WO2005038727A1 - Systeme de fermeture et procede de configuration d'un systeme de fermeture - Google Patents

Systeme de fermeture et procede de configuration d'un systeme de fermeture Download PDF

Info

Publication number
WO2005038727A1
WO2005038727A1 PCT/SE2004/001448 SE2004001448W WO2005038727A1 WO 2005038727 A1 WO2005038727 A1 WO 2005038727A1 SE 2004001448 W SE2004001448 W SE 2004001448W WO 2005038727 A1 WO2005038727 A1 WO 2005038727A1
Authority
WO
WIPO (PCT)
Prior art keywords
lock system
certificate
door access
access control
management computer
Prior art date
Application number
PCT/SE2004/001448
Other languages
English (en)
Inventor
Hans Thorsen
Original Assignee
Assa Abloy Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy Ab filed Critical Assa Abloy Ab
Priority to EP04775530A priority Critical patent/EP1678683B1/fr
Priority to AU2004281437A priority patent/AU2004281437A1/en
Priority to AT04775530T priority patent/ATE451672T1/de
Priority to DE602004024567T priority patent/DE602004024567D1/de
Publication of WO2005038727A1 publication Critical patent/WO2005038727A1/fr
Priority to NO20062179A priority patent/NO336212B1/no

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed

Definitions

  • a lock system and a method of configuring a lock system FIELD OF INVENTION The present invention relates generally to lock systems 5 and more particularly to a lock system which can be set up in an easy and yet secure way and be operated with a high security level.
  • BACKGROUND Electronic or electro-mechanical lock systems having 0 locks or the like that are connected to a central computer or system by means of a cable network have been in use for many years.
  • the operation of these systems are managed from the central computer which communicate the applicable rules via a local network (LAN) to 5 individual door access control (DAC) units.
  • the DAC units in turn communicate e.g. log information to the central computer.
  • One way of achieving secure communication on a pre- existing network is to use encrypted data for communication between the central computer and the individual DAC units.
  • the different units communicating must have encryp ion/decryption keys installed. These keys could be installed by skilled personnel that provide each and every unit with the required keys .
  • One problem associated with this solution is that the persons normally installing such lock systems are not skilled personnel in the sense that they are not familiar with computer hardware and software. Thus, installation of encryption/decryption keys would be performed by expensive personnel in a separate step after the physical installation of the system, leading to increased costs. Also, the use of individuals for installing software is a security risk in itself.
  • a problem in prior art is thus to provide a lock system which shows a high degree of security while the installation and set-up of the system can be effected in an easy way.
  • An object of the present invention is to provide a lock system wherein the prior art drawbacks are avoided and in which encryption keys can be installed in an easy and yet secure way. This means that one specific object is that installation of components must be as simple as possible.
  • Another object is that security breach by customer mistakes must not affect other customers or the manufacturer.
  • Yet another object is to provide a system and method wherein existing standards and implementations are used as much as possible.
  • Still yet another object is to provide a method wherein system requirements are kept as small as possible.
  • the invention is based on the realisation that the use of certificates in combination with asymmetric and symmetric encryption in a lock system provides a secure yet efficient solution to the above described problem.
  • a unique symmetric encryption key is used for each door access control unit. This ensures that the integrity of the lock system is maintained in the case one or more of the DAC units are taken over by a fraudulent person trying to gain unauthorized access to the premise in which the lock system is installed. Further preferred embodiments are defined by the dependent claims .
  • fig. 1 is an overall view of a the hardware including a manufacturer and customer lock systems
  • fig. 2 is a block diagram showing a Public Key Infrastructure implemented in the lock system according to the invention.
  • fig. 3 is a simplified diagram showing the different steps in the method according to the invention.
  • fig. 4 is a detailed diagram showing the different steps in the method according to the invention.
  • lock system is intended to cover all types of electronic lock systems wherein the door access units control electronic or electro-mechanical locks, card readers, panic buttons etc. (not shown in the figures) and is thus not limited to systems comprising conventional lock cylinders or the like.
  • FIG. 1 It is there shown a manufacturer computer system 10, which comprises computer hardware with peripherals etc. and access to the Internet.
  • the manufacturer computer system runs software adapted for processing of customer certificates.
  • the management system is divided into a front end system that collects signature request and a back end system that holds the manufacturer's private key used for signing of a customer public key.
  • the subsystem that contain the private key responsible for signing customers' certificate is not exposed to public networks .
  • a number of customer lock systems each comprises a customer management computer 110 connected to a plurality of door access control (DAC) units 120 via a local area network (LAN) 130.
  • DAC door access control
  • LAN local area network
  • Ethernet-based but the invention does not exclude other kinds of networks.
  • the management computer 110 is the computer wherein all rules relating to the lock system 100 is managed and stored. These rules can be related to which individuals are authorised to open which doors , temporal restrictions to access to doors etc. These rules are downloaded to the individual DAC units 120 which effect the physical control of the doors by means of actuators etc.
  • the present invention uses the well-known Public Key Infrastructure (PKI) which uses techniques for public- key encryption, also referred to as asymmetric encryption.
  • PKI Public Key Infrastructure
  • each entity has a public key and a corresponding private key.
  • the public key defines an encryption transformation
  • the private key defines the associated decryption transformation.
