[go: up one dir, main page]

EP1484858B1 - Method for functional assembling together components of an authentication facility as well as an authentication facility - Google Patents

Method for functional assembling together components of an authentication facility as well as an authentication facility Download PDF

Info

Publication number
EP1484858B1
EP1484858B1 EP04012990A EP04012990A EP1484858B1 EP 1484858 B1 EP1484858 B1 EP 1484858B1 EP 04012990 A EP04012990 A EP 04012990A EP 04012990 A EP04012990 A EP 04012990A EP 1484858 B1 EP1484858 B1 EP 1484858B1
Authority
EP
European Patent Office
Prior art keywords
base station
transmitter
programming unit
programming
crypto
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP04012990A
Other languages
German (de)
French (fr)
Other versions
EP1484858A1 (en
Inventor
Dieter Rickhoff
Martin Degener
Thomas Dr. Kaiser
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Leopold Kostal GmbH and Co KG
Original Assignee
Leopold Kostal GmbH and Co KG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Leopold Kostal GmbH and Co KG filed Critical Leopold Kostal GmbH and Co KG
Publication of EP1484858A1 publication Critical patent/EP1484858A1/en
Application granted granted Critical
Publication of EP1484858B1 publication Critical patent/EP1484858B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • G07C2009/00865Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed remotely by wireless communication

Definitions

  • the invention relates to a method for the functional marriage of Components of an authentication device with each other, which device one or more key mobile identification devices (ID transmitter) and at least one associated with an object Base station includes. Furthermore, the invention relates to an authentication device with one or more keys serving as keys mobile identification transmitters (ID transmitter), at least one object associated base station and a programmer.
  • ID transmitter key mobile identification devices
  • ID transmitter keys mobile identification transmitters
  • Such authentication devices are used to query an authorization for triggering a specific action by an identification transmitter, when it enters the area of a base station.
  • authentication mechanisms are used for example for checking the access authorization of a mobile identification transmitter entrusting Person, for example with regard to access to a building or the like.
  • Such authentication devices are used also to monitor a flow of goods.
  • a Such identification transmitter of a single product or a batch For example, be associated with a palette to monitor whether and If necessary, for example, when this leaves a camp.
  • Keyless access control devices include each an object to be monitored of a door, a gate or the like associated reader and one or more mobile ldtechnischsgeber (ID transmitter).
  • ID transmitter mobile ld Ensgeber
  • the ID encoders are transponders.
  • the communication between such an ID transmitter and the base station can be done for example on an RF radio link. It exists both systems requiring unidirectional communication between the ID transmitter and the base station for authentication of the ID transmitter takes place, as well as those systems in which a bidirectional Communication between these two elements of the conditional access control device takes place to perform an authentication. With such an authentication, a data comparison takes place between Data stored in the ID transmitter and transmitted to the base station and a review of that data for authorization, open the door controlled by this base station or the like to be allowed.
  • the communication contains a cryptic one Key, a so-called crypto-code.
  • access authorization control devices are known, where customer- and object-specific the ID encoders and the readers manufacturer by saving a particular identifier in the one or more ID donors and the or the readers are programmed or initialized. The device Joining the individual components is called "marrying".
  • These access authorization control facilities must Thus, before its commissioning be known for one, how many as Key ID encoders and how many readers are needed. It must also be known which ID encoders from which readers as authorized to be recognized. As long as all parameters before the functional marriage of the individual components with each other are known by the measures described above, this is not a problem. In the event, however, that the number of an object associated with ID encoders or readers should be increased, all Units of such an access control device new be married to each other. The same applies if individual ID donors to be lost and replaced by new ones.
  • the invention is the Task based, an aforementioned, generic method in such a way that an authentication device, about a keyless conditional access control device not only in terms of the use and the number of readers but also with regard to the use and the number of ID encoders with larger ones Variability and can be set up with simple measures.
  • the independent in the Claim 1 specified method wherein in a first step the at least one base station by a mobile programming unit one intended for programming and different from the one at Control operation of the device for communication between the at least an ID transmitter and serving the at least one base station Data transmission path distinguishing data transmission path is initialized by this base station from the programming unit individual identification assigned as well as one for communication received with the or the ID donors serving crypto code, if this base station a crypto code is not yet known, and that in one second step through this base station on a for programming provided by and in the control of the establishment for the communication between the at least one ID transmitter and the base station serving data transmission path different Data transmission link those ID transmitter with regard to an intended communication with this base station is initialized, the one authorization to trigger an event by this Base station should be obtained by each of these ID transmitter from the base station an individual identification gets assigned as well as the Communication serving crypto code is received when the ID transmitter Cryptcode is not yet known.
  • an authentication device with each other is the marriage between one or more readers - the readers are in the context of the invention due to their programming the ID transmitter Properties referred to as base stations - with those ID donors by one or more of those involved in the facility Base stations are to be recognized as authorized by that used for operating the device crypto code is not initialized components initially only the programming unit and thus a single, in particular mobile element of the authentication device is known.
  • This crypto code is used when initializing the Establishment of this programming unit, also referred to as master transmitted to each base station.
  • master transmitted to each base station With the transfer of the Crypto codes on each base station - a process common to every base station carried out - there is a definition and labeling of each individual Base station.
  • All base stations assigned to a programming unit receive their individual identification in this way.
  • the programming unit is an element of the authentication device, so that as with a reinitialization of a base station Object an existing object extended by more base stations can be. These need only in the manner described to be initialized by the programmer.
  • An initialization the ID device associated with the authentication device takes place in one second initialization step by the base stations, wherein all ID encoders that are to be recognized as authorized by this base station initialized or programmed by this base station.
  • These Initialization comprises on the one hand a transmission of the programming unit transferred to the base station in a previous step Kryptcodes.
  • the crypto code is only transmitted if it has previously been detected as part of a query that this ID transmitter has not yet received a crypto-code or at least the one for communication does not know this base station serving crypto-code.
  • each of these base station is an individual identification assigned to the individual ID encoders and transmitted to them. With this individual identification is then carried out using the predetermined Cryptcodes the authentication control. Is in an ID dealer already stored the crypto-code used for this object, then this ID transmitter is only assigned its individual identification. This is the case, for example, if this ID transmitter is previously at another base station regarding transmission of the crypto-code has already been initialized and the programming at each other Base station serves the purpose, this base station this ID transmitter in terms of its entitlement.
  • a different data transmission path is used as the one in a control operation the device is provided.
  • a control operation of the device there is a communication between the base station and the respective ID transmitter expediently on an RF radio link.
  • the Initialization or programming of the individual ID encoders by the base stations can be done on a LF radio link.
  • each ID transmitter via a low-frequency part and a However, the NF-section and expediently will be
  • the LF part of the ID transmitter is also used to the ID transmitter from a Sleep or sleep mode to bring this into its operating mode in which the HF part of the ID transmitter is used for communication started up with a base station.
  • To wake up is from a Base station cyclically sent an AF wake-up signal.
  • the range of a such wake-up signal is limited and dependent on the spatial conditions in the vicinity of the base station. In any case you will be tempted to send the wake-up signal with such a field strength that at a sufficient distance in front of the base station an approaching ID transmitter is awakened and communication on the RF link is completed when the ID transmitter at the example located from the base station controlled door.
  • a data transfer takes place on the NF-track expediently with only a very low field strength, so that for this purpose the ID transmitter in the immediate Must be kept close to the base station.
  • the change of Field strength can be due to the different operating mode of the base station - Programming or initialization mode or control operating mode - respectively.
  • Communication between the programming unit and the base station to initialise and program the base stations also takes place on a short-range communications link. This can also be made on a NF track.
  • a programming or initialization of the base stations by the programming unit can also on other route, for example an infrared route or also be provided by contact.
  • the programming unit itself is mobile so that it can be addressed to the individual, in distributed to an object arranged base stations can be brought. Therefore, it is in principle not necessary in this process that the Base stations are interconnected.
  • the programming unit itself basically does not need to be actively programmable; rather, can the programming of the individual base stations by the programming unit yourself. This is then expediently as active Transponder working designed.
  • the programming unit can therefore be the same be small, as the individual ID transmitter. Conveniently, the programming unit differs in color or in others However, from the individual ID donors.
  • the individual ID transmitter is the use of one counter, namely a base station counter and an ID transmitter counter.
  • the use of a counter is used in this case as an ordinal number or address to access if necessary, to obtain further available data.
  • Such an access authorization control device can easily be used in addition to the expediently provided mobile passive programming unit be associated with an active programming unit. With this then there is the possibility of certain permissions in the delete individual base stations, for example, in the event that a ID transmitter is lost.
  • the base stations can respect the authorization levels of the individual ID encoders are programmed.
  • the authorization of this base station known ID transmitter stored data can, for example, a temporal authorization in Framework of a keyless conditional access control device according to which certain ID donors only within a certain Time zone as eligible to be admitted into an object.
  • permission levels For example, they can also be designed in this way be that in the context of an access authorization control a Access to a particular ID provider is allowed only if in addition to this ID transmitter another ID transmitter in the communication area of the base station is arranged.
  • the described method and the described authentication device can easily be combined with other known systems be and / or superimpose these. It is also possible readily establish hierarchical locking structures or also an additional object identifier as part of the individual identifications use to create different objects with the same Kryptcode work different from each other. In such a case it will be expedient, in each case a suitably passive programming unit, containing the same crypt code, but with an additional one Object identifier programmed, used. Basically it is also possible for different objects different Use crypto codes; but then would have the s.der total equipment involved ID donors also over the appropriate number different crypto codes. Although this is true in principle is possible, one will take into account that this is usually an extension of the duration of the authorization query dialog if the awakened ID transmitter does not coincide with the for this object responsible cryptcode responds.
  • a keyless access authorization control device 1 comprises a plurality, an object 2 associated with base stations B 1, B 2, three ID transmitter ID 1 - ID 3 and serving as a programming unit master M.
  • the base stations B 1, B 2 are within the object 2 are each a door assigned and serve the purpose in an operation of the access authorization control device 1 upon detection of a defined as legitimate ID transmitter, the respective base station B 1 , B 2 associated door to unlock and possibly motorized to open.
  • the ID transmitters ID 1 - ID 3 are the mobile keys which can communicate with the base stations B 1 , B 2 on an HF path for carrying out the authentication request.
  • the ID encoders ID 1 - ID 3 are transponders.
  • a communication between the ID encoders ID 1 - ID 3 and the base stations B 1 and B 2 takes place with the aid of a crypto-code. Furthermore, the ID transmitters ID 1 - ID 3 and likewise the base stations B 1 and B 2 are identified with an individual identification in order to assign different authorizations for the use of the base stations B 1 and B 2 to the ID transmitters ID 1 - ID 3 to be able to. For this purpose, the base stations B 1 , B 2 must be functionally married to those IDs ID 1 - ID 3 , each of which is to be recognized as authorized by a base stations B 1 , B 2 , so that upon detection of an identified as legitimate ID transmitter the unlocked door is unlocked or opened by a motor.
  • the master M is a mobile passive programming unit.
  • the master M differs from the ID donors ID 1 - ID 3 by a slightly larger design and by a different color coding of its housing.
  • a crypto-code is stored in the master M in an electronic storage medium, with which the bidirectional communication between a base station B 1 or B 2 and an ID transmitter ID 1 , ID 2 or ID 3 is to take place.
  • the master M includes two counters - a base station counter and an ID transmitter counter.
  • the master M and the access authorization control device 1 associated base stations B 1 , B 2 can communicate with each other on a LF link, the range of this communication is limited to a few centimeters.
  • communication between the master M and a base station B 1 , B 2 is possible when the master M is held to a base station B 1 , B 2 .
  • the base stations B 1 , B 2 and also the ID transmitter ID 1 - ID 3 each comprise an RF transceiver part for carrying out the bidirectional communication in an access authorization control mode of the access authorization control device 1.
  • the base stations B 1 , B 2 further comprise an NF transmitting-receiving part; ID encoders ID 1 - ID 3 include a LF receiver.
  • a programming or initialization of the ID transmitter ID 1 - ID 3 is carried out by the base stations B 1 and B 2 on the LF line, it being provided that acknowledgment signals as feedback from the ID encoders ID 1 - ID 3 to the respective base station B 1 and B 2 are sent on the RF link. In principle, it can also be provided to send such feedback or acknowledgment signals also on the LF path.
  • the ID transmitter ID 1 - ID 3 also include a LF transmission unit.
  • the base stations B 1 , B 2 and also the ID transmitter ID 1 - ID 3 come from a mass production and have before their functional marriage to each other and their assignment to the object 2 no individual features that would be necessary in the description of the invention. Thus, prior to their initialization, these elements - base stations and ID transmitters - can be assigned to any conditional access control device 1 or any object.
  • the master M is held in the immediate vicinity of the base station B 1 , so that the master M can communicate with the base station B 1 on a LF radio link.
  • the master M is placed directly to the base station B 1 . With the entry of the master M in the LF transmission range of the base station B 1 this is awakened and transmitted to the base station B 1, a first signal with which the programming mode of the base station B 1 is opened. In this programming mode bidirectional communication between the master M and the base station B 1 can take place.
  • a first query is checked by the master M, whether the base station B 1 has already received an individual identification (identifier). This can be done for example by querying an identification memory. If the memory is empty, the base station - in this case the base station B 1 - is neither functionally assigned to the object 2 nor the access authorization control device 1. In this case, the master M transmits to the base station B 1 a base station identification, an object identifier and a crypto-code. All transmitted data are stored in the base station B 1 . It is expedient to store the transmitted crypto-code on a different storage medium than the transmission of the base-station identification and the object identifier.
  • the base station identification is in the illustrated embodiment is an element of a counter series. Since the initialization of the access authorization control device 1, the base station B 1 is initialized and programmed as the first example, it receives the counter element "1" as a base station identification.
  • the transmitted object identifier represents a suitable identifier for the object 2.
  • a feedback from the base station B 1 is sent to the master M.
  • the base station counter of the master M is then increased by one counter, so that the first counter can not be awarded again.
  • the base station identification of the next base station to be programmed and initialized for example the base station B 2 is uniquely predefined with the next counter.
  • the programming of the base station B 1 is basically finished after receiving the feedback from the base station B 1 to the master M. By removing the master M from the base station B 1 , the latter automatically switches from its programming mode to the access authorization control operating mode.
  • each ID transmitter receives in its programming in terms of access authorization to multiple base stations, such as the base stations B 1 and B 2 for each base station B 1 and B 2 independent identifier. Therefore, to identify the individual ID encoders ID 1 - ID 3 basically complicated identifiers can be dispensed with.
  • the further procedure corresponds to that described above to the programming process to bring to conclusion.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A base station is initialized through a mobile programming unit on a data-transmission link provided for programming and differing from a data-transmission link serving during a control operation for a device for communicating between an identification transmitter (IDT) and a base station that gets an individual identification allocated and receives a cryptic code to communicate with IDTs. An independent claim is also included for an authentication device with mobile identification transmitters to act as keys.

