WO2003093997A1 - Systeme de securite a boitier de securite assurant une communication amelioree - Google Patents

Systeme de securite a boitier de securite assurant une communication amelioree Download PDF

Info

Publication number
WO2003093997A1
WO2003093997A1 PCT/US2002/013653 US0213653W WO03093997A1 WO 2003093997 A1 WO2003093997 A1 WO 2003093997A1 US 0213653 W US0213653 W US 0213653W WO 03093997 A1 WO03093997 A1 WO 03093997A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
lock box
key
memory
intermediary
Prior art date
Application number
PCT/US2002/013653
Other languages
English (en)
Inventor
Adam Kuenzi
Susan Langford
Ron Chapin
John Buckley
Dirk L. Bellamy
Anton K. Diederich
Original Assignee
Ge Interlogix, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ge Interlogix, Inc. filed Critical Ge Interlogix, Inc.
Priority to EP02731590A priority Critical patent/EP1502181A4/fr
Priority to AU2002303561A priority patent/AU2002303561A1/en
Priority to US10/363,938 priority patent/US20040025039A1/en
Priority to PCT/US2002/013653 priority patent/WO2003093997A1/fr
Publication of WO2003093997A1 publication Critical patent/WO2003093997A1/fr
Priority to US10/713,771 priority patent/US7061367B2/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00896Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • G07C2009/00785Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by light

