Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/08—Access security
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
  • G07C9/00817—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
  • G07C9/00857—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
  • H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
  • H04W12/0433—Key management protocols
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
  • G07C9/00817—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
  • G07C2009/00841—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed by a portable device
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
  • G07C9/00857—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
  • G07C2009/00865—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed remotely by wireless communication

Definitions

• the present invention relates to the control of access to a closed space.
• an access control method and an access control electronic box implementing said access control method. It also relates to a method for updating a valid security key as well as to a remote access control server implementing said updating method. Finally, it relates to an access control system comprising at least one electronic access control unit and at least one remote access control server.
• the present invention finds its application for any closed space whose access can be controlled. Indeed, the problem of access control can arise in various fields and situations.
• the closed space to which access is to be controlled can be a place such as a parking lot or a house, an area or part of a place such as a box in a parking lot or a room in a house, an object such as a car or a trunk, etc.
• access control systems are known in the prior art using radio frequency remote controls, magnetic badges, or even access codes (digicodes).
• This type of access control system although functional, has its limits since it requires an access tool (badge, remote control, etc.) specially dedicated to each person and / or does not allow access to be limited in time. . Indeed, a person in possession of the badge, the remote control or the code can reuse it at any time to access the closed space.
• a security problem also arises in the event, for example, of loss of the access tool or knowledge by third parties of the access code.
• Access control systems are also known using GSM boxes, recognition means (license plate recognition in the case of a parking lot, for example), or even means of interaction between machines (machine to machine in English abbreviated as M2M) connected. Although these types of systems provide better security, they require more expensive technology.
• the object of the present invention is to solve at least one of the aforementioned drawbacks.
• the invention relates to an access control method implemented in an electronic access control unit suitable for communicating with multifunction mobiles, comprising the following steps:
• said access control method comprises a step of updating said valid security key, comprising the following sub-steps:
• the electronic access control unit can be updated easily and only using a multifunction mobile.
• the multifunction mobile is not only suitable for controlling the box but also for updating it.
• the solution thus proposed saves the use of additional computing device for the update.
• the invention is particularly well suited to a system in which the electronic access control unit is not connected to a remote computing device.
• the update helps to ensure better security. Indeed, a person in possession of a valid security key at an instant t, will be able to control access by means of the access box for a given period, but once an update of the box is carried out, the security key in his possession will no longer be valid, preventing him from controlling access.
• the security key can thus be renewed for security for the usual user or to give temporary access to an authorized person other than the usual user.
• the method according to the invention also makes it possible to grant access authorization to several people. This can be useful, for example, if you want to allow access to a car park for several people but for a fixed period only.
• the step of acquiring an update instruction is implemented after said steps of receiving and comparing a security key addressed by said active multifunction mobile, when said received security key is different from said valid security key.
• an update of the access control electronic unit is carried out so as to authorize access by means of the second security key which has become a key. valid security.
• the box then subsequently emits an access authorization signal if a multifunction mobile sends it the second security key which has become a valid security key.
• the step of updating the valid security key further comprises, when said received security key is different from said valid security key, a prior sub-step of comparing said received security key with said second stored security key, the acquisition, substitution, storage and sending sub-steps being performed when said received security key is identical to said second stored security key.
• the update is started only if the user has the correct access code, namely here the second security key. This avoids having to update the box even if the user does not have or no longer has a code or security key allowing him access.