Description

Die Erfindung betrifft ein Verfahren zum funktionellen Verheiraten der Komponenten einer Authentisierungseinrichtung miteinander, welche Einrichtung ein oder mehrere, als Schlüssel dienende mobile Identifikationsgeber (ID-Geber) sowie zumindest eine einem Objekt zugeordnete Basisstation umfasst. Ferner betrifft die Erfindung eine Authentisierungseinrichtung mit einem oder mehreren, als Schlüssel dienenden mobilen Identifikationsgebern (ID-Geber), zumindest einer einem Objekt zugeordneten Basisstation sowie einer Programmiereinrichtung.The invention relates to a method for the functional marriage of Components of an authentication device with each other, which device one or more key mobile identification devices (ID transmitter) and at least one associated with an object Base station includes. Furthermore, the invention relates to an authentication device with one or more keys serving as keys mobile identification transmitters (ID transmitter), at least one object associated base station and a programmer.

Derartige Authentisierungseinrichtungen dienen zum Abfragen einer Berechtigung zum Auslösen einer bestimmten Aktion durch einen Identifikationsgeber, wenn dieser in den Bereich einer Basisstation gelangt. Authentisierungseinrichtungen werden eingesetzt beispielsweise zum Überprüfen der Zugangsberechtigung einer einen mobilen Identifikationsgeber mitführenden Person, etwa hinsichtlich des Zutrittes in ein Gebäude oder dergleichen. Eingesetzt werden derartige Authentisierungseinrichtungen auch, um etwa einen Warenfluß zu überwachen. In diesem Fall kann ein solcher Identifikationsgeber einer einzelnen Ware oder auch einer Charge, beispielsweise einer Palette zugeordnet sein, um zu überwachen, ob und gegebenenfalls auch wann diese beispielsweise ein Lager verläßt.Such authentication devices are used to query an authorization for triggering a specific action by an identification transmitter, when it enters the area of a base station. authentication mechanisms are used for example for checking the access authorization of a mobile identification transmitter entrusting Person, for example with regard to access to a building or the like. Such authentication devices are used also to monitor a flow of goods. In this case, a Such identification transmitter of a single product or a batch, For example, be associated with a palette to monitor whether and If necessary, for example, when this leaves a camp.

Schlüssellose Zugangsberechtigungskontrolleinrichungen umfassen jeweils ein einem zu überwachenden Objekt einer Tür, einem Tor oder dergleichen zugeordnete Lesegerät und ein oder mehrere mobile ldentifikationsgeber (ID-Geber). Bei den ID-Gebern handelt es sich um Transponder. Die Kommunikation zwischen einem solchen ID-Geber und der Basisstation kann beispielsweise auf einer HF-Funkstrecke erfolgen. Es existieren sowohl Systeme, bei denen eine unidirektionale Kommunikation zwischen dem ID-Geber und der Basisstation zur Authentisierung des ID-Gebers erfolgt, als auch solche Systeme, bei denen eine bidirektionale Kommunikation zwischen diesen beiden Elementen der Zugangsberechtigungskontrolleinrichtung stattfindet, um eine Authentisierung durchzuführen. Bei einer solchen Authentisierung erfolgt ein Datenabgleich zwischen Daten, die im ID-Geber gespeichert und an die Basisstation übermittelt werden, und einer Überprüfung dieser Daten hinsichtlich einer Berechtigung, die durch diese Basisstation kontrollierte Tür oder dergleichen öffnen zu dürfen. Üblicherweise enthält die Kommunikation einen kryptischen Schlüssel, einen sogenannten Kryptcode. Bekannt sind solche Zugangsberechtigungskontrolleinrichtungen, bei denen kunden- und objektspezifisch die ID-Geber und die Lesegeräte herstellerseitig durch Speichern einer bestimmten Kennung in dem oder den ID-Gebern und dem oder den Lesegeräten programmiert bzw. initialisiert werden. Die Einrichtung der einzelnen Komponenten zueinandern wird als "Verheiraten" bezeichnet. Bei diesen Zugangsberechtigungskontroll-einrichtungen muss somit vor ihrer Inbetriebnahme zum einen bekannt sein, wie viele als Schlüssel dienende ID-Geber und wie viele Lesegeräte benötigt werden. Ferner muss bekannt sein, welche ID-Geber von welchen Lesegeräten als zugangsberechtigt erkannt werden sollen. Solange sämtliche Parameter vor der funktionellen Verheiratung der einzelnen Komponenten miteinander durch die oben beschriebenen Maßnahmen bekannt sind, ist dies unproblematisch. Für den Fall jedoch, dass die Zahl der einem Objekt zugeordnete ID-Geber oder Lesegeräte vergrößert werden soll, müssen sämtliche Einheiten einer solchen Zugangsberechtigungskontrolleinrichtung neu miteinander verheiratet werden. Entsprechendes gilt, wenn einzelne ID-Geber verloren gehen und durch neue ersetzt werden müssen.Keyless access control devices include each an object to be monitored of a door, a gate or the like associated reader and one or more mobile ldifikationsgeber (ID transmitter). The ID encoders are transponders. The communication between such an ID transmitter and the base station can be done for example on an RF radio link. It exists both systems requiring unidirectional communication between the ID transmitter and the base station for authentication of the ID transmitter takes place, as well as those systems in which a bidirectional Communication between these two elements of the conditional access control device takes place to perform an authentication. With such an authentication, a data comparison takes place between Data stored in the ID transmitter and transmitted to the base station and a review of that data for authorization, open the door controlled by this base station or the like to be allowed. Usually the communication contains a cryptic one Key, a so-called crypto-code. Such access authorization control devices are known, where customer- and object-specific the ID encoders and the readers manufacturer by saving a particular identifier in the one or more ID donors and the or the readers are programmed or initialized. The device Joining the individual components is called "marrying". These access authorization control facilities must Thus, before its commissioning be known for one, how many as Key ID encoders and how many readers are needed. It must also be known which ID encoders from which readers as authorized to be recognized. As long as all parameters before the functional marriage of the individual components with each other are known by the measures described above, this is not a problem. In the event, however, that the number of an object associated with ID encoders or readers should be increased, all Units of such an access control device new be married to each other. The same applies if individual ID donors to be lost and replaced by new ones.

