[go: up one dir, main page]

EP2348490B1 - Access control system - Google Patents

Access control system Download PDF

Info

Publication number
EP2348490B1
EP2348490B1 EP09180266.0A EP09180266A EP2348490B1 EP 2348490 B1 EP2348490 B1 EP 2348490B1 EP 09180266 A EP09180266 A EP 09180266A EP 2348490 B1 EP2348490 B1 EP 2348490B1
Authority
EP
European Patent Office
Prior art keywords
electromechanical
key
lock
access
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP09180266.0A
Other languages
German (de)
French (fr)
Other versions
EP2348490A1 (en
Inventor
Sami Herrala
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iloq Oy
9Solutions Oy
Original Assignee
Iloq Oy
9Solutions Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iloq Oy, 9Solutions Oy filed Critical Iloq Oy
Priority to EP09180266.0A priority Critical patent/EP2348490B1/en
Publication of EP2348490A1 publication Critical patent/EP2348490A1/en
Application granted granted Critical
Publication of EP2348490B1 publication Critical patent/EP2348490B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks

Definitions

  • the invention relates to the field of access control systems.
  • the field of access control systems encompasses conventional mechanical locks with keys mechanically adapted to operate such locks and electronic lock systems where keys interact with electronic locks by utilizing electric signals transferred between a lock and a key. If the key contains correct electronic information, it will control the lock to open and grant access. On the other hand, incorrect electronic information keeps the lock closed.
  • the prior art even teaches using an electronic key adapted to communicate with a cellular phone carried by a user over a Bluetooth connection.
  • the user When the user wishes to open a lock on a door, for example, the user inserts the key into the lock and controls his/her cellular phone to launch an appropriate application.
  • the application controls the cellular phone to access a server controlling access rights. If the user may access the door, the server provides authorization to open the lock, and the authorization is delivered to the lock through the cellular phone and the electronic key.
  • a problem with this approach is that while the user may obtain authorization to access on-the-fly, the access itself is complicated because the user has to operate both the key and the cellular phone.
  • EP 1 324 276 discloses an electronic security system with an electronic key and an electronic locking apparatus.
  • the electronic key includes an identification data registry for storing one or more identification data for locking and unlocking.
  • the electronic locking apparatus includes a key data registry for storing a key data having a predetermined relationship with an identification data of an electronic key corresponding to the electronic locking apparatus.
  • the system is provided with a reader/writer for reading and writing the identification data in and from the identification data registry. This system ensures an improved convenience by making a single key compatible with a plurality of objects.
  • US 2003/117260 discloses an access control system that includes a tag carried by a user which communicates over a short range wireless link to door lock controller to provide to the controller a security access code and actuate door release means.
  • the tag communicates with access code repository and requests a valid access code.
  • the tag also communicates to the repository an identity provided by the door release means and an identity of the tag itself. A decision may then be taken whether to provide the tag with a valid access code for that particular door release means.
  • the door release means may provide the tag with a telephone number to call when making the request to the repository.
  • EP 1 336 937 discloses a mobile communication terminal transmits access rights data comprising an access control device identification to access control devices.
  • An access control module checks the data received from the mobile communication terminal, with the predetermined access rights data, based on which user's access right is approved.
  • Independent claims are also included for the following: access control method; computer program product for performing access control; and access control device.
  • EP 1 024 239 discloses an approach for managing physical security in an electronic lock-and-key system.
  • the approach does away with cabling or other direct connecting between locks and a system management center.
  • the keys serve to disseminate access control and other information within the system in a snowball-like way, using an adapted, but simple networking protocol. Whenever appropriate, cryptographic schemes are applied to protect the system.
  • EP 1 321 901 discloses a method for controlling access to an object in which a mobile object or key is used to undo or release a lock when the key is authorized. Prior to contact between key and lock the key is issued a certificate by a central unit that contains a specific identify code. When the key is connected to or inserted in the lock offline authentication is based on the specific identity code in the certificate.
  • WO 2004/092514 A1 discloses an access control system to allow real-time access monitoring of locked premises.
  • US 2004/189471 A1 discloses a system for monitoring a facility wherein signals from monitoring tags are relayed to monitoring stations which identify possible events based on the received signals and alert staff members of those events.
  • an electromechanical key is utilized for operating an electromechanical lock.
  • the key may be a personal key carried by a person.
  • Figure 1 shows an embodiment of an electromechanical locking system.
  • a user 105 is about to open a door 115.
  • the user carries an electromechanical key 106.
  • the electromechanical key 106 is illustrated as a box but in a preferred embodiment the physical dimensions are similar to those of a conventional mechanical key having a protrusion which is inserted into a receptable in a lock so as to implement a mechanical connection between the lock and the key.
  • the electromechanical key 106 comprises an electromechanical interface matching a counterpart interface 112 provided in an electromechanical lock 116 the electromechanical key 106 is adapted to open when the electromechanical interface of the electromechanical key 106 is brought into contact with the counterpart interface 112 of the electromechanical lock.
  • the contact may be a physical contact, i.e. the interfaces touch each other.
  • the contact is short range electromagnetic contact based on electromagnetic induction, short range radio communication, etc.
  • the interfaces are electromagnetic interfaces.
  • Other embodiments utilize other electronic interfaces and, in general, the electromechanical key may be considered in such embodiments where no mechanical contact between the lock and key is necessary as an electronic key.
  • An electronic connection 110 is established between the electromechanical key 106 and the electromechanical lock 116 when the interfaces are brought into contact with one another, i.e. when the key is inserted into the lock.
  • the electromechanical key further comprises a communication circuitry configured to establish a radio connection, and a memory for storing access codes used for opening access-controlled locks and other information enabling the operation of the electromechanical key.
  • the electromechanical key 106 further comprises a control circuitry configured to control the communication circuitry to establish an end-to-end communication connection with a server 101 managing access rights, to communicate with the server 101 so as to receive an access code granting access to at least one electromechanical lock, and to communicate an appropriate access code received from the server to the electromechanical lock through the electronic connection between the electromechanical key and the electromechanical lock so as to open the electromechanical lock.
  • a control circuitry configured to control the communication circuitry to establish an end-to-end communication connection with a server 101 managing access rights, to communicate with the server 101 so as to receive an access code granting access to at least one electromechanical lock, and to communicate an appropriate access code received from the server to the electromechanical lock through the electronic connection between the electromechanical key and the electromechanical lock so as to open the electromechanical lock.
  • the communication connection between the electromechanical key 106 and the server 101 may comprise at least one wireless communication link, wherein a wireless communication link is established at least between the electromechanical key and another radio device communicating directly with the electromechanical key.
  • the electromechanical key 106 may have a wireless network channel 104 connection to a wireless network 102 or to a cellular phone carried by the user 105 (not shown).
  • the wireless channel 104 and the wireless network 102 may be implemented according to the Bluetooth, Zigbee, or any other suitable standard/non-standard short-range wireless communication means. It may also be foreseen that the electromechanical key has medium or even long range communication capabilities, thereby comprising terminal device equipment for cellular network communications according to GSM, CDMA, or UMTS (or another cellular network) specifications.
  • the wireless network 102 may establish a pico network, realized by a network of private base stations distributed to cover the area where the location tracking is being carried out.
  • the private base station network may establish a wireless mesh network based on the Bluetooth technology, for example, and configured to route signals through a plurality of base stations between a plurality of user equipment and the server.
  • One or more of the base stations may be connected to a wired network, e.g. Ethernet, so as to connect to the server. If the server is located in a remote location, the connection between the base station network and the server may be routed through the Internet.
  • Other embodiments may utilize other communication technologies to implement the mesh network, such as IEEE 802.11x (WiFi). Modern cellular telecommunication systems, e.g.
  • the UMTS allow for employing private networks and utilizing the UMTS specifications in the private networks.
  • the private networks operate in parallel with public UMTS networks and may even utilize the same frequency bands.
  • the wireless network 102 may thus employ the UMTS radio access specifications.
  • the server may be a computer installed in the same local network as the wireless network or it may be a remote computer accessible through the Internet.
  • the physical structure of the server 101 may be similar to other corresponding servers, i.e. it may comprise one or more processors, network interface for providing communication functionality and network access, and a memory (for example hard drive(s)) for storing the access rights database and other data.
  • the electromechanical lock 116 comprises the counterpart interface 112 where the key is inserted to make the electromechanical connection, a lock mechanism 108 and a lock bolt 114.
  • the user inserts the electromechanical interface of the key 106 into contact with the counterpart interface 112 of the door.
  • the user operates the lock mechanism 108 provided in the lock.
  • the operating may comprise turning a doorknob or turning the key in the lock.
  • the operation activates the lock and provides operating power for the lock to perform the authentication.
  • the key transfers the access data into the lock, and the lock reads the access data. If the access data is correct, the lock is set to an openable state and allows the user to operate the lock bolt.
  • Any suitable authentication technique may be used in connection with the embodiments of the present invention.
  • the selection of the authentication technique depends on the desired security level of the access control system and possibly also on the permitted consumption of electricity for the authentication (especially in user-powered electromechanical locks).
  • the authentication is performed with a SHA-1 (Secure Hash Algorithm) function, designed by the National Security Agency (NSA).
  • SHA-1 Secure Hash Algorithm
  • a condensed digital representation (known as a message digest) is computed from a given input data sequence (known as the message).
  • the message digest is to a high degree of probability unique for the message.
