GB2413672A - Access control - Google Patents

Access control Download PDF

Info

Publication number
GB2413672A
GB2413672A GB0409406A GB0409406A GB2413672A GB 2413672 A GB2413672 A GB 2413672A GB 0409406 A GB0409406 A GB 0409406A GB 0409406 A GB0409406 A GB 0409406A GB 2413672 A GB2413672 A GB 2413672A
Authority
GB
United Kingdom
Prior art keywords
electronic
electronic key
access
access code
access point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0409406A
Other versions
GB2413672B (en
GB0409406D0 (en
Inventor
Asger Smidt
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Motorola Solutions Inc
Original Assignee
Motorola Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Inc filed Critical Motorola Inc
Priority to GB0409406A priority Critical patent/GB2413672B/en
Publication of GB0409406D0 publication Critical patent/GB0409406D0/en
Publication of GB2413672A publication Critical patent/GB2413672A/en
Application granted granted Critical
Publication of GB2413672B publication Critical patent/GB2413672B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • G07C9/00087

Abstract

An access control system (100) has an Electronic Access Point (102) an Electronic Key (104) a biometric scanner (108) and a database server (106). The Electronic Key (104) has an encrypted access code to the Electronic Access Point (102) and the Electronic Access Point (102) grants access if the encrypted access code is decrypted using at least one biometric parameter obtained from the biometric scanner (108) and the decrypted access code is positively verified by the database server (106).

