WO2016202795A1 - Invalidation of an electronic key - Google Patents

Invalidation of an electronic key Download PDF

Info

Publication number
WO2016202795A1
WO2016202795A1 PCT/EP2016/063623 EP2016063623W WO2016202795A1 WO 2016202795 A1 WO2016202795 A1 WO 2016202795A1 EP 2016063623 W EP2016063623 W EP 2016063623W WO 2016202795 A1 WO2016202795 A1 WO 2016202795A1
Authority
WO
WIPO (PCT)
Prior art keywords
invalidation
electronic key
central
mobile
command
Prior art date
Application number
PCT/EP2016/063623
Other languages
French (fr)
Inventor
Stefan STRÖMBERG
Johan Gärde
Original Assignee
Assa Abloy Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy Ab filed Critical Assa Abloy Ab
Publication of WO2016202795A1 publication Critical patent/WO2016202795A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • G07C2009/00865Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed remotely by wireless communication

Definitions

  • the invention relates to a method, an invalidation device, a computer program and a computer program product for invalidating an electronic key, e.g. when the key has been reported lost.
  • the electronic locks are offline without communication ability with a central access control system.
  • a major issue is when an electronic key is lost. In such a case, an attacker should be prevented to gain access to closed spaces by using the lost electronic key.
  • the identity of the electronic key can be added to a black list in the central access control system, and the black list can be sent to the electronic lock. In this way, the electronic lock can block entry for any electronic key on the black list, thus stopping an attacker having found or stolen the lost electronic key.
  • a method for invalidating an electronic key for access to a physical space comprising the steps of: receiving a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discovering a presence of the electronic key over short range radio; and transmitting a local invalidation command to the electronic key.
  • the mobile invalidation device invalidates the electronic key when it is discovered by the mobile invalidation device. This allows the central server to send
  • the central invalidation command may indicate that the electronic key is a lost key to be invalidated.
  • the method can in this way be used when a lost key needs to be invalidated.
  • the method may further comprise the steps of: receiving a local confirmation message from the electronic key, the local confirmation message indicating a successful invalidation; and transmitting a central confirmation message to the central server, the central confirmation message indicating a successful invalidation.
  • the central confirmation message may comprise an indicator of a position of the mobile invalidation device.
  • the central invalidation command may comprise a main command and an integrity indicator.
  • the integrity indicator may be derived using the main command and a private electronic key.
  • the step of discovering may comprise discovering the presence of the electronic key using Bluetooth low energy, BLE.
  • the step of receiving a central invalidation command may comprise receiving the central invalidation command over a wide area network.
  • a mobile invalidation device for invalidating an electronic key for access to a physical space.
  • the mobile invalidation device comprises: a processor; and a memory storing
  • the central invalidation command may indicate that the electronic key is a lost key to be invalidated.
  • the mobile invalidation device may further comprise instructions that, when executed by the processor, cause the mobile invalidation device to: receive a local confirmation message from the electronic key , the local confirmation message indicating a successful invalidation; and transmit a central confirmation message to the central server, the central confirmation message indicating a successful invalidation.
  • the central confirmation message may comprise an indicator of a position of the mobile invalidation device.
  • the central invalidation command may comprise a main command and an integrity indicator.
  • the mobile invalidation device may form part of a mobile phone.
  • the mobile invalidation device may be a device dedicated to the purpose of invalidating electronic keys.
  • the computer program comprises computer program code which, when run on a mobile invalidation device, causes the mobile invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key.
  • a computer program product comprising a computer program according to the third aspect and a computer readable means on which the computer program is stored.
  • Fig l is a schematic diagram showing an environment in which embodiments presented herein can be applied;
  • Fig 2 is a schematic diagram illustrating a situation where a lost electronic key is invalidated using a mobile invalidation device
  • Fig 3 is a sequence diagram illustrating communication for invalidation of an electronic key
  • Fig 4 is a flow chart illustrating a method for invalidating an electronic key, performed in the mobile invalidation device of Figs 2 and 3;
  • Fig 5 is a schematic diagram illustrating some components of a mobile invalidation device according to Figs 2 and 3;
  • Fig 6 is a schematic diagram illustrating a mobile invalidation device provided as part of a mobile phone.
  • Fig 7 shows one example of a computer program product comprising computer readable means.
  • Fig l is a schematic diagram showing an environment in which embodiments presented herein can be applied. Access to a physical space 16 is restricted by a physical barrier 15 which is selectively unlockable. The physical barrier 15 stands between the restricted physical space 16 and an accessible physical space 14.
  • the accessible physical space 14 can be a restricted physical space in itself, but in relation to this physical barrier 15, the accessible physical space 14 is accessible.
  • the barrier 15 can be a door, gate, hatch, window, drawer, etc.
  • an access control device 13 is provided in order to unlock the barrier 15, an access control device 13 is provided.
  • the access control device 13 is connected to a physical lock device 12, which is controllable by the access control device 13 to be set in an unlocked state or locked state.
  • the access control device 13 is mounted close to the physical lock device 12.
  • the barrier 15 is provided in a surrounding fixed structure, such as a wall or fence.
  • the access control device 13 is able to receive and send signals from/to an electronic key 2 over a communication channel 3 which may be a short range wireless interface or a conductive (i.e. galvanic/electric) connection.
  • the electronic key 2 is any suitable device portable by a user and which can be used for authentication over the communication channel 3.
  • the electronic key 2 is typically carried or worn by the user and may be implemented as a physical key, a key fob, wearable device, etc.
  • the short range wireless interface is a radio frequency wireless interface and could e.g. be using Bluetooth, Bluetooth Low Energy (BLE), ZigBee, any of the IEEE 802. 11 standards, any of the IEEE 802.15 standards, wireless USB, etc.
  • BLE Bluetooth Low Energy
  • ZigBee any of the IEEE 802. 11 standards
  • any of the IEEE 802.15 standards wireless USB, etc.
  • the access control device 13 grants or denies access.
  • the access control device 13 sends an unlock signal to the lock device 12, whereby the lock device 12 is set in an unlocked state.
