EP1044433A1 - Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires - Google Patents
Procede et systeme de controle d'acces a une ressource limite a certaines plages horairesInfo
- Publication number
- EP1044433A1 EP1044433A1 EP99900508A EP99900508A EP1044433A1 EP 1044433 A1 EP1044433 A1 EP 1044433A1 EP 99900508 A EP99900508 A EP 99900508A EP 99900508 A EP99900508 A EP 99900508A EP 1044433 A1 EP1044433 A1 EP 1044433A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- lock
- key
- electronic
- value
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000012795 verification Methods 0.000 claims description 20
- 230000005540 biological transmission Effects 0.000 claims description 8
- 230000005674 electromagnetic induction Effects 0.000 claims description 3
- 238000004422 calculation algorithm Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 10
- 238000004804 winding Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 3
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 2
- 230000000295 complement effect Effects 0.000 description 2
- 229910052802 copper Inorganic materials 0.000 description 2
- 239000010949 copper Substances 0.000 description 2
- 238000013478 data encryption standard Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000003302 ferromagnetic material Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/215—Individual registration on entry or exit involving the use of a pass the system having a variable access-code, e.g. varied as a function of time
Definitions
- the present invention relates to a method and a system for controlling access to a resource limited to certain time slots.
- the invention applies more particularly to the control of access to resources which are not autonomous in energy and / or which have only a limited potential for checking a valid time range, in particular resources which do not have real time clock.
- the validity range can be either the actual period during which it is possible to access the resource, or any other parameter making it possible to limit in time an attack by fraudulent use of the accessing resource.
- the main advantage of a logical means of access to a resource compared to a physical means of access generally lies in the possibility of allowing access to the resource only within a relatively short time slot. predetermined.
- document FR-A-2 722 596 describes an access control system limited to authorized and renewable time slots by means of a portable storage medium.
- This system based on cryptographic mechanisms, makes it possible to limit the period of validity of access rights to a short duration, in order to avoid illegitimate use in the event of loss, theft, transfer or illegal duplication.
- the solution described is based on the highly restrictive assumption that the resource accessed is self-sufficient in energy, in order to maintain a real-time clock enabling it to check the validity of the time slot in which the access attempt takes place by the accessing resource.
- the present invention aims to remedy the aforementioned drawbacks by allowing the accessed resource to check the range of validity without having a real time clock.
- the present invention provides a method of controlling access to at least one electronic key, ⁇ provided with a real time clock delivering a current time value, to at least one electronic lock, inside of a predetermined time slot, remarkable in that:
- step (f) if the verifications carried out in step (e) are satisfied, the access is authorized, and the reference count value is updated, from the current hourly value transmitted;
- step (b) in step (b), we read, in addition to the time slot, or instead of the time slot, an electronic signature of the time slot, previously calculated and stored in the electronic key;
- step (d) in step (d), the electronic key is transmitted to the electronic lock, in addition to the time slot, or instead of the time slot and the current hourly value, the signature and the value current schedule, and in the electronic lock:
- step (e) before step (e), the transmitted signature is verified, using a specific verification key
- step (fl) in step (f) access is authorized, and the reference count value is updated, from the current hourly value transmitted, only if the checks carried out in steps (el ) and (e) are satisfied;
- step (gl) in step (g) access of this key to this lock is prohibited if the current hourly value transmitted is outside the time range, or if it is earlier than the reference count value stored in the lock, or if the verification carried out in step (el) is not satisfied.
- steps (el) and (e) can be reversed.
- the specific verification key used in step (el) can be a public or secret key.
- the aforementioned time slot may include several separate time slots.
- the time slot is an interval comprising two limits each expressed as a date in day, month, year and a schedule in hours, minutes, seconds.
- the present invention also provides an electronic access control system, within a predetermined time range, comprising at least one electronic lock and at least one electronic key, remarkable in that the key comprises a real time clock delivering a current hourly value, and a transmission module to the lock of a predetermined time slot, and in that the lock comprises a storage module accessible in read and write, - a counting module, this counting module being updated from the current hourly value on each successful access attempt, and a module for comparing the current hourly value with the predetermined time slot and with the value stored in the counting module.
- the transmission module to the lock of a predetermined time slot is accompanied by a transmission module to the lock of an electronic signature of the time slot, and the lock comprises in addition a module for verifying the electronic signature transmitted by the key.
- the storage module comprises an electrically reprogrammable non-volatile memory.
- the electronic key communicates with the electronic lock using a contactless transmission module, by electromagnetic induction.
- This contactless transmission module may include a first electromagnetic coil provided in the key and a second electromagnetic coil provided in the lock. These two windings can be concentric.
- FIG. 1 is a flow diagram of the access control method of the present invention, in a particular embodiment
- FIG. 2 is a flowchart of the access control method of the present invention, in another particular embodiment
- FIG. 3 schematically represents the access control system of the present invention, in a particular embodiment
- FIG. 4 schematically represents the access control system of the present invention, in another particular embodiment
- FIG. 5 schematically represents the contactless transmission module allowing the electronic key to communicate with the electronic lock, in one. particular embodiment.
- the electronic key and lock have a calculation unit.
- the electronic key is provided with a real time clock.
- This real-time clock delivers a current hourly value VH, expressed for example in day, month, year, hours, minutes, seconds.
- VH current hourly value
- a first step 1001 of the method consists in initializing the electronic lock by a reference count value VC r ⁇ f .
- This situation can be expressed in various ways, depending on the form and nature of the supports containing the key and the lock.
- the access attempt is made by introducing the tubular part into a complementary tubular cavity of the lock, or into a complementary slot, respectively.
- a protocol for verifying the right of access of this key to this lock is then implemented successively in the key and in the lock.
- the current hourly value VH delivered by the real time clock of the key is stored in the key.
- VH is after VH1 and before VH2, and that VH is after VC ref .
- steps 1005 and 1006 If one of the verifications carried out in steps 1005 and 1006 gives rise to a negative response, the access of this key to this lock is prohibited.
- VC ref is updated by replacing it, for example, with the current hourly value VH.
- right of access is meant the electronic signature of a range of validity.
- An electronic signature can be obtained using various cryptographic mechanisms, such as encryption mechanisms, or authentication. It can for example be obtained using a secret key signature algorithm or a public key signature algorithm.
- an "accessing resource”, or “electronic key” presents a right of access to a "accessed resource”, or “electronic lock”
- a protocol for verifying the right of access is implemented. In this embodiment, this protocol includes, in addition to checking the range of validity, checking the electronic signature of this range of validity.
- the validity range can be either the period proper during which it is possible to access the resource, or the period of validity of a signature key of the accessing resource allowing it to authenticate vis-à-vis the accessed resource, or any other parameter making it possible to limit in time an attack by fraudulent use of the accessing resource.
- a first step 2001 consists, as in step 1001 in the previous embodiment, in initializing the electronic lock with a reference count value VCref-
- RSA Raster Shamir Adleman
- the electronic signature S can also be calculated using a secret key algorithm, of the DES (Data Encryption Standard) type for example.
- DES Data Encryption Standard
- the verification key which is stored in the lock in step 2001 is secret. Therefore, it should be stored in a physically protected memory, so that it cannot be read or modified by an unauthorized entity.
- This electronic signature S (PH) may have been calculated beforehand, for example by an external entity for calculating signatures, independent of the key.
- a validation entity transfers and stores the signature S (PH) in the key before this key is put into service.
- the key can itself establish the signature, if the private key necessary for this operation, as well as the cryptographic signature algorithm, has been stored in the electronic key, and if this key has the necessary computing resources.
- the current hourly value VH delivered by the real time clock of the key is stored in the key.
- the electronic signature S (PH) of the validity range and the current hourly value VH are transmitted to the lock. If, in step 2002, the time range PH was read in addition to the signature S (PH), this time range PH is also transmitted to the lock in step 2004.
- step 2005 consists, for the electronic lock, of applying the public key K P , beforehand stored in the lock, to the verification algorithm.
- the positive verification of the signature makes it possible to ensure the authenticity of the range of validity [VH1, VH2], said range being obtained either by re-establishing the message during the signature verification stage, or by simple reading if it was transmitted in clear with the signature.
- VH is after VH1 and before VH2, and that VH is after VC ref -
- the system comprises an electronic key 1 and an electronic lock 2.
- the electronic key 1 comprises a power supply module 11, of the battery or battery type for example.
- the module 11 supplies an internal real time clock 12 which delivers a current hourly value VH as defined above.
- Key 1 also includes a memory 13, in which the validity range PH is stored.
- the real-time clock 12 and the memory 13 are connected to a module 14 for communication of the key with the lock.
- the module 14 allows the key, during each access attempt, to transmit to a communication module 21 included in the lock 2 the time range PH stored in the memory 13, as well as the current time value VH delivered by the clock 12.
- the module 21 for communication of the lock with the key is connected to a memory 22 accessible for reading and writing.
- the memory 22 includes a counting module 23, in which is stored a reference count value VC ref , initialized before the electronic lock is put into service and updated using the current hourly value VH transmitted by the key 1, on each successful access attempt.
- the memory 22 is for example an electrically reprogrammable memory of the EPROM or EEPROM type.
- the comparison module 25 tests if VH> VH1 and VH ⁇ VH2, and if VH> VC r ef.
- the power supply module 11 of the key 1 optionally supplies the lock 2 with the energy necessary for the verification operations carried out by the comparison module 25, as well as the energy necessary for the module updating operation. 23 counting in case of successful access attempt.
- FIG. 4 another embodiment of the access control system of the invention is described below, comprising an electronic key 41 and an electronic lock 42, which provides increased security with respect to in the embodiment of FIG. 3.
- the memory 13 of the key 41 contains not only the range of validity PH, but also the electronic signature S (PH) of this range of validity.
- the module 14 for communication of the key with the lock allows the key 41, during each access attempt, to transmit to the communication module 21 included in the lock 42, not only the current hourly value VH delivered by the clock 12 and the time range PH stored in the memory 13, but also the electronic signature S (PH) stored in the memory 13.
- the lock 42 comprises, in addition to the module 21 for communication with the key, memory 22 comprising the module 23 counting, and the comparison module 25, described above, a signature verification module 24.
- the module 24 is connected to the module 21 for communication of the lock with the key and to the comparison module 25.
- the module 24 receives the signature S (PH) of the validity range and, in the case where the signature calculation algorithm used is a public key algorithm, verifies the signature S (PH) received by means of the public key K P.
- the power supply module 11 of the key 41 optionally supplies the lock 42 with the necessary energy verification operations performed by the signature verification module 24 and the comparison module 25, as well as the energy required for the operation to update the counting module 23 in the event of a successful access attempt.
- FIG. 5 illustrates a particular hardware embodiment of the modules 14 and 21 for communication between the key and the lock, applicable both to the embodiment of FIG. 3 and to the embodiment of FIG. 4.
- the key 1 (or 41 in the case of the embodiment of FIG. 4) comprises a rod 30 made of ferromagnetic material, furnished with copper windings 31 forming a first coil. This first winding is connected to the module 14 for communication of the key with the lock.
- the key 1 or 41 is housed in a tubular cavity 32 with a diameter slightly greater than the diameter of the rod 30.
- the cavity 32 is also furnished with copper windings 33 forming a second winding, connected to the module 21 for communication of the lock with the key.
- the two windings 31, 33 are then concentric, and the information is transmitted in binary coded form between the key and the lock 2 (or 42 in the case of the embodiment of Figure 4) by electromagnetic induction.
- the present invention finds an application particularly suitable for access, by mail attendants, to mailboxes, which are not energy independent. Access control security can be further strengthened by adding other data to the signature and time slot information transmitted by 99/35617 PO7
- the lock is provided with an additional counting module, associated with this serial number; the start of the next time slot during which a key bearing this serial number can access the lock is stored in the additional counting module.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9800125 | 1998-01-08 | ||
FR9800125A FR2773405B1 (fr) | 1998-01-08 | 1998-01-08 | Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires |
PCT/FR1999/000023 WO1999035617A1 (fr) | 1998-01-08 | 1999-01-08 | Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1044433A1 true EP1044433A1 (fr) | 2000-10-18 |
EP1044433B1 EP1044433B1 (fr) | 2003-11-12 |
Family
ID=9521599
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99900508A Expired - Lifetime EP1044433B1 (fr) | 1998-01-08 | 1999-01-08 | Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1044433B1 (fr) |
JP (1) | JP2002501134A (fr) |
DE (1) | DE69912737D1 (fr) |
FR (1) | FR2773405B1 (fr) |
WO (1) | WO1999035617A1 (fr) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NL1004539C2 (nl) | 1996-11-15 | 1998-05-20 | Stichting Tech Wetenschapp | Peptide afgeleid van een door auto-antilichamen van patiënten met reumatoïde artritis herkend antigeen, antilichaam daartegen en werkwijze voor het detecteren van auto-immuunantilichamen. |
FR2789203B1 (fr) * | 1999-02-01 | 2001-04-13 | France Telecom | Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires, les ressources accedante et accedee etant depourvues d'horloge temps reel |
DE60032467T2 (de) | 2000-06-14 | 2007-10-11 | Eads Astrium S.A.S. | Verfahren und System für Video-auf-Anfrage |
FI123469B (fi) | 2007-05-30 | 2013-05-31 | Owix Oy | Postinjakelujärjestelmä |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1982002811A1 (fr) * | 1981-02-06 | 1982-08-19 | Avi N Nelson | Systeme de securite |
SE8301957D0 (sv) * | 1983-04-08 | 1983-04-08 | Wso Cpu System Ab | Lassystem |
FR2652216B1 (fr) * | 1989-09-20 | 1991-12-13 | Rockwell Cim | Procede et dispositif de generation et de validation d'un message numerique et application d'un tel dispositif. |
US5745044A (en) * | 1990-05-11 | 1998-04-28 | Medeco Security Locks, Inc. | Electronic security system |
FR2722596A1 (fr) | 1994-07-13 | 1996-01-19 | France Telecom | Systeme de controle d'acces limites a des places horaires autorisees et renouvables au moyen d'un support de memorisation portable |
-
1998
- 1998-01-08 FR FR9800125A patent/FR2773405B1/fr not_active Expired - Lifetime
-
1999
- 1999-01-08 DE DE69912737T patent/DE69912737D1/de not_active Expired - Lifetime
- 1999-01-08 WO PCT/FR1999/000023 patent/WO1999035617A1/fr active IP Right Grant
- 1999-01-08 EP EP99900508A patent/EP1044433B1/fr not_active Expired - Lifetime
- 1999-01-08 JP JP2000527918A patent/JP2002501134A/ja active Pending
Non-Patent Citations (1)
Title |
---|
See references of WO9935617A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO1999035617A1 (fr) | 1999-07-15 |
EP1044433B1 (fr) | 2003-11-12 |
FR2773405B1 (fr) | 2000-09-29 |
FR2773405A1 (fr) | 1999-07-09 |
DE69912737D1 (de) | 2003-12-18 |
JP2002501134A (ja) | 2002-01-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0719438B1 (fr) | Systeme de controle d'acces limites a des plages horaires autorisees et renouvelables au moyen d'un support de memorisation portable | |
EP0426541B1 (fr) | Procédé de protection contre l'utilisation frauduleuse de cartes à microprocesseur, et dispositif de mise en oeuvre | |
CH630480A5 (fr) | Ensemble de comptabilisation d'unites homogenes predeterminees. | |
FR2597142A1 (fr) | Systeme de serrure electronique cryptographique et procede de fonctionnement | |
EP1055203B1 (fr) | Protocole de controle d'acces entre une cle et une serrure electronique | |
FR2497617A1 (fr) | Procede et dispositif de securite pour communication tripartie de donnees confidentielles | |
WO2007045745A1 (fr) | Procede et dispositif de creation d'une signature de groupe et procede et dispositif de verification d'une signature de groupe associes | |
CA2398317A1 (fr) | Systeme et procede de securisation des transmissions d'informations | |
EP1044433B1 (fr) | Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires | |
EP0960406B1 (fr) | Systeme de transport securise d'objets en conteneur inviolable dont au moins une station destinataire est mobile et transportable | |
FR2907948A1 (fr) | Procede de lutte contre le vol de billets,billet,dispositif d'inactivation et dispositif d'activation correspondants. | |
WO2000046757A1 (fr) | Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires, les ressources accedante et accedee etant depourvues d'horloge temps reel | |
EP1875426A2 (fr) | Terminal nomade de transactions electroniques securise et systeme de transactions electroniques securise | |
WO1997040474A1 (fr) | Systeme securise de controle d'acces permettant le transfert d'habilitation a produire des cles | |
EP0956540A1 (fr) | Systeme securise de controle d'acces permettant l'invalidation automatique de cles electroniques volees ou perdues et/ou le transfert d'habilitation a produire des cles | |
FR2786903A1 (fr) | Procede et systeme de controle d'acces a une ressource limite a certaines plages horaires, a partir d'un compteur dynamique | |
EP0965106A1 (fr) | Procede d'auto-controle d'une cle electronique dans un systeme de controle d'acces a une ressource et cle electronique mettant en oeuvre un tel procede | |
FR2710769A1 (fr) | Système de traitement des données d'une carte à microcircuit, carte et lecteur pour ce système et procédé de mise en Óoeuvre. | |
EP0979495A1 (fr) | Procede de certification d'un cumul dans un lecteur | |
WO2020070429A1 (fr) | Système d'accès sécurisé à un véhicule au moyen d'un smartphone | |
FR2788620A1 (fr) | Supports et systemes d'echange de donnees securises notamment pour paiements et telepaiements | |
FR2971109A1 (fr) | Systeme biometrique de verification de l'identite avec un signal de reussite, cooperant avec un objet portatif | |
WO2017037351A1 (fr) | Gestion d'un parc de compteurs d'energie et/ou de fluide, l'energie et/ou le fluide etant fournis en quantites prepayees | |
FR2749956A1 (fr) | Systeme securise de controle d'acces permettant le transfert d'habilitation a produire des cles | |
EP2048631A1 (fr) | Procédé d'authentification, objet portatif et programme d'ordinateur correspondants |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20000623 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): DE GB |
|
17Q | First examination report despatched |
Effective date: 20020111 |
|
GRAH | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOS IGRA |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): DE GB |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20031112 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REF | Corresponds to: |
Ref document number: 69912737 Country of ref document: DE Date of ref document: 20031218 Kind code of ref document: P |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20040213 |
|
GBV | Gb: ep patent (uk) treated as always having been void in accordance with gb section 77(7)/1977 [no translation filed] |
Effective date: 20031112 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20040813 |