Description

24 1 3672
ACCESS CONTROL SYSTEM AND METHOD
Field of the Invention
The present invention relates to security of resources, in general, and in particular, to a system for and a method of controlling access.
Background of the Invention
Developments in computer and communication technology have resulted in new devices known as electronic security tokens, also known as electronic keys. One of the most popular electronic key is a Smartcard. Smartcards are used in a wide variety of applications. The most advanced electronic keys contain embedded processors, storage and computational elements.
They are used as data storage (for example for storing biometric data, social security information or user profile information) and very widely in electronic ticketing, time systems and access control. There are hundreds of applications of electronic keys. These features led to application of these devices as electronic purses used for payments in shops, public transport, road tolling, parking, resource access etc. Electronic keys can communicate with other devices known as electronic access points (card readers for smartcards) and this communication can be established by means of physical connection between electric contacts of a communication interface of the electronic key and the electronic access point. There are also known electronic keys which are equipped with wireless communication interface to the electronic access point.
In the simplest case the electronic key has only a memory module. The type of memory used in electronic keys varies. In some applications it is a random access memory (RAM) and/or an electrically erasable programmable read-only memory (EEPROM). The EEPROM memory is used for applications such as "electronic- money" in smartcards. It could be also a read-only memory (ROM).
In all security systems four aspects must be considered: authentication, authorization privacy and data integrity.
One of the risks is that party that is trying to access the resource is not the party it claims it is.
This problem is known as authentication.
Other requirement providing safety of the resource is known as authorization. If the party meets this requirement it means that the party is sanctioned for a particular function (e.g. to access a particular resource).
Confidentiality of data is assured by the privacy requirement. Fulfilling this requirement protects the data against eavesdropping or observation by third party.
Another risk related to e-commerce, and in general data exchange, is the risk that a third party could alter the data. Requirement for this case is known as data integrity.
When a person is attempting to access a resource, the system that prevents access by persons that are not authorized, should in a first instance check if the person is actually the person he/she claims to be. This process is called authentication. In the most frequent application it is carried out by checking whether a person that uses a magnetic or chip card knows a Personal Identification Number (PIN) assigned to this card. As the basic assumption is that only the legitimate owner of the card knows the PIN, if the PIN entered by the present user of the card matches that known by the system, it is assumed that the person is the legitimate user of the card.
Once the person is authenticated the system checks his/her authorizations. The authorizations are stored in a database and define what this person is allowed to do (e.g. limit of financial transactions, which rooms in the office this person has been granted access, etc.).
Privacy aspect in a situation with card and PIN relates to situations in which the PIN can be obtained without knowledge of the legitimate user of the card (eavesdropping, secret cameras, etc.) or when the legitimate user is forced to reveal the PIN. The card can be stolen or in case of magnetic cards the magnetic strip can be scanned and the reproduced.
Data integrity for electronic keys (e.g. cards) is assured by recording data in several different formats (data written on the magnetic strip, data embossed on the card, picture of the owner). However tampering with that data is relatively easy, which makes it possible to make a forged card with proper data on it.
Hence, an improved system for controlling access to protected resources would be advantageous, and in particular a system providing an improved authentication process, privacy and data integrity would be advantageous.
Summary of the Invention
Accordingly, the Invention seeks to preferably mitigate, alleviate or eliminate one or more of the above mentioned disadvantages singly or in any combination.
According to a first aspect of the present invention there is provided an access control system as claimed in claim 1.
According to a second aspect of the present invention there is provided an Electronic Key, for use in the access control system as claimed in claim 22.
According to a third aspect of the present invention there is provided an Electronic Access Point, for use in the access control system as claimed in claim 28.
According to a fourth aspect of the present invention there is provided a method of controlling access as claimed in claim 30.
The present invention beneficially allows for the creation of a security system, which provides stronger methods of authentication (using biometric features for identification requires presence of the right person at the time of authentication) and privacy than those known in the prior art. As the access codes stored in the Electronic Key are encrypted, stealing the Key does not allow the thief to access the resource. One- use access codes makes it useless eavesdropping or intercepting the access code, as it is rendered invalid once transmitted from the Electronic Key to the Electronic Access Point.
Apart from using the biometric scanner for authentication, biometric parameters obtained in the process of scanning, are used for encryption of the data stored and transmitted between the Electronic Key and the Electronic Access Point. In result in the first embodiment any communication between the Electronic Key and the Electronic Access Point is encrypted. In addition the Electronic Key for the first embodiment is very cheap in production. Using the system is very simple in any one of the embodiments. In one embodiment the Electronic Key has two functions a key and safe data storage. This embodiment cuts down on the amount of gadgets an employee has to carry around at all times.
Brief description of the drawings
