EP3208777A1 - Control panel, use, and process for the manufacture thereof - Google Patents

Control panel, use, and process for the manufacture thereof Download PDF

Info

Publication number
EP3208777A1
EP3208777A1 EP16155889.5A EP16155889A EP3208777A1 EP 3208777 A1 EP3208777 A1 EP 3208777A1 EP 16155889 A EP16155889 A EP 16155889A EP 3208777 A1 EP3208777 A1 EP 3208777A1
Authority
EP
European Patent Office
Prior art keywords
control panel
public key
card reader
key
certificate authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP16155889.5A
Other languages
German (de)
French (fr)
Inventor
Jochen Becker
Dietmar Zappel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xccelo Systems GmbH
Original Assignee
Ileso Engineering GmbH
Ileso Eng GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ileso Engineering GmbH, Ileso Eng GmbH filed Critical Ileso Engineering GmbH
Priority to EP16155889.5A priority Critical patent/EP3208777A1/en
Publication of EP3208777A1 publication Critical patent/EP3208777A1/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00944Details of construction or manufacture

Definitions

  • the invention pertains to the field of security engineering, particularly physical security.
  • physical security describes any security measure that is designed to protect personnel or property from damage or harm. More specifically, access control is the selective restriction of access to facilities, equipment, and other physical resources. State-of-the-art electronic access control systems manage large user populations, controlling for user lifecycles times, dates, and individual access points.
  • control panel any electronics panel that can interface with or control access to control system field devices such as credential readers, electrified locks, door position switches, and request-to-exit devices.
  • credential readers such as credential readers, electrified locks, door position switches, and request-to-exit devices.
  • An overview of such panels and associated networks is provided in NORMAN, Thomas L.. Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239 .
  • a system for physical access control is disclosed in US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 and includes, inter alia, a conventional control panel.
  • the invention aims to provide an improved concept of physical access control.
  • control panel Using a control panel according to Claim 1 bears the advantage that control commands and particulars may be exchanged cryptographically securely.
  • key material may be bound to the secure hardware of the main device in a non-exportable fashion, mitigating the risk of keys being extracting and protecting the latter from eavesdropping and unauthorized use.
  • Claim 2 enable a local web service to be used as a communication handler, offering various standard protocols for communicating with arbitrary host systems. Also, by maintaining an additional local web server, any functional parameters required for operating the panel may be accessed through the device's configuration homepage.
  • a method according to Claim 3 is advantageously prepared for data privacy protection as may be required by national regulations such as the German Federal Data Protection Act or United States Privacy Act. These and other rules or codes govern the collection, maintenance, use, or dissemination of personally identifiable information about individuals and are thus applicable to master data such as access profiles.
  • An embodiment according to Claim 4 eliminates the need for an impractical and potentially insecure pre-distribution of cryptographic keys to control panel and front ends, as would be required in a traditional symmetric cryptosystem.
  • Claim 5 by means of a digital certificate, serves to prevent an attacker from "impersonating" a legit control panel, an approach commonly referred to in the art as a man-in-the-middle attack.
  • Claim 6 proves especially useful in the scenario where control panel and card readers are supplied by different vendors devoid of a joint public-key infrastructure.
  • Claim 7 consolidates the control panel and its associated card readers into a single on-site infrastructure.
  • Claim 9 essentially implementing a Diffie-Hellman key exchange between the control panel and its front ends, caters to the usually limited processing resources of conventional card readers by enabling the use of a session key that may be employed, for instance, throughout an entire power cycle.
  • a method as recited in Claim 10 allows for a central configuration of the control panel by means of a securely connected host system.
  • Claim 11 defines an alternative process of bringing the control panel into service that does not rely on a centralized infrastructure.
  • FIG 1 is an overview of a control panel (10) for physical access control according to an embodiment of the invention.
  • the control panel (10) is composed of a main device (11), which serves to control an arbitrary number of conventional front ends such as card readers, and an add-on module (17), which basically serves to attach a limited number of those front ends to the main device (11).
  • the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall.
  • the main device (11) essentially consists of a generic first baseboard (18), an application-specific mainboard (12) carried by the first baseboard (18), and a user interface (13) connected to the mainboard (12), the user interface (13) of the present embodiment comprising light-emitting diodes (35), buttons (36), and an optional liquid-crystal display (37).