  • this can e.g. imply a signal over a wire-based
  • USB Universal Serial Bus
  • Ethernet a serial connection (e.g. RS-485 or RS-232) or even a simple electric
  • the lock device 12 When the lock device 12 is in an unlocked state, the barrier 15 can be opened and when the lock device 12 is in a locked state, the barrier 15 cannot be opened. In this way, access to a closed space 16 is controlled by the access control device 13.
  • the access control device 13 and/or the lock device 12 can be mounted in the fixed structure 16 by the physical barrier 15 (as shown) or in the physical barrier 15 itself (not shown).
  • the lock device 12 and access control device 13 are combined in one unit.
  • the lock device (optionally combined with the access control device) is in the form of a padlock or any other suitable implementation.
  • the access control device 13 can be implemented as an offline device, without the ability to directly communicate with a central server of an access control system. In this way, the access control device 13 is easier to implement and uses less power. This allows the access control device 13 to be powered for a long time using a battery or by the electronic key. Optionally, energy harvesting of mechanical user actions and/or environmental power (solar power, wind, etc.) can be utilised to prolong the life span of the battery or event to allow the battery to be omitted.
  • FIG 2 is a schematic diagram illustrating a situation where an electronic key is invalidated using a mobile invalidation device.
  • a central server 10 of the access control system is responsible for managing keys and locks.
  • the central server 10 can be accessed by an operator to thereby perform management tasks in the access control system.
  • first mobile invalidation device la There is a first mobile invalidation device la and a second mobile invalidation device lb.
  • Each one of the first and second mobile invalidation devices are described in more detail below, and can e.g. be implemented as part of a mobile phone or as a dedicated mobile invalidation device.
  • the mobile invalidation devices la-b can communicate with an electronic key for invalidation, as explained below, and optionally also for other purposes.
  • a user has lost an electronic key 2' or has had the electronic key 2' stolen.
  • the electronic key 2' then needs to be invalidated to prevent an attacker from gaining access to closed physical spaces, otherwise accessible using the lost electronic key 2'.
  • the central server 10 is made aware of the lost electronic key 2', e.g. by an operator indicating that the electronic key 2' is lost.
  • the central server 10 then sends a central invalidation command to all relevant mobile invalidation devices la-b as explained more below.
  • the second mobile invalidation device lb is within range 7 to communicate over a short range radio interface 5 with the lost electronic key 2'. This allows the second mobile invalidation device lb to communicate with the lost electronic key 2'. In this way, the second mobile invalidation device lb can send a local invalidation command to the electronic key 2'.
  • the range 7 depends on the type of short range radio which can be used and radio conditions in the vicinity of the electronic key 2'.
  • the short range radio interface 5 may be the same as the communication channel 3. However, when the communication channel 3 of Fig 1 is based on a conductive connection, the short range radio interface 5 is not the same as the communication channel 3.
  • the short range radio interface 5 may optionally be used for other purposes, e.g. other maintenance purposes for the electronic key 2'.
  • the first mobile invalidation device la is outside the range 7 of the lost electronic key 2', whereby it is unable to invalidate the lost electronic key 2'
  • Fig 3 is a sequence diagram illustrating communication for invalidation of an electronic key, e.g. in the environment shown in Fig 2.
  • the sequence is performed to perform invalidation of an electronic key.
  • the electronic key to be invalidated is referred to as a lost electronic key.
  • the central server 10 sends a central invalidation command 30 to all relevant mobile invalidation devices 1.
  • This can e.g. be all possible mobile invalidation devices or only mobile invalidation devices in a specific area, e.g. within a specific range from a last known location of the lost electronic key 2'.
  • a mobile invalidation device 1 detects the presence 31 of the lost electronic key 2' (e.g. as shown for the second mobile invalidation device lb of Fig 2).
  • the mobile invalidation device 1 detects that the identity of the electronic key 2' matches the identity of the central invalidation command 30 and thus proceeds with an invalidation. It is to be noted that when an electronic key is detected which does not have an identity matching any received central invalidation command, the mobile invalidation device 1 does not proceed with the invalidation.
  • the mobile invalidation device 1 transmits a local invalidation command 32 to the lost electronic key 2'.
  • the lost electronic key 2' makes itself invalid.
  • the electronic key 2' verifies the integrity of the invalidation command (as explained below) prior to performing its invalidation procedure.
  • the electronic key 2' sends a local confirmation message 33 to the mobile invalidation device 1.
  • the mobile invalidation device 1 can then send a central confirmation message 34 to the central server 10.
  • the central server 10 can initiate an invalidation using all relevant mobile invalidation devices and can optionally be informed of when the invalidation has been successful.
  • the lost electronic key 2' can be invalidated even though it has no direct communication link with the central server 10.
  • Fig 4 is a flow chart illustrating a method for invalidating an electronic key for access to a physical space. The method is performed in the mobile invalidation device of Figs 2 and 3. The method corresponds to the actions of the mobile invalidation device 1 in Fig 3.
  • a central invalidation command is received from the central server.
  • the central invalidation command comprises an identifier of the electronic key to be invalidated, e.g. of a lost electronic key.
  • the central invalidation command can e.g. be received over a wide area network, such as the Internet.
  • the central invalidation command can comprise a main command and an integrity indicator.
  • the integrity can e.g. be derived using the main command and a private electronic key, e.g. using a cryptographic hash function such as SHA-2 (Secure Hash Algorithm 2) or MD-5 (Message Digest algorithm 5).
  • SHA-2 Secure Hash Algorithm 2
  • MD-5 Message Digest algorithm 5
  • the central invalidation command can indicate that the electronic key is a lost key to be invalidated.
  • the central invalidation command can be a message that is sent to several mobile invalidation devices in parallel. In this way, all those mobile invalidation devices are used to try to find the electronic key and invalidate the electronic key, greatly improving the chance of success.
  • a discover presence step 42 a presence of the electronic key to be invalidated is discovered over short range radio. This can e.g. be performed by discovering the presence of the electronic key using BLE. Any other short range radio technology is equally applicable.
  • a transmit local invalidation command step 44 a local invalidation command is transmitted to the electronic key to be invalidated.