The present invention will be understood and appreciated more fully from the following detailed description taken in conjunction with the drawings in which: FIG. 1 is a diagram illustrating an access control system in one embodiment of the present invention, FIG. 2 is a diagram illustrating an access control system in an alternative embodiment of the present invention, FIG. 3 is a diagram illustrating an access control system in one embodiment of the present invention, FIG. 4 is a flow chart illustrating a method of controlling access in an access control system in a first embodiment of the present invention, FIG. 5 is a flow chart illustrating a method of controlling access in an access control system in a second embodiment of the present invention, FIG. 6 is a flow chart illustrating a method of controlling access in an access control system in a third embodiment of the present invention.
Description of an embodiment of the invention
FIG. 1 illustrates an access control system in an embodiment of the invention. The access control system comprises an Electronic Access Point (EAP) 102 and an Electronic Key (EK) 104 to access a resource protected by said EAP 102. The access control system 100 comprises also a database server 106 operably connected to said EAP 102. The EAP comprises a first controller operably connected to a biometric scanner 108, a first communication interface 112 for communicating with said EK 104 and a second communication interface 120 for communicating with said database server 106.
The Electronic Key 104 comprises a third communication interface 114 and a database table 116.
Said third communication interface is used for communication with said EAP 102. Said database table 116 is used for storing ID of said Electronic Key 104 and an encrypted access code to said EAP 102.
Said first, second and third communication interfaces may be either wireless, or contactless or electric contact interfaces.
Said database table 116 of said Electronic Key 104 is stored in a memory module.
In operation when said Electronic Key 104 is connected to said EAP 102 said biometric scanner 108 obtains an Unique Personal Characteristic (also termed as biometric parameter(s)).
Said biometric scanner 108 is a device suitable for identification of a person based on a unique biological characteristic of that person. Said biometric scanner 108 may be a fingerprint scanner or a retina scanner, or a voice scanner.
The EAP 102 is adapted to request an encrypted access code stored in said database table 116 of said Electronic Key 104. The Electronic Key 104 transmits said encrypted access code to said EAP 102 and said first controller 110 decrypts said encrypted access code using at least one biometric parameter obtained by said biometric scanner 108.
The number of biometric parameters used for encryption/decryption depends on how strong the encryption must be. More parameters used for encryption (and in consequence for decryption) require more processing power from the system 100 and increase its cost.
If the Electronic Key 104 was a proper electronic key for accessing said EAP 102 and the user of said Electronic Key 104 was the legitimate user the obtained biometric parameters are correct and the encrypted access code received by the EAP 102 can be decrypted by the first controller 110. Then the first controller transmits the decrypted access code via said second communication interface 120 to said database server 106.
The database server verifies the received decrypted access code comparing it with access codes stored in said database server 106. Said database server keeps records containing at least ID of electronic keys and corresponding access codes. If the received access code from the Electronic Key 104 and its ID match record stored in said database server 106 the database server 106 informs said first controller 110 that the access code is positively verified. In return the first controller 110 grants an access to the resource as requested by the user of the Electronic Key 104.
To increase security of the system the access code after said positive verification is rendered invalid.
When said first controller 110 receives confirmation of positive verification it generates a new access code and transmits said new access code to said database server 106 to replace the access code that was positively verified. The first controller 110 encrypts a copy of the access code using said at least one biometric parameter and transmits said copy to said database table 116 of said Electronic Key 104 to replace the encrypted access code stored therein.
FIG. 2 illustrates an access control system in an alternative embodiment of the invention.
In this embodiment the biometric scanner 106 is incorporated in said Electronic Key 104. Said Electronic Key 104 comprises also a second controller 118 operably connected to said biometric scanner 108, said third communication interface 114 and said database table 116.
There are possible two alternative modes of operation of said access control system in said alternative embodiment as depicted on FIG. 2.
In a first mode of operation when said Electronic Key 104 is connected to said EAP 102 said biometric scanner 108 obtains an Unique Personal Characteristics.
The second controller 118 decrypts said encrypted access code using said obtained at least one biometric parameter. Decryption is possible only if the biometric parameters were obtained from the proper person (i.e. legitimate user of the Electronic Key 104) by the biometric scanner 108. The access code is transmitted to said EAP 102 in a decrypted format and said first controller 110 transmits it to the database server 106 for verification. Granting access is carried out in the same way as in the first embodiment.
As in the first embodiment to increase security of the system the access code after said positive verification is rendered invalid. When said first controller 110 receives confirmation of positive verification it generates a new access code and transmits said new access code to said database server 106 and to said second controller 118 to replace the access code that was positively verified. The second controller 118 encrypts a copy of the access code using said at least one biometric parameter and transmits said copy to said database table 116 to replace the encrypted access code stored therein.
In a second mode of operation when said Electronic Key 104 is connected to said EAP 102 said biometric scanner 108 obtains an Unique Personal Characteristics.
Said second controller 118 encrypts said at least one biometric parameter and transmits said encrypted parameter to said EAP 102. In the process of encryption of said at least one biometric parameter an encryption algorithm known in the art and not based on biometric parameters is used. The Electronic Key 104 and the EAP 102 are configured to be able to decrypt said encrypted parameter in said first controller 110 of said EAP 102.
