[go: up one dir, main page]

EP3156980B1 - Method for programming ident media of an access control system - Google Patents

Method for programming ident media of an access control system Download PDF

Info

Publication number
EP3156980B1
EP3156980B1 EP16450026.6A EP16450026A EP3156980B1 EP 3156980 B1 EP3156980 B1 EP 3156980B1 EP 16450026 A EP16450026 A EP 16450026A EP 3156980 B1 EP3156980 B1 EP 3156980B1
Authority
EP
European Patent Office
Prior art keywords
access control
control device
data
access
communication interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP16450026.6A
Other languages
German (de)
French (fr)
Other versions
EP3156980A1 (en
Inventor
Johannes Ullmann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
EVVA Sicherheitstechnologie GmbH
Original Assignee
EVVA Sicherheitstechnologie GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by EVVA Sicherheitstechnologie GmbH filed Critical EVVA Sicherheitstechnologie GmbH
Publication of EP3156980A1 publication Critical patent/EP3156980A1/en
Application granted granted Critical
Publication of EP3156980B1 publication Critical patent/EP3156980B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00317Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks keyless data carrier having only one limited data transmission range
    • G07C2009/00333Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks keyless data carrier having only one limited data transmission range and the lock having more than one limited data transmission ranges
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00579Power supply for the keyless data carrier
    • G07C2009/00603Power supply for the keyless data carrier by power transmission from lock
    • G07C2009/00611Power supply for the keyless data carrier by power transmission from lock by using inductive transmission
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • G07C2009/00865Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed remotely by wireless communication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • G07C2009/00873Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed by code input from the lock

Definitions

  • the invention relates to a method for programming identification media of an access control system, wherein the access control system comprises at least one access control device and a central processing unit, are stored and managed in the access rights data, wherein the programming of the identification medium, the transmission of access rights data via a wireless telecommunications network to a wireless mobile telecommunications device and transmitting the access rights data received from the mobile telecommunication device to a memory of the identification medium.
  • the invention further relates to an access control device for carrying out such a method.
  • Locking systems are usually used in larger buildings in which access to a large number of rooms or building sections is to be individually controlled.
  • To address the need for frequently changing permissions locking systems are often provided with access control devices that have electronic authorization request means.
  • the authorization information is stored on electronic identification media.
  • the authorization information is available, for example, as electronic code, which can be read out electronically by the reading units of the access control devices and evaluated with regard to access authorization. It is not mandatory that the electronic code is actually transmitted.
  • the access authorization can also be determined by means of an authentication and / or identification protocol between the access control device and the ID medium, ie with cryptographic methods with which it can be established without transmission of the sensitive codes, whether Ident medium and the access control device have the same secret, which corresponds to an access authorization.
  • access control devices or closing units are to be understood as meaning electrical, electronic or mechatronic closing units, in particular locks.
  • Closing units may in this case comprise various components, such as e.g. Access devices for identification media, a closing electronics and the like.
  • Access control devices or locking units are used in particular to obstruct or release access to rooms depending on the access authorization and are accordingly provided for installation in doors, windows and the like.
  • mechanical clamping units e.g. Cylinder locks to understand.
  • Mechatronic clamping units are e.g. electric motor driven locking devices, engine cylinders, E-cylinders, E-fittings and the like. electric door opener.
  • Identification media are electronic identification media or devices which have stored electronic code or authorization information, e.g. in the form of cards, key fobs and combinations of mechanical and electronic keys, or SmartPhones.
  • authorization information are eg identification or. Access codes and / or access conditions such as authorized access time, authorized access date, legitimate access date of a user and the like to understand.
  • the authorization information is obtained from a secret access control device-individual key, ie one formed the access control device identifying identifier, and optionally a temporal authorization restriction.
  • a method of the type mentioned is in the WO 2009/094683 A1 described.
  • the programming of the electronic identification media with access rights data takes place via a wireless telecommunications network, so that the access right data is sent from the central processing unit to a wireless mobile telecommunication device of the respectively desired user or key holder.
  • the access rights data received by the mobile telecommunication device can be made available to a suitable identification medium which receives a key function in this manner.
  • a kind of "online key” is created because the ID medium can be reprogrammed via the mobile telecommunications network and the corresponding mobile terminal to change in this way the access right data and thus the access authorization of the key holder.
  • the access control devices can operate as autonomous units after installation and initialization, and in particular require no network connection. This is of particular advantage if, due to the local conditions, a crosslinking of closing units is not desired, for example if, in the case of smaller locking systems, the networking effort would be too costly or if structural interventions in the door and in the area of the door are undesirable.
  • the access rights data after transmission to the mobile telecommunication device using a read / write device to the external, separate from the telecommunication device identification medium written.
  • the communication between the mobile telecommunication device and the identification medium by means of near field communication, which is carried out in particular according to the RFID or NFC standard.
  • the mobile phone has a transceiver module for near field communication.
  • the present invention therefore aims to make the programming of ident media by means of mobile telecommunication devices, in particular mobile phones, possible even if the corresponding device does not have a near field communication module.
  • the invention essentially provides in a method of the type initially mentioned that the transmission of the access rights data from the telecommunication device to the memory of the identification medium via the at least one access control device, wherein the access right data from the telecommunication device to a first wireless communication interface of the access control device and be transmitted from a second wireless communication interface of the access control device to the memory of the identification medium.
  • the data exchange between the mobile telecommunication terminal and the ID medium for the purpose of programming the ID medium is thus not directly, but with the interposition of an access control device.
  • the access control device can in this case be equipped in a simple manner with a first communication interface, which allows a data exchange with common mobile phones.
  • the data communication between the access control device and the identification medium can in principle take place via any standards that the manufacturer of the locking system provides. Since the access control devices and the identification media of a locking system are usually provided by the manufacturer of the system, the compatibility of the communication interfaces in the data transmission between the access control device and the identification medium is no difficulty. The compatibility of the locking system with the mobile telecommunication device, in particular the mobile phone of each user however, it is more difficult because mobile phones have different and over time also changing equipment with communication interfaces. If the user's mobile phone does not support the near field communication most commonly used to program the identification medium, the invention allows the use of a different communication interface of the mobile telephone, programming then being handled by the access control device equipped with an interface compatible with the mobile telephone.
  • a preferred embodiment of the invention provides that the access rights data are transmitted wirelessly via short range radio, such as via Bluetooth, in particular low energy Bluetooth, from the telecommunication device to the first wireless communication interface of the access control device.
  • short range radio such as via Bluetooth, in particular low energy Bluetooth
  • the Bluetooth 4.0 standard LE is advantageous because it has a very low power consumption.
  • the Bluetooth technology is very widespread and installed in almost all modern mobile phones, so a Data transmission between the mobile phone and the access control device is guaranteed regardless of the model of the mobile phone.
  • the telecommunication terminal and the access control device are electronically (eg with Bluetooth) so coupled together that a data connection is only possible between the coupled units.
  • the data communication between the access control device and the identification medium preferably takes place by means of near field communication, in particular according to the RFID, NFC, JCOP (Java Card OpenPlatform) or MIFARE DESFire standard.
  • the communication of the identification medium with the access control device and that of the access control device with the telecommunication device thus takes place according to different transmission protocols, so that the access control device has at least two transmitting / receiving units or two communication interfaces.
  • the two transceiver units or communication interfaces are designed, for example, as separate hardware units or combined into a single module.
  • the identification medium can be designed as a passive component without its own power supply.
  • a preferred procedure provides that the energy supply of the transmitting / receiving unit of the identification medium takes place via an electromagnetic, preferably substantially magnetic, alternating field of the second wireless communication interface of the access control device.
  • the telecommunication terminal and / or the identification medium and / or the access control device has a security hardware module in which at least one digital certificate is stored in order to enable an authentication of the communication partners.
  • the data transmission between the telecommunication terminal and the access control device and / or between the access control device and the identification medium preferably comprises the use of a key exchange or derivation protocol, whereby the respective communication partners at least a secret, common session key is made available, whereupon the at least one session key for establishing a secure Transmission channel between the respective communication partners is used, and wherein the access rights data is transmitted via the secure channel.
  • the operations required for the key exchange or derivation protocol in the identification medium, in the access control device or in the telecommunication terminal are carried out in the respective security hardware module.
  • the at least one digital certificate may in this case preferably be signed by the central processing unit.
  • the at least one session key is generated in the security hardware module of the identification medium or of the telecommunication terminal and in the access control device on the basis of an access control device-specific access code, preferably further based on a random number generated by the respective communication partners and / or run number generated by the respective communication partners.
  • the programming method according to the invention for programming an ident medium can preferably be in an access control method to be used.
  • the invention provides in this context preferably a method for access control, especially in buildings such as buildings, in which a bidirectional data transfer between an access right data storing electronic identification medium and an access control device takes place and in the access control device an access authorization check is made, depending on the established access authorization a blocking means for selectively enabling or blocking the access is controlled, wherein access rights data are stored and managed in a central processing unit and the identification medium is programmed with a method according to one of claims 1 to 4 with access right data.
  • the invention relates to an access control device comprising a first wireless communication interface for transmitting data, in particular access right data from and / or to a mobile telecommunication device and a second wireless communication interface for transmitting data, in particular access right data from one and / or to an identification medium
  • the access control device comprises a buffer and a control unit, wherein the control unit cooperates with the first and the second communication interface, so that incoming data via the first communication interface are supplied to the buffer and are passed from the buffer to the second communication interface for forwarding to the identification medium.
  • the first communication interface is preferably designed for data communication by means of short range radio.
  • the first communication interface for data communication via the Bluetooth standard, in particular low energy Bluetooth trained.
  • the second communication interface is preferably designed for wireless data communication by means of near-field communication, in particular according to the RFID, NFC, JCOP or MIFARE DESFire standard.
  • the identification medium can be designed as a passively operating RFID, NFC, JCOP or MIFARE DESFire unit.
  • the access control device is preferably a closing unit of a locking system, in particular an electrical, electronic or mechatronic locking unit, such as a locking device. Cylinder locks, electric cylinders, electric door openers, fittings or wall readers.
  • the present invention is not limited to a particular embodiment of the telecommunication device.
  • the telecommunication device only has to be able to carry out a data communication on the one hand with the central processing unit and on the other hand with the access control device.
  • the telecommunications device therefore preferably has two mutually different data transmission interfaces.
  • the one data transmission interface is preferably designed for the purpose of communication with the central processing unit for communication via a telecommunications network.
  • the other data transmission interface is designed for the purpose of communication with the access control device via short range radio, eg Bluetooth.
  • the telecommunication device is preferably a mobile telephone, in particular a GSM / UMTS mobile telephone, in particular a SmartPhone, a tablet, SmartWatch, or a particularly portable one Personal computer.
  • the telecommunication device can also be configured as a stationary device, for example as a Bluetooth node, which converts the data obtained via the telecommunication network into the Bluetooth protocol.
  • the data transmission between the central processing unit and the telecommunication device may be over a mobile telecommunication network, e.g. a GSM, GPRS, UMTS and / or LTE network, or via a wireless internet connection, e.g. Wi-Fi or the like done.
  • a mobile telecommunication network e.g. a GSM, GPRS, UMTS and / or LTE network
  • a wireless internet connection e.g. Wi-Fi or the like done.
  • the telecommunication device can take over the function of a relay or proxy unit between the central processing unit and the access control device.
  • the access right data is not buffered in the telecommunication device, but an end-to-end data connection between the central processing unit and the access control device is established, so that the data is only passed through the telecommunication device.
  • only the conversion of the data from the transmission protocol used for the connection between the central processing unit and the telecommunication device then takes place on the transmission protocol used for the connection between the telecommunication device and the access control device.
  • a blocking means is, for example, a mechanically acting blocking element which can be moved between a blocking and a release position, or a mechanical or magnetic coupling element which couples or decouples an actuating element, such as a handle, with a blocking member electrically lockable and / or releasable Blocking element, such as an electric door opener to understand.
  • FIG. 1 the schematic structure of an access control system
  • Fig. 2 the programming of an identification medium based on a block diagram.
  • Fig. 1 is a central processing unit designated 1.
  • the objects to which the access is to be controlled by means of the access control system are designated 2 and schematically represented in the present case as houses.
  • the objects 2 each have a door with a locking unit based on RFID or NFC.
  • An administrator 3 manages the central processing unit 1 and can assign access authorizations.
  • the central processing unit 1 is connected to a mobile, wireless telecommunications network 4, such as a GSM mobile phone network and can send access rights data to mobile telecommunication devices 5 via the telecommunications network 4.
  • the mobile telecommunication devices 5 are mobile phones which are equipped with a software application which controls the data exchange between the central processing unit 1 and an identification medium 6.
  • the software application or the telecommunication device 5 acts as a router, which forwards the access rights data received from the central processing unit 1 via the communication connection 7 to the identification medium 6.
  • the access rights data to be transmitted are hereby encrypted in the central processing unit 1 and decrypted in the identification medium 6.
  • the access right data In the telecommunication device 5 there is no decryption of the access right data.
  • the access right data In the simplest case, the access right data as a lock identifier to the mobile telecommunications device 5 sent. If, in a very simplified example, the closing units of the in Fig.
  • the transmission of the access rights data to a telecommunication device 5 in the form of the identifier 101 means that this corresponds to an access authorization for the locking unit with the identifier 101.
  • the identification medium 6 used as a key is brought into the vicinity of a locking unit with the identifier 101 and in the course of the access authorization check the access right data, namely the lock identifier "101" is transmitted to the locking unit, the locking unit recognizes on the basis of a comparison of the key transmitted lock identifier with its own lock identifier at the same match the presence of an access authorization, after which the lock is released.
  • the transmission 7 of the access right data from the telecommunication device 5 to an identification medium 6 does not take place directly but via a closing unit 8 equipped therefor, as shown in FIG Fig. 2 is shown.
  • the clamping unit 8 has a first communication interface 13, which is an interface for short-range radio communication, such as a Bluetooth 4.0 low-energy interface.
  • the clamping unit 8 furthermore has a second communication interface 15, which is an interface for near-field communication, eg via RFID or NFC.
  • the telecommunications device which may be, for example, a smartphone, a tablet or a SmartWatch, via a graphical user interface 12 and a software application 11.
  • the access right data are transmitted together with header information, so that a microcontroller 14 of the clamping unit 8 recognizes the data as data intended for the identification medium 6 and ensures the forwarding of the data via the second communication interface 15 and the near field communication connection 10 to the identification medium 6.
  • the identification medium the data is written in a memory and used for future authorization requests in order to be able to check the access authorization in data exchange with a locking unit in connection with an access request.
  • the short-range radio connection 9 can not only be used for the transmission of access right data. It is also possible to transmit configuration data of the locking components, a blacklist of identification media not authorized for access authorization, event data read from the locking components, as well as status data via the radio link.
  • the data transmission can also take place without active request by the user. Rather, the data transmission can take place automatically as soon as the mobile terminal is within range of the corresponding locking component.
  • suitable programming of the application 11 it can be determined at which time the data transmission with which locking component and how often takes place. Thereby, e.g. Energy management strategies and information strategies.
  • data from the locking components can also be reported back to the central server.
  • Examples of data to be transmitted via the connection 9 are given below: Data for an identification medium, in particular its update (software or firmware update), data for different identification media for updating this, status data on a successful update process, status data on the battery state of charge and via an imminent battery change, time synchronization with the server, status data on a successful time synchronization, status data on the receipt of the Blacklist, status information about the opening (eg lock currently in permanent opening), door contact data and latch contact data (if present), manipulation and break alarms (if supported by the locking component), firmware version information, firmware updates, closing hours operating hours counter, lock component locks, configuration data, status data by reading out the event list from the closing component, area lists, time zone information, holiday calendars, permanent opening calendar, releases.
  • Data for an identification medium in particular its update (software or firmware update), data for different identification media for updating this, status data on a successful update process, status data on the battery state of charge and via an imminent battery change, time synchronization with the server, status data on a successful time synchronization, status data on the receipt