Aus DE 41 34 922 C2 ist eine Anlage zur Kontrolle des Zugangs zu Objekten bekanntgeworden, bei der das oder die Lesegeräte durch die einzelnen ID-Geber programmiert werden. Dies ermöglicht den Einsatz unprogrammierter Lesegeräte, so dass eine Objekterweiterung durch einen Einsatz weiterer Lesegeräte grundsätzlich ohne weiteres möglich ist. Die ID-Geber sind auch bei dieser Anlage nach wie vor herstellerseitig vorprogrammiert. Somit ist man bei einem Einsatz dieser Anlage bei einer Nachrüstung von ID-Gebern nach wie vor abhängig von dem Hersteller. Insbesondere lassen sich bei dieser vorbekannten Anlage hierarchische Schließstrukturen nur schwer realisieren, da jeder ID-Geber auch gleichzeitig Datenträger ist und somit grundsätzlich jedes Lesegerät programmieren kann.From DE 41 34 922 C2 is a system for controlling access to objects become known, in which the reader or readers by the individual ID encoder programmed. This allows the use of unprogrammed Readers, allowing an object extension by one Use of other readers is basically possible without further ado. The ID encoders are also pre-programmed by the manufacturer in this system. Thus, one is in a use of this system at a Retrofitting of ID encoders still depends on the manufacturer. In particular, this prior art system can be hierarchical Closing structures are difficult to realize because each ID transmitter is also simultaneously Disk is and thus basically any reader program can.

Ausgehend von dem diskutierten Stand der Technik liegt der Erfindung die Aufgabe zugrunde, eine eingangs genanntes, gattungsgemäßes Verfahren dergestalt weiterzubilden, dass eine Authentisierungseinrichtung, etwa eine schlüssellose Zugangsberechtigungskontrolleinrichtung nicht nur hinsichtlich des Einsatzes und der Anzahl der Lesegeräte sondern auch hinsichtlich des Einsatzes und der Anzahl der ID-Geber mit größerer Variabilität und mit einfachen Maßnahmen eingerichtet werden kann.Based on the discussed prior art, the invention is the Task based, an aforementioned, generic method in such a way that an authentication device, about a keyless conditional access control device not only in terms of the use and the number of readers but also with regard to the use and the number of ID encoders with larger ones Variability and can be set up with simple measures.

Diese Aufgabe wird erfindungsgemäß durch das in dem unabhängigen Anspruch 1 angegebene Verfahren gelöst, bei dem in einem ersten Schritt die zumindest eine Basisstation durch eine mobile Programmiereinheit auf einer für die Programmierung vorgesehenen und sich von der bei einem Kontrollbetrieb der Einrichtung für die Kommunikation zwischen dem zumindest einen ID-Geber und der zumindest einen Basisstation dienenden Datenübertragungsstrecke unterscheidenden Datenübertragungsstrecke initialisiert wird, indem diese Basisstation von der Programmiereinheit eine individuelle Identifikation zugewiesen bekommt sowie einen zur Kommunikation mit dem oder den ID-Gebern dienenden Kryptcode erhält, wenn dieser Basisstation ein Kryptcode noch nicht bekannt ist, und dass in einem zweiten Schritt durch diese Basisstation auf einer für die Programmierung vorgesehenen und sich von der bei einem Kontrollbetrieb der Einrichtung für die Kommunikation zwischen dem zumindest einen ID-Geber und der Basisstation dienenden Datenübertragungsstrecke unterscheidenden Datenübertragungsstrecke diejenigen ID-Geber im Hinblick auf eine vorgesehene Kommunikation mit dieser Basisstation initialisiert werden, die eine Berechtigung zum Auslösen eines Ereignisses durch diese Basisstation erhalten sollen, indem jeder dieser ID-Geber von der Basisstation eine individuelle Identifikation zugewiesen bekommt sowie den zur Kommunikation dienenden Kryptcode erhält, wenn dem ID-Geber ein Kryptcode noch nicht bekannt ist.This object is achieved by the independent in the Claim 1 specified method, wherein in a first step the at least one base station by a mobile programming unit one intended for programming and different from the one at Control operation of the device for communication between the at least an ID transmitter and serving the at least one base station Data transmission path distinguishing data transmission path is initialized by this base station from the programming unit individual identification assigned as well as one for communication received with the or the ID donors serving crypto code, if this base station a crypto code is not yet known, and that in one second step through this base station on a for programming provided by and in the control of the establishment for the communication between the at least one ID transmitter and the base station serving data transmission path different Data transmission link those ID transmitter with regard to an intended communication with this base station is initialized, the one authorization to trigger an event by this Base station should be obtained by each of these ID transmitter from the base station an individual identification gets assigned as well as the Communication serving crypto code is received when the ID transmitter Cryptcode is not yet known.

Ferner wird diese Aufgabe erfindungsgemäß durch die im Anspruch 11 wiedergegebene Authentisierungseinrichtung gelöst.Furthermore, this object is achieved by the in claim 11 reproduced reproduced authentication device.

Bei dem genannten Verfahren zum funktionellen Verheiraten der Komponenten einer Authentisierungseinrichtung miteinander erfolgt das Verheiraten zwischen einem oder mehreren Lesegeräten - die Lesegeräte sind im Zusammenhang mit der Erfindung aufgrund ihrer die ID-Geber programmierenden Eigenschaften als Basisstationen bezeichnet - mit denjenigen ID-Gebern, die von einer oder mehreren der an der Einrichtung beteiligten Basisstationen als berechtigt erkannt werden sollen, dadurch, dass der zum Betreiben der Einrichtung eingesetzte Kryptcode bei nicht initialisierten Komponenten zunächst nur der Programmiereinheit und somit einem einzigen, insbesondere mobilen Element der Authentisierungseinrichtung bekannt ist. Dieser Kryptcode wird bei der Initialisierung der Einrichtung von dieser, auch als Master zu bezeichnenden Programmiereinheit auf jede Basisstation übertragen. Mit der Übertragung des Kryptcodes auf jede Basisstation - ein Vorgang, der an jeder Basisstation durchgeführt wird - erfolgt eine Definition und Kennzeichnung jeder einzelnen Basisstation. Alle einer Programmiereinheit zugeordneten Basisstationen erhalten auf diese Weise ihre individuelle Identifikation. Die Programmiereinheit ist ein Element der Authentisierungseinrichtung, so dass ohne weiteres wie bei einer Neuinitialisierung einer Basisstation eines Objektes ein bestehendes Objekt um weitere Basisstationen erweitert werden kann. Diese brauchen lediglich in der beschriebenen Art und Weise durch die Programmiereinheit initialisiert zu werden. Eine Initialisierung der der Authentisierungseinrichtung zugehörigen ID-Geber erfolgt in einem zweiten Initialisierungsschritt durch die Basisstationen, wobei sämtliche ID-Geber, die von dieser Basisstation als berechtigt erkennt werden sollen, durch diese Basisstation initialisiert bzw. programmiert werden. Diese Initialisierung umfasst zum einen eine Übertragung des von der Programmiereinheit in einem vorangegangenen Schritt auf die Basisstation übertragenen Kryptcodes. Der Kryptcode wird jedoch nur dann übertragen, wenn zuvor im Rahmen einer Abfrage erkannt worden ist, dass dieser ID-Geber noch keinen Kryptcode erhalten hat oder zumindest den zur Kommunikation dieser Basisstation dienenden Kryptcode nicht kennt. Zum anderen wird von dieser Basisstation jeweils eine individuelle Identifikation der einzelnen ID-Geber zugewiesen und an diese übertragen. Mit dieser individuellen Identifikation erfolgt dann unter Verwendung des vorgegebenen Kryptcodes die Authentisierungskontrolle. Ist in einem ID-Geber bereits der für dieses Objekt verwandte Kryptcode gespeichert, dann wird diesem ID-Geber lediglich seine individuelle Identifikation zugewiesen. Dieses ist beispielsweise der Fall, wenn dieser ID-Geber zuvor an einer anderen Basisstation hinsichtlich einer Übertragung des Kryptcodes bereits initialisiert worden ist und die Programmierung an jeder weiteren Basisstation dem Zweck dient, dieser Basisstation diesen ID-Geber hinsichtlich seiner Berechtigung bekannt zu machen.In the said method for the functional marriage of the components an authentication device with each other is the marriage between one or more readers - the readers are in the context of the invention due to their programming the ID transmitter Properties referred to as base stations - with those ID donors by one or more of those involved in the facility Base stations are to be recognized as authorized by that used for operating the device crypto code is not initialized components initially only the programming unit and thus a single, in particular mobile element of the authentication device is known. This crypto code is used when initializing the Establishment of this programming unit, also referred to as master transmitted to each base station. With the transfer of the Crypto codes on each base station - a process common to every base station carried out - there is a definition and labeling of each individual Base station. All base stations assigned to a programming unit receive their individual identification in this way. The programming unit is an element of the authentication device, so that as with a reinitialization of a base station Object an existing object extended by more base stations can be. These need only in the manner described to be initialized by the programmer. An initialization the ID device associated with the authentication device takes place in one second initialization step by the base stations, wherein all ID encoders that are to be recognized as authorized by this base station initialized or programmed by this base station. These Initialization comprises on the one hand a transmission of the programming unit transferred to the base station in a previous step Kryptcodes. However, the crypto code is only transmitted if it has previously been detected as part of a query that this ID transmitter has not yet received a crypto-code or at least the one for communication does not know this base station serving crypto-code. On the other hand each of these base station is an individual identification assigned to the individual ID encoders and transmitted to them. With this individual identification is then carried out using the predetermined Cryptcodes the authentication control. Is in an ID dealer already stored the crypto-code used for this object, then this ID transmitter is only assigned its individual identification. This is the case, for example, if this ID transmitter is previously at another base station regarding transmission of the crypto-code has already been initialized and the programming at each other Base station serves the purpose, this base station this ID transmitter in terms of its entitlement.

Das Initialisieren bzw. Programmieren jedes ID-Gebers dieser Authentisierungseinrichtung durch eine oder mehrere an der Authentisierungseinrichtung beteiligte Basisstationen macht deutlich, dass für die Konfigurierung der Authentisierungseinrichtung ausschließlich unprogrammierte ID-Geber benötigt werden. Entsprechendes gilt für den Einsatz der benötigten Basisstationen, die ihrerseits - wie oben beschrieben - durch die Programmiereinheit initialisiert und programmiert werden. Somit können diese Elemente der Zugangsberechtigungskontrolleinrichtung aus einer Massenherstellung entnommen werden. Eine Individualisierung der einzelnen Komponenten erfolgt erst, wenn diese Komponenten unter Zuhilfenahme einer Programmiereinheit in der beschriebenen Art und Weise miteinander funktionell verheiratet werden. Folglich ist nicht nur ein Nachrüsten mit Basisstationen unproblematisch, sondern insbesondere können ohne weiteres dem System weitere ID-Geber hinzugefügt werden und vor allem auch verlorengegangene durch neue ersetzt werden. Dieses Verfahren eignet sich insbesondere im Rahmen einer schlüssellosen Zufangsberechtigungs-kontrolleinrichtung.Initializing or programming each ID transmitter of this authentication device by one or more at the authentication device involved base stations makes it clear that for the configuration the authentication device exclusively unprogrammed ID transmitter needed. The same applies to the use of the required Base stations, which in turn - as described above - by the programming unit initialized and programmed. Thus, these can Elements of the conditional access control device from a mass production be removed. An individualization of the individual Components only take effect when these components are used with the help of a programming unit in the manner described with each other be functionally married. Consequently, not only retrofitting with Base stations unproblematic, but in particular can without more system to be added to the ID and more importantly even lost ones are replaced by new ones. This method is particularly suitable as part of a keyless access authorization control device.