  • the add-on module (17) comprises a second baseboard (19), the mainboard (12) and second baseboard (19) each being connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
  • the mainboard (12) comprises a quad-core central processing unit (14) based on a reduced instruction-set computing (RISC) architecture, 1 GB of random-access memory (42) connected to the central processing unit (14) through a memory bus (43), and an additional 8 GB of flash memory (15) connected to the central processing unit (14) for storing master data such as access profiles, miscellaneous operating parameters, and transactional data such as entry or exit events.
  • RISC reduced instruction-set computing
  • the mainboard (12) is prepared to operate an Android system - as maintained by Google Inc., a subsidiary of Alphabet Inc. -, manage said parameters and data using a relational database management system (RDBMS), and even host a web service for configuring the access profiles through a host system (78), web browser, or application-specific client.
  • RDBMS relational database management system
  • the control panel (10) is sufficiently equipped for advanced analytics required to, for instance, detect conspicuous usage, attempts at tampering, or collect forensic evidence in case of a security breach.
  • the mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, which in the present embodiment are used both to authenticate the control panel (10) to its front ends as well as to encrypt the entire database or file system maintained in flash memory (15).
  • the secure element (16, 44) takes the form of an integrated circuit (16) brazed to the mainboard (12).
  • a trusted platform module (TPM) microcontroller as specified in ISO/IEC 11889 offers a particularly powerful cryptoprocessor.
  • an alternative may make use of an optional subscriber identity module (44) as defined by the 3 rd Generation Partnership Project (3GPP).
  • the subscriber identity module (44) may take the form of a Java Card as specified by Oracle Corporation.
  • the module (44) may be based on the Java Card OpenPlatform (JCOP) serviced by NXP Semiconductors, include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
  • JCOP Java Card OpenPlatform
  • NXP Semiconductors include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension.
  • Corresponding contactless services are specified by Amendment C to the GlobalPlatform (GP) 2.2.1 architectural component of the JCOP.
  • the mainboard (12) further comprises, inter alia, an Ethernet physical transceiver (30) connected to the central processing unit (14) through a media-independent interface (31), an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20), and a short-range radio frequency module (38) connected to the central processing unit (14) through a universal asynchronous receiver/transmitter (39).
  • RFID radio-frequency identification
  • the service technician using a smartcard preloaded with digital certificates, e. g., according to the established X.509 standard.
  • certificates may be transmitted to the module (38) by means of a conventional smartphone through near-field communication (NFC). Both ways, the transfer of keys in a hosted environment or manual confirmation may be considered dispensable.
  • the low-energy Bluetooth module (40) supports the iBeacon protocol standardized by Apple Inc., taking the form of a so-called beacon.
  • the mainboard (12) may be adapted to broadcast its identifier to nearby portable electronic devices such as smartphones and tablets. Using a compatible app and operating system, maintenance personnel can thus be guided indoors to the approximate location of a specific control panel (10).
  • Figure 3 depicts the first baseboard (18). Aside from a power converter (32) feeding the power supply (21, 33) and sourcing its power over Ethernet (34), the first baseboard (18) most notably comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23).
  • the tamper detector (22) serves a two-fold purpose: While physical intrusion into the main device (11) will trigger a first type of event, an integrated absolute position transducer and acceleration sensor will trigger a second type event. Such discrimination enables the security administrator to configure a distinct action to be performed in response to each of the two events.
  • the second baseboard (19) for each of its attachable front ends, comprises an RS-485 transceiver (25) - connected to the first baseboard (18) through a serial network bus (26) - as well as two air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29).
  • FIG. 5 now focusing on the functional rather than structural aspects of the proposed concept, defines a preferred allocation of the aforementioned keys to implement an asymmetric cryptosystem between the control panel (10) and a front end taking the form of a card reader (46).
  • the cryptographic keys (51, 61) comprise a first private key (51) and a first public key (61).
  • the control panel (10) further stores a digital certificate (55) of said first public key (61) signed (50) by a control-panel certificate authority (47).
  • a second private key (52) and a second public key (62) are associated with and stored on the control-panel certificate authority (47) itself.
  • the card reader (46) stores a third private key (53), a third public key (63), and a digital certificate (56) of the third public key (63) signed (50) by an additional front-end certificate authority (48).
  • the front-end certificate authority (48) in turn stores its own fourth private key (54) and fourth public key (64).
  • control-panel certificate authority (47) stores a digital certificate of the second public key (62) while the front-end certificate authority (48) stores a digital certificate of the fourth public key (64).
