WO2016001489A1 - Lock system and the creation of electronic keys in the lock system - Google Patents

Lock system and the creation of electronic keys in the lock system Download PDF

Info

Publication number
WO2016001489A1
WO2016001489A1 PCT/FI2015/050485 FI2015050485W WO2016001489A1 WO 2016001489 A1 WO2016001489 A1 WO 2016001489A1 FI 2015050485 W FI2015050485 W FI 2015050485W WO 2016001489 A1 WO2016001489 A1 WO 2016001489A1
Authority
WO
WIPO (PCT)
Prior art keywords
lock
electronic key
server
mobile device
request
Prior art date
Application number
PCT/FI2015/050485
Other languages
French (fr)
Inventor
Pauli Räsänen
Jussi Liikka
Pasi Ahonen
Jani Mäntyjärvi
Ilkka Niskanen
Original Assignee
Rollock Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rollock Oy filed Critical Rollock Oy
Publication of WO2016001489A1 publication Critical patent/WO2016001489A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B47/00Operating or controlling locks or other fastening devices by electric or magnetic means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • G07C2009/00865Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed remotely by wireless communication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks

Definitions

  • the invention relates to a lock system and to the creation of electronic keys in the lock system.
  • door locks comprising a lock case and a locking latch, which door locks can be opened and closed mechanically.
  • electrical locks which can be controlled to open and close by means of electrical commands and electrical opening means.
  • the purpose of the present invention is to achieve a new type of lock system, in which electronic keys can be created and delivered safely to different devices.
  • the lock system comprises a server and at least one lock, and a key created by the system can be delivered to a device, such as e.g. to a mobile device.
  • a device such as e.g. to a mobile device.
  • a server receives a request for creating an electronic key from the device of a user administering a lock or locks. After this, in response to the request the server sends to the device of the user administering the lock the reference data of the electronic key. After this the reference data of the key can be delivered to a party for whom the key was intended to be created. After this the server receives a request for delivery of the electronic key from the mobile device on the basis of the reference data of the electronic key. After this, the server creates and encrypts an electronic key and sends the encrypted electronic key to the mobile device from which the request for delivering a key was received.
  • the electronic key can provide a lock-opening right for one lock or many locks. After this the mobile device can open the lock or locks by means of the electronic key.
  • the electronic key is a bit sequence.
  • the solution according to the invention now presented has some significant advantages when it is compared to prior-art solutions.
  • the electronic key reference to be used in the solution of the invention is an indirect indicator to the data itself i.e. the electronic key itself.
  • a reference of the electronic key is handled in procedures relating to administration of the electronic key in the functions of a server, such as e.g. a cloud service server, of a mobile device and of a lock.
  • the electronic key itself is used and sent only when it is necessary to do so. This improves the security of the system against misuse because the information about the electronic key itself remains more secret than in a situation in which the key data itself is sent to many devices and is recorded in different databases.
  • the request for creating an electronic key from the device of a user administering the lock comprises an identifier of that mobile device for which the key is created, and the server sends the electronic key exclusively to that mobile device. This further improves the security of a lock system.
  • the lock updates the information about the electronic keys suited to it from the server, and by means of this information the lock knows which electronic keys have the right to open the lock.
  • a mobile device requests the opening of a lock by sending an encrypted electronic key to the lock when it is in the proximity of the lock.
  • the lock decrypts the encryption of the encrypted key sent by the mobile device and compares the information to the information received from the server about electronic keys suited to the lock. If an electronic key sent by another device is also found from the information received from the server about keys suited to the lock, the lock opens. If an electronic key sent by another device is not found from the information received from the server about keys suited to the lock, the lock is kept locked.
  • FIG. 1 presents a schematic view of the operating principle of one embodiment of the invention.
  • the solution according to the invention is based on electronic keys (eKeys), which are administered by means of electronic key references (eKey references), which can be used in a lock system comprising mobile devices, locks and at least one server, e.g. the server of a cloud service.
  • eKey references electronic key references
  • a mobile device is a device that can receive an electronic key and that can communicate with the server and the lock.
  • mobile devices are mobile terminals, tablets, smartwatches, handheld computers, smartphones, et cetera.
  • both an electronic key and also an electronic key reference can be individual and/or random bit sequences and they can be created independently of each other.
  • An electronic key enables the opening of a lock and it can be recorded in a mobile device and/or in a cloud service.
  • one electronic key corresponds to one reference of an electronic key.
  • the reference of an electronic key can be used e.g. for administering keys and for the purposes of log files.
  • the creation, delivery, removal of rights and usage log of an electronic key can be realized by means of the reference of the electronic key.
  • the reference of an electronic key does not in itself reveal any information about the electronic key or about the physical lock associated with it.
  • Fig. 1 presents a schematic diagram of a lock system, according to one embodiment of the invention, and its operation.
  • an electronic key is created in a cloud service, based on user need.
  • the owner of the lock safely contacts a cloud service, e.g. the Web portal of it via the Internet, with the assistance of his/her device, such as a mobile device or computer.
  • the device of the owner and administrator of the lock requests the reference of the electronic key from the cloud service.
  • the owner of the lock gives the right to create a new electronic key for a certain lock administered by the owner.
  • the system produces an anonymous eKey reference on the server or in the service.