Bei dem beschriebenen Verfahren ist vorgesehen, dass für die lnitialisierung und Programmierung der einzelnen Elemente eine andere Datenübertragungsstrecke benutzt wird, als diejenige, die bei einem Kontrollbetrieb der Einrichtung vorgesehen ist. Bei einem Kontrollbetrieb der Einrichtung erfolgt eine Kommunikation zwischen der Basisstation und dem jeweiligen ID-Geber zweckmäßigerweise auf einer HF-Funkstrecke. Die Initialisierung bzw. Programmierung der einzelnen ID-Geber durch die Basisstationen kann dagegen auf einer NF-Funkstrecke erfolgen. Zwar hat bei einer solchen Ausgestaltung jeder ID-Geber über ein NF-Teil und ein HF-Teil zu verfügen, jedoch wird zweckmäßigerweise die NF-Strecke und somit das NF-Teil des ID-Gebers auch benutzt, um den ID-Geber aus einem Schlaf- oder Ruhemodus wecken, um diesen in seinen Betriebsmodus schalten zu können, in dem das HF-Teil des ID-Gebers zur Kommunikation mit einer Basisstation hochgefahren ist. Zum Wecken wird von einer Basisstation zyklisch ein NF-Wecksignal gesendet. Die Reichweite eines solchen Wecksignals ist begrenzt und abhängig von den räumlichen Gegebenheiten in der Umgebung der Basisstation. In jedem Fall wird man versucht sein, das Wecksignal mit einer solchen Feldstärke zu senden, dass in einem ausreichenden Abstand vor der Basisstation ein sich nähernder ID-Geber geweckt wird und die Kommunikation auf der HF-Strecke abgeschlossen ist, wenn sich der ID-Geber an der beispielsweise von der Basisstation kontrollierten Türe befindet. In the described method it is provided that for the initialization and programming the individual elements a different data transmission path is used as the one in a control operation the device is provided. In a control operation of the device there is a communication between the base station and the respective ID transmitter expediently on an RF radio link. The Initialization or programming of the individual ID encoders by the base stations can be done on a LF radio link. Although has in such an embodiment, each ID transmitter via a low-frequency part and a However, the NF-section and expediently will be Thus, the LF part of the ID transmitter is also used to the ID transmitter from a Sleep or sleep mode to bring this into its operating mode in which the HF part of the ID transmitter is used for communication started up with a base station. To wake up is from a Base station cyclically sent an AF wake-up signal. The range of a such wake-up signal is limited and dependent on the spatial conditions in the vicinity of the base station. In any case you will be tempted to send the wake-up signal with such a field strength that at a sufficient distance in front of the base station an approaching ID transmitter is awakened and communication on the RF link is completed when the ID transmitter at the example located from the base station controlled door.

Zur Programmierung der ID-Geber auf der NF-Strecke erfolgt eine Datenübertragung auf der NF-Strecke zweckmäßigerweise mit einer nur sehr geringen Feldstärke, so dass zu diesem Zweck der ID-Geber in unmittelbarer Nähe zu der Basisstation gehalten werden muss. Die Änderung der Feldstärke kann durch den unterschiedlichen Betriebsmodus der Basisstation - Programmier- bzw. Initialisiermodus bzw. Kontrollbetriebsmodus - erfolgen.To program the ID encoders on the LF path, a data transfer takes place on the NF-track expediently with only a very low field strength, so that for this purpose the ID transmitter in the immediate Must be kept close to the base station. The change of Field strength can be due to the different operating mode of the base station - Programming or initialization mode or control operating mode - respectively.

Eine Kommunikation zwischen der Programmiereinheit und der Basisstation zum Initialisieren und Programmieren der Basisstationen erfolgt ebenfalls auf einer Nahbereichskommunikationsstrecke. Diese kann ebenfalls auf einer NF-Strecke vorgenommen werden. Eine Programmierung bzw. Initialisierung der Basisstationen durch die Programmiereinheit kann auch auf anderer Strecke, beispielsweise einer Infrarotstrecke oder auch kontaktgebunden vorgesehen sein.Communication between the programming unit and the base station to initialise and program the base stations also takes place on a short-range communications link. This can also be made on a NF track. A programming or initialization of the base stations by the programming unit can also on other route, for example an infrared route or also be provided by contact.

Die Programmiereinheit selbst ist mobil, damit diese an die einzelnen, in einem Objekt verteilt angeordneten Basisstationen gebracht werden kann. Daher ist es bei diesem Verfahren grundsätzlich nicht notwendig, dass die Basisstationen untereinander vernetzt sind. Die Programmiereinheit selbst braucht grundsätzlich nicht aktiv programmierbar zu sein; vielmehr kann die Programmierung der einzelnen Basisstationen durch die Programmiereinheit selbst erfolgen. Diese ist dann zweckmäßigerweise als aktiver Transponder arbeitend ausgelegt. Die Programmiereinheit kann daher genauso klein ausgebildet sein, wie die einzelnen ID-Geber. Zweckmäßigerweise unterscheidet sich die Programmiereinheit farblich oder auf andere Weise jedoch von den einzelnen ID-Gebern.The programming unit itself is mobile so that it can be addressed to the individual, in distributed to an object arranged base stations can be brought. Therefore, it is in principle not necessary in this process that the Base stations are interconnected. The programming unit itself basically does not need to be actively programmable; rather, can the programming of the individual base stations by the programming unit yourself. This is then expediently as active Transponder working designed. The programming unit can therefore be the same be small, as the individual ID transmitter. Conveniently, the programming unit differs in color or in others However, from the individual ID donors.

Bei dem beschriebenen Verfahren ist es zweckmäßig, wenn nach einer Initialisierung einer Basisstation und nach Initialisierung der von dieser Basisstation als berechtigt anzuerkennenden ID-Geber eine Rückmeldung an die Programmiereinheit über die erfolgte Initialisierung erfolgt. Es kann dann durch die Programmiereinheit die dieser Basisstation zugeordnete Identifikation hinsichtlich einer ansonsten möglichen Vergabe dieser Identifizierung an eine weitere Basisstation gesperrt werden. Dabei ist es zweckmäßig, wenn die Rückmeldung an die Programmiereinheit nicht nur Informationen darüber enthält, dass die Basisstation bestimmungsgemäß initialisiert worden ist, sondern auch eine Information darüber erhält, wie viele ID-Geber von dieser Basisstation als berechtigt anerkannt werden. Es besteht dann die Möglichkeit, dass die gesamte ID-Geber- und Basisstationsverwaltung von der Programmiereinheit vorgenommen wird, da dieser in diesem Falle nicht nur die Identifikationen sämtlicher Basisstationen sondern auch diejenigen der an der Authentisierungseinrichtung beteiligten ID-Geber bekannt sind.In the described method, it is expedient if after a Initialization of a base station and after initialization of the latter Base station as acknowledged to be recognized ID transmitter feedback to the programming unit via the initialization done. It can then by the programming unit associated with this base station Identification regarding otherwise possible assignment of this identification be blocked to another base station. That's it expedient if the feedback to the programming unit not only Information about that contains the base station as intended has been initialized, but also receives information about how Many ID donors are recognized as eligible by this base station. There is then the possibility that the entire ID donor and base station management is made by the programming unit since this in this case not only the identifications of all base stations but also those at the authentication device participating ID donors are known.

Zweckmäßig zur Identifizierung der Basisstationen und zur Identifizierung der einzelnen ID-Geber ist die Verwendung jeweils eines Zählers, nämlich eines Basisstations-Zählers und eines ID-Geber-Zählers. Dies hat unter anderem zum Vorteil, dass für die Speicherung der individuellen Elemente nur ein geringer Speicherbedarf benötigt wird und insbesondere auch, dass ein Zugriff auf gegebenenfalls einem ID-Geber zugeordnete Berechtigungsdaten sehr viel rascher möglich ist, als dieses der Fall wäre, wenn der gesamte Speicher für die Identifizierung beispielsweise eines ID-Gebers durchsucht werden müsste. Die Verwendung eines Zählers dient in diesem Falle als Ordnungsnummer bzw. Adresse, um einen Zugriff auf gegebenenfalls weiteren vorhandene Daten zu erhalten.Useful for identifying base stations and for identification The individual ID transmitter is the use of one counter, namely a base station counter and an ID transmitter counter. This has under another advantage for the storage of individual elements only a small memory requirement is needed and in particular, in that access to authorization data optionally assigned to an ID transmitter much faster than it would be if the entire memory for identifying, for example, an ID transmitter would have to be searched. The use of a counter is used in this case as an ordinal number or address to access if necessary, to obtain further available data.

Ohne weiteres kann einer solchen Zugangsberechtigungskontrolleinrichtung neben der zweckmäßigerweise vorgesehenen mobilen passiven Programmiereinheit auch eine aktive Programmiereinheit zugeordnet sein. Mit dieser besteht dann die Möglichkeit, bestimmte Berechtigungen in den einzelnen Basisstationen zu löschen, beispielsweise für den Fall, dass ein ID-Geber verlorengegangen ist. Mit einer solchen aktiven Programmiereinheit können die Basisstationen hinsichtlich der Berechtigungsstufen der einzelnen ID-Geber programmiert werden. Diese in der Basisstation bezüglich der Berechtigung der dieser Basisstation bekannten ID-Geber hinterlegten Daten können beispielsweise eine zeitliche Berechtigung im Rahmen einer schlüssellosen Zugangsberechtigungskontrolleinrichtung enthalten, gemäß der etwa bestimmte ID-Geber nur innerhalb einer bestimmten Zeitzone als berechtigt in ein Objekt eingelassen werden. Berechtigungsstufen können beispielsweise auch dergestalt ausgebildet sein, dass im Rahmen einer Zugangsberechtigungskontrolleinrichtung ein Zugang einem bestimmten ID-Geber nur gestattet wird, wenn neben diesem ID-Geber ein weiterer ID-Geber im Kommunikationsbereich der Basisstation angeordnet ist. Such an access authorization control device can easily be used in addition to the expediently provided mobile passive programming unit be associated with an active programming unit. With this then there is the possibility of certain permissions in the delete individual base stations, for example, in the event that a ID transmitter is lost. With such an active programming unit the base stations can respect the authorization levels of the individual ID encoders are programmed. These in respect of the base station the authorization of this base station known ID transmitter stored data can, for example, a temporal authorization in Framework of a keyless conditional access control device according to which certain ID donors only within a certain Time zone as eligible to be admitted into an object. permission levels For example, they can also be designed in this way be that in the context of an access authorization control a Access to a particular ID provider is allowed only if in addition to this ID transmitter another ID transmitter in the communication area of the base station is arranged.