  • These digital certificates of the second and fourth public key (64) themselves are each signed (50) by a trusted root certificate authority (49).
  • a single root certificate authority (49) takes the roles of both the control-panel certificate authority (47) and the front-end certificate authority (48) recited in the context of Figure 5 .
  • this certificate authority (49) During manufacture (57) of the control panel (10), this certificate authority (49) generates (59) the first private key (51) and the first public key (61) before signing (60) the digital certificate (55) of the first public key (61). It then transmits (65, 66) this digital certificate (55) to the control panel (10) along with the actual first private key (51) and the first public key (61), receiving from the control panel (10) a checksum (67) etc. in return.
  • the certificate authority (49) generates (68) the third private key (53) and the third public key (63), signs (60) the digital certificate (56) of the third public key (63), then transmitting (65) the digital certificate (56) as well as the third private key (53) and the third public key (63) to the card reader (46) and expecting a further checksum (67) etc. as confirmation of receipt.
  • control panel (10) Upon rollout, the control panel (10) scans (69) the local network for card readers (46) by broadcasting the first public key (61) on the network. Now in possession of the control panel's public key (61), the card reader (46) thus discovered first authenticates (70) the control panel (10) via the root certificate authority (49). The card reader (46) then sends (71) its own third public key (63) to the control panel (10), which in turn authenticates (70) the card reader (46) in the same fashion.
  • control panel (10) Once authenticated, the control panel (10) generates (72) a symmetric key, encrypts (73) it using the third public key (63), and sends (74) the encrypted symmetric key to the card reader (46). The latter may now decrypt the symmetric key using the third private key (53), allowing the control panel (10) and the card reader (46) to communicate (76) using the symmetric key throughout their remaining power cycle.
  • a service technician (77) to bring the control panel (10) into service, initiates the installation (79) and configuration.
  • the control panel (10) first authenticates to the associated host system (78) and vice versa. Only after successful installation (79) has been confirmed (81) to her, the service technician (77) initiates the installation (79) and configuration of the card reader (46). Now, similar to the rollout phase of Figure 6 , the card reader (46) and the control panel (10) mutually authenticate (80) before the former again confirms (81) successful completion of the installation (79) to the service technician (77).
  • Figure 8 illustrates the option of a local key exchange as opposed to the use of a public key infrastructure.
  • the service technician (77) initiates installation (79) of the control panel (10)
  • the latter scans (69) the local network for new card readers (46).
  • the card reader (46) again sends (71) the third public key (63) to the control panel (10).
  • the control panel (10) computes (82) a hash of said third public key (63), then displaying (83) the hash - for instance, on the user interface of the control panel (10) or by means of an independent app - and prompting (84) the service technician (77) to check the hash against the card reader (46).
  • the panel encrypts (86) the first public key (61) using the third public key (63), sending (87) the encrypted first public key (61) to the card reader (46).
  • the card reader (46) decrypts (88) the first public key (61) using the third private key (53) and is now prepared to encrypt (89) its own outgoing data using the first public key (61) and send (90) the encrypted data to the control panel (10), finally causing the latter to confirm (81) its installation (79) to the service technician (77).
  • the invention is applicable throughout the security industry.

Abstract

A method of physical access control using a control panel (10), comprising
storing access profiles on the control panel (10),
controlling, based on the access profiles, front ends using the control panel (10), operating the control panel (10) using a user interface, and
storing on the control panel (10) parameters, master and transactional data based on the controlling and operating, and
further storing on the control panel (10) cryptographic keys (51, 61) associated with the control panel (10), wherein the front ends are controlled securely using the cryptographic keys (51, 61).

Description

    Technical Field
  • The invention pertains to the field of security engineering, particularly physical security.
    • Background Art
  • Throughout the above-mentioned field, physical security describes any security measure that is designed to protect personnel or property from damage or harm. More specifically, access control is the selective restriction of access to facilities, equipment, and other physical resources. State-of-the-art electronic access control systems manage large user populations, controlling for user lifecycles times, dates, and individual access points.
  • In this context, by "control panel" is meant any electronics panel that can interface with or control access to control system field devices such as credential readers, electrified locks, door position switches, and request-to-exit devices. An overview of such panels and associated networks is provided in NORMAN, Thomas L.. Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239.
  • A system for physical access control is disclosed in US 8881252 B (BRIVO SYSTEMS, INC.) 04.11.2014 and includes, inter alia, a conventional control panel.
    • Summary of invention
  • The invention aims to provide an improved concept of physical access control.