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Lock And Its Accessories (AREA)

Description

Die Erfindung betrifft ein Verfahren zur Programmierung von Identmedien einer Zutrittskontrollanlage, wobei die Zutrittskontrollanlage wenigstens eine Zutrittskontrollvorrichtung und eine zentrale Recheneinheit umfasst, in der Zutrittsrechtsdaten gespeichert und verwaltet werden, wobei die Programmierung des Identmediums das Senden von Zutrittsrechtsdaten über ein drahtloses Telekommunikationsnetz an ein drahtloses mobiles Telekommunikationsgerät und das Übermitteln der vom mobilen Telekommunikationsgerät empfangenen Zutrittsrechtsdaten an einen Speicher des Identmediums umfasst.The invention relates to a method for programming identification media of an access control system, wherein the access control system comprises at least one access control device and a central processing unit, are stored and managed in the access rights data, wherein the programming of the identification medium, the transmission of access rights data via a wireless telecommunications network to a wireless mobile telecommunications device and transmitting the access rights data received from the mobile telecommunication device to a memory of the identification medium.

Die Erfindung betrifft weiters eine Zutrittskontrollvorrichtung zur Durchführung eines solchen Verfahrens.The invention further relates to an access control device for carrying out such a method.

An moderne Schließanlagen werden vielfältige Anforderungen gestellt. Schließanlagen kommen meist in größeren Gebäuden zum Einsatz, in denen der Zutritt zu einer Vielzahl von Räumen oder Gebäudeabschnitten individuell kontrolliert werden soll. Um dem Bedürfnis nach häufig wechselnden Berechtigungen Rechnung zu tragen, werden Schließanlagen häufig mit Zutrittskontrollvorrichtungen ausgestattet, die elektronische Berechtigungsabfragemittel aufweisen. Die Berechtigungsinformationen sind auf elektronischen Identmedien gespeichert. Die Berechtigungsinformationen liegen beispielsweise als elektronischer Code vor, der von den Leseeinheiten der Zutrittskontrollvorrichtungen elektronisch ausgelesen und hinsichtlich der Zutrittsberechtigung ausgewertet werden kann. Dabei ist nicht zwingend erforderlich, dass der elektronische Code tatsächlich übertragen wird. Vielmehr kann die Zutrittsberechtigung auch mittels eines Authentifizierungs- und/oder Identifizierungsprotokolls zwischen der Zutrittskontrollvorrichtung und dem Identmedium ermittelt werden, d.h. mit kryptographische Verfahren, mit denen ohne Übertragung der sensiblen Codes festgestellt werden kann, ob das Identmedium und die Zutrittskontrollvorrichtung über dasselbe Geheimnis verfügen, welches einer Zutrittsberechtigung entspricht.Various requirements are placed on modern locking systems. Locking systems are usually used in larger buildings in which access to a large number of rooms or building sections is to be individually controlled. To address the need for frequently changing permissions, locking systems are often provided with access control devices that have electronic authorization request means. The authorization information is stored on electronic identification media. The authorization information is available, for example, as electronic code, which can be read out electronically by the reading units of the access control devices and evaluated with regard to access authorization. It is not mandatory that the electronic code is actually transmitted. Rather, the access authorization can also be determined by means of an authentication and / or identification protocol between the access control device and the ID medium, ie with cryptographic methods with which it can be established without transmission of the sensitive codes, whether Ident medium and the access control device have the same secret, which corresponds to an access authorization.