Once said at least one biometric parameter is in the first controller remaining steps of operation of the system are identical with those of the first embodiment of the invention (when the biometric scanner 106 is a part of said EAP 102).
FIG. 3 illustrates an access control system 100 in an alternative embodiment of the invention. The system in any of the above embodiments may be implemented as consisting of plurality of EAPs 102, 304, 306, wherein said EAP are connected to one database server 106. In this embodiment the database server 106 stores IDs of all connected EAPs 102, 304, 306 and assigned to them electronic keys, and corresponding access codes.
One example of the table used by the database server is presented in Table 1.
Table 1
EAP ID KEY ID ACCESS CODE
EAP_001 KEY_004 RGT1652 EAP_001 KEY_005 GTR1726 EAP_001 KEY_008 HTR9922 EAP_002 KEY_001 POY7687 EAP_002 KEY_004 6572YTR EAP_003 KEY_004 R334JDV EAP_003 KEY_008 IUK476U When the database server 106 receives access code for verification it also receives an ID of the EAP that sent this query and an ID of the Electronic Key that is used for accessing the resource protected by the EAP. In one embodiment data stored in said database server may be encrypted.
Similarly the Electronic Key 104 may be used for accessing plurality of EAPs. In this embodiment the Electronic Key 104 stores IDs of said plurality of EAPs and corresponding access codes, in an encrypted format, in said database table 116. ID of said Electronic Key 116 is also stored in said database table 116.
In one embodiment, when the memory module in which the database table 116 is stored is big enough, the Electronic Key 104 can be used also as safe data storage. In this embodiment the Electronic Key 104 is adapted to write into and read from said memory module computer readable files. It is also adapted to encrypt and decrypt said computer readable files using said at least one biometric parameters. There are known in the art memory modules of capacity up to 1GB that can be connected to a USE port of a computer.
FIG. 4 illustrates a method of controlling access in an access control system in one embodiment of the invention. In this embodiment the EAP 102 comprises said biometric scanner 108.
After connecting said Electronic Key 104 to said EAP 102 said biometric scanner 108 scans fingerprint(s) or retina or voice sample of a user of the Electronic Key 104 and obtains at least one biometric parameter that is unique for the user and suitable for identification purposes. Methods of scanning and obtaining such unique biometric parameters are known in the art and are not subject of the present invention.
Said at least one biometric parameter is transmitted 402 from said biometric scanner 108 to the first controller 110. In the next step the first controller 110 sends 404 an ID of the EAP 102 to the database table 116 of said Electronic Key 104. The Electronic Key 104 searches the database table 116 for the presence of the received EAP's ID. If the EAP's ID is present in the database table 116 the Electronic Key 104 returns 406 its own ID to said first controller 110.
In one embodiment, if the Electronic Key ID is encrypted, said first controller 110 decrypts it using said at least one biometric parameter and sends 408 it to the database server 106 to check if the Electronic Key ID is valid. In alternative embodiment, if the Electronic Key ID is not encrypted, said first controller 110 sends 408 it to the database server 106 to check if the Electronic Key ID is valid.
In the next step the database server 106 returns 410 to the first controller 110 the result said check.
If the Electronic Key ID is not valid access is not granted and connection between said Electronic Key 104 and said EAP 102 is terminated. If said Electronic Key ID is valid the first controller 110 requests 412 an access code from said Electronic Key 104. In the next step the Electronic Key 104 sends 414 said encrypted access code to said first controller 110.
The first controller 110 decrypts said encrypted access code using said at least one biometric parameter and sends 416 said decrypted access code to said database server 106 for verification. In the next step the database server returns 418 to said first controller results of said verification. If said verification is negative access is not granted and connection between said Electronic Key 104 and said EAP 102 is terminated.
If said verification is positive the first controller generates a new random access code. A copy of said new access code is created by said first controller 110 and said first controller 110 encrypts one copy of said new access code with said at least one biometric parameter.
In the next steps the first controller 110 starts a commit process with the Electronic Key 104 and the database server 106. In step 420 an encrypted new access code is transmitted to the Electronic Key 104. In step 422 a plain new access code (i.e. not encrypted) is transmitted to the database server 106. In steps 424 and 426 the Electronic Key 104 and the database server respectively confirm reception of the new access code.
In steps 428 and 430 the first controller 110 sends respectively to the database table 116 and to the database server 106 an order to commit replacement of the access code that was used in the steps 414 and 416 with the new access code in said database table 116 and said database server 106.
In the final step the first controller grants an access and sends an order 432 to an authorization mechanism (e.g. a door lock) to authorize the user of the Electronic Key 104 to access the protected resource.
FIG. 5 illustrates a method of controlling access in an access control system in alternative embodiment of the invention. In this embodiment the Electronic Key 104 comprises said biometric scanner 108.
After connecting said Electronic Key 104 to said EAP 102 said biometric scanner 108 scans fingerprint(s) or retina or voice sample of a user of the Electronic Key 104 and obtains at least one biometric parameter that is unique for the user and suitable for identification purposes. Said at least one biometric parameter is transmitted 502 from said biometric scanner 108 to the second controller 118. In the next step the Electronic Key 104 sends 504 its ID to the first controller. The Electronic Key ID is sent as plain data.
In the next step the first controller 110 sends 506 an ID of the Electronic Key 104 to the database server 106. The database server 106 searches its database for the presence of the received ID of said Electronic Key 104. If the ID of said Electronic Key 104 is present in the database server 106 the database server 106 confirms 508 that the Electronic Key ID is valid. Then said first controller 110 sends 510 an ID of the EAP 102 to said second controller 118.