  • the server sends the reference data of the electronic key to the device from which the request for creating the reference of the electronic key was received.
  • the reference data of the electronic key can be e.g.
  • one electronic key can provide a lock-opening right also for a number of locks instead of for one lock, e.g. for a lock group, which comprises all the locks of one building, in which case by creating one key an opening right for a number of locks is given.
  • the owner of a lock requests with his/her device the creation of an electronic key reference from the service, he/she can select for which lock or locks he/she wishes to create a key.
  • the owner of the lock delivers the electronic key reference to the mobile device of the user he/she wishes. Delivery can also be handled electronically by sending the reference e.g. in a message or email or as an image. Delivery can also be handled in another way, e.g. by telling the reference to the desired user verbally or e.g. on a piece of paper.
  • a user who receives information about the reference of an electronic key starts an application on his/her mobile device, into which application the reference of the electronic key is entered.
  • the application can also automatically complete the reference of the electronic key in the application, e.g. on the basis of a message or email that has arrived.
  • the application requests the server and/or cloud service to create an electronic key corresponding to the electronic key reference.
  • a user can request the creation of a key from his/her mobile device also in another way, e.g. by means of a website associated with the cloud service.
  • the system Based on a request sent from a mobile device, the system creates on a server, e.g. on a server of a cloud service, an encrypted electronic key and forms an association between the electronic key, the electronic key reference on the basis of which the request was made, the mobile device that made the request and the lock.
  • the cloud service marks the reference of the electronic key as used. After this no other electronic key can any longer be created with the same electronic key reference.
  • the server delivers the encrypted electronic key created to the mobile device, in which the eKey is recorded for later use. In one embodiment of the invention an electronic key can be sent only once.
  • the locks connected to a system can communicate safely via an encrypted connection with a server and/or a cloud service via the Internet.
  • the lock is thus aware of the eKeys and eKey references associated with it, which are administered in the cloud service.
  • the lock can contact the service at certain intervals and can update the list of electronic keys authorized to open the lock.
  • the server can notify the lock of changes when they occur such as e.g. when a new key is created or the right of use of an old key is removed.
  • a mobile device When a mobile device is in the proximity of a lock it can form an encrypted connection with the lock.
  • the connection can be formed e.g. by means of some short-range technology, such as by means of Bluetooth technology, or by means of WLAN.
  • the lock receives the encrypted key and decrypts the encryption.
  • the lock e.g. the lock case of the lock or the striking plate of the lock case, compares the information contained in the electronic key to the information it received about electronic keys from the service.
  • the lock opens the locking if the information of these two pieces of information about electronic keys correspond.
  • the lock can record an opening event in a cloud service for monitoring the operation and use of the lock.
  • An opening event is recorded in a database on the basis of the reference of the electronic key and/or on the basis of the identifier of the iock. Opening events, the number of them and/or the numbers of keys created can be recorded in the database and reports can be formed by means of these.
  • the aforementioned data recorded in the database can also be used as the basis for invoicing a customer.
  • a lock can be opened with a mobile device also when the mobile device is not in the proximity of the lock. In this case other means of contact are used for communications between the lock and the mobile device.
  • a request for the creation and delivery of an electronic key is cancelled before there has been time to create the electronic key itself, the electronic key is not created. If an electronic key is cancelled after it has been created, the electronic key is not delivered to the person making the request. If an electronic key is cancelled after it has been created and delivered, the lock notices when it checks the electronic key that the electronic key in question does not have the right to open the lock in question.
  • the reference of an electronic key can be sent to the system of some service provider, e.g. of a transport service, domestic service, cleaning service or guard service, which system sends the key onwards to the desired mobile device.
  • the system of the service provider can request an electronic key from the server of the key system with the reference of the electronic key and in this case the server can send the electronic key created to the system of the service provider and not directly to the mobile device.
  • the electronic key is sent from the system of the service provider to a mobile device of an employee that needs to enter an apartment, it is also possible that the system of the service provider requests the creation of a key directly to a certain mobile device.
  • an electronic key created for an individual mobile device in different embodiments of the invention can be sent onwards from one mobile device to another mobile device.
  • the reference of an electronic key and/or the electronic key can also comprise lock location information.
  • the lock location information can also be sent in connection with the reference of the electronic key and/or in connection with the electronic key or separately if the reference of the electronic key and/or the electronic key does not itself comprise lock location information.
  • the geographic data or location information of a lock can be added to the reference of an electronic key and/or to an electronic key, e.g. at the stage of creating them or at the stage of sending them.
  • the lock location information can be expressed as geographic data, such as a GPS coordinate, or as a coordinate of some other position location system, such as an indoor position location system.
  • a mobile device can, if the user so desires, or automatically, guide the user to a lock from a longer distance away by means of coordinates. In this way a user can be guided to a lock and/or to a door from a long distance away.
  • the location information of a lock can be utilized when opening the lock, e.g. in such a way that the device requesting opening of the lock sends to the lock also the geographic data of the lock and also the geographic data of the lock sent by the device requesting opening must correspond to the correct geographic data of the lock, in addition to the correct electronic key, for the lock to be opened.
