• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method and a device for controlling a locking mechanism (2) having a mobile terminal (1), which has a user interface (4), means for establishing a local data connection (3) and means for establishing a connection to a network (6 ), in particular the Internet, wherein the locking mechanism (2) is connectable to the local data connection (3). To achieve a particularly simple and flexible control, an identity provider (7) connectable to a network (6) and an authorization entity (8) connectable to a network (6) are provided, and the mobile terminal (1) for registration with the identity provider (7). and the authorization entity (8) for issuing a key (10) after receiving authentication information from the identity provider (7) with which key (10) the locking mechanism (2) is revealed.
    公开号:AT513016A1
    申请号:T50222/2012
    申请日:2012-06-05
    公开日:2013-12-15
    发明作者:Markus Minichmayr
    申请人:Phactum Softwareentwicklung Gmbh;
    IPC主号:
    专利说明:

    | §20t2 / 50222 1 Ί
    The invention relates to a method for controlling a locking mechanism with a mobile terminal, wherein for controlling the closing mechanism of the mobile terminal, a local data connection to the closing mechanism is constructed.
    The invention further relates to a device for controlling a locking mechanism with a mobile terminal, which has a user interface, means for establishing a local data connection and means for establishing a connection to a network, in particular the Internet, wherein the locking mechanism is connectable to the local data connection ,
    The present application relates to a method and a device by means of which the access of physical individuals (persons, animals, robots) to a thing or their use of a thing (for example automats) can be controlled.
    The method uses as a mediating instance a mobile device (eg smartphone, computer, tablet PC, vehicle, etc.) which is suitable, a locally and possibly temporally limited data connection (hereinafter "local data connection", eg NFC, RFID, Bluetooth , WLAN) to open the protected resource locking mechanism and to establish a data connection (hereinafter "network connection", possibly limited in time) to at least one identity provider and to an authorization entity in the network. The mobile terminal has a user interface, typically a graphical display, a keyboard and / or a touch screen, etc., for user interaction.
    Already known is the use of a mobile terminal for controlling locking mechanisms. This eliminates the need to issue physical keys (conventional key, RFID card, etc.) for most other procedures. However, conventional methods are relatively cumbersome in verifying the identity and authorization of the user. 2
    The object of the present invention is to provide an above-mentioned method and apparatus for controlling a locking mechanism with a mobile terminal, by means of which a particularly simple and flexible control can be achieved.
    The object of the invention is achieved in procedural respects by the fact that to obtain a key to open the locking mechanism with the mobile Enderät a connection via a network, in particular the Internet, is made to an identity provider, and the identity provider authentication information is obtained, with which Authen authentication information on an authorization authority in a network a key is issued, with which key the locking mechanism is opened. In contrast to known methods, the method described allows the delegation of authentication to one or more trusted entities (identity providers). This delegation allows the granting of access or use privileges to established virtual identities. The mobile terminal uses at least one network connection as well as the user interface to perform a registration process with an identity provider by means of known technologies for delegation of user authentication (eg OAuth) and by means of the thus obtained authentication information a key (virtual access key) to open the locking mechanism of the To query authorization authority. The local data connection is subsequently used to transmit the key to the locking mechanism and trigger the locking mechanism. The method is suitable both for locking mechanisms with a permanent data connection to the authorization authority as well as for those without such. Compared to conventional methods, the described method brings a significant simplification in the use and management of access systems. It allows the binding of an access or access authorization to an established virtual identity instead of a physical medium (physical key or access card) or individually newly assigned access keys. An essential 3
    Advantage of the subject method is that the control of the locking mechanism is not tied to a specific mobile device, but an authorized user this control can be performed with various mobile devices that can make a review of the authorization. In the following, instead of the term key, the term access certificate is used, which may contain additional data, such as authorizations, etc.
    Advantageously, a connection to an existing identity provider is established to obtain the key for opening the locking mechanism with the mobile terminal. The use of incumbent identity providers eliminates the need to register and issue additional credentials, along with the related issues of delivery security, storage, etc. This provides users with less user data to manage altogether, which can add to security. On the other hand, the implementation and operation of an authentication system and the necessary (security) considerations are eliminated on the part of the operator. Instead, this functionality is delegated to one or more trusted identity providers. The procedure also permits the granting of access rights to individuals without the need for a physical meeting with a issuing authority (person or device). The delegation of authentication is already established in virtual systems, the transfer to physical access systems described in this procedure brings the corresponding advantages in the "real". World.
    For example, the locking mechanism is controlled with a smartphone, a computer or the like as a mobile terminal.
    To control the locking mechanism, the mobile terminal establishes a near field communication (NFC) connection, a radio frequency connection, a Bluetooth connection and / or a WLAN connection as a local data connection to the locking mechanism. Smartphones usually have one or more such 4
    Connectivity options.
    If the locking mechanism has no connection to the authorization authority, the key for opening the locking mechanism is transmitted from the authorization authority to the mobile terminal and from the mobile terminal via the local data connection to the locking mechanism. This is the so-called offline procedure.
    If a connection is established between the locking mechanism and the authorization entity over the network, the key for opening the locking mechanism can also be transmitted directly from the authorization authority to the locking mechanism. This is called the so-called online procedure.
    Before the opening of the locking mechanism additional predetermined conditions, in particular timing requirements, can be queried. Thereby, the control of the locking mechanism to these additional conditions, such as certain times when access is possible, or an expiration date of the key, be made.
    The establishment of the local data connection between the mobile terminal and the locking mechanism can be triggered by a physical interaction with the mobile terminal, for example the actuation of a control element on the mobile terminal or the execution of a movement with the mobile terminal, in particular in the vicinity of the locking mechanism. In the case of a local data connection in the form of an NFC communication, the connection is established by placing the mobile terminal in the immediate vicinity (10 cm) of the locking mechanism.