Unter Zutrittskontrollvorrichtungen oder Schließeinheiten sind im Rahmen der Erfindung elektrische, elektronische oder mechatronische Schließeinheiten, insbesondere Schlösser, zu verstehen. Schließeinheiten können hierbei verschiedene Komponenten umfassen, wie z.B. Leseeinrichtungen für Identmedien, eine Schließelektronik und dgl. Zutrittskontrollvorrichtungen bzw. Schließeinheiten dienen dabei insbesondere dazu, den Zutritt zu Räumen in Abhängigkeit von der Zutrittsberechtigung zu versperren oder freizugeben und sind dementsprechend zum Einbau in Türen, Fenstern und dgl. vorgesehen. Unter mechanischen Schließeinheiten sind z.B. Zylinderschlösser zu verstehen. Mechatronische Schließeinheiten sind z.B. elektromotorisch angetriebene Sperreinrichtungen, Motorzylinder, E-Zylinder, E-Beschläge und dgl. Elektrische Schließeinheiten sind z.B. elektrische Türöffner.In the context of the invention, access control devices or closing units are to be understood as meaning electrical, electronic or mechatronic closing units, in particular locks. Closing units may in this case comprise various components, such as e.g. Access devices for identification media, a closing electronics and the like. Access control devices or locking units are used in particular to obstruct or release access to rooms depending on the access authorization and are accordingly provided for installation in doors, windows and the like. Among mechanical clamping units, e.g. Cylinder locks to understand. Mechatronic clamping units are e.g. electric motor driven locking devices, engine cylinders, E-cylinders, E-fittings and the like. electric door opener.

Unter Identmedien werden elektronische Identmedien oder Vorrichtungen verstanden, die einen elektronischen Code bzw. Berechtigungsinformationen gespeichert haben, z.B. in der Form von Karten, Schlüsselanhängern und Kombinationen aus mechanischen und elektronischen Schlüsseln, oder SmartPhones.Identification media are electronic identification media or devices which have stored electronic code or authorization information, e.g. in the form of cards, key fobs and combinations of mechanical and electronic keys, or SmartPhones.

Unter Berechtigungsinformationen sind z.B. Identifikations-bzw. Zugangscodes und/oder Zutrittsbedingungen wie z.B. berechtigte Zutrittszeit, berechtigter Zutrittstag, berechtigtes Zutrittsdatum eines Benutzers und dgl. zu verstehen. Insbesondere werden die Berechtigungsinformationen von einem geheimen zutrittskontrollvorrichtungsindividuellen Schlüssel, d.h. einer die Zutrittskontrollvorrichtung identifizierenden Kennung, und optional einer zeitlichen Berechtigungseinschränkung gebildet.Under authorization information are eg identification or. Access codes and / or access conditions such as authorized access time, authorized access date, legitimate access date of a user and the like to understand. In particular, the authorization information is obtained from a secret access control device-individual key, ie one formed the access control device identifying identifier, and optionally a temporal authorization restriction.

Ein Verfahren der eingangs genannten Art ist in der WO 2009/094683 A1 beschrieben. Bei dem dort beschriebenen Verfahren erfolgt die Programmierung der elektronischen Identmedien mit Zutrittsrechtsdaten über ein drahtloses Telekommunikationsnetz, sodass die Zutrittsrechtsdaten von der zentralen Recheneinheit an ein drahtloses mobiles Telekommunikationsgerät des jeweils gewünschten Benutzers bzw. Schlüsselinhabers gesendet werden. Die vom mobilen Telekommunikationsgerät empfangenen Zutrittsrechtsdaten können einem geeigneten Identmedium zur Verfügung gestellt werden, welches auf diese Art und Weise eine Schlüsselfunktion erhält. Dadurch wird eine Art "online-Schlüssel" geschaffen, da das Identmedium über das mobile Telekommunikationsnetz und das entsprechende mobile Endgerät umprogrammiert werden kann, um auf diese Art und Weise die Zutrittsrechtsdaten und damit die Zutrittsberechtigung des Schlüsselinhabers zu ändern.A method of the type mentioned is in the WO 2009/094683 A1 described. In the method described there, the programming of the electronic identification media with access rights data takes place via a wireless telecommunications network, so that the access right data is sent from the central processing unit to a wireless mobile telecommunication device of the respectively desired user or key holder. The access rights data received by the mobile telecommunication device can be made available to a suitable identification medium which receives a key function in this manner. As a result, a kind of "online key" is created because the ID medium can be reprogrammed via the mobile telecommunications network and the corresponding mobile terminal to change in this way the access right data and thus the access authorization of the key holder.

Auf Grund der Möglichkeit der entfernten Programmierung von Identmedien ist es zur Änderung der Zutrittsberechtigungen nicht mehr notwendig, einen Zugriff direkt auf die einzelnen Schließeinheiten bzw. Zutrittskontrollvorrichtungen zu erhalten. Die Zutrittskontrollvorrichtungen können nach der Installation und Initialisierung als autonome Einheiten arbeiten und erfordern insbesondere keine Netzwerkanbindung. Dies ist von besonderem Vorteil, wenn auf Grund der örtlichen Gegebenheiten eine Vernetzung von Schließeinheiten nicht gewünscht ist, beispielsweise wenn bei kleineren Schließanlagen der Vernetzungsaufwand zu kostenintensiv wäre oder wenn bauliche Eingriffe in der Türe und im Bereich der Türe nicht erwünscht sind.Due to the possibility of remote programming of ident media, it is no longer necessary to change the access authorizations to obtain access directly to the individual locking units or access control devices. The access control devices can operate as autonomous units after installation and initialization, and in particular require no network connection. This is of particular advantage if, due to the local conditions, a crosslinking of closing units is not desired, for example if, in the case of smaller locking systems, the networking effort would be too costly or if structural interventions in the door and in the area of the door are undesirable.

Wie in der WO 2009/094683 A1 beschrieben, werden die Zutrittsrechtsdaten nach der Übermittlung an das mobile Telekommunikationsgerät unter Verwendung einer Schreib-/Leseeinrichtung auf das externe, von dem Telekommunikationsgerät gesonderte Identmedium geschrieben. Dies erfordert naturgemäß einen zusätzlichen Schreibvorgang und eine entsprechende Schreibeinrichtung. Im Falle passiv arbeitender Identmedien, die keine eigene Stromversorgung aufweisen, erfolgt die Kommunikation zwischen dem mobilen Telekommunikationsgerät und dem Identmedium mittels Nahfeldkommunikation, die insbesondere nach dem RFID- bzw. NFC-Standard vorgenommen wird. Dies setzt allerdings voraus, dass das Mobiltelefon über ein Sende-/Empfangsmodul für die Nahfeldkommunikation verfügt.Like in the WO 2009/094683 A1 described, the access rights data after transmission to the mobile telecommunication device using a read / write device to the external, separate from the telecommunication device identification medium written. This naturally requires an additional writing process and a corresponding writing device. In the case of passively working ident media, which do not have their own power supply, the communication between the mobile telecommunication device and the identification medium by means of near field communication, which is carried out in particular according to the RFID or NFC standard. However, this assumes that the mobile phone has a transceiver module for near field communication.

Die vorliegende Erfindung zielt daher darauf ab, das Programmieren von Identmedien mittels mobiler Telekommunikationsgeräte, insbesondere Mobiltelefonen, auch dann möglich zu machen, wenn das entsprechende Gerät nicht über ein Nahfeldkommunikationsmodul verfügt.The present invention therefore aims to make the programming of ident media by means of mobile telecommunication devices, in particular mobile phones, possible even if the corresponding device does not have a near field communication module.