  • the lock used in the system according to the invention can e.g. comprise a lock case, which comprises a locking latch and a latch mechanism.
  • the latch mechanism comprises electronic means for opening and/or closing the locking latch.
  • Means for communicating with mobile devices and/or a server can be arranged in connection with the lock case.
  • the lock functions mechanically and the mechanical lock can also be opened and/or closed electronically.
  • Information transfer in the solution according to the invention is digital, and authentication methods and/or encryption methods to ensure data security are used in the lock application. Encryption and authentication of telecommunications can be used when the lock uses telecommunications with mobile devices and with the server.
  • the aim of authentication is therefore to ensure that the devices communicating with each other recognize one another. In this way, a fraudulent device cannot control another device. Likewise, transmission of information to a fraudulent device is also prevented. Authentication can be performed before permitting use of the service.
  • Authentication can be one-way (server identifies user) or two-way (service identifies user, and the user the service).
  • the lock ensures, by means of authentication, before communication, that requests relating to the operation of the lock come from an identified device (from an identified server or mobile device).
  • the lock ensures that the device of an unauthorized person (intruder) cannot control the operation of the lock.
  • the server verifies by means of authentication that the lock with which the server communicates is the correct lock. In this way the lock does not transmit electronic keys giving the right to open a lock for other locks than the correct lock.
  • Encryption means the converting of the plain text information to be encrypted into a type of format that makes clarification of the original information either impossible or too expensive (i.e. breaking the encryption takes too much time or resources compared to the value of the encrypted information).
  • the handling of encrypted information is generally two-directional: the information to be encrypted can be converted into an unreadable format for encrypting the information and correspondingly the encrypted information can be returned back to the original format for utilizing it.
  • Examples of algorithms to be used for the encryption of the information are, inter alia, DES, AES and Blowfish.
  • the electronic key itself can be encrypted with these methods or with other encryption methods.
  • the invention thus relates to a method for creating an electronic key in a lock system, which comprises at least one lock and a server.
  • a request for creating an electronic key is received from the device of a user administering the lock, in response to the request the reference data of the electronic key is sent to the device of the user administering the lock, a request for delivering the electronic key is received from the mobile device, to which request the reference data of the electronic key is attached, an electronic key is created and encrypted, and the encrypted electronic key is sent to the mobile device from which the request for delivering a key was received.
  • the request for creating an electronic key from the device of a user administering the lock comprises an identifier of thai mobile device for which the key is created, and the server sends the electronic key exclusively to that mobile device.
  • the lock updates the information about the electronic keys suited to it from the server.
  • the mobile device records an encrypted electronic key in its memory after receiving the electronic key.
  • a mobile device requests the opening of a lock by sending an encrypted electronic key to the lock when it is in the proximity of the lock.
  • the lock decrypts the encryption of an encrypted key sent by a mobile device and compares the information to the information received from the server about electronic keys suited to the lock.
  • the lock opens.
  • the lock is kept locked.
  • the electronic key is a bit sequence.
  • the identifier of a mobile device is a phone number, an e-mail address or other address, by means of which the mobile device and/or the user of the mobile device can be reached.
  • one electronic key corresponds to one reference data item of an electronic key, and the reference data item of an electronic key and the electronic key contain different contents that are independent of each other. in one embodiment of the invention only one electronic key can be created with one reference data item of an electronic key.
  • the invention thus relates to a lock system, which comprises a server and at least one lock and which is adapted to implement the aforementioned methods.
  • the invention thus aiso relates to a lock, which comprises a lock case that can be fixed into the door, which lock case comprises a locking latch and a latch mechanism, wherein the latch mechanism comprises electronic means for opening and/or closing the locking latch.
  • Means for transmitting information between a lock and a server as well as between a lock and a mobile device are arranged in connection with the lock case.
  • the lock is adapted to transmit information between the lock and the server using a wired and/or wireless connection.
  • the lock is adapted to update the information about the electronic keys suited to it from the server.
  • the lock is adapted to decrypt the encryption of an encrypted key sent by a mobile device and to compare the information to the information received in the lock from the server about electronic keys suited to the lock.
  • the lock is adapted to open.
  • the lock is adapted to remain locked.
  • the invention thus also relates to the server of a lock system, which lock system comprises at least one lock.
  • the server is adapted to receive a request for creating an electronic key from the device of a user administering the lock, and to send, in response to the request the reference data of the electronic key to the device of the user administering the lock.
  • the server is adapted to receive a request for delivering the electronic key from the mobile device, to which request the reference data of the electronic key is attached, and to create and encrypt an electronic key.
  • the server is adapted to send the encrypted electronic key to the mobile device from which the request for delivering a key was received.
  • the request for creating an electronic key from the device of a user administering the lock comprises an identifier of that mobile device for which the key is created, and the server is adapted to send the electronic key exclusively to that mobile device.