Definitions

  • the system and methods of this application concern the field of secure communications between electronic devices through the use of software. More particularly, this application relates to secure communications among electronic devices, including a portable electronic key device carried by a user, an electronic lock at a remote location (e.g., a lock box or other electronic lock), and a central authority.
  • a portable electronic key device carried by a user
  • an electronic lock at a remote location e.g., a lock box or other electronic lock
  • a central authority e.g., a lock box or other electronic lock
  • a lock box system is now widely used by real estate agents.
  • a conventional key to the home is held in a lock box device that is secured to or near the door of the home, e.g., by a shackle.
  • Real estate agents carry electronic key devices, sometimes referred to simply as "keys,” that interact with and communicate credentials, e.g., the identity of the key device and, in some cases, the identity of the "key holder,” to the lock box. If these credentials are accepted, the lock box opens and allows access to the conventional key.
  • credentials e.g., the identity of the key device and, in some cases, the identity of the "key holder”
  • the lock box and the key device are administered by a central authority, which may be associated with a local real estate board or real estate agency.
  • a central authority which may be associated with a local real estate board or real estate agency.
  • U.S. Patents 4,766,746 and 5,046,084, and co-pending U.S. Patent Application No. 09/312,919 describe previous generations of such a system. Each of these references is owned by the assignee of the present application and is incorporated herein by reference.
  • the system comprises three parts, i.e. a central computer under control of the central authority, a key device, and a lock box.
  • the key device was a portable, dedicated electronic device that mechanically mated with the lock box to establish direct electrical contact and allow entry of a user code for the particular lock box.
  • Other codes included a personal identification number for the real estate agent using the key device.
  • the key device could also read certain information from the lock box and communicate it back to the central computer, such as the identification numbers of key devices that had gained access to the lock box during a particular period.
  • the key device communicated with the central computer by (1) placing the key device in a proprietary stand that enabled two-way communication between the key device and the central computer, or (2) holding the key device up to the mouthpiece of a conventional telephone and communicating information via the telephone line using DTMF tones or FSK tones.
  • the key device could be any off-the-shelf personal digital assistant (PDA)-type device.
  • PDA personal digital assistant
  • the PDA was inserted into a case having a separate security circuit and mechanical mating elements ' to mate with the lock box by direct electrical contact in order to open it upon the correct codes being entered into the PDA.
  • the key device could read certain information from the lock box and communicate it back to the central computer.
  • each of these versions of the system requires the use of an extra device to enable communications between the key device and the central computer, i.e. a stand, a telephone, or a case.
  • These extra devices provide a measure of security; without the stand or case, communication between the key device and the central computer could not occur.
  • requiring physical mating between the key device (or a case for the key device) and the lock box provides a measure of security; without the mating elements on the key device or the case, the lock box could not be opened. What is needed is a system that does not require an extra device to enable communications between the key device and the central computer, and does not require physical mating between the key device and the lock box, but is still secure.
  • the system should allow the use of an open-architecture PDA-type device or other device with wireless capability, such as a cell phone or a laptop computer, as the key device.
  • all communications between the key device and the central computer could occur over the Internet.
  • All communications between the key device and the lock box could be performed by infrared or RF techniques.
  • the difficulty is that, without an extra device being required to enable communications between an off- the-shelf PDA key device or other wireless device and the central computer, and without physical mating being required between an off-the-shelf PDA key device or other wireless device and a lock box, all security has to be done through software, not hardware.
  • a particularly important security concern that must be protected against is that an authorized PDA's memory might be copied to another device, thus allowing an unauthorized user to gain access to the physical key to a listed home.
  • the remote location is secured by an electronic lock box or other electronic lock. Users open or otherwise manipulate the electronic lock via an electronic key device.
  • the electronic key device may be an open architecture PDA programmed to function as an electronic key device, while retaining its general-purpose PDA functionality. Alternatively, the electronic key device may be a special-purpose device designed to function as an electronic key device.
  • the key device and the lock box communicate with each other, preferably, by infrared techniques.
  • the lock box and the key device are administered by a central authority via a central computer, which coordinates all security measures through the use of, e.g., frequent updates, memory tokens and/or authorization tokens that the key device cannot read, Message Authentication Codes and/or other forms of checksums, and encryption.
  • a plurality of key devices may be programmed to open the same lock box.
  • a single key device may be programmed to open a plurality of lock boxes.
  • Figure 1 is a schematic diagram showing the connectivity and information exchange between components of the system.
  • Figure 2 is a block diagram of a key device and a lock box.
  • Figure 3 is a flowchart of security checking between the server and a key device.
  • Figures 4A, 4B, and 4C are flowcharts of security checking routines between a lock box and a key device.
  • Figure 5 is a flowchart of a security checking routine on a key device.
  • Figure 6 is a pictorial view of an exemplary lock box with a shackle in the closed position.
  • Figure 7 is a cross-sectional view showing the internal construction of the lock box of Figure 6 and the key container thereof in the secured position.
  • Figure 8 is a cross-sectional view showing the internal construction of the lock box of Figure 6 and the key container thereof in the pre-release position.
  • Figure 9 is a cross-sectional view showing the internal construction of the lock box of Figure 6 and the key container thereof in the released position.
  • Figure 10 is a cross-sectional view showing the internal construction of the lock box of Figure 6 with the shackle thereof in the open position.
  • the electronic key device is an open architecture personal digital assistant (PDA) programmed to function as an electronic key device, while retaining its general-purpose PDA functionality. Also, at least the communication between the key device and the electronic lock occurs via infrared transmission or another suitable optoelectronic method.
  • PDA personal digital assistant
  • an administrator represented by a computer or server 110
  • PDA key device 114 exchanges information through public and/or private networks 112 with a PDA key device 114. Examples of contemplated public networks include the Internet and the web. The exchange of information may occur through a wired connection or through a wireless connection.
  • FIG. 1 An example of a wired connection is depicted in Figure 1 by the PDA 114 communicating with a stand 116, which communicates with a personal computer 118, which communicates with the server 110 through the network 112 via a modem (not shown) in the personal computer.
  • An example of a wireless connection is depicted in Figure 1 by the PDA communicating with the server 110 directly through the network 112 via a modem in the PDA (shown at 210 in Figure 2).
  • An electronic lock e.g., an electronic lock box 120, secures a remote location, such as a house or other building (not shown).
  • a remote location such as a house or other building (not shown).
  • other types of electronic locks receptive to infrared communication and capable of authenticating an access request from a key device are equally suitable for use in the present system.
