DE102004045978A1 - User`s access authorization checking system, has connectable program storage device providing access to object depending on correlation of data and data lodged in authentication device - Google Patents

Abstract

For the controller access to a closed area, such as a company site or an underground car park, is usually used a radio remote control. about the radio remote control can with a frequency of 433 MHz the control commands for opening and Shut down be given the respective gate. A disadvantage of these methods is that at big Plants with multiple authorized users a variety managed by radio remote controls by the access providers have to and this security problems arise. Task of the present Invention is to provide a method with which a simple administrative control of access authorizations by the access provider allows becomes. This is achieved according to the invention in that the access authorization via a data exchange between a user and an authentication device is detected. Access to the system is therefore no longer the one, the one radio remote control for owns the plant, but the one whose identification feature also by entry or deletion known by the access provider of the authentication device have been done.

Description

The The present invention relates to a system for checking and granting a Access authorization for a user, a procedure for checking and granting a Access authorization for a user and a program for a program control device.

For the controller access to a closed area, such as a company site or an underground car park, is usually used a radio remote control. about the radio remote control can with a frequency of 433 MHz, the control commands for opening and closing the given respective gates. Here, a so-called hopping code method is used in which the security coding for transmission of the control commands after each operation changed the radio remote control becomes. So it will be a random one Trigger by a foreign remote control almost impossible.

adversely with these procedures is that with large plants with several access-authorized users a variety of radio remote controls managed by the access providers have to be and this security problems arise. In a large residential complex For example, a tenant usually buys with multiple parties a wireless remote control to conveniently reach its underground parking space. At a later Moving the tenant, the radio remote control is not returned, as it is the property of the renter. This creates an unnecessary security risk for the Residential users. Are the radio remote controls by the Residential property management or a tenant interest group on bail rented, pose the same security problems. If a radio remote control is stolen or lost or after an extract of the tenant not returned is, exists for Unauthorized the possibility to gain access to the underground car park.

One Another disadvantage arises when a user has access privileges for many Owns facilities, such as underground garages in the company, in the apartment building or in the fitness center. The user thus has a variety of radio remote controls to guide and operate, thereby impaired traffic safety becomes.

One additional Disadvantage is that it is not possible to log which Users enter or leave a closed area at which time Has.

Of the The present invention is based on the object, a method for review and grant an access authorization for to create a user with a simple administrative control the access authorization is enabled by the access provider and thus resolved the described safety risks and comfort losses can be. Furthermore it is part of the task a suitable for carrying out the method System and a program for specify the program control device.

These The object is achieved by a System having the features specified in claim 1, a method with the features specified in claim 5 and a program with solved the features specified in claim 8. Advantageous developments of the invention are in the dependent claims specified.

Corresponding the system according to the invention has the device for checking a Access authorization of a user on a chip card, on the at least one identification feature of an authentication device and at least one identifier of a user is stored. Furthermore, the system comprises a reading device which is based on the Chipcard stored data reads, an encryption device, the Encrypted data stored on the smart card and an authentication device, the data stored on the chip card and in the authentication device deposited data checked for compliance. It also includes the system has a data transmission device, transmits the data stored on the chip card data to the authentication device and a program control device connectable to the authentication device, which provides access to an object for the user dependent from a match the data stored on the chip card and stored in the authentication device Dates.

According to an advantageous development of the present invention, the system additionally has an input device on which a system administrator can enter the identification feature of an authorized user and / or the identification feature of a non-authorized user. In addition, the system comprises a data transmission device for transmitting data entered by the system administrator to the authentication device. This has the advantage of simply blocking access by the access provider to the identification feature of a user with a lost or stolen smart card or the access for the identifier of a user can be released with a new smart card.

Corresponding the method according to the invention will be for review Access authorization of a user one of an authentication device obtained random number with one on a smart card of a user stored private key encrypted. This encrypted Random number is combined with an identifying feature of User back transmitted to the authentication device. The authentication device checks the from their generated random number and that returned to them and based on the identifying feature decrypted Random number to match. Dependent from a match the generated by the authentication device and the to the Authentication device is transmitted back random number by a program control device access to an object for the User provided.

In Advantageously, the user sends in a first step a list of identification features of at least one authentication device, to which he has an access authorization, to the authentication device. The authentication device transmits at least one match Identification feature from the list with at least one own Identifier the random number to the user. This makes for one Users with access permissions to multiple objects only one Chipcard required and guaranteed thus a greater user-friendliness and a higher one Comfort for the user.

at the execution the control program according to the invention is determined by the program control device depending on a match a random number generated by an authentication device and one returned to the authentication device and decrypted by an identifier Random number provided access to an object for the user.