  • the main command and the integrity indicator of the central invalidation command can form part of the local invalidation command. This allows the electronic key to verify the source of the invalidation, i.e. from the central server. In this way, third parties are prevented from invalidating keys.
  • the content of the central invalidation command 30 and the local invalidation command 32 is the same.
  • both can contain an invalidation package which can be encrypted and/or signed for the lost electronic key 2', i.e. using an integrity indicator. This allows the lost electronic key 2' to validate authenticity of the local invalidation command.
  • the locating device 1 routes the invalidation package to the lost key 2' and does not (or cannot) examine the contents of the invalidation package.
  • the local invalidation command causes the electronic key to invalidate the electronic key. This can occur as soon as the electronic key is capable of doing the invalidation, to thereby reduce the risk of an attacker having found the electronic key to use the electronic key to gain access.
  • the local invalidation command causes more or less immediate invalidation of the electronic key to reduce the risk of any illegitimate use of the lost electronic key.
  • a local confirmation message is received from the electronic key to be invalidated.
  • the local confirmation message indicates a successful invalidation.
  • a transmit central confirmation message step 48 a central confirmation message is transmitted to the central server.
  • the central confirmation message indicates a successful invalidation.
  • the central confirmation message comprises an indicator of a position (e.g. in form of a longitude and a latitude) of the mobile invalidation device, e.g. obtained using GPS (Global Positioning System) or any other suitable positioning technology.
  • the central confirmation message can comprise an estimated distance (e.g. in metres) to the electronic key from the position of the mobile invalidation device.
  • the distance can be estimated using any suitable method. For instance, the distance can be estimated by measuring received signal strength (i.e.
  • a received signal strength indicator More specifically, an indicator of the transmission power which is used can be transmitted as part of the message.
  • the receiver can then compare the received signal strength with the power used to transmit it and can thus estimate the distance based on the attenuation of the signal.
  • two-way ranging can be used, measuring the time it takes to transmit a signal and receive its response, which gives a distance indication when divided by two multiplied by the speed of light. The position and optional estimated distance simplifies the retrieval of the electronic key to be able to reprogram and reuse the lost electronic key.
  • Fig 5 is a schematic diagram showing some components of the mobile invalidation device of Figs 2 and 3.
  • a processor 60 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), application specific integrated circuit etc., capable of executing software instructions 66 stored in a memory 64, which can thus be a computer program product.
  • the processor 60 can be configured to execute the method described with reference to Fig 4 above.
  • the memory 64 can be any combination of read and write memory (RAM) and read only memory (ROM).
  • the memory 64 also comprises persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • a data memory 66 is also provided for reading and/or storing data during execution of software instructions in the processor 6o.
  • the data memory 66 can be any combination of read and write memory (RAM) and read only memory (ROM).
  • the mobile invalidation device l further comprises an I/O interface 67 for communicating with other external entities.
  • the I/O interface 67 also includes a user interface.
  • Other components of the mobile invalidation device 1 are omitted in order not to obscure the concepts presented herein.
  • Fig 6 is a schematic diagram illustrating a mobile invalidation device 1 provided as part of a mobile phone 4.
  • the mobile invalidation device 1 is a device dedicated to the purpose of invalidating electronic keys.
  • the dedicated mobile invalidation device 1 can be placed in a location where there is a large chance of discovering a lost electronic key.
  • the dedicated mobile invalidation device can be placed by the entrance of a building or by a public transport gateway (e.g. underground turnstiles).
  • the dedicated mobile invalidation device 1 does not need to be portable and can thus be connected to a power socket and wireless and/or wire based communication links for communication with the central server.
  • Fig 7 shows one example of a computer program product comprising computer readable means.
  • a computer program 91 can be stored, which computer program can cause a processor to execute a method according to embodiments described herein.
  • the computer program product is an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc.
  • the computer program product could also be embodied in a memory of a device, such as the computer program product 64 of Fig 5.
  • While the computer program 91 is here schematically shown as a track on the depicted optical disk, the computer program can be stored in any way which is suitable for the computer program product, such as a removable solid state memory, e.g. a Universal Serial Bus (USB) drive.
  • a removable solid state memory e.g. a Universal Serial Bus (USB) drive.
  • USB Universal Serial Bus
  • a method for invalidating an electronic key for access to a physical space comprising the steps of:
  • confirmation message comprises an indicator of a position of the invalidation device.
  • the central invalidation command comprises a main command and an integrity indicator.
  • the integrity indicator is derived using the main command and a private electronic key.
  • the step of discovering comprises discovering the presence of the electronic key using Bluetooth low energy, BLE.
  • the step of receiving a central invalidation command comprises receiving the central invalidation command over a wide area network.
  • a memory storing instructions that, when executed by the processor, cause the invalidation device to:
  • the invalidation device further comprising instructions that, when executed by the processor, cause the invalidation device to:
  • x The invalidation device according to embodiment ix, wherein the central confirmation message comprises an indicator of a position of the invalidation device.
  • xi The invalidation device according to embodiment ix or x, wherein the central invalidation command comprises a main command and an integrity indicator.
  • xii The invalidation device according to any one of embodiments ix to xi, wherein the invalidation device forms part of a mobile phone.
  • xiii The invalidation device according to any one of embodiments ix to xi, wherein the invalidation device is a device dedicated to the purpose of invalidating electronic keys.
  • a computer program for invalidating an electronic key for access to a physical space comprising computer program code which, when run on an invalidation device, causes the invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key.
  • xv A computer program product comprising a computer program according to embodiment xiv and a computer readable means on which the computer program is stored.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

It is provided a method for invalidating an electronic key for access to a physical space. The method is performed in a mobile in validation device and comprises the steps of: receiving a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discovering a presence of the electronic key over short range radio; and transmitting a local invalidation command to the electronic key, the invalidation command causing the electronic key to be invalidated.

Description

INVALIDATION OF AN ELECTRONIC KEY
TECHNICAL FIELD
The invention relates to a method, an invalidation device, a computer program and a computer program product for invalidating an electronic key, e.g. when the key has been reported lost.
BACKGROUND
Locks and keys are evolving from the traditional pure mechanical locks.
These days, there are wireless interfaces for electronic locks, e.g. by
interacting with an electronic key. In some installations, to save power and complexity, the electronic locks are offline without communication ability with a central access control system.
A major issue is when an electronic key is lost. In such a case, an attacker should be prevented to gain access to closed spaces by using the lost electronic key. When the electronic lock is online, the identity of the electronic key can be added to a black list in the central access control system, and the black list can be sent to the electronic lock. In this way, the electronic lock can block entry for any electronic key on the black list, thus stopping an attacker having found or stolen the lost electronic key.
However, when the electronic lock is offline, there is no natural way to send a black list to the electronic lock.
SUMMARY
It is an object to provide a way to invalidate an electronic key which lacks ability to directly communicate with a central server.
According to a first aspect, it is provided a method for invalidating an electronic key for access to a physical space. The method is performed in a mobile invalidation device and comprises the steps of: receiving a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discovering a presence of the electronic key over short range radio; and transmitting a local invalidation command to the electronic key. In this way, the mobile invalidation device invalidates the electronic key when it is discovered by the mobile invalidation device. This allows the central server to send
corresponding central invalidation commands to many mobile invalidation devices (e.g. smart phones) to thereby greatly increase the chance of one of these devices discovering the electronic key and thereby invalidating the electronic key. Also, by being mobile, the invalidation device increases its chance to discover the electronic key.
The central invalidation command may indicate that the electronic key is a lost key to be invalidated. In other words, the method can in this way be used when a lost key needs to be invalidated.
The method may further comprise the steps of: receiving a local confirmation message from the electronic key, the local confirmation message indicating a successful invalidation; and transmitting a central confirmation message to the central server, the central confirmation message indicating a successful invalidation.
The central confirmation message may comprise an indicator of a position of the mobile invalidation device.
The central invalidation command may comprise a main command and an integrity indicator.
The integrity indicator may be derived using the main command and a private electronic key.
The step of discovering may comprise discovering the presence of the electronic key using Bluetooth low energy, BLE. The step of receiving a central invalidation command may comprise receiving the central invalidation command over a wide area network.
According to a second aspect, it is provided a mobile invalidation device for invalidating an electronic key for access to a physical space. The mobile invalidation device comprises: a processor; and a memory storing
instructions that, when executed by the processor, cause the mobile invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key.
The central invalidation command may indicate that the electronic key is a lost key to be invalidated.
The mobile invalidation device may further comprise instructions that, when executed by the processor, cause the mobile invalidation device to: receive a local confirmation message from the electronic key , the local confirmation message indicating a successful invalidation; and transmit a central confirmation message to the central server, the central confirmation message indicating a successful invalidation. The central confirmation message may comprise an indicator of a position of the mobile invalidation device.
The central invalidation command may comprise a main command and an integrity indicator.
The mobile invalidation device may form part of a mobile phone. The mobile invalidation device may be a device dedicated to the purpose of invalidating electronic keys.
According to a third aspect, it is provided a computer program for
invalidating an electronic key for access to a physical space. The computer program comprises computer program code which, when run on a mobile invalidation device, causes the mobile invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key. According to a fourth aspect, it is provided a computer program product comprising a computer program according to the third aspect and a computer readable means on which the computer program is stored.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the element, apparatus, component, means, step, etc." are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is now described, by way of example, with reference to the accompanying drawings, in which:
Fig l is a schematic diagram showing an environment in which embodiments presented herein can be applied;
Fig 2 is a schematic diagram illustrating a situation where a lost electronic key is invalidated using a mobile invalidation device;
Fig 3 is a sequence diagram illustrating communication for invalidation of an electronic key; Fig 4 is a flow chart illustrating a method for invalidating an electronic key, performed in the mobile invalidation device of Figs 2 and 3;
Fig 5 is a schematic diagram illustrating some components of a mobile invalidation device according to Figs 2 and 3;
Fig 6 is a schematic diagram illustrating a mobile invalidation device provided as part of a mobile phone; and
Fig 7 shows one example of a computer program product comprising computer readable means. DETAILED DESCRIPTION
The invention will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout the description. Fig l is a schematic diagram showing an environment in which embodiments presented herein can be applied. Access to a physical space 16 is restricted by a physical barrier 15 which is selectively unlockable. The physical barrier 15 stands between the restricted physical space 16 and an accessible physical space 14. Note that the accessible physical space 14 can be a restricted physical space in itself, but in relation to this physical barrier 15, the accessible physical space 14 is accessible. The barrier 15 can be a door, gate, hatch, window, drawer, etc. In order to unlock the barrier 15, an access control device 13 is provided. The access control device 13 is connected to a physical lock device 12, which is controllable by the access control device 13 to be set in an unlocked state or locked state. In this embodiment, the access control device 13 is mounted close to the physical lock device 12. The barrier 15 is provided in a surrounding fixed structure, such as a wall or fence.
The access control device 13 is able to receive and send signals from/to an electronic key 2 over a communication channel 3 which may be a short range wireless interface or a conductive (i.e. galvanic/electric) connection. The electronic key 2 is any suitable device portable by a user and which can be used for authentication over the communication channel 3. The electronic key 2 is typically carried or worn by the user and may be implemented as a physical key, a key fob, wearable device, etc. The short range wireless interface is a radio frequency wireless interface and could e.g. be using Bluetooth, Bluetooth Low Energy (BLE), ZigBee, any of the IEEE 802. 11 standards, any of the IEEE 802.15 standards, wireless USB, etc. Using the communication channel 3, the authenticity of the electronic key 2 can be checked, e.g. using a challenge and response scheme, after which the access control device 13 grants or denies access. When access is granted, the access control device 13 sends an unlock signal to the lock device 12, whereby the lock device 12 is set in an unlocked state. In this embodiment, this can e.g. imply a signal over a wire-based
communication interface, e.g. using Universal Serial Bus (USB), Ethernet, a serial connection (e.g. RS-485 or RS-232) or even a simple electric
connection (e.g. to the lock device 12), or alternatively signal over a wireless communication interface. When the lock device 12 is in an unlocked state, the barrier 15 can be opened and when the lock device 12 is in a locked state, the barrier 15 cannot be opened. In this way, access to a closed space 16 is controlled by the access control device 13. It is to be noted that the access control device 13 and/or the lock device 12 can be mounted in the fixed structure 16 by the physical barrier 15 (as shown) or in the physical barrier 15 itself (not shown). Optionally, the lock device 12 and access control device 13 are combined in one unit. In one embodiment, the lock device (optionally combined with the access control device) is in the form of a padlock or any other suitable implementation.
The access control device 13 can be implemented as an offline device, without the ability to directly communicate with a central server of an access control system. In this way, the access control device 13 is easier to implement and uses less power. This allows the access control device 13 to be powered for a long time using a battery or by the electronic key. Optionally, energy harvesting of mechanical user actions and/or environmental power (solar power, wind, etc.) can be utilised to prolong the life span of the battery or event to allow the battery to be omitted.
Fig 2 is a schematic diagram illustrating a situation where an electronic key is invalidated using a mobile invalidation device. A central server 10 of the access control system is responsible for managing keys and locks. The central server 10 can be accessed by an operator to thereby perform management tasks in the access control system.
There is a first mobile invalidation device la and a second mobile invalidation device lb. Each one of the first and second mobile invalidation devices are described in more detail below, and can e.g. be implemented as part of a mobile phone or as a dedicated mobile invalidation device. The mobile invalidation devices la-b can communicate with an electronic key for invalidation, as explained below, and optionally also for other purposes.
In this example, a user has lost an electronic key 2' or has had the electronic key 2' stolen. The electronic key 2' then needs to be invalidated to prevent an attacker from gaining access to closed physical spaces, otherwise accessible using the lost electronic key 2'. The central server 10 is made aware of the lost electronic key 2', e.g. by an operator indicating that the electronic key 2' is lost. The central server 10 then sends a central invalidation command to all relevant mobile invalidation devices la-b as explained more below.
The second mobile invalidation device lb is within range 7 to communicate over a short range radio interface 5 with the lost electronic key 2'. This allows the second mobile invalidation device lb to communicate with the lost electronic key 2'. In this way, the second mobile invalidation device lb can send a local invalidation command to the electronic key 2'. The range 7 depends on the type of short range radio which can be used and radio conditions in the vicinity of the electronic key 2'. When communication channel 3 of Fig 1 is wireless, the short range radio interface 5 may be the same as the communication channel 3. However, when the communication channel 3 of Fig 1 is based on a conductive connection, the short range radio interface 5 is not the same as the communication channel 3. The short range radio interface 5 may optionally be used for other purposes, e.g. other maintenance purposes for the electronic key 2'. It is to be noted that the first mobile invalidation device la is outside the range 7 of the lost electronic key 2', whereby it is unable to invalidate the lost electronic key 2'
Fig 3 is a sequence diagram illustrating communication for invalidation of an electronic key, e.g. in the environment shown in Fig 2. The sequence is performed to perform invalidation of an electronic key. Hereinafter, the electronic key to be invalidated is referred to as a lost electronic key.
However, there may be other reasons for invalidating the electronic key, e.g. the electronic key being stolen or that an employee has ended employment and whose electronic key needs to be invalidated.
Once the central server 10 is made aware of the lost key, the central server 10 sends a central invalidation command 30 to all relevant mobile invalidation devices 1. This can e.g. be all possible mobile invalidation devices or only mobile invalidation devices in a specific area, e.g. within a specific range from a last known location of the lost electronic key 2'.
A mobile invalidation device 1 detects the presence 31 of the lost electronic key 2' (e.g. as shown for the second mobile invalidation device lb of Fig 2). The mobile invalidation device 1 detects that the identity of the electronic key 2' matches the identity of the central invalidation command 30 and thus proceeds with an invalidation. It is to be noted that when an electronic key is detected which does not have an identity matching any received central invalidation command, the mobile invalidation device 1 does not proceed with the invalidation.
Once the match is confirmed between the lost electronic key 2' and the central invalidation command 30, the mobile invalidation device 1 transmits a local invalidation command 32 to the lost electronic key 2'. Upon receipt of the local invalidation command 32, the lost electronic key 2' makes itself invalid. Optionally, the electronic key 2' verifies the integrity of the invalidation command (as explained below) prior to performing its invalidation procedure. Optionally, the electronic key 2' sends a local confirmation message 33 to the mobile invalidation device 1. The mobile invalidation device 1 can then send a central confirmation message 34 to the central server 10.
In this way, the central server 10 can initiate an invalidation using all relevant mobile invalidation devices and can optionally be informed of when the invalidation has been successful. Using this method, the lost electronic key 2' can be invalidated even though it has no direct communication link with the central server 10.
Fig 4 is a flow chart illustrating a method for invalidating an electronic key for access to a physical space. The method is performed in the mobile invalidation device of Figs 2 and 3. The method corresponds to the actions of the mobile invalidation device 1 in Fig 3.
In a receive central invalidation command step 40, a central invalidation command is received from the central server. The central invalidation command comprises an identifier of the electronic key to be invalidated, e.g. of a lost electronic key. The central invalidation command can e.g. be received over a wide area network, such as the Internet.
Furthermore, the central invalidation command can comprise a main command and an integrity indicator. The integrity can e.g. be derived using the main command and a private electronic key, e.g. using a cryptographic hash function such as SHA-2 (Secure Hash Algorithm 2) or MD-5 (Message Digest algorithm 5).
The central invalidation command can indicate that the electronic key is a lost key to be invalidated. The central invalidation command can be a message that is sent to several mobile invalidation devices in parallel. In this way, all those mobile invalidation devices are used to try to find the electronic key and invalidate the electronic key, greatly improving the chance of success. In a discover presence step 42, a presence of the electronic key to be invalidated is discovered over short range radio. This can e.g. be performed by discovering the presence of the electronic key using BLE. Any other short range radio technology is equally applicable. In a transmit local invalidation command step 44, a local invalidation command is transmitted to the electronic key to be invalidated. The main command and the integrity indicator of the central invalidation command can form part of the local invalidation command. This allows the electronic key to verify the source of the invalidation, i.e. from the central server. In this way, third parties are prevented from invalidating keys.
Optionally, the content of the central invalidation command 30 and the local invalidation command 32 is the same. For instance, both can contain an invalidation package which can be encrypted and/or signed for the lost electronic key 2', i.e. using an integrity indicator. This allows the lost electronic key 2' to validate authenticity of the local invalidation command. In such a case, the locating device 1 routes the invalidation package to the lost key 2' and does not (or cannot) examine the contents of the invalidation package.
The local invalidation command causes the electronic key to invalidate the electronic key. This can occur as soon as the electronic key is capable of doing the invalidation, to thereby reduce the risk of an attacker having found the electronic key to use the electronic key to gain access.
Hence, the local invalidation command causes more or less immediate invalidation of the electronic key to reduce the risk of any illegitimate use of the lost electronic key.
In a receive local confirmation message step 46, a local confirmation message is received from the electronic key to be invalidated. The local confirmation message indicates a successful invalidation. In a transmit central confirmation message step 48, a central confirmation message is transmitted to the central server. The central confirmation message indicates a successful invalidation. Optionally, the central confirmation message comprises an indicator of a position (e.g. in form of a longitude and a latitude) of the mobile invalidation device, e.g. obtained using GPS (Global Positioning System) or any other suitable positioning technology. Also, the central confirmation message can comprise an estimated distance (e.g. in metres) to the electronic key from the position of the mobile invalidation device. The distance can be estimated using any suitable method. For instance, the distance can be estimated by measuring received signal strength (i.e. using a received signal strength indicator) and comparing this to transmission power. More specifically, an indicator of the transmission power which is used can be transmitted as part of the message. The receiver can then compare the received signal strength with the power used to transmit it and can thus estimate the distance based on the attenuation of the signal. Alternatively, two-way ranging can be used, measuring the time it takes to transmit a signal and receive its response, which gives a distance indication when divided by two multiplied by the speed of light. The position and optional estimated distance simplifies the retrieval of the electronic key to be able to reprogram and reuse the lost electronic key.
Fig 5 is a schematic diagram showing some components of the mobile invalidation device of Figs 2 and 3. A processor 60 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), application specific integrated circuit etc., capable of executing software instructions 66 stored in a memory 64, which can thus be a computer program product. The processor 60 can be configured to execute the method described with reference to Fig 4 above. The memory 64 can be any combination of read and write memory (RAM) and read only memory (ROM). The memory 64 also comprises persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
A data memory 66 is also provided for reading and/or storing data during execution of software instructions in the processor 6o. The data memory 66 can be any combination of read and write memory (RAM) and read only memory (ROM).
The mobile invalidation device l further comprises an I/O interface 67 for communicating with other external entities. Optionally, the I/O interface 67 also includes a user interface. Other components of the mobile invalidation device 1 are omitted in order not to obscure the concepts presented herein.
Fig 6 is a schematic diagram illustrating a mobile invalidation device 1 provided as part of a mobile phone 4. In such a case, components of the mobile phone 4 can be utilised also by the mobile invalidation device 1. In another embodiment, the mobile invalidation device 1 is a device dedicated to the purpose of invalidating electronic keys. In such a case, the dedicated mobile invalidation device 1 can be placed in a location where there is a large chance of discovering a lost electronic key. For instance, the dedicated mobile invalidation device can be placed by the entrance of a building or by a public transport gateway (e.g. underground turnstiles). The dedicated mobile invalidation device 1 does not need to be portable and can thus be connected to a power socket and wireless and/or wire based communication links for communication with the central server. In this way, the dedicated mobile invalidation device 1 can be continuously active. Fig 7 shows one example of a computer program product comprising computer readable means. On this computer readable means a computer program 91 can be stored, which computer program can cause a processor to execute a method according to embodiments described herein. In this example, the computer program product is an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc. As explained above, the computer program product could also be embodied in a memory of a device, such as the computer program product 64 of Fig 5. While the computer program 91 is here schematically shown as a track on the depicted optical disk, the computer program can be stored in any way which is suitable for the computer program product, such as a removable solid state memory, e.g. a Universal Serial Bus (USB) drive.
Here now follows a list of embodiments from another perspective,
enumerated with roman numerals. i. A method for invalidating an electronic key for access to a physical space, the method being performed in an invalidation device and comprising the steps of:
receiving a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discovering a presence of the electronic key over short range radio; and transmitting a local invalidation command to the electronic key. ii. The method according to embodiment i, further comprising the steps of: receiving a local confirmation message from the electronic key, the local confirmation message indicating a successful invalidation; and
transmitting a central confirmation message to the central server, the central confirmation message indicating a successful invalidation. iii. The method according to embodiment ii, wherein the central
confirmation message comprises an indicator of a position of the invalidation device. iv. The method according to any one of the preceding embodiments, wherein the central invalidation command comprises a main command and an integrity indicator. v. The method according to embodiment iv, wherein the integrity indicator is derived using the main command and a private electronic key. vi. The method according to any one of the preceding embodiments, wherein the step of discovering comprises discovering the presence of the electronic key using Bluetooth low energy, BLE. vii. The method according to any one of the preceding embodiments, wherein the step of receiving a central invalidation command comprises receiving the central invalidation command over a wide area network. viii. An invalidation device for invalidating an electronic key for access to a physical space, the invalidation device comprising:
a processor; and
a memory storing instructions that, when executed by the processor, cause the invalidation device to:
receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key. ix. The invalidation device according to embodiment viii, further comprising instructions that, when executed by the processor, cause the invalidation device to:
receive a local confirmation message from the electronic key , the local confirmation message indicating a successful invalidation; and
transmit a central confirmation message to the central server, the central confirmation message indicating a successful invalidation. x. The invalidation device according to embodiment ix, wherein the central confirmation message comprises an indicator of a position of the invalidation device. xi. The invalidation device according to embodiment ix or x, wherein the central invalidation command comprises a main command and an integrity indicator. xii. The invalidation device according to any one of embodiments ix to xi, wherein the invalidation device forms part of a mobile phone. xiii. The invalidation device according to any one of embodiments ix to xi, wherein the invalidation device is a device dedicated to the purpose of invalidating electronic keys. xiv. A computer program for invalidating an electronic key for access to a physical space, the computer program comprising computer program code which, when run on an invalidation device, causes the invalidation device to: receive a central invalidation command from a central server, the central invalidation command comprising an identifier of an electronic key; discover a presence of the electronic key over short range radio; and transmit a local invalidation command to the electronic key. xv. A computer program product comprising a computer program according to embodiment xiv and a computer readable means on which the computer program is stored.
The invention has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims.

Claims

1. A method for invalidating an electronic key (2') for access to a physical space (16), the method being performed in a mobile invalidation device (1, la, lb) and comprising the steps of:
receiving (40) a central invalidation command (30) from a central server (10), the central invalidation command (30) comprising an identifier of an electronic key (2');
discovering (42) a presence of the electronic key (2') over short range radio; and
transmitting (44) a local invalidation command (32) to the electronic key, the invalidation command causing the electronic key to be invalidated.
2. The method according to claim 1, wherein the central invalidation command (30) indicates that the electronic key is a lost key to be invalidated.
3. The method according to claim 1 or 2, further comprising the steps of: receiving (46) a local confirmation message (33) from the electronic key
(2'), the local confirmation message (33) indicating a successful invalidation; and
transmitting (48) a central confirmation message (34) to the central server, the central confirmation message (34) indicating a successful invalidation.
4. The method according to claim 4, wherein the central confirmation message (34) comprises an indicator of a position of the mobile invalidation device (1, la, lb).
5. The method according to any one of the preceding claims, wherein the central invalidation command (30) comprises a main command and an integrity indicator.
6. The method according to claim 5, wherein the integrity indicator is derived using the main command and a private electronic key.
7. The method according to any one of the preceding claims, wherein the step of discovering (42) comprises discovering the presence of the electronic key (2') using Bluetooth low energy, BLE.
8. The method according to any one of the preceding claims, wherein the step of receiving (40) a central invalidation command comprises receiving the central invalidation command over a wide area network.
9. A mobile invalidation device (1, la, lb) for invalidating an electronic key for access to a physical space (16), the mobile invalidation device (1, la, lb) comprising:
a processor (60); and
a memory (64) storing instructions (66) that, when executed by the processor, cause the mobile invalidation device (1, la, lb) to:
receive a central invalidation command from a central server (10), the central invalidation command (30) comprising an identifier of an electronic key (2');
discover a presence of the electronic key (2') over short range radio; and transmit a local invalidation command (31) to the electronic key.
10. The mobile invalidation device (1, la, lb) according to claim 9, wherein the central invalidation command (30) indicates that the electronic key is a lost key to be invalidated.
11. The mobile invalidation device (1, la, lb) according to claim 9 or 10, further comprising instructions (66) that, when executed by the processor, cause the mobile invalidation device (1, la, lb) to:
receive a local confirmation message (33) from the electronic key (2') , the local confirmation message (33) indicating a successful invalidation; and transmit a central confirmation message (34) to the central server, the central confirmation message (34) indicating a successful invalidation.
12. The mobile invalidation device (1, la, lb) according to claim 11, wherein the central confirmation message (34) comprises an indicator of a position of the mobile invalidation device (1, la, lb). l8
13. The mobile invalidation device (1, la, lb) according to claim 11 or 12, wherein the central invalidation command (30) comprises a main command and an integrity indicator.
14. The mobile invalidation device (1, la, lb) according to any one of claims 11 to 13, wherein the mobile invalidation device forms part of a mobile phone.
15. The mobile invalidation device (1, la, lb) according to any one of claims 11 to 13, wherein the mobile invalidation device is a device dedicated to the purpose of invalidating electronic keys.
16. A computer program (90) for invalidating an electronic key for access to a physical space (16), the computer program comprising computer program code which, when run on a mobile invalidation device (1, la, lb), causes the mobile invalidation device (1, la, lb) to:
receive a central invalidation command from a central server (10), the central invalidation command (30) comprising an identifier of an electronic key (2');
discover a presence of the electronic key (2') over short range radio; and transmit a local invalidation command (31) to the electronic key.
17. A computer program product (91) comprising a computer program according to claim 16 and a computer readable means on which the computer program is stored.
PCT/EP2016/063623 2015-06-15 2016-06-14 Invalidation of an electronic key WO2016202795A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP15172118.0 2015-06-15
EP15172118.0A EP3107073B1 (en) 2015-06-15 2015-06-15 Invalidation of an electronic key

Publications (1)

Publication Number Publication Date
WO2016202795A1 true WO2016202795A1 (en) 2016-12-22

Family

ID=53404401

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2016/063623 WO2016202795A1 (en) 2015-06-15 2016-06-14 Invalidation of an electronic key

Country Status (2)

Country Link
EP (1) EP3107073B1 (en)
WO (1) WO2016202795A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114882615A (en) * 2021-01-22 2022-08-09 博泰车联网科技(上海)股份有限公司 Vehicle starting method and device, electronic equipment and medium
WO2023071100A1 (en) * 2021-10-26 2023-05-04 苏州浪潮智能科技有限公司 Password protection method and apparatus, and medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10825273B2 (en) * 2018-10-16 2020-11-03 Edst, Llc Smart thermostat hub

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1564691A2 (en) * 2004-02-16 2005-08-17 Kabushiki Kaisha Tokai Rika Denki Seisakusho Security control system
EP1568834A1 (en) * 2002-12-04 2005-08-31 Kabushiki Kaisha Toshiba Keyless entry system and keyless entry method
EP2207146A2 (en) * 2007-10-03 2010-07-14 Talleres De Escoriaza, S.A. Programmable electronic access control system
US20110140838A1 (en) * 2004-02-05 2011-06-16 Salto Systems, S.L. Access control system
EP2821970A1 (en) * 2013-07-05 2015-01-07 Assa Abloy Ab Access control communication device, method, computer program and computer program product

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1568834A1 (en) * 2002-12-04 2005-08-31 Kabushiki Kaisha Toshiba Keyless entry system and keyless entry method
US20110140838A1 (en) * 2004-02-05 2011-06-16 Salto Systems, S.L. Access control system
EP1564691A2 (en) * 2004-02-16 2005-08-17 Kabushiki Kaisha Tokai Rika Denki Seisakusho Security control system
EP2207146A2 (en) * 2007-10-03 2010-07-14 Talleres De Escoriaza, S.A. Programmable electronic access control system
EP2821970A1 (en) * 2013-07-05 2015-01-07 Assa Abloy Ab Access control communication device, method, computer program and computer program product

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114882615A (en) * 2021-01-22 2022-08-09 博泰车联网科技(上海)股份有限公司 Vehicle starting method and device, electronic equipment and medium
CN114882615B (en) * 2021-01-22 2023-09-22 博泰车联网科技(上海)股份有限公司 Vehicle starting method and device, electronic equipment and medium
WO2023071100A1 (en) * 2021-10-26 2023-05-04 苏州浪潮智能科技有限公司 Password protection method and apparatus, and medium

Also Published As

Publication number Publication date
EP3107073A1 (en) 2016-12-21
EP3107073B1 (en) 2019-09-18

Similar Documents

Publication Publication Date Title
EP3107072B1 (en) Locating an electronic key
CN113614797B (en) Physical access control system with location-based intent detection
US10726654B2 (en) Authentication of a user for access to a physical space
AU2014370055B2 (en) Method for utilizing a wireless connection to unlock an opening
AU2016280664B2 (en) Credential cache
JP2011511350A (en) Access control management method and apparatus
US10911224B1 (en) Secure network-enabled lock
Divya et al. Survey on various door lock access control mechanisms
US10984620B2 (en) Access control device, access control system and access control method using the same
EP3107073B1 (en) Invalidation of an electronic key
EP3819878B1 (en) Mobile digital locking technology
JP4665649B2 (en) Lock control device and program
WO2021089907A1 (en) Mobile digital locking technology
US20220014388A1 (en) Virtual security guard
Aluri Smart lock systems: An overview
KR20120134607A (en) The door-lock apparatus available to prevent hacking and method for authenticating smart-keys using the same
US20220251874A1 (en) Bolt identity
US11868917B1 (en) Sensor-based door lock confidence
WO2021052943A1 (en) Evaluating access to a physical space
WO2024043835A1 (en) A system and method for sharing access to an electronic lock
CN118135693A (en) Physical access control system with location-based intent detection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16729886

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16729886

Country of ref document: EP

Kind code of ref document: A1