  • the key device 114 and the lock box 120 exchange information when a user, called a "key holder” or a "key device user,” visits the remote location and places the key device 114 in proximity with the lock box 120.
  • the key device acts as an "intermediary" between the server 110 and its “clients,” e.g., the various locks in the system, such as the lock box 120.
  • a use of the present system is in the real estate sales industry, where locks such as the lock box 120 can be attached to properties that are available for sale. Such a real estate application is described herein.
  • the present system is also useful in many other situations, however, and is expressly not limited to real estate applications.
  • the key device 114 requires several internal components, each of which is commonly found in a PDA. These include a central processing unit (CPU) 200, a memory 202, a battery 204, and at least one input/output channel 206.
  • the at least one input/output channel 206 preferably comprises at least two input/output channels, including an infrared transceiver 208 and a modem 210.
  • the lock box 120 also comprises several internal components.
  • the lock box 120 comprises a central processing unit (CPU) 250, including a real-time clock 252 within the CPU; at least one battery 254; preferably a second battery 256, a key container 258 for holding at least one conventional key (not shown), an infrared transceiver 260, and a memory 262.
  • the memory 262 is partitioned into a secure area 264 and a public area 266.
  • the lock box 120 also comprises an external shackle 268, which is used to secure the lock box 120 to a door or other fixed object (not shown).
  • the key device 114 and the lock box 120 communicate with each other via the infrared transceivers 208, 260, respectively, as shown by the arrow 122.
  • Palm Pilot Although any PDA with infrared communications capability can be used.
  • Palm OS operating system the Microsoft Windows CE operating system, or similar operating systems could also be used.
  • other wireless devices such as cell phones and laptop computers, could also be used. With some devices, RF communication would be used rather than infrared communication. All these devices and communication methods are within the scope of the present system. Security Concerns
  • the main security concerns regarding the present system are threefold: first, a clever and cheap real estate agent; second, a competitor; and third, a malicious attempt to break into a lock box.
  • the concern with a clever real estate agent is that she might be looking for free service.
  • the system includes mechanisms to stop real estate agents from obtaining free information from the server, and from opening lock boxes with a copy of another real estate agent's databases and applications.
  • a real estate agent could copy a valid PDA and use the copy for operating the lock box. But, she would still not be able to sync to the server. Daily expiration of memory tokens and update codes would make this method a continual nuisance for the agent.
  • the encryption keys can be "rolled," i.e., changed, to stop a third party from operating the lock box.
  • Breaking into houses or other properties for sale is a very real concern. However, most common thieves will not try to compromise a lock box, but rather will break a window or "bust in” a door.
  • the third concern is really about malicious attacks against the system. Attacking the system involves reverse engineering the PDA application to get around copy protection, or attempting to crack the encryption keys so that memory tokens can be 'generated' and posted on the Internet for anyone to use. This threat is addressed by user lockouts in the lock box, the use of Advanced Encryption Standard (AES) with 128-bit keys, and a way to re-key or roll the system.
  • AES Advanced Encryption Standard
  • access to the lock box through infrared communication is accomplished by communication between the lock box and a conventional general-use PDA device programmed for this use.
  • a dedicated electronic key equipped with infrared communication capability can be used in place of the PDA.
  • An example of the latter is the assignee's proprietary key device known as DisplayKEY.
  • DisplayKEY the assignee's proprietary key device
  • key device refers to both a general-purpose PDA and a DisplayKey or the like.
  • Authorization tokens means a data block that contains information to be communicated between devices, such as system codes or other codes, encryption keys, etc. Authorization tokens in the present system are often are not readable by the devices on which they reside, as explained further below, in order to pass information from the server through a key device to a lock box without interference.
  • Authorization tokens specify what permissions and options each user has within a System Code.
  • Authorization tokens are generally sent to a key device during a synchronization process (sync) to the server.
  • Sync refers to an act of the key device communicating with the server to exchange data therewith; this is meant to occur periodically, typically daily.
  • Authorization tokens are formed with strings of plain-text data followed by a Message Authentication Code (MAC) that verifies the contents of the authorization token. (A MAC is a well-known form of checksum.)
  • MACs and other information are encrypted with industry standard algorithms.
  • the Advanced Encryption Standard (AES) with 128-bit keys is the encryption algorithm preferably used, although other encryption algorithms may also be used.
  • Cryptographic keys are different for each System Code, so compromised keys would have limited access to one system only.
  • Key devices can have multiple authorization tokens simultaneously, so a key device can be used with different System Codes. This is useful if, for instance, a key holder is geographically located near a boundary between MLS territories and sells properties in both territories.
  • a lock box can have only one assigned System Code at a time, i.e. it may be assigned to only one MLS at a time. If multiple authorization tokens have the same System Code, the lock box will try them in order one at a time.
  • the lock box has three lockout mechanisms.
  • Bad Authorization Token Lockout If more than 20 bad authorization tokens are received, the lock box locks up all activity for 10 minutes.
  • "Bad authorization token” means, generally, that the MAC is not correct or that the Update Code is not correct. If the MAC and/or the Update Code are both correct, yet the user is not updated for today's date, this is not considered a bad authorization token; however, the user is not updated to open the box.
  • a first mode is a "key” mode. This operation mode is the one most often used by real estate agents, and is described in detail herein.
  • Authorization tokens provide the security in this mode, and a challenge/response is used when the PIN is exchanged.
  • a second operation mode is a "programming base connection" mode.
  • a programming base is a physical device that connects to a lock box, either physically or by infrared or another communication method, to reprogram it.
  • the programming base connection mode is established by a challenge/response that requires the programming base to know an encryption key, K BO ⁇ , that is unique to a given lock box and is programmed into the lock box at the factory.
  • K BO ⁇ is, preferably, stored in EEPROM associated with the CPU 250 of the lock box.
  • the programming base will have an on-line connection to the central authority. If the programming base is trusted hardware, the device-unique key K BO ⁇ can be saved and used in an off-line mode.
  • a third operation mode is a "public" mode. If a key device connects to a lock box in the public mode, only a limited number of commands are allowed and only a portion of the lock box's memory that is reserved for such public functions can be read, as described below.
  • the encryption keys in a lock box are write-only and the normal Read Memory command is masked off for this portion of the memory map.
  • the only way to "read” an encryption key out of a lock box is destructive and involves a lot of technology.
  • a PDA is the desired device to be used as a key.
  • Several potential security problems are solved by the present system, i.e., 1. Syncing to the server without authorization
  • a rolling code is a random number generated with each connection to the server and saved as a memory token on the PDA.
  • Memory tokens are non-moveable data chunks that are disassociated from the PDA application and not linked to any application or database. They are not easily re-created on another PDA. Creating this memory token, or establishing the trust relationship from a PDA to the server, is done with a registration process. A unique number must be keyed into the PDA by the user or by installation software at the central authority that will "register” this PDA for the first sync to the server. After the first sync ⁇ the rolling code mechanism is in place.