Das beschriebenen Verfahren und die beschriebene Authentisierungseinrichtung können ohne weiteres mit anderen bekannten Systemen kombiniert werden und/oder diese überlagern. Gleichfalls besteht die Möglichkeit, ohne weiteres hierarchische Schließstrukturen zu etablieren oder auch eine zusätzliche Objektkennung als Teil der individuellen ldentifikationen einzusetzen, um unterschiedliche Objekte, die mit dem gleichen Kryptcode arbeiten voneinander zu unterscheiden. In einem solchen Fall wird es zweckmäßig sein, jeweils eine zweckmäßigerweise passive Programmiereinheit, enthaltend denselben Kryptcode, jedoch mit einer zusätzlichen Objektkennung programmiert, einzusetzen. Grundsätzlich wäre es ebenfalls möglich, bei unterschiedlichen Objekten unterschiedliche Kryptcodes einzusetzen; jedoch müssten dann die an der Gesamteinrichtung beteiligten ID-Geber ebenfalls über die entsprechende Anzahl unterschiedlicher Kryptcodes verfügen. Auch wenn dieses zwar grundsätzlich möglich ist, wird man berücksichtigen, dass dies in aller Regel eine Verlängerung der Dauer des Berechtigungsabfragedialoges zur Folge haben, wenn der geweckte ID-Geber nicht zufällig mit dem für dieses Objekt zuständigen Kryptcode antwortet.The described method and the described authentication device can easily be combined with other known systems be and / or superimpose these. It is also possible readily establish hierarchical locking structures or also an additional object identifier as part of the individual identifications use to create different objects with the same Kryptcode work different from each other. In such a case it will be expedient, in each case a suitably passive programming unit, containing the same crypt code, but with an additional one Object identifier programmed, used. Basically it is also possible for different objects different Use crypto codes; but then would have the s.der total equipment involved ID donors also over the appropriate number different crypto codes. Although this is true in principle is possible, one will take into account that this is usually an extension of the duration of the authorization query dialog if the awakened ID transmitter does not coincide with the for this object responsible cryptcode responds.

Nachfolgend ist die Erfindung anhand eines Ausführungsbeispiels unter Bezugnahme auf die beigefügten Figuren beschrieben. Es zeigen:

Fig. 1
eine schematisierte Darstellung einer schlüssellosen Zugangsberechtigungskontrolleinrichtung und
Fig. 2
ein Flussdiagramm, darstellend ein Verfahren zum funktionellen Verheiraten der Komponenten der schlüssellosen Zugangsberechtigungskontrolleinrichtung der Figur 1.
The invention is described below with reference to an embodiment with reference to the accompanying figures. Show it:
Fig. 1
a schematic representation of a keyless access authorization control device and
Fig. 2
3 is a flow chart illustrating a method for functionally marrying the components of the keyless conditional access control device of FIG. 1.

Eine schlüssellose Zugangsberechtigungskontrolleinrichtung 1 umfasst mehrere, einem Objekt 2 zugeordnete Basisstationen B1, B2, drei ID-Geber ID1 - ID3 und einen als Programmiereinheit dienenden Master M. Die Basisstationen B1, B2 sind innerhalb des Objektes 2 jeweils einer Tür zugeordnet und dienen dem Zweck bei einem Betrieb der Zugangsberechtigungskontrolleinrichtung 1 bei Erfassen eines als berechtigt definierten ID-Gebers die der jeweiligen Basisstation B1, B2 zugeordnete Tür zu entriegeln und ggf. motorisch zu öffnen. Die ID-Geber ID1 - ID3 sind im Rahmen der schlüssellosen Zugangsberechtigungskontrolleinrichtung 1 die mobilen Schlüssel, die mit den Basisstationen B1, B2 auf einer HF-Strecke zum Durchführen der Authentisierungsabfrage kommunizieren können. Bei den ID-Gebern ID1 - ID3 handelt es sich um Transponder.A keyless access authorization control device 1 comprises a plurality, an object 2 associated with base stations B 1, B 2, three ID transmitter ID 1 - ID 3 and serving as a programming unit master M. The base stations B 1, B 2 are within the object 2 are each a door assigned and serve the purpose in an operation of the access authorization control device 1 upon detection of a defined as legitimate ID transmitter, the respective base station B 1 , B 2 associated door to unlock and possibly motorized to open. Within the scope of the keyless access authorization control device 1, the ID transmitters ID 1 - ID 3 are the mobile keys which can communicate with the base stations B 1 , B 2 on an HF path for carrying out the authentication request. The ID encoders ID 1 - ID 3 are transponders.

Eine Kommunikation zwischen den ID-Gebern ID1 - ID3 und den Basisstationen B1 bzw. B2 erfolgt unter Zuhilfenahme eines Kryptcodes. Ferner sind die ID-Geber ID1 - ID3 und ebenso auch die Basisstationen B1 und B2 mit einer individuellen Identifizierung gekennzeichnet, um den ID-Gebern ID1 - ID3 unterschiedliche Berechtigungen zur Nutzung der Basisstationen B1 bzw. B2 zuordnen zu können. Zu diesem Zweck müssen die Basisstationen B1, B2 mit denjenigen Identifikationsgebern ID1 - ID3 funktionell verheiratet werden, die jeweils als berechtigt von einer Basisstationen B1, B2 erkannt werden sollen, damit bei Erfassen eines als berechtigt erkannten ID-Gebers die gewünschte Türe entriegelt bzw. motorisch geöffnet wird. Zum Zwecke der Verheiratung der Komponenten der Zugangsberechtigungseinrichtung 1 dient der Master M. Bei dem Master M handelt es sich um eine mobile passive Programmiereinheit. Der Master M unterscheidet sich von den ID-Gebern ID1 - ID3 durch eine geringfügige größere Ausgestaltung und durch eine andere farbliche Kennzeichnung seines Gehäuses. Abgelegt ist in dem Master M in einem elektronischen Speichermedium u. a. ein Kryptcode, mit dem die bidirektionale Kommunikation zwischen einer Basisstation B1 bzw. B2 und einem ID-Geber ID1, ID2 bzw. ID3 erfolgen soll. Ferner beinhaltet der Master M zwei Zähler - einen Basisstations-Zähler und einen ID-Geber-Zähler. Der Master M und die der Zugangsberechtigungskontrolleinrichtung 1 zugehörigen Basisstationen B1, B2 können untereinander auf einer NF-Strecke kommunizieren, wobei die Reichweite dieser Kommunikation auf wenige Zentimeter beschränkt ist. Somit ist eine Kommunikation zwischen dem Master M und einer Basisstation B1, B2 möglich, wenn der Master M an eine Basisstation B1, B2 gehalten wird.A communication between the ID encoders ID 1 - ID 3 and the base stations B 1 and B 2 takes place with the aid of a crypto-code. Furthermore, the ID transmitters ID 1 - ID 3 and likewise the base stations B 1 and B 2 are identified with an individual identification in order to assign different authorizations for the use of the base stations B 1 and B 2 to the ID transmitters ID 1 - ID 3 to be able to. For this purpose, the base stations B 1 , B 2 must be functionally married to those IDs ID 1 - ID 3 , each of which is to be recognized as authorized by a base stations B 1 , B 2 , so that upon detection of an identified as legitimate ID transmitter the unlocked door is unlocked or opened by a motor. For the purpose of marrying the components of the access authorization device 1 is the master M. The master M is a mobile passive programming unit. The master M differs from the ID donors ID 1 - ID 3 by a slightly larger design and by a different color coding of its housing. Amongst other things, a crypto-code is stored in the master M in an electronic storage medium, with which the bidirectional communication between a base station B 1 or B 2 and an ID transmitter ID 1 , ID 2 or ID 3 is to take place. Further, the master M includes two counters - a base station counter and an ID transmitter counter. The master M and the access authorization control device 1 associated base stations B 1 , B 2 can communicate with each other on a LF link, the range of this communication is limited to a few centimeters. Thus, communication between the master M and a base station B 1 , B 2 is possible when the master M is held to a base station B 1 , B 2 .

Die Basisstationen B1, B2 und auch die ID-Geber ID1 - ID3 umfassen jeweils ein HF-Sende-Empfangsteil zur Abwicklung der bidirektionalen Kommunikation bei einem Zugangsberechtigungskontrollbetrieb der Zugangsberechtigungskontrolleinrichtung 1. Die Basisstationen B1, B2 umfassen ferner einen NF-Sende-Empfangsteil; die ID-Geber ID1 - ID3 umfassen ein NF-Empfangsteil. Eine Programmierung bzw. Initialisierung der ID-Geber ID1 - ID3 erfolgt durch die Basisstationen B1 bzw. B2 auf der NF-Strecke, wobei vorgesehen ist, dass Bestätigungssignale als Rückmeldungen von den ID-Gebern ID1 - ID3 an die jeweilige Basisstation B1 bzw. B2 auf der HF-Strecke gesendet werden. Grundsätzlich kann ebenfalls vorgesehen sein, derartige Rückmeldungen bzw. Quittierrungssignale auch auf der NF-Strecke zu senden. In einem solchen Falle umfassen die ID-Geber ID1 - ID3 ebenfalls eine NF-Sendeeinheit.The base stations B 1 , B 2 and also the ID transmitter ID 1 - ID 3 each comprise an RF transceiver part for carrying out the bidirectional communication in an access authorization control mode of the access authorization control device 1. The base stations B 1 , B 2 further comprise an NF transmitting-receiving part; ID encoders ID 1 - ID 3 include a LF receiver. A programming or initialization of the ID transmitter ID 1 - ID 3 is carried out by the base stations B 1 and B 2 on the LF line, it being provided that acknowledgment signals as feedback from the ID encoders ID 1 - ID 3 to the respective base station B 1 and B 2 are sent on the RF link. In principle, it can also be provided to send such feedback or acknowledgment signals also on the LF path. In such a case, the ID transmitter ID 1 - ID 3 also include a LF transmission unit.

Die Basisstationen B1, B2 und auch die ID-Geber ID1 - ID3 entstammen einer Massenproduktion und weisen vor ihrer funktionellen Verheiratung miteinander und ihrer Zuordnung zu dem Objekt 2 keinerlei individuelle Merkmale auf, die im Rahmen der Beschreibung der Erfindung notwendig wären. Somit können vor ihrer Initialisierung diese Elemente - Basisstationen sowie ID-Geber - einer beliebigen Zugangsberechtigungskontrolleinrichtung 1 oder einem beliebigen Objekt zugeordnet werden.The base stations B 1 , B 2 and also the ID transmitter ID 1 - ID 3 come from a mass production and have before their functional marriage to each other and their assignment to the object 2 no individual features that would be necessary in the description of the invention. Thus, prior to their initialization, these elements - base stations and ID transmitters - can be assigned to any conditional access control device 1 or any object.