Zur Lösung dieser Aufgabe sieht die Erfindung bei einem Verfahren der eingangs genannten Art im Wesentlichen vor, dass die Übermittlung der Zutrittsrechtsdaten vom Telekommunikationsgerät an den Speicher des Identmediums über die wenigstens eine Zutrittskontrollvorrichtung erfolgt, wobei die Zutrittsrechtsdaten vom Telekommunikationsgerät an eine erste drahtlose Kommunikationsschnittstelle der Zutrittskontrollvorrichtung und von einer zweiten drahtlosen Kommunikationsschnittstelle der Zutrittskontrollvorrichtung an den Speicher des Identmediums übermittelt werden. Der Datenaustausch zwischen dem mobilen Telekommunikationsendgerät und dem Identmedium zum Zwecke der Programmierung des Identmediums erfolgt somit nicht direkt, sondern unter Zwischenschaltung einer Zutrittskontrollvorrichtung. Die Zutrittskontrollvorrichtung kann hierbei in einfacher Weise mit einer ersten Kommunikationsschnittstelle ausgestattet sein, die einen Datenaustausch mit gängigen Mobiltelefonen erlaubt. Die Datenkommunikation zwischen der Zutrittskontrollvorrichtung und dem Identmedium kann grundsätzlich über beliebige Standards erfolgen, die der Hersteller der Schließanlage vorsieht. Da die Zutrittskontrollvorrichtungen und die Identmedien einer Schließanlage üblicherweise vom Hersteller der Anlage zur Verfügung gestellt werden, stellt die Kompatibilität der Kommunikationsschnittstellen bei der Datenübertragung zwischen der Zutrittskontrollvorrichtung und dem Identmedium keine Schwierigkeit dar. Die Kompatibilität der Schließanlage mit dem mobilen Telekommunikationsgerät, insbesondere Mobiltelefon des jeweiligen Benutzers hingegen stellt sich schwieriger dar, weil Mobiltelefone unterschiedliche und im Lauf der Zeit auch wechselnde Ausstattungen mit Kommunikationsschnittstellen aufweisen. Wenn das Mobiltelefon des Benutzers die für die Programmierung des Identmediums zumeist benutzte Nahfeldkommunikation nicht unterstützt, ermöglicht die Erfindung die Verwendung einer anderen Kommunikationsschnittstelle des Mobiltelefons, wobei die Programmierung dann unter Vermittlung der Zutrittskontrollvorrichtung erfolgt, welche mit einer zum Mobiltelefon kompatiblen Schnittstelle ausgestattet ist.To solve this problem, the invention essentially provides in a method of the type initially mentioned that the transmission of the access rights data from the telecommunication device to the memory of the identification medium via the at least one access control device, wherein the access right data from the telecommunication device to a first wireless communication interface of the access control device and be transmitted from a second wireless communication interface of the access control device to the memory of the identification medium. The data exchange between the mobile telecommunication terminal and the ID medium for the purpose of programming the ID medium is thus not directly, but with the interposition of an access control device. The access control device can in this case be equipped in a simple manner with a first communication interface, which allows a data exchange with common mobile phones. The data communication between the access control device and the identification medium can in principle take place via any standards that the manufacturer of the locking system provides. Since the access control devices and the identification media of a locking system are usually provided by the manufacturer of the system, the compatibility of the communication interfaces in the data transmission between the access control device and the identification medium is no difficulty. The compatibility of the locking system with the mobile telecommunication device, in particular the mobile phone of each user however, it is more difficult because mobile phones have different and over time also changing equipment with communication interfaces. If the user's mobile phone does not support the near field communication most commonly used to program the identification medium, the invention allows the use of a different communication interface of the mobile telephone, programming then being handled by the access control device equipped with an interface compatible with the mobile telephone.

Eine bevorzugte Ausführung der Erfindung sieht hierbei vor, dass die Zutrittsrechtsdaten drahtlos über Kurzreichweitenfunk, wie z.B. über Bluetooth, insbesondere Low Energy Bluetooth, vom Telekommunikationsgerät an die erste drahtlose Kommunikationsschnittstelle der Zutrittskontrollvorrichtung übermittelt werden. Insbesondere ist der Bluetooth-Standard 4.0 LE von Vorteil, da dieser einen überaus niedrigen Stromverbrauch aufweist. Die Bluetooth-Technologie ist sehr weit verbreitet und in nahezu allen modernen Mobiltelefonen eingebaut, sodass eine Datenübertragung zwischen Mobiltelefon und der Zutrittskontrollvorrichtung unabhängig vom jeweiligen Modell des Mobiltelefons gewährleistet ist. Bevorzugt sind das Telekommunikationsendgerät und die Zutrittskontrollvorrichtung elektronisch (z.B. mit Bluetooth) so miteinander gekoppelt, dass eine Datenverbindung nur zwischen den gekoppelten Einheiten möglich ist. Die Datenkommunikation zwischen der Zutrittskontrollvorrichtung und dem Identmedium erfolgt bevorzugt mittels Nahfeldkommunikation, insbesondere nach dem RFID-, NFC-, JCOP (Java Card OpenPlatform) oder MIFARE DESFire-Standard. Die Kommunikation des Identifikationsmediums mit der Zutrittskontrollvorrichtung und jene der Zutrittskontrollvorrichtung mit dem Telekommunikationsgerät erfolgt somit nach voneinander verschiedenen Übertragungsprotokollen, sodass die Zutrittskontrollvorrichtung über wenigstens zwei Sende-/Empfangseinheiten bzw. zwei Kommunikationsschnittstellen verfügt. Die zwei Sende-/Empfangseinheiten bzw. Kommunikationsschnittstellen sind z.B. als voneinander gesonderte Hardwareeinheiten ausgebildet oder zu einem einzigen Modul zusammengefasst.A preferred embodiment of the invention provides that the access rights data are transmitted wirelessly via short range radio, such as via Bluetooth, in particular low energy Bluetooth, from the telecommunication device to the first wireless communication interface of the access control device. In particular, the Bluetooth 4.0 standard LE is advantageous because it has a very low power consumption. The Bluetooth technology is very widespread and installed in almost all modern mobile phones, so a Data transmission between the mobile phone and the access control device is guaranteed regardless of the model of the mobile phone. Preferably, the telecommunication terminal and the access control device are electronically (eg with Bluetooth) so coupled together that a data connection is only possible between the coupled units. The data communication between the access control device and the identification medium preferably takes place by means of near field communication, in particular according to the RFID, NFC, JCOP (Java Card OpenPlatform) or MIFARE DESFire standard. The communication of the identification medium with the access control device and that of the access control device with the telecommunication device thus takes place according to different transmission protocols, so that the access control device has at least two transmitting / receiving units or two communication interfaces. The two transceiver units or communication interfaces are designed, for example, as separate hardware units or combined into a single module.

Vorteilhaft bei der Verwendung von Nahfeldkommunikation zwischen der Zutrittskontrollvorrichtung und dem Identmedium ist, dass das Identmedium als passives Bauteil ohne eigene Stromversorgung ausgebildet sein kann. Eine bevorzugte Verfahrensweise sieht in diesem Zusammenhang vor, dass die Energieversorgung der Sende-/Empfangseinheit des Identmediums über ein elektromagnetisches, bevorzugt im Wesentlichen magnetisches Wechselfeld der zweiten drahtlosen Kommunikationsschnittstelle der Zutrittskontrollvorrichtung erfolgt.It is advantageous in the use of near-field communication between the access control device and the identification medium that the identification medium can be designed as a passive component without its own power supply. In this context, a preferred procedure provides that the energy supply of the transmitting / receiving unit of the identification medium takes place via an electromagnetic, preferably substantially magnetic, alternating field of the second wireless communication interface of the access control device.

Um die Gefahr eines unberechtigten Auslesens oder Abhörens von sensiblen Daten zu verringern, kann bevorzugt vorgesehen sein, dass das Telekommunikationsendgerät und/oder das Identmedium und/oder die Zutrittskontrollvorrichtung ein Sicherheitshardwaremodul aufweist, in dem wenigstens ein digitales Zertifikat gespeichert wird, um eine Authentifizierung der Kommunikationspartner zu ermöglichen. Die Datenübermittlung zwischen dem Telekommunikationsendgerät und der Zutrittskontrollvorrichtung und/oder zwischen der Zutrittskontrollvorrichtung und dem Identmedium umfasst bevorzugt die Verwendung eines Schlüsselaustausch oder -ableitungsprotokolls, wodurch den jeweiligen Kommunikationspartnern wenigstens ein geheimer, gemeinsamer Sitzungsschlüssel zugänglich gemacht wird, worauf der wenigstens eine Sitzungsschlüssel zum Einrichten eines sicheren Übertragungskanals zwischen den jeweiligen Kommunikationspartnern verwendet wird, und wobei die Zutrittsrechtsdaten über den sicheren Kanal übermittelt werden. Bevorzugt werden die für das Schlüsselaustausch- oder -ableitungsprotokoll im Identmedium, in der Zutrittskontrollvorrichtung bzw. im Telekommunikationsendgerät erforderlichen Operationen im jeweiligen Sicherheitshardwaremodul durchgeführt. Das wenigstens eine digitale Zertifikat kann hierbei bevorzugt von der zentralen Recheneinheit signiert werden.In order to reduce the risk of unauthorized reading or listening to sensitive data, it may be preferable to in that the telecommunication terminal and / or the identification medium and / or the access control device has a security hardware module in which at least one digital certificate is stored in order to enable an authentication of the communication partners. The data transmission between the telecommunication terminal and the access control device and / or between the access control device and the identification medium preferably comprises the use of a key exchange or derivation protocol, whereby the respective communication partners at least a secret, common session key is made available, whereupon the at least one session key for establishing a secure Transmission channel between the respective communication partners is used, and wherein the access rights data is transmitted via the secure channel. Preferably, the operations required for the key exchange or derivation protocol in the identification medium, in the access control device or in the telecommunication terminal are carried out in the respective security hardware module. The at least one digital certificate may in this case preferably be signed by the central processing unit.