  • Copy protection does not mean that applications and databases cannot be copied from one PDA to another. Rather, it means that, once copied, the applications will fail to operate normally for the user. This is accomplished by the use of memory tokens, as noted.
  • Three memory tokens are used in the present system: a PDA self-check memory token, a rolling code memory token known only to the server, and an encryption key memory token.
  • the PIN encryption key memory token, K? m is encrypted into an authorization token, known only to the server and the lock box, and is used by the lock box in the transfer of the PIN, Shackle Code, or Programming Code from the PDA to the lock box, as described below.
  • Unauthorized access to lock boxes is solved by using: 1) MACs and a bad code lockout in the key device to resist modifying or generating new memory tokens;
  • the server is critical in the system because it is connected to the Internet and thus vulnerable to sophisticated hacking attempts.
  • Database servers will be protected, including by use of firewalls. Encryption keys, PINs, and rolling codes are stored on the database servers, and thus it is critical to maintain their integrity.
  • Encryption keys, PINs, and rolling codes are stored on the database servers, and thus it is critical to maintain their integrity.
  • Authorization to the server is done with a unique key device-holder serial number, with the System Code, and with the rolling code memory token.
  • the rolling code memory token is used in a challenge/response where the server challenges the PDA by sending a memory location, and the PDA responds by returning the contents of memory at that location. If the data is incorrect, then the PDA is denied service.
  • the rolling code memory .token checking works as follows. As shown in Figure 3, at a given sync between the server and a PDA, shown on the left side of Figure 3 as sync n, in step 300 the server creates a random string of data called a "rolling code" and stores it on the server. In step 310, the server asks the PDA to select a random address Al in the memory of the PDA and communicate the address Al to the server. The server then stores the address Al on the server, hi step 320, the server stores the rolling code on the PDA at the random address Al . At no time is the random address Al in the memory of the PDA pointed to or used by any other application, making detection or discovery by an outsider extremely difficult.
  • step 330 the server passes the random address Al from the server to the PDA and retrieves the data from the memory of the PDA at the address Al .
  • step 340 the server compares the data passed from the PDA to the server with the rolling code stored on the server.
  • step 350 the server asks whether the two strings are the same. If they are the same, this is a good indication that the PDA has not been tampered with and that the PDA that has been presented for sync processing has not been copied from another PDA. In step 360, therefore, the PDA passes the test and sync processing continues.
  • the lock box 120 of the present system has most features of the previous generations of lock boxes, plus some additional features. As shown in Figure 2 and discussed above, important features of the lock box 120 include a key container 258 for holding conventional keys; a shackle 268 for mounting around a door handle or other object; an infrared communication transceiver 260; a central processing unit (CPU) 250; at least one and preferably two internal batteries 254, 256 (preferably primary-lithium batteries having a 5-year life); a real-time clock'252 that is internal to the CPU; and a memory 262.
  • the memory is, preferably, partitioned into secure and public areas 264 and 266, respectively.
  • the lock box 120 uses IrDA communication.
  • the lock box can include a shackle mounting option, which allows the lock box to be secured to a door handle, fence, gate, etc.
  • the lock box may also be configured for alternative mounting, e.g., with fasteners to a stationary object.
  • an unsecured PDA can be used to securely access the lock box, providing it has authorization from the server.
  • Each lock box has a unique serial number, preferably stored in the secure area 264 of the memory of the lock box.
  • the serial number may be used to track maintenance and upgrades.
  • Serial numbers are generally not changed over the life of the lock box. These serial numbers start above the maximum numbers used for serial numbers in previous generations, in order to uniquely identify the present generation. 4-bvte System Code (MLS)
  • An authorization token gives a user authorization to access the System Code.
  • Mixed sites i.e. sites with lock boxes from the present system as well as from previous generation(s) will use System Codes compatible with previous generations as well as with the present system.
  • a challenge/response is used when connecting to the lock box. This eliminates infrared copy and playback, and is described in detail below.
  • the lock box supports AES with 128-bit encryption keys. Encryption is used to securely transmit data from the server through the key device to the lock box. Crypto raphic Keys
  • K S YS system encryption key
  • K BO ⁇ device-unique encryption key
  • the real-time clock keeps the time of day and the date in the lock box.
  • the time and the date are used in the lock box security routine.
  • the time drift is recorded in an access log on an accessing key device and is reported to the server by the accessing key device. Setting the Clock
  • the real time clock can only be programmed by knowledge of the Shackle Code or the Programming Code, or as a programming base. Reading the Clock
  • the real time clock can be read by anyone.
  • the lock box has an internal battery.
  • the lock box maintains the following information about the battery in the EEPROM:
  • the lock box will also measure the battery voltage and temperature and then calculate the estimated charge remaining in the battery. The number of openings done in extreme conditions is a factor in estimating the remaining battery life.
  • the battery status should be saved in the access log of the key device. Battery status can then be reported via e-mail or web-page report to the appropriate person.
  • the infrared communication will comply with IrDA specifications for the physical layer. These specifications, which are well known to those of ordinary skill in the IrDA art, include wavelength, data rates, and pulse widths.
  • the lock box uses IrDA compliant communication for the following IrDA protocols, each of which is well known to those of ordinary skill in the IrDA art: IrDA Link Access Protocol (IrLAP), IrDA Link Management Protocol (IrLMP), and IrDA
  • the lock box has a command protocol that is used by IrDA-equipped devices. This protocol is used for all communication functions with the lock box. With this protocol, there is a master / slave relationship with the key device generally being the master and the lock box generally being the slave. Operation Modes
  • lock boxes there are three operation modes for lock boxes: secure, programming base, and public.
  • the public mode is designed to be used for storage of public information, as described below. It is anticipated that one or more applications will be written to allow PDAs to read this information, and that the application(s) will be downloadable from the web. Commands
  • the firmware can be updated ("flashed") in the field.
  • the key device must have an authorization token that corresponds to the System Code of the lock box, or to the serial number of the lock box.
  • the lock box must validate the authorization tokens that are presented by the key device. Not all of the authorization tokens contained within the key device's database will be transmitted. The particular cryptographic key that is used is determined by the type of the authorization token and by the system encryption key version number that is stored within each authorization token. Update Code Validation
  • a user can enter an Update Code to update the access period to a lock box, i.e., the dates and times during which the key device is authorized to access the lock box.
  • Update Code is simply appended to the end of the authorization token.
  • the PIN encryption key memory token is saved on the key device and is used when sending PIN, Shackle Code, or Programming Code to the lock box.
  • the PIN encryption key memory token is encrypted within an authorization token.
  • the lock box can decrypt the memory token information to use for copy protection.
  • the lock box has a lockout feature that limits brute-force attacks. There are lockouts for bad PIN, bad codes (Shackle Code, CBS Code, Programming Code), and bad authorization tokens. The only lockout that restricts all operation with the box is the bad authorization token lockout. A lockout occurs when the counter reaches 10