  • SHA-1 is called "secure" because, for a given algorithm, it is computationally infeasible to find a message that corresponds to a given message digest, or to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest.
  • the electromechanical key receives from the server message digests of one or more locks as the access codes, and transfers the message digest to the lock when the electric connection between the lock and the key has been established.
  • the lock compares the received message digest with a reference message digest computed from a message stored in a memory of the lock. If the received message digest corresponds with the computed reference message digest, the lock is opened.
  • FIG. 2 shows a more detailed example of the electromechanical lock 116 and the electromechanical key 106.
  • An electromechanical interface 140 of the electromechanical key 106 and the corresponding interface 112 in the electromechanical lock 116 are counterparts, as described above, and establish the electronic connection between the lock and the key when brought into contact with each other.
  • the electronic connection may be realized by a wired bus through bus connectors in both interfaces 140, 112.
  • the wired bus may be a one-wire bus.
  • the lock 116 further comprises an electronic circuitry configured to receive the access code from the key 106 upon establishment of the electronic connection through the interfaces 140, 112 and to control the opening of the lock in response to the reception of a correct access code.
  • the electronic circuitry 142 may be implemented as one or more integrated circuits, such as application-specific integrated circuits ASIC. Other embodiments are also feasible, such as a circuit built of separate logic components, or memory units and one or more processors with software. A hybrid of these different embodiments is also feasible. When selecting the method of implementation, a person skilled in the art will consider the requirements set on the power consumption of the device, production costs, and production volumes, for example.
  • the electronic circuitry 142 may be configured to execute computer program instructions for executing computer processes.
  • the electronic circuitry 142 is realized with two circuits.
  • the electronic circuitry 142 comprises a communication circuitry 126 and an authentication circuitry 120 which are connected to each other with a communication channel 118.
  • the communication circuitry communicates with the key, receives an electric signal comprising the access data, extracts the access data, and forwards the access data to the authentication circuitry 120.
  • the authentication circuitry 120 analyzes the received access data by comparing the received access data with reference access data stored in a memory (not shown). If the received access data matches the reference access data, the authentication circuitry 120 controls the lock to open.
  • the communication channel 118 may be a logical communication channel between two computer processes executed by the same processor, for example, but it may alternatively be a physical channel between two physically separate circuitries.
  • the authentication circuit 120 is realized with a microcontroller and a memory unit, and the communication circuit is ASIC.
  • other embodiments utilize different physical structures for the electronic circuitry 142.
  • the lock further comprises an actuator 124 which controls the lock bolt 114.
  • the authentication circuitry configures the actuator 124 to set the lock in a mechanically openable state.
  • the actuator 124 may be powered by electric power produced by a generator 122 configured to convert mechanical motion into electric signals, when the user applies the mechanical motion to the lock by turning the knob 108, by turning the key in the lock, or by inserting the key into the lock.
  • the generator 122 is connected only to the authentication circuitry, but it may also be connected to the communication circuitry 126 and receive the mechanical motion through the interface 112. Instead of using the generator transforming the mechanical motion into electric energy, a battery may be utilized, or the lock may be connected to a power source, e.g. an electric outlet.
  • the lock may acquire its electric energy from the key through the interface and electric connection between the lock and the key.
  • the actual implementation of the power supply of the lock depends on the implementation, and the skilled person designing the system takes into account the location of the lock, availability of different power sources, the physical dimensions of the lock, the design of the interfaces of the lock and the key, etc.
  • the actuator 124 may be set to a locked state mechanically, but a detailed discussion thereon is not necessary to illuminate the present embodiments.
  • the bolt mechanism 114 can be moved by operating the lock mechanism (knob) 108, for example.
  • the actuator 124 may in response to the command from the authentication circuitry 120 mechanically move the bolt mechanism 114 so that the door may be opened without any specific action by the user.
  • the user only needs to insert the key into contact with the lock so that the connection between the lock and the key is established and the lock will be opened, provided that the user has access rights to the door.
  • the electromechanical key comprises an electronic circuitry 107 comprising a memory 130, a control circuitry 132, a rechargeable battery 136, and a communication circuitry 134.
  • a communication circuitry 134 may comprise analog and digital components enabling establishment of a radio connection according to any radio access technology listed above. In the following description, a Bluetooth radio access is described. It should be noted that other embodiments utilize other radio access schemes, and the structure and the operation of the communication circuitry 134 is configured according to the supported radio access scheme.
  • the control circuitry 132 controls the operation of the key by controlling the communication with the server and the cellular phone or wireless network and by controlling the transfer of access codes between the locks and the key.
  • the control circuitry 132 may also be configured to carry out other procedures, as will be described in greater detail.
  • the control circuitry 132 may be implemented by ASIC, micro controller, or another processor, depending on the required computational capacity, power consumption requirements, etc.
  • the memory 130 stores the access codes received from the processor as being linked to corresponding locks which each code is arranged to open.
  • the memory 130 may also store instructions of a computer program configuring the operation of the control circuitry 132 and/or communication circuitry 134 when they are software-defined processors.
  • the memory 130 may comprise a non-volatile memory part storing the computer program(s), and a volatile memory (e.g. RAM) for storing the access codes and temporary data needed in the operation of the control circuitry.
  • the access codes may be stored in the non-volatile memory so that they will not be erased in an uncontrolled manner.
  • the battery 136 is rechargeable, and the electromagnetic interface 140 functions also as an interface for charging the battery 136.
  • the interface 140 may comprise a separate wire for charging the battery or the same wiring used for transferring the access codes may be used for charging the battery.
  • a charging device may include a slot (or receptable) structurally similar to the interface 112 of the lock.
  • circuitry refers to all of the following: (a) hardware-only circuit implementations, such as implementations in only analog and/or digital circuitry, and (b) combinations of circuits and software (and/or firmware), such as (as applicable): (i) a combination of processor(s) or (ii) portions of processor(s)/software including digital signal processor(s), software, and memory(ies) that work together to cause an apparatus to perform various functions, and (c) circuits, such as a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation, even if the software or firmware is not physically present.
  • This definition of "circuitry” applies to all uses of this term in this application.
  • the term “circuitry” would also cover an implementation of merely a processor (or multiple processors) or a portion of a processor and its (or their) accompanying software and/or firmware.
  • FIG. 3 is a flow diagram illustrating a process for updating access rights and accessing locks according to an embodiment of the invention.
  • the process is carried out in the electromechanical key, but the following description describes also operations carried out by the server, the electromechanical lock, and the cellular phone / wireless network.
  • the process may be defined by a computer program comprising instructions configuring a processor of the electromechanical key to carry out the steps of the process, when the processor executes the computer program.
  • the process starts in block 300.
  • the key is paired with the cell phone carried by the user.
  • the pairing is carried out between the key and a wireless network realized by a network of base stations installed in the premises where the access control system is used.
  • the pairing may be a conventional Bluetooth pairing.
  • the Bluetooth specification version may be Bluetooth 2.1 + EDR (Enhanced Data Rate) class 1 but other specification versions may alternatively be used, depending on the required data transfer capacity, required operational range, and power consumption requirements.
  • Step 302 may be executed when the key is given to the user, and no pairing is necessarily needed again unless the user acquires a new cellular phone or a key.
  • the control circuitry of the key controls the communication circuitry to establish a communication connection with an ASP (Application Service Provider) server managing the access rights.
  • the communication connection may be a TCP/IP connection, and an IP address of the ASP server may be stored in the memory of the key or in the memory of the cellular phone. In the latter case, the IP address of the ASP server may be read in connection with the pairing in block 302.
  • the TCP/IP connection between the key and the ASP server is routed through the cellular phone or wireless network with which the pairing was performed in block 302.
  • the cellular phone may route the TCP/IP connection through the public cellular telecommunication system and through the Internet, and the wireless network may route the TCP/IP connection through the private network installed in the premises of the access control system.
  • the TCP/IP connection may be encrypted with a cryptographic protocol, such as SSL (Secure Sockets Layer) or TLS (Transport Layer Security).
  • SSL Secure Sockets Layer
  • TLS Transport Layer Security
  • the connection in block 304 is established automatically without any user intervention.
  • the control circuitry of the key is configured to autonomously utilize the Bluetooth dial-up networking profile (or a corresponding profile of another radio access scheme) so as to configure the cellular phone / wireless network to establish the TCP/IP connection.
  • the cellular phone is used merely as a modem or a bridge for routing the connection, and such operation is invisible to the user in that the user does not have to operate the cellular phone after the initial, one-time pairing in block 302.
  • the establishment of the connection may include transmission of encrypted key identification data enabling the ASP server to identify the key (and the user of the key).
  • the control circuitry Upon establishment of the connection with the ASP server in block 304, the control circuitry transmits a request for up-to-date access codes to the ASP server in block 306.
  • the ASP server receives the request, checks a database storing the access rights for each key/user of the access control system in order to acquire access codes currently linked to the key (or the user of the key) requesting the access codes.
  • the database may store identifiers of all the locks in the access control system as being associated with an access code which opens the particular lock.
  • the ASP server Upon acquiring the access codes and corresponding door identifiers from the database, the ASP server transmits the access codes and corresponding door identifiers over the encrypted TCP/IP connection to the key.