    The locking mechanism preferably sends a data packet with a unique identification to the mobile terminal. As a result, the locking mechanism can be uniquely assigned.
    The object according to the invention is also achieved by an above-mentioned control device in which a network-connectable identity provider and a network-connectable authorization entity are provided, and the mobile terminal is configured to log in to the identity provider, and the authorization entity is issued with a key upon receipt an authentication information is formed by the identity provider, with which key the locking mechanism can be opened. For the achievable advantages, reference is made to the above description of the control method.
    The network in which the at least one identity provider is located may be different from the network in which the authorization entity is located.
    Advantageously, the mobile terminal is formed by a smartphone, a computer or the like.
    The means for establishing the local data connection may be formed by a near-field communication (NFC) transmitter, an RFI-D transponder, a Bluetooth transmitter and / or by a WLAN router,
    Advantageously, the mobile terminal is designed to receive the key from the authorization authority.
    Likewise, the locking mechanism may include means for connecting to the authorizing entity through the network such that the key to open the locking mechanism is communicated from the authorizing entity to the locking mechanism. This variant is characterized by a higher outlay, but allows rapid adaptation to changed situations, since information changed by the authorization authority can be transmitted to the locking mechanism.
    If the transmission of the key for opening the locking mechanism depends on additional conditions, in particular schedules, a higher level of security can be achieved.
    iüi 6
    The user interface of the mobile terminal is preferably formed by a touch screen, which is the input and output possibility in the mobile terminal. The interaction of the user with the mobile terminal can also be done via a voice control, keyboard, etc.
    The invention will be explained in more detail with reference to the accompanying drawings. Show:
    Fig. 1
    Fig. 2
    Fig. 3
    Fig. 4
    5 shows a schematic block diagram of a device according to the invention for controlling a locking mechanism with a mobile terminal without connecting the locking mechanism with an authorization instance (offline method); a schematic flow diagram of an inventive offline method for controlling a locking mechanism with a mobile terminal, a schematic block diagram of another embodiment of an inventive device for controlling a locking mechanism with a mobile terminal with connection of the locking mechanism with an authorization authority (online method); a schematic flow diagram of another embodiment of an inventive online method for controlling a locking mechanism with a mobile terminal; and a schematic flow diagram of another embodiment of an inventive offline method for controlling a locking mechanism with a mobile terminal.
    Fig. 1 shows a schematic block diagram of a device according to the invention for controlling a locking mechanism 2 with a mobile terminal 1 without connection of the locking mechanism with an authorization authority 8 (offline method). The mobile terminal 1 is an electronic device capable of communicating with the user 5, an authorizing authority 8, and the lock mechanism 2. These communications 7 need not necessarily be simultaneous. The locking mechanism 2 is a technical device that allows access to or access to a thing (e.g., doors or machines). The locking mechanism 2 must be able to communicate with the mobile terminal 1 and execute software that meets the requirements of the described method.
    The user 5 is the individual who wishes to trigger the lock mechanism 2. Typically, the user 5 is a human, but with limitations, an animal, robot, vehicle, etc. may be such a user 5. The mobile terminal 1 is able to execute a software program which fulfills the requirements of the method according to the invention. The mobile terminal 1 can be, for example, a mobile phone, in particular a smartphone, a computer, e.g. may be a Ta-blet PC, but may also be formed by other means, such as a vehicle with which the lock mechanism 2 is to be controlled. The mobile terminal 1 is able to establish a connection to a network 6, in particular the Internet, and to communicate with devices which are connected to the network 6. Thus, an identity provider " 7 is provided in the network 6. This identity provider 7 is an instance that both the user 5 and an authorization entity 8 trust and that is able to authenticate the user 5. The identity provider 7 may be arranged in a different network 6, such as the authority entity 8. An identity provider 7 or more may be provided according to the method described. Examples of existing identity providers 7 are:
    • Google ID
    • Windows Live ID • Google Identity Toolkit • Lightweight Directory Access Protocol (LDAP) • Windows Active Directory
    Open ID • OAuth
    With the network 6 (can be from the network 6, in which the 8
    Identity provider 7 is arranged) is further connected to an authorization authority 8, which may be formed for example by a server computer. The authorization authority 8 manages access authorizations for the locking mechanism 2 and issues certificates that allow access to or access to a thing. The authorization entity 8 is managed by an administrator, which administrator can be a person or an entity that assigns access authorizations and configures them via a suitable tool to the authorization entity 8. Finally, in the network 6, a software provider may be provided (not shown). From this software provider, the mobile terminal 1 can obtain the necessary software for the described method to install them locally.
    The software vendor must be trusted by both the user 5 and the authorization instance 8.