  • Any entity wishing to send a message to another entity A obtains an authentic copy of A's public key, uses the encryption transformation to obtain the cipher text, and transmits this cipher text to A. To decrypt the cipher text, A applies the decryption transformation to obtain the original message.
  • the public key need not be kept secret, and, in fact, may be widely available — only its authenticity is required to guarantee that A is indeed the only party who knows the corresponding private key.
  • a primary advantage of such systems is that providing authentic public keys is generally easier than distributing secret keys securely, as required in symmetric key systems.
  • A's encryption transformation is public knowledge, public-key encryption alone does not provide data origin authentication or data integrity. Such assurances must be provided through use of additional techniques, including message authentication codes and digital signatures. Public-key encryption schemes are typically substantially slower than symmetric-key encryption algorithms .
  • Public-key decryption may also provide authentication guarantees in entity authentication and authenticated key establishment protocols.
  • the Public Key Infrastructure in a lock system will now be described with reference to fig. 2, wherein part of the environment shown in fig. 1 is detailed. More specifically, the manufacturer computer system 10, a management computer 110, and a DAC unit 120 are shown therein, but not the physical interconnections (the Internet, LAN). It is here seen that the manufacturer functions as an upper level Certificate Authority - CA level 1 - and the lock system owner as a lower level CA — CA level 2. To achieve a scalable installation of the DAC units 120 and to restrict problems of a comprised management computer to a customer domain, part of the PKI have been arranged as this hierarchy.
  • the manufacturer public key is installed in the DAC unit at a trusted factory.
  • a security feature is boot-strapped into the DAC units in the form of a certificate trusting the manufacturer's software. This means that the DAC units' software can only be installed under the manufacturer's control.
  • Each and every DAC unit 120 is thus provided with the manufacturer public key. This is a more efficient and reliable way than providing the public key when the DAC unit already has been installed.
  • This method also provides DAC units that are essentially identical before delivery, facilitating logistics and storage.
  • each DAC unit is provided with a unique serial number. However, this is not important for the present invention.
  • the temporary installer application is capable of verifying the manufacturer's signature of the customer's public key and could verify that the certificate presented by the management computer 110 has been signed by the manufacturer computer 10.
  • the manufacturer public certificate is bundled with the installer image, which is signed by manufacturer private key.
  • the customer receives a certificate signed by the manufacturer.
  • This certificate is delivered on-line through a procedure, wherein the receiver is obliged to identify himself or herself. More specifically, the receiver is indicated in the certificate as attributes. This ensures that a specific individual is responsible, increasing the security level of the inventive concept.
  • the certificate signed by the manufacturer is used in a further step to install a certificate trusting the customer. In that way, the customer gets full control of the system except for software updating, see below.
  • a lock system owner buys the management computer software and obtains media together with a unique code
  • the name of the lock system owner is registered in the manufacturer computer 10 together with the software version.
  • the lock system owner is then instructed to contact the manufacturer to get its management computer public key signed by the manufacturer, i.e., the upper level CA.
  • the lock system owner's management computer public certificate is then added in a database located in the manufacturer computer 10.
  • the management computer 110 When the lock system owner installs the lock system software or when the lock system 100 is about to be set up, the management computer 110 generates a symmetric encryption key pair and makes available the certificate signed by the manufacturer. In that way, the management computer 110 becomes a CA of itself.
  • the installer program image that has been installed in the DAC unit accepts the management computer public certificate signed by the manufacturer.
  • An encrypted and authenticated channel is then established, such as by means of an SSL-session using asymmetric encryption, between the management computer and the DAC unit.
  • the DAC unit then installs the symmetric secret key from the management computer. From this moment asymmetric methods are replaced by symmetric by terminating the asymmetrically encrypted channel and establishing a symmetrically encrypted tunnel and the DAC unit could thereafter only be controlled by the management computer to prevent hostile takeover from other management computer systems.
  • the factory installed manufacturer public key remains in the DAC unit to verify software from the manufacturer. This prevents customers to remote install unauthorized software in the DAC unit.
  • Asymmetric encryption is more demanding on hardware, which is inconvenient when taking hardware costs into consideration. This is one reason why the lock system according to the invention operates in a secure yet efficient way.
  • the manufacturer public key is distributed on-line.
  • the manufacturer public key can also be distributed on compact disc, for example, when the software product is purchased.
  • Further communication between the manufacturer and the customer can be on-line by means of the Internet, for example, or by means of other media, such as compact disks .
  • the receiver of the manufacturer certificate is indicated as attributes in the certificate.
  • each certificate has a unique serial number distinguishing it from other certificates. It is also preferred that the certificate is protected by means of some kind of password, such as a PIN code.
  • the manufacturer computer system and management computers have been described as interconnected via the Internet. It will be appreciated that some of the management computers are not connected to the outside. In that case communication between the manufacturer computer system and management computers can be effected via other media, such as diskettes,' compact discs etc.
  • manufacturer computer system has been described as one single computer. It will be appreciated that there can be more than one computer at the manufacturer having different functions.