In the next step the second controller 118 searches 512 in said database table 116 the access code assigned to said received ID of the EAP 102. The database table 116 returns 514 said access code to said second controller 118. The access code is encrypted.
The second controller 118 decrypts the encrypted access code using said at least one biometric parameter as a decryption key and sends 516 the decrypted access code to the first controller 110.
In the next step the first controller 110 sends 518 said decrypted access code to said database server 106 for verification. In the next step the database server returns 520 to said first controller 110 results of said verification. If said verification is negative access is not granted and connection between said Electronic Key 104 and said EAP 102 is terminated. If said verification is positive the first controller 110 generates a new random access code.
In the next steps the first controller 110 starts a commit process with the Electronic Key 104 and the database server 106. In step 522 a plain new access code (i.e. not encrypted) is transmitted to the Electronic Key 104. In step 524 the same plain new access code is transmitted to the database server 106.
The second controller 118 encrypts said new access code and sends 526 said encrypted new access code to said database table 116. In step 530 said database table confirms reception of the encrypted new access code and in return said second controller 118 in step 532 sends to a first controller 110 a confirmation that the encrypted new access code is in the database table 116.
In step 528 said database server 106 confirms reception of the new access code. In steps 534 and 536 the first controller 110 sends respectively to the second controller 118 and to the database server 106 an order to commit replacement of the access code that was used in the steps 514 - 518 with the new access code in said database table 116 and said database server 106. In step 538 the second controller 118 sends to the database table an order to commit said replacement.
In the final step the first controller grants an access and sends an order 540 to an authorization mechanism (e.g. a door lock) to authorize the user of the Electronic Key 104 to access the protected resource.
FIG. 6 illustrates a method of controlling access in an access control system in yet another alternative embodiment of the invention. In this embodiment the Electronic Key 104 comprises said biometric scanner 108.
After connecting said Electronic Key 104 to said EAP 102 said biometric scanner 108 scans fingerprint(s) or retina or voice sample of a user of the Electronic Key 104 and obtains at least one biometric parameter that is unique for the user and suitable for identification purposes. Said at least one biometric parameter is transmitted 602 from said biometric scanner 108 to the second controller 118.
Then the Electronic Key ID is sent 604 to the first controller 110 and the first controller passes 606 it to the database server 106. The database server 106 checks its database for the presence of the received ID of said Electronic Key 104. In the next step the database server 106 returns 608 to the first controller 110 the result of said check. If the Electronic Key ID is not valid access is not granted and the connection between said Electronic Key 104 and said EAP 102 is terminated. If said Electronic Key ID is valid the first controller 110 returns 610 to said second controller 118 an ID of the EAP 102.
Said second controller 118 encrypts said at least one biometric parameter, wherein in the process of encryption of said at least one biometric parameter an encryption algorithm known in the art and not based on biometric parameters is used. Said encrypted biometric parameter(s) is (are) sent 612 to said first controller 110. Said first controller decrypts it and in return requests 614 an encrypted access code to said EAP 102.
In the next step the second controller 118 searches 616 in said database table 116 the access code assigned to said received ID of the EAP 102. The database table 116 returns 618 said access code to said second controller 118. Said access code is encrypted. In the next step the second controller 118 sends 620 said encrypted access code to said first controller 110.
The first controller 110 decrypts said encrypted access code using said at least one biometric parameter and sends 622 said decrypted access code to said database server 106 for verification. In the next step the database server returns 624 to said first controller results of said verification. If said verification is negative access is not granted and connection between said Electronic Key 104 and said EAP 102 is terminated.
If said verification is positive the first controller generates a new, random access code. A copy of said new access code is created by said first controller 110 and said first controller 110 encrypts one copy of said new access code with said at least one biometric parameter.
In the next steps the first controller 110 starts a commit process with the Electronic Key 104 and the database server 106. In step 626 an encrypted new access code is transmitted to the Electronic Key 104. In step 628 a plain new access code (i.e. not encrypted) is transmitted to the database server 106. In step 630 the second controller transfers said encrypted new access code to said database table 116 and in step 634 said database table 116 confirms reception of the encrypted new access code. In return said second controller 118 in step 636 sends to a first controller 110 a confirmation that the encrypted new access code is in the database table 116. In step 632 said database server 106 confirms reception of the new access code. In steps 638 and 640 the first controller 110 sends respectively to the second controller 118 and to the database server 106 an order to commit replacement of the access code that was used in the steps 618 - 622 with the new access code in said database table 116 and said database server 106. In step 642 the second controller 118 sends to the database table 116 an order to commit said replacement.
In the final step the first controller grants an access and sends an order 644 to an authorization mechanism (e.g. a door lock) to authorize the user of the Electronic Key 104 to access the protected resource.
There are possible many implementations of the invention. Particular aspects depend on the required level of security. This level of security may be adjusted by using one or multiple biometric parameters for encoding/decoding or by implementing combination of different scanning techniques.