• the invention also relates, according to a second aspect, to an electronic access control box comprising means for bidirectional communication with multifunction mobiles, means for storing a valid security key and a second security key and means. processing adapted to implement the access control method described above.
• the box thus produced is less complex to manufacture, uses only two-way communication means and is thus less expensive.
• the box comprises means for connection to means for controlling the opening of an access using an electronic lock with a predefined alphanumeric code, or a radiofrequency transmitter-receiver pair or a transmitter-receiver pair by technology. magnetic.
• the box can thus be mounted in parallel with an existing access control system using said access opening control means.
• an authorized person other than the usual user can also obtain an access authorization.
• the usual user can for example have the access authorization via the existing access control system and the authorized person can have the access authorization via the box. This use is all the more interesting as the access authorization of the authorized person can be limited in time.
• the box can be used alone or in combination with an existing system.
• the two-way communication means implement a link by UHF radio waves, and preferably the Bluetooth standard.
• the invention also relates, according to a third aspect, to a method for periodically updating a valid security key for the access control method described above, implemented in a remote access control server adapted to communicate. with multifunction mobiles that have downloaded a local access control application.
• the periodic update process includes the following steps
• the server is notified and sends the deletion message to all the multifunction mobiles. This prevents an update instruction from being sent to the box when the box is already up to date.
• the method of periodically updating a security key valid for the access control method is reiterated between every day and every 10 days, and preferably between every 2 days and every 5 days. days.
• the invention also relates to a remote access control server suitable for communicating with multifunction mobiles which have downloaded a local access control application.
• Said server is suitable for implementing the method of periodically updating a valid security key described above.
• the invention also relates to an access control system comprising at least one electronic access control unit, and a remote access control server having the preceding characteristics.
• FIG. 1 is a schematic block diagram of an access control system for implementing one or more embodiments of the invention
• FIG. 2 is a schematic block diagram of an access control box according to one embodiment of the invention.
• FIG. 3 is a schematic block diagram of an access control box according to another embodiment of the invention.
• FIG. 4 diagrammatically represents the steps of an access control method implemented in the box; and
• FIG. 5 schematically represents the steps of a periodic updating method implemented in a server for said access control method.
• FIG. 1 illustrates, in a schematic block diagram, an exemplary embodiment of an access control system 1 comprising an access control electronic box 2 and a remote access control server 3.
• the control system access 1 is configured so as to allow or deny access to a closed space to a user.
• the access control system 1 also comprises at least one multifunction mobile 4. Said at least one multifunction mobile 4 is connected on the one hand to the box 2 and on the other hand to the server 3.
• a single multifunction mobile 4 is illustrated for the example of Figure 1, but of course the number of multifunction mobile 4 can vary.
• the access control electronic box 2 also referred to hereinafter as box 2, is shown more precisely in Figure 2.
• the box is powered, for example by cables allowing a power supply between 9 and 36 VDC. This is shown schematically in the block diagram by power supply 20.
• the box 2 comprises bidirectional communication means 21, 22.
• the bidirectional communication means here comprise an antenna 21 and a module 22.
• the bidirectional communication means are adapted to implement a link by radio waves so as to receive and send. signals to multifunctional mobiles 4.
• the antenna 21 is suitable for implementing a link by UHF radio waves, for example the Bluetooth standard.
• the module 22 is suitable for processing the signal received and sent via the antenna 21.
• the box 2 further comprises storage means and processing means.
• the memorization means are suitable for memorizing security keys.
• the storage means are suitable for storing a valid security key and a second security key.
• the second security key is considered a future valid security key, i.e. the next security key to be authorized access.
• the processing means are suitable for implementing an access control method described below according to one embodiment of the invention.
• the box 2 comprises a microcontroller 23 integrating the storage means and the processing means.
• the storage means and the processing means can be designed differently.
• the microcontroller 23 is connected to the module 22 which is itself connected to the antenna 21.
• the microprocessor 23 emits a discrete output signal (all or nothing) as shown diagrammatically in FIGS. 2, 3. Thanks to the discrete output signal, the box 2 may or may not allow access to a closed space.
• the housing 2 is mounted in parallel with an existing system.
