Nothing Special   »   [go: up one dir, main page]

WO2021052943A1 - Evaluating access to a physical space - Google Patents

Evaluating access to a physical space Download PDF

Info

Publication number
WO2021052943A1
WO2021052943A1 PCT/EP2020/075729 EP2020075729W WO2021052943A1 WO 2021052943 A1 WO2021052943 A1 WO 2021052943A1 EP 2020075729 W EP2020075729 W EP 2020075729W WO 2021052943 A1 WO2021052943 A1 WO 2021052943A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
lock
credential
evaluator
valid
Prior art date
Application number
PCT/EP2020/075729
Other languages
French (fr)
Inventor
Gunnar Frank
Eric Thomsen
Peder Sylwan
Anders Borg
Stig LAGERSTEDT
Original Assignee
Assa Abloy Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy Ab filed Critical Assa Abloy Ab
Publication of WO2021052943A1 publication Critical patent/WO2021052943A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration

Definitions

  • the present disclosure relates to the field of evaluating access to a physical space and in particular to evaluating access to a physical space where an access request is received from an application server and a valid access credential is transmitted to a gateway.
  • electronic locks are becoming increasingly common. For electronic locks, no mechanical key profile is needed for authentication of a user.
  • the electronic locks can e.g. be opened using an electronic key stored on a special carrier (fob, card, etc.) or in a mobile device, such as a smartphone.
  • the electronic key and electronic lock can often communicate over a wireless interface.
  • Such electronic locks provide a number of benefits, including improved flexibility in management of access rights, audit trails, key management, etc.
  • One objective is to provide a solution where a mobile device which requests access to a lock does not need to implement a credential evaluation procedure for communicating with the lock.
  • a method for evaluating access to a physical space secured by a lock comprising the steps of: receiving an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluating, based on the user identifier and the lock identifier, whether access is to be granted; and transmitting a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
  • the valid access credential may be in a format which complies with mobile credentials usable with the lock.
  • the method may further comprise the step, prior to the step of transmitting the valid access credential, of: encrypting a section of the valid access credential.
  • the encrypted section of the valid access credential may comprise an access rights to unlock the lock.
  • the valid access credential may comprise a credential identifier and a verification section comprising a key derivation based on the credential identifier and a secret key.
  • the method may further comprise the step of: receiving audit trail data from the gateway.
  • the method may further comprise the step of: providing audit trail data to the application server.
  • the method may further comprise the steps of: generating the valid access credential after the step of evaluating; and deleting the valid access credential from the access evaluator after the step of transmitting the valid access credential.
  • an access evaluator for evaluating access to a physical space secured by a lock.
  • the access evaluator comprises: a processor; and a memory storing instructions that, when executed by the processor, cause the access evaluator to: receive an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluate, based on the user identifier and the lock identifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
  • the valid access credential may be in a format which complies with mobile credentials usable with the lock.
  • the access evaluator may further comprise instructions that, when executed by the processor, cause the access evaluator to encrypt a section of the valid access credential.
  • the encrypted section of the valid access credential may comprise an an access rights to unlock the lock.
  • the valid access credential may comprise a credential identifier and a verification section comprising a key derivation based on the credential identifier and a secret key.
  • the access evaluator may further comprise instructions that, when executed by the processor, cause the access evaluator to: receive audit trail data from the gateway.
  • the access evaluator may further comprise instructions that, when executed by the processor, cause the access evaluator to: provide audit trail data to the application server.
  • the access evaluator may further comprise instructions that, when executed by the processor, cause the access evaluator to: generate the valid access credential prior to executing the instructions to evaluate; and delete the valid access credential from the access evaluator after executing the instructions to transmit the valid access credential.
  • a computer program for evaluating access to a physical space secured by a lock.
  • the computer program comprises computer program code which, when run on an access evaluator causes the access evaluator to: receive an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluate, based on the user identifier and the lock identifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
  • a computer program product comprising a computer program according to the third aspect and a computer readable means on which the computer program is stored.
  • FIG 1 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied;
  • FIG. 1 is a sequence diagram illustrating communication between various entities of embodiments which can be applied in the environment of Fig 1;
  • FIG 3 is a flow chart illustrating embodiments of methods for requesting access to a physical space secured by a lock
  • FIG 4 is a schematic diagram illustrating components of the access evaluator of Fig 1 according to one embodiment.
  • FIG 5 shows one example of a computer program product comprising computer readable means.
  • Fig 1 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied.
  • a lock 4 is provided to secure access to a physical space 16.
  • the physical space 16 can e.g. be or be part of a hotel, cruise ship, office, factory, home or any other suitable physical space which can be secured by an electronic lock 4 provided by a door, window, gate, etc. While only one lock 4 is shown in Fig 1, there can be many more locks, each securing access to a physical space.
  • the lock 4 is an electronic lock and can be unlocked using a mobile device 2 as described in more detail below.
  • the mobile device 2 is carried by a user 9.
  • the mobile device 2 maybe implemented as part of a mobile phone, a smartphone, a key fob, wearable device, smart phone case, access card, electronic physical key, etc.
  • the mobile device 2 reads a lock identifier from the lock 4 over a local communication link.
  • the local communication link can be any suitable short-range wired or short-range wireless communication, e.g. using Near Field Communication (NFC), Bluetooth, Bluetooth Low Energy (BLE), any of the IEEE 802.15 standards, etc.
  • NFC Near Field Communication
  • BLE Bluetooth Low Energy
  • the mobile device 2 is connected to a communication network 6.