  • the key receives the access codes and corresponding door identifiers and stores them in the memory. Then, the TCP/IP connection may be terminated or, alternatively, it may be maintained so that the establishment of a new connection in connection with the next access right update may be omitted.
  • the key may be configured to update the access rights, i.e. to request the ASP server to send up-to-date access codes, at predetermined intervals. In other words, blocks 304 and 306 may be carried out at the predetermined time intervals to ensure that the key has up-to-date access codes all the time.
  • the predetermined interval may be a one-minute interval, for example.
  • the key may omit block 304, and block 304 may be carried out when the key enters the premises of the access control system and the TCP/IP connection is newly created, or when the TCP/IP connection breaks down for some reason, e.g. a time out.
  • Block 310 is optionally executed, when the key is configured to retrieve up-to-date access codes every time a lock is being accessed.
  • Block 310 includes the retrieval of the up-to-date access codes from the ASP server, i.e. execution of block 306 and optionally block 304 (if the connection has not been maintained).
  • the embodiment including the execution of block 310 is advantageous when the access rights of the user has just been modified by adding new access rights to a given lock.
  • the user may simply try to access the lock, and the key retrieves the updated access codes automatically with no need to wait for the next periodic check.
  • the periodic retrieval of the access codes is omitted, and the key is configured to access the ASP server only in connection with an access event, e.g. when the user tries to access a lock of the access control system.
  • the key may identify the access event when a given lock, with which the electric connection is detected in block 308, by successfully retrieving an identifier of the lock through the electric connection, i.e. from the fact that the lock and the key are able to communicate with each other.
  • the control circuitry reads the lock's identifier received through the electromagnetic interface over the electric connection between the lock and the key. If the execution of block 310 is dependent on the correct reading of the lock's identifier, block 312 may be executed before block 310.
  • the control circuitry accesses the memory to check whether or not the memory includes an entry for the lock identifier read in block 312. If the memory includes the entry for the lock identifier, the control circuitry retrieves an access code linked to the lock identifier. In block 316, the control circuitry transfers the access code to the lock through the electromechanical interface over the electric connection between the lock and the key.
  • the authentication circuitry of the lock may be configured to transmit an acknowledgment message to the key over the electric connection so that the control circuitry of the key obtains information on the successful entry.
  • the authentication circuitry may also control the actuator to open the lock, as described above. If the memory of the key contains no entry for the lock identifier, the lock access procedure ends.
  • the control circuitry may also send an error message to the lock, and the lock may indicate an erroneous entry to the user by flashing a red light or by providing another visual or audiovisual indication that the access has been denied.
  • the control circuitry of the key may be configured to transmit a message indicating the failed access to the server.
  • the message may include the identifier of the lock so that the failed access is linked to the appropriate lock and optionally time information indicating the time when the entry was attempted.
  • the time may, however, be determined implicitly from the time when the message is transferred to the ASP server.
  • the ASP server may check whether or not the key had rights to access that door at the time the entry was made so as to verify whether the user has tried to access a lock which he/she has no rights to access or whether there has been an operational error in the lock, key, server, or in the communication between them.
  • the system may record operational failures so as to detect faulty components in the access control system, and the system may also record information that the user has tried to access a lock to which (s)he has no access rights.
  • the control circuitry of the key may be configured to transfer a message of a successful entry to a given lock to the ASP server for location tracking purposes.
  • a message may comprise an indication of the successful entry and an identifier of the lock which has been successfully opened.
  • the transfer of such a message may be triggered by the acknowledgment message received from the lock as a result of the successful entry.
  • the server may record the locks the user of the key has accessed successfully and times when the locks have been accessed so as to track the movement of the user in the premises of the access control system.
  • the server stores a layout of the premises of the access control system where physical locations of the electromechanical locks have been stored.
  • the location tracking may also be used for tracking working time of the user when the access control system is installed in a working place.
  • the ASP server is further configured to count a time of presence of a given personal electronic device from access information received from the keys of the staff.
  • the location tracking may be used for monitoring and storing the working time of each member of the staff on the basis of the time duration the staff member is detected to have been in the premises of the area where the location tracking is carried out.
  • the start time is the time when the staff member accesses an entry/exit door of the premises for the first time, i.e. when the key of the staff member indicates entry through that door.
  • the end time is the time when the key indicates exit through the entry/exit door or another corresponding entry/exit door.
  • the working time may be stored in the user record on a daily basis.
  • the server may each day store a time when a given key is detected in the area and a time when the key is assumed to have left the area. From these stored times, a duration of the personal radio communication device in the area may be calculated by applying simple mathematics, and the thus obtained working hours per day may be stored in the user record.
  • the location tracking may be utilized for other purposes as well.
  • the user's cellular phone (or another communication device or devices) may be linked to the location tracking system and to the ASP server. This enables a given user to establish a voice connection to a selected place, instead of a selected phone number.
  • the user may establish a call which is routed to the ASP server, wherein the call establishment includes transfer of a message comprising an identifier of a location to which the caller wishes to give call.
  • the ASP server checks the location tracking records in order to find out another user closest to the desired location and, upon finding such a user, the ASP server routes the call connection to that user's cellular phone (or another communication device).
  • the location tracking is used for routing alarm messages to the nearest persons.
  • the key, cellular phone, or another device carried by the user may be used for transmitting an alarm message to the server.
  • the key comprises an alarm button which, when pressed, configures the control circuitry to transmit the alarm message to the ASP server.
  • the alarm message is an indication that help is needed in the location where the user requesting for help resides.
  • the server checks the location tracking records in order to find out another user closest to the desired location and, upon finding such a user, the ASP server routes the alarm to that user's cellular phone (or another communication device) in connection with the location where the help is needed (the most recent location of the user/key requesting the help). This may be particularly useful in a hospital or other health care institutions where emergencies occur.
  • Other location tracking means for monitoring the location of the users in the premises are used in other embodiments.
  • the database of the ASP server stores key or user identifiers indicating the locks that each key or user is allowed to open.
  • a particular key may thus be configured to open a plurality of locks, rather than having a dedicated key for every lock.
  • the set of locks to which a certain key/user has access rights may be updated in real time simply by editing the database.
  • the ASP server may be triggered to transmit the updated access codes to the key immediately so that the updated access rights are put to use immediately.
  • the periodic update check and/or block 310 described above in connection with Figure 3 may even be omitted, although it is not necessary.
  • the key may still verify that it has appropriate access rights periodically or when a lock is being accessed.
  • the key Upon reception of the updated access codes from the server, the key modifies the stored access codes so as to make them up-to-date.
  • the transfer of the updated access codes and lock identifiers from the server to the key may include all the key identifiers and corresponding access codes to which access is granted every time the access rights update is carried out. If the update includes addition of one or more new access rights, only new access codes and lock identifiers may be sent to the key and no old access rights which have already been transferred need to be sent again. Similarly, if the update includes deletion of access rights, the ASP server may send a message indicating which access rights (access code and lock identifier) need to be deleted. This reduces the amount of data traffic, since transfer of redundant information is reduced.
  • the key may be configured to attempt reestablishment of the connection. If the reestablishment is not successful within a determined duration or number of attempts, the control circuitry of the key may be configured to irrevocably erase the access rights from the memory. The control circuitry may alternatively erase the access rights immediately upon losing TCP/IP connection with the server. As a consequence, the access codes will be deleted immediately if the user's key is stolen and the connection to the cellular phone or wireless network is lost or if the connection to the ASP server is otherwise lost. This improves the security of the system.
  • the whole operation for retrieving the access rights and communicating with the lock so as to enter the access code is carried out automatically without any user interaction.
  • the user only has to bring the counterpart interfaces provided in the electromechanical key and the lock into connection with one another, and then open the door, latch, or another element the lock protects.
  • the user convenience and speed of opening the lock is improved, as the complexity of the procedure is reduced.
  • the process or method described in Figure 3 may also be carried out in the form of a computer process defined by a computer program.
  • the computer program may be in source code form, object code form, or in some intermediate form, and it may be stored in some sort of carrier, which may be any entity or device capable of carrying the program.
  • Such carriers include a record medium, computer memory, read-only memory, electrical carrier signal, telecommunications signal, and software distribution package, for example.
  • the computer program may be executed in a single electronic digital processing unit or it may be distributed amongst a number of processing units.
  • the present invention is applicable to any access control system utilizing electromechanical locks.
  • the electromechanical locks require no connection with the server, and in some embodiment they do not even require batteries as the energy needed for the authentication and opening the lock is provided by the user with mechanical motion. This facilitates the installation of the system. Otherwise, the installation is very simple.
  • the database of the server is constructed to contain the access rights for the users/keys.
  • the keys are preconfigured to carry out the operations described above. When taken into use, a key may be paired with the user's cellular phone or the wireless network, and after the pairing the key automatically acquires the access rights. Depending on the radio access protocol the keys are configured to use, even the pairing may be omitted.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Description