Claims (43)

  1. Claims 1. An access control system comprising an Electronic Access Point
    and an Electronic Key to access a resource protected by said Electronic Access Point and further comprising a biometric scanner and a database server, wherein said Electronic Key has an encrypted access code to said Electronic Access Point and said Electronic Key is adapted to transmit said access code to said Electronic Access Point and said Electronic Access Point is adapted to grant an access if the encrypted access code is decrypted using at least one biometric parameter obtained from said biometric scanner and said decrypted access code is positively verified by said database server.
  2. 2. The system according to claim 1, wherein said Electronic Access Point has a first controller adapted to encrypt and decrypt data using at least one biometric parameter obtained from said biometric scanner.
  3. 3. The system according to claim 2, wherein said first controller is adapted to generate a new access code and to transmit said new access code to said database server and to said Electronic Key to replace the access code with said new access code after said positive verification.
  4. 4. The system according to any one of preceding claims, wherein said Electronic Key comprises said biometric scanner and a second controller.
  5. 5. The system according to claim 4, wherein said second controller is adapted to decrypt said access code using said at least one biometric parameter and to transmit said decrypted access code to said Electronic Access Point.
  6. 6. The system according to claim 4, when dependent on claim 3, wherein said second controller is adapted to encrypt said new access code using said at least one biometric parameter before replacing said access code stored in said Electronic Key.
  7. 7. The system according to claim 4, wherein said second controller is adapted to transmit said at least one biometric parameter in an encrypted format to said Electronic Access Point and further adapted to transmit said encrypted access code to said Electronic Access Point and said Electronic Access Point is adapted to decrypt said encrypted access code using said at least one biometric parameter.
  8. 8. The system according to any one of claims 1 - 3, wherein said Electronic Access Point comprises said biometric scanner.
  9. 9. The system according to claim 8, wherein said Electronic Key is adapted to transmit said access code in an encrypted format to said Electronic Access Point and said first controller is adapted to decrypt said encrypted access code using said at least one biometric parameter.
  10. 1O. The system according to claim 8, when dependent on claim 3, wherein said first controller is adapted to transmit said new access code to said Electronic Key for said replacement and to encrypt said new access code using said at least one biometric parameter before said transmission.
    I
  11. 11. The system according to any one of preceding claims, wherein said Electronic Key is adapted to store encrypted access codes to plurality of Electronic Access Points.
  12. 12. The system according to any one of preceding claims, wherein said Electronic Key has a database table for storing IDs of said Electronic Access Points and corresponding encrypted access codes.
  13. 13. The system according to any one of preceding claims, wherein said database server is operably connected to a plurality of Electronic Access Points and comprises a table for storing IDs of said plurality of Electronic Access Points and IDs of a plurality of Electronic Keys and corresponding access codes.
  14. 14. The system according to claim 13, wherein said access codes are encrypted.
  15. 15. The system according to any one of preceding claims, wherein said Electronic Key and said Electronic Access Point are adapted to communicate using a wireless or contactless communication interface.
  16. 16. The system according to any one of claims 1 to 14, wherein said Electronic Key and said Electronic Access Point are adapted to communicate using an electric contact interface.
  17. 17. The system according to any one of preceding claims, wherein said database server and said Electronic Access Point are adapted to communicate using a wireless communication interface.
  18. 18. The system according to any one of claims 1 to 16, wherein said database server and said Electronic Access Point are adapted to communicate using an electric contact interface.
  19. 19. The system according to any one of preceding claims, wherein said database table is stored in a memory module.
  20. 20. The system according to any one of preceding claims, wherein said biometric scanner is a device suitable for identification of a person based on a unique biological characteristic.
  21. 21. The system according to claim 20, wherein said biometric scanner is a fingerprint scanner, a retina scanner or a voice scanner.
  22. 22. An Electronic Key, for use in the access control system of claims 1 to 21, comprising: a) a third communication interface for communicating with an Electronic Access Point; b) a second controller; c) a database table for storing an ID of said Electronic Key and IDs of Electronic Access Points and corresponding encrypted access codes; d) a biometric scanner; wherein said biometric scanner is adapted to obtain at least one biometric parameter of a user of said Electronic Key and said second controller is adapted to encrypt/decrypt said access code using said at least one biometric parameter and to transmit to said Electronic Access Point said Electronic Key ID and said access code.
  23. 23. The Electronic Key according to claim 22, wherein said Electronic Key is further adapted to replace said encrypted access code with a new access code received from said Electronic Access Point.
  24. 24. The Electronic Key according to claim 23, wherein said second controller is adapted to encrypt said new access code before said replacing if said new access code was received as a plain data.
  25. 25. The Electronic Key according to any one of claim 22 to 24, wherein said Electronic Key is further adapted to encrypt said transmission of said at least one biometric parameter.
  26. 26. The Electronic Key according to any one of claim 22 to 25, wherein said database table is stored in a memory module.
  27. 27. The Electronic Key according to claim 26 adapted to write into and read from said memory module computer readable files and further adapted to encrypt and decrypt said computer readable files using said at least one biometric parameters.