Bevorzugt wird der wenigstens eine Sitzungsschlüssel im Sicherheitshardwaremodul des Identmediums bzw. des Telekommunikationsendgeräts und in der Zutrittskontrollvorrichtung auf Grundlage eines zutrittskontrollvorrichtungsindividuellen Zutrittscodes erzeugt, bevorzugt weiters auf Grundlage einer von den jeweiligen Kommunikationspartnern erzeugten Zufallszahl und/oder von den jeweiligen Kommunikationspartnern erzeugten Laufnummer.Preferably, the at least one session key is generated in the security hardware module of the identification medium or of the telecommunication terminal and in the access control device on the basis of an access control device-specific access code, preferably further based on a random number generated by the respective communication partners and / or run number generated by the respective communication partners.

Das erfindungsgemäße Programmierverfahren zum Programmieren eines identmediums kann bevorzugt in einem Zutrittskontrollverfahren zum Einsatz gelangen. Die Erfindung sieht in diesem Zusammenhang bevorzugt ein Verfahren zur Zutrittskontrolle insbesondere in Bauwerken wie z.B. Gebäuden vor, bei dem eine bidirektionale Datenübermittlung zwischen einem Zutrittsrechtsdaten speichernden elektronischen Identmedium und einer Zutrittskontrollvorrichtung stattfindet und in der Zutrittskontrollvorrichtung eine Zutrittsberechtigungsprüfung vorgenommen wird, wobei in Abhängigkeit von der festgestellten Zutrittsberechtigung ein Sperrmittel zum wahlweisen Freigeben oder Sperren des Zutritts angesteuert wird, wobei Zutrittsrechtsdaten in einer zentralen Recheneinheit gespeichert und verwaltet werden und das Identmedium mit einem Verfahren nach einem der Ansprüche 1 bis 4 mit Zutrittsrechtsdaten programmiert wird.The programming method according to the invention for programming an ident medium can preferably be in an access control method to be used. The invention provides in this context preferably a method for access control, especially in buildings such as buildings, in which a bidirectional data transfer between an access right data storing electronic identification medium and an access control device takes place and in the access control device an access authorization check is made, depending on the established access authorization a blocking means for selectively enabling or blocking the access is controlled, wherein access rights data are stored and managed in a central processing unit and the identification medium is programmed with a method according to one of claims 1 to 4 with access right data.

Gemäß einem weiteren Aspekt betrifft die Erfindung eine Zutrittskontrollvorrichtung umfassend eine erste drahtlose Kommunikationsschnittstelle zur Übermittelung von Daten, insbesondere Zutrittsrechtsdaten von einem und/oder an ein mobiles Telekommunikationsgerät und eine zweite drahtlose Kommunikationsschnittstelle zur Übermittlung von Daten, insbesondere Zutrittsrechtsdaten von einem und/oder an ein Identmedium, wobei die Zutrittskontrollvorrichtung einen Zwischenspeicher und eine Steuereinheit umfasst, wobei die Steuereinheit mit der ersten und der zweiten Kommunikationsschnittstelle zusammenwirkt, sodass über die erste Kommunikationsschnittstelle eintreffende Daten dem Zwischenspeicher zugeführt sind und zur Weiterleitung an das Identmedium vom Zwischenspeicher an die zweite Kommunikationsschnittstelle übergeben werden.According to a further aspect, the invention relates to an access control device comprising a first wireless communication interface for transmitting data, in particular access right data from and / or to a mobile telecommunication device and a second wireless communication interface for transmitting data, in particular access right data from one and / or to an identification medium wherein the access control device comprises a buffer and a control unit, wherein the control unit cooperates with the first and the second communication interface, so that incoming data via the first communication interface are supplied to the buffer and are passed from the buffer to the second communication interface for forwarding to the identification medium.

Die erste Kommunikationsschnittstelle ist vorzugsweise zur Datenkommunikation mittels Kurzreichweitenfunk ausgebildet. Insbesondere ist die erste Kommunikationsschnittstelle zur Datenkommunikation über den Bluetooth-Standard, insbesondere Low Energy Bluetooth, ausgebildet.The first communication interface is preferably designed for data communication by means of short range radio. In particular is the first communication interface for data communication via the Bluetooth standard, in particular low energy Bluetooth trained.

Die zweite Kommunikationsschnittstelle ist bevorzugt für die drahtlose Datenkommunikation mittels Nahfeldkommunikation, insbesondere nach dem RFID-, NFC-, JCOP- oder MIFARE DESFire-Standard ausgebildet. Das Identmedium kann dabei als passiv arbeitende RFID-, NFC-, JCOP- oder MIFARE DESFire-Einheit ausgebildet sein.The second communication interface is preferably designed for wireless data communication by means of near-field communication, in particular according to the RFID, NFC, JCOP or MIFARE DESFire standard. The identification medium can be designed as a passively operating RFID, NFC, JCOP or MIFARE DESFire unit.

Die Zutrittskontrollvorrichtung ist bevorzugt eine Schließeinheit einer Schließanlage, insbesondere eine elektrische, elektronische oder mechatronische Schließeinheit, wie z.B. Zylinderschlösser, E-Zylinder, elektrische Türöffner, Beschläge oder Wandleser.The access control device is preferably a closing unit of a locking system, in particular an electrical, electronic or mechatronic locking unit, such as a locking device. Cylinder locks, electric cylinders, electric door openers, fittings or wall readers.

Grundsätzlich ist die vorliegende Erfindung nicht auf eine bestimmte Ausbildung des Telekommunikationsgeräts beschränkt. Das Telekommunikationsgerät muss lediglich in der Lage sein, eine Datenkommunikation einerseits mit der zentralen Recheneinheit und andererseits mit der Zutrittskontrollvorrichtung durchzuführen. Das Telekommunikationsgerät weist daher bevorzugt zwei voneinander verschiedene Datenübertragungsschnittstellen auf. Die eine Datenübertragungsschnittstelle ist zum Zwecke der Kommunikation mit der zentralen Recheneinheit bevorzugt für die Kommunikation über ein Telekommunikationsnetzwerk ausgebildet. Die andere Datenübertragungsschnittstelle ist zum Zwecke der Kommunikation mit der Zutrittskontrollvorrichtung über Kurzreichweitenfunk, z.B. Bluetooth, ausgebildet. Bevorzugt handelt es sich bei dem Telekommunikationsgerät um ein Mobiltelefon, insbesondere ein GSM/UMTS-Mobiltelefon, insbesondere SmartPhone, Tablet, SmartWatch, oder um einen insbesondere tragbaren Personal Computer. Das Telekommunikationsgerät kann aber auch als stationäre Einrichtung ausgebildet sein, z.B. als Bluetooth-Knoten, der die über das Telekommunikationsnetzwerk erhaltenen Daten in das Bluetooth-Protokoll umsetzt.Basically, the present invention is not limited to a particular embodiment of the telecommunication device. The telecommunication device only has to be able to carry out a data communication on the one hand with the central processing unit and on the other hand with the access control device. The telecommunications device therefore preferably has two mutually different data transmission interfaces. The one data transmission interface is preferably designed for the purpose of communication with the central processing unit for communication via a telecommunications network. The other data transmission interface is designed for the purpose of communication with the access control device via short range radio, eg Bluetooth. The telecommunication device is preferably a mobile telephone, in particular a GSM / UMTS mobile telephone, in particular a SmartPhone, a tablet, SmartWatch, or a particularly portable one Personal computer. However, the telecommunication device can also be configured as a stationary device, for example as a Bluetooth node, which converts the data obtained via the telecommunication network into the Bluetooth protocol.

Die Datenübermittlung zwischen der zentralen Recheneinheit und dem Telekommunikationsgerät kann über ein mobiles Telekommunikationsnetz, wie z.B. ein GSM, GPRS, UMTS und/oder LTE-Netz, oder über eine drahtlose Internetverbindung, wie z.B. WLAN oder dgl. erfolgen.The data transmission between the central processing unit and the telecommunication device may be over a mobile telecommunication network, e.g. a GSM, GPRS, UMTS and / or LTE network, or via a wireless internet connection, e.g. Wi-Fi or the like done.

Das Telekommunikationsgerät kann die Funktion einer Relay- oder Proxy-Einheit zwischen der zentralen Recheneinheit und der Zutrittskontrollvorrichtung übernehmen. In diesem Fall werden die Zutrittsrechtsdaten nicht in dem Telekommunikationsgerät zwischengespeichert, sondern es wird eine End-to-end-Datenverbindung zwischen der zentralen Recheneinheit und der Zutrittskontrollvorrichtung hergestellt, sodass die Daten lediglich durch das Telekommunikationsgerät durchgeleitet werden. In dem Telekommunikationsgerät erfolgt dann lediglich eine Umsetzung der Daten von dem für die Verbindung zwischen der zentralen Recheneinheit und dem Telekommunikationsgerät verwendeten Übertragungsprotokoll auf das für die Verbindung zwischen dem Telekommunikationsgerät und der Zutrittskontrollvorrichtung verwendete Übertragungsprotokoll.The telecommunication device can take over the function of a relay or proxy unit between the central processing unit and the access control device. In this case, the access right data is not buffered in the telecommunication device, but an end-to-end data connection between the central processing unit and the access control device is established, so that the data is only passed through the telecommunication device. In the telecommunication device, only the conversion of the data from the transmission protocol used for the connection between the central processing unit and the telecommunication device then takes place on the transmission protocol used for the connection between the telecommunication device and the access control device.