  • the lockout is in effect for 10 minutes (also programmable), and then the counter is reset.
  • the bad PIN and bad code counters are reset back to zero when the correct code is entered.
  • the bad authorization token counter is only reset under two conditions: first, when the lockout has occurred and the 10-minute timeout has expired, and second, when the key container is physically opened (i.e. the memory token was valid and updated).
  • This list is, preferably, a lockout list.
  • the key devices on the list are locked out, i.e., not allowed to access the lock box.
  • the serial number list could be configured as an "allowed in” list, i.e., as a list of key devices s that are allowed to operate the lock without needing to be updated. Regardless of which list configuration is used, valid authorization tokens are still required.
  • the key container is the primary feature of a lock box, around which all of the other features of the lock box are built. A key device holder has access to the key container (and the contents thereof) only if they are authorized as explained in the sections above.
  • the key container is released after the open command is sent.
  • the user is required to push up on the bottom of the key container with one hand to release the container.
  • a programming base will also be able to send this command.
  • the CBS Code is a random 7-digit code that is fully programmable in the field, e.g., by a MLS.
  • a lock box might require a key box to send a matching CBS Code if, for instance, a house associated with a given lock box is not available for viewing when the owner is home.
  • the circumstances in which a key box might require a matching CBS Code between the key device and a lock box require a more detailed explanation.
  • the key device has 4 timed access windows that set the time of day and the day of the week when the key container can be opened. This feature can be disabled to set the box to 24-hour access.
  • permission is a string of bytes that is matched on a hierarchical basis (think IP address) and has the capability for permissions per device as well as per structure (i.e. building, floor, room).
  • the string is formatted either byte-wise or bit-wise to form a hierarchy of access.
  • a box will only have one assigned "permission” that a memory token can be compared against.
  • the lock box owner is the key device that has the serial number that is programmed into the owner slot. Log / Count Shackle Openings
  • the access log (as noted above) records the successful shackle and key container openings. Any operations that are unsuccessful are saved in the error log. The access log will log up to approximately 100.accesses. 4-digit Shackle Code Verification • When reading the access log, a key device with a valid and non- expired authorization token authorizing shackle access must also submit a valid 4-digit Shackle Code. If the Shackle Code is incorrect, it counts toward the bad code lockout of the lock box.
  • the log information can be passed to the key device in several ways.
  • the key device can request only the last successful access, which does not require that the user know the Shackle Code, or the key device can request the entire access log, which does require the Shackle Code.
  • the log is saved in an indexed list with a pointer to the most recent log entry, though other types of lists such as doubly linked lists may also be used. If there is no more memory space for adding new log entries, the list will "roll" and each new entry is written over the oldest existing entry. Error Log & Diagnostics
  • the error log is similar to the access log, except that it contains all of the failed operations and error codes.
  • the error log records the last 50 errors. Reading the Error Log by a Key Device
  • Any key device having a valid authorization token that authorizes reading of the error log and is not expired can read the error log.
  • the Shackle Code is not required for this operation.
  • the following information is part of the error log: the serial number of the key, the date and time of the error, the error code, and, optionally, the key holder's name and telephone number.
  • Other Diagnostic Information is part of the error log: the serial number of the key, the date and time of the error, the error code, and, optionally, the key holder's name and telephone number.
  • Error Lo Maintenance can also be requested at the same time the error log is read. This includes the RTC time, the battery status, whether or not the lock box is currently in a bad code lockout, the lock box serial number, and the total number of lock and shackle openings.
  • the log will be saved in a table with an index pointer to indicate the most recent error. If there is not more space for adding new entries, the log will "roll" and each new entry will be written over the oldest entry. Lock Box Programming
  • the lock box is completely programmable at the factory, and only partially programmable in the field. 4-digit Programming Code Field programming is done by authorized keys that have entered the correct
  • the Programming Code is a 4-digit code that is separate from the Shackle Code. If an invalid code is entered it counts toward a bad code lockout. If the Programming Code has been set to 'FFFFFFFF' in the lock box, then the Shackle Code is checked by the lock box instead. Owner Only Verification
  • the lock box has one application information area in its memory that is partitioned into two sub-areas.
  • the first sub-area is a secure information area that can only be read by a key device that has proper server authorization.
  • the second sub-area is public and can be read by any key device or device that has the proper programming. Flags can also be set that allow only the owner of the lock box to program the information.
  • the format and content of the information is application-specific and is not constrained by the lock box in any way.
  • Examples of the information that can be stored in the authorized sub-area include: listing ID, date of listing, MLS name, listing agent's business card information, pictures, key-box-holder to key-box-holder message, etc.
  • Examples of information that can be stored in the public sub-area include such static data as a promotional message from the listing agent to prospective buyers and pictures, and such dynamic data as a log (sales lead) of registration numbers of keys that have read this information.
  • a security concern is that an unauthorized key device will be used to open a lock box, which would allow a physical key to a home obtained by an unauthorized person.
  • One of the techniques used to combat this is the use of a Personal Identification Number (PIN).
  • the server maintains a list of the current PIN for each key device.
  • the server created the initial PIN for each key device.
  • a key device user may change the PIN by commimicating with the. server, preferably through a secure web site.
  • the new PIN is stored on the server.
  • the lock box use the PIN during the verification process as described below.
  • step 400 the server creates a system encryption key K SYS and stores it on the server.
  • the server can support a plurality of system keys; for instance, a unique K SYS can be assigned to each Multiple Listing Service (MLS).
  • MLS Multiple Listing Service
  • step 410 when a lock box is created at the factory, a particular K SYS is programmed into it, e.g. the lock box is assigned to a particular MLS.
  • the K SYS is, preferably, stored in EEPROM associated with the CPU 250 of the lock box.
  • the remaining steps in Figure 4 may occur a plurality of times.
  • step 420 which occurs at each sync between the server and a key device, the server creates a second encryption key, K PDA , and stores it on the server.
  • the server then encrypts K PDA with K SYS and creates a first authorization token, containing the encrypted K PDA , a system code for the desired MLS, and dates on which the key device is authorized to open the particular lock box; encrypts the authorization token with Ks ⁇ S , thereby creating a MAC; and attaches a portion of the MAC to the first authorization token.
  • the first authorization token is then stored on the server.
  • the server also encrypts the PIN stored on the server for the particular PDA using K PDA , and stores the encrypted PIN on the server separately from the unencrypted PIN.
  • the server creates a third encryption key, K PIN , and stores it on the server.
  • the server asks the key device to select a random address A3 in the . memor>' of the PDA and communicate the address A3 to the server.
  • the server then stores the third encryption key K PIN on the key device at the address A3, and stores the address A3 on the server. At no time is the random address A3 in the memory of the key device pointed to or used by any other application, making detection or discovery by an outsider extremely difficult.