    FIG. 2 shows a schematic flow diagram of an offline method according to the invention for controlling a closing mechanism 2 with a mobile terminal 1. In implementing the described control method, there are a number of order and concrete implementation variations that are irrelevant to the very essence of coupling a physical locking mechanism 2 to a virtual identity with delegated authentication. The method may include the following aspects: A user 5 uses a mobile terminal 1 to authenticate to an identity provider 7 trusted by the authorization entity 8 (steps al-a4). The steps al-a4 run only if no valid key 10 is present on the mobile terminal 1 or its validity period has expired. This procedure is triggered by initial contact of the mobile terminal 1 with the locking mechanism 2 via the local data link 3 (e.g., via an NFC connection, Bluetooth connection, WLAN, etc.). This process is not possible if no connection to a network 6, in particular the Internet, can be established. Alternatively, the authentication process can also be triggered explicitly by the user 5. The mobile terminal 1 communicates with the locking mechanism 2 via this local data link 3 to exchange the identity (steps a5, a6, al5). The user 5 can use the authentication performed on the identity provider 7 to also authenticate himself to the authorization entity 8 (steps a7-a8). In the case of an online connection between the mobile terminal 1 and the authorization entity 8, this can be done by sending an authentication token from the identity provider 7 to the mobile terminal 1, from the latter to the authorization entity 8. This can confirm the authenticity of the locking mechanism 2. Should there be an online connection between the locking mechanism 2 and the authorization entity 8, the authorization token from the mobile terminal 1 can also be sent to the locking mechanism 2 and from there to the authorization authority 8. The authorization authority 8 is able to check the authenticity of a user 5 on the basis of the forwarded authentication feature and, based thereon, make a decision on the access authorization of the user 5 (steps a8-al0). If access is to be granted, the authorization authority 8 notifies the locking mechanism 2 of this in a suitable way. In the case of an online connection between these, the message can be sent directly, alternatively the mobile terminal 1 can also be used as the intermediary (step a). The steps a7 to all only expire if the mobile terminal 1 does not yet have a valid key 10 or valid access certificate. If no connection to the authorization entity 8 can be set up with the mobile terminal 1 at this time (for example, no Internet connection is possible), this could also be triggered explicitly by the user 5 at an earlier point in time. According to step al2, the closing mechanism 2 is triggered by the mobile terminal 1. The access permit can be extended to other conditions, such as an expiration date, time window, etc. be bound. It can be cached by the mobile terminal 1 or by the locking mechanism 2 in order to reduce the number of necessary interactions between the individual components in future accesses. The locking mechanism 2 checks the key 10 or the access certificate and the information obtained and permits or denies access thereto (step al3). According to step al4, the success of the opening process is reported to the mobile terminal 1 and forwarded by the latter via the user interface 4 to the user 5.
    An application example of the subject control method is the control of a lock mechanism of a remote mountain lodge, which is rented by a landlord to a customer or user 5. The landlord and the customer are spatially separated, a personal meeting is difficult or would be expensive. The door has a mobile terminal 1 in " Form a smartphone with NFC functionality and has an e-mail address that also represents its identity. For example, the user 5 of the mobile terminal 1 may have an e-mail address at Google (Gmail) which also represents his googi e-ID. The landlord grants the customer or his Google-ID via the described authentication method access to the cottage, limited to the agreed rental period. Advantageously, a personal meeting of the landlord with the customer is not necessary. After expiry of the rental period, the access authorization expires reliably. A data connection is only necessary to replace the key, but not at the hut on site.
    3 shows a schematic block diagram of a further embodiment of a device according to the invention for controlling a locking mechanism 2 with a mobile terminal 1, wherein a connection between the locking mechanism 2 and the car-insurance entity 8 exists and is used (online method). A direct connection between the mobile terminal 1 and the 11th
    Authorization instance 8 does not exist. This data connection is used to forward authentication information from the mobile terminal 1 to the authorization entity 8, as well as to provide and respond to authorization requests. Furthermore, in this variation, a direct data connection between authorization authority 8 and identity provider 7 is used to verify the authentication information and to exchange user data.
    4 shows a schematic flow diagram of a method for controlling a locking mechanism 2 with a mobile terminal 1 in the embodiment according to FIG. 3 (online method). The steps bl to b4 correspond to the steps described in Fig. 2 al to a4, which only expire when the mobile terminal 1 is still no valid key 10 is present or its validity has expired. The steps b5 (Kontaktherstellun between user 5, mobile terminal 1 and locking mechanism 2) and b6 (notification of the identity of the locking mechanism 2 to the mobile terminal 1) correspond to the steps a5 and a6 of the sequence of FIG. 2. According to step b7 of Locking mechanism 2 triggered by the mobile terminal 1. Thereafter, an authorization request is made by the locking mechanism 2 to the authorization authority 8 (step b8) and the proof of identity is checked in accordance with step b9. In step bl0, the at least one identity provider 7 confirms the identity to the authorization entity 8, which checks the access authorization (step bll). In step bl2 the authorization of the locking mechanism 2 is carried out by the authorization authority 8. The verification of the identity verification by the authorization authority 8 (steps b9 to bll) can also be omitted if the validity can be checked in another way, e.g. based on a previous review or a digital signature. The closing mechanism 2 checks the authorization and triggers the locking mechanism 2 (step bl3), Then the success can still be reported to the mobile terminal (step bl4) and corresponding information is transmitted via the user interface 4 to the user 5 and the contact between mobile terminal 1 and the closing mechanism 12 2 are stopped (step bl5).
    Finally, FIG. 5 shows a schematic flow diagram of a further embodiment of an offline method according to the invention for controlling a locking mechanism 2 with a mobile terminal 1. In step cl, the user 5 brings the mobile terminal 1 close to the locking mechanism 2 so that a local data connection 3 is established can be. The explicit activation of the locking mechanism 2 can also be triggered by means of a physical interaction of the mobile terminal 1 (for example, pressing a control element, rotating or moving the mobile terminal 1, etc.). The locking mechanism 2 then tells the mobile terminal 1 its identity (step c2). Depending on the type of local data connection 3, this can be done via different mechanisms. In the case of an NFC connection, for example, the transmission may proceed as follows: The mobile terminal 1 sets up an electric field. The closing mechanism 2 detects the electric field and outputs itself as NDEF tag (emulation mode). The returned data contain an indication of the identity of the locking mechanism 2 and an indication for the mobile terminal 1, from which at most the necessary software can be obtained. The locking mechanism 2 also generates a so-called challenge, stores them locally and returns them to the mobile terminal 1. This challenge is a data packet created to create a new challenge each time a contact is made. It must be ensured that the content of a created challenge as few as possible corresponds to the content of a previously created challenge. A meaningful implementation of the generation of this challenge would be e.g. the generation of a pseudo-random byte sequence with a length of 16 bytes. After creating a new challenge, the last generated challenge is discarded, so there is always only one current such challenge on the closure mechanism 2. This is used to subsequently authenticate the mobile terminal against the locking mechanism. As an additional protective measure, the identity of the locking mechanism 2 can be returned in encrypted form. For this is the 13
    Data block that contains the identity supplemented by randomly generated data. The resulting data block is encrypted so that it can only be decrypted by authorized entities (in particular the authorization server). Both symmetric and asymmetric encryption methods are suitable for this purpose. By choosing a suitable encryption method, supplementing the identity with random data ensures that the returned encrypted data block is different each time. For observers who do not have the decryption key, the data block is random and can not be used for the recurrent identification of the locking mechanism.
    The mobile terminal 1 analyzes the received data block. Based on the reference to the software to be used, it is started on the mobile terminal 1 (in the case of communication with an Android terminal via NFC, this can be done, for example, via an Android Application Record). If the corresponding software on the mobile terminal 1 is not present, this should be prompted to display an indication of the software installation or initiate the installation itself and the process is continued at step c3, otherwise omitted the steps c3 to c8.
    According to step c3, the mobile terminal 1 gives information corresponding to the user 5 via the user interface 4 and terminates the local data connection 3 to the locking mechanism. If the software on the mobile terminal 1 in contact with the locking mechanism 2 is not yet installed and the locking mechanism 2 returns an indication of how to proceed in the case of lack of the required software from the mobile terminal 1, the mobile terminal 1 can this hint follow and make it much easier for the user to install the software. The type of hint may be different for different types of mobile terminals 1. For this reason, different indications can be supplied for the different types of closing mechanisms 2. Thus, e.g. in the case of an NFC connection, a URL can be provided from which the software can be obtained, which provides further information as soon as it is opened in a web browser. For mobile devices 1 with the Android operating system in version > = 4.0, an Android application record can be delivered, which causes the operating system to start the respective app or alternatively, should it not yet be installed, to launch an app that enables the software installation , The software installation itself may require interaction of the mobile terminal 1 with the user 5, e.g. when installing software on devices running the Android operating system through the Google Play app. Before or during the software installation, the connection between the mobile terminal 1 and the locking mechanism 2 is typically disconnected. In the case of an NFC connection, the connection can only be maintained over a distance of a few centimeters and often only for a limited period of time. Since the software installation most often requires user interaction, the user 5 will typically remove the mobile terminal 1 from the locking mechanism 2 to perform the interaction. As a result, the connection to the lock mechanism 2 is disconnected. In addition, the software installation usually takes too long to maintain the connection. Should the connection break off, the procedure begins after successful software installation and renewed contact between locking mechanism 2 and mobile terminal 1 from the front. However, should the connection to the locking mechanism 2 be made via a local data connection 3, which allows a longer-term and locally more spacious connection, a connection termination is not absolutely necessary. The general procedure is independent of this detail.
    After the software installation, the user 5 brings the mobile terminal 1 again in the vicinity of the locking mechanism 2 so that a local data connection 3 can be established (step c7). As already mentioned above, the explicit activation of the locking mechanism 2 can also be associated with a physical interaction (pressing a control element, rotating or moving the mobile terminal 1). 15
    In step c8, the locking mechanism 2 again sends identification data to the mobile terminal 1 (see step c2). This time, the previously installed software on the mobile terminal 1 is started automatically.
    The steps c3 to c8 run only if the software was not yet installed on the mobile terminal 1.
    The software on the mobile terminal 1 now checks whether there is a valid authentication key for the authentication to the authorization authority. If this is not the case, the user 5 is informed by a login dialog is displayed (steps c9 and clO), otherwise steps c9 to cl9 are skipped.
    As during the software installation, the connection between the locking mechanism 2 and the mobile terminal 1 "is usually disconnected during the authentication process." '
    In step e1, in the authentication process, the user 5 selects one of the identity providers 7 to which the authorization entity 8 trusts. The authentication sequence may e.g. via a web browser. Examples of such authentication methods are OpenID and Google Identity Toolkit. In such a case, the selection of the identity providers 7 may be made via a web page provided by the authorization entity 8, but may also be made via data stored locally on the mobile terminal 1. As a result of a successful authentication, the identity provider 7 transmits to the mobile terminal 1 a data block capable of uniquely identifying the authenticated user, either by resending the data block to the identity provider 7 and returning the user information, or by retrieving the data block from the identity provider 7 was digitally signed so that it can be trusted that it comes from the identity provider 7 and was not tampered with (step cl2). 16
    In accordance with method step cl3, the identification certificate previously obtained from the identity provider 7 is transmitted from the mobile terminal 1 to the authorization instance 8 either automatically via the web browser or explicitly via the application software on the mobile terminal 1. If the authentication sequence proceeds via a web browser, the forwarding of the identity proof can take place to the authorization entity 8 via an HTTP redirect. Alternatively, the software on the mobile terminal 1, the proof of identity can be read explicitly and transmitted to the authorization authority 8 via a suitable method. In any case, it is essential that the transmission of the credentials be such that confidentiality is maintained (e.g., by SSL encryption in the case of an HTTPS connection).
    In steps cl4 to cl7, the authorization authority 8 checks the validity of the proof of identity. This is done either in such a way that the proof of identity is transmitted to the identity provider 7 and the confirmation of the authenticity and possibly additional user data is awaited or in such a way that the digital signature of the proof of identity is checked. In any case, a unique user identification for the respective identity provider 7 must be transmitted to the authorization entity 8. In the first case, this can be done as part of the verification result by the identity provider 7 or in the second case as part of the signed identity proof itself. If the validity of the proof of identity can not be determined, the further procedure is aborted. In particular, the user 5 or the requesting remote station, granted no access rights. The user identification contains a human-readable, trustworthy part, by means of which a person granting access authorizations (the administrator) can clearly recognize the respective user 5. This part can e.g. be the e-mail address of the user 5, which has been checked by the identity provider 7. For the purpose of manual identification, only those characteristics may be used which are different from the identi-
    17 providers 7 are trusted, so that no mistaken confusion of users 5 can happen. The first and last name of a user 5 can not be trusted in many cases (e.g., public identity providers 7 such as Google) because they are not checked by the identity provider 7. In other cases, e.g. if the identity server 7 used is the LDAP server of a company whose data can only be maintained by trustworthy personnel, this data is very well trustworthy. The user identification also includes a machine readable, immutable part that can be used for the recurrent identification of a user 5. The immutable part may be identical to the user-readable part, but need not be. Thus, for example, The user's address 5, and thus his machine-readable, unchangeable ID, remains the same. After successful and credible proof of identity verification, the
    Authorization instance 8, whether in the user database already exists an entry that corresponds to the newly authenticated user 5. This can be done in detail as follows:
    It is checked if there is an existing entry with the immutable user identification verified by the same identity provider. If this is the case, it is assumed that the entry corresponds to the newly authenticated user 5 and in the case of a change of data of the user 5, these are updated. If no such entry is found, the user database is searched for an entry that has been checked by the respective identity provider 7 and whose user identification has a human-readable part that corresponds to that of the newly authenticated user 5. If so, it is assumed that this is an entry that corresponds to the newly authenticated user 5. This case could occur if a user 5 was created by an administrator in the database before he has authenticated via an identity provider 7. This can be useful if a user is granted 5 access authorizations before the latter has the described procedure
    18
    c uses for the first time. In this case, the administrator 9 would only know the human-readable part of the user identification (e.g., his e-mail address), but not the machine-readable, immutable part. In this case, the data record found must therefore not have a permanent, machine-readable part. If he does, this is a mistake and should be treated accordingly. If no existing record for the newly authenticated user 5 is found, it will be recreated. The described mechanism for the creation or recognition of an authenticated user 5 is an implementation example, which can also be implemented differently and, if necessary, more securely in concrete implementations. For the newly authenticated user 5, a secret, secure authentication key is generated, via which the mobile terminal 1 can authenticate itself in future requests without having to process the described authentication process via the identity provider 7 again. This authentication key can be the data block transmitted by the identity provider 7 if it can be validated multiple times. It can also be a secret key which is generated once for a user 5 and then output to each mobile terminal 1 to which the respective user 5 logs on. As a rule, however, every time the user 5 is re-authenticated, a new authentication key is generated. The authentication key may e.g. a pseudo-random sequence of 128 bytes may be generated. The authentication key is given an expiration date. After this expiration date, the key can no longer be used to access the authorization authority and a new authentication process must be performed. Of the
    Authentication key is stored together with the validity date and a unique identification of the user 5 in the database of the authorization authority. Alternatively, these data can also be combined into a data packet and digitally signed by the authorization entity 8. In the first case, the generated authentication key itself and the associated expiration date, in the second case the signed data packet is transmitted to the mobile terminal 1. The transmission
    19 must in any case be confidential. The mobile terminal 1 locally stores the obtained authentication data so that it can be used for subsequent requests.
    The storage must be done so that no unauthorized access to it is possible.
    After authentication, the user 5 brings the mobile terminal 1 again in the vicinity of the locking mechanism 2 so that a local data connection 3 can be established (step cl8). In turn, the explicit activation of the closing mechanism 2 may be involved by means of physical interaction of the mobile terminal. In step cl9, the identity of the locking mechanism 2 is sent to the mobile terminal (see steps c2 and c8).
    The authorization with respect to the locking mechanism 2 takes place via an access certificate, which is issued separately by the authorizing authority for the respective locking mechanism 2 (very "t" cT9 '). "The" inöblTe "terminal" I checks' if it already has such an access certificate. If this is the case, steps c20 to c22 are skipped. Otherwise, the software at the mobile terminal 1 requests this from the authorization entity 8 (step c20). For this purpose, a request with the identity information of the locking mechanism 2 is sent to the authorization entity 8. The mobile terminal 1 must later authenticate with its own key when communicating with the locking mechanism 2. In order for the locking mechanism 2 to trust this key, it must also be signed by the authorization authority 8. Both symmetric and asymmetric methods are suitable for this purpose, asymmetrical methods generally being considered to be safer. For symmetric procedures, additional measures can be taken to ensure confidentiality. This document is based on the use of an asymmetric cryptographic method. In this case, a key pair of private and public keys is generated by the software on the mobile terminal 1 (hereinafter referred to as private 20 and public signature key of the mobile terminal 1). The public key is sent to the authorization instance 8 with the key issue request. To authenticate the request to the authorization authority 8, the previously obtained authentication key is also sent. This can be sent in various ways. In any case, as with most data connections in the described procedure, it is important to maintain confidentiality. As an alternative to sending the authentication key, it can also be used to digitally sign the request.
    The authentication key transmitted by the mobile terminal 1 is searched by the authorization entity 8 in its database in step c22, if such is found, the validity period is checked. If the authentication key is not found or has expired (or not yet valid), the issue of an access key will be denied and the rest of the procedure will be aborted.
    Otherwise, it is checked in the database of the authorization authority 8 whether the user 5 for whom the received authentication key was issued should be granted access to the requested locking mechanism 2. If this is not the case, the procedure is aborted. Otherwise, a data package is created which describes the framework conditions of the granted access. These contain at least the identity of the one or more locking mechanisms 2, a time indication until when the key is valid and the public signature key of the mobile terminal 1.
    Optionally, other details may also be included, such as daily time slots in which access is granted, etc. The data packet is processed by a cryptographic method so that the locking mechanism 2 can be reliably determined to have been issued by the authorization instance 8 or another trustworthy entity. For this purpose, both symmetric and asymmetric methods are suitable. The signed and encrypted data packet (referred to as the access certificate in the next item) is sent back to the mobile terminal 1.
    To trigger the locking mechanism 2, the software creates a data packet on the mobile terminal 1 with the following content (step c23): - Access certificate as previously received from the authorization entity 8 - Challenge as last received from the locking mechanism 2.
    The software on the mobile terminal 1 signs this data packet with the private signature key of the mobile terminal 1. The signed data packet is transmitted to the locking mechanism 2. In the case of data transmission by means of NEC, the data packet can e.g. transmitted as NDEF APDU.
    According to step c24, the closing mechanism 2 checks whether the challenge contained in the received data packet corresponds to the last output from the closing mechanism 2. If this is not the case, the process is aborted. Otherwise, the '' access certificate will be read out. If this is encrypted, this would now be decrypted with its own private key (or in the case of a symmetric encryption with the symmetric key). If this decryption failed, the process would be aborted. It is checked whether the signature of the access certificate was created with the private key of the authorization instance. For this purpose, the lock mechanism 2 uses the public key of the authorization authority 8 present on the lock mechanism 2. If the validity of the signature can not be determined, the process is aborted. The public signature key of the mobile terminal 1 is now read from the unencrypted access certificate. With its help, it is checked whether the signature of the received from the mobile terminal 1 data packet was created with the private signature key of the mobile terminal 1. If this is not the case, the process is aborted. It is checked whether the ID of the lock mechanism 2 is included in the list of accessible locking mechanisms 2 in the access certificate. If this is not the case, the procedure is aborted. Otherwise, the framework conditions are read (expiration date of the certificate or the granted periods), under which the triggering of the access mechanism is permitted. If these conditions are met, the closing mechanism 2 is triggered, otherwise the process is aborted.
    After successful or failed operation of Schließmecha mechanism 2, the locking mechanism 2 reports the success or failure to the mobile terminal 1 so that it can inform the user 5 accordingly (step c25).
    权利要求:
    Claims (17)
    [1]
    A method for controlling a locking mechanism (2) with a mobile terminal (1), wherein for controlling the locking mechanism (2) from the mobile terminal (1) a local data connection (3) to the closing mechanism (2) is established in that for issuing a key (10) for opening the locking mechanism (2) with the mobile terminal (1) a connection is established via a network (6), in particular the Internet, to an identity provider (7), and by the identity provider ( 7) an authentication information is obtained with which authentication information is issued at an authorization entity (8) in a network (6) a key (10), with which key (10) the locking mechanism (2) is opened.
    [2]
    2. Control method according to claim 1, characterized in that for obtaining the key (10) for opening the locking mechanism (2) with the mobile terminal device (1) a connection to an existing identity provider (7) is produced.
    [3]
    3. Control method according to claim 1 or 2, characterized in that the closing mechanism (2) with a smartphone, a computer or the like. Is controlled.
    [4]
    4. Control method according to one of claims 1 to 3, characterized in that for controlling the closing mechanism (2) from the mobile terminal (1), a near-field communication (NFC) connection, a high-frequency connection, a Bluetooth connection and / or a WLAN connection is established as a local data connection (3) to the locking mechanism (2).
    [5]
    5. Control method according to one of claims 1 to 4, characterized in that the key (10) for opening the locking mechanism (2) from the authorization authority (8) to the mobile terminal (1) is transmitted.
    [6]
    6. Control method according to one of claims 1 to 5, characterized -i! 24 characterized in that a connection between the locking mechanism (2) and the authorization authority (8) is established via a network (6), and the key (10) for opening the locking mechanism (2) from the authorization authority (8) to the locking mechanism (8). 2) is transmitted.
    [7]
    7. Control method according to one of claims 1 to 6, characterized in that before the opening of the closing mechanism (2) additional predetermined conditions, in particular temporal specifications, are queried.
    [8]
    8. Control method according to one of claims 1 to 7, characterized in that the structure of the local data connection (3} between the mobile terminal (1) and the locking mechanism (2) by a physical interaction with the mobile terminal (1), for example Actuation of an operating element on the mobile terminal (1) or the execution of a movement with the mobile terminal (1) in the vicinity of the closing mechanism (2), is dissolved.
    [9]
    9. Control method according to one of claims 1 to 8, characterized in that the closing mechanism (2) a data packet with a unique identification to the mobile terminal (1) is sent.
    [10]
    10. A device for controlling a locking mechanism (2) with a mobile terminal (1), which a user interface (4), means for establishing a local data connection (3) and means for establishing a connection to at least one network (6), in particular Internet, wherein the locking mechanism (2) is connectable to the local data connection (3), characterized in that an identity provider (7) connectable to a network (6) and an authorization entity (8) connectable to a network (6) are provided is, and that the mobile terminal (1) is designed for registration with the identity provider (7), and the authorization authority (8) for issuing a key (10) after receiving an authentication information from the identity provider (7) formed

    25 ή is, with which key (10) of the locking mechanism (2) can be opened.
    [11]
    11. Control device according to claim 10, characterized in that the mobile terminal (1) is formed by a smartphone, a computer or the like.
    [12]
    12. Control device according to claim 10 or 11, characterized in that the means for producing the local data connection (3) by a near field communication (NFC) transmitter, an RFID transponder, a Bluetooth transmitter and / or by a WLAN Router is formed.
    [13]
    13. Control device according to one of claims 10 to 12, characterized in that the mobile terminal (1) for receiving the key (10) is formed by the authorization authority (8).
    [14]
    14. Control device according to one of claims 10 to 13, characterized in that the locking mechanism (2) has means for connection to the authorization authority (8) via a network (6), so that the key (10) for opening the locking mechanism (2). from the authorization authority (8) to the locking mechanism (2) can be transmitted.
    [15]
    15. Control device according to one of claims 10 to 14, characterized in that the transmission of the key (10) for opening the locking mechanism (2) of additional conditions, in particular timing requirements, is dependent.
    [16]
    16. Control device according to one of claims 10 to 15, characterized in that the user interface (4) of the mobile terminal (1) is formed by a touch screen.
    [17]
    17. Control device according to one of claims 10 to 16, characterized in that the user interface (4) of the mobile terminal (1) is formed by a voice control.

    类似技术:
    公开号 | 公开日 | 专利标题
    AT513016B1|2014-09-15|Method and device for controlling a locking mechanism with a mobile terminal
    EP3574625B1|2021-09-01|Method for carrying out an authentication
    EP2533172B1|2019-05-01|Secure access to data in a device
    EP3125492B1|2018-01-24|Method and system for generating a secure communication channel for terminals
    DE60214632T2|2007-04-26|Multidomain authorization and authentication
    DE60319985T2|2009-08-13|METHOD FOR SELF-REGISTRATION AND AUTOMATIC OUTPUT OF DIGITAL CERTIFICATES AND CORRESPONDING NETWORK
    EP2749003B1|2018-06-27|Method for authenticating a telecommunication terminal comprising an identity module on a server device in a telecommunication network, use of an identity module, identity module and computer program
    DE60119857T2|2006-12-28|Method and device for executing secure transactions
    DE112008001436T5|2010-04-22|Secure communication
    EP3127293B1|2020-08-19|Distributed authentication system and method
    EP2561461A1|2013-02-27|Method for reading an attribute from an id token
    EP1777907A1|2007-04-25|Method and devices for carrying out cryptographic operations in a client-server network
    EP2620892B1|2019-07-10|Method for generating a pseudonym with the help of an ID token
    EP3540623B1|2020-11-18|Method for generating a pseudonym with the help of an id token
    EP3244360A1|2017-11-15|Method for registration of equipment, in particular for access control devices or payment or vending machines in a server of a system comprising several such devices
    EP3206357A1|2017-08-16|Using a non-local cryptography method after authentication
    WO2012056049A1|2012-05-03|Reader as an electronic identification
    EP2933769B1|2019-10-02|Transaction method
    DE102017121648B3|2019-01-03|METHOD FOR REGISTERING A USER AT A TERMINAL DEVICE
    EP3882796A1|2021-09-22|User authentication using two independent security elements
    DE102013001733A1|2014-07-31|Method for accessing a service of a server via an application of a terminal
    DE102017006200A1|2019-01-03|Method, hardware and system for dynamic data transmission to a blockchain computer network for storing personal data around this part again block by block as the basis for end to end encryption used to dynamically update the data collection process via the data transmission module in real time from sensor units. The block modules on the blockchain database system are infinitely expandable.
    EP2591583B1|2017-06-14|Method for secure communication and encryption for internet communication
    同族专利:
    公开号 | 公开日
    EP2856437A1|2015-04-08|
    AT513016B1|2014-09-15|
    WO2013181682A1|2013-12-12|
    KR102107391B1|2020-05-08|
    US10136313B2|2018-11-20|
    CN104508713A|2015-04-08|
    KR20150029679A|2015-03-18|
    US20150119019A1|2015-04-30|
    ES2876000T3|2021-11-11|
    EP2856437B1|2021-03-24|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    EP1336937A1|2002-02-13|2003-08-20|Swisscom AG|Access control system, access control method and devices suitable therefore|
    WO2007126375A1|2006-04-28|2007-11-08|Sics, Swedish Institute Of Computer Science Ab|Access control system and method for operating said system|DE102014200952A1|2014-01-21|2015-07-23|Robert Bosch Gmbh|Method for operating an authentication system, authentication system|US6263432B1|1997-10-06|2001-07-17|Ncr Corporation|Electronic ticketing, authentication and/or authorization security system for internet applications|
    US6678731B1|1999-07-08|2004-01-13|Microsoft Corporation|Controlling access to a network server using an authentication ticket|
    EP1264490B1|2000-02-21|2007-07-11|E-Plus Mobilfunk GmbH & Co. KG|Method for establishing the authenticity of the identity of a service user and device for carrying out the method|
    WO2002093502A1|2001-05-17|2002-11-21|Nokia Corporation|Remotely granting access to a smart environment|
    US7114178B2|2001-05-22|2006-09-26|Ericsson Inc.|Security system|
    JP2003208489A|2002-01-15|2003-07-25|Sony Corp|Certification system, certification device, certification method, certification program, certification program storage medium, portable terminal device, certification information acquiring method, certification information acquiring program, certification information acquiring program storage medium, commodity sales device, commodity sales method, commodity sales program, and commodity sales program storage medium|
    US7221935B2|2002-02-28|2007-05-22|Telefonaktiebolaget Lm Ericsson |System, method and apparatus for federated single sign-on services|
    JP2004102682A|2002-09-10|2004-04-02|Nec Corp|Terminal lock system and terminal lock method|
    DE502004011533D1|2004-01-06|2010-09-23|Kaba Ag|ACCESS CONTROL SYSTEM AND METHOD OF OPERATION THEREOF|
    US20060170533A1|2005-02-03|2006-08-03|France Telecom|Method and system for controlling networked wireless locks|
    US7706778B2|2005-04-05|2010-04-27|Assa Abloy Ab|System and method for remotely assigning and revoking access credentials using a near field communication equipped mobile phone|
    US7697920B1|2006-05-05|2010-04-13|Boojum Mobile|System and method for providing authentication and authorization utilizing a personal wireless communication device|
    EP2085934B1|2008-01-31|2013-07-17|Bekey A/S|Method and system of registering a mobile unit used as an electronic access key|
    US8797138B2|2009-01-13|2014-08-05|Utc Fire & Security Americas Corporation, Inc.|One-time access for electronic locking devices|
    WO2011159921A1|2010-06-16|2011-12-22|Delphian Systems, LLC|Wireless device enabled locking system|
    US20140292481A1|2011-03-17|2014-10-02|Unikey Technologies, Inc.|Wireless access control system and related methods|
    US20120280789A1|2011-05-02|2012-11-08|Apigy Inc.|Systems and methods for controlling a locking mechanism using a portable electronic device|
    US8749375B2|2012-03-26|2014-06-10|Sony Corporation|Hands-free home automation application|JP5527492B1|2013-08-19|2014-06-18|ソニー株式会社|Imaging apparatus, control method, and program|
    CN103810778A|2013-12-17|2014-05-21|深圳市沃特沃德科技有限公司|NFCdoor lock system and unlocking method thereof|
    CN104735647A|2013-12-20|2015-06-24|中兴通讯股份有限公司|Network locking method and system of wireless terminal|
    CH709804B1|2014-06-23|2018-12-28|Legic Identsystems Ag|Electronic access control device and access control method.|
    PL2977964T3|2014-07-25|2019-03-29|Skidata Ag|Method for controlling a device via a mobile terminal requiring user rights|
    US9824193B2|2014-07-29|2017-11-21|Aruba Networks, Inc.|Method for using mobile devices with validated user network identity as physical identity proof|
    DE102014111503B4|2014-08-12|2016-04-28|Gls It Services Gmbh|Intelligent delivery system|
    US9924294B2|2015-02-27|2018-03-20|Sony Corporation|Method, apparatus and system for communication|
    CN104794640B|2015-05-04|2022-03-08|永安行科技股份有限公司|Vehicle management method based on cloud server side and cloud server thereof|
    NL1041353B1|2015-06-10|2017-01-26|Klein Langenhorst Ruurd|Method and system for access control using mobile telecommunication devices.|
    CN105141795B|2015-06-26|2018-09-28|上海斐讯数据通信技术有限公司|A kind of unlocking method and system waiting for tripper|
    CN109285247B|2015-07-06|2021-03-09|福建省新泽尔资讯科技有限公司|Bluetooth unlocking method capable of simultaneously activating one-card function|
    CN105015489B|2015-07-14|2018-04-13|杭州万好万家新能源科技有限公司|A kind of Vehicular intelligent control system based on digital key|
    DE102015225729A1|2015-12-17|2017-06-22|Robert Bosch Gmbh|Method for identifying an autonomous motor vehicle|
    DE102016104670A1|2016-03-14|2017-09-14|Huf Hülsbeck & Fürst Gmbh & Co. Kg|Method for controlling access to a vehicle|
    JP6627661B2|2016-06-28|2020-01-08|トヨタ自動車株式会社|Locking / unlocking system, mobile terminal, program, locking / unlocking method|
    CN111464556A|2016-10-25|2020-07-28|雷飏|Portable user terminal|
    US11030837B2|2016-12-06|2021-06-08|Assa Abloy Ab|Providing access to a lock by service consumer device|
    JP2019114171A|2017-12-26|2019-07-11|富士電機株式会社|Vending machine and vending machine system|
    EP3886059A1|2018-04-11|2021-09-29|Assa Abloy Ab|Method for providing access to a physical space|
    KR20200011328A|2018-07-24|2020-02-03|삼성전자주식회사|A secure element for processing and authenticating a digital key and operation metho thereof|
    CN110969727A|2018-09-30|2020-04-07|奇酷互联网络科技(深圳)有限公司|Method for controlling intelligent door lock, mobile terminal and computer readable storage medium|
    CN109830007A|2019-01-16|2019-05-31|常州太平通讯科技有限公司|Outdoor equipment monitoring system and door opening method based on NB-IOT|
    CN110599647A|2019-09-05|2019-12-20|广东纬德信息科技有限公司|Intelligent lock authentication method and system|
    CN110942537B|2019-11-26|2021-10-15|珠海格力电器股份有限公司|Intelligent door lock unlocking system, method, device and medium|
    CN111275854A|2020-01-09|2020-06-12|武汉天喻聚联网络有限公司|NFC intelligent lock system based on double-interface security chip and unlocking method|
    DE102020100543A1|2020-01-13|2021-07-15|Deutsche Post Ag|Method and device for authenticating a user of a compartment system|
    US11232664B2|2020-05-25|2022-01-25|Axis Ab|Door access control|
    法律状态:
    2015-04-15| PC| Change of the owner|Owner name: TAPKEY GMBH, AT Effective date: 20150313 |
    优先权:
    申请号 | 申请日 | 专利标题
    ATA50222/2012A|AT513016B1|2012-06-05|2012-06-05|Method and device for controlling a locking mechanism with a mobile terminal|ATA50222/2012A| AT513016B1|2012-06-05|2012-06-05|Method and device for controlling a locking mechanism with a mobile terminal|
    EP13731258.3A| EP2856437B1|2012-06-05|2013-05-29|Method and device for control of a lock mechanism using a mobile terminal|
    KR1020157000161A| KR102107391B1|2012-06-05|2013-05-29|Method and device for control of a lock mechanism using a mobile terminal|
    ES13731258T| ES2876000T3|2012-06-05|2013-05-29|Method and device for controlling a closing mechanism with a mobile terminal|
    US14/406,061| US10136313B2|2012-06-05|2013-05-29|Method and device for control of a lock mechanism using a mobile terminal|
    PCT/AT2013/050113| WO2013181682A1|2012-06-05|2013-05-29|Method and device for control of a lock mechanism using a mobile terminal|
    CN201380040237.6A| CN104508713A|2012-06-05|2013-05-29|Method and device for control of a lock mechanism using a mobile terminal|
    [返回顶部]