Abstract

Method and lock system for creating an electronic key, which lock system comprises at least one lock and a server. In the solution according to the invention a request for creating an electronic key is received from the device of a user administering the lock and, in response to the request, the reference data of the electronic key is sent to the device of the user administering the lock. After this a request for delivering the electronic key is received from the mobile device, to which request the reference data of the electronic key is attached, and an electronic key is created and encrypted. Finally, the encrypted electronic key is sent to the mobile device from which the request for delivering a key was received.

Description

LOCK SYSTEM AND THE CREATION OF ELECTRONIC KEYS IN THE LOCK SYSTEM
Field of the invention
The invention relates to a lock system and to the creation of electronic keys in the lock system.
Background of the invention
Known in the art are door locks comprising a lock case and a locking latch, which door locks can be opened and closed mechanically. Also known in the art are electrical locks, which can be controlled to open and close by means of electrical commands and electrical opening means.
In recent times locks that can be opened wirelessly, e.g. by means of a mobile phone, have also been launched onto the market. In systems of this type the owner of a lock can send to different devices a user right, i.e. an electronic key for a lock he/she owns. In this way the lock owner can create keys for different devices and for different people. In systems that are known in the art, electronic keys are sent from one device to another when delivering the electronic keys. This is a problem from the viewpoint of the functioning of a lock system because when electronic keys are sent often, there is a risk that their information can be hijacked from communications occurring between devices. In this type of case the wrong party can receive a right to open a lock and the security level of the lock system has declined.
Brief description of the invention
The purpose of the present invention is to achieve a new type of lock system, in which electronic keys can be created and delivered safely to different devices. The lock system comprises a server and at least one lock, and a key created by the system can be delivered to a device, such as e.g. to a mobile device. The operation according to the system is characterized by what is disclosed in the independent claims of the application.
I the solution according to the invention a server receives a request for creating an electronic key from the device of a user administering a lock or locks. After this, in response to the request the server sends to the device of the user administering the lock the reference data of the electronic key. After this the reference data of the key can be delivered to a party for whom the key was intended to be created. After this the server receives a request for delivery of the electronic key from the mobile device on the basis of the reference data of the electronic key. After this, the server creates and encrypts an electronic key and sends the encrypted electronic key to the mobile device from which the request for delivering a key was received. The electronic key can provide a lock-opening right for one lock or many locks. After this the mobile device can open the lock or locks by means of the electronic key. In one embodiment of the invention the electronic key is a bit sequence.
The solution according to the invention now presented has some significant advantages when it is compared to prior-art solutions. The electronic key reference to be used in the solution of the invention is an indirect indicator to the data itself i.e. the electronic key itself. Instead of using an electronic key itself, in the solution according to the invention a reference of the electronic key is handled in procedures relating to administration of the electronic key in the functions of a server, such as e.g. a cloud service server, of a mobile device and of a lock. The electronic key itself is used and sent only when it is necessary to do so. This improves the security of the system against misuse because the information about the electronic key itself remains more secret than in a situation in which the key data itself is sent to many devices and is recorded in different databases. When electronic keys containing information to be protected do not need to be recorded in databases, by means of the system according to the invention many services and functions can be realized with the aid of a reference of an electronic key because the reference of an electronic key can be handled more easily without the content of the electronic key itself being revealed. Another advantage of the system according to the invention is that both an electronic key and also an electronic key reference are independent of each other and are random bit sequences. That being the case, an electronic key cannot be directly deduced by means of the electronic key reference alone.
In one embodiment of the invention the request for creating an electronic key from the device of a user administering the lock comprises an identifier of that mobile device for which the key is created, and the server sends the electronic key exclusively to that mobile device. This further improves the security of a lock system. In one embodiment of the invention the lock updates the information about the electronic keys suited to it from the server, and by means of this information the lock knows which electronic keys have the right to open the lock.
In one embodiment of the invention a mobile device requests the opening of a lock by sending an encrypted electronic key to the lock when it is in the proximity of the lock. The lock decrypts the encryption of the encrypted key sent by the mobile device and compares the information to the information received from the server about electronic keys suited to the lock. If an electronic key sent by another device is also found from the information received from the server about keys suited to the lock, the lock opens. If an electronic key sent by another device is not found from the information received from the server about keys suited to the lock, the lock is kept locked.
Brief description of the figures
In the following, the invention will be described in more detail by the aid some examples of its embodiment with reference to the drawing, wherein, Fig. 1 presents a schematic view of the operating principle of one embodiment of the invention.
Detailed description of the invention
The solution according to the invention is based on electronic keys (eKeys), which are administered by means of electronic key references (eKey references), which can be used in a lock system comprising mobile devices, locks and at least one server, e.g. the server of a cloud service. In the solution of the invention a mobile device is a device that can receive an electronic key and that can communicate with the server and the lock. Some examples of mobile devices are mobile terminals, tablets, smartwatches, handheld computers, smartphones, et cetera.
In the solution according to the invention both an electronic key and also an electronic key reference can be individual and/or random bit sequences and they can be created independently of each other. An electronic key enables the opening of a lock and it can be recorded in a mobile device and/or in a cloud service. In the solution according to the invention one electronic key corresponds to one reference of an electronic key. The reference of an electronic key can be used e.g. for administering keys and for the purposes of log files. For example, the creation, delivery, removal of rights and usage log of an electronic key can be realized by means of the reference of the electronic key. The reference of an electronic key does not in itself reveal any information about the electronic key or about the physical lock associated with it.
Fig. 1 presents a schematic diagram of a lock system, according to one embodiment of the invention, and its operation. In the exemplary case of Fig. 1 , an electronic key is created in a cloud service, based on user need.