Abstract

L'invention concerne un système de fermeture (100) appartenant à un possesseur déterminé, ce système comprenant un ordinateur de gestion (110) relié à une pluralité d'unités de commande d'accès à une porte (120). L'invention concerne en outre un procédé de configuration d'un tel système, ce procédé comprenant les étapes suivantes : installation dans les unités de commande d'accès à une porte d'un premier certificat délivré par un fabricant (10) du système de fermeture ; fourniture au niveau de l'ordinateur de gestion (110) d'un second certificat délivré par le possesseur du système de fermeture et signé par le fabricant ; transmission de l'ordinateur de gestion à une première des unités de commande d'accès à une porte du second certificat signé et d'une clé de chiffrement symétrique utilisée par le possesseur du système de fermeture ; installation, par chiffrement symétrique, du second certificat au niveau de la première unité de commande d'accès à une porte après vérification de l'authenticité du second certificat signé ; établissement d'une communication à chiffrement symétrique entre l'ordinateur de gestion et la première unité de commande d'accès à une porte. Ce procédé permet d'installer le système de fermeture de manière à la fois simple et sûre.
PCT/SE2004/001448 2003-10-16 2004-10-12 Systeme de fermeture et procede de configuration d'un systeme de fermeture WO2005038727A1 (fr)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP04775530A EP1678683B1 (fr) 2003-10-16 2004-10-12 Systeme de fermeture et procede de configuration d'un systeme de fermeture
AU2004281437A AU2004281437A1 (en) 2003-10-16 2004-10-12 A lock system and a method of configuring a lock system.
AT04775530T ATE451672T1 (de) 2003-10-16 2004-10-12 Schlosssystem und verfahren zum konfigurieren eines schlosssystems
DE602004024567T DE602004024567D1 (de) 2003-10-16 2004-10-12 Schlosssystem und verfahren zum konfigurieren eines schlosssystems
NO20062179A NO336212B1 (no) 2003-10-16 2006-05-15 Låssystem og en metode for konfigurering av et låssystem

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0302733A SE525847C2 (sv) 2003-10-16 2003-10-16 Sätt att konfigurera ett låssystem samt låssystem
SE0302733-1 2003-10-16

Publications (1)

Publication Number Publication Date
WO2005038727A1 true WO2005038727A1 (fr) 2005-04-28