  28. 28. An Electronic Access Point, for use in the access control system of claims 1 to 21, comprising: a) a first communication interface for communicating with an Electronic Key; b) a second communication interface for communicating with a database server; c) a first controller; d) a biometric scanner; wherein said Electronic Access Point is adapted to receive from an Electronic Key an Electronic Key ID and an encrypted access code to said Electronic Access Point, and said biometric scanner is adapted to obtain at least one biometric parameter of a user of said Electronic Key and said first controller is adapted to decrypt said encrypted access code using said at least one biometric parameter; said first controller is further adapted to grant an access if said encrypted access code is decrypted and said decrypted access code is positively verified by said database server.
  29. 29. The Electronic Access Point according to claim 28 wherein said first controller is adapted to generate a new access code and to replace the access code stored in said database server with a new access code after said positive verification and to transmit said new access code to said Electronic Key, wherein said new access code is encrypted by said first controller using at least one biometric parameter.
  30. 30. A method of controlling access in an access control system comprising an Electronic Access Point and an Electronic Key, the method comprises the steps of: - obtaining at least one biometric parameter of a user of the Electronic Key using a biometric scanner; - decrypting an encrypted access code stored in said Electronic Key using said at least one biometric parameter; - verifying said decrypted access code in a database server; granting an access if said decrypted access code is positively verified.
  31. 31. A method according to claim 30, wherein if said Electronic Access Point comprises said biometric scanner, said method comprises the step of transmitting said encrypted access code from said Electronic Key to said Electronic Access Point and wherein said step of decryption using said at least one biometric parameter is carried out in said Electronic Access Point.
  32. 32. A method according to claim 30, wherein if said Electronic Key comprises said biometric scanner, said step of decrypting said encrypted access code is carried out in said Electronic Key and said method further comprises the step of transmitting said decrypted access code from said Electronic Key to said Electronic Access Point.
  33. 33. A method according to claim 30, wherein if said Electronic Key comprises said biometric scanner, said method comprises a step of transmitting said at least one biometric parameter from said Electronic Key to said Electronic Access Point, wherein said biometric parameter is transmitted encrypted using a second encryption algorithm, and transmitting said encrypted access code from said Electronic Key to said Electronic Access Point and wherein in said Electronic Access Point said at least one biometric parameter is decrypted using a second decryption algorithm and then said encrypted access code is decrypted using said at least one biometric parameter.
  34. 34. The method according to claim 31, wherein after said step of obtaining said at least one biometric parameter the following steps are carried out: - transmitting by the Electronic Access Point to the Electronic Key an ID of said Electronic Access Point; - transmitting by the Electronic Key an ID of the Electronic Key to the Electronic Access Point if said ID of said Electronic Access Point is recorded in a database table of said Electronic Key; - if said ID of the Electronic Key is recorded in said database server said first controller requests said encrypted access code from said Electronic Key.
  35. 35. The method according to claim 32, wherein after said step of obtaining said at least one biometric parameter the following steps are carried out: - transmitting by said Electronic Key to said Electronic Access Point an ID of said Electronic Key; - transmitting by said Electronic Access Point an ID of said Electronic Access Point to the Electronic Key if said ID of said Electronic Key is recorded in said database server; - requesting by said Electronic Access Point said decrypted access code from said Electronic Key.
  36. 36. The method according to claim 33, wherein after said step of transmitting said at least one biometric parameter the following steps are carried out: - transmitting by said Electronic Access Point to said Electronic Key an ID of said Electronic Access Point; - transmitting by said Electronic Key an ID of said Electronic Key to the Electronic Access Point; - requesting by said Electronic Access Point said encrypted access code from said Electronic Key if said ID of said Electronic Key is recorded in said database server.
  37. 37. The method according to any one of claims 30 to 36 further comprising the following steps: in said first controller generating a new access code and said new access code is transmitted to said database server and to said Electronic Key; in said Electronic Key replacing said encrypted access code with said new access code; in said database server replacing said access code with said new access code.
  38. 38. The method according to claim 37, wherein said new access code is encrypted using said at least one biometric parameter in said first controller.
  39. 39. The method according to claim 37, wherein said new access code is encrypted using said at least one biometric parameter in said Electronic Key.
  40. 40. An access control system substantially as hereinbefore described with reference to FIG. 1 to FIG. 3 of the accompanying drawings.
  41. 41. An Electronic Key for use in an access control system substantially as hereinbefore described with reference to FIG. 1 and FIG. 2 of the accompanying drawings.
  42. 42. An Electronic Access Point for use in an access control system substantially as hereinbefore described with reference to FIG. 1 and FIG. 2 of the accompanying drawings.
  43. 43. A method of controlling access in an access control system substantially as hereinbefore described with reference to FIG. 4 to FIG. 6 of the accompanying drawings.
GB0409406A 2004-04-28 2004-04-28 Access control system and method Expired - Fee Related GB2413672B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0409406A GB2413672B (en) 2004-04-28 2004-04-28 Access control system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0409406A GB2413672B (en) 2004-04-28 2004-04-28 Access control system and method