    Field
  • The invention relates to the field of access control systems.
    • Background
  • The field of access control systems encompasses conventional mechanical locks with keys mechanically adapted to operate such locks and electronic lock systems where keys interact with electronic locks by utilizing electric signals transferred between a lock and a key. If the key contains correct electronic information, it will control the lock to open and grant access. On the other hand, incorrect electronic information keeps the lock closed.
  • The prior art even teaches using an electronic key adapted to communicate with a cellular phone carried by a user over a Bluetooth connection. When the user wishes to open a lock on a door, for example, the user inserts the key into the lock and controls his/her cellular phone to launch an appropriate application. The application controls the cellular phone to access a server controlling access rights. If the user may access the door, the server provides authorization to open the lock, and the authorization is delivered to the lock through the cellular phone and the electronic key. A problem with this approach is that while the user may obtain authorization to access on-the-fly, the access itself is complicated because the user has to operate both the key and the cellular phone.
  • EP 1 324 276 discloses an electronic security system with an electronic key and an electronic locking apparatus. The electronic key includes an identification data registry for storing one or more identification data for locking and unlocking. The electronic locking apparatus includes a key data registry for storing a key data having a predetermined relationship with an identification data of an electronic key corresponding to the electronic locking apparatus. The system is provided with a reader/writer for reading and writing the identification data in and from the identification data registry. This system ensures an improved convenience by making a single key compatible with a plurality of objects.
  • US 2003/117260 discloses an access control system that includes a tag carried by a user which communicates over a short range wireless link to door lock controller to provide to the controller a security access code and actuate door release means. In the event the correct access code is not known by the tag, the tag communicates with access code repository and requests a valid access code. When requesting the valid access code, the tag also communicates to the repository an identity provided by the door release means and an identity of the tag itself. A decision may then be taken whether to provide the tag with a valid access code for that particular door release means. The door release means may provide the tag with a telephone number to call when making the request to the repository.
  • EP 1 336 937 discloses a mobile communication terminal transmits access rights data comprising an access control device identification to access control devices. An access control module checks the data received from the mobile communication terminal, with the predetermined access rights data, based on which user's access right is approved. Independent claims are also included for the following: access control method; computer program product for performing access control; and access control device.
  • EP 1 024 239 discloses an approach for managing physical security in an electronic lock-and-key system. The approach does away with cabling or other direct connecting between locks and a system management center. The keys serve to disseminate access control and other information within the system in a snowball-like way, using an adapted, but simple networking protocol. Whenever appropriate, cryptographic schemes are applied to protect the system.
  • EP 1 321 901 discloses a method for controlling access to an object in which a mobile object or key is used to undo or release a lock when the key is authorized. Prior to contact between key and lock the key is issued a certificate by a central unit that contains a specific identify code. When the key is connected to or inserted in the lock offline authentication is based on the specific identity code in the certificate.
  • WO 2004/092514 A1 discloses an access control system to allow real-time access monitoring of locked premises.
  • US 2004/189471 A1 discloses a system for monitoring a facility wherein signals from monitoring tags are relayed to monitoring stations which identify possible events based on the received signals and alert staff members of those events.
    • Brief description
  • According to the present invention, there is provided an access control system as specified in claim 1.
  • An embodiment of the invention is defined in the dependent claim 2. Embodiments and examples not falling within the scope of the appended claims do not form part of the invention.
    • List of drawings
  • Embodiments of the present invention are described below, by way of example only, with reference to the accompanying drawings, in which
    • Figure 1 illustrates a general concept of an access control system according to an embodiment of the invention;
    • Figure 2 illustrates a structure of an electromechanical key and an electromechanical lock according to embodiments of the invention; and
    • Figure 3 is a flow diagram illustrating a method for use in the access control system according to an embodiment of the invention.
    Description of embodiments
  • The following embodiments are exemplary. Although the specification may refer to "an", "one", or "some" embodiment(s) in several locations, this does not necessarily mean that each such reference is to the same embodiment(s), or that the feature only applies to a single embodiment. Single features of different embodiments may also be combined to provide other embodiments.
  • In an embodiment of the invention, an electromechanical key is utilized for operating an electromechanical lock. The key may be a personal key carried by a person. Figure 1 shows an embodiment of an electromechanical locking system. A user 105 is about to open a door 115. The user carries an electromechanical key 106. In Figure 1, the electromechanical key 106 is illustrated as a box but in a preferred embodiment the physical dimensions are similar to those of a conventional mechanical key having a protrusion which is inserted into a receptable in a lock so as to implement a mechanical connection between the lock and the key.
  • The electromechanical key 106 according to an embodiment of the present invention comprises an electromechanical interface matching a counterpart interface 112 provided in an electromechanical lock 116 the electromechanical key 106 is adapted to open when the electromechanical interface of the electromechanical key 106 is brought into contact with the counterpart interface 112 of the electromechanical lock. The contact may be a physical contact, i.e. the interfaces touch each other. In another embodiment, the contact is short range electromagnetic contact based on electromagnetic induction, short range radio communication, etc. In this embodiment, the interfaces are electromagnetic interfaces. Other embodiments utilize other electronic interfaces and, in general, the electromechanical key may be considered in such embodiments where no mechanical contact between the lock and key is necessary as an electronic key. An electronic connection 110 is established between the electromechanical key 106 and the electromechanical lock 116 when the interfaces are brought into contact with one another, i.e. when the key is inserted into the lock. The electromechanical key further comprises a communication circuitry configured to establish a radio connection, and a memory for storing access codes used for opening access-controlled locks and other information enabling the operation of the electromechanical key. The electromechanical key 106 further comprises a control circuitry configured to control the communication circuitry to establish an end-to-end communication connection with a server 101 managing access rights, to communicate with the server 101 so as to receive an access code granting access to at least one electromechanical lock, and to communicate an appropriate access code received from the server to the electromechanical lock through the electronic connection between the electromechanical key and the electromechanical lock so as to open the electromechanical lock.
  • The communication connection between the electromechanical key 106 and the server 101 may comprise at least one wireless communication link, wherein a wireless communication link is established at least between the electromechanical key and another radio device communicating directly with the electromechanical key. The electromechanical key 106 may have a wireless network channel 104 connection to a wireless network 102 or to a cellular phone carried by the user 105 (not shown). The wireless channel 104 and the wireless network 102 may be implemented according to the Bluetooth, Zigbee, or any other suitable standard/non-standard short-range wireless communication means. It may also be foreseen that the electromechanical key has medium or even long range communication capabilities, thereby comprising terminal device equipment for cellular network communications according to GSM, CDMA, or UMTS (or another cellular network) specifications.
  • The wireless network 102 may establish a pico network, realized by a network of private base stations distributed to cover the area where the location tracking is being carried out. The private base station network may establish a wireless mesh network based on the Bluetooth technology, for example, and configured to route signals through a plurality of base stations between a plurality of user equipment and the server. One or more of the base stations may be connected to a wired network, e.g. Ethernet, so as to connect to the server. If the server is located in a remote location, the connection between the base station network and the server may be routed through the Internet. Other embodiments may utilize other communication technologies to implement the mesh network, such as IEEE 802.11x (WiFi). Modern cellular telecommunication systems, e.g. UMTS, allow for employing private networks and utilizing the UMTS specifications in the private networks. The private networks operate in parallel with public UMTS networks and may even utilize the same frequency bands. The wireless network 102 may thus employ the UMTS radio access specifications. The server may be a computer installed in the same local network as the wireless network or it may be a remote computer accessible through the Internet. The physical structure of the server 101 may be similar to other corresponding servers, i.e. it may comprise one or more processors, network interface for providing communication functionality and network access, and a memory (for example hard drive(s)) for storing the access rights database and other data.
  • The electromechanical lock 116 comprises the counterpart interface 112 where the key is inserted to make the electromechanical connection, a lock mechanism 108 and a lock bolt 114. When the user approaches the door he/she wishes to open, the user inserts the electromechanical interface of the key 106 into contact with the counterpart interface 112 of the door. Next, the user operates the lock mechanism 108 provided in the lock. The operating may comprise turning a doorknob or turning the key in the lock. The operation activates the lock and provides operating power for the lock to perform the authentication. In the authentication, the key transfers the access data into the lock, and the lock reads the access data. If the access data is correct, the lock is set to an openable state and allows the user to operate the lock bolt.
  • Any suitable authentication technique may be used in connection with the embodiments of the present invention. The selection of the authentication technique depends on the desired security level of the access control system and possibly also on the permitted consumption of electricity for the authentication (especially in user-powered electromechanical locks).
  • In an embodiment, the authentication is performed with a SHA-1 (Secure Hash Algorithm) function, designed by the National Security Agency (NSA). In SHA-1, a condensed digital representation (known as a message digest) is computed from a given input data sequence (known as the message). The message digest is to a high degree of probability unique for the message. SHA-1 is called "secure" because, for a given algorithm, it is computationally infeasible to find a message that corresponds to a given message digest, or to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. If the security level needs to be increased, other hash functions (SHA-224, SHA-256, SHA-384 and SHA-512) in the SHA family, each with longer digests, collectively known as SHA-2 may be used. In an embodiment, the electromechanical key receives from the server message digests of one or more locks as the access codes, and transfers the message digest to the lock when the electric connection between the lock and the key has been established. The lock then compares the received message digest with a reference message digest computed from a message stored in a memory of the lock. If the received message digest corresponds with the computed reference message digest, the lock is opened.
  • Figure 2 shows a more detailed example of the electromechanical lock 116 and the electromechanical key 106. An electromechanical interface 140 of the electromechanical key 106 and the corresponding interface 112 in the electromechanical lock 116 are counterparts, as described above, and establish the electronic connection between the lock and the key when brought into contact with each other. The electronic connection may be realized by a wired bus through bus connectors in both interfaces 140, 112. The wired bus may be a one-wire bus.
