key is identified. If so defined, it will request the key entry by the keyboard. And with this the user will be identified. The process that continues depends on the nature of the interlocutors. If used on a lock, it will be opened or closed by the corresponding electrical or mechanical means. If it is other systems such as ATMs, personal computers, etc ... the computer system will have identified the user of the key, he will have identified the service and both will act accordingly.

As the nature of this invention has been defined, it is possible to access the data or the configuration of the key or the lock independently. To configure or access the key data, you can use the same resources of the key, if it has a keyboard and display system (or if it is integrated into a more complex computer system, such as a mobile phone. the key can be inserted into a lock housed in a computer system with data monitoring capability (for example a PC); through the relevant protocols, the information contained in the key will be transferred to the lock and from there to the monitoring system ( PC), where it will be available to the user.

Regarding data access and configuration of the lock , the process is evident if it is housed in a computer system with monitoring capability (for example a PC). In the case of insulated locks, as in the case of door locks in homes or buildings, a key inserted in it will be used. Since the key has the ability to monitor and control the data, these can be seen directly when transferred from the lock to the key. For chaos in which the information to be monitored is very extensive, the key will collect the data of the lock, which can be seen when the key is inserted into a computer system with monitoring capacity (for example a PC with the corresponding lock) . From a system of the same type (for example, PC with a lock), the corresponding configuration that will be stored in the key and downloaded onto the lock to be configured can also be generated, once the key is inserted into it.

The shape, materials and dimensions may be variables and in general whatever accessory and secondary, always that does not alter, change or modify the essentiality of the system that It has been described.

Claims (22)

1. Personal identification system before electronic locks and other computer systems, characterized by being constituted by two basic elements: UNO, a key element that incorporates a computer system, a user data entry system (keyboard or similar) and a user data monitoring system (display or similar), as well as a male connector, which incorporates power and data connectors. And two, a lock cylinder element, which incorporates a computer system, as well as a female connector that also incorporates data and power connectors. 2. Personal identification system before electronic locks and other computer systems, according to claim one, characterized in that both the key and the lock are provided with connectors that allow it to feed one another, in the event that any of them, it is not equipped with said power supply, and the key or lock may also have internal batteries that can be recharged by the power supply system. 3. Personal identification system before electronic locks and other computing system, according to any of the first and second claims, characterized in that a means of attachment to the lock element, when connected, is provided in the key element, which allows the rotation of the key is transferred to the mechanical components of the lock, for opening and
closing. 4. Personal identification system for electronic locks and other computer systems, according to any of the first to third claims, characterized in that the DOS element, a lock cylinder, can also be connected to other computer control systems. access security, providing the lock computing system, another communications interface capable of communicating with the local computer, or any other computer system accessible through any type of communications network. 5. Personal identification process before electronic locks and other computing system, characterized by being a process initiated by introducing the male connector of the UNO element, in the female of the DOS element, power and data connections are established, making it possible to identify between data and lock, prior introduction by the user, of the personal key through the key data entry system, the aforementioned identification process comprising the following steps:

one.

Insertion of the key in the lock, via the established connection and sent a HELLO message from key to lock, requesting identification or the operation that want to perform

2.

Answer of an OK message from the key lock.

3.

Shipping from the key to the identification number lock, unique, defined in the manufacturing process.

Four.

Request for validation by the lock, in case of not having registered said number of identification and rejection, of not obtaining it.

5.

Construction of a CAIC chain, code  random identification of the lock, if it is recognized the key by the lock, through the history of access known for the cerra-dura.

6.

CAIC chain encryption through public key of the key, including the identification number of the lock.

7.

Shipping of the result of the previous step to the computer system of the key.

8.

Message decryption by key using your private key, obtaining the decoded CAIC and the identification number of the lock, determining its partner and the public key and the symmetric key to use.

9.

Generation by the key of a chain CAIK, random key identification code.

10.

Generation, by the key, of a chain with the CAIC of the lock and its CAIK, encrypted using a SKO symmetric key defined in the last connection between key and lock.

eleven.

Second encryption, by key, of the previous result by The public key of the lock.

12.

Sending, by the key, the result of the previous step to lock computing system using the line of established communication.

13.

Decryption, by the lock, of the previous message, by your private key, obtaining (CAIC + CAIK) encoded by the key symmetric SKO.

14.

Decryption, by the lock, of the previous message, by your key your symmetric SKO key and verification of the CAIC chain sent previously.

fifteen.

Generation by the lock, through mechanisms randomization of a new NSK symmetric connection key and its memory storage to be used as SKO in next key identification

16.

Generation, by the lock of a chain with the decrypted CAIK, coming from the key and the new NSK symmetric key, Encrypting with the public key of the key.

17.

Sending, by the lock, the result of the previous step (CAIK + NSK) to the key computing system.

18.

Decryption, by key, of the message (CAIK + NSK) using your private key and verification of the CAIK with the sent one

 \ hbox {formerly} 

.