Family

ID=29398746

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/SE2004/001448 WO2005038727A1 (fr) 2003-10-16 2004-10-12 Systeme de fermeture et procede de configuration d'un systeme de fermeture
PCT/SE2004/001491 WO2005038728A1 (fr) 2003-10-16 2004-10-18 Systeme de serrures et procede pour configurer un systeme de serrures

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/SE2004/001491 WO2005038728A1 (fr) 2003-10-16 2004-10-18 Systeme de serrures et procede pour configurer un systeme de serrures

Country Status (7)

Country Link
EP (1) EP1678683B1 (fr)
AT (1) ATE451672T1 (fr)
AU (1) AU2004281437A1 (fr)
DE (1) DE602004024567D1 (fr)
NO (1) NO336212B1 (fr)
SE (1) SE525847C2 (fr)
WO (2) WO2005038727A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007045051A1 (fr) * 2005-10-21 2007-04-26 Honeywell Limited Systeme et procede d'autorisation
US8878931B2 (en) 2009-03-04 2014-11-04 Honeywell International Inc. Systems and methods for managing video data
US9019070B2 (en) 2009-03-19 2015-04-28 Honeywell International Inc. Systems and methods for managing access control devices
US9280365B2 (en) 2009-12-17 2016-03-08 Honeywell International Inc. Systems and methods for managing configuration data at disconnected remote devices
US9344684B2 (en) 2011-08-05 2016-05-17 Honeywell International Inc. Systems and methods configured to enable content sharing between client terminals of a digital video management system
US9704313B2 (en) 2008-09-30 2017-07-11 Honeywell International Inc. Systems and methods for interacting with access control devices
US9894261B2 (en) 2011-06-24 2018-02-13 Honeywell International Inc. Systems and methods for presenting digital video management system information via a user-customizable hierarchical tree interface
US10038872B2 (en) 2011-08-05 2018-07-31 Honeywell International Inc. Systems and methods for managing video data
US10362273B2 (en) 2011-08-05 2019-07-23 Honeywell International Inc. Systems and methods for managing video data
US10523903B2 (en) 2013-10-30 2019-12-31 Honeywell International Inc. Computer implemented systems frameworks and methods configured for enabling review of incident data

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7706778B2 (en) 2005-04-05 2010-04-27 Assa Abloy Ab System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone
US9985950B2 (en) 2006-08-09 2018-05-29 Assa Abloy Ab Method and apparatus for making a decision on a card
US8074271B2 (en) 2006-08-09 2011-12-06 Assa Abloy Ab Method and apparatus for making a decision on a card
IT1392268B1 (it) * 2008-12-02 2012-02-22 Sata Hts Hi Tech Services S P A Processo di autenticazione mediante token generante one time password
FR2945177A1 (fr) * 2009-04-30 2010-11-05 Pascal Metivier Systeme de programmation et de gestion securisees pour serrures comportant des moyens de communication sans contact et commandables par un telephone portable nfc
DK2821970T4 (da) 2013-07-05 2019-09-16 Assa Abloy Ab Kommunikationsapparat til access-styring, fremgangsmåde, computerprogram og computerprogram-produkt
EP2821972B1 (fr) 2013-07-05 2020-04-08 Assa Abloy Ab Dispositif à clé et procédé associé, programme informatique et produit de programme informatique
US9443362B2 (en) 2013-10-18 2016-09-13 Assa Abloy Ab Communication and processing of credential data
AU2015313921B2 (en) 2014-09-10 2019-01-24 Assa Abloy Ab First entry notification

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5506905A (en) * 1994-06-10 1996-04-09 Delco Electronics Corp. Authentication method for keyless entry system
WO2001066888A1 (fr) * 2000-03-10 2001-09-13 Assa Abloy Ab Dispositif a cle et a verrou

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5787172A (en) * 1994-02-24 1998-07-28 The Merdan Group, Inc. Apparatus and method for establishing a cryptographic link between elements of a system
US6615350B1 (en) * 1998-03-23 2003-09-02 Novell, Inc. Module authentication and binding library extensions

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5506905A (en) * 1994-06-10 1996-04-09 Delco Electronics Corp. Authentication method for keyless entry system
WO2001066888A1 (fr) * 2000-03-10 2001-09-13 Assa Abloy Ab Dispositif a cle et a verrou