  • The lock 116 further comprises an electronic circuitry configured to receive the access code from the key 106 upon establishment of the electronic connection through the interfaces 140, 112 and to control the opening of the lock in response to the reception of a correct access code. The electronic circuitry 142 may be implemented as one or more integrated circuits, such as application-specific integrated circuits ASIC. Other embodiments are also feasible, such as a circuit built of separate logic components, or memory units and one or more processors with software. A hybrid of these different embodiments is also feasible. When selecting the method of implementation, a person skilled in the art will consider the requirements set on the power consumption of the device, production costs, and production volumes, for example. The electronic circuitry 142 may be configured to execute computer program instructions for executing computer processes.
  • In the embodiment of Fig. 2, the electronic circuitry 142 is realized with two circuits. The electronic circuitry 142 comprises a communication circuitry 126 and an authentication circuitry 120 which are connected to each other with a communication channel 118. The communication circuitry communicates with the key, receives an electric signal comprising the access data, extracts the access data, and forwards the access data to the authentication circuitry 120. The authentication circuitry 120 analyzes the received access data by comparing the received access data with reference access data stored in a memory (not shown). If the received access data matches the reference access data, the authentication circuitry 120 controls the lock to open. The communication channel 118 may be a logical communication channel between two computer processes executed by the same processor, for example, but it may alternatively be a physical channel between two physically separate circuitries. In an embodiment, the authentication circuit 120 is realized with a microcontroller and a memory unit, and the communication circuit is ASIC. However, other embodiments utilize different physical structures for the electronic circuitry 142.
  • The lock further comprises an actuator 124 which controls the lock bolt 114. After a successful authentication, the authentication circuitry configures the actuator 124 to set the lock in a mechanically openable state. The actuator 124 may be powered by electric power produced by a generator 122 configured to convert mechanical motion into electric signals, when the user applies the mechanical motion to the lock by turning the knob 108, by turning the key in the lock, or by inserting the key into the lock. In the embodiment of Figure 2, the generator 122 is connected only to the authentication circuitry, but it may also be connected to the communication circuitry 126 and receive the mechanical motion through the interface 112. Instead of using the generator transforming the mechanical motion into electric energy, a battery may be utilized, or the lock may be connected to a power source, e.g. an electric outlet. In another embodiment where the key is provided with battery, the lock may acquire its electric energy from the key through the interface and electric connection between the lock and the key. The actual implementation of the power supply of the lock depends on the implementation, and the skilled person designing the system takes into account the location of the lock, availability of different power sources, the physical dimensions of the lock, the design of the interfaces of the lock and the key, etc.
  • The actuator 124 may be set to a locked state mechanically, but a detailed discussion thereon is not necessary to illuminate the present embodiments. When the actuator 124 has set the lock in a mechanically openable state, the bolt mechanism 114 can be moved by operating the lock mechanism (knob) 108, for example. Alternatively, the actuator 124 may in response to the command from the authentication circuitry 120 mechanically move the bolt mechanism 114 so that the door may be opened without any specific action by the user. In the latter embodiment, the user only needs to insert the key into contact with the lock so that the connection between the lock and the key is established and the lock will be opened, provided that the user has access rights to the door.
  • Additionally, the electromechanical key comprises an electronic circuitry 107 comprising a memory 130, a control circuitry 132, a rechargeable battery 136, and a communication circuitry 134. Obviously, instead of using rechargeable battery (secondary cell), disposable (primary cell) batteries may be used. The communication circuitry 134 may comprise analog and digital components enabling establishment of a radio connection according to any radio access technology listed above. In the following description, a Bluetooth radio access is described. It should be noted that other embodiments utilize other radio access schemes, and the structure and the operation of the communication circuitry 134 is configured according to the supported radio access scheme. The control circuitry 132 controls the operation of the key by controlling the communication with the server and the cellular phone or wireless network and by controlling the transfer of access codes between the locks and the key. The control circuitry 132 may also be configured to carry out other procedures, as will be described in greater detail. The control circuitry 132 may be implemented by ASIC, micro controller, or another processor, depending on the required computational capacity, power consumption requirements, etc. The memory 130 stores the access codes received from the processor as being linked to corresponding locks which each code is arranged to open. The memory 130 may also store instructions of a computer program configuring the operation of the control circuitry 132 and/or communication circuitry 134 when they are software-defined processors. The memory 130 may comprise a non-volatile memory part storing the computer program(s), and a volatile memory (e.g. RAM) for storing the access codes and temporary data needed in the operation of the control circuitry. Optionally, the access codes may be stored in the non-volatile memory so that they will not be erased in an uncontrolled manner.
  • The battery 136 is rechargeable, and the electromagnetic interface 140 functions also as an interface for charging the battery 136. The interface 140 may comprise a separate wire for charging the battery or the same wiring used for transferring the access codes may be used for charging the battery. In an embodiment where the structure of the electromechanical key resembles a conventional key, i.e. it has a protrusion which is inserted into the lock when opening the lock, a charging device may include a slot (or receptable) structurally similar to the interface 112 of the lock. When the key is inserted into the charging device, the control circuitry may be configured to detect that the electronic connection is now with the charging device and switch the electric signals received from the charging device through the electromechanical interface to the battery so as to charge the battery.
  • As used in this application, the term 'circuitry' refers to all of the following: (a) hardware-only circuit implementations, such as implementations in only analog and/or digital circuitry, and (b) combinations of circuits and software (and/or firmware), such as (as applicable): (i) a combination of processor(s) or (ii) portions of processor(s)/software including digital signal processor(s), software, and memory(ies) that work together to cause an apparatus to perform various functions, and (c) circuits, such as a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation, even if the software or firmware is not physically present. This definition of "circuitry" applies to all uses of this term in this application. As a further example, as used in this application, the term "circuitry" would also cover an implementation of merely a processor (or multiple processors) or a portion of a processor and its (or their) accompanying software and/or firmware.
  • Let us now consider the operation of the electromechanical key according to embodiments of the invention in greater detail. The electromechanical key is associated with a given user carrying the key. The user may also carry a cellular phone. Figure 3 is a flow diagram illustrating a process for updating access rights and accessing locks according to an embodiment of the invention. The process is carried out in the electromechanical key, but the following description describes also operations carried out by the server, the electromechanical lock, and the cellular phone / wireless network. The process may be defined by a computer program comprising instructions configuring a processor of the electromechanical key to carry out the steps of the process, when the processor executes the computer program. The process starts in block 300.
  • In block 302, the key is paired with the cell phone carried by the user. In another embodiment, the pairing is carried out between the key and a wireless network realized by a network of base stations installed in the premises where the access control system is used. When both the electromechanical key and the cellular phone or the wireless network support Bluetooth communication technology, the pairing may be a conventional Bluetooth pairing. The Bluetooth specification version may be Bluetooth 2.1 + EDR (Enhanced Data Rate) class 1 but other specification versions may alternatively be used, depending on the required data transfer capacity, required operational range, and power consumption requirements. Step 302 may be executed when the key is given to the user, and no pairing is necessarily needed again unless the user acquires a new cellular phone or a key.
  • In block 304, the control circuitry of the key controls the communication circuitry to establish a communication connection with an ASP (Application Service Provider) server managing the access rights. The communication connection may be a TCP/IP connection, and an IP address of the ASP server may be stored in the memory of the key or in the memory of the cellular phone. In the latter case, the IP address of the ASP server may be read in connection with the pairing in block 302. The TCP/IP connection between the key and the ASP server is routed through the cellular phone or wireless network with which the pairing was performed in block 302. The cellular phone may route the TCP/IP connection through the public cellular telecommunication system and through the Internet, and the wireless network may route the TCP/IP connection through the private network installed in the premises of the access control system. Since the connection is used for transferring the sensitive access codes, the TCP/IP connection may be encrypted with a cryptographic protocol, such as SSL (Secure Sockets Layer) or TLS (Transport Layer Security). In other words, the whole end-to-end connection between the key and the server is encrypted, ensuring reliable transmission of the access codes from the server to the key. Due to the nature of such encryption protocols, acquiring the access codes from any intermediate point in the route of the TSP/IP connection is virtually impossible.
  • The connection in block 304 is established automatically without any user intervention. The control circuitry of the key is configured to autonomously utilize the Bluetooth dial-up networking profile (or a corresponding profile of another radio access scheme) so as to configure the cellular phone / wireless network to establish the TCP/IP connection. In other words, the cellular phone is used merely as a modem or a bridge for routing the connection, and such operation is invisible to the user in that the user does not have to operate the cellular phone after the initial, one-time pairing in block 302. The establishment of the connection may include transmission of encrypted key identification data enabling the ASP server to identify the key (and the user of the key). Upon establishment of the connection with the ASP server in block 304, the control circuitry transmits a request for up-to-date access codes to the ASP server in block 306. The ASP server receives the request, checks a database storing the access rights for each key/user of the access control system in order to acquire access codes currently linked to the key (or the user of the key) requesting the access codes. The database may store identifiers of all the locks in the access control system as being associated with an access code which opens the particular lock. Upon acquiring the access codes and corresponding door identifiers from the database, the ASP server transmits the access codes and corresponding door identifiers over the encrypted TCP/IP connection to the key. The key receives the access codes and corresponding door identifiers and stores them in the memory. Then, the TCP/IP connection may be terminated or, alternatively, it may be maintained so that the establishment of a new connection in connection with the next access right update may be omitted. The key may be configured to update the access rights, i.e. to request the ASP server to send up-to-date access codes, at predetermined intervals. In other words, blocks 304 and 306 may be carried out at the predetermined time intervals to ensure that the key has up-to-date access codes all the time. The predetermined interval may be a one-minute interval, for example. If the TCP/IP connection is maintained, the key may omit block 304, and block 304 may be carried out when the key enters the premises of the access control system and the TCP/IP connection is newly created, or when the TCP/IP connection breaks down for some reason, e.g. a time out.