The owner of the lock safely contacts a cloud service, e.g. the Web portal of it via the Internet, with the assistance of his/her device, such as a mobile device or computer. The device of the owner and administrator of the lock requests the reference of the electronic key from the cloud service. By means of this request the owner of the lock gives the right to create a new electronic key for a certain lock administered by the owner. On the basis of the user's request, the system produces an anonymous eKey reference on the server or in the service. After this the server sends the reference data of the electronic key to the device from which the request for creating the reference of the electronic key was received. The reference data of the electronic key can be e.g. a character string or a bit sequence The eKey to be associated with the reference of the electronic key has not yet been created. At this moment the reference of the electronic key has not yet any purpose associated with locks outside the server and/or cloud service. In one embodiment of the invention one electronic key can provide a lock-opening right also for a number of locks instead of for one lock, e.g. for a lock group, which comprises all the locks of one building, in which case by creating one key an opening right for a number of locks is given. When the owner of a lock requests with his/her device the creation of an electronic key reference from the service, he/she can select for which lock or locks he/she wishes to create a key.
Next, the owner of the lock delivers the electronic key reference to the mobile device of the user he/she wishes. Delivery can also be handled electronically by sending the reference e.g. in a message or email or as an image. Delivery can also be handled in another way, e.g. by telling the reference to the desired user verbally or e.g. on a piece of paper.
A user who receives information about the reference of an electronic key starts an application on his/her mobile device, into which application the reference of the electronic key is entered. In one embodiment of the invention the application can also automatically complete the reference of the electronic key in the application, e.g. on the basis of a message or email that has arrived. The application requests the server and/or cloud service to create an electronic key corresponding to the electronic key reference. A user can request the creation of a key from his/her mobile device also in another way, e.g. by means of a website associated with the cloud service.
Based on a request sent from a mobile device, the system creates on a server, e.g. on a server of a cloud service, an encrypted electronic key and forms an association between the electronic key, the electronic key reference on the basis of which the request was made, the mobile device that made the request and the lock. The cloud service marks the reference of the electronic key as used. After this no other electronic key can any longer be created with the same electronic key reference. The server delivers the encrypted electronic key created to the mobile device, in which the eKey is recorded for later use. In one embodiment of the invention an electronic key can be sent only once.
The locks connected to a system can communicate safely via an encrypted connection with a server and/or a cloud service via the Internet. The lock is thus aware of the eKeys and eKey references associated with it, which are administered in the cloud service. The lock can contact the service at certain intervals and can update the list of electronic keys authorized to open the lock. Also the server can notify the lock of changes when they occur such as e.g. when a new key is created or the right of use of an old key is removed.
When a mobile device is in the proximity of a lock it can form an encrypted connection with the lock. The connection can be formed e.g. by means of some short-range technology, such as by means of Bluetooth technology, or by means of WLAN. After this the mobile device requests opening of the lock by means of the encrypted electronic key. The lock receives the encrypted key and decrypts the encryption. After this the lock. e.g. the lock case of the lock or the striking plate of the lock case, compares the information contained in the electronic key to the information it received about electronic keys from the service. The lock opens the locking if the information of these two pieces of information about electronic keys correspond. The lock can record an opening event in a cloud service for monitoring the operation and use of the lock. An opening event is recorded in a database on the basis of the reference of the electronic key and/or on the basis of the identifier of the iock. Opening events, the number of them and/or the numbers of keys created can be recorded in the database and reports can be formed by means of these. The aforementioned data recorded in the database can also be used as the basis for invoicing a customer. in one embodiment of the invention a lock can be opened with a mobile device also when the mobile device is not in the proximity of the lock. In this case other means of contact are used for communications between the lock and the mobile device.
In one embodiment of the invention if a request for the creation and delivery of an electronic key is cancelled before there has been time to create the electronic key itself, the electronic key is not created. If an electronic key is cancelled after it has been created, the electronic key is not delivered to the person making the request. If an electronic key is cancelled after it has been created and delivered, the lock notices when it checks the electronic key that the electronic key in question does not have the right to open the lock in question.
In one embodiment of the invention the reference of an electronic key can be sent to the system of some service provider, e.g. of a transport service, domestic service, cleaning service or guard service, which system sends the key onwards to the desired mobile device. In this case the system of the service provider can request an electronic key from the server of the key system with the reference of the electronic key and in this case the server can send the electronic key created to the system of the service provider and not directly to the mobile device. In this case the electronic key is sent from the system of the service provider to a mobile device of an employee that needs to enter an apartment, it is also possible that the system of the service provider requests the creation of a key directly to a certain mobile device. In one embodiment of the invention also an electronic key created for an individual mobile device in different embodiments of the invention can be sent onwards from one mobile device to another mobile device.
In one embodiment of the invention the reference of an electronic key and/or the electronic key can also comprise lock location information. The lock location information can also be sent in connection with the reference of the electronic key and/or in connection with the electronic key or separately if the reference of the electronic key and/or the electronic key does not itself comprise lock location information. The geographic data or location information of a lock can be added to the reference of an electronic key and/or to an electronic key, e.g. at the stage of creating them or at the stage of sending them.
The lock location information can be expressed as geographic data, such as a GPS coordinate, or as a coordinate of some other position location system, such as an indoor position location system. A mobile device can, if the user so desires, or automatically, guide the user to a lock from a longer distance away by means of coordinates. In this way a user can be guided to a lock and/or to a door from a long distance away. The location information of a lock can be utilized when opening the lock, e.g. in such a way that the device requesting opening of the lock sends to the lock also the geographic data of the lock and also the geographic data of the lock sent by the device requesting opening must correspond to the correct geographic data of the lock, in addition to the correct electronic key, for the lock to be opened.
The lock used in the system according to the invention can e.g. comprise a lock case, which comprises a locking latch and a latch mechanism. The latch mechanism comprises electronic means for opening and/or closing the locking latch. Means for communicating with mobile devices and/or a server can be arranged in connection with the lock case. In one embodiment of the invention, the lock functions mechanically and the mechanical lock can also be opened and/or closed electronically.