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8232860B2 (en) 2005-10-21 2012-07-31 Honeywell International Inc. RFID reader for facility access control and authorization
US8941464B2 (en) 2005-10-21 2015-01-27 Honeywell International Inc. Authorization system and a method of authorization
WO2007045051A1 (fr) * 2005-10-21 2007-04-26 Honeywell Limited Systeme et procede d'autorisation
US9704313B2 (en) 2008-09-30 2017-07-11 Honeywell International Inc. Systems and methods for interacting with access control devices
US8878931B2 (en) 2009-03-04 2014-11-04 Honeywell International Inc. Systems and methods for managing video data
US9019070B2 (en) 2009-03-19 2015-04-28 Honeywell International Inc. Systems and methods for managing access control devices
US9280365B2 (en) 2009-12-17 2016-03-08 Honeywell International Inc. Systems and methods for managing configuration data at disconnected remote devices
US9894261B2 (en) 2011-06-24 2018-02-13 Honeywell International Inc. Systems and methods for presenting digital video management system information via a user-customizable hierarchical tree interface
US9344684B2 (en) 2011-08-05 2016-05-17 Honeywell International Inc. Systems and methods configured to enable content sharing between client terminals of a digital video management system
US10038872B2 (en) 2011-08-05 2018-07-31 Honeywell International Inc. Systems and methods for managing video data
US10362273B2 (en) 2011-08-05 2019-07-23 Honeywell International Inc. Systems and methods for managing video data
US10863143B2 (en) 2011-08-05 2020-12-08 Honeywell International Inc. Systems and methods for managing video data
US10523903B2 (en) 2013-10-30 2019-12-31 Honeywell International Inc. Computer implemented systems frameworks and methods configured for enabling review of incident data
US11523088B2 (en) 2013-10-30 2022-12-06 Honeywell Interntional Inc. Computer implemented systems frameworks and methods configured for enabling review of incident data

Also Published As

Publication number Publication date
NO20062179L (no) 2006-05-15
WO2005038728A1 (fr) 2005-04-28
EP1678683A1 (fr) 2006-07-12
SE525847C2 (sv) 2005-05-10
SE0302733L (sv) 2005-04-17
EP1678683B1 (fr) 2009-12-09
DE602004024567D1 (de) 2010-01-21
NO336212B1 (no) 2015-06-15
AU2004281437A1 (en) 2005-04-28
SE0302733D0 (sv) 2003-10-16
ATE451672T1 (de) 2009-12-15

Similar Documents

Publication Publication Date Title
EP1678683B1 (fr) Systeme de fermeture et procede de configuration d'un systeme de fermeture
US7904952B2 (en) System and method for access control
US6134327A (en) Method and apparatus for creating communities of trust in a secure communication system
AU2006278422B2 (en) System and method for user identification and authentication
US8412927B2 (en) Profile framework for token processing system
US6490679B1 (en) Seamless integration of application programs with security key infrastructure
US7711952B2 (en) Method and system for license management
US6353886B1 (en) Method and system for secure network policy implementation
US7689828B2 (en) System and method for implementing digital signature using one time private keys
US6931549B1 (en) Method and apparatus for secure data storage and retrieval
US7770212B2 (en) System and method for privilege delegation and control
US8301887B2 (en) Method and system for automated authentication of a device to a management node of a computer network
US7685421B2 (en) System and method for initializing operation for an information security operation
EP0936530A1 (fr) Carte virtuelle à puce
EP1191743B1 (fr) Procédé et dispositif de réalisation de transactions sécurisées
US20060253702A1 (en) Secure gaming server
US6215872B1 (en) Method for creating communities of trust in a secure communication system
KR20030036787A (ko) 네트워크를 통하여 분배되는 객체를 보안화하기 위한 감사추적 구축용 시스템
GB2404535A (en) Secure transmission of data via an intermediary which cannot access the data
US20030200322A1 (en) Autonomic system for selective administation isolation of a secure remote management of systems in a computer network
KR20020083551A (ko) 멀티에이전트 기반 다단계 사용자 인증 시스템 개발과운용 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2004281437

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2004775530

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2004281437

Country of ref document: AU

Date of ref document: 20041012

Kind code of ref document: A

WWP Wipo information: published in national office

Ref document number: 2004281437

Country of ref document: AU

WWP Wipo information: published in national office

Ref document number: 2004775530

Country of ref document: EP