• the box comprises means for connecting the microprocessor 23 to control means 24 for opening access to the existing system.
• the access opening control means can implement an electronic lock with a predefined alphanumeric code, or a radiofrequency transmitter-receiver pair, or even a transmitter-receiver pair by magnetic technology.
• the connection means send the digital output signal to the control means, which makes it possible to control access.
• box 2 can be used alone to control access as shown in Figure 2, or in conjunction with an existing system as shown in Figure 3.
• the remote access control server 3 or server 3 can be of any known type, responding to requests from computer devices. In the exemplary embodiment described, the server 3 responds to requests from multifunction mobiles 4.
• the multifunction mobiles 4 include an access control APP application allowing connection to the box 2 and to the server 3.
• the connection is made by network connection, for example of the WIFI type.
• the APP application is suitable for memorizing security keys.
• the application APP is suitable for memorizing two security keys addressed by the server 3; a first security key and a second security key stored as a future security key.
• Figure 4 shows schematically the general operation of the box 2, by means of the connection with the multifunctional mobiles 4 to control access to a closed space.
• the left part of FIG. 4 illustrates the box 2 at an instant t0 before being controlled by a multifunction mobile 4.
• the storage means of the box 2 include in memory a valid security key V1 and a second security key V2.
• a valid security key is understood to mean the security key used to control access.
• the second V2 security key is the future valid security key allowing access.
• FIG. 4 illustrates a multifunction mobile 4 in which the application APP has been downloaded beforehand.
• the APP application here includes in memory two security keys addressed by the server; the first security key Va1 and the second security key Va2.
• the access control method implemented in the box 2 is such that the multifunction mobile firstly addresses a security key, in particular here the first security key Va1, to the box 2.
• the box 2 receives thanks to the bidirectional communication means and compares, thanks to the storage and processing means, the received security key Va1 with the valid security key V1 stored in said box 2.
• box 2 When the received security key Va1 is identical to the valid security key V1, box 2 then emits an access authorization signal, in particular via the digital output signal.
• box 2 When the received security key Va1 is different from the valid security key V1, box 2 does not emit an access authorization signal.
• the received security key Va1 can be compared with the second security key V2 and an update instruction (Update) can be sent by the mobile. multifunction 4 to the box 2 possibly allowing access by means of another security key, in particular the second security key V2.
• Update update instruction
• update steps are provided for, on the one hand, by the server 3 in the multifunction mobiles 4, and on the other hand by multifunction mobiles 4 in the box 2. These steps make it possible to update the valid security key allowing access to be authorized.
• an update step is carried out periodically by the server 3 in the multifunction mobiles 4 connected to said server 3.
• the periodic update can be repeated between every day and every 10 days.
• the periodic update is repeated between every two days and every five days.
• the periodic update can be performed as soon as the connection is reestablished.
• This periodic update step is shown schematically in FIG. 5. It is implemented here for three multifunction mobiles 4. Of course, the number of multifunction mobiles 4 can be different.
• the server 3 at an initial instant t0 before any update, the server 3, the box 2 and the multifunction mobiles 4 all include in memory two security keys, the valid security key V1, and a second V2 security key (or future valid security key).
• the server 3 firstly sends the multifunction mobiles 4 a new security key V3 to be stored as a future security key in the application APP.
• the server 3 also sends the multifunction mobiles 4 an instruction to update the box 2.
• the APP application of multifunction mobiles 4 replaces the valid security key V1 with the second key security key V2, and stores the new security key V3 as a new second security key or future valid security key.
• the multifunction mobile 4 receives the new key V3 and the instruction to update the unit 2 as soon as the connection with server 3 is restored.
• a multifunction mobile 4 among the multifunction mobiles 4, here among the three multifunction mobiles 4, is active first.
• active multifunction mobile 4 is meant a multifunction mobile 4 connected to the box 2 in order to try to obtain access.
• the active multifunction mobile 4 having been updated by server 3, said active multifunction mobile 4 addresses the security key V2 or valid security key stored by the multifunction mobile 4.
• This security key V2 is at this stage different from the key valid security V1 stored in box 2.
• the box 2 does not allow access since the received security key V2 is different from the valid security key V1 of the box 2.
• the box 2 compares in this case the received security key V2 with the second security key stored in the box 2.
• the security key addressed by the multifunction mobile here V2
• a step of updating the box 2 is then performed.
• the multifunction mobile 4 then sends the new security key V3 stored in the mobile 4 as a future valid security key.
• the valid security key V1 stored in unit 2 is replaced by the second security key V2 stored in unit 2.
• Unit 2 also stores the new security key V3 as second security key or future valid security key.
• Box 2 is thus updated.
• the two keys stored in box 2 correspond to the two keys stored in the APP application of multifunction mobiles 4.
• the unit 2 sends an update confirmation message to the active multifunction mobile 4.
• the active multifunction mobile 4 therefore sends the update confirmation message to the server 3.
• the server 3 then sends a message for deleting the update instruction from the box 2 to the multifunction mobiles 4 connected to said server 3. This is shown schematically in the figure by a dotted arrow.
• the multifunction mobiles 4 and the box 2 always have two memorized security keys.
• box 2 may contain only one security key; the valid security key.
• a blank slot is thus provided in the housing for the second security key.
• An initialization step of the box 2 and of the multifunction mobiles 4 can therefore be provided.
• the initialization step firstly comprises a sub-step for sending by the server the valid security key and a second security key to the multifunction mobiles as well as a sub-step for sending a box initialization instruction.
• An active multifunction mobile 4 can then start the initialization of the box 2.
• the initialization of the box 2 is carried out according to the following substeps:
• the server also receives an initialization confirmation message from the active multifunction mobile. It then sends a message to delete the initialization instruction from the box to the multifunction mobiles.
• the box 2 is thus initialized and includes in memory the valid security key and the second security key.
• connection, processing and storage means of the box can be of any other known type.
• the number of security keys stored in the multifunction mobile application and in the box may be different, and in particular greater than two.
• the multifunction mobile addresses a single security key, here the first security key Va1.
• the multifunction mobile can, if the first security key Va1 is refused because it is different from the valid security key V1 and from the second security key V2 of the box 2, then address the second key safety Va2.
• the second security key Va2 then undergoes the same processing undergone by the first security key Va1.
• the second security key Va2 of the multifunction mobile is compared to the valid security key V1 of the box.
• box 2 does not emit an access authorization signal.
• the multifunction mobile can simultaneously address the first security key Va1 and the second security key Va2 to box 2.
• Box 2 then first compares the first security key Va1 received with the valid security key V1, then possibly with the second security key V2 or future security key valid if the first security key Va1 received is different from said valid security key V1. If the first security key Va1 received is different from the valid security key V1 and from the second security key V2 of the box 2, the box 2 then passes to the comparison of the second security key Va2 received from the multifunction mobile. The box 2 therefore compares the second security key Va2 received with the valid security key V1, then possibly with the second security key V2 or future valid security key if the second security key Va2 received is different from said security key. valid V1.
• a first addressed security key Va1 and a second security key Va2 addressed by a multifunction mobile 4 when a first addressed security key Va1 and a second security key Va2 addressed by a multifunction mobile 4 is different from the valid security key V1 and from the second security key V2 of the box 2, then said multifunction mobile 4 loses the right to attempt access at least momentarily to the box 2. For example, the IP address is blocked for said multifunction mobile. This makes it possible, for example, to prevent a malicious person from trying to control access to box 2 by making several attempts to send security keys (here more than two security keys).
• the present invention thus proposes a solution for controlling access to a closed space that is simple and employs few technical means. It only requires two-way communication for control of the enclosure. The connection between the multifunction mobiles and the server is only useful during periodic updates of the multifunction mobiles and can therefore be broken in the meantime.
• the present invention also allows temporary access, which improves the security of access control and can be useful in various situations: one-off access authorization to a person other than the usual user, access authorization to several people. for the same closed space, etc.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Lock And Its Accessories (AREA)
• Telephonic Communication Services (AREA)
• Selective Calling Equipment (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=70738684

Family Applications (1)

Country Status (3)

Family Cites Families (5)

• 2020
  • 2020-02-11 FR FR2001359A patent/FR3107153B1/fr active Active
• 2021
  • 2021-02-10 WO PCT/FR2021/050237 patent/WO2021160965A1/fr not_active Ceased
  • 2021-02-10 EP EP21709073.7A patent/EP4104479A1/de active Pending

Also Published As

Similar Documents

Legal Events