  • the server then creates a second authorization token, containing a portion of the encrypted PIN, K PIN , and A3; encrypts the second authorization token with K PDA , thereby creating a MAC; and attaches a portion of the MAC to the second authorization token.
  • the second authorization token is then stored on the server.
  • step 440 the server stores both the first authorization token and the second authorization token on the key device. Because they are encrypted, the key device cannot read either of the authorization tokens.
  • a real estate agent takes the key device to a lock box of a home she wishes to visit, enters her personal identification number (PIN) into the key device, and "wakes up” the lock box.
  • PIN personal identification number
  • This "waking up” preferably occurs by infrared communication, although other forms of communication, including RF, electrical, and mechanical communication among others, are also within the scope of the present system.
  • the lock box asks the key device for the first and second authorization tokens.
  • step 470 the key device sends the first and second authorization tokens to the lock box.
  • step 480 the lock box creates a random string of data, known as a random challenge.
  • the random challenge is preferably based on the real-time clock component of the lock box, though other techniques for creating random strings of data are also within the scope of the present system.
  • step 490 the lock box decrypts the first authorization token using K S ⁇ S. which was programmed into the lock box at the factory (step 410 above). Upon decrypting the .first authorization token, the lock box obtains K PDA and other information stored in the first authorization token. The lock box then uses K PDA : to decrypt the second authorization token, thus obtaining the portion of the encrypted PIN, K PIN , and A3. In step 500, the lock box sends the challenge and the address A3 to the key device.
  • step 510 the key device obtains data from its memory at address A3.
  • the key device also sends the PIN to the lock box.
  • step 520 the key device uses the data at address A3 to encrypt the challenge and the PIN, thereby creating a response, then sends the response back to the lock box.
  • the response is created according to an algorithm stored on the key device, for which the inputs are preferably the challenge, the key used to decrypt the challenge, the , address A3, and the PIN, though more or fewer elements may also be used.
  • step 530 the lock box creates its own response to the challenge.
  • the response must be created using the same algorithm used on the key device, for which the inputs are preferably the original challenge, K PrN , the address A3, and the PIN passed to the lock box by the key device.
  • the lock box then compares the response it just created with the response it obtained from the key device in step 520.
  • step 540 the lock box decides whether the two responses are the same. If they are the same, this is a good indication that the PDA has not been tampered with, that the PDA that has been presented to the lock box has not been copied from another PDA.
  • step 550 the lock box then uses K PDA to encrypt the PIN sent by the key device and selects a portion thereof, thereby creating an expected portion of encrypted PIN.
  • step 560 the lock box compares the expected portion of encrypted PIN with the encrypted portion of the PIN in the second authorization token. If this second comparison also results in a match, i.e., the PDA passes both tests, then, in step 570, the PDA is "trusted" to perform normal processing, and processing continues.
  • the PDA fails either of the two tests, i.e., at least one of the two comparisons in steps 540 and 560 does not result in a match, this is a good indication that the memory of the PDA has been tampered with since the last sync, or that the memory of the PDA being presented to the lock box was copied from the memory of another PDA and the copied data did not go to exactly the same address (which is usually the case when copying from one PDA to another), or that the user does not have the correct PIN. In that case, in step 580, the PDA does not pass the test and is not "trusted" to perform normal processing. Key device
  • the key device used in the present system is, preferably, an open-architecture PDA.
  • Several software applications in accordance with the present system may reside on the PDA for interaction with the server and with a lock box.
  • a technique is needed for a user of a given key device to verify that the memory of the PDA has not been tampered with.
  • step 600 at each sync the server creates a random string of data D2, selects a random address A2 in the memory of the PDA, and stores the data string D2 at the random address A2.
  • step 610 the server stores the string D2 and the address A2 in the database on the PDA.
  • step 620 the PDA retrieves the data string D2 and the address A2 from its database, retrieves a data string from its memory at address A2, and compares the two data strings (i.e. the data string D2 from its database and the string retrieved from its memory at address A2).
  • step 630 the PDA asks whether the two strings are the same. If they are the same, then in step 640 the database on the PDA is "trusted” and normal processing continues. If the two data strings are not the same, this indicates that the PDA has been tampered with or has been copied from another PDA, and in step 650 normal processing is not allowed until the next sync between the PDA and the server. Lock Box Features
  • the lock box 700 has a body 702 and a shackle assembly 704. One end of the shackle assembly 704 can be unlocked (see Figure 10) to allow the lock box 700 to be attached to a door or other secure object.
  • a recess.706 is defined within the body 702.
  • a key container 708, shown in its secured position in Figure 6, is received within the recess 706.
  • the key container 708 has a secure storage area typically used to store one or more conventional keys (not shown).
  • the lock box 700 interacts with key devices via infrared communication.
  • An infrared transceiver 710 which is connected to a circuit with a central processing unit and a memory, allows the lock box 700 to send and receive signals.
  • Figures 7, 8, and 9 are cross-sections of the lock box 700 of Figure 6, and show some of the internal components of the lock box 700. h the illustrated implementation, there are two batteries 709.
  • a capacitor 711 is connected to the batteries 709 and stores a charge for energizing solenoids 712 and 740, which are described below.
  • the key container 708 is shown in its secured position received in the recess 706. i Figure 8, the key container 708 is shown in is pre-release position. In Figure 9, the key container 708 is shown in its released position.
  • the key container 708 is secured by a dual-acting solenoid 712.
  • the solenoid 712 has a male part 714 and a corresponding female part 716, which, when not energized, move axially away from each other and occupy the position shown in Figure 7 to secure the key container 708.
  • the key container 708 has first and second arms 718, 720 with respective notches 722, 724 and respective ramped ends 726, 728. In the secured position, the male part 714 is engaged in the notch 722, and the female part 716 is engaged in the notch 724, as shown in Figure 7.
  • the notches 722, 724 have angled solenoid engagement sections 730, 732, respectively.
  • the key holder who made the authorized request (not shown) has pushed upward on a bottom portion 734 ofthe ' key container 708, which causes the solenoid engagement. sections 730, 732 to engage ihe male part 714 and the female part 716, respectively, and to urge them toward each other. When the male part 714 and the female part 716 are closer together, the monitored inductance increases. The change in inductance is used to trigger activation of the solenoid 712.
  • a display may prompt the key holder with instructions and provide other information throughout the process.
  • the solenoid 712 does not require a separate switch for activation. Rather, the inductance in the male and female parts 714, 716 is sensed and the solenoid is activated when a predetermined inductance level (in this case a higher inductance) is reached. This design helps reduce power consumption, as the solenoid 712 is only activated when the male and female parts 714, 716 are close together.
  • the solenoid 740 secures the shackle assembly 704, and can be energized by a Release Shackle command to retract and allow the shackle assembly to be released as shown in Figure 10.
  • the solenoid 740 can be configured as conventional solenoid as shown in the figures, or, depending upon the specific configuration of the lock box 700, as a power saving solenoid similar to the solenoid 712.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Lock And Its Accessories (AREA)