Das Verfahren zum Initialisieren und Programmieren der einzelnen Elemente der Zugangsberechtigungskontrolleinrichtung 1 durch den Master M ist nachfolgend unter Bezugnahme auf das Flussdiagramm der Figur 2 beschrieben. Zum Initialisieren einer Basisstation, vorliegend der Basisstation B1, wird der Master M in die unmittelbare Nähe der Basisstation B1 gehalten, so dass der Master M mit der Basisstation B1 auf einer NF-Funkstrecke kommunizieren kann. Zu diesem Zweck wird der Master M ummittelbar an die Basisstation B1 gelegt. Mit dem Eintritt des Masters M in den NF-Sendebereich der Basisstation B1 wird dieser geweckt und übermittelt an die Basisstation B1 ein erstes Signal, mit dem der Programmiermodus der Basisstation B1 geöffnet wird. In diesem Programmiermodus kann eine bidirektionale Kommunikation zwischen dem Master M und der Basisstation B1 erfolgen. In einer ersten Abfrage wird durch den Master M überprüft, ob die Basisstation B1 bereits eine individuelle Identifizierung (Kennung) erhalten hat. Dies kann beispielsweise durch Abfrage eines Identifikationsspeichers erfolgen. Ist der Speicher leer, ist die Basisstation - in diesem Fall die Basisstation B1 - weder dem Objekt 2 noch der Zugangsberechtigungskontrolleinrichtung 1 funktionell zugeordnet. In diesem Falle wird von dem Master M an die Basisstation B1 eine Basisstation-Identifikation, eine Objektkennung und ein Kryptcode übermittelt. Sämtliche übermittelten Daten werden in der Basisstation B1 gespeichert. Zweckmäßigerweise erfolgt eine Speicherung des übermittelten Kryptcodes auf einem anderen Speichermedium als die Übermittlung der Basisstation-Identifikation und der Objektkennung.The method for initializing and programming the individual elements of the access authorization control device 1 by the master M is described below with reference to the flowchart of FIG. To initialize a base station, in this case the base station B 1 , the master M is held in the immediate vicinity of the base station B 1 , so that the master M can communicate with the base station B 1 on a LF radio link. For this purpose, the master M is placed directly to the base station B 1 . With the entry of the master M in the LF transmission range of the base station B 1 this is awakened and transmitted to the base station B 1, a first signal with which the programming mode of the base station B 1 is opened. In this programming mode bidirectional communication between the master M and the base station B 1 can take place. In a first query is checked by the master M, whether the base station B 1 has already received an individual identification (identifier). This can be done for example by querying an identification memory. If the memory is empty, the base station - in this case the base station B 1 - is neither functionally assigned to the object 2 nor the access authorization control device 1. In this case, the master M transmits to the base station B 1 a base station identification, an object identifier and a crypto-code. All transmitted data are stored in the base station B 1 . It is expedient to store the transmitted crypto-code on a different storage medium than the transmission of the base-station identification and the object identifier.

Bei der Basisstation-Identifikation handelt es sich bei dem dargestellten Ausführungsbeispiel um ein Element einer Zählerreihe. Da bei der Initialisierung der Zugangsberechtigungskontrolleinrichtung 1 die Basisstation B1 beispielhaft als erste initialisiert und programmiert wird, erhält diese als Basisstation-Identifikation das Zählerelement "1 ". Die übermittelte Objektkennung stellt eine geeignete Kennung für das Objekt 2 dar. Nach erfolgreichem Übermitteln und Abspeichern der genannten Daten von dem Master M an die Basisstation B1 erfolgt eine Rückmeldung von der Basisstation B1 an den Master M. Der Basisstations-Zähler des Masters M wird sodann um einen Zähler erhöht, damit der erste Zähler nicht nochmals vergeben werden kann. Somit ist die Basisstation-Identifikation der nächsten zu programmierenden und zu initialisierenden Basisstation, beispielsweise der Basisstation B2 eindeutig mit dem nächsten Zähler vorgegeben. Diese erhält den nächsten Zähler, der in dem beschriebenen Ausführungsbeispiel das Zählerelement "2" ist. Die Programmierung der Basisstation B1 ist nach Erhalt der Rückmeldung von der Basisstation B1 an den Master M grundsätzlich beendet. Durch Entfernen des Masters M von der Basisstation B1 schaltet diese selbsttätig von ihrem Programmiermodus auf den Zugangsberechtigungskontrollbetriebsmodus um.In the base station identification is in the illustrated embodiment is an element of a counter series. Since the initialization of the access authorization control device 1, the base station B 1 is initialized and programmed as the first example, it receives the counter element "1" as a base station identification. The transmitted object identifier represents a suitable identifier for the object 2. After successful transmission and storage of said data from the master M to the base station B 1 , a feedback from the base station B 1 is sent to the master M. The base station counter of the master M is then increased by one counter, so that the first counter can not be awarded again. Thus, the base station identification of the next base station to be programmed and initialized, for example the base station B 2, is uniquely predefined with the next counter. This receives the next counter, which is the counter element "2" in the described embodiment. The programming of the base station B 1 is basically finished after receiving the feedback from the base station B 1 to the master M. By removing the master M from the base station B 1 , the latter automatically switches from its programming mode to the access authorization control operating mode.

Eine Programmierung und Initialisierung weiterer Basisstationen der Zugangsberechtigungskontrolleinrichtung 1, etwa der Basisstation B2 erfolgt in analoger Art und Weise.Programming and initialization of further base stations of the access authorization control device 1, for example the base station B 2, takes place in an analogous manner.

Für den Fall, dass unmittelbar im Zusammenhang mit einer Programmierung einer Basisstation, etwa der Basisstation B1 gleichzeitig diejenigen ID-Geber programmiert und initialisiert werden sollen, die von dieser Basisstation B1 als berechtigt erkannt werden sollen, ist ein solcher ID-Geber, beispielsweise der ID-Geber ID3 ebenfalls in unmittelbare Nähe zu der Basisstation B1 zu bringen. Vor Absetzen der Rückmeldung von der Basisstation B1 an den Master M erfolgt grundsätzlich eine Abfrage, ob ein ID-Geber zu initialisieren ist oder nicht. Für den Fall, dass in unmittelbarer Nähe der Basisstation B1 in diesem Abfragezeitpunkt ein ID-Geber, etwa der ID-Geber ID3 angeordnet ist, wird diese Rückmeldung von der Basisstation B1 an den Master M noch nicht abgesetzt. Vielmehr wird zunächst der ID-Geber ID3 und anschließend gegebenenfalls weitere ID-Geber durch die Basisstation B1 programmiert bzw. initialisiert. Diese Kommunikation erfolgt zwischen der Basisstation B1 und dem ID-Geber ID3 auf einer NF-Funkstrecke. Durch Einbringen des Identifikationsgebers ID3 in den Nahbereich der Basisstation B1 wird dieser geweckt und in seinen Programmiermodus geschaltet. Die Programmierung des ID-Gebers ID3 erfolgt grundsätzlich in gleicher Art und Weise wie die Programmierung der Basisstation B1 durch den Master M. In einer ersten Abfrage wird bei dem dargestellten Ausführungsbeispiel abgefragt, ob dem ID-Geber ID3 der in der Basisstation B1 abgelegte Kryptcode bekannt ist. Dieses kann beispielsweise durch Auslesen des Kryptcodespeichers des ID-Gebers ID3 erfolgen. Ist der Kryptcodespeicher des ID-Gebers ID3 leer, ist der ID-Geber ID3 bislang weder programmiert noch initialisiert worden. Es handelt sich somit bei dem ID-Geber ID3 um einen neuen. In diesem Falle wird anschließend von der Basisstation B1 an den ID-Geber ID3 der Kryptcode, die Objektkennung sowie eine ID-Geber-Identifikation übermittelt. Die Basisstation B1 verfügt zu diesem Zweck über einen ID-Geber-Zähler, der grundsätzlich arbeitet wie der vorbeschriebene Basisstations-Zähler des Masters M. Handelt es sich bei dem ID-Geber ID3 um den ersten ID-Geber, der als zugangsberechtigt zu dieser Basisstation B1 programmiert werden soll, erhält dieser die ID-Geber-Identifikation "1". Die nachfolgenden, von der Basisstatioh B1 im Rahmen dieses Programmiervorganges zu programmierenden ID-Geber, beispielsweise die ID-Geber ID1, ID2 erhalten dann sukzessive die nachfolgenden Elemente dieser Zählerreihe, nämlich die ID-Geber-Identifikationen "2" bzw. "3". Sind die genannten Daten bestimmungsgemäß an den ID-Geber ID3 übertragen und in diesem abgelegt worden, wird von dem ID-Geber ID3 eine Rückmeldung an die Basisstation B1 gesendet. Der ID-Geber-Zähler der Basisstation B1 wird sodann um einen Zähler erhöht. Für den Fall, dass weitere ID-Geber von der Basisstation B1 initialisiert bzw. als zugangsberechtigt programmiert werden sollen, werden diese nacheinander in den Nahbereich der Basisstation B1 gebracht und in gleicher Art und Weise initialisiert bzw. programmiert. Ist die ID-Geber-Programmierung bzw.

  • Initialisierung abgeschlossen, wird die bereits zuvor beschriebene Rückmeldung von der Basisstation B1 an den Master M gesendet. Diese Rückmeldung enthält ebenfalls eine Information über die Anzahl der von der Basisstation B1 im Rahmen der vorangegangenen Initialisierung bzw. Programmierung eingerichteten ID-Geber. Der Master M umfasst einen ID-Geber-Zähler, der durch diese Rückmeldung eingestellt wird. Sind beispielsweise von der Basisstation B1 die drei ID-Geber, ID1, ID2 und ID3 initialisiert und programmiert worden, befindet sich der Zähler des Masters M an der Stelle "4". Durch Entfernen des Masters M von der Basisstation B1 wird der Programmiervorgang abgeschlossen und die Zugangsberechtigungskontrolleinrichtung 1 schaltet auf ihren Zugangsberechtigungskontrollmodus um.
In the event that immediately in connection with a programming of a base station, such as the base station B 1 at the same time those ID encoders are to be programmed and initialized, which are to be recognized as justified by this base station B 1 , is such an ID transmitter, for example the ID transmitter ID 3 also bring in close proximity to the base station B 1 . Before sending the feedback from the base station B 1 to the master M is basically a query whether an ID transmitter is to initialize or not. In the event that an ID transmitter, such as the ID transmitter ID 3 is arranged in the immediate vicinity of the base station B 1 in this query time, this feedback from the base station B 1 to the master M is not yet issued. Rather, first the ID transmitter ID 3 and then optionally further ID transmitter is programmed or initialized by the base station B 1 . This communication takes place between the base station B 1 and the ID transmitter ID 3 on a LF radio link. By introducing the ID transmitter ID 3 in the vicinity of the base station B 1 this is awakened and switched to its programming mode. The programming of the ID transmitter ID 3 is basically carried out in the same way as the programming of the base station B 1 by the master M. In a first query is queried in the illustrated embodiment, whether the ID transmitter ID 3 in the base station B. 1 stored crypto code is known. This can be done, for example, by reading the crypto-code memory of the ID transmitter ID 3 . If the crypto code memory of the ID transmitter ID 3 is empty, the ID encoder ID 3 has not yet been programmed or initialized. This means that the ID transmitter ID 3 is a new one. In this case, the crypto-code, the object identifier and an ID-encoder identification are then transmitted from the base station B 1 to the ID transmitter ID 3 . For this purpose, the base station B 1 has an ID transmitter counter, which operates in principle like the above-described base station counter of the master M. If the ID transmitter ID 3 is the first ID transmitter which is authorized to access this base station B 1 is to be programmed, this receives the ID encoder identification "1". The following, from the Basisstatioh B 1 to be programmed as part of this programming process ID transmitter, for example, the ID transmitter ID 1 , ID 2 then successively receive the following elements of this counter series, namely the ID encoder identifications "2" or " 3 ". If the named data have been transmitted to the ID transmitter ID 3 as intended and have been stored there, a feedback message is sent to the base station B 1 by the ID transmitter ID 3 . The ID transmitter counter of the base station B 1 is then increased by one counter. In the event that further ID encoders are to be initialized by the base station B 1 or programmed as authorized access, these are successively brought into the vicinity of the base station B 1 and initialized or programmed in the same manner. Is the ID encoder programming or
  • Initialization completed, the previously described feedback from the base station B 1 is sent to the master M. This feedback likewise contains information about the number of ID transmitters set up by the base station B 1 in the context of the preceding initialization or programming. The master M includes an ID encoder counter, which is set by this feedback. If, for example, the three ID transmitters, ID 1 , ID 2 and ID 3 have been initialized and programmed by the base station B 1 , the counter of the master M is located at the position "4". By removing the master M from the base station B 1 , the programming operation is completed and the conditional access control device 1 switches to its conditional access control mode.

Für den Fall, dass mehrere Basisstationen Teil des Objektes 2 sind, wie dies in dem dargestellten Ausführungsbeispiel der Fall ist, wird mit der Programmierung einer Basisstation dieser ebenfalls der Zählerstand "ID-Geber-Zähler" des Masters M übersandt, so dass bei einer Programmierung des ID-Gebers ID3 als zugangsberechtigt an der Basisstation B2 dieser etwa als ID-Geber-Identifikation das Zählerelement "4" erhalten würde. Auf diese Weise ist jede Berechtigungserkennung über die ID-Geber-Identifikation möglich. Jeder ID-Geber erhält bei seiner Programmierung hinsichtlich der Zugangsberechtigung zu mehreren Basisstationen, beispielsweise der Basisstationen B1 und B2 eine für jede Basisstation B1 bzw. B2 unabhängige Kennung. Daher kann zur Kennzeichnung der einzelnen ID-Geber ID1 - ID3 grundsätzlich auf kompliziert aufgebaute Kennungen verzichtet werden.In the event that several base stations are part of the object 2, as is the case in the illustrated embodiment, with the programming of a base station this also the count "ID encoder counter" of the master M is sent, so that when programming of the ID transmitter ID 3 as access authorization at the base station B 2 of this would receive the counter element "4", for example, as an ID transmitter identification. In this way, any authorization recognition via the ID transmitter identification is possible. Each ID transmitter receives in its programming in terms of access authorization to multiple base stations, such as the base stations B 1 and B 2 for each base station B 1 and B 2 independent identifier. Therefore, to identify the individual ID encoders ID 1 - ID 3 basically complicated identifiers can be dispensed with.

Ist bei der Programmierung eines ID-Gebers bei der ersten Abfrage hinsichtlich des Bekanntseins des für das Objekt 2 vorgesehenen Kryptcodes festgestellt worden, dass der Kryptcodespeichers des ID-Gebers nicht leer ist und der in dem ID-Geber gespeicherte Kryptcode mit demjenigen in der Basisstation gespeicherten übereinstimmt, handelt es sich bei diesem zu programmierenden ID-Geber um einen solchen, der bereits zuvor von einer anderen Basisstation des Objektes initialisiert worden ist. In einer weiteren Abfrage erfolgt dann eine objektbezogene Abfrage, ob diesem ID-Geber das Objekt 2 bereits bekannt ist. Ist dem ID-Geber das Objekt 2 als solches bereits durch Abspeichern einer entsprechenden Kennung bekannt, handelt es sich bei diesem zu programmierenden ID-Geber offensichtlich um einen, der bereits von einer anderen Basisstation dieses Objektes 2 initialisiert und gegebenenfalls programmiert worden ist. Folglich handelt es sich um einen ID-Geber, der als zugangsberechtigt von weiteren Basisstationen des Objektes 2 erkannt werden soll. In diesem Falle wird dem ID-Geber eine ID-Geber-Identifikation zu dieser weiteren Basisstation zugewiesen und an den ID-Geber übertragen. Nach erfolgter Rückmeldung durch den ID-Geber an die Basisstation wird der Zählerstand der Basisstation entsprechend erhöht.This is the case when programming an ID transmitter at the first request the knowledge of the provided for the object 2 crypto codes has been found that the crypto-code memory of the ID transmitter is not empty is and stored in the ID transmitter crypto code with that in the Base station stored matches, it is at this programming ID encoder to one that previously from a other base station of the object has been initialized. In a further query then takes place an object-related query, whether this ID encoder the object 2 is already known. Is the ID transmitter the object 2 as such already by storing a corresponding identifier As is known, this ID transmitter to be programmed is obvious one that already has this from another base station Object 2 has been initialized and possibly programmed. consequently is an ID provider who is authorized to access further base stations of the object 2 to be detected. In this In this case, the ID transmitter becomes an ID encoder identifier for this one Base station assigned and transmitted to the ID transmitter. After successful Feedback from the ID transmitter to the base station becomes the counter reading the base station increased accordingly.

Das weitere Verfahren entspricht dem zuvor beschrieben, um den Programmiervorgang zum Abschluss zu bringen. The further procedure corresponds to that described above to the programming process to bring to conclusion.

BezugszeichenlisteLIST OF REFERENCE NUMBERS

11
schlüssellose Zugangsberechtigungskontrolleinrichtungkeyless access authorization control device
22
Objektobject
B1, B2 B 1 , B 2
Basisstationbase station
ID1 - ID3 ID 1 - ID 3
ID-Geber (Identifikationsgeber)ID transmitter (identification transmitter)
MM
Master (Programmiereinheit)Master (programming unit)

Claims (11)

  1. Process for the functional intermarrying of the components of an authentication facility, which facility (1) comprises one or more mobile identification transmitters (ID transmitters) (ID1 - ID3) and at least one base station (B1, B2) that is assigned to an object, characterised by the fact that in a first step the at least one base station (B1, B2) is initialised by a mobile programming unit (11) on a data transmission route provided for programming purposes and differing from the data transmission route serving for communications between the at least one ID transmitter (ID1 - ID3) and the at least one base station (B1, B2) during a check operation of the facility, in that this base station (B1, B2) is assigned an individual identification by the programming unit (11) and also receives a crypto-code that serves for communicating with the ID transmitter or transmitters (ID1 - ID3) if a crypto-code is not known to this base station (B1, B2), and that in a second step those ID transmitters (ID1 - ID3) that are to receive authorisation to trigger an event by way of this base station (B1, B2) are initialised by this base station (B1, B2) on a data transmission route that is provided for programming purposes and differs from the data transmission route serving for communications between the at least one ID transmitter (ID1 - ID3) and the base station (B1, B2) during a check operation of the facility with a view to intended communications with the base station (B1, B2), in that each of these ID transmitters (ID1 - ID3) are assigned an individual identification by the base station (B1, B2) and receives the crypto-code serving for communications if a crypto-code is not yet known to the ID transmitter (ID1 - ID3).
  2. Process in accordance with Claim 1, characterised by the fact that a check-back signal to the base station (B1, B2) by the ID transmitter (ID1 - ID3) initialised by a base station (B1, B2) takes place on the data transmission route serving communications between the ID transmitter (ID1 - ID3) and the base station (B1, B2) during a check operation of the facility (1) using the crypto-code if the transmitted data has been received and stored by the ID transmitter (ID1 - ID3), and that the base station (B1, B2) inhibits any re-assignment of this ID transmitter identification upon receipt of the designated check-back signal.
  3. Process in accordance with Claim 1 or Claim 2, characterised by the fact that following the process of initialising the at least one base station (B1, B2), a check-back signal regarding the effected initialisation is transmitted to the programming unit (11) and that the programming unit (11) inhibits any re-assignment of this base station identification upon receipt of the check-back signal.
  4. Process in accordance with Claim 3, characterised by the fact that the check-back signal to the programming unit (11) contains information on the ID transmitter identification(s) assigned by the base station (B1, B2).
  5. Process in accordance with any of Claims 1 to 4, characterised by the fact that the base station identifications assigned by the programming unit (11) and the ID transmitter identifications assigned by each base station (B1, B2) are counter states of a base station counter and an ID transmitter counter, respectively.
  6. Process in accordance with Claim 4 and Claim 5, characterised by the fact that the counter states are detected by the programming unit (11) and that, by each further initialisation of a base station (B1, B2), the next free ID transmitter counter state, respectively, is transmitted to the base station to be initialised (B1, B2) as the initial counter state of the ID transmitter counter of this base station (B1, B2).
  7. Process in accordance with any of the aforementioned claims, characterised by the fact that, upon transmission of the initialisation data by the programming unit (11), an object identifier is likewise transmitted to the base station (B1, B2) and transmitted by the same to the ID transmitter (ID1 - ID3) to be initialised by the same.
  8. Process in accordance with any of the aforementioned claims, characterised by the fact that upon a control operation of the facility (1) a bi-directional communication takes place between a base station (B1, B2) and an ID transmitter (ID1 - ID3) on a low-frequency route.
  9. Process in accordance with any of the aforementioned claims, characterised by the fact that the programming and/or initialisation of the ID transmitter (ID1 - ID3) is effected by a base station (B1, B2) on a low-frequency route.
  10. Process in accordance with any of the aforementioned claims, characterised by the fact that the programming and/or initialisation of a base station (B1, B2) is carried out by the programming unit (11) on a low-frequency route.
  11. Authentication facility with one or more mobile identification transmitters (ID transmitters) (ID1 - ID3) serving as keys, at least one base station (B1, B2) assigned to an object, as well as a programming unit (11), characterised by the fact that
    the programming unit (11) is designed to function in the manner of an active transponder and features a readable memory containing a crypto-code as well as storage positions for filing base station identifications and ID transmitter identifications,
    the programming unit (11) and each base station (B1, B2) each feature a communication facility for conducting a communication, respectively,
    each base station (B1, B2) has a readable memory for storing the crypto-codes transmitted by the programming unit (11) and storage positions for filing a base station identification and ID transmitter identifications that have been assigned and transmitted by the programming unit (11),
    each base station (B1, B2) and the ID transmitters (ID1 - ID3), respectively, feature a communication facility for conducting a communication, and
    each ID transmitter (ID1 - ID3) has a readable memory for storing the crypto-code assigned and transmitted by a base station (B1, B2) and also storage positions for filing I D transmitter identifications relating to base stations.
EP04012990A 2003-06-04 2004-06-02 Method for functional assembling together components of an authentication facility as well as an authentication facility Expired - Lifetime EP1484858B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10325089 2003-06-04
DE10325089A DE10325089A1 (en) 2003-06-04 2003-06-04 Method for functional marriage of the components of an authentication device to one another and authentication device