  • Next, let us consider the operation of the electromechanical key when the key is used to open a lock of the access control system. When the user brings the counterpart interfaces provided in the lock and the key into contact with each other, the electrical connection between the lock and the key is detected in the control circuitry of the key in block 308, and the process proceeds to block 310 or 312. Block 310 is optionally executed, when the key is configured to retrieve up-to-date access codes every time a lock is being accessed. Block 310 includes the retrieval of the up-to-date access codes from the ASP server, i.e. execution of block 306 and optionally block 304 (if the connection has not been maintained). The embodiment including the execution of block 310 is advantageous when the access rights of the user has just been modified by adding new access rights to a given lock. The user may simply try to access the lock, and the key retrieves the updated access codes automatically with no need to wait for the next periodic check. In an embodiment, the periodic retrieval of the access codes is omitted, and the key is configured to access the ASP server only in connection with an access event, e.g. when the user tries to access a lock of the access control system. The key may identify the access event when a given lock, with which the electric connection is detected in block 308, by successfully retrieving an identifier of the lock through the electric connection, i.e. from the fact that the lock and the key are able to communicate with each other.
  • In block 312, the control circuitry reads the lock's identifier received through the electromagnetic interface over the electric connection between the lock and the key. If the execution of block 310 is dependent on the correct reading of the lock's identifier, block 312 may be executed before block 310. In block 314, the control circuitry accesses the memory to check whether or not the memory includes an entry for the lock identifier read in block 312. If the memory includes the entry for the lock identifier, the control circuitry retrieves an access code linked to the lock identifier. In block 316, the control circuitry transfers the access code to the lock through the electromechanical interface over the electric connection between the lock and the key. Upon verifying the correct access code, the authentication circuitry of the lock may be configured to transmit an acknowledgment message to the key over the electric connection so that the control circuitry of the key obtains information on the successful entry. The authentication circuitry may also control the actuator to open the lock, as described above. If the memory of the key contains no entry for the lock identifier, the lock access procedure ends. The control circuitry may also send an error message to the lock, and the lock may indicate an erroneous entry to the user by flashing a red light or by providing another visual or audiovisual indication that the access has been denied. In connection with a failed access, the control circuitry of the key may be configured to transmit a message indicating the failed access to the server. The message may include the identifier of the lock so that the failed access is linked to the appropriate lock and optionally time information indicating the time when the entry was attempted. The time may, however, be determined implicitly from the time when the message is transferred to the ASP server. The ASP server may check whether or not the key had rights to access that door at the time the entry was made so as to verify whether the user has tried to access a lock which he/she has no rights to access or whether there has been an operational error in the lock, key, server, or in the communication between them. Thus, the system may record operational failures so as to detect faulty components in the access control system, and the system may also record information that the user has tried to access a lock to which (s)he has no access rights.
  • The control circuitry of the key may be configured to transfer a message of a successful entry to a given lock to the ASP server for location tracking purposes. Such a message may comprise an indication of the successful entry and an identifier of the lock which has been successfully opened. The transfer of such a message may be triggered by the acknowledgment message received from the lock as a result of the successful entry. On the basis of the information received from the key, the server may record the locks the user of the key has accessed successfully and times when the locks have been accessed so as to track the movement of the user in the premises of the access control system. The server stores a layout of the premises of the access control system where physical locations of the electromechanical locks have been stored. When the server receives information on the lock a given key has accessed, it maps the key to a given location when the server knows the physical location of that lock.
  • The location tracking may also be used for tracking working time of the user when the access control system is installed in a working place. The ASP server is further configured to count a time of presence of a given personal electronic device from access information received from the keys of the staff. The location tracking may be used for monitoring and storing the working time of each member of the staff on the basis of the time duration the staff member is detected to have been in the premises of the area where the location tracking is carried out. The start time is the time when the staff member accesses an entry/exit door of the premises for the first time, i.e. when the key of the staff member indicates entry through that door. The end time is the time when the key indicates exit through the entry/exit door or another corresponding entry/exit door. The working time may be stored in the user record on a daily basis. The server may each day store a time when a given key is detected in the area and a time when the key is assumed to have left the area. From these stored times, a duration of the personal radio communication device in the area may be calculated by applying simple mathematics, and the thus obtained working hours per day may be stored in the user record.
  • The location tracking may be utilized for other purposes as well. For example, the user's cellular phone (or another communication device or devices) may be linked to the location tracking system and to the ASP server. This enables a given user to establish a voice connection to a selected place, instead of a selected phone number. The user may establish a call which is routed to the ASP server, wherein the call establishment includes transfer of a message comprising an identifier of a location to which the caller wishes to give call. Then, the ASP server checks the location tracking records in order to find out another user closest to the desired location and, upon finding such a user, the ASP server routes the call connection to that user's cellular phone (or another communication device).
  • According to the invention, the location tracking is used for routing alarm messages to the nearest persons. The key, cellular phone, or another device carried by the user may be used for transmitting an alarm message to the server. According to the invention, the key comprises an alarm button which, when pressed, configures the control circuitry to transmit the alarm message to the ASP server. The alarm message is an indication that help is needed in the location where the user requesting for help resides. Upon reception of such a message, the server checks the location tracking records in order to find out another user closest to the desired location and, upon finding such a user, the ASP server routes the alarm to that user's cellular phone (or another communication device) in connection with the location where the help is needed (the most recent location of the user/key requesting the help). This may be particularly useful in a hospital or other health care institutions where emergencies occur. Other location tracking means for monitoring the location of the users in the premises are used in other embodiments.
  • The database of the ASP server stores key or user identifiers indicating the locks that each key or user is allowed to open. A particular key may thus be configured to open a plurality of locks, rather than having a dedicated key for every lock. Additionally, the set of locks to which a certain key/user has access rights may be updated in real time simply by editing the database. When detecting a change in the access rights of a given user/key, the ASP server may be triggered to transmit the updated access codes to the key immediately so that the updated access rights are put to use immediately. In this embodiment, the periodic update check and/or block 310 described above in connection with Figure 3 may even be omitted, although it is not necessary. The key may still verify that it has appropriate access rights periodically or when a lock is being accessed. Upon reception of the updated access codes from the server, the key modifies the stored access codes so as to make them up-to-date. The transfer of the updated access codes and lock identifiers from the server to the key may include all the key identifiers and corresponding access codes to which access is granted every time the access rights update is carried out. If the update includes addition of one or more new access rights, only new access codes and lock identifiers may be sent to the key and no old access rights which have already been transferred need to be sent again. Similarly, if the update includes deletion of access rights, the ASP server may send a message indicating which access rights (access code and lock identifier) need to be deleted. This reduces the amount of data traffic, since transfer of redundant information is reduced.
  • If the TCP/IP connection between the ASP server and the key is disconnected unexpectedly, the key may be configured to attempt reestablishment of the connection. If the reestablishment is not successful within a determined duration or number of attempts, the control circuitry of the key may be configured to irrevocably erase the access rights from the memory. The control circuitry may alternatively erase the access rights immediately upon losing TCP/IP connection with the server. As a consequence, the access codes will be deleted immediately if the user's key is stolen and the connection to the cellular phone or wireless network is lost or if the connection to the ASP server is otherwise lost. This improves the security of the system.
  • As described above, the whole operation for retrieving the access rights and communicating with the lock so as to enter the access code is carried out automatically without any user interaction. The user only has to bring the counterpart interfaces provided in the electromechanical key and the lock into connection with one another, and then open the door, latch, or another element the lock protects. As a consequence, the user convenience and speed of opening the lock is improved, as the complexity of the procedure is reduced.
  • As mentioned above, the process or method described in Figure 3 may also be carried out in the form of a computer process defined by a computer program. The computer program may be in source code form, object code form, or in some intermediate form, and it may be stored in some sort of carrier, which may be any entity or device capable of carrying the program. Such carriers include a record medium, computer memory, read-only memory, electrical carrier signal, telecommunications signal, and software distribution package, for example. Depending on the processing power needed, the computer program may be executed in a single electronic digital processing unit or it may be distributed amongst a number of processing units.
  • The present invention is applicable to any access control system utilizing electromechanical locks. The electromechanical locks require no connection with the server, and in some embodiment they do not even require batteries as the energy needed for the authentication and opening the lock is provided by the user with mechanical motion. This facilitates the installation of the system. Otherwise, the installation is very simple. The database of the server is constructed to contain the access rights for the users/keys. The keys are preconfigured to carry out the operations described above. When taken into use, a key may be paired with the user's cellular phone or the wireless network, and after the pairing the key automatically acquires the access rights. Depending on the radio access protocol the keys are configured to use, even the pairing may be omitted. The radio access protocols used, the specifications of such communication systems, their network elements and user devices, develop rapidly. Such development may require extra changes to the described embodiments. Therefore, all words and expressions should be interpreted broadly and they are intended to illustrate, not to restrict, the embodiment.
  • It will be obvious to a person skilled in the art that, as technology advances, the inventive concept can be implemented in various ways. The invention and its embodiments are not limited to the examples described above but may vary within the scope of the claims.