Abstract

L'invention concerne des systèmes de sécurité et des procédés associés commandant l'accès à des emplacements distants protégés par des verrous électroniques (120). Les utilisateurs ouvrent ou manipulent un verrou électronique (120) au moyen d'un dispositif à clé électronique (114). Ce dernier (114) peut être un assistant numérique personnel à architecture ouverte programmé pour servir de dispositif à clé électronique, tout en conservant sa fonctionnalité générale. Selon une variante, le dispositif à clé électronique (114) peut être un dispositif spécialisé conçu pour servir de dispositif à clé électronique. Ce dispositif (114) et le boîtier de sécurité (120) communiquent mutuellement, de préférence, au moyen de techniques infrarouges. Le boîtier de sécurité (120) et le dispositif à clé (114) sont gérés par une autorité centrale via un ordinateur central, qui coordonne toutes les mesures de sécurité grâce à des mises à jour fréquentes par exemple; des jetons que le dispositif à clé ne peut lire; des sommes de contrôle, y compris des codes d'authentification de message; et le cryptage. Une pluralité de dispositifs à clé (114) peuvent être programmés pour ouvrir le même boîtier de sécurité (120). Un dispositif à clé (114) peut ouvrir une pluralité de boîtiers de sécurité.
PCT/US2002/013653 2002-04-30 2002-04-30 Systeme de securite a boitier de securite assurant une communication amelioree WO2003093997A1 (fr)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP02731590A EP1502181A4 (fr) 2002-04-30 2002-04-30 Systeme de securite a boitier de securite assurant une communication amelioree
AU2002303561A AU2002303561A1 (en) 2002-04-30 2002-04-30 Lock box security system with improved communication
US10/363,938 US20040025039A1 (en) 2002-04-30 2002-04-30 Lock box security system with improved communication
PCT/US2002/013653 WO2003093997A1 (fr) 2002-04-30 2002-04-30 Systeme de securite a boitier de securite assurant une communication amelioree
US10/713,771 US7061367B2 (en) 2002-04-30 2003-11-14 Managing access to physical assets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2002/013653 WO2003093997A1 (fr) 2002-04-30 2002-04-30 Systeme de securite a boitier de securite assurant une communication amelioree

Related Child Applications (4)

Application Number Title Priority Date Filing Date
US10/363,938 A-371-Of-International US20040025039A1 (en) 2002-04-30 2002-04-30 Lock box security system with improved communication
US10356383 A-371-Of-International 2002-04-30
US10/356,655 Continuation-In-Part US7123127B2 (en) 2002-04-30 2003-01-31 System for managing physical assets
US10/713,771 Continuation-In-Part US7061367B2 (en) 2002-04-30 2003-11-14 Managing access to physical assets

Publications (1)

Publication Number Publication Date
WO2003093997A1 true WO2003093997A1 (fr) 2003-11-13

Family

ID=29398912

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/013653 WO2003093997A1 (fr) 2002-04-30 2002-04-30 Systeme de securite a boitier de securite assurant une communication amelioree

Country Status (3)

Country Link
EP (1) EP1502181A4 (fr)
AU (1) AU2002303561A1 (fr)
WO (1) WO2003093997A1 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011015749A1 (fr) * 2009-08-05 2011-02-10 Openways Sas Systme securise de programmation de dispositifs de serrure a commande electronique par accreditations acoustiques chiffrees
WO2011033199A1 (fr) * 2009-09-16 2011-03-24 Openways Sas Systeme de gestion securisee de serrures a commande numerique, adapte a un fonctionnement par accreditations acoustiques chiffrees
US9135422B2 (en) 2011-01-06 2015-09-15 Utc Fire & Security Corporation Trusted vendor access
US9670694B2 (en) 2007-04-12 2017-06-06 Utc Fire & Security Americas Corporation, Inc. Restricted range lockbox, access device and methods
CN110211276A (zh) * 2019-07-16 2019-09-06 珠海优特电力科技股份有限公司 一种枪弹紧急解锁管理方法、装置及系统
CN113034812A (zh) * 2021-03-25 2021-06-25 一汽解放大连柴油机有限公司 一种钥匙管理箱及其控制电路
CN113936364A (zh) * 2021-11-17 2022-01-14 深圳市同创新佳科技有限公司 一种联网型酒店电子门锁退房方法及装置
US11980288B2 (en) 2022-04-19 2024-05-14 Ford Global Technologies, Llc Locking system for retractable and removable delivery bin

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5654696A (en) * 1985-10-16 1997-08-05 Supra Products, Inc. Method for transferring auxillary data using components of a secure entry system
US5745044A (en) * 1990-05-11 1998-04-28 Medeco Security Locks, Inc. Electronic security system
US5778256A (en) * 1993-03-24 1998-07-07 Universal Electronics Inc. PDA having a separate infrared generating device connected to its printer port for controlling home appliances
US6065880A (en) * 1998-03-09 2000-05-23 3Com Corporation Laser enhanced personal data assistant
US6097306A (en) * 1996-12-03 2000-08-01 E.J. Brooks Company Programmable lock and security system therefor