    • Technical Problem
  • A downside of conventional concepts lies in their sometimes inadequate level of security.
    • Solution to Problem
  • The problem is solved by the features recited in Claim 1.
    • Advantageous effect of invention
  • Using a control panel according to Claim 1 bears the advantage that control commands and particulars may be exchanged cryptographically securely. To this end, key material may be bound to the secure hardware of the main device in a non-exportable fashion, mitigating the risk of keys being extracting and protecting the latter from eavesdropping and unauthorized use.
  • The added features of Claim 2 enable a local web service to be used as a communication handler, offering various standard protocols for communicating with arbitrary host systems. Also, by maintaining an additional local web server, any functional parameters required for operating the panel may be accessed through the device's configuration homepage.
  • A method according to Claim 3, assuming the use of a sufficient key length, is advantageously prepared for data privacy protection as may be required by national regulations such as the German Federal Data Protection Act or United States Privacy Act. These and other rules or codes govern the collection, maintenance, use, or dissemination of personally identifiable information about individuals and are thus applicable to master data such as access profiles.
  • An embodiment according to Claim 4 eliminates the need for an impractical and potentially insecure pre-distribution of cryptographic keys to control panel and front ends, as would be required in a traditional symmetric cryptosystem.
  • Claim 5, by means of a digital certificate, serves to prevent an attacker from "impersonating" a legit control panel, an approach commonly referred to in the art as a man-in-the-middle attack.
  • The subject matter of Claim 6 proves especially useful in the scenario where control panel and card readers are supplied by different vendors devoid of a joint public-key infrastructure.
  • By introducing a superordinate link to these independent chains of trust, Claim 7 consolidates the control panel and its associated card readers into a single on-site infrastructure.
  • Claim 9, essentially implementing a Diffie-Hellman key exchange between the control panel and its front ends, caters to the usually limited processing resources of conventional card readers by enabling the use of a session key that may be employed, for instance, throughout an entire power cycle.
  • A method as recited in Claim 10 allows for a central configuration of the control panel by means of a securely connected host system.
  • Finally, the features of Claim 11 define an alternative process of bringing the control panel into service that does not rely on a centralized infrastructure.
    • Brief description of drawings
    • Figure 1 is a block diagram of a control panel according to an embodiment of the invention.
    • Figure 2 is a block diagram of a mainboard.
    • Figure 3 is a block diagram of a first baseboard.
    • Figure 4 is a block diagram of a second baseboard.
    • Figure 5 is a deployment diagram of cryptographic keys throughout a public key infrastructure.
    • Figure 6 to Figure 8 are sequence diagrams of the interaction between the control panel and associated card readers.
    Description of embodiments
  • Figure 1 is an overview of a control panel (10) for physical access control according to an embodiment of the invention. In this embodiment, the control panel (10) is composed of a main device (11), which serves to control an arbitrary number of conventional front ends such as card readers, and an add-on module (17), which basically serves to attach a limited number of those front ends to the main device (11). Physically, the main device (11) and add-on module (17) are adapted to be mounted on a joint DIN rail or side by side on a wall.
  • The main device (11) essentially consists of a generic first baseboard (18), an application-specific mainboard (12) carried by the first baseboard (18), and a user interface (13) connected to the mainboard (12), the user interface (13) of the present embodiment comprising light-emitting diodes (35), buttons (36), and an optional liquid-crystal display (37). The add-on module (17) comprises a second baseboard (19), the mainboard (12) and second baseboard (19) each being connected to the first baseboard (18) through an interface (20) and a power supply (21, 33).
  • Figure 2 elucidates the mainboard (12) in further detail. As may be gathered from this drawing, the mainboard (12) comprises a quad-core central processing unit (14) based on a reduced instruction-set computing (RISC) architecture, 1 GB of random-access memory (42) connected to the central processing unit (14) through a memory bus (43), and an additional 8 GB of flash memory (15) connected to the central processing unit (14) for storing master data such as access profiles, miscellaneous operating parameters, and transactional data such as entry or exit events.
  • The mainboard (12), based on the aforementioned specifications, is prepared to operate an Android system - as maintained by Google Inc., a subsidiary of Alphabet Inc. -, manage said parameters and data using a relational database management system (RDBMS), and even host a web service for configuring the access profiles through a host system (78), web browser, or application-specific client. As a consequence, the control panel (10) is sufficiently equipped for advanced analytics required to, for instance, detect conspicuous usage, attempts at tampering, or collect forensic evidence in case of a security breach.
  • The mainboard (12) further comprises a secure element (16, 44) connected to the central processing unit (14) for storing cryptographic keys, which in the present embodiment are used both to authenticate the control panel (10) to its front ends as well as to encrypt the entire database or file system maintained in flash memory (15). On the mainboard (12) at hand, the secure element (16, 44) takes the form of an integrated circuit (16) brazed to the mainboard (12). Specifically, a trusted platform module (TPM) microcontroller as specified in ISO/IEC 11889 offers a particularly powerful cryptoprocessor. However, an alternative may make use of an optional subscriber identity module (44) as defined by the 3rd Generation Partnership Project (3GPP).
  • In a preferred embodiment, the subscriber identity module (44) may take the form of a Java Card as specified by Oracle Corporation. Specifically, the module (44) may be based on the Java Card OpenPlatform (JCOP) serviced by NXP Semiconductors, include a memory chip model trademarked by NXP as MIFARE, and feature MIFARE DESFire EV1 emulation as a proprietary Java Card API extension. Corresponding contactless services are specified by Amendment C to the GlobalPlatform (GP) 2.2.1 architectural component of the JCOP.
  • The mainboard (12) further comprises, inter alia, an Ethernet physical transceiver (30) connected to the
    central processing unit (14) through a media-independent interface (31), an embedded low-energy Bluetooth and Wi-Fi module (40) connected to the central processing unit (14) through a secure digital input/output (41) interface (20), and a short-range radio frequency module (38) connected to the central processing unit (14) through a
    universal asynchronous receiver/transmitter (39). The latter components enable radio-frequency identification (RFID) by the service technician using a smartcard preloaded with digital certificates, e. g., according to the established X.509 standard. As an alternative, such certificates may be transmitted to the module (38) by means of a conventional smartphone through near-field communication (NFC). Both ways, the transfer of keys in a hosted environment or manual confirmation may be considered dispensable.
  • Preferably, the low-energy Bluetooth module (40) supports the iBeacon protocol standardized by Apple Inc., taking the form of a so-called beacon. Based on such transmitter, the mainboard (12) may be adapted to broadcast its identifier to nearby portable electronic devices such as smartphones and tablets. Using a compatible app and operating system, maintenance personnel can thus be guided indoors to the approximate location of a specific control panel (10).
  • Figure 3 depicts the first baseboard (18). Aside from a power converter (32) feeding the power supply (21, 33) and sourcing its
    power over Ethernet (34), the first baseboard (18) most notably comprises a tamper detector (22) connected to the mainboard (12) through a general-purpose input/output (23). In the present embodiment, the tamper detector (22) serves a two-fold purpose: While physical intrusion into the main device (11) will trigger a first type of event, an integrated absolute position transducer and acceleration sensor will trigger a second type event. Such discrimination enables the security administrator to configure a distinct action to be performed in response to each of the two events.
  • Similarly, now referencing Figure 4 , the second baseboard (19), for each of its attachable front ends, comprises an RS-485 transceiver (25) - connected to the first baseboard (18) through a serial network bus (26) - as well as two air-gap switches (27, 28) connected to the first baseboard (18) through an inter-integrated circuit (29).
  • Figure 5 , now focusing on the functional rather than structural aspects of the proposed concept, defines a preferred allocation of the aforementioned keys to implement an asymmetric cryptosystem between the control panel (10) and a front end taking the form of a card reader (46). Accordingly, the cryptographic keys (51, 61) comprise a first private key (51) and a first public key (61). The control panel (10) further stores a digital certificate (55) of said first public key (61) signed (50) by a control-panel certificate authority (47). A second private key (52) and a second public key (62) are associated with and stored on the control-panel certificate authority (47) itself.
  • Correspondingly, the card reader (46) stores a third private key (53), a third public key (63), and a digital certificate (56) of the third public key (63) signed (50) by an additional front-end certificate authority (48). The front-end certificate authority (48) in turn stores its own fourth private key (54) and fourth public key (64).
  • Adding a further level of security to the hierarchy of nodes, the control-panel certificate authority (47) stores a digital certificate of the second public key (62) while the front-end certificate authority (48) stores a digital certificate of the fourth public key (64). These digital certificates of the second and fourth public key (64) themselves are each signed (50) by a trusted root certificate authority (49).
  • In the somewhat simplified embodiment of Figure 6 , a single root certificate authority (49) takes the roles of both the control-panel certificate authority (47) and the front-end certificate authority (48) recited in the context of Figure 5 . During manufacture (57) of the control panel (10), this certificate authority (49)
    generates (59) the first private key (51) and the first public key (61) before signing (60) the digital certificate (55) of the first public key (61). It then transmits (65, 66) this digital certificate (55) to the control panel (10) along with the actual first private key (51) and the first public key (61), receiving from the control panel (10) a checksum (67) etc. in return.
  • Similarly, the certificate authority (49) generates (68) the
    third private key (53) and the third public key (63), signs (60) the digital certificate (56) of the third public key (63), then transmitting (65) the digital certificate (56) as well as the third private key (53) and the third public key (63) to the card reader (46) and expecting a further checksum (67) etc. as confirmation of receipt.
  • Upon rollout, the control panel (10) scans (69) the local network for card readers (46) by broadcasting the first public key (61) on the network. Now in possession of the control panel's public key (61), the
    card reader (46) thus discovered first authenticates (70) the
    control panel (10) via the root certificate authority (49). The card reader (46) then sends (71) its own third public key (63) to the control panel (10), which in turn authenticates (70) the card reader (46) in the same fashion.
  • Once authenticated, the control panel (10) generates (72) a symmetric key, encrypts (73) it using the third public key (63), and sends (74) the encrypted symmetric key to the card reader (46). The latter may now decrypt the symmetric key using the third private key (53), allowing
    the control panel (10) and the card reader (46) to communicate (76) using the symmetric key throughout their remaining power cycle.
  • According to Figure 7 , a service technician (77), to bring the
    control panel (10) into service, initiates the installation (79) and configuration. In this extended use case however, the control panel (10) first authenticates to the associated host system (78) and vice versa. Only after successful installation (79) has been confirmed (81) to her, the
    service technician (77) initiates the installation (79) and configuration of the card reader (46). Now, similar to the rollout phase of Figure 6 , the card reader (46) and the control panel (10) mutually authenticate (80) before the former again confirms (81) successful completion of the installation (79) to the service technician (77).
  • Lastly, Figure 8 illustrates the option of a local key exchange as opposed to the use of a public key infrastructure. In this scenario, as soon as the service technician (77) initiates installation (79) of the control panel (10), the latter scans (69) the local network for new card readers (46). Thus discovered, the card reader (46) again sends (71) the third public key (63) to the control panel (10). Now, as opposed to the embodiments outlined above, the control panel (10) computes (82) a hash of said
    third public key (63), then displaying (83) the hash - for instance, on the user interface of the control panel (10) or by means of an independent app - and prompting (84) the service technician (77) to check the hash against the card reader (46).
  • Once the service technician (77) confirms (85) the hash to the control panel (10), the panel encrypts (86) the first public key (61) using the third public key (63), sending (87) the encrypted first public key (61) to the card reader (46). The card reader (46), on its part, decrypts (88) the first public key (61) using the third private key (53) and is now prepared to encrypt (89) its own outgoing data using the first public key (61) and send (90) the encrypted data to the control panel (10), finally causing the latter to confirm (81) its installation (79) to the service technician (77).
    • Industrial applicability
  • First and foremost, the invention is applicable throughout the security industry.
    • Reference signs list
  • Similar reference signs denote corresponding features consistently throughout the attached drawings:
    • 10
    Control panel
    11
    Main device
    12
    Mainboard
    13
    User interface
    14
    Central processing unit (CPU)
    15
    Flash memory
    16
    Secure element (brazed)
    17
    Add-on module
    18
    First baseboard
    19
    Second baseboard
    20
    Interface
    21
    Internal system supply
    22
    Tamper detector
    23
    General-purpose input/output
    24
    For each front end
    25
    RS-485 transceiver and termination
    26
    Universal serial bus
    27
    First air-gap switch
    28
    Second air-gap switch
    29
    Inter-integrated circuit (I2C)
    30
    Ethernet physical transceiver (PHY)
    31
    Media-independent interface
    32
    DC/DC power converter
    33
    Supply for reader, door opener and add-on modules
    34
    Power over Ethernet plus (PoE+)
    35
    Light-emitting diode (LED)
    36
    Button
    37
    Liquid-crystal display (LCD)
    38
    Short-range radio frequency (RF) module
    39
    Universal asynchronous receiver/transmitter (UART)
    40
    Wireless-fidelity (Wi-Fi) module
    41
    Secure digital input