Unter einem Sperrmittel ist im Rahmen der Erfindung z.B. ein mechanisch wirkendes Sperrelement, das zwischen einer Sperr- und einer Freigabestellung bewegt werden kann, ein mechanisches oder magnetisches Kupplungselement, das ein Betätigungselement, wie z.B. eine Handhabe, mit einem Sperrglied koppelt oder entkoppelt, oder ein elektrisch sperr- und/oder freigebbares Sperrelement, wie z.B. ein elektrischer Türöffner, zu verstehen.In the context of the invention, a blocking means is, for example, a mechanically acting blocking element which can be moved between a blocking and a release position, or a mechanical or magnetic coupling element which couples or decouples an actuating element, such as a handle, with a blocking member electrically lockable and / or releasable Blocking element, such as an electric door opener to understand.

Die Erfindung wird nachfolgend anhand eines in der Zeichnung schematisch dargestellten Ausführungsbeispiels näher erläutert. In dieser zeigt Fig. 1 den schematischen Aufbau eines Zutrittskontrollsystems und Fig. 2 die Programmierung eines Identmediums anhand eines Blockschemas.The invention will be explained in more detail with reference to an embodiment schematically illustrated in the drawing. In this shows Fig. 1 the schematic structure of an access control system and Fig. 2 the programming of an identification medium based on a block diagram.

In Fig. 1 ist eine zentrale Recheneinheit mit 1 bezeichnet. Die Objekte, zu denen der Zutritt mit Hilfe des Zutrittskontrollsystems kontrolliert werden soll, sind mit 2 bezeichnet und im vorliegenden Fall schematisch als Häuser dargestellt. Die Objekte 2 weisen jeweils eine Tür mit einer auf RFID oder NFC basierenden Schließeinheit auf. Ein Administrator 3 verwaltet die zentrale Recheneinheit 1 und kann Zutrittsberechtigungen vergeben. Die zentrale Recheneinheit 1 ist an eine mobile, drahtloses Telekommunikationsnetzwerk 4 angeschlossen, wie beispielsweise ein GSM-Handy-Netz und kann über das Telekommunikationsnetzwerk 4 Zutrittsrechtsdaten an mobile Telekommunikationsgeräte 5 senden. Bei den mobilen Telekommunikationsgeräten 5 handelt es sich um Mobiltelefone, die mit einer Softwareapplikation ausgestattet sind, welche den Datenaustausch zwischen der zentralen Recheneinheit 1 und einem Identmedium 6 steuert. Die Softwareapplikation bzw. das Telekommunikationsgerät 5 fungiert als Router, der die von der zentralen Recheneinheit 1 erhaltenen Zutrittsrechtsdaten über die Kommunikationsverbindung 7 an das Identmedium 6 weitergibt. Die zu übertragenden Zutrittsrechtsdaten werden hierbei in der zentralen Recheneinheit 1 verschlüsselt und in dem Identmedium 6 entschlüsselt. In dem Telekommunikationsgerät 5 erfolgt keine Entschlüsselung der Zutrittsrechtsdaten. Im einfachsten Fall werden die Zutrittsrechtsdaten als Schlosskennung an das mobile Telekommunikationsgerät 5 gesendet. Wenn nun in einem stark vereinfachten Beispiel die Schließeinheiten der in Fig. 1 dargestellten Objekte 2 die Kennung 100, 101 und 102 aufweisen, so bedeutet die Übermittlung der Zutrittsrechtsdaten an ein Telekommunikationsgerät 5 in Form der Kennung 101, dass dies einer Zugangsberechtigung für die Schließeinheit mit der Kennung 101 entspricht. Wenn nun das als Schlüssel verwendete Identmedium 6 in die Nähe einer Schließeinheit mit der Kennung 101 gebracht wird und im Zuge der Zutrittsberechtigungsprüfung die Zutrittsrechtsdaten, nämlich die Schlosskennung "101" an die Schließeinheit übermittelt wird, so erkennt die Schließeinheit auf Grund eines Vergleichs der vom Schlüssel übermittelten Schlosskennung mit der eigenen Schlosskennung bei Übereinstimmung derselben das Vorhandensein einer Zutrittsberechtigung, worauf das Schloss freigegeben wird.In Fig. 1 is a central processing unit designated 1. The objects to which the access is to be controlled by means of the access control system are designated 2 and schematically represented in the present case as houses. The objects 2 each have a door with a locking unit based on RFID or NFC. An administrator 3 manages the central processing unit 1 and can assign access authorizations. The central processing unit 1 is connected to a mobile, wireless telecommunications network 4, such as a GSM mobile phone network and can send access rights data to mobile telecommunication devices 5 via the telecommunications network 4. The mobile telecommunication devices 5 are mobile phones which are equipped with a software application which controls the data exchange between the central processing unit 1 and an identification medium 6. The software application or the telecommunication device 5 acts as a router, which forwards the access rights data received from the central processing unit 1 via the communication connection 7 to the identification medium 6. The access rights data to be transmitted are hereby encrypted in the central processing unit 1 and decrypted in the identification medium 6. In the telecommunication device 5 there is no decryption of the access right data. In the simplest case, the access right data as a lock identifier to the mobile telecommunications device 5 sent. If, in a very simplified example, the closing units of the in Fig. 1 shown objects 2 have the identifier 100, 101 and 102, the transmission of the access rights data to a telecommunication device 5 in the form of the identifier 101 means that this corresponds to an access authorization for the locking unit with the identifier 101. Now, if the identification medium 6 used as a key is brought into the vicinity of a locking unit with the identifier 101 and in the course of the access authorization check the access right data, namely the lock identifier "101" is transmitted to the locking unit, the locking unit recognizes on the basis of a comparison of the key transmitted lock identifier with its own lock identifier at the same match the presence of an access authorization, after which the lock is released.

Gemäß der Erfindung erfolgt die Übertragung 7 der Zutrittsrechtsdaten vom Telekommunikationsgerät 5 an ein Identmedium 6 nicht direkt, sondern über eine dafür ausgerüstete Schließeinheit 8, wie dies in Fig. 2 dargestellt ist. Die Schließeinheit 8 verfügt zu diesem Zweck über eine erste Kommunikationsschnittstelle 13, bei der es sich um eine Schnittstelle für Kurzreichweitenfunk, wie z.B. eine Bluetooth 4.0 Low Energy Schnittstelle, handelt. Die Schließeinheit 8 verfügt weiters über eine zweite Kommunikationsschnittstelle 15, bei der es sich um eine Schnittstelle für Nahfeldkommunikation, z.B. über RFID bzw. NFC handelt.According to the invention, the transmission 7 of the access right data from the telecommunication device 5 to an identification medium 6 does not take place directly but via a closing unit 8 equipped therefor, as shown in FIG Fig. 2 is shown. For this purpose, the clamping unit 8 has a first communication interface 13, which is an interface for short-range radio communication, such as a Bluetooth 4.0 low-energy interface. The clamping unit 8 furthermore has a second communication interface 15, which is an interface for near-field communication, eg via RFID or NFC.

Zur Steuerung des Programmiervorganges verfügt das Telekommunikationsgerät, bei dem es sich z.B. um ein Smartphone, ein Tablet oder eine SmartWatch handeln kann, über eine graphische Benutzeroberfläche 12 und eine Softwareapplikation 11. Die von der zentralen Recheneinheit 1 über die Verbindung 4 an das Telekommunikationsgerät 5 übermittelten Zutrittsrechtsdaten werden über die Funkverbindung (z.B. Bluetooth-Verbindung) 9 und die erste Kommunikationsschnittstelle 13 an die Schließeinheit 9 übermittelt. Die Zutrittsrechtsdaten werden gemeinsam mit Headerinformationen übermittelt, sodass ein Mikrokontroller 14 der Schließeinheit 8 die Daten als für das Identmedium 6 bestimmte Daten erkennt und für die Weiterleitung der Daten über die zweite Kommunikationsschnittstelle 15 und die Nahfeldkommunikationsverbindung 10 an das Identmedium 6 sorgt. Im Identmedium werden die Daten in einem Speicher geschrieben und für zukünftige Berechtigungsabfragen verwendet, um im Datenaustausch mit einer Schließeinheit im Zusammenhang mit einem Zutrittswunsch die Zutrittsberechtigung überprüfen zu können.To control the programming process has the telecommunications device, which may be, for example, a smartphone, a tablet or a SmartWatch, via a graphical user interface 12 and a software application 11. The from the central processing unit 1 via the connection 4 to the telecommunication device 5 transmitted access rights data are transmitted via the radio link (eg Bluetooth connection) 9 and the first communication interface 13 to the locking unit 9. The access right data are transmitted together with header information, so that a microcontroller 14 of the clamping unit 8 recognizes the data as data intended for the identification medium 6 and ensures the forwarding of the data via the second communication interface 15 and the near field communication connection 10 to the identification medium 6. In the identification medium, the data is written in a memory and used for future authorization requests in order to be able to check the access authorization in data exchange with a locking unit in connection with an access request.