Publications (3)

Publication Number Publication Date
GB0409406D0 GB0409406D0 (en) 2004-06-02
GB2413672A true GB2413672A (en) 2005-11-02
GB2413672B GB2413672B (en) 2006-08-16

Family

ID=32408132

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0409406A Expired - Fee Related GB2413672B (en) 2004-04-28 2004-04-28 Access control system and method

Country Status (1)

Country Link
GB (1) GB2413672B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022152337A1 (en) * 2021-01-18 2022-07-21 Miroslav Tyrpa Electronic security system
RU2809461C1 (en) * 2021-01-18 2023-12-12 Мирослав ТЫРПА Electronic security system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2329499A (en) * 1997-09-19 1999-03-24 Ibm Controlling access to electronically provided services
WO2001015378A1 (en) * 1999-08-25 2001-03-01 Giesecke & Devrient Gmbh Method of data protection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2329499A (en) * 1997-09-19 1999-03-24 Ibm Controlling access to electronically provided services
WO2001015378A1 (en) * 1999-08-25 2001-03-01 Giesecke & Devrient Gmbh Method of data protection

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022152337A1 (en) * 2021-01-18 2022-07-21 Miroslav Tyrpa Electronic security system
RU2809461C1 (en) * 2021-01-18 2023-12-12 Мирослав ТЫРПА Electronic security system

Also Published As

Publication number Publication date
GB2413672B (en) 2006-08-16
GB0409406D0 (en) 2004-06-02

Similar Documents

Publication Publication Date Title
US20230195865A1 (en) Biometric identification device and methods of use
JP3222111B2 (en) Remote identity verification method and apparatus using personal identification device
KR101226651B1 (en) User authentication method based on the utilization of biometric identification techniques and related architecture
JP5818122B2 (en) Personal information theft prevention and information security system process
Hoepman et al. Crossing borders: Security and privacy issues of the european e-passport
JP3222110B2 (en) Personal identification fob
US6041412A (en) Apparatus and method for providing access to secured data or area
US8417946B2 (en) Method and apparatus for accessing an electronic device by a data terminal
US8607044B2 (en) Privacy enhanced identity scheme using an un-linkable identifier
US8070061B2 (en) Card credential method and system
US5742756A (en) System and method of using smart cards to perform security-critical operations requiring user authorization
CA2447578A1 (en) Authentication using application-specific biometric templates
CN113595714A (en) Contactless card with multiple rotating security keys
US20190028470A1 (en) Method For Verifying The Identity Of A Person
KR102122555B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
KR100720738B1 (en) A method for providing secrecy, authentication and integrity of information to RFID tag
GB2413672A (en) Access control
EP1128342B1 (en) System for providing access to secured data
CN116305299B (en) Control method of solid state disk with built-in radio frequency identification RFID encryption
WO2019161887A1 (en) Secure enrolment of biometric data
CN113421085B (en) Smart card dynamic password authentication method and system
JPH1188322A (en) Digital signature generation method
KR20220106339A (en) Biometrics authentification system using bio-code storage medium and method of the same
AU760426B2 (en) Apparatus and method for providing access to secured data or area

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20220428