Claims (2)

  1. An access control system comprising:
    an electromechanical key (106) associated with a first user, comprising:
    an electronic interface (140) comprising a protrusion matching a receptable in a counterpart interface (112) provided in an electromechanical lock (116) that the electromechanical key is adapted to open when the protrusion is inserted into the receptable so as to implement a mechanical connection and an electronic connection between the lock and the key;
    a communication circuitry (134) configured to establish a radio connection;
    a memory (130) for storing access codes; and
    a control circuitry (132) configured to control the communication circuitry (134) to establish, autonomously without user intervention, an end-to-end communication connection with a server (101) managing access rights, to communicate with the server (101) so as to receive an access code granting access to at least one electromechanical lock, and to communicate an appropriate access code received from the server to the electromechanical lock (116) through the electronic connection (110) between the electromechanical key (106) and the electromechanical lock (116) so as to open the electromechanical lock (116);
    the system further comprising said at least one electromechanical lock (116) comprising an electronic interface (112) functioning as the counterpart interface, the electronic interface comprising the receptable, an actuator (124) for opening the lock, and an authentication circuitry (142) configured to control the actuator to open the lock in response to a correct access code obtained from the electromechanical key through the electronic interface (112); and
    the system further comprising a server (101) configured to manage access rights of a plurality of electromechanical keys suitable for opening the at least one electromechanical lock, the plurality of electromechanical keys including the electromechanical key, and to communicate with the plurality of electromechanical keys so as to transmit access codes to the electromechanical keys, wherein the server is configured to transmit to each electromechanical key only access codes to those electromechanical locks for which each electromechanical key is arranged to have access rights,
    the system further comprising location tracking means for monitoring locations of users in the premises of the access control system; wherein the electromechanical key is configured to transmit to the server a message indicating an attempted access after it has attempted to open an electromechanical lock, wherein the transmitted message includes at least an identifier of the lock that has been accessed,
    characterized in that the electromechanical key comprises an alarm button, and wherein the control circuitry is configured to transmit, in response to depression of the alarm button, an alarm message to the server;
    wherein the server is configured to store a layout of the premises of the access control system where physical locations of the electromechanical locks have been stored, to track the location of the electromechanical key by mapping, upon receiving the message comprising information on the electromechanical lock the electromechanical key has accessed, the electromechanical key to a physical location of the electromechanical lock and, in response to reception of the alarm message, to check location tracking records in order to find out a second user closest to the location of the electromechanical key and, upon finding such a second user, to route an alarm to the second user's communication device in connection with the physical location of the electromechanical key.
  2. An access control system of claim 1, wherein the server is configured to store the access codes of the at least one electromechanical key in a database, to detect modification of the access codes of a given electromechanical key in the database, and to communicate the modified access codes to the corresponding electromechanical key in response to the detection of the modification of the access codes, and wherein the electromechanical key is configured to receive the modified access codes and update the previous access codes according to the received access codes.
EP09180266.0A 2009-12-22 2009-12-22 Access control system Active EP2348490B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP09180266.0A EP2348490B1 (en) 2009-12-22 2009-12-22 Access control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP09180266.0A EP2348490B1 (en) 2009-12-22 2009-12-22 Access control system