Gemäß einem Anwendungsbeispiel kann wie folgt für die Programmierung eines Identmediums 6 vorgegangen werden:

  1. 1. Der Benutzer wählt am mobilen Endgerät 5 in der Applikation 11 die Funktion "Identmedium via Schließkomponente aktualisieren" aus.
  2. 2. Die Applikation 11 prüft zuerst ob eine Datenverbindung 4 zum Server 1 besteht.
  3. 3. Die Applikation 11 prüft, ob eine Verbindung 9 zu einer Schließkomponente 8 hergestellt werden kann.
  4. 4. Der Benutzer wird aufgefordert, das Identmedium 6 an die entsprechende Schließkomponente 8 zu halten.
  5. 5. Es wird eine Verbindung aufgebaut zwischen:
    1. a. Identmedium 6 und Schließkomponente 7 via RFID/NFC 10,
    2. b. Schließkomponente 8 und mobilem Endgerät 5 via Funk/Bluetooth LE 9,
    3. c. mobilem Endgerät 5 und Server 1 via Datenverbindung 4.
  6. 6. Der Benutzer wird über die Benutzeroberfläche 12 der Applikation 11 über den Aktualisierungsvorgang informiert.
  7. 7. Die Schließkomponente 8 und die Applikation 11 signalisieren dem Benutzer, ob der Vorgang korrekt abgeschlossen wurde oder alternativ eine Fehlermeldung.
According to an example of application, the following procedure can be followed for programming an identification medium 6:
  1. 1. The user selects on the mobile terminal 5 in the application 11, the function "update identification medium via locking component" from.
  2. 2. The application 11 first checks whether a data connection 4 to the server 1 exists.
  3. 3. The application 11 checks whether a connection 9 can be made to a closing component 8.
  4. 4. The user is requested to hold the identification medium 6 to the corresponding closing component 8.
  5. 5. A connection is established between:
    1. a. Identification medium 6 and closing component 7 via RFID / NFC 10,
    2. b. Locking component 8 and mobile terminal 5 via radio / Bluetooth LE 9,
    3. c. mobile terminal 5 and server 1 via data connection 4.
  6. 6. The user is informed via the user interface 12 of the application 11 about the update process.
  7. 7. The closing component 8 and the application 11 signal to the user whether the process has been completed correctly or alternatively an error message.

Alternativ könnte Schritt 2 und Schritt 5c auch ausgelassen werden, sofern die Applikation 11 die für die Aktualisierung erforderlichen Daten schon vorher zwischengespeichert hat. Dazu muss aber der Benutzer aus einer Liste in der Applikation 11 die zu aktualisierenden Identmedien 6 vorauswählen. Dieser Alternativablauf könnte wie folgt aussehen:

  1. 1. Der Benutzer wählt am mobilen Endgerät 5 in der Applikation 11 die Funktion "Mediendaten cachen" aus.
    1. a. Die Applikation 11 prüft zuerst, ob eine Datenverbindung 4 zum Server 1 besteht.
    2. b. Der Benutzer wählt die zu aktualisierenden Identmedien 6 aus.
    3. c. Die erforderlichen Daten werden vom Server 1 zur Applikation 11 übertragen und dort gespeichert.
  2. 2. Der Benutzer wählt am mobilen Endgerät 5 in der Applikation 11 die Funktion "Medium via Schließkomponente aktualisieren" aus.
  3. 3. Die Applikation 11 prüft, ob eine Verbindung 9 zu einer Schließkomponente 8 hergestellt werden kann.
  4. 4. Der Benutzer wird aufgefordert, das Identmedium 6 an die entsprechende Schließkomponente 8 zu halten.
  5. 5. Es wird eine Verbindung aufgebaut zwischen:
    1. a. Identmedium 6 und Schließkomponente 8 via Nahfeldkommunikation, z.B. RFID/NFC 10,
    2. b. Schließkomponente 8 und mobilem Endgerät 5 via Funk 9, z.B. Bluetooth LE.
  6. 6. Der Benutzer wird über die Benutzeroberfläche 12 der Applikation 11 über den Aktualisierungsvorgang informiert.
  7. 7. Die Schließkomponente 8 und die Applikation 11 signalisieren dem Benutzer, ob der Vorgang korrekt abgeschlossen wurde oder alternativ eine Fehlermeldung.
  8. 8. Sobald die Applikation 11 wieder Datenverbindung 4 zum Server 1 hat, werden die aktualisierten Daten der Identmedien 6 wieder an den Server 1 zurückübertragen.
Alternatively, step 2 and step 5c could also be left out if the application 11 has already buffered the data required for the update before. To do this, however, the user must preselect the ident media 6 to be updated from a list in the application 11. This alternative flow could look like this:
  1. 1. The user selects the mobile device 5 in the application 11, the function "cache media data" from.
    1. a. The application 11 first checks whether a data connection 4 to the server 1 exists.
    2. b. The user selects the ident media 6 to be updated.
    3. c. The required data is transmitted from the server 1 to the application 11 and stored there.
  2. 2. The user selects on the mobile terminal 5 in the application 11, the function "Update medium via locking component" from.
  3. 3. The application 11 checks whether a connection 9 can be made to a closing component 8.
  4. 4. The user is requested to hold the identification medium 6 to the corresponding closing component 8.
  5. 5. A connection is established between:
    1. a. Identification medium 6 and closing component 8 via near-field communication, eg RFID / NFC 10,
    2. b. Locking component 8 and mobile terminal 5 via radio 9, eg Bluetooth LE.
  6. 6. The user is informed via the user interface 12 of the application 11 about the update process.
  7. 7. The closing component 8 and the application 11 signal to the user whether the process has been completed correctly or alternatively an error message.
  8. 8. As soon as the application 11 again has data connection 4 to the server 1, the updated data of the identification media 6 are transmitted back to the server 1 again.

Im Rahmen der vorliegenden Erfindung kann die Kurzreichweitenfunkverbindung 9 nicht nur für die Übertragung von Zutrittsrechtsdaten genutzt werden. Es können auch Konfigurationsdaten der Schließkomponenten, eine Blacklist von nicht zutrittsrechtsberechtigten Identmedien, aus den Schließkomponenten ausgelesene Ereignisdaten, sowie Zustandsdaten über die Funkverbindung übermittelt werden. Die Datenübertragung kann grundsätzlich auch ohne aktive Veranlassung durch den Benutzer erfolgen. Vielmehr kann die Datenübertragung selbsttätig erfolgen, sobald sich das mobile Endgerät in Reichweite der entsprechenden Schließkomponente befindet. Durch geeignete Programmierung der Applikation 11 kann festgelegt werden, zu welchem Zeitpunkt die Datenübertragung mit welcher Schließkomponente und wie oft erfolgt. Dabei können z.B. Energiemanagementstrategien und Informationsstrategien berücksichtigt werden. In analoger Weise können auch Daten aus den Schließkomponenten an den zentralen Server rückgemeldet werden.In the context of the present invention, the short-range radio connection 9 can not only be used for the transmission of access right data. It is also possible to transmit configuration data of the locking components, a blacklist of identification media not authorized for access authorization, event data read from the locking components, as well as status data via the radio link. In principle, the data transmission can also take place without active request by the user. Rather, the data transmission can take place automatically as soon as the mobile terminal is within range of the corresponding locking component. By suitable programming of the application 11, it can be determined at which time the data transmission with which locking component and how often takes place. Thereby, e.g. Energy management strategies and information strategies. In an analogous way, data from the locking components can also be reported back to the central server.

Nachfolgend werden Beispiele für über die Verbindung 9 zu übertragende Daten angeführt: Daten für ein Identmedium, insbesondere dessen Update (Software- oder Firmware-Update), Daten für unterschiedliche Identmedien zum Updaten dieser, Statusdaten über einen erfolgreichen Updatevorgang, Statusdaten über den Batterieladezustand sowie über einen bevorstehenden Batteriewechsel, Uhrzeitabgleich mit dem Server, Statusdaten über einen erfolgreichen Uhrzeitabgleich, Statusdaten über den Erhalt der Blacklist, Zustandsdaten über die Öffnung (z.B. Schloss momentan in Daueröffnung), Türkontaktdaten und Riegelkontaktdaten (wenn vorhanden), Manipulations- und Aufbruchalarme (wenn von der Schließkomponente unterstützt), Firmwareversionsinformationen, Firmwareupdates, Betriebsstundenzähler der Schließkomponente, erfolgte Sperrungen der Schließkomponente, Konfigurationsdaten, Statusdaten über das Auslesen der Ereignisliste von der Schließkomponente, Bereichslisten, Zeitzoneninformationen, Feiertagskalender, Daueröffnungskalender, Freigaben.Examples of data to be transmitted via the connection 9 are given below: Data for an identification medium, in particular its update (software or firmware update), data for different identification media for updating this, status data on a successful update process, status data on the battery state of charge and via an imminent battery change, time synchronization with the server, status data on a successful time synchronization, status data on the receipt of the Blacklist, status information about the opening (eg lock currently in permanent opening), door contact data and latch contact data (if present), manipulation and break alarms (if supported by the locking component), firmware version information, firmware updates, closing hours operating hours counter, lock component locks, configuration data, status data by reading out the event list from the closing component, area lists, time zone information, holiday calendars, permanent opening calendar, releases.