Information transfer in the solution according to the invention is digital, and authentication methods and/or encryption methods to ensure data security are used in the lock application. Encryption and authentication of telecommunications can be used when the lock uses telecommunications with mobile devices and with the server.
By means of encryption and authentication it is ensured that the lock reacts only to commands given by an identified and verified party. An unauthorized device cannot create or send to the lock a control message in an acceptable format and therefore cannot mislead the lock into performing incorrect functions.
The aim of authentication is therefore to ensure that the devices communicating with each other recognize one another. In this way, a fraudulent device cannot control another device. Likewise, transmission of information to a fraudulent device is also prevented. Authentication can be performed before permitting use of the service.
Authentication can be one-way (server identifies user) or two-way (service identifies user, and the user the service).
In the solution according to the invention the lock ensures, by means of authentication, before communication, that requests relating to the operation of the lock come from an identified device (from an identified server or mobile device). By checking the identity of the server and the mobile device, the lock ensures that the device of an unauthorized person (intruder) cannot control the operation of the lock. The server verifies by means of authentication that the lock with which the server communicates is the correct lock. In this way the lock does not transmit electronic keys giving the right to open a lock for other locks than the correct lock.
After successful authentication, information, which is encrypted, can be transferred. Various encryption technologies used in telecommunications or in computers can be used as encryption methods for encrypting the messages of the information transfer. Encryption means the converting of the plain text information to be encrypted into a type of format that makes clarification of the original information either impossible or too expensive (i.e. breaking the encryption takes too much time or resources compared to the value of the encrypted information).
The handling of encrypted information is generally two-directional: the information to be encrypted can be converted into an unreadable format for encrypting the information and correspondingly the encrypted information can be returned back to the original format for utilizing it. Examples of algorithms to be used for the encryption of the information are, inter alia, DES, AES and Blowfish. Also the electronic key itself can be encrypted with these methods or with other encryption methods.
The invention thus relates to a method for creating an electronic key in a lock system, which comprises at least one lock and a server. In the method a request for creating an electronic key is received from the device of a user administering the lock, in response to the request the reference data of the electronic key is sent to the device of the user administering the lock, a request for delivering the electronic key is received from the mobile device, to which request the reference data of the electronic key is attached, an electronic key is created and encrypted, and the encrypted electronic key is sent to the mobile device from which the request for delivering a key was received.
In one embodiment of the invention the request for creating an electronic key from the device of a user administering the lock comprises an identifier of thai mobile device for which the key is created, and the server sends the electronic key exclusively to that mobile device.
In one embodiment of the invention the lock updates the information about the electronic keys suited to it from the server.
In one embodiment of the invention the mobile device records an encrypted electronic key in its memory after receiving the electronic key.
In one embodiment of the invention a mobile device requests the opening of a lock by sending an encrypted electronic key to the lock when it is in the proximity of the lock. In one embodiment of the invention the lock decrypts the encryption of an encrypted key sent by a mobile device and compares the information to the information received from the server about electronic keys suited to the lock.
In one embodiment of the invention if the electronic key sent by the mobile device is also found from the information received from the server about keys suited to the lock, the lock opens.
In one embodiment of the invention if the electronic key sent by the mobile device is not found from the information received from the server about keys suited to the lock, the lock is kept locked.
In one embodiment of the invention the electronic key is a bit sequence.
In one embodiment of the invention the identifier of a mobile device is a phone number, an e-mail address or other address, by means of which the mobile device and/or the user of the mobile device can be reached.
In one embodiment of the invention one electronic key corresponds to one reference data item of an electronic key, and the reference data item of an electronic key and the electronic key contain different contents that are independent of each other. in one embodiment of the invention only one electronic key can be created with one reference data item of an electronic key.
The invention thus relates to a lock system, which comprises a server and at least one lock and which is adapted to implement the aforementioned methods.
The invention thus aiso relates to a lock, which comprises a lock case that can be fixed into the door, which lock case comprises a locking latch and a latch mechanism, wherein the latch mechanism comprises electronic means for opening and/or closing the locking latch. Means for transmitting information between a lock and a server as well as between a lock and a mobile device are arranged in connection with the lock case. In one embodiment of the invention the lock is adapted to transmit information between the lock and the server using a wired and/or wireless connection.
In one embodiment of the invention the lock is adapted to update the information about the electronic keys suited to it from the server.
In one embodiment of the invention the lock is adapted to decrypt the encryption of an encrypted key sent by a mobile device and to compare the information to the information received in the lock from the server about electronic keys suited to the lock.
In one embodiment of the invention if the electronic key sent by the mobile device is also found from the information received from the server about keys suited to the lock, the lock is adapted to open.
In one embodiment of the invention if the electronic key sent by the mobile device is not found from the information received from the server about keys suited to the lock, the lock is adapted to remain locked. The invention thus also relates to the server of a lock system, which lock system comprises at least one lock. The server is adapted to receive a request for creating an electronic key from the device of a user administering the lock, and to send, in response to the request the reference data of the electronic key to the device of the user administering the lock. The server is adapted to receive a request for delivering the electronic key from the mobile device, to which request the reference data of the electronic key is attached, and to create and encrypt an electronic key. The server is adapted to send the encrypted electronic key to the mobile device from which the request for delivering a key was received. In one embodiment of the invention the request for creating an electronic key from the device of a user administering the lock comprises an identifier of that mobile device for which the key is created, and the server is adapted to send the electronic key exclusively to that mobile device. It is obvious to the person skilled in the art that the different embodiments of the invention are not limited solely to the examples described above, and that they may therefore be varied within the scope of the claims presented below. The characteristic features possibly presented in the description in conjunction with other characteristic features can also, if necessary, be used separately to each other,