Publications (2)

Publication Number Publication Date
EP2348490A1 EP2348490A1 (en) 2011-07-27
EP2348490B1 true EP2348490B1 (en) 2020-03-04

Family

ID=42149028

Family Applications (1)

Application Number Title Priority Date Filing Date
EP09180266.0A Active EP2348490B1 (en) 2009-12-22 2009-12-22 Access control system

Country Status (1)

Country Link
EP (1) EP2348490B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2025095924A1 (en) * 2023-10-30 2025-05-08 Janus International Group, Llc Battery powered self-storage lock

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT513461B1 (en) * 2013-06-25 2014-08-15 Evva Sicherheitstechnologie Access control procedure
EP2821972B1 (en) 2013-07-05 2020-04-08 Assa Abloy Ab Key device and associated method, computer program and computer program product
DK2821970T4 (en) 2013-07-05 2019-09-16 Assa Abloy Ab Communication device for access control, method, computer program and computer program product
US9704316B2 (en) 2013-09-10 2017-07-11 Gregory Paul Kirkjan Contactless electronic access control system
US10115256B2 (en) 2014-04-07 2018-10-30 Videx, Inc. Remote administration of an electronic key to facilitate use by authorized persons
US9841743B2 (en) 2014-04-07 2017-12-12 Videx, Inc. Apparatus and method for remote administration and recurrent updating of credentials in an access control system
CN104123769B (en) * 2014-06-13 2016-01-13 厦门华数电力科技有限公司 The unblanking of a kind of safety intelligent lock, close lock control method
CN104282061B (en) * 2014-08-21 2017-05-24 厦门华数电力科技有限公司 Unlocking method for safety intelligent lock system
CN104282060B (en) * 2014-08-21 2016-10-19 厦门华数电力科技有限公司 A kind of method for unlocking of safety intelligent lock system
CN104282062B (en) * 2014-08-21 2017-01-18 厦门华数电力科技有限公司 Locking and unlocking method based on safe and intelligent lock system
CN104167041B (en) * 2014-09-11 2018-03-09 祁春富 The gate control system and its control method used based on smart mobile phone
BE1022614B1 (en) * 2014-12-10 2016-06-16 Viadact Nv Key management system
CN104504792A (en) * 2014-12-17 2015-04-08 张家港保税区润桐电子技术研发有限公司 Access control system based on two-dimensional code
CN104517338B (en) * 2015-01-20 2017-07-04 蹇晓梅 Distance entrance and its implementation based on wireless network
CN104851168A (en) * 2015-05-19 2015-08-19 上海思慧德安防设备有限公司 Power-free lock door control system
CN104881912A (en) * 2015-05-20 2015-09-02 厦门城力机电设备有限公司 Door opening system and door opening method
CN104809795A (en) * 2015-05-21 2015-07-29 河南传通电子科技有限公司 Circuit structure utilizing mobile phone APP (Application Program), cloud platform and Bluetooth intelligent key control switch lock and implementation method of circuit structure
CN105118111A (en) * 2015-07-15 2015-12-02 国网天津武清供电有限公司 Outcomer construction registration system and method thereof
CN105069868B (en) * 2015-07-21 2018-04-20 杭州晟元数据安全技术股份有限公司 One kind is based on mobile phone dynamic security Quick Response Code identification intelligent cell cloud system
CN105118131A (en) * 2015-10-05 2015-12-02 李轩涛 Internet, barcode/two-dimensional code/identity card and intelligent lock
CN105184935B (en) * 2015-10-22 2018-05-04 深圳优方网络技术有限公司 It is a kind of can wechat share the blue-tooth intelligence lock system of password
CN105913527B (en) * 2016-05-03 2019-06-18 武汉睿和智云科技有限公司 Visitor's two dimensional code intelligent verification system and verification method based on cell cloud
CN106204853A (en) * 2016-07-28 2016-12-07 乐视控股(北京)有限公司 Server, access control equipment administrative center, mobile terminal, the method and system of access control
CN106447843A (en) * 2016-08-27 2017-02-22 桂林信通科技有限公司 Community access security protection method and system
CN110114541B (en) 2016-10-19 2021-08-13 多玛凯拔美国股份有限公司 Electromechanical lock cylinder
EP3679207B1 (en) 2017-09-08 2022-08-03 Dormakaba USA Inc. Electro-mechanical lock core
CN108154580A (en) * 2017-12-22 2018-06-12 深圳供电局有限公司 Intelligent safety lock and use method
US11466473B2 (en) 2018-04-13 2022-10-11 Dormakaba Usa Inc Electro-mechanical lock core
CA3097041C (en) 2018-04-13 2022-10-25 Dormakaba Usa Inc. Electro-mechanical lock core
CN108877006A (en) * 2018-06-29 2018-11-23 深圳春沐源控股有限公司 A kind of access control management method, system and relevant device
SE545428C2 (en) 2018-10-31 2023-09-05 Swedlock Ab A rescue system to provide access to premises
US11010995B2 (en) 2019-09-06 2021-05-18 Videx, Inc. Access control system with dynamic access permission processing
CN110706381A (en) * 2019-09-30 2020-01-17 深圳市纳泽科技有限公司 Apartment management system capable of automatically detecting house and automatically freezing door lock password
CN113034734B (en) * 2019-12-06 2023-02-10 中国石油天然气股份有限公司 Authorization method of electronic key, storage medium and computer device
US11574513B2 (en) 2020-03-31 2023-02-07 Lockfob, Llc Electronic access control
CN113034759A (en) * 2021-03-10 2021-06-25 鄂尔多斯市嵘泰电力工程建设有限公司 Bluetooth access control system and access control method thereof
SE545778C2 (en) * 2021-09-24 2024-01-09 Assa Abloy Ab Electronic lock comprising a first credential interface and a second credential interface

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1024239A1 (en) * 1999-01-28 2000-08-02 International Business Machines Corporation Electronic access control system and method
EP1321901A2 (en) * 2001-12-21 2003-06-25 Kaba AG Method for controlling access rights to an object
US20040189471A1 (en) * 2003-01-31 2004-09-30 Ciarcia Daniel J. System and methods for providing secure environments
WO2004092514A1 (en) * 2003-04-16 2004-10-28 Tcam Technology Pte. Ltd. Electronic lock and key for access management
EP1562153A2 (en) * 2004-02-05 2005-08-10 Salto Systems, S.L. Access control system
WO2009094683A1 (en) * 2008-01-30 2009-08-06 Evva-Werk Spezialerzeugung Von Zylinder- Und Sicherheitsschlössern Gessellschaft M.B.H. & Co. Kg Method and device for regulating access control

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0130810D0 (en) * 2001-12-22 2002-02-06 Koninkl Philips Electronics Nv Access control system
DE60229348D1 (en) * 2001-12-28 2008-11-27 Matsushita Electric Works Ltd Use of an electronic key and electronic security system
PT1336937E (en) * 2002-02-13 2004-10-29 Swisscom Ag ACCESS CONTROL SYSTEM, ACCESS CONTROL PROCESS AND ADEQUATE DEVICES

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1024239A1 (en) * 1999-01-28 2000-08-02 International Business Machines Corporation Electronic access control system and method
EP1321901A2 (en) * 2001-12-21 2003-06-25 Kaba AG Method for controlling access rights to an object
US20040189471A1 (en) * 2003-01-31 2004-09-30 Ciarcia Daniel J. System and methods for providing secure environments
WO2004092514A1 (en) * 2003-04-16 2004-10-28 Tcam Technology Pte. Ltd. Electronic lock and key for access management
EP1562153A2 (en) * 2004-02-05 2005-08-10 Salto Systems, S.L. Access control system
WO2009094683A1 (en) * 2008-01-30 2009-08-06 Evva-Werk Spezialerzeugung Von Zylinder- Und Sicherheitsschlössern Gessellschaft M.B.H. & Co. Kg Method and device for regulating access control

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2025095924A1 (en) * 2023-10-30 2025-05-08 Janus International Group, Llc Battery powered self-storage lock

Also Published As

Publication number Publication date
EP2348490A1 (en) 2011-07-27

Similar Documents

Publication Publication Date Title
EP2348490B1 (en) Access control system
US11799671B2 (en) Secure locking of physical resources using asymmetric cryptography
AU2018229480B2 (en) Access control communication device, method, computer program and computer program product
US8604903B2 (en) Electronic locking system with wireless update and cascade lock control
US20120213362A1 (en) Distribution Of Lock Access Data For Electromechanical Locks In An Access Control System
US11189117B2 (en) Method and system for controlling a smart lock
CN101052970B (en) Access control system and access control method
CN103227776A (en) Configuration method, configuration device, computer program product and control system
KR102301478B1 (en) Smart lock device, lock management system including the device, and lock management method using the system
KR20190051750A (en) Sub reader and sub reader control method
JP5269408B2 (en) Anti-theft device
CN110570558A (en) access control management method based on wireless communication network
CN118280022B (en) Vehicle unlocking system, method and NFC digital key management method
KR20080093819A (en) Fingerprint authentication terminal, access control system and user authentication method including the same
CN210864848U (en) Bluetooth intelligent lock device and system of electronic box
US20240420531A1 (en) A locking system of one or more buildings
CA3260166A1 (en) Method and devices for communicating between an internet of things device and a remote computer system
CN114255533A (en) Intelligent lock system and implementation method thereof
AU2023206011B2 (en) A locking system of one or more buildings
HK40089290A (en) A locking system of one or more buildings
KR20210053254A (en) system and server for Managing Electronic Keys
CN111599070A (en) Composite networking door lock control method
JP4894432B2 (en) Cooperation control device
HK1113213B (en) An access control system

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

AX Request for extension of the european patent

Extension state: AL BA RS

17P Request for examination filed

Effective date: 20120125

17Q First examination report despatched

Effective date: 20160309

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

TPAC Observations filed by third parties

Free format text: ORIGINAL CODE: EPIDOSNTIPA

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20191011

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ILOQ OY

Owner name: 9SOLUTIONS OY

RIN1 Information on inventor provided before grant (corrected)

Inventor name: HERRALA, SAMI

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1241261

Country of ref document: AT

Kind code of ref document: T

Effective date: 20200315

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602009061334

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: FI

Ref legal event code: FGE

REG Reference to a national code

Ref country code: SE

Ref legal event code: TRGR

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200604

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20200304

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200604

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200605

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200729

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200704

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1241261

Country of ref document: AT

Kind code of ref document: T

Effective date: 20200304

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602009061334

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

26N No opposition filed

Effective date: 20201207

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20201231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20201222

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20201222

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20201231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20201231

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20201231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200304

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20201231

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20241218

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FI

Payment date: 20241217

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20241218

Year of fee payment: 16

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 20241218

Year of fee payment: 16