  • the communication network 6 can e.g. be based on Internet Protocol (IP) over WiFi or any suitable cellular network standard, and can form part of the Internet.
  • IP Internet Protocol
  • the mobile device 2 sends the lock identifier and a user identifier to an application server 3.
  • the functionality in the mobile device 2 described herein can be implemented by an application (also known as app) executing in the mobile device 2.
  • the mobile device 2 and its application co-operates with the application server 3 over the communication network 6.
  • the application server 3 is a server which performs server related functionality in cooperation with the application executing in the mobile device. As known in the art per se, the application server 3 can be implemented using one or more physical servers in one or more physical locations. The party responsible for the application server 3 can also be the party which is responsible for the application 2 mentioned to form part of the mobile device 2, used, i.a., for requesting and obtaining access to the physical space 16 secured by the lock 4.
  • the application server 3 requests access to the physical space 16 for the user 9 by communicating with an access evaluator 1. This communication occurs over the communication network 6.
  • the access evaluator 1 is a server which can receive access requests for one or more physical spaces 16 secured by respective locks 4. Significantly, the access requests are received from one node (the application server 3), but any access grants are implemented using another node, namely a gateway 7. Communication between the access evaluator 1 and the gateway 7 occurs over the communication network 6.
  • the access evaluator 1 can form part of an electronic access control system, comprising also the lock 4 and optionally the gateway 7.
  • the application server 3 and the mobile device 2 do not need to form part of the access control system.
  • the gateway 7 is a device which can communicate both over the communication network 6 and over the local communication link with the lock 4. As explained in more detail below, the gateway 7 is used in a credential evaluation procedure to unlock the lock 4 when access is granted by the access evaluator 1.
  • the lock 4 can equally well work with mobile devices which implement also the credential evaluation, i.e. mobile devices 2 that store a credential (e.g. key cards, etc.) which is used in the credential evaluation with the lock 4.
  • mobile devices which implement also the credential evaluation, i.e. mobile devices 2 that store a credential (e.g. key cards, etc.) which is used in the credential evaluation with the lock 4.
  • a credential e.g. key cards, etc.
  • Fig 2 is a sequence diagram illustrating communication between various entities of embodiments which can be applied in the environment of Fig 1.
  • the mobile device 2 When the user reaches the lock 4, the mobile device 2 obtains a lock identifier 20 from the lock 4 over the local communication link. If the lock was in a low-power mode, the lock 4 first wakes up e.g. by a sensor detecting metal in its presence. Instead of sending an access request to the lock 4, the mobile device 2 sends an access request 22 to the application server 3. This access request can be implemented easily in the mobile device 2 and the mobile device does not need to implement a complete credential evaluation procedure.
  • the access request 22 comprises the lock identifier 20 and a user identifier 21.
  • the user identifier 21 can be any suitable identifier which allows the application server to identify the user and can e.g. be a phone number, an e-mail address, an identifier issued by the application server 3, or an identifier issued by a third party, such as Facebook, Instagram, WeChat, Google, Apple, Snapchat, etc.
  • the application server 3 generates a corresponding access request 22’, corresponding to the access request 22 from the mobile device 2.
  • the corresponding access request 22’ can be in the same format as the access request 22 from the mobile device 2, or it can differ, but the corresponding access request 22’ also comprises the lock identifier 20 and the user identifier 21.
  • the application server 3 transmits the corresponding access request 22’ to the access evaluator 1 over the communication network 6.
  • the access evaluator 1 determines whether access through the lock 4 should be granted. If access is denied, the sequence ends. Otherwise, the access evaluator 1 obtains a credential 25 which is valid for unlocking the lock 4 and transmits the credential 36 to the gateway 7 over the communication network 6.
  • the lock 4 and the gateway 7 now engage in a credential evaluation procedure 26, where the communication occurs of the local communication link.
  • the credential evaluation procedure 26 can e.g. comprise a challenge-response procedure or other suitable procedure. Such as the gateway providing the credential 25 to the lock 4 for evaluation.
  • the lock 4 sets itself in an unlocked state, to allow the user of the mobile device 2 access to the physical space secured by the lock 4.
  • Actions by the lock 4, such as unlocking, opening, closing, denied access, unlocking without subsequent opening, etc., are optionally captured in an audit trail.
  • Each action is then stored as a data item, together with user id and time.
  • One or more data items of the audit trail is provided over the local communication link as audit trail data 27 to the gateway 7.
  • the audit trail data 27 can be sent after each action.
  • the audit trail data 27 is transmitted periodically in time or after a certain number of actions.
  • the gateway 7 forwards corresponding audit trail data 27 to the access evaluator 1.
  • This audit trail data can 27 be made available to the application server 3 to collect statistics on access events.
  • the first access request 22 is generated in the mobile device 2 based on local communication with the lock 4, but the credential evaluation 26 is performed between the lock 4 and the gateway 7.
  • the mobile device is relieved from implementing and keeping up-to-date a credential evaluation procedure which is complicated and can even be different for different entities of the lock 4.
  • credential evaluation procedures have previously formed part of SDKs (Software Development Kits) provided by the developer of the access control system to form part of the application in the mobile device.
  • SDKs Software Development Kits
  • the SDKs can take up space and require updating to stay functional with all types of locks.
  • the SDK for access control do not need to form part of the application in the mobile device 2.
  • the credential does not need to be stored in the mobile device 2.
  • Fig 3 is a flow chart illustrating embodiments of methods for evaluating access to a physical space secured by a lock. The method is performed in the access evaluator. The method essentially corresponds to actions performed by the access evaluator in the sequence diagram of Fig 2, described above. [0051]
  • the access evaluator receives an access request from an application server.
  • the access request comprises a user identifier and a lock identifier.