Claims

1. Method for creating an electronic key in a lock system, which comprises at least one lock and a server, characterized in that in the method:
a request for creating an electronic key is received from the device of a user administering the lock,
in response to the request the reference data of the electronic key is sent to the device of the user administering the lock,
a request for delivering the electronic key is received from the mobile device, to which request the reference data of the electronic key is attached,
an electronic key is created and encrypted, and
the encrypted electronic key is sent to the mobile device from which the request for delivering a key was received. 2. Method according to claim 1 , characterized in that the request for creating an electronic key from the device of a user administering the lock comprises an identifier of that mobile device for which the key is created, and the server sends the electronic key exclusively to that mobile device. 3. Method according to claim 1 or 2, characterized in that the lock updates the information about the electronic keys suited to it from the server.
4. Method according to any whatsoever of the preceding claims, characterized in that the mobile device records an encrypted electronic key in its memory after receiving the electronic key.
5. Method according to any whatsoever of the preceding claims, characterized in that a mobile device requests the opening of a lock by sending an encrypted electronic key to the lock when it is in the proximity of the lock.
6. Method according to claim 5, characterized in that the lock decrypts the encryption of an encrypted key sent by a mobile device and compares the information to the information received from the server about electronic keys suited to the lock.
7. Method according to claim 6, characterized in that if the electronic key sent by the mobile device is also found from the information received from the server about keys suited to the lock, the lock opens
8. Method according to claim 6 or 7, characterized in that if the electronic key sent by the mobile device is not found from the information received from the server about keys suited to the lock, the lock is kept locked.
9. Method according to any whatsoever of the preceding claims, characterized in that the electronic key is a bit sequence. 0. Method according to any whatsoever of the preceding claims, characterized in that the identifier of a mobile device is a phone number, an e- mai! address or other address, by means of which the mobile device and/or the user of the mobile device can be reached.
1 1. Method according to any whatsoever of the preceding claims, characterized in that one electronic key corresponds to one reference data item of an electronic key and the reference data item of an electronic key, and the electronic key contain different contents that are independent of each other.
12. Method according to any whatsoever of the preceding claims, characterized in that only one electronic key can be created with one reference data item of an electronic key.
13. Lock system, characterized in that it comprises a server and at least one lock and
wherein the system is adapted to implement any method whatsoever according claims 1 - 12.
14. Lock, which comprises a lock case that can be fixed into a door, which lock case comprises a locking latch and a latch mechanism, wherein the latch mechanism comprises electronic means for opening and/or closing the locking latch,
characterized in that
means for transmitting information between a lock and a server as well as between a lock and a mobile device are arranged in connection with the lock case
15. Lock according to claim 14, characterized in that the lock is adapted to transmit information between the lock and a server using a wired and/or wireless connection.
16. Lock according to claim 14 or 15, characterized in that the lock is adapted to update the information about the electronic keys suited to it from the server.
17. Lock according to any of claims 14 - 16, characterized in that the lock is adapted to decrypt the encryption of an encrypted key sent by a mobile device and to compare the information to the information received in the lock from the server about electronic keys suited to the lock.
18. Lock according to claim 17, characterized in that if the electronic key sent by the mobile device is also found from the information received from the server about keys suited to the lock, the lock is adapted to open.
19. Lock according to claim 17 or 18, characterized in that if the electronic key sent by the mobile device is not found from the information received from the server about keys suited to the lock, the lock is adapted to remain locked.
20. Server for a lock system, which comprises at least one lock, characterized in that
the server is adapted to receive a request for creating an electronic key from the device of a user administering the lock,
the server is adapted to send, in response to the request, the reference data of the electronic key to the device of the user administering the lock,
the server is adapted to receive a request for delivering the electronic key from the mobile device, to which request the reference data of the electronic key is attached,
the server is adapted to create and encrypt an electronic key, and the server is adapted to send the encrypted electronic key to the mobile device from which the request for delivering a key was received.
21 . Server according to claim 20, characterized in that the request for creating an electronic key from the device of a user administering the lock comprises an identifier of that mobile device for which the key is created, and the server is adapted to send the electronic key exclusively to that mobile device.
PCT/FI2015/050485 2014-07-04 2015-07-03 Lock system and the creation of electronic keys in the lock system WO2016001489A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20145650 2014-07-04
FI20145650A FI20145650A (en) 2014-07-04 2014-07-04 Locking system and creation of electronic keys in a locking system

Publications (1)

Publication Number Publication Date
WO2016001489A1 true WO2016001489A1 (en) 2016-01-07

Family

ID=55018503

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2015/050485 WO2016001489A1 (en) 2014-07-04 2015-07-03 Lock system and the creation of electronic keys in the lock system

Country Status (2)

Country Link
FI (1) FI20145650A (en)
WO (1) WO2016001489A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106056715A (en) * 2016-06-14 2016-10-26 黄士玮 Parking space lock control method and system
CN108049721A (en) * 2017-12-06 2018-05-18 云丁网络技术(北京)有限公司 Electronic lock and its control method, apparatus and system
CN108830999A (en) * 2018-09-05 2018-11-16 国网山东省电力公司寿光市供电公司 A kind of distribution net cage(Cabinet)Intelligent lock administration system
WO2019177387A1 (en) * 2018-03-15 2019-09-19 Samsung Electronics Co., Ltd. Electronic apparatus and operating method thereof
CN111784883A (en) * 2020-07-20 2020-10-16 深圳可信物联科技有限公司 Intelligent lock configuration method and system
US11339589B2 (en) 2018-04-13 2022-05-24 Dormakaba Usa Inc. Electro-mechanical lock core
US11466473B2 (en) 2018-04-13 2022-10-11 Dormakaba Usa Inc Electro-mechanical lock core
US11913254B2 (en) 2017-09-08 2024-02-27 dormakaba USA, Inc. Electro-mechanical lock core
US11933076B2 (en) 2016-10-19 2024-03-19 Dormakaba Usa Inc. Electro-mechanical lock core