Claims (11)

  1. A method for programming identification media of an access control system, wherein the access control system comprises at least one access control device (8) and a central processing unit (1), in which access rights data are stored and managed, wherein the programming of the identification medium (6) comprises the transmission of access rights data via a wireless telecommunications network (4) to a wireless mobile telecommunications device (5) and the transmission of access rights data received from the mobile telecommunication device to a memory of the identification medium (6), characterized in that the transmission of the access rights data from the telecommunication device (5) to the memory of the identification medium (6) is performed via the at least one access control device (8), wherein the access rights data are transmitted from the telecommunication device (5) to a first wireless communication interface (13) of the access control device and from a second wireless communication interface (15) of the access control device to the memory of the identification medium (6).
  2. Method according to claim 1, characterized in that the access rights data is transmitted wirelessly via short range radio, e.g. via Bluetooth, in particular low energy Bluetooth, from the telecommunication device (5) to the first wireless communication interface (13) of the access control device.
  3. Method according to claim 1 or 2, characterized in that the data communication between the second wireless communication interface (13) and a transmitting/receiving unit of the identification medium (6) is performed by means of near-field communication, in particular according to the RFID, NFC, JCOP or MIFARE DESFire standard.
  4. Method according to claim 3, characterized in that the power supply of the transmitting/receiving unit of the identification medium (6) takes place via an electromagnetic, preferably substantially magnetic alternating field of the second wireless communication interface (15) of the access control device.
  5. Method for access control, especially in buildings, in which bidirectional data transmission takes place between an electronic identification medium (6) storing access rights data and an access control device (8) and in which an access authorization control is made in the access control device, wherein a locking means for selectively enabling or locking the access is controlled depending on the established access authorization, wherein access rights data is stored and managed in a central processing unit (1) and the identification medium (6) is programmed with a method according to one of claims 1 to 4 with access rights data.
  6. Access control device (8) for carrying out a method according to one of claims 1 to 5, comprising a first wireless communication interface (13) for transmitting data, in particular access rights data, from and/or to a mobile telecommunication device (5) and a second wireless communication interface (15) for transmitting data, in particular access rights data, from and/or to an identification medium (6), characterized in that the access control device comprises a buffer and a control unit (14), wherein the control unit (14) is configured for interacting with the first (13) and the second (15) communication interface such that data arriving via the first communication interface (13) are fed to the buffer and transferred from the buffer to the second communication interface (15) for bing forwarded to the identification medium (6) .
  7. Access control device according to claim 6, characterized in that the first communication interface (13) is designed for data communication by means of short-range radio transmission.
  8. Access control device according to claim 7, characterized in that the first communication interface (13) is designed for data communication via the Bluetooth standard, in particular low-energy Bluetooth.
  9. Access control device according to one of claims 6 to 8, characterized in that the second communication interface (15) is designed for wireless data communication by means of near-field communication, in particular according to the RFID, NFC, JCOP or MIFARE DESFire standard.
  10. Access control device according to claim 9, characterized in that the identification medium (6) is designed as a passively operating RFID, NFC, JCOP or MIFARE DESFire unit.
  11. Access control device according to one of claims 6 to 10, characterized in that the access control device is a locking unit of a locking system, in particular an electrical, electronic or mechatronic locking unit, such as e.g. cylinder locks, electric cylinders, electric door openers, E-fittings or wall readers.
EP16450026.6A 2015-10-08 2016-10-06 Method for programming ident media of an access control system Active EP3156980B1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
ATA653/2015A AT517780A1 (en) 2015-10-08 2015-10-08 Method for programming identification media of an access control system

Publications (2)

Publication Number Publication Date
EP3156980A1 EP3156980A1 (en) 2017-04-19
EP3156980B1 true EP3156980B1 (en) 2019-09-04

Family

ID=57130334

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16450026.6A Active EP3156980B1 (en) 2015-10-08 2016-10-06 Method for programming ident media of an access control system

Country Status (3)

Country Link
EP (1) EP3156980B1 (en)
AT (1) AT517780A1 (en)
ES (1) ES2760301T3 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BR112019007529B1 (en) 2016-10-19 2023-12-05 Dormakaba Usa Inc. INTERCHANGEABLE LOCK FOR USE WITH A LOCK DEVICE
AU2018330295B2 (en) 2017-09-08 2023-11-30 Dormakaba Usa Inc. Electro-mechanical lock core
US11466473B2 (en) 2018-04-13 2022-10-11 Dormakaba Usa Inc Electro-mechanical lock core
BR112020020946A2 (en) 2018-04-13 2021-03-02 Dormakaba Usa Inc. electromechanical lock core
EP4046141A1 (en) 2019-10-18 2022-08-24 Carrier Corporation Method and system for switching the premises
WO2021074724A1 (en) * 2019-10-18 2021-04-22 Carrier Corporation A method and an apparatus for switching premises

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI20002255A (en) * 2000-10-13 2002-04-14 Nokia Corp A method for controlling and controlling locks
AT506344B1 (en) * 2008-01-30 2015-06-15 Evva Sicherheitstechnologie METHOD AND DEVICE FOR CONTROLLING THE ACCESS CONTROL
SE534135C2 (en) * 2009-09-17 2011-05-10 Phoniro Ab Distribution of lock access data for electromechanical locks in an access control system
US9811960B2 (en) * 2012-09-21 2017-11-07 Simonsvoss Technologies Gmbh Method and system for the configuration of small locking systems
AT513461B1 (en) * 2013-06-25 2014-08-15 Evva Sicherheitstechnologie Access control procedure
CN203894831U (en) * 2014-06-04 2014-10-22 闫凯锋 Hotel door lock based on Bluetooth and NFC (Near Field Communication) technologies

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Also Published As

Publication number Publication date
ES2760301T3 (en) 2020-05-13
AT517780A1 (en) 2017-04-15
EP3156980A1 (en) 2017-04-19

Similar Documents

Publication Publication Date Title
EP3156980B1 (en) Method for programming ident media of an access control system
EP2238576B1 (en) Method and device for regulating access control
AT513461B1 (en) Access control procedure
EP2283638B1 (en) Method for exchanging data between a mobile telephone and a fixed line telephone
EP2624223B1 (en) Method and apparatus for access control
DE102012012565A1 (en) Method for entering identification data of a vehicle in a user database of an Internet server device
DE102014202637A1 (en) Arrangement for the authorized response of at least one component located in a building
WO2014190445A2 (en) Method for managing media for wireless communication
AT516288B1 (en) Method and device for managing access authorizations
EP2929665B1 (en) Method, assembly for processing information in a domestic appliance, and domestic appliance
DE202015009326U1 (en) Car key and communication system for this
EP2890191B1 (en) Method for secure communication in a communication network
DE102013100756B3 (en) Method for performing authentication of using access system e.g. electronic lock, involves determining whether second key and encrypted second keys are valid based on second temporary session key
EP2584539A1 (en) Method for configuring an electromechanical lock
DE102013001733A1 (en) Method for accessing a service of a server via an application of a terminal
EP3739554A1 (en) Access control system and method for operating an access control system
EP3349188B1 (en) Door system and communication unit for adapting an operation of the door system
AT13608U1 (en) Method and device for controlling access control
EP3816946A1 (en) Access control system for a building and corresponding method
CH708123A2 (en) Process making available a secured time information.
DE102005043824B4 (en) Control of Aktorikelementen using mobile devices
DE102012104955A1 (en) Method for cryptographically verified proof of the presence of an identity token in the area of an identity sensor and identity sensor for such a method
EP3349187B1 (en) Method for providing at least one drive parameter of at least one door system
EP2613491A1 (en) Execution of cryptographic operations with data from a user terminal
EP4138435A1 (en) Method for granting access to a control unit in a building control system

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20171017

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20190410

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1176461

Country of ref document: AT

Kind code of ref document: T

Effective date: 20190915

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 502016006409

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: GERMAN

REG Reference to a national code

Ref country code: NL

Ref legal event code: FP

REG Reference to a national code

Ref country code: SE

Ref legal event code: TRGR

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191204

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191204

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191205

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200106

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2760301

Country of ref document: ES

Kind code of ref document: T3

Effective date: 20200513

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200224

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 502016006409

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG2D Information on lapse in contracting state deleted

Ref country code: IS

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191006

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200105

26N No opposition filed

Effective date: 20200605

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20191031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191006

REG Reference to a national code

Ref country code: CH

Ref legal event code: PFUS

Owner name: EVVA SICHERHEITSTECHNOLOGIE GMBH, AT

Free format text: FORMER OWNER: EVVA SICHERHEITSTECHNOLOGIE GMBH, AT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20161006

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190904

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230510

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20241026

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20241029

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20241028

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20241025

Year of fee payment: 9

Ref country code: AT

Payment date: 20241009

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20241104

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 20241027

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: CH

Payment date: 20241101

Year of fee payment: 9