The The present invention will become more apparent from an embodiment closer to the drawing explained. It shows the

figure a flow chart for a procedure for review and Establishment of an access authorization for a user.

At the process flow shown in the figure are a user interested in access 101 and an access provider 105 involved. In the present embodiment, the user interested in access is 101 a car driving residents of a residential complex, hereinafter referred to as motorists. The car driver 101 has a remote control, which comprises a smart card, a smart card reader, an encryption device and a data transmission device. The remote control can be executed, for example, as a radio or infrared remote control. The access provider 105 an authentication device is assigned to an underground car park of the housing complex, wherein the authentication device comprises a data transmission device, an input device and a program control device.

Would the driver 101 Now he gets access to the underground car park, he sends in a first step 102 via the remote control an access request to the authentication device of the access provider. The access request comprises an identification feature of the authentication device.

If the sent identifier matches the identification feature of the authentication device, the authentication device generates in a second step 103 a random number and sends it together with their identification feature to the driver's remote control 101 ,

In a third step 104 the remote unit encrypts the received random number by means of a private key stored on the chip card. The remote then transmits the encrypted random number along with an identification feature of the driver 101 to the authentication device.

The authentication device decrypts in a last step 106 the encrypted random number, based on the identification feature of the driver 101 has recognized the public key for decryption. If the random number generated and the random number received and decrypted match, the authentication device releases the access (step 107 ) and opens the garage door. If the random number generated and the random number received and decrypted do not match, the authentication device blocks access (step 108 ).

An administrator of the housing complex can according to an advantageous embodiment of the present invention via the input device of the authentication device an identification feature of a motorist 101 delete and thus deny him access to the underground car park. In the same way the caretaker can be an identifying feature of a car driver 101 Add access to the underground car park. It is thus possible in a simple manner to control the access to the underground car park of the housing estate.

In addition, can by the authentication device based on the identification features be logged, which user at what time the condominium entered or left. This may be the case in some cases Systems with particularly high safety requirements desirable be.

In a further advantageous embodiment of the present invention, the driver has 101 Access permissions for several underground garages. The identification features of the various underground garages are on the smart card of the driver 101 saved. For an access request 102 the driver sends via his remote control all the identification features of the authentication facilities of the underground garages for which he has an access authorization. If a sent identification feature matches the identification feature of the respective authentication device, the authentication device generates one of the underground garages in a second step 103 a random number and sends it together with their identification feature to the driver's remote control 101 , By this method the driver needs 101 only a remote control, instead of having to carry a separate remote control for each underground car park, to which he has an access authorization.

Claims (8)

System for checking a Access authorization of a user with - a chip card on the at least one identification feature of an authentication device and stored at least one identification feature of a user is - one Reading device for reading from stored on the chip card Dates, - one encryptor to encrypt the data stored on the chip card, An authentication device to check the data stored on the smart card and in the authentication device stored data for compliance, - one Data communications equipment for transmission the data stored on the chip card to the authentication device, - one program control device connectable to the authentication device to provide access to an object for the user dependent from a match the data stored on the smart card and in the authentication device deposited data. System according to claim 1, With - one Input device on which by a system administrator the identifier an authorized user and / or the identification feature of a non-authorized user can be entered, - one Data communications equipment for transmission from entered by the system administrator on the input device Data to the authentication device. System according to at least one of claims 1 and 2, in which the encryption device is integrated in the chip card. System according to at least one of claims 1-3, in which the smart card is designed as a smart card. Procedure for checking a Access authorization of a user in whom - one of an arbitration device obtained random number with a is encrypted on a smart card of a user stored private key and this encrypted Random number together with a user identification back is transmitted to the authentication device, - the authentication device the random number generated by the authentication device and the sent back to the authentication device and based on the Identifier decrypted random number checked for compliance, - depending on a match the generated by the authentication device and the to the Authentication device back transmitted random number a program controller provides access to an object for the user becomes. Method according to claim 5, in which - the user a list of identification features of at least one authentication device, to which he has an access authorization, to the authentication device sends, - the Authentication device if at least one match Identification feature from the list with at least one own Identifier sends the random number to the user. Method according to at least one of Claims 5 and 6, in which the authentication device, in addition to the random number, assigns it at least one own identification feature to the user sends. Program for a program control device which is in a working memory a program control device is loadable and at least one Code section, in its execution - By the program control device dependent from a match a random number generated by an authentication device and one returned to the authentication device and decrypted by an identifier Random number provides access to an object for the user is when the program runs on the program control device.