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040039919A1 (en) * 2002-08-26 2004-02-26 Hisashi Takayama Authentication method, system and apparatus of an electronic value
JP2004088339A (en) * 2002-08-26 2004-03-18 Tokai Rika Co Ltd Identification code distribution system, identification code distribution method, and identification code distribution program
US20090083851A1 (en) * 2007-09-26 2009-03-26 Targus Group International, Inc. Serialized lock combination retrieval systems and methods
US20130120110A1 (en) * 2011-11-11 2013-05-16 Master Lock Company Access code management systems
US20130127593A1 (en) * 2011-11-17 2013-05-23 Utc Fire & Security Corporation Method of distributing stand-alone locks
US20140049366A1 (en) * 2012-08-16 2014-02-20 Google Inc. Near field communication based key sharing techniques

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040039919A1 (en) * 2002-08-26 2004-02-26 Hisashi Takayama Authentication method, system and apparatus of an electronic value
JP2004088339A (en) * 2002-08-26 2004-03-18 Tokai Rika Co Ltd Identification code distribution system, identification code distribution method, and identification code distribution program
US20090083851A1 (en) * 2007-09-26 2009-03-26 Targus Group International, Inc. Serialized lock combination retrieval systems and methods
US20130120110A1 (en) * 2011-11-11 2013-05-16 Master Lock Company Access code management systems
US20130127593A1 (en) * 2011-11-17 2013-05-23 Utc Fire & Security Corporation Method of distributing stand-alone locks
US20140049366A1 (en) * 2012-08-16 2014-02-20 Google Inc. Near field communication based key sharing techniques

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106056715A (en) * 2016-06-14 2016-10-26 黄士玮 Parking space lock control method and system
US11933076B2 (en) 2016-10-19 2024-03-19 Dormakaba Usa Inc. Electro-mechanical lock core
US11913254B2 (en) 2017-09-08 2024-02-27 dormakaba USA, Inc. Electro-mechanical lock core
CN108049721A (en) * 2017-12-06 2018-05-18 云丁网络技术(北京)有限公司 Electronic lock and its control method, apparatus and system
CN108049721B (en) * 2017-12-06 2023-06-13 云丁网络技术(北京)有限公司 Electronic lock, control method, device and system thereof
WO2019177387A1 (en) * 2018-03-15 2019-09-19 Samsung Electronics Co., Ltd. Electronic apparatus and operating method thereof
US11339589B2 (en) 2018-04-13 2022-05-24 Dormakaba Usa Inc. Electro-mechanical lock core
US11447980B2 (en) 2018-04-13 2022-09-20 Dormakaba Usa Inc. Puller tool
US11466473B2 (en) 2018-04-13 2022-10-11 Dormakaba Usa Inc Electro-mechanical lock core
CN108830999A (en) * 2018-09-05 2018-11-16 国网山东省电力公司寿光市供电公司 A kind of distribution net cage(Cabinet)Intelligent lock administration system
CN111784883A (en) * 2020-07-20 2020-10-16 深圳可信物联科技有限公司 Intelligent lock configuration method and system

Also Published As

Publication number Publication date
FI20145650A (en) 2016-01-05

Similar Documents

Publication Publication Date Title
WO2016001489A1 (en) Lock system and the creation of electronic keys in the lock system
CN110462692B (en) Safety communication method based on intelligent lock system and intelligent lock system thereof
EP1388126B1 (en) Remotely granting access to a smart environment
CN1224213C (en) Method for issuing an electronic identity
TWI491790B (en) A smart lock structure and an operating method thereof
US20210070252A1 (en) Method and device for authenticating a user to a transportation vehicle
EP3293995B1 (en) Locking system and secure token and ownership transfer
US20150206367A1 (en) Control of operation of a lock
TW200841682A (en) Key exchange verification
US8990887B2 (en) Secure mechanisms to enable mobile device communication with a security panel
EP3244568A1 (en) Electronic locking system
CN104539420A (en) General intelligent hardware safe secret key management method
CN102457766A (en) Method for checking access authority of Internet protocol television
CN108206832B (en) Access control system and management method
Kyrillidis et al. Distributed e-voting using the smart card web server
CN110089073B (en) Apparatus, system and method for controlling an actuator through a wireless communication system
US11853443B1 (en) Systems and methods for providing role-based access control to web services using mirrored, secluded web instances
KR20160109899A (en) Mobile, doorlock management method using the mobile and recording media storing program performing the said method
CN113593088A (en) Intelligent unlocking method, intelligent lock, mobile terminal and server
US20220278840A1 (en) Utilization management system, management device, utilization control device, user terminal, utilization management method, and program
NL2018694B1 (en) Combination of a server, a lock controller, at least one lock, and an electronic device, and method for controlling a lock
JP2021036687A5 (en)
KR101948835B1 (en) A remote controlled door lock system with enhanced security
KR101617875B1 (en) authentication method for service of providing electronic documents, method and system for service of providing electronic documents
CN111369710A (en) Intelligent lock system supported by block chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15816011

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15816011

Country of ref document: EP

Kind code of ref document: A1