  • the access evaluator evaluates, based on the user identifier and the lock identifier, whether access is to be granted. This evaluation can be based on access rules available to the access evaluator, stored in the access evaluator or externally.
  • an optional generate credential step 42 the access evaluator generates the valid access credential after the step of evaluating.
  • the credential is generated on demand, and is not otherwise stored for a long time.
  • step 42 the credential can be retrieved from storage, internal or external to the access evaluator.
  • the access evaluator encrypts a section of the valid access credential.
  • the encrypted section of the valid access credential can comprise an access rights to unlock the lock.
  • the section in decrypted plain form
  • the section can indicate an access right to open lock x and locks y-z, and/or locks belonging to group A.
  • the section comprises a sequence number.
  • the sequence number can be used to invalidate all keys with earlier sequence numbers. In this way, a new person having a key to the hotel room can be assured that any previous guests do not have access to the hotel room.
  • the section can be encrypted with a symmetric key that is available also to the lock (but not to the gateway). In this way, the lock can decrypt the section and can rest assured that the access evaluator has provided the section with the access rights.
  • the valid access credential can comprise a credential identifier and a verification section.
  • the verification section comprises a key derivation based on the credential identifier and a secret key.
  • the access credential then contains both the credential identifier and the verification section, which has been generated using a key derivation function based on the credential identifier and the secret key.
  • the lock can be assured that the credential identifier is verified by the access evaluator, by verifying the verification section.
  • the verification is performed by generating its own verification using the key derivation function based on the credential identifier and the secret key, and comparing the result with the verification section received from the gateway. In order to perform this, the lock has access to (e.g. locally stores) the secret key.
  • a transmit credential step 44 the access evaluator transmits a valid access credential for the lock to a gateway being proximate to the lock.
  • the gateway is not the same device as the application server.
  • the valid access credential is in a format which complies with mobile credentials (and optionally card-based credentials) usable with the lock.
  • the credential is valid in the sense that it can be used to unlock the lock in a credential evaluation procedure as described above. By providing the valid access credential in compliance with mobile credentials/card-based credentials, no modification is needed to be done to the lock.
  • an optional delete step 45 the access evaluator deletes the valid access credential from the access evaluator. This is performed after the step of transmitting the valid access credential, since the access credential is needed for the transmission.
  • the credential is only present in the access evaluator for a short time, which significantly reduces the risk that a hacker could gain access to any particular credential.
  • the access evaluator receives audit trail data from the gateway.
  • the access evaluator provides audit trail data to the application server, based on the audit trail data received from the gateway (in step 46).
  • the audit trail data provided to the application server can be identical to or a subset of the audit trail data received from the gateway.
  • FIG 4 is a schematic diagram illustrating components of the access evaluator 1 of Fig 1 according to one embodiment.
  • a processor 60 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions 67 stored in a memory 64, which can thus be a computer program product.
  • the processor 60 could alternatively be implemented using an application specific integrated circuit (ASIC), field programmable gate array (FPGA), etc.
  • the processor 60 can be configured to execute the method described with reference to Fig 3 above.
  • the memory 64 can be any combination of random-access memory (RAM) and/or read-only memory (ROM).
  • the memory 64 also comprises persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid-state memory or even remotely mounted memory.
  • a data memory 66 is also provided for reading and/ or storing data during execution of software instructions in the processor 60.
  • the data memory 66 can be any combination of RAM and/or ROM.
  • the access evaluator 1 further comprises an 1/ O interface 62 for communicating with external and/or internal entities.
  • the I/O interface 62 also includes a user interface.
  • Fig 5 shows one example of a computer program product 90 comprising computer readable means.
  • a computer program 91 can be stored, which computer program can cause a processor to execute a method according to embodiments described herein.
  • the computer program product is an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc.
  • the computer program product could also be embodied in a memory of a device, such as the computer program product 64 of Fig 4.
  • While the computer program 91 is here schematically shown as a track on the depicted optical disk, the computer program can be stored in any way which is suitable for the computer program product, such as a removable solid-state memory, e.g. a Universal Serial Bus (USB) drive.
  • a removable solid-state memory e.g. a Universal Serial Bus (USB) drive.
  • USB Universal Serial Bus
  • a method for evaluating access to a physical space secured by a lock comprising the steps of: receiving an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluating, based on the user identifier and the lock identifier, whether access is to be granted; and transmitting a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
  • An access evaluator for evaluating access to a physical space secured by a lock comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the access evaluator to: receive an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluate, based on the user identifier and the lock identifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
  • the access evaluator according to any one of items vi to ix, further comprising instructions that, when executed by the processor, cause the access evaluator to: generate the valid access credential prior to executing the instructions to evaluate; and delete the valid access credential from the access evaluator after executing the instructions to transmit the valid access credential.
  • xi A computer program for evaluating access to a physical space secured by a lock, the computer program comprising computer program code which, when run on an access evaluator causes the access evaluator to: receive an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluate, based on the user identifier and the lock identifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
  • xii A computer program product comprising a computer program according to item xi and a computer readable means on which the computer program is stored.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Lock And Its Accessories (AREA)

Abstract

It is provided a method for evaluating access to a physical space secured by a lock. The method is performed in an access evaluator and comprises the steps of: receiving an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluating, based on the user identifier and the lock identifier, whether access is to be granted; and transmitting a valid access credential for the lock to a gateway being proximate to the lock when access is granted.

Description

EVALUATING ACCESS TO A PHYSICAL SPACE TECHNICAL FIELD
[0001] The present disclosure relates to the field of evaluating access to a physical space and in particular to evaluating access to a physical space where an access request is received from an application server and a valid access credential is transmitted to a gateway.
BACKGROUND
[0002] Locks and keys are evolving from the traditional pure mechanical locks.
These days, electronic locks are becoming increasingly common. For electronic locks, no mechanical key profile is needed for authentication of a user. The electronic locks can e.g. be opened using an electronic key stored on a special carrier (fob, card, etc.) or in a mobile device, such as a smartphone. The electronic key and electronic lock can often communicate over a wireless interface. Such electronic locks provide a number of benefits, including improved flexibility in management of access rights, audit trails, key management, etc.
[0003] When an electronic key, e.g. as part of a mobile device, approaches a door secured by an offline lock, one solution is for the mobile device to establish communication with the lock and to thereafter engage in a credential evaluation procedure. However, such a procedure requires a significant amount of implementation effort in the mobile device in order to securely and reliably perform the credential evaluation procedure. Moreover, such procedures can differ between locks and may need to be updated, requiring maintenance of software of all such mobile devices.
SUMMARY
[0004] One objective is to provide a solution where a mobile device which requests access to a lock does not need to implement a credential evaluation procedure for communicating with the lock.
[0005] According to a first aspect, it is provided a method for evaluating access to a physical space secured by a lock. The method is performed in an access evaluator and comprises the steps of: receiving an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluating, based on the user identifier and the lock identifier, whether access is to be granted; and transmitting a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
[0006] The valid access credential may be in a format which complies with mobile credentials usable with the lock.
[0007] The method may further comprise the step, prior to the step of transmitting the valid access credential, of: encrypting a section of the valid access credential.
[0008] The encrypted section of the valid access credential may comprise an access rights to unlock the lock.
[0009] The valid access credential may comprise a credential identifier and a verification section comprising a key derivation based on the credential identifier and a secret key.
[0010] The method may further comprise the step of: receiving audit trail data from the gateway.
[0011] The method may further comprise the step of: providing audit trail data to the application server.
[0012] The method may further comprise the steps of: generating the valid access credential after the step of evaluating; and deleting the valid access credential from the access evaluator after the step of transmitting the valid access credential.
[0013] According to a second aspect, it is provided an access evaluator for evaluating access to a physical space secured by a lock. The access evaluator comprises: a processor; and a memory storing instructions that, when executed by the processor, cause the access evaluator to: receive an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluate, based on the user identifier and the lock identifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
[0014] The valid access credential may be in a format which complies with mobile credentials usable with the lock.
[0015] The access evaluator may further comprise instructions that, when executed by the processor, cause the access evaluator to encrypt a section of the valid access credential.
[0016] The encrypted section of the valid access credential may comprise an an access rights to unlock the lock.
[0017] The valid access credential may comprise a credential identifier and a verification section comprising a key derivation based on the credential identifier and a secret key.
[0018] The access evaluator may further comprise instructions that, when executed by the processor, cause the access evaluator to: receive audit trail data from the gateway.
[0019] The access evaluator may further comprise instructions that, when executed by the processor, cause the access evaluator to: provide audit trail data to the application server.
[0020] The access evaluator may further comprise instructions that, when executed by the processor, cause the access evaluator to: generate the valid access credential prior to executing the instructions to evaluate; and delete the valid access credential from the access evaluator after executing the instructions to transmit the valid access credential.
[0021] According to a third aspect, it is provided a computer program for evaluating access to a physical space secured by a lock. The computer program comprises computer program code which, when run on an access evaluator causes the access evaluator to: receive an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluate, based on the user identifier and the lock identifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted. [0022] According to a fourth aspect, it is provided a computer program product comprising a computer program according to the third aspect and a computer readable means on which the computer program is stored.
[0023] Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the element, apparatus, component, means, step, etc." are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
BRIEF DESCRIPTION OF THE DRAWINGS
[0024] Aspects and embodiments are now described, by way of example, with refer ence to the accompanying drawings, in which:
[0025] Fig 1 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied;
[0026] Fig 2 is a sequence diagram illustrating communication between various entities of embodiments which can be applied in the environment of Fig 1;
[0027] Fig 3 is a flow chart illustrating embodiments of methods for requesting access to a physical space secured by a lock;
[0028] Fig 4 is a schematic diagram illustrating components of the access evaluator of Fig 1 according to one embodiment; and
[0029] Fig 5 shows one example of a computer program product comprising computer readable means.
DETAILED DESCRIPTION
[0030] The aspects of the present disclosure will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. These aspects may, however, be embodied in many different forms and should not be construed as limiting; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and to fully convey the scope of all aspects of invention to those skilled in the art. Like numbers refer to like elements throughout the description.
[0031] Fig 1 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied. A lock 4 is provided to secure access to a physical space 16. The physical space 16 can e.g. be or be part of a hotel, cruise ship, office, factory, home or any other suitable physical space which can be secured by an electronic lock 4 provided by a door, window, gate, etc. While only one lock 4 is shown in Fig 1, there can be many more locks, each securing access to a physical space.
[0032] The lock 4 is an electronic lock and can be unlocked using a mobile device 2 as described in more detail below. The mobile device 2 is carried by a user 9. The mobile device 2 maybe implemented as part of a mobile phone, a smartphone, a key fob, wearable device, smart phone case, access card, electronic physical key, etc.
[0033] The mobile device 2 reads a lock identifier from the lock 4 over a local communication link. The local communication link can be any suitable short-range wired or short-range wireless communication, e.g. using Near Field Communication (NFC), Bluetooth, Bluetooth Low Energy (BLE), any of the IEEE 802.15 standards, etc.
[0034] The mobile device 2 is connected to a communication network 6. The communication network 6 can e.g. be based on Internet Protocol (IP) over WiFi or any suitable cellular network standard, and can form part of the Internet.
[0035] To request access, the mobile device 2 sends the lock identifier and a user identifier to an application server 3. The functionality in the mobile device 2 described herein can be implemented by an application (also known as app) executing in the mobile device 2. The mobile device 2 and its application co-operates with the application server 3 over the communication network 6.
[0036] The application server 3 is a server which performs server related functionality in cooperation with the application executing in the mobile device. As known in the art per se, the application server 3 can be implemented using one or more physical servers in one or more physical locations. The party responsible for the application server 3 can also be the party which is responsible for the application 2 mentioned to form part of the mobile device 2, used, i.a., for requesting and obtaining access to the physical space 16 secured by the lock 4.
[0037] The application server 3 requests access to the physical space 16 for the user 9 by communicating with an access evaluator 1. This communication occurs over the communication network 6.
[0038] The access evaluator 1 is a server which can receive access requests for one or more physical spaces 16 secured by respective locks 4. Significantly, the access requests are received from one node (the application server 3), but any access grants are implemented using another node, namely a gateway 7. Communication between the access evaluator 1 and the gateway 7 occurs over the communication network 6. The access evaluator 1 can form part of an electronic access control system, comprising also the lock 4 and optionally the gateway 7. The application server 3 and the mobile device 2 do not need to form part of the access control system.
[0039] The gateway 7 is a device which can communicate both over the communication network 6 and over the local communication link with the lock 4. As explained in more detail below, the gateway 7 is used in a credential evaluation procedure to unlock the lock 4 when access is granted by the access evaluator 1.
[0040] It is to be noted that the lock 4 can equally well work with mobile devices which implement also the credential evaluation, i.e. mobile devices 2 that store a credential (e.g. key cards, etc.) which is used in the credential evaluation with the lock 4.
[0041] Fig 2 is a sequence diagram illustrating communication between various entities of embodiments which can be applied in the environment of Fig 1.
[0042] When the user reaches the lock 4, the mobile device 2 obtains a lock identifier 20 from the lock 4 over the local communication link. If the lock was in a low-power mode, the lock 4 first wakes up e.g. by a sensor detecting metal in its presence. Instead of sending an access request to the lock 4, the mobile device 2 sends an access request 22 to the application server 3. This access request can be implemented easily in the mobile device 2 and the mobile device does not need to implement a complete credential evaluation procedure.
[0043] The access request 22 comprises the lock identifier 20 and a user identifier 21. The user identifier 21 can be any suitable identifier which allows the application server to identify the user and can e.g. be a phone number, an e-mail address, an identifier issued by the application server 3, or an identifier issued by a third party, such as Facebook, Instagram, WeChat, Google, Apple, Snapchat, etc.
[0044] The application server 3 generates a corresponding access request 22’, corresponding to the access request 22 from the mobile device 2. The corresponding access request 22’ can be in the same format as the access request 22 from the mobile device 2, or it can differ, but the corresponding access request 22’ also comprises the lock identifier 20 and the user identifier 21. The application server 3 transmits the corresponding access request 22’ to the access evaluator 1 over the communication network 6.
[0045] Once the access evaluator 1 has received the corresponding access request 22’, the access evaluator 1 determines whether access through the lock 4 should be granted. If access is denied, the sequence ends. Otherwise, the access evaluator 1 obtains a credential 25 which is valid for unlocking the lock 4 and transmits the credential 36 to the gateway 7 over the communication network 6.
[0046] The lock 4 and the gateway 7 now engage in a credential evaluation procedure 26, where the communication occurs of the local communication link. The credential evaluation procedure 26 can e.g. comprise a challenge-response procedure or other suitable procedure. Such as the gateway providing the credential 25 to the lock 4 for evaluation. When the credential evaluation procedure 26 is successful, the lock 4 sets itself in an unlocked state, to allow the user of the mobile device 2 access to the physical space secured by the lock 4.
[0047] Actions by the lock 4, such as unlocking, opening, closing, denied access, unlocking without subsequent opening, etc., are optionally captured in an audit trail. Each action is then stored as a data item, together with user id and time. One or more data items of the audit trail is provided over the local communication link as audit trail data 27 to the gateway 7. For instance, the audit trail data 27 can be sent after each action. Alternatively, the audit trail data 27 is transmitted periodically in time or after a certain number of actions. The gateway 7 forwards corresponding audit trail data 27 to the access evaluator 1. This audit trail data can 27 be made available to the application server 3 to collect statistics on access events.
[0048] Using this procedure, the first access request 22 is generated in the mobile device 2 based on local communication with the lock 4, but the credential evaluation 26 is performed between the lock 4 and the gateway 7. In this way, the mobile device is relieved from implementing and keeping up-to-date a credential evaluation procedure which is complicated and can even be different for different entities of the lock 4. Such credential evaluation procedures have previously formed part of SDKs (Software Development Kits) provided by the developer of the access control system to form part of the application in the mobile device. However, such SDKs can take up space and require updating to stay functional with all types of locks. By using embodiments presented herein, the SDK for access control do not need to form part of the application in the mobile device 2.
[0049] Moreover, the credential does not need to be stored in the mobile device 2. Instead, the gateway 7, which can be under control of the party of the access evaluator 1 and/or the lock 4, receives the credential from the access evaluator 1 and implements the credential evaluation procedure 26. From the perspective of the lock 4, the local communication appears the same as if a mobile device 2 were to implement also the credential evaluation. Hence, the lock 4 does not need to be modified to operate correctly in accordance with embodiments presented herein.
[0050] Fig 3 is a flow chart illustrating embodiments of methods for evaluating access to a physical space secured by a lock. The method is performed in the access evaluator. The method essentially corresponds to actions performed by the access evaluator in the sequence diagram of Fig 2, described above. [0051] In a receive access request step 40, the access evaluator receives an access request from an application server. The access request comprises a user identifier and a lock identifier.
[0052] In an evaluate step 41, the access evaluator evaluates, based on the user identifier and the lock identifier, whether access is to be granted. This evaluation can be based on access rules available to the access evaluator, stored in the access evaluator or externally.
[0053] In an optional generate credential step 42, the access evaluator generates the valid access credential after the step of evaluating. When this step is performed, the credential is generated on demand, and is not otherwise stored for a long time.
[0054] When step 42 is not performed, the credential can be retrieved from storage, internal or external to the access evaluator.
[0055] In an optional encrypt step 43, the access evaluator encrypts a section of the valid access credential. The encrypted section of the valid access credential can comprise an access rights to unlock the lock. For instance, the section (in decrypted plain form) can indicate an access right to open lock x and locks y-z, and/or locks belonging to group A. Optionally, the section comprises a sequence number. For certain types of locks, e.g. hotel room locks, the sequence number can be used to invalidate all keys with earlier sequence numbers. In this way, a new person having a key to the hotel room can be assured that any previous guests do not have access to the hotel room.
[0056] The section can be encrypted with a symmetric key that is available also to the lock (but not to the gateway). In this way, the lock can decrypt the section and can rest assured that the access evaluator has provided the section with the access rights.
[0057] The valid access credential can comprise a credential identifier and a verification section. The verification section comprises a key derivation based on the credential identifier and a secret key. In other words, the access credential then contains both the credential identifier and the verification section, which has been generated using a key derivation function based on the credential identifier and the secret key. [0058] When the lock reads the credential, the lock can be assured that the credential identifier is verified by the access evaluator, by verifying the verification section. The verification is performed by generating its own verification using the key derivation function based on the credential identifier and the secret key, and comparing the result with the verification section received from the gateway. In order to perform this, the lock has access to (e.g. locally stores) the secret key.
[0059] In a transmit credential step 44, the access evaluator transmits a valid access credential for the lock to a gateway being proximate to the lock. The gateway is not the same device as the application server. The valid access credential is in a format which complies with mobile credentials (and optionally card-based credentials) usable with the lock. The credential is valid in the sense that it can be used to unlock the lock in a credential evaluation procedure as described above. By providing the valid access credential in compliance with mobile credentials/card-based credentials, no modification is needed to be done to the lock.
[0060] In an optional delete step 45, the access evaluator deletes the valid access credential from the access evaluator. This is performed after the step of transmitting the valid access credential, since the access credential is needed for the transmission. When step 42 and this step is implemented, the credential is only present in the access evaluator for a short time, which significantly reduces the risk that a hacker could gain access to any particular credential.
[0061] In an optional receive audit trail data step 46, the access evaluator receives audit trail data from the gateway.
[0062] In an optional provide audit trail data step 48, the access evaluator provides audit trail data to the application server, based on the audit trail data received from the gateway (in step 46). The audit trail data provided to the application server can be identical to or a subset of the audit trail data received from the gateway.
[0063] Fig 4 is a schematic diagram illustrating components of the access evaluator 1 of Fig 1 according to one embodiment. A processor 60 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions 67 stored in a memory 64, which can thus be a computer program product. The processor 60 could alternatively be implemented using an application specific integrated circuit (ASIC), field programmable gate array (FPGA), etc. The processor 60 can be configured to execute the method described with reference to Fig 3 above.
[0064] The memory 64 can be any combination of random-access memory (RAM) and/or read-only memory (ROM). The memory 64 also comprises persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid-state memory or even remotely mounted memory.
[0065] A data memory 66 is also provided for reading and/ or storing data during execution of software instructions in the processor 60. The data memory 66 can be any combination of RAM and/or ROM.
[0066] The access evaluator 1 further comprises an 1/ O interface 62 for communicating with external and/or internal entities. Optionally, the I/O interface 62 also includes a user interface.
[0067] Other components of the access evaluator 1 are omitted in order not to obscure the concepts presented herein.
[0068] Fig 5 shows one example of a computer program product 90 comprising computer readable means. On this computer readable means, a computer program 91 can be stored, which computer program can cause a processor to execute a method according to embodiments described herein. In this example, the computer program product is an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc. As explained above, the computer program product could also be embodied in a memory of a device, such as the computer program product 64 of Fig 4. While the computer program 91 is here schematically shown as a track on the depicted optical disk, the computer program can be stored in any way which is suitable for the computer program product, such as a removable solid-state memory, e.g. a Universal Serial Bus (USB) drive. [0069] Here now follows another perspective comprising itemised embodiments enumerated with roman numerals.
[0070] i. A method for evaluating access to a physical space secured by a lock, the method being performed in an access evaluator and comprising the steps of: receiving an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluating, based on the user identifier and the lock identifier, whether access is to be granted; and transmitting a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
[0071] ii. The method according to item i, wherein the valid access credential is in a format which complies with mobile credentials usable with the lock.
[0072] iii. The method according to item i or ii, further comprising the step of: receiving audit trail data from the gateway.
[0073] iv. The method according to item iii, further comprising the step of: providing audit trail data to the application server.
[0074] v. The method according to any one of the preceding items, further comprising the steps of: generating the valid access credential after the step of evaluating; and deleting the valid access credential from the access evaluator after the step of transmitting the valid access credential.
[0075] vi. An access evaluator for evaluating access to a physical space secured by a lock, the access evaluator comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the access evaluator to: receive an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluate, based on the user identifier and the lock identifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted.
[0076] vii. The access evaluator according to item vi, wherein the valid access credential is in a format which complies with mobile credentials usable with the lock.
[0077] viii. The access evaluator according to item vi or vii, further comprising instructions that, when executed by the processor, cause the access evaluator to: receive audit trail data from the gateway.
[0078] ix. The access evaluator according to item viii, further comprising instructions that, when executed by the processor, cause the access evaluator to: provide audit trail data to the application server.
[0079] x. The access evaluator according to any one of items vi to ix, further comprising instructions that, when executed by the processor, cause the access evaluator to: generate the valid access credential prior to executing the instructions to evaluate; and delete the valid access credential from the access evaluator after executing the instructions to transmit the valid access credential.
[0080] xi. A computer program for evaluating access to a physical space secured by a lock, the computer program comprising computer program code which, when run on an access evaluator causes the access evaluator to: receive an access request from an application server, the access request comprising a user identifier and a lock identifier; evaluate, based on the user identifier and the lock identifier, whether access is to be granted; and transmit a valid access credential for the lock to a gateway being proximate to the lock when access is granted. [0081] xii. A computer program product comprising a computer program according to item xi and a computer readable means on which the computer program is stored.
[0082] The aspects of the present disclosure have mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims. Thus, while various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope and spirit being indicated by the following claims.

Claims

1. A method for evaluating access to a physical space (16) secured by a lock (4), the method being performed in an access evaluator (1) and comprising the steps of: receiving (40) an access request (22’) from an application server (3), the access request (22’) comprising a user identifier (21) and a lock identifier (20); evaluating (41), based on the user identifier (21) and the lock identifier (20), whether access is to be granted; and transmitting (44) a valid access credential (25) for the lock to a gateway (7) being proximate to the lock (4) when access is granted.
2. The method according to claim 1, wherein the valid access credential (25) is in a format which complies with mobile credentials usable with the lock (4).
3. The method according to claim 2, further comprising the step, prior to the step of transmitting (44) the valid access credential, of: encrypting (43) a section of the valid access credential.
4. The method according to claim 3, wherein the encrypted section of the valid access credential comprises an an access rights to unlock the lock (4).
5. The method according to claim 3 or 4, wherein the valid access credential comprises a credential identifier and a verification section comprising a key derivation based on the credential identifier and a secret key.
6. The method according to any one of the preceding claims, further comprising the step of: receiving (46) audit trail data from the gateway.
7. The method according to claim 6, further comprising the step of: providing (48) audit trail data to the application server (3).
8. The method according to any one of the preceding claims, further comprising the steps of: generating (42) the valid access credential after the step of evaluating (41); and deleting (45) the valid access credential from the access evaluator (1) after the step of transmitting (44) the valid access credential.
9. An access evaluator (1) for evaluating access to a physical space (16) secured by a lock (4), the access evaluator comprising: a processor (60); and a memory (64) storing instructions (67) that, when executed by the processor, cause the access evaluator (1) to: receive an access request (22’) from an application server (3), the access request (22’) comprising a user identifier (21) and a lock identifier (20); evaluate, based on the user identifier (21) and the lock identifier (20), whether access is to be granted; and transmit a valid access credential (25) for the lock to a gateway (7) being proximate to the lock (4) when access is granted.
10. The access evaluator (1) according to claim 9, wherein the valid access credential (25) is in a format which complies with mobile credentials usable with the lock (4).
11. The access evaluator (1) according to claim 10, further comprising instructions (67) that, when executed by the processor, cause the access evaluator (1) to encrypt a section of the valid access credential.
12. The access evaluator (1) according to claim 11, wherein the encrypted section of the valid access credential comprises an access rights to unlock the lock (4).
13. The access evaluator (1) according to claim 11 or 12, wherein the valid access credential comprises a credential identifier and a verification section comprising a key derivation based on the credential identifier and a secret key.
14. The access evaluator (1) according to claim 9 or 10, further comprising instructions (67) that, when executed by the processor, cause the access evaluator (1) to: receive audit trail data from the gateway.
15. The access evaluator (1) according to claim 14, further comprising instructions (67) that, when executed by the processor, cause the access evaluator (1) to: provide audit trail data to the application server (3).
16. The access evaluator (1) according to any one of claims 9 to 15, further comprising instructions (67) that, when executed by the processor, cause the access evaluator (1) to: generate the valid access credential prior to executing the instructions to evaluate; and delete the valid access credential from the access evaluator (1) after executing the instructions to transmit (44) the valid access credential.
17. A computer program (67, 91) for evaluating access to a physical space (16) secured by a lock (4), the computer program comprising computer program code which, when run on an access evaluator (1) causes the access evaluator (1) to: receive an access request (22’) from an application server (3), the access request (22’) comprising a user identifier (21) and a lock identifier (20); evaluate, based on the user identifier (21) and the lock identifier (20), whether access is to be granted; and transmit a valid access credential (25) for the lock to a gateway (7) being proximate to the lock (4) when access is granted.
18. A computer program product (64, 90) comprising a computer program according to claim 17 and a computer readable means on which the computer program is stored.
PCT/EP2020/075729 2019-09-16 2020-09-15 Evaluating access to a physical space WO2021052943A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE1951047A SE1951047A1 (en) 2019-09-16 2019-09-16 Evaluating access to a physical space
SE1951047-8 2019-09-16

Publications (1)

Publication Number Publication Date
WO2021052943A1 true WO2021052943A1 (en) 2021-03-25

Family

ID=72521618

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2020/075729 WO2021052943A1 (en) 2019-09-16 2020-09-15 Evaluating access to a physical space

Country Status (2)

Country Link
SE (1) SE1951047A1 (en)
WO (1) WO2021052943A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012151290A1 (en) * 2011-05-02 2012-11-08 Apigy Inc. Systems and methods for controlling a locking mechanism using a portable electronic device
US20170018130A1 (en) * 2015-05-08 2017-01-19 Shane Wesley Robinson Cloud controlled common access entry point locking system and method

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9704320B2 (en) * 2013-03-15 2017-07-11 August Home, Inc. Intelligent door lock system with encryption
US9824193B2 (en) * 2014-07-29 2017-11-21 Aruba Networks, Inc. Method for using mobile devices with validated user network identity as physical identity proof
WO2016131416A1 (en) * 2015-02-16 2016-08-25 Polaris Tech Global Limited Cross-platform automated perimeter access control system and method adopting rfid-to-bluetooth selective adapter
US10068397B2 (en) * 2016-04-06 2018-09-04 Guardtime IP Holdings, Ltd. System and method for access control using context-based proof
US10026249B2 (en) * 2016-04-14 2018-07-17 Schlage Lock Company Llc Bi-directional access control system
WO2017181175A1 (en) * 2016-04-15 2017-10-19 Schlage Lock Company Llc Wireless credential proximity control
US10979234B2 (en) * 2017-02-24 2021-04-13 Sera4 Ltd. Secure locking of physical resources using asymmetric cryptography
EP3585960B1 (en) * 2017-02-24 2024-09-04 Schlage Lock Company LLC Exit device systems and methods
US10089809B1 (en) * 2017-06-14 2018-10-02 International Business Machines Corporation Cognitive intercom assistant

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012151290A1 (en) * 2011-05-02 2012-11-08 Apigy Inc. Systems and methods for controlling a locking mechanism using a portable electronic device
US20170018130A1 (en) * 2015-05-08 2017-01-19 Shane Wesley Robinson Cloud controlled common access entry point locking system and method

Also Published As

Publication number Publication date
SE1951047A1 (en) 2021-03-17

Similar Documents

Publication Publication Date Title
US11770261B2 (en) Digital credentials for user device authentication
US10367817B2 (en) Systems and methods for challengeless coauthentication
CN110113427B (en) Relay service for communication between controller and accessory
US10021100B2 (en) Systems and methods for device authentication
CN1224213C (en) Method for issuing an electronic identity
CN101321165A (en) Authentication for licensing in an embedded system
WO2019191213A1 (en) Digital credential authentication
CN113228120B (en) Common signature delegation
US20130298211A1 (en) Authentication token
JP2019173523A (en) Electric lock system and lock control terminal
US20140136837A1 (en) Method for identifying and authenticating a user via a portable device
KR101319586B1 (en) Cloud computing network system and method for authenticating client
JP6174796B2 (en) Security system, management device, permission device, terminal device, security method, and program
KR20200052434A (en) Security system and method for IoT equipment
US11403900B2 (en) Transmitting service provider access data to a service provider server
US20220327875A1 (en) Providing access to a lock for a service provider using a grant token and credential
WO2018207174A1 (en) Method and system for sharing a network enabled entity
Patil et al. SecSmartLock: An architecture and protocol for designing secure smart locks
WO2019129351A1 (en) Systems and methods for providing authentication and/or authorization
WO2021052943A1 (en) Evaluating access to a physical space
US11232660B2 (en) Using a private key of a cryptographic key pair accessible to a service provider device
CN111369710B (en) Block chain supported intelligent lock system
US12039814B2 (en) Enabling remote unlock of a lock
CN117675217A (en) Cross-domain trust management platform
CN113569209A (en) User registration method and device based on block chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20772272

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20772272

Country of ref document: EP

Kind code of ref document: A1