Communications: electrical – Selective – Intelligence comparison for controlling
Reexamination Certificate
1999-05-13
2002-04-30
Zimmerman, Brian (Department: 2635)
Communications: electrical
Selective
Intelligence comparison for controlling
Reexamination Certificate
active
06380843
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a secured system of access checking that enables the automatic transfer of entitlement to produce keys.
The invention can be applied especially in the field of the checking of access to buildings, computer systems or any kind of object for which the opening or use has to be checked.
2. Description of the Related Art
There is the known patent application PCT/FR95/00935 published under number WO96/029899, for an access checking system limited to authorized and renewable time slots.
This system relies on the use of portable storage carriers such as flush-contact or contact-free chip cards (integrated circuit cards), magnetic cards, badges and electronic keys with or without contact. These carriers are distributed to all users to whom access is to be authorized.
For this purpose, the magnetic carriers have a memorized electronic key giving a right of access.
This key has a data element corresponding to an access authorization period and a digital signature of this data element. The period of use corresponds in practice to a date of use and to a time slot of use so much so that the key is valid only for one day and for the defined time slot.
These keys have a short lifetime and are especially well suited to applications such as the distribution and collection of mail by a postman. The user of such a carrier must recharge his carrier with a new valid key every day.
The problem of the theft and loss of an information carrier comprising a key of this kind no longer arises since the lifetime of the logic key is ephemeral.
Anyone who has found or stolen the carrier will no longer be able to use it the next day. Consequently, it is no longer even necessary to keep a black list of all the carriers that have been stolen or lost.
This access checking system is highly efficient in applications where no permanent access right or very long-term access right has to be provided. However, if this is not the case, the system proves to be unsuitable.
Earlier checking systems propose the keeping of a black list for stolen or lost carriers in order to prevent the unauthorized persons who hold such carriers from accessing the protected unit.
The maintaining of such lists requires action on electronic locks. For it is necessary to make recordings, on these locks, of the identification numbers of the carriers that are stolen or lost after their holder has reported their loss. Such action is a source of constraint.
Should a person who is entitled to produce electronic keys and record them on the storage carriers have his entitlement withdrawn (in the case of right of access to a building, this could be for example because of a change in the managing agent or manager of the building), the transfer of entitlement to another person makes it necessary to provide all users who had access rights with new carriers on which the electronic keys are computed with the key-producing means possessing the new entitlement.
This is a constraint that leads to substantial costs.
OBJECTS AND SUMMARY OF THE INVENTION
The secured access checking system according to the invention can be used to resolve this problem. The carriers delivered remain always valid even in the event of a transfer of entitlement to another person or more specifically to another key-producing means.
An object of the invention more particularly is a system of access checking by means of a portable storage carrier C on which there is recorded an electronic key CL, comprising means LE for the production of the electronic keys and a means fulfilling an electronic lock L function capable of authorizing access should the storage carrier contain the requisite electronic key, according to which the production means comprise a information element HA for entitlement to produce the keys CL, including a public key K, and the digital signature CER of this information element; and in which a transfer of entitlement to new production means is made by the recording of a new public key K′ and the corresponding signature CER′. This new public key is, after verification of the entitlement, recorded in the electronic lock L which verifies the keys CL produced by these means LE.
According to another particular feature, the data elements pertaining to the production means comprise an identification data element ID, a period of validity VAL and the public key K, the period of validity assigned to the former key K having an ending date that corresponds to the starting date of validity of the period of validity of the new key K′, this ending date possibly being later than the starting date (for example later by one month).
Advantageously, for the verification of a new version of a key K′ with a signature CER′, the lock compares and replaces the ending date of the period of validity of the former key with the starting date of validity of the next key (the new key).
The public keys K and K′ are obtained by the authority through a production function F
KA
with public key KA, using a secret key ka. The lock has, in memory, at the time of verification, a verification function V
KA
and the key KA for the verification of these signatures CER or CER′.
The lock verifies any new entitlement.
Thus, when a new production means is in service, this means is declared to the lock which will check the keys produced by this means.
For this purpose, the authority records the entitlement certificate in the lock and the key KA that it has used for the computation. The production means may itself record its entitlement in the lock.
Carriers for which the keys have been produced fraudulently using means that no longer possess entitlement do not permit access to the units protected.
Indeed, the transfer of entitlement is done by the secured loading of a new public key into the lock.
The previous public keys are in principle preserved unless the production algorithm has been broken or the secret key of the pair formed by the secret key and the public key has been discovered.
According to another characteristic, an electronic signature S is computed from an algorithm with a secret key k and from a corresponding public key K by production means LE, and the lock has, in memory, the public key K, a function V
K
for the verification of this signature S and a means to implement this verification function.
The electronic key CL recorded in a carrier has a data element identifying the user and a data element identifying the carrier. For example, the latter data element will be the serial number of manufacture of the carrier and the electronic signature of these data elements.
Other advantages and particular features of the invention shall appear from the following description given by way of a non-exhaustive indication with reference to the appended drawing of
FIG. 1
which shows the diagram of a secured access checking system according to the object of the invention.
It is specified that the term “authority” is understood to mean an organization possessing secret keys, means capable of delivering public keys and entitlement data elements.
The term “secret key” is understood to mean a digital data element that is known only by a unit of the authority or of the production means.
The term “public key”, KA, K, K′, is understood to mean a digital data element shared among several users, the authority and the means of production of the electronic keys or the means of production and the electronic lock.
The term “key production means” LE is understood to mean a digital data processing machine, for example a microcomputer, possessing an entitlement information element HA and having computation means to obtain the digital data signal implementing functions such as an algorithm with a conventional public key.
The term “electronic key” or “logic key” CL is understood to mean one or more digital data elements accompanied by their digital signature giving right to access.
The invention is described by way of an example in its application to the management of access to buildings.
Ref
Girault Marc
Guerin Didier
Hardy Constant
Revillet Marie-Josephe
La Poste
Nilles & Nilles S.C.
Zimmerman Brian
LandOfFree
Secured access checking system enabling the automatic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secured access checking system enabling the automatic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secured access checking system enabling the automatic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2829441