Publications (2)

Publication Number Publication Date
EP1484858A1 EP1484858A1 (en) 2004-12-08
EP1484858B1 true EP1484858B1 (en) 2005-10-05

Family

ID=33154528

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04012990A Expired - Lifetime EP1484858B1 (en) 2003-06-04 2004-06-02 Method for functional assembling together components of an authentication facility as well as an authentication facility

Country Status (4)

Country Link
US (1) US7054616B2 (en)
EP (1) EP1484858B1 (en)
AT (1) ATE306160T1 (en)
DE (2) DE10325089A1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060061482A1 (en) * 2004-09-23 2006-03-23 Patrick Monney RFID auto-connect for wireless devices
US7436300B2 (en) * 2004-11-12 2008-10-14 Microsoft Corporation Wireless device support for electronic devices
JP4509863B2 (en) * 2005-05-27 2010-07-21 株式会社東芝 Wireless base station and wireless terminal
US7755505B2 (en) 2006-09-06 2010-07-13 Lutron Electronics Co., Inc. Procedure for addressing remotely-located radio frequency components of a control system
US7768422B2 (en) 2006-09-06 2010-08-03 Carmen Jr Lawrence R Method of restoring a remote wireless control device to a known state
US7880639B2 (en) * 2006-09-06 2011-02-01 Lutron Electronics Co., Inc. Method of establishing communication with wireless control devices
TWI421726B (en) * 2008-07-01 2014-01-01 Avermedia Information Inc Wireless presenter system and matching method applied thereto
EP2876935A4 (en) 2012-07-18 2015-08-26 Nec Corp Radio base station, mobile communication system, handover control method and program
US9363836B2 (en) * 2013-04-01 2016-06-07 Silver Spring Networks, Inc. Secure management of radio transmissions in an endpoint device of a network
US10769562B2 (en) 2016-03-16 2020-09-08 Triax Technologies, Inc. Sensor based system and method for authorizing operation of worksite equipment using a locally stored access control list
US11810032B2 (en) 2016-03-16 2023-11-07 Triax Technologies, Inc. Systems and methods for low-energy wireless applications using networked wearable sensors
US11170616B2 (en) 2016-03-16 2021-11-09 Triax Technologies, Inc. System and interfaces for managing workplace events
US10325229B2 (en) * 2016-03-16 2019-06-18 Triax Technologies, Inc. Wearable sensor for tracking worksite events including sensor removal

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US89429A (en) * 1869-04-27 Improved animal-trap
US71714A (en) * 1867-12-03 Benjamin day ot
US14953A (en) * 1856-05-27 Secttkietg nuts to cabkiage-axles
DE4134922C1 (en) 1991-10-23 1992-12-03 Anatoli 3013 Barsinghausen De Stobbe
JPH1039685A (en) * 1996-07-26 1998-02-13 Canon Inc Image forming device and process cartridge
US6323566B1 (en) * 1996-10-10 2001-11-27 Texas Instruments Incorported Transponder for remote keyless entry systems
DE19728761C1 (en) * 1997-07-05 1998-09-24 Kostal Leopold Gmbh & Co Kg Non-key type access control unit for motor vehicle with access authorised control
FI980427L (en) * 1998-02-25 1999-08-26 Ericsson Telefon Ab L M Method, arrangement and device for authentication
IT1305533B1 (en) * 1998-06-30 2001-05-09 Alessandro Manneschi APPARATUS AND OPERATING METHOD FOR DITRASPONDER DETECTION AND READING IN THE CONTROLLED PASSAGE
EP1018692B1 (en) * 1999-01-08 2006-06-28 Anatoli Stobbe Security system, transponder and receiving device
DE19900415B4 (en) * 1999-01-08 2008-02-21 Leopold Kostal Gmbh & Co. Kg Method for performing a keyless conditional access control for motor vehicles
DE19902797C1 (en) * 1999-01-25 2000-06-21 Kostal Leopold Gmbh & Co Kg Keyless vehicle access control unit and security system, exchanges low frequency coded signal and response of high frequency transponder before entry is enabled
US6323782B1 (en) * 1999-06-21 2001-11-27 Freight Locker, Inc. Unattended item delivery system
DE10004615C2 (en) * 2000-02-03 2003-08-07 Siemens Ag Authorization control system, in particular for a motor vehicle
DE50112712D1 (en) * 2000-02-21 2007-08-23 E Plus Mobilfunk Gmbh & Co Kg METHOD FOR PROVIDING THE AUTHENTICITY OF THE IDENTITY OF A SERVICE USER AND DEVICE FOR CARRYING OUT THE PROCEDURE
US7136999B1 (en) * 2000-06-20 2006-11-14 Koninklijke Philips Electronics N.V. Method and system for electronic device authentication
US20020049904A1 (en) * 2000-08-24 2002-04-25 Juergen Nowottnick Access system with possibility of learing unknown access keys
DE10106956A1 (en) * 2001-02-15 2002-08-29 Kostal Leopold Gmbh & Co Kg Keyless access authorization control device and identification transmitter therefor
WO2002065403A1 (en) * 2001-02-15 2002-08-22 Leopold Kostal Gmbh & Co. Kg Keyless access control device
EP1302374B1 (en) * 2001-10-16 2007-05-02 Siemens Aktiengesellschaft Method of initialising an entry control system with several electronic keys and several objects
FR2834156B1 (en) * 2001-12-20 2004-03-05 Gemplus Card Int METHOD FOR ACCESSING A SERVICE BY RADIO FREQUENCY ASSOCIATED WITH A PORTABLE ELECTRONIC CHIP OBJECT
US7050947B2 (en) * 2002-01-04 2006-05-23 Siemens Vdo Automotive Corporation Remote control communication including secure synchronization
US6961541B2 (en) * 2002-05-24 2005-11-01 Aeroscout, Inc. Method and apparatus for enhancing security in a wireless network using distance measurement techniques
US7231041B2 (en) * 2003-08-19 2007-06-12 General Motors Corporation Method, device, and system for secure motor vehicle remote keyless entry

Also Published As

Publication number Publication date
ATE306160T1 (en) 2005-10-15
US20040248556A1 (en) 2004-12-09
DE10325089A1 (en) 2004-12-30
DE502004000084D1 (en) 2006-02-16
EP1484858A1 (en) 2004-12-08
US7054616B2 (en) 2006-05-30

Similar Documents

Publication Publication Date Title
EP1484858B1 (en) Method for functional assembling together components of an authentication facility as well as an authentication facility
DE69637170T2 (en) ZONE-BASED ORGANIZATION AND CONTROL SYSTEM
DE3905651C2 (en)
DE69206450T2 (en) Multi-point access system.
EP0811739B1 (en) Device and method for checking the user authorization of an access control system,in particular locking device for vehicles
DE19900415A1 (en) Keyless access control method for motor vehicles involves conducting plausibility check on action signal from ID transmitter to determine whether transmitter is in plausible position for action
EP1302374A2 (en) Method of initialising an entry control system with several electronic keys and several objects
DE20011952U1 (en) Device for securing issued tools or devices
EP1002177B1 (en) Method for operating a remote control, and remote control
EP1006248B1 (en) Remote-controlled access control device, in particular for a motor vehicle and portable transponder therefor
EP0559605B1 (en) Individual identification system
EP0891607B1 (en) Method for operating a remote-control device and a remote-control device
AT516288B1 (en) Method and device for managing access authorizations
DE19743101B4 (en) Method for assigning an actuating element to a device
EP0923054B1 (en) Method and device for checking the usage right for access control devices
DE10112573C2 (en) Method for initializing an anti-theft system for a motor vehicle
DE102016210139A1 (en) Method for setting an identification feature, vehicle, operating method for a safety system and safety system
DE102016119951A1 (en) Keyless authentication system for a motor vehicle, authentication method for providing operation of a motor vehicle and retrofit kit
EP0948779B1 (en) Device for assigning an operating element to an apparatus
DE60212832T2 (en) Method for communication between a map and a motor vehicle
EP0954666B1 (en) Control device for an authorization system
EP2371631B1 (en) Control of access authorisation for a working vehicle
EP1606775A1 (en) Closing system and method for operating the same
EP1017916B1 (en) Method for allocating a remote control to a base station
EP1083277A1 (en) Locking system and method of its operation

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

17P Request for examination filed

Effective date: 20041222

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT;WARNING: LAPSES OF ITALIAN PATENTS WITH EFFECTIVE DATE BEFORE 2007 MAY HAVE OCCURRED AT ANY TIME BEFORE 2007. THE CORRECT EFFECTIVE DATE MAY BE DIFFERENT FROM THE ONE RECORDED.

Effective date: 20051005

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

Ref country code: IE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: GERMAN

REG Reference to a national code

Ref country code: CH

Ref legal event code: NV

Representative=s name: PA ALDO ROEMPLER

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20060105

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20060105

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20060105

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20060105

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20060116

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 20060119

REF Corresponds to:

Ref document number: 502004000084

Country of ref document: DE

Date of ref document: 20060216

Kind code of ref document: P

NLV1 Nl: lapsed or annulled due to failure to fulfill the requirements of art. 29p and 29m of the patents act
PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20060306

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20060406

REG Reference to a national code

Ref country code: IE

Ref legal event code: FD4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20060630

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

ET Fr: translation filed
26N No opposition filed

Effective date: 20060706

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20060602

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

REG Reference to a national code

Ref country code: CH

Ref legal event code: PCAR

Free format text: ALDO ROEMPLER PATENTANWALT;BRENDENWEG 11 POSTFACH 154;9424 RHEINECK (CH)

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20051005

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20110517

Year of fee payment: 8

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: AT

Payment date: 20110629

Year of fee payment: 8

Ref country code: GB

Payment date: 20110512

Year of fee payment: 8

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: BE

Payment date: 20110601

Year of fee payment: 8

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: CH

Payment date: 20110907

Year of fee payment: 8

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20120525

Year of fee payment: 9

BERE Be: lapsed

Owner name: LEOPOLD *KOSTAL G.M.B.H. & CO. K.G.

Effective date: 20120630

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

Ref country code: AT

Ref legal event code: MM01

Ref document number: 306160

Country of ref document: AT

Kind code of ref document: T

Effective date: 20120602

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20120602

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20130228

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120630

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120602

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120630

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120702

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120630

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120602

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 502004000084

Country of ref document: DE

Effective date: 20140101

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20140101