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5508691A (en) * 1992-06-22 1996-04-16 Lynx Systems, Inc. Self-contained electronic lock with changeable master and slave codes
PL198428B1 (pl) * 1999-05-06 2008-06-30 Assa Abloy Ab Urządzenie elektromechaniczne zamykające z kluczem
SE517465C2 (sv) * 2000-03-10 2002-06-11 Assa Abloy Ab Metod för att auktorisera en nyckel- eller låsanordning, elektromekanisk nyckel- och låsanordning och nyckel- och låssystem
FI20002255A (fi) * 2000-10-13 2002-04-14 Nokia Corp Menetelmä lukkojen hallintaan ja kontrollointiin

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5654696A (en) * 1985-10-16 1997-08-05 Supra Products, Inc. Method for transferring auxillary data using components of a secure entry system
US5745044A (en) * 1990-05-11 1998-04-28 Medeco Security Locks, Inc. Electronic security system
US5778256A (en) * 1993-03-24 1998-07-07 Universal Electronics Inc. PDA having a separate infrared generating device connected to its printer port for controlling home appliances
US6097306A (en) * 1996-12-03 2000-08-01 E.J. Brooks Company Programmable lock and security system therefor
US6065880A (en) * 1998-03-09 2000-05-23 3Com Corporation Laser enhanced personal data assistant

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1502181A4 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9670694B2 (en) 2007-04-12 2017-06-06 Utc Fire & Security Americas Corporation, Inc. Restricted range lockbox, access device and methods
EP2284803A1 (fr) * 2009-08-05 2011-02-16 Openways Sas Système sécurisé de programmation de dispositifs de serrure à commande électronique par accréditations acoustiques chiffrées
US8620268B2 (en) 2009-08-05 2013-12-31 Openways Sas Secure system for programming electronically controlled locking devices by means of encrypted acoustic accreditations
WO2011015749A1 (fr) * 2009-08-05 2011-02-10 Openways Sas Systme securise de programmation de dispositifs de serrure a commande electronique par accreditations acoustiques chiffrees
WO2011033199A1 (fr) * 2009-09-16 2011-03-24 Openways Sas Systeme de gestion securisee de serrures a commande numerique, adapte a un fonctionnement par accreditations acoustiques chiffrees
EP2306407A1 (fr) * 2009-09-16 2011-04-06 Openways Sas Système de gestion sécurisée de serrures à commande numérique, adapté à un fonctionnement par accréditations acoustiques chiffrées
US8712365B2 (en) 2009-09-16 2014-04-29 Openways Sas System for the secure management of digitally controlled locks, operating by means of crypto acoustic credentials
US9135422B2 (en) 2011-01-06 2015-09-15 Utc Fire & Security Corporation Trusted vendor access
US9438585B2 (en) 2011-01-06 2016-09-06 Utc Fire & Security Corporation Trusted vendor access
CN110211276A (zh) * 2019-07-16 2019-09-06 珠海优特电力科技股份有限公司 一种枪弹紧急解锁管理方法、装置及系统
CN110211276B (zh) * 2019-07-16 2024-06-07 珠海优特电力科技股份有限公司 一种枪弹紧急解锁管理方法、装置及系统
CN113034812A (zh) * 2021-03-25 2021-06-25 一汽解放大连柴油机有限公司 一种钥匙管理箱及其控制电路
CN113936364A (zh) * 2021-11-17 2022-01-14 深圳市同创新佳科技有限公司 一种联网型酒店电子门锁退房方法及装置
CN113936364B (zh) * 2021-11-17 2023-11-03 深圳市同创新佳科技有限公司 一种联网型酒店电子门锁退房方法及装置
US11980288B2 (en) 2022-04-19 2024-05-14 Ford Global Technologies, Llc Locking system for retractable and removable delivery bin

Also Published As

Publication number Publication date
AU2002303561A1 (en) 2003-11-17
EP1502181A4 (fr) 2010-01-27
EP1502181A1 (fr) 2005-02-02

Similar Documents

Publication Publication Date Title
US20040025039A1 (en) Lock box security system with improved communication
US11636721B2 (en) Access management and reporting technology
EP1388126B1 (fr) Autorisation d'acces a distance a un environnement intelligent
US7624280B2 (en) Wireless lock system
CN100409609C (zh) 在个人通信设备中实现受信计数器的系统和方法
CN109272606B (zh) 一种基于区块链的智能锁监管设备、方法及存储介质
CN101855653B (zh) 锁管理系统
CN101375259B (zh) 数据保全系统
US7362868B2 (en) Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data
CN100536388C (zh) 用于对目标系统进行授权远程访问的装置、系统和方法
US20030065934A1 (en) After the fact protection of data in remote personal and wireless devices
CN101322349A (zh) 用于替换加密密钥的认证与分割系统和方法
JP2005050308A (ja) 個人認証デバイスとこのシステムおよび方法
US20020178385A1 (en) Security system
CN103227776A (zh) 配置方法、配置设备、计算机程序产品和控制系统
CN108712389B (zh) 一种智能锁系统
JP2003527035A (ja) 遠隔の第三者監視を有する自動識別保護システム
WO2003093997A1 (fr) Systeme de securite a boitier de securite assurant une communication amelioree
ZA200409236B (en) Lock box security system with improved communication.
CN113593088A (zh) 一种智能开锁方法、智能锁、移动终端及服务器
WO2024106070A1 (fr) Système de clé
CN114022982A (zh) 一种基于eppa的密码锁远程控制方法及系统
JP2009112015A (ja) 個人認証デバイスとこのシステムおよび方法
Ethier et al. The MIT Smart Card: A Pseudo-Anonymous, Token-Based Authentication System
Bierce by SP Miller, BC Neuman, JI Schiller, and JH Saltzer

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 10363938

Country of ref document: US

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2002731590

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2004/09236

Country of ref document: ZA

Ref document number: 200409236

Country of ref document: ZA

WWP Wipo information: published in national office

Ref document number: 2002731590

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP