WO2023042088A1 - Dispensing device, decryption device and access device - Google Patents

Dispensing device, decryption device and access device Download PDF

Info

Publication number
WO2023042088A1
WO2023042088A1 PCT/IB2022/058655 IB2022058655W WO2023042088A1 WO 2023042088 A1 WO2023042088 A1 WO 2023042088A1 IB 2022058655 W IB2022058655 W IB 2022058655W WO 2023042088 A1 WO2023042088 A1 WO 2023042088A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
request
dispense request
decryption
dispensing
Prior art date
Application number
PCT/IB2022/058655
Other languages
French (fr)
Inventor
Jelle VAN DEN BERG
Hendrikus Franciscus Johannes GROEN
Original Assignee
Inepro Group B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inepro Group B.V. filed Critical Inepro Group B.V.
Publication of WO2023042088A1 publication Critical patent/WO2023042088A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • G06F21/608Secure printing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Definitions

  • Dispensing device Dispensing device, decryption device and access device
  • the present invention relates to a dispensing device for the controlled dispensing of a product, comprising dispensing means, an operating system for controlling the dispensing means and access means which provide a user with selective access to the product, whereby the access means are coupled with the operating system and comprise communication means which are capable and configured to receive a dispense request from the user and to transmit said dispense request to the operating system.
  • the term "product" within the scope of the invention should be interpreted broadly to include not only tangible entities but also services, functions and utilities such as gas, water, electricity and energy in general.
  • the dispensing device is equipped with access means for authentication of the rightful user, who first verifies an access right before having the product released by the dispensing means.
  • Authentication is the technique by which a system can identify who a user is and whether the user is authorised.
  • the most well-known example of authentication is logging in with a username and password. This allows a user to access data and work on a system.
  • storing such user data and passwords in the dispensing facility is cumbersome and, moreover, this form of authentication is prone to misuse.
  • Known means of access for user authentication at a dispensing facility include a card reader linked to the operating system of the dispensing facility and affixed to, at or near the dispensing equipment. This makes use of a personalised means of access in the form of a smart card or magnetic card that can be read by the card reader, either with or without contact.
  • a card identification is stored on the card, which is transmitted to the card reader in cryptographically encrypted form and exchanged by the card reader with the operating system. Only if the card is accepted by the operating system, one or more products are released by the system.
  • the card may possibly have an administration attached to it that records a level of usage that can then be charged to the user if necessary.
  • One of theobjects of the present invention is to provide a dispensing device that is more secure against unauthorised use in a practical manner.
  • an dispensing device of the type described in the preamble is , characterized in that the access means comprise identification means that generate a unique request identifier with the dispense request, in that the access means include encryption means that cryptographically encrypt the dispense request together with the unique request identifier with an encryption key into a cryptographically encrypted dispense request and forward the cryptographically encrypted dispense request, in that the operating system is coupled with decryption means capable and configured to decrypt the cryptographically encrypted dispense request and to derive from it the dispense request together with the unique request identifier, using a decryption key associated with the encryption key, and in that validation means are provided that validate the decrypted request identification as being valid only once.
  • the unique request identifier generated by the access means and attached to the dispense request before forwarding the dispense request in the form of an encrypted dispense request ensures that the dispense request is usable only once.
  • a particular embodiment of the dispensing device according to the invention has as a feature that the validation means are coupled with an electronic memory in which the unique request identifier(s) of completed dispense requests are stored and an offered request identifier is tested for presence in the memory. Should the dispense request be unlawfully tapped and duplicated, unauthorised reuse of the dispense request by the decryption means can thus be easily established from a repetition of an already known unique request identification. The dispense request will then not be accepted again.
  • a special embodiment of the dispensing device t is characterized in that the identification means comprises a counter capable and configured to generate an incrementing rank at the dispense request, in particular an arithmetic counter which generates an incrementing sequence number at the dispense request, that the access means comprises an access device with a unique device identifier, and that the unique request identifier comprises a combination of the rank and the device identifier of the input device.
  • a higher rank means a rank that comes sequentially after a previous rank, so that in particular, only the absolute value of, for example, a counter is important and also a lower value in a descending sequence may have a higher rank.
  • the request identifier always comprises the fixed device identifier in combination with an alternating, sequentially following rank assigned to the request.
  • Such precedence may, for example, be a sequential code in a set of codes stored for that purpose in or near the access means or an incremental alpha-numeric value.
  • it may be based on an arithmetic counter that generates a numeric value that has been incremented, with or without a fixed fraction, from a previous generated value.
  • a time and date stamp generated by clock devices provided for this purpose in or near the means of access can be used for this purpose as a unique numeric value which, together with the device identification, forms a unique request identification.
  • the dispensing device is characterised in that that the decryption means comprises a decryption device that is linked, or at least connectable, to the operating system through secondary means of communication, where the decryption key is available in the decryption device and the decryption device is capable of and configured to decrypt the encrypted dispense request.
  • the decryption key need not be known in the operating system of the dispensing facility and/or stored in the dispensing facility. Instead, an independent decryption facility holds this sensitive information and the decryption and validation is left to it.
  • the decryption and validation means may be provided in or near the operating system itself but may also be located remotely from it.
  • the dispensing device for this purpose is characterized in that in that in that the second means of communication comprises telecommunications means capable and configured to establish and at least temporarily maintain a telecommunications link for data exchange with the operating system, wherein the decryption device is linked to the operating system via the telecommunications link, at least connectably, and wherein the telecommunications link is in particular at least in part via the Internet, preferably via an encrypted virtual network (VPN).
  • VPN virtual network
  • the result of the validation may be, for example, a Boolean flag or value (true or false) that is dispensed to the operating system, whether encrypted or not, or the original dispense request.
  • the decryption device may only conditionally establish communication with the operating system under the condition of a validated dispense request, in which case, in the absence of communication with the decryption device, no product will be released by the dispensing device's operating system.
  • Encryption or encoding is based on the concept of encryption algorithms and "keys".
  • key When information is sent, it is encrypted based on an algorithm. After that, it can only be decoded with the right key. Such a key can be on the receiving system or sent with the encrypted data.
  • the encrypted data can afterwards be decrypted (decrypted or decoded) again so that the original information is obtained again. This process is called decryption.
  • the decryption device is capable of performing such decryption.
  • Symmetric cryptography also called secret-key algorithm, decrypts the information with a key that must be provided to the receiving system before the information can be decrypted. Encryption and decryption are done with the same key. This method is particularly suitable for a closed system, where both encryption resources and decryption resources come from the same source.
  • the relevant key is then, for example, stored securely in or near the access means as well as in or near the decryption device.
  • Asymmetric cryptography uses two different keys: a public key and a private key, which are mathematically linked.
  • the keys are essentially just large numbers linked together but not identical, hence the name asymmetric.
  • the public key is shared with everyone, but the private key remains secret. Both are needed to encrypt a message.
  • a message is decrypted with the private key linked to the public key that was co-encrypted.
  • this technique is implemented in the dispensing device according to the invention.
  • a further particular embodiment of the dispensing device according to the invention is characterized in that second encryption means capable and configured to cryptographically encrypt the dispense request with a second encryption key and thus exchange it in cryptographically encrypted form with the operating system, the operating system comprising second decryption means capable of decrypting the encrypted dispense request with a second decryption key, which second decryption key is associated with the second encryption key.
  • second encryption means capable and configured to cryptographically encrypt the dispense request with a second encryption key and thus exchange it in cryptographically encrypted form with the operating system
  • the operating system comprising second decryption means capable of decrypting the encrypted dispense request with a second decryption key, which second decryption key is associated with the second encryption key.
  • a further special embodiment of the dispensing device according to the invention is characterized in that the access device comprises a card reader for reading an electronic access card or electronic token of the user, in particular a smart card or a smart token.
  • the access device comprises a card reader for reading an electronic access card or electronic token of the user, in particular a smart card or a smart token.
  • card is to be understood in the broad sense as any form of portable data carrier which can be read out electronically using a reading device adapted for this purpose, such as not only magnetic cards and smart cards, but also drops, pendants and other tokens.
  • This type of implementation is intended, among other things, to tie in with the many existing dispensing facilities on the market that are based on access by means of an electronically readable card or otherwise token.
  • the access device comprises an input device for contactless data transfer with a personal token of the user.
  • a connection that is not secure in itself can be used because the data exchange will be encrypted.
  • standard wireless data transfer protocols such as Near Field Communication (NFC), Bluetooth and WiFi lend themselves to this.
  • the access device for this purpose comprises a module for wireless data transfer based on Near Field Communication (NFC), WiFi or Bluetooth or a comparable standard protocol for wireless communication.
  • the personal access device comprises an intelligent personal telecommunication device of the user, in particular a smart phone, and that the access device is capable of and configured to perform multi-factor authentication with the personal telecommunication device of the user.
  • authentication is enforced by applying at least two forms of authentication simultaneously.
  • One example is the use of the personal access device (token) with a PIN code.
  • An attacker must now not only crack the encryption key, but also possess the token.
  • Another form is a one-time password or one-time code sent by the decryption device to the user's personal access device, in particular a smartphone, to be entered as part of the user's authorisation.
  • the multi-factor authentication then involves, for example, the dispensing of a temporary password or temporary access code by the decryption device or access device to the user to be entered by the user in response to an dispense request before the dispense request is further processed.
  • biometric recognition of one or more biometric characteristics of the user may additionally be relied upon, especially when using a smart phone. Examples include a fingerprint, the user's voice, iris and/or retinal vasculature or facial recognition.
  • the communication channel can therefore, while maintaining security, be a communication channel that third parties can also access, such as the Internet. Encryption ensures that such third parties cannot nevertheless read the content of the messages or data exchanged.
  • the Internet By using the Internet for the transmission of the dispense request to the decryption device, the latter can be provided as a Cloud solution and no special dedicated communication infrastructure is required.
  • the decryption device can perform authentication and authorisation of large numbers of users simultaneously or at least jointly.
  • the dispensing device according to the invention is therefore ideally suited for larger organisations and institutions.
  • a preferred embodiment of the dispensing device according to the invention is characterized in that the dispensing device is part of a group of dispensing devices that are jointly coupled, or at least connectable, with the decryption means.
  • Such shared decryption means simplify the dispensing, administration and management of dispensed access means and is seamlessly scalable to more users and to a larger group of dispensing devices.
  • the invention also relates to a decryption device capable and configured to cooperate with one or more dispensing devices according to one or more of the preceding claims to receive from an dispensing device a cryptographically encrypted dispense request associated with an encryption key, comprising decryption means having a decryption key associated with the encryption key, which enables the decryption means to decrypt the encrypted dispense request and derive a unique request identifier encrypted therefrom, and that validation means are provided which are capable and configured to validate the unique request identifier as being valid only once and deliver this validation result to an operating system associated with the dispensing device.
  • the invention further relates to an access device for an dispensing device, comprising communication means capable of and configured to receive a dispense request from a user, identification means generating a unique request identifier with the dispense request, encryption means cryptographically encoding the dispense request together with the unique request identifier with an encryption key into a cryptographically encrypted dispense request, and comprising a port for a connection over which the cryptographically encrypted dispense request is transmittable.
  • Such an access device can be used as an add-on to an existing dispensing device, for example to replace a card reader used so far, but may also be used originally in a new dispensing device to be manufactured or supplied.
  • a special implementation form of the access device thereby has the feature that the communication means include a card reader for reading out a user's electronic access card or electronic token, in particular a smart card or a smart token.
  • the access device is thereby characterised in that the identification means comprise a counter capable of and configured to generate an incrementing rank at the dispense request, in particular an arithmetic counter generating an incrementing sequential number at the dispense request, and that the unique identifier comprises a combination of the rank and a unique device identifier of the access device.
  • the unique device identifier includes, for example, a MAC address or other unique code of an electronic component used therein and, in combination with the rank to be generated each time by the access device, constitutes a unique combination that can be encoded as such in the dispense request.
  • the access device may itself be variously equipped with communication means for reading out the personal access device, whether secured or unsecured and whether wired or contactless and/or wireless.
  • a particularly practical form has as a feature that the communication means are capable and configured for contactless data transmission with a personal means of access of the user.
  • the access device may rely on a module for wireless data transfer based on Near Field Communication (NFC), Wi-Fi or Bluetooth or a comparable standard protocol for wireless communication.
  • NFC Near Field Communication
  • Wi-Fi Wireless Fidelity
  • the personal access device may further comprise an intelligent personal telecommunication device of the user, in particular a smart phone, where the decryption means and/or the access means may be able and configured to perform multi-factor authentication with the personal telecommunication device of the user.
  • Figure 1 a schematic representation of a first implementation example of the device according to the invention
  • Figure 2 a schematic representation of a second implementation example of the device according to invention.
  • Figure 3 a schematic representation of a third implementation example of the device according to invention.
  • Figure 1 shows a printer device as an example of a dispensing device according to the invention.
  • a printer device as an example of a dispensing device according to the invention.
  • it concerns a multi-function printer or copier 100 which is capable and configured to perform a number of printer functions, such as a printing or on-demand printing of printed matter on various sizes of paper and a scanning function by means of a scanner provided for this purpose at the top of the device.
  • the printer device 100 is provided with an access device 15 equipped with a communication module for wireless communication with a personalised access means 20 of the user.
  • an intelligent device for the access device 20, an intelligent device (smartphone) equipped with a bluetooth and/or near field communication (NFC) transmitter/receiver circuitry for contactless communication with the module of the access device 15, which is also provided with such a transmitter/receiver circuitry so that a wireless communication link can be established and maintained therebetween.
  • the device 20 exchanges an dispense request 25 with the communication module of the access device 15.
  • the access device 15 also includes a card reader with which a smart card 22 or similar token may be read, either contactless or noncontact. Alternatively, a card reader for a user's magnetic card or other token may also be used. Unlike the smartphone 20, these cards and tokens generally do not involve bi-directional communication but only uni-directional one-way traffic through which the dispense request 25 is routed to the printer.
  • the dispense request 25 is cryptographically encrypted.
  • the dispense request 25 is already stored in encrypted form in the card 22, with the card reader in the module having the required decryption key and software to decrypt the dispense request 25.
  • Adequate encryption and decryption technology is also part of the aforementioned and other wireless data transmission protocols so that secure encryption of the dispense request 25 is seamlessly implemented therein.
  • the dispense request may merely include a command to execute a (print) job already stored in or at the printer.
  • the access device 15 is wired to a central operating system 13 of the printer 100. In general, this involves a standard, often unsecured serial or TTL connection, such as here a USB connection 11 with a standard keyboard interface. After being decoded by the access device 15 with the communication module, the dispense request 25 could only be transmitted to the operating system 13 insecurely and susceptible to interception over this relatively insecure connection. Nevertheless, to provide a secure transmission, the access device 15 includes encryption means 13 by which the dispense request 25 is uniquely encrypted.
  • the access device includes tagging means 16 that also encrypt a proprietary identification ID of the access device 15 or access module in the dispense request 25 as well as a unique rank 17.
  • the latter is always a consecutive code or value as a higher rank in a defined sequence of codes or values.
  • an arithmetic counter 17 is used for this purpose, which always dispenses an incremental value in the form of an ever-increasing integer value.
  • a code in a predefined and as such stored in the access device 15 series of codes, a time/date stamp or otherwise a predetermined sequence that uniquely defines a rank of the dispense request 25 time-sequentially may be applied instead.
  • the ranking 17 of the dispense request 25 thus generated by the access device 15 is combined with the identification (ID) 16 of the access device 15 with which personal means of access 20,22 were communicated. Together, they form a unique request identifier which, as such, is cryptographically encrypted together with the dispense request 25 into an encrypted dispense request 35 using an initial algorithmic encryption key available to the access device 15 for this purpose.
  • the access device 15 transmits the encrypted dispense request 35 to the operating system 13 of the printer device 100.
  • the standard and in itself unsecured USB communication port 11 of the printer 100 is used for this purpose, the cryptographic encryption of the dispense request 25 in the dispense request 35 hereby nevertheless provides adequate security against tampering or of the system or interception of the encrypted dispense request 35. Without knowledge of the decryption key associated with the first encryption key, the encrypted dispense request 35 is practically not readable or manipulable.
  • the operating software (print management software) of the operating system 13 has a facility that enables the operating system 13 to pass the encrypted dispense request 35 in encrypted form to decryption means 50.
  • the decryption means include a remote decryption cum validation server 50 of the operating system and the printer 100 acting in common for a group of such printer devices, whether or not in the same geographical location.
  • specific decryption and validation software 55 is loaded on the basis of which the decryption and validation server 50 is able to decrypt the encrypted dispense request 35 and test it for authenticity.
  • the server 50 processes decryption software with a cryptographic decryption key associated with the first encryption key.
  • the server 50 transmits the decrypted dispense request 25 to the operating system 13 of the printer 100, which responds to it in the usual way by releasing one or more printer functions to the user, depending on its privileges.
  • the authenticity of the dispense request 35 is thereby established by the server 50 based on the unique access identifier accompanying the dispense request 25. Only the first time the dispense request 25 is presented with the corresponding rank 1 17, the dispense request 35 is accepted as authentic and the dispense request 25 contained therein accepted.
  • the server has access to an electronic memory in which the unique access identifiers of already settled dispense request 35 were stored.
  • the offered access identifier is recognised by server 50 as a repetition and is not accepted again. Re-use of the encrypted dispense request 35, e.g. after it was unlawfully intercepted or duplicated, is thus precluded by the fact that it is immediately identified from the already used and therefore expired rank 1 at the device identification ID.
  • a secure connection For communication between the server 50 and the operating system 13 of the printer 100, a secure connection is used in this example.
  • the server 50 provides connection with an authentication service, such as Microsoft Active Directory (LDAP) and Azure AD.
  • LDAP Microsoft Active Directory
  • Azure AD Azure AD
  • Different protocols and platforms can be used by themselves for communication between the printer and the decryption device, for example HTTPS, TLS1.2 and TLS 1.3.
  • the decrypted dispense request 25 may therefore be exchanged in readable, decrypted form nevertheless securely by the server 50 with the printer 100.
  • cryptographic encryption may also be applied again for this message exchange, using a second encryption/decryption key pair shared between the server 50 and the printer 100.
  • the server 50 is connected to the printer 100 with advantage via the Internet 60 for data exchange.
  • the server 50 is hereby provided as a cloud solution to which additional printer 100 can easily be connected without having to intervene in the existing ICT infrastructure in any way.
  • this example is based on a server 50, this should not only be understood to mean an independent physical device, but also a virtual server environment running on shared hardware.
  • the smartphone 20 adds extra security by requesting an access code (password or PIN) itself and/or performing biometric recognition.
  • the system may be extended to include a further form of multi-factor authentication in that the server 50 derives from the dispense request 35 an SSID of the device 20 also encrypted therein and transmits to it a temporary password.
  • the dispensing device comprises a locker wall 200 with dispensing means in the form of a large number of individual lockers, also referred to as lockers, which can be selectively released by means of a central control unit 13 depending on an authorisation of the user.
  • a central control unit 13 This might include, for example, a locker wall in a school, sports facility, museum or otherwise a public building in which personal belongings were deposited or a locker wall for delivery of products purchased online.
  • only the locker intended for the user is selectively released after the user logs on to the locker wall using a personal 20.22 access medium.
  • Such personal means of access 20,22 thereby exchanges, inter alia, a unique access code obtained in advance for that purpose or otherwise identification with the locker 200 in the form of an dispense request 25 on the basis of which the operating system 13 of the locker 200 is able to allocate the correct locker to the user.
  • the locker 200 is equipped with an access device 15 having a communication module for communication with that personal access means 20 of the user.
  • the access device is again assumed to be an intelligent device (smartphone) having a bluetooth and/or near field communication (NFC) transmitter/receiver circuitry for contactless communication with the access device 15, which is also provided with such a transmitter/receiver circuitry so that a wireless communication link can be established and maintained therebetween.
  • an intelligent device smarttphone
  • NFC near field communication
  • the access device 15 is also equipped with a card reader with which a smart card 22 can be read, either contactless or non-contact.
  • a card reader for a magnetic card or other person-related token may be used for this purpose.
  • such cards and tokens generally do not involve bi-directional communication but only one-way communication by which the dispense request 25 is dispensed to the locker 200.
  • the dispense request 25 is cryptographically encrypted.
  • the dispense request 25 is already stored in encrypted form in the card 22, with the card reader in the module having the required decryption key and software to decrypt the dispense request 25.
  • Adequate encryption and decryption technology are part of the aforementioned and other wireless data transmission protocols so that secure encryption of the message 25 is handled within that protocol.
  • the access device 15 is connected to a central operating system 13 of the vault wall 200. In general, this is a standard wire-bound USB connection 11 with a standard keyboard interface. After being decrypted by the access device 15, the dispense request 25 could only be transmitted insecurely and susceptible to interception over this relatively insecure connection to the operating system 13. Nevertheless, to provide secure transmission, the access device 15 includes encryption means 13 that uniquely encrypt the dispense request 25.
  • the access device 15 includes identification means 16 by which a unique identification ID of the access device 15 is added to the dispense request 25 as well as a unique rank (sequence) 17.
  • the latter is always a successive code or value as a higher rank in a defined sequence of codes or values.
  • this uses an arithmetic counter 17 that always dispenses an incremental value in the form of an ever-increasing integer value.
  • a code in a predefined and as such stored in the access device 15 series of codes, a time/date stamp or otherwise a predetermined sequence that uniquely defines a rank of the dispense request 25 time-sequentially may be applied instead.
  • the ranking 1 17 of the dispense request 25 thus generated in the access device 15 is combined with the identification (ID) 16 of the access device 15 with which personal means of access 20,22 were communicated. Together, they form a unique request identifier which, as such, is cryptographically encrypted together with the dispense request 25 into an encrypted dispense request 35, using an initial algorithmic encryption key available to the access device 15 for this purpose.
  • the access device 15 transmits the encrypted dispense request 35 to the operating system 13 of the vault wall 200.
  • the cryptographic encryption of the dispense request 25 in the dispense request 35 hereby provides adequate security against tampering or of the system or interception of the encrypted dispense request 35. Without knowledge of the decryption key associated with the encryption key, the dispense request 35 is practically not readable or manipulable.
  • the operating system operating software 13 has a facility that enables the operating system 13 to pass the encrypted dispense request 35 in encrypted form to decryption and validation means 50.
  • the dispense request 35 is processed in the same, or at least similar, manner as was described in the first implementation example.
  • the dispense request 25 encrypted or otherwise, reaches the operating system 13 of the safe wall over a secure connection 62 from the server 50, in order to unlock the door of the respective safe on that basis and release the contents of the safe only to the legitimate user.
  • the device according to the invention also lends itself to a controlled dispensing of less tangible items such as, for example, the supply of fuel or electricity from a charging station.
  • Figure 3 shows an implementation example thereof in the form of a charging station or charging post 300 with a operating system 13 to which an access device 15 and a decryption/validation server 50 in accordance with the invention are coupled.
  • an electric vehicle of the user can be charged after the user logs on to the station 300 with his personal access device 20,22.
  • an dispense request 25 reaches the control software 13 of the charging station 300 from the server 50 over a secure connection 62, but only if this request was accepted as original and authentic by the server 50 in the manner described above. The supply of electricity is thereupon released and the consumption recorded and administered at the user's premises.
  • the invention thereby creates a particularly user-friendly security layer on the operating system and hardware of a dispensing device with which the authenticity and authorisation of a user can be established particularly reliably and securely autonomously, i.e. completely upstream without any necessary hand-shaking or other feedback, making the invention also applicable in a uni-directional connection for data throughput.
  • the security provided can also be used more generally for a controlled dispense of products, including the supply of utility flows such as gas, water or electricity.
  • utility flows such as gas, water or electricity.
  • petrol stations and vending machines that selectively prepare or dispense products on the basis of a user's defined access authorisation.
  • a payment system can then be linked to these in a customary manner.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

A dispensing device (100) an operating system (13) for controlling a product and access means (15) that selectively provide a user with access to the product. The access devices receive an dispense request (25) from a user's personal access device (20,22) and route it to the operating system (13). The access means include identification means (16,17) to generate a unique request identifier with the dispense request and are capable of cryptographically encrypting the dispense request (25) together with the unique request identifier (∑,ID) into a cryptographically encrypted dispense request (35). The operating system (13) is coupled with decryption and validation means (50,55) capable and configured to decrypt the cryptographically encrypted dispense request (35) and derive the unique request identifier (∑,ID) from it. The decryption and validation agents validate the decrypted dispense request (25) based on the unique request identifier (∑,ID) and will value the decrypted request identifier as being valid only once.

Description

Dispensing device, decryption device and access device
The present invention relates to a dispensing device for the controlled dispensing of a product, comprising dispensing means, an operating system for controlling the dispensing means and access means which provide a user with selective access to the product, whereby the access means are coupled with the operating system and comprise communication means which are capable and configured to receive a dispense request from the user and to transmit said dispense request to the operating system. It should be noted that the term "product" within the scope of the invention should be interpreted broadly to include not only tangible entities but also services, functions and utilities such as gas, water, electricity and energy in general.
To avoid an unlawful appropriation of the product, the dispensing device is equipped with access means for authentication of the rightful user, who first verifies an access right before having the product released by the dispensing means. Authentication is the technique by which a system can identify who a user is and whether the user is authorised. The most well-known example of authentication is logging in with a username and password. This allows a user to access data and work on a system. However, storing such user data and passwords in the dispensing facility is cumbersome and, moreover, this form of authentication is prone to misuse.
Known means of access for user authentication at a dispensing facility include a card reader linked to the operating system of the dispensing facility and affixed to, at or near the dispensing equipment. This makes use of a personalised means of access in the form of a smart card or magnetic card that can be read by the card reader, either with or without contact. A card identification is stored on the card, which is transmitted to the card reader in cryptographically encrypted form and exchanged by the card reader with the operating system. Only if the card is accepted by the operating system, one or more products are released by the system. The card may possibly have an administration attached to it that records a level of usage that can then be charged to the user if necessary.
An objection to this well-known form of securing a dispensing device against unauthorised use is that although the card identification is dispensed to the card reader in encrypted form, the same card reader then exchanges the dispense request with the operating system in an unsecured manner and, to be noted, not infrequently over a standard wire-bound USB connection. This connection can be eavesdropped on relatively easily by freely available ICT means, making it relatively easy to intercept and manipulate and/or duplicate the now unsecured dispense request. In the wrong hands, there is thus a danger of unauthorised (re)use of the dispense request and the products released thereby.
One of theobjects of the present invention is to provide a dispensing device that is more secure against unauthorised use in a practical manner.
To this end, an dispensing device of the type described in the preamble is , characterized in that the access means comprise identification means that generate a unique request identifier with the dispense request, in that the access means include encryption means that cryptographically encrypt the dispense request together with the unique request identifier with an encryption key into a cryptographically encrypted dispense request and forward the cryptographically encrypted dispense request, in that the operating system is coupled with decryption means capable and configured to decrypt the cryptographically encrypted dispense request and to derive from it the dispense request together with the unique request identifier, using a decryption key associated with the encryption key, and in that validation means are provided that validate the decrypted request identification as being valid only once.
The unique request identifier generated by the access means and attached to the dispense request before forwarding the dispense request in the form of an encrypted dispense request ensures that the dispense request is usable only once. To this end, a particular embodiment of the dispensing device according to the invention has as a feature that the validation means are coupled with an electronic memory in which the unique request identifier(s) of completed dispense requests are stored and an offered request identifier is tested for presence in the memory. Should the dispense request be unlawfully tapped and duplicated, unauthorised reuse of the dispense request by the decryption means can thus be easily established from a repetition of an already known unique request identification. The dispense request will then not be accepted again.
Moreover, because the unique request identification, together with the dispense request itself, is encrypted in the encrypted dispense request, it is practically impossible to modify the request identification wrongfully. In this way, an exceptionally high degree of security is created even though communication between the access means and the operating system and/or the decryption means can take place over an inherently unsecured (USB) uni-directional connection.
A special embodiment of the dispensing device tis characterized in that the identification means comprises a counter capable and configured to generate an incrementing rank at the dispense request, in particular an arithmetic counter which generates an incrementing sequence number at the dispense request, that the access means comprises an access device with a unique device identifier, and that the unique request identifier comprises a combination of the rank and the device identifier of the input device. Thereby, a higher rank means a rank that comes sequentially after a previous rank, so that in particular, only the absolute value of, for example, a counter is important and also a lower value in a descending sequence may have a higher rank. Here, the request identifier always comprises the fixed device identifier in combination with an alternating, sequentially following rank assigned to the request.
Such precedence may, for example, be a sequential code in a set of codes stored for that purpose in or near the access means or an incremental alpha-numeric value. In particular, it may be based on an arithmetic counter that generates a numeric value that has been incremented, with or without a fixed fraction, from a previous generated value.
Alternatively, a time and date stamp generated by clock devices provided for this purpose in or near the means of access can be used for this purpose as a unique numeric value which, together with the device identification, forms a unique request identification. What matters is that the decryption means will later be able to distinguish an illegally obtained duplicate from an original dispense request so as to deter unauthorised (re)use of the product; and that without necessary feedback with the user's personal access means.
In a preferred embodiment, the dispensing device according to the invention is characterised in that that the decryption means comprises a decryption device that is linked, or at least connectable, to the operating system through secondary means of communication, where the decryption key is available in the decryption device and the decryption device is capable of and configured to decrypt the encrypted dispense request. Thus, the decryption key need not be known in the operating system of the dispensing facility and/or stored in the dispensing facility. Instead, an independent decryption facility holds this sensitive information and the decryption and validation is left to it.
The decryption and validation means may be provided in or near the operating system itself but may also be located remotely from it. In a particular embodiment, the dispensing device for this purpose is characterized in that in that the second means of communication comprises telecommunications means capable and configured to establish and at least temporarily maintain a telecommunications link for data exchange with the operating system, wherein the decryption device is linked to the operating system via the telecommunications link, at least connectably, and wherein the telecommunications link is in particular at least in part via the Internet, preferably via an encrypted virtual network (VPN).
The result of the validation may be, for example, a Boolean flag or value (true or false) that is dispensed to the operating system, whether encrypted or not, or the original dispense request. But also, the decryption device may only conditionally establish communication with the operating system under the condition of a validated dispense request, in which case, in the absence of communication with the decryption device, no product will be released by the dispensing device's operating system.
For cryptographic encryption, known encryption techniques can be used. Encryption or encoding is based on the concept of encryption algorithms and "keys". When information is sent, it is encrypted based on an algorithm. After that, it can only be decoded with the right key. Such a key can be on the receiving system or sent with the encrypted data. The encrypted data can afterwards be decrypted (decrypted or decoded) again so that the original information is obtained again. This process is called decryption. In particular, the decryption device is capable of performing such decryption.
There are roughly two forms of cryptography: symmetric and asymmetric. Symmetric cryptography, also called secret-key algorithm, decrypts the information with a key that must be provided to the receiving system before the information can be decrypted. Encryption and decryption are done with the same key. This method is particularly suitable for a closed system, where both encryption resources and decryption resources come from the same source.
Translated to the dispensing device according to the invention, the relevant key is then, for example, stored securely in or near the access means as well as in or near the decryption device. The advantage is that this method is much faster than the asymmetric method.
Asymmetric cryptography uses two different keys: a public key and a private key, which are mathematically linked. The keys are essentially just large numbers linked together but not identical, hence the name asymmetric. The public key is shared with everyone, but the private key remains secret. Both are needed to encrypt a message. A message is decrypted with the private key linked to the public key that was co-encrypted. Preferably, this technique is implemented in the dispensing device according to the invention.
Preferably, not only communication to the decryption device is encrypted, but communication from the decryption device to the operating system is also encrypted. To this end, a further particular embodiment of the dispensing device according to the invention is characterized in that second encryption means capable and configured to cryptographically encrypt the dispense request with a second encryption key and thus exchange it in cryptographically encrypted form with the operating system, the operating system comprising second decryption means capable of decrypting the encrypted dispense request with a second decryption key, which second decryption key is associated with the second encryption key. Thus, an additional layer of security is built in that aims to further deter misuse.
A further special embodiment of the dispensing device according to the invention is characterized in that the access device comprises a card reader for reading an electronic access card or electronic token of the user, in particular a smart card or a smart token. The term "card" is to be understood in the broad sense as any form of portable data carrier which can be read out electronically using a reading device adapted for this purpose, such as not only magnetic cards and smart cards, but also drops, pendants and other tokens. This type of implementation is intended, among other things, to tie in with the many existing dispensing facilities on the market that are based on access by means of an electronically readable card or otherwise token. By simply replacing the reading device thereof with the card reader with access means according to the invention, these personal tokens remain usable and require minimal intervention in the existing infrastructure, particularly on the user's side. From the point of view of ease of use, a particular embodiment of the dispensing device according to the invention is characterized in that the access device comprises an input device for contactless data transfer with a personal token of the user. For this contactless data transfer, if desired, a connection that is not secure in itself can be used because the data exchange will be encrypted. In particular, standard wireless data transfer protocols such as Near Field Communication (NFC), Bluetooth and WiFi lend themselves to this. In a special embodiment, the access device for this purpose comprises a module for wireless data transfer based on Near Field Communication (NFC), WiFi or Bluetooth or a comparable standard protocol for wireless communication.
Additional security and authentication of the legitimate user may be provided by a further special embodiment of the dispensing device according to the invention, characterized in that the personal access device comprises an intelligent personal telecommunication device of the user, in particular a smart phone, and that the access device is capable of and configured to perform multi-factor authentication with the personal telecommunication device of the user. Thus, authentication is enforced by applying at least two forms of authentication simultaneously.
One example is the use of the personal access device (token) with a PIN code. An attacker must now not only crack the encryption key, but also possess the token. Another form is a one-time password or one-time code sent by the decryption device to the user's personal access device, in particular a smartphone, to be entered as part of the user's authorisation. The multi-factor authentication then involves, for example, the dispensing of a temporary password or temporary access code by the decryption device or access device to the user to be entered by the user in response to an dispense request before the dispense request is further processed.
Instead of a PIN code or password, biometric recognition of one or more biometric characteristics of the user may additionally be relied upon, especially when using a smart phone. Examples include a fingerprint, the user's voice, iris and/or retinal vasculature or facial recognition.
Because data can be exchanged securely in encrypted form between the personal access device and the decryption device, the security or otherwise of the communication channel is of secondary importance. The communication channel can therefore, while maintaining security, be a communication channel that third parties can also access, such as the Internet. Encryption ensures that such third parties cannot nevertheless read the content of the messages or data exchanged. By using the Internet for the transmission of the dispense request to the decryption device, the latter can be provided as a Cloud solution and no special dedicated communication infrastructure is required.
In the described manner, the decryption device can perform authentication and authorisation of large numbers of users simultaneously or at least jointly. The dispensing device according to the invention is therefore ideally suited for larger organisations and institutions. In this case, a preferred embodiment of the dispensing device according to the invention is characterized in that the dispensing device is part of a group of dispensing devices that are jointly coupled, or at least connectable, with the decryption means. Such shared decryption means simplify the dispensing, administration and management of dispensed access means and is seamlessly scalable to more users and to a larger group of dispensing devices.
The invention also relates to a decryption device capable and configured to cooperate with one or more dispensing devices according to one or more of the preceding claims to receive from an dispensing device a cryptographically encrypted dispense request associated with an encryption key, comprising decryption means having a decryption key associated with the encryption key, which enables the decryption means to decrypt the encrypted dispense request and derive a unique request identifier encrypted therefrom, and that validation means are provided which are capable and configured to validate the unique request identifier as being valid only once and deliver this validation result to an operating system associated with the dispensing device.
The invention further relates to an access device for an dispensing device, comprising communication means capable of and configured to receive a dispense request from a user, identification means generating a unique request identifier with the dispense request, encryption means cryptographically encoding the dispense request together with the unique request identifier with an encryption key into a cryptographically encrypted dispense request, and comprising a port for a connection over which the cryptographically encrypted dispense request is transmittable. Such an access device can be used as an add-on to an existing dispensing device, for example to replace a card reader used so far, but may also be used originally in a new dispensing device to be manufactured or supplied. For seamless integration into an existing infra-structure, a special implementation form of the access device thereby has the feature that the communication means include a card reader for reading out a user's electronic access card or electronic token, in particular a smart card or a smart token.
In a preferred embodiment, the access device according to the invention is thereby characterised in that the identification means comprise a counter capable of and configured to generate an incrementing rank at the dispense request, in particular an arithmetic counter generating an incrementing sequential number at the dispense request, and that the unique identifier comprises a combination of the rank and a unique device identifier of the access device. The unique device identifier includes, for example, a MAC address or other unique code of an electronic component used therein and, in combination with the rank to be generated each time by the access device, constitutes a unique combination that can be encoded as such in the dispense request.
The access device may itself be variously equipped with communication means for reading out the personal access device, whether secured or unsecured and whether wired or contactless and/or wireless. A particularly practical form has as a feature that the communication means are capable and configured for contactless data transmission with a personal means of access of the user. In particular, for this purpose, the access device may rely on a module for wireless data transfer based on Near Field Communication (NFC), Wi-Fi or Bluetooth or a comparable standard protocol for wireless communication.
Thereby, the personal access device may further comprise an intelligent personal telecommunication device of the user, in particular a smart phone, where the decryption means and/or the access means may be able and configured to perform multi-factor authentication with the personal telecommunication device of the user.
Below, the invention will be explained in more detail by means of an implementation example and a corresponding drawing. In the drawing shows: Figure 1 a schematic representation of a first implementation example of the device according to the invention;
Figure 2 a schematic representation of a second implementation example of the device according to invention; and
Figure 3 a schematic representation of a third implementation example of the device according to invention.
It should be noted, incidentally, that the figures are purely schematic and not always drawn to (the same) scale. In particular, for the sake of clarity, some dimensions may be more or less exaggerated. Corresponding parts are marked with the same reference number in the figures.
Figure 1 shows a printer device as an example of a dispensing device according to the invention. In this example, it concerns a multi-function printer or copier 100 which is capable and configured to perform a number of printer functions, such as a printing or on-demand printing of printed matter on various sizes of paper and a scanning function by means of a scanner provided for this purpose at the top of the device. The printer device 100 is provided with an access device 15 equipped with a communication module for wireless communication with a personalised access means 20 of the user.
For the access device 20, an intelligent device (smartphone) equipped with a bluetooth and/or near field communication (NFC) transmitter/receiver circuitry for contactless communication with the module of the access device 15, which is also provided with such a transmitter/receiver circuitry so that a wireless communication link can be established and maintained therebetween. Over this connection, the device 20 exchanges an dispense request 25 with the communication module of the access device 15. The access device 15 also includes a card reader with which a smart card 22 or similar token may be read, either contactless or noncontact. Alternatively, a card reader for a user's magnetic card or other token may also be used. Unlike the smartphone 20, these cards and tokens generally do not involve bi-directional communication but only uni-directional one-way traffic through which the dispense request 25 is routed to the printer.
For security and data protection reasons, the dispense request 25 is cryptographically encrypted. For example, the dispense request 25 is already stored in encrypted form in the card 22, with the card reader in the module having the required decryption key and software to decrypt the dispense request 25. Adequate encryption and decryption technology is also part of the aforementioned and other wireless data transmission protocols so that secure encryption of the dispense request 25 is seamlessly implemented therein. Alternatively, the dispense request may merely include a command to execute a (print) job already stored in or at the printer.
The access device 15 is wired to a central operating system 13 of the printer 100. In general, this involves a standard, often unsecured serial or TTL connection, such as here a USB connection 11 with a standard keyboard interface. After being decoded by the access device 15 with the communication module, the dispense request 25 could only be transmitted to the operating system 13 insecurely and susceptible to interception over this relatively insecure connection. Nevertheless, to provide a secure transmission, the access device 15 includes encryption means 13 by which the dispense request 25 is uniquely encrypted.
Moreover, the access device includes tagging means 16 that also encrypt a proprietary identification ID of the access device 15 or access module in the dispense request 25 as well as a unique rank 17. The latter is always a consecutive code or value as a higher rank in a defined sequence of codes or values. In this example, an arithmetic counter 17 is used for this purpose, which always dispenses an incremental value in the form of an ever-increasing integer value. Alternatively, a code in a predefined and as such stored in the access device 15 series of codes, a time/date stamp or otherwise a predetermined sequence that uniquely defines a rank of the dispense request 25 time-sequentially may be applied instead.
The ranking 17 of the dispense request 25 thus generated by the access device 15 is combined with the identification (ID) 16 of the access device 15 with which personal means of access 20,22 were communicated. Together, they form a unique request identifier which, as such, is cryptographically encrypted together with the dispense request 25 into an encrypted dispense request 35 using an initial algorithmic encryption key available to the access device 15 for this purpose.
The access device 15 transmits the encrypted dispense request 35 to the operating system 13 of the printer device 100. Although the standard and in itself unsecured USB communication port 11 of the printer 100 is used for this purpose, the cryptographic encryption of the dispense request 25 in the dispense request 35 hereby nevertheless provides adequate security against tampering or of the system or interception of the encrypted dispense request 35. Without knowledge of the decryption key associated with the first encryption key, the encrypted dispense request 35 is practically not readable or manipulable.
The operating software (print management software) of the operating system 13 has a facility that enables the operating system 13 to pass the encrypted dispense request 35 in encrypted form to decryption means 50. In this case, the decryption means include a remote decryption cum validation server 50 of the operating system and the printer 100 acting in common for a group of such printer devices, whether or not in the same geographical location. Therein, specific decryption and validation software 55 is loaded on the basis of which the decryption and validation server 50 is able to decrypt the encrypted dispense request 35 and test it for authenticity. For this purpose, the server 50 processes decryption software with a cryptographic decryption key associated with the first encryption key.
Only when the authenticity of the dispense request 35 is established, the server 50 transmits the decrypted dispense request 25 to the operating system 13 of the printer 100, which responds to it in the usual way by releasing one or more printer functions to the user, depending on its privileges. The authenticity of the dispense request 35 is thereby established by the server 50 based on the unique access identifier accompanying the dispense request 25. Only the first time the dispense request 25 is presented with the corresponding rank 1 17, the dispense request 35 is accepted as authentic and the dispense request 25 contained therein accepted. To this end, the server has access to an electronic memory in which the unique access identifiers of already settled dispense request 35 were stored.
If a combination of device identifier ID and rank 1 already occurs as an offered access identifier in this stored set of access identifiers, the offered access identifier is recognised by server 50 as a repetition and is not accepted again. Re-use of the encrypted dispense request 35, e.g. after it was unlawfully intercepted or duplicated, is thus precluded by the fact that it is immediately identified from the already used and therefore expired rank 1 at the device identification ID.
For communication between the server 50 and the operating system 13 of the printer 100, a secure connection is used in this example. The server 50 provides connection with an authentication service, such as Microsoft Active Directory (LDAP) and Azure AD. Different protocols and platforms can be used by themselves for communication between the printer and the decryption device, for example HTTPS, TLS1.2 and TLS 1.3. The decrypted dispense request 25 may therefore be exchanged in readable, decrypted form nevertheless securely by the server 50 with the printer 100.
Incidentally, if required, cryptographic encryption may also be applied again for this message exchange, using a second encryption/decryption key pair shared between the server 50 and the printer 100. In both cases, the server 50 is connected to the printer 100 with advantage via the Internet 60 for data exchange. The server 50 is hereby provided as a cloud solution to which additional printer 100 can easily be connected without having to intervene in the existing ICT infrastructure in any way. Incidentally, it should be noted that where this example is based on a server 50, this should not only be understood to mean an independent physical device, but also a virtual server environment running on shared hardware.
If desired, the smartphone 20 adds extra security by requesting an access code (password or PIN) itself and/or performing biometric recognition. Furthermore, the system may be extended to include a further form of multi-factor authentication in that the server 50 derives from the dispense request 35 an SSID of the device 20 also encrypted therein and transmits to it a temporary password.
A second implementation example of a device according to the invention is shown in Figure 2. In this example, the dispensing device comprises a locker wall 200 with dispensing means in the form of a large number of individual lockers, also referred to as lockers, which can be selectively released by means of a central control unit 13 depending on an authorisation of the user. This might include, for example, a locker wall in a school, sports facility, museum or otherwise a public building in which personal belongings were deposited or a locker wall for delivery of products purchased online. In both cases, on the basis of a user identification, only the locker intended for the user is selectively released after the user logs on to the locker wall using a personal 20.22 access medium. Such personal means of access 20,22 thereby exchanges, inter alia, a unique access code obtained in advance for that purpose or otherwise identification with the locker 200 in the form of an dispense request 25 on the basis of which the operating system 13 of the locker 200 is able to allocate the correct locker to the user. For this purpose, the locker 200 is equipped with an access device 15 having a communication module for communication with that personal access means 20 of the user. The access device is again assumed to be an intelligent device (smartphone) having a bluetooth and/or near field communication (NFC) transmitter/receiver circuitry for contactless communication with the access device 15, which is also provided with such a transmitter/receiver circuitry so that a wireless communication link can be established and maintained therebetween.
To access his or her personal safe, the user exchanges with the device 20 an dispense request 25 with the access device 15. The access device 15 is also equipped with a card reader with which a smart card 22 can be read, either contactless or non-contact. Alternatively, a card reader for a magnetic card or other person-related token may be used for this purpose. Unlike the smartphone 20, such cards and tokens generally do not involve bi-directional communication but only one-way communication by which the dispense request 25 is dispensed to the locker 200.
For security and data protection reasons, the dispense request 25 is cryptographically encrypted. For example, the dispense request 25 is already stored in encrypted form in the card 22, with the card reader in the module having the required decryption key and software to decrypt the dispense request 25. Adequate encryption and decryption technology are part of the aforementioned and other wireless data transmission protocols so that secure encryption of the message 25 is handled within that protocol.
The access device 15 is connected to a central operating system 13 of the vault wall 200. In general, this is a standard wire-bound USB connection 11 with a standard keyboard interface. After being decrypted by the access device 15, the dispense request 25 could only be transmitted insecurely and susceptible to interception over this relatively insecure connection to the operating system 13. Nevertheless, to provide secure transmission, the access device 15 includes encryption means 13 that uniquely encrypt the dispense request 25.
Also, the access device 15 includes identification means 16 by which a unique identification ID of the access device 15 is added to the dispense request 25 as well as a unique rank (sequence) 17. The latter is always a successive code or value as a higher rank in a defined sequence of codes or values. In this example, this uses an arithmetic counter 17 that always dispenses an incremental value in the form of an ever-increasing integer value. Alternatively, a code in a predefined and as such stored in the access device 15 series of codes, a time/date stamp or otherwise a predetermined sequence that uniquely defines a rank of the dispense request 25 time-sequentially may be applied instead.
The ranking 1 17 of the dispense request 25 thus generated in the access device 15 is combined with the identification (ID) 16 of the access device 15 with which personal means of access 20,22 were communicated. Together, they form a unique request identifier which, as such, is cryptographically encrypted together with the dispense request 25 into an encrypted dispense request 35, using an initial algorithmic encryption key available to the access device 15 for this purpose. The access device 15 transmits the encrypted dispense request 35 to the operating system 13 of the vault wall 200. The cryptographic encryption of the dispense request 25 in the dispense request 35 hereby provides adequate security against tampering or of the system or interception of the encrypted dispense request 35. Without knowledge of the decryption key associated with the encryption key, the dispense request 35 is practically not readable or manipulable.
The operating system operating software 13 has a facility that enables the operating system 13 to pass the encrypted dispense request 35 in encrypted form to decryption and validation means 50. Herein, the dispense request 35 is processed in the same, or at least similar, manner as was described in the first implementation example. Eventually, the dispense request 25, encrypted or otherwise, reaches the operating system 13 of the safe wall over a secure connection 62 from the server 50, in order to unlock the door of the respective safe on that basis and release the contents of the safe only to the legitimate user.
Apart from a service, such as the printer function of the first implementation example, or an dispensing of a product, such as the contents of a safe deposit box in the second implementation example, the device according to the invention also lends itself to a controlled dispensing of less tangible items such as, for example, the supply of fuel or electricity from a charging station. Figure 3 shows an implementation example thereof in the form of a charging station or charging post 300 with a operating system 13 to which an access device 15 and a decryption/validation server 50 in accordance with the invention are coupled. At the charging station 300, an electric vehicle of the user can be charged after the user logs on to the station 300 with his personal access device 20,22. This is followed by a message exchange and processing as already described in detail in the first and second implementation examples and considered here as cited and inserted. Finally, an dispense request 25 reaches the control software 13 of the charging station 300 from the server 50 over a secure connection 62, but only if this request was accepted as original and authentic by the server 50 in the manner described above. The supply of electricity is thereupon released and the consumption recorded and administered at the user's premises.
All in all, the invention thereby creates a particularly user-friendly security layer on the operating system and hardware of a dispensing device with which the authenticity and authorisation of a user can be established particularly reliably and securely autonomously, i.e. completely upstream without any necessary hand-shaking or other feedback, making the invention also applicable in a uni-directional connection for data throughput.
Although the invention was explained in more detail above by means of merely a few implementation examples, it should be clear that the invention is by no means limited to this. On the contrary, many variations and manifestations are still possible within the scope of the invention for an average person skilled in the art. For example, the security provided can also be used more generally for a controlled dispense of products, including the supply of utility flows such as gas, water or electricity. For example, petrol stations and vending machines that selectively prepare or dispense products on the basis of a user's defined access authorisation. A payment system can then be linked to these in a customary manner.

Claims

Claims:
1. Dispensing device for the controlled dispensing of a product, comprising dispensing means, an operating system for controlling the dispensing means and access means that selectively provide a user with access to the product, wherein the access means are coupled with the operating system and comprise communication means that are capable and configured to receive a dispense request from the user and transmit said dispense request to the operating system, characterized in that the access means comprise identification means that generate a unique request identifier with the dispense request, in that the access means include encryption means that cryptographically encrypt the dispense request together with the unique request identifier with an encryption key into a cryptographically encrypted dispense request and forward the cryptographically encrypted dispense request, in that the operating system is coupled with decryption means capable and configured to decrypt the cryptographically encrypted dispense request and to derive from it the dispense request together with the unique request identifier, using a decryption key associated with the encryption key, and in that validation means are provided that validate the decrypted request identification as being valid only once.
2. Dispensing device according to claim 1, characterized in that the identification means comprises a counter capable and configured to generate an incrementing rank at the dispense request, in particular an arithmetic counter which generates an incrementing sequence number at the dispense request, that the access means comprises an access device with a unique device identifier, and that the unique request identifier comprises a combination of the rank and the device identifier of the input device.
3. Dispensing device according to claim 2, characterized in that the access device comprises an input device for contactless data transfer with a personal access device of the user.
4. Dispensing device according to claim 2 or 3, characterized in that the access device comprises a card reader for reading an electronic access card or electronic token of the user, in particular a smart card or a smart token.
5. Dispensing device according to claim 2, 3 or 4, characterized in that the access device comprises a module for wireless data transfer based on Near Field Communication (NFC), Wi-Fi or Bluetooth or a similar standard protocol for wireless communication.
6. Dispensing device according to claim 3, 4 or 5, characterized in that the personal access device comprises an intelligent personal telecommunication device of the user, in particular a smart phone, and that the access device is capable of and configured to perform multi-factor authentication with the personal telecommunication device of the user.
7. Dispensing device according to any one or more of the preceding claims, characterized in that that the decryption means comprises a decryption device that is linked, or at least connectable, to the operating system through secondary means of communication, where the decryption key is available in the decryption device and the decryption device is capable of and configured to decrypt the encrypted dispense request.
8. Dispensing device according to claim 7, characterized in that the second means of communication comprises telecommunications means capable and configured to establish and at least temporarily maintain a telecommunications link for data exchange with the operating system, wherein the decryption device is linked to the operating system via the telecommunications link, at least connectable, and wherein the telecommunications link is in particular at least in part via the Internet, preferably via an encrypted virtual network (VPN).
9. Dispensing device according to claim 7 or 8, characterized in that the decryption device comprises second encryption means capable and configured to cryptographically encrypt the dispense request with a second encryption key and thus exchange it in cryptographically encrypted form with the operating system, the operating system comprising second decryption means capable of decrypting the encrypted dispense request with a second decryption key, which second decryption key is associated with the second encryption key.
10. Dispensing device according to one or more of the preceding claims, characterized in that the dispensing device is part of a group of dispensing devices that are jointly associated with the decryption means, or are at least connectable. 18
11. Decryption device capable of and configured to cooperate with one or more dispensing devices according to any one or more of the preceding claims in order to receive from a dispensing device a cryptographically encrypted dispense request with an encryption key, comprising decryption means having a decryption key associated with the encryption key, which enables the decryption means to decrypt the encrypted dispense request and derive a unique request identifier encrypted therefrom, and that validation means are provided which are capable and configured to validate the unique request identifier as being valid only once and deliver this validation result to an operating system associated with the dispensing device.
12. Access device for an dispensing device, comprising communication means capable and configured to receive a dispense request from a user, identification means generating a unique request identification at the dispense request, encryption means cryptographically encoding the dispense request together with the unique request identification with an encryption key into a cryptographically encrypted dispense request, and comprising a port for a connection over which the cryptographically encrypted dispense request is transmittable.
13. Access device according to claim 12, characterized in that the identification means comprises a counter capable and configured to generate an incremental rank at the dispense request, in particular an arithmetic counter generating an incremental sequence number at the dispense request, and that the unique identifier comprises a combination of the rank and a unique device identifier of the access device.
14. Access device according to claim 12 or 13, characterized in that the communication means are capable of and configured for contactless data transmission with a personal access device of the user.
15. Access device according to claim 12, 13 or 14, characterized in that the communication means comprise a card reader for reading an electronic access card or electronic token of the user, in particular a smart card or a smart token.
16. Access device according to claim 12, 13 , 14 or 15 characterized in that the communication means comprises a module for wireless data transmission based on Near Field 19
Transmission (NFT), Wi-Fi or Bluetooth or a similar standard protocol for wireless communication.
17. Access device according to claim 14, characterized in that the personal access device comprises an intelligent personal telecommunication device of the user, in particular a smart phone.
PCT/IB2022/058655 2021-09-14 2022-09-14 Dispensing device, decryption device and access device WO2023042088A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NL2029185A NL2029185B1 (en) 2021-09-14 2021-09-14 Issuing device, decryption device and access device
NL2029185 2021-09-14

Publications (1)

Publication Number Publication Date
WO2023042088A1 true WO2023042088A1 (en) 2023-03-23

Family

ID=77999353

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2022/058655 WO2023042088A1 (en) 2021-09-14 2022-09-14 Dispensing device, decryption device and access device

Country Status (2)

Country Link
NL (1) NL2029185B1 (en)
WO (1) WO2023042088A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050243364A1 (en) * 2004-04-28 2005-11-03 Canon Kabushiki Kaisha Image processing system
US20140293314A1 (en) * 2013-04-02 2014-10-02 Hewlett-Packard Development Company, L.P. Secure print job through mobile device id
US20210103270A1 (en) * 2017-04-27 2021-04-08 Hewlett-Packard Development Company, L.P. Regulating production of an object

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050243364A1 (en) * 2004-04-28 2005-11-03 Canon Kabushiki Kaisha Image processing system
US20140293314A1 (en) * 2013-04-02 2014-10-02 Hewlett-Packard Development Company, L.P. Secure print job through mobile device id
US20210103270A1 (en) * 2017-04-27 2021-04-08 Hewlett-Packard Development Company, L.P. Regulating production of an object

Also Published As

Publication number Publication date
NL2029185B1 (en) 2023-03-23

Similar Documents

Publication Publication Date Title
US10431029B2 (en) Access control system
CN1565117B (en) Data certification method and apparatus
US5745576A (en) Method and apparatus for initialization of cryptographic terminal
EP2424185B1 (en) Method and device for challenge-response authentication
US5852665A (en) Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow
CA2023872C (en) Databaseless security system
CN101340436B (en) Method and apparatus implementing remote access control based on portable memory apparatus
CN109448197A (en) A kind of cloud intelligent lock system and key management method based on multi-enciphering mode
CN106452739A (en) Quantum network service station and quantum communication network
WO1997045979A9 (en) Method and apparatus for initialization of cryptographic terminal
CN110178161A (en) Using the access control system of safety
WO2015162127A1 (en) Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device
US8990887B2 (en) Secure mechanisms to enable mobile device communication with a security panel
US20020018570A1 (en) System and method for secure comparison of a common secret of communicating devices
CN109600296A (en) A kind of certificate chain instant communicating system and its application method
CN206042014U (en) Quantum network service station and quantum communication network
CN1808975B (en) System and method of preventing network account from stolen
US7587051B2 (en) System and method for securing information, including a system and method for setting up a correspondent pairing
CN113129525A (en) Method and apparatus for authenticating a user of a storage compartment device
KR20010079161A (en) The equipment authentication and communication encryption key distribution method in a wireless local area network environments
WO2023042088A1 (en) Dispensing device, decryption device and access device
JP7275186B2 (en) Touchless PIN input method and touchless PIN input system
JP6723422B1 (en) Authentication system
US8953804B2 (en) Method for establishing a secure communication channel
CN114170709A (en) Money box management method and system based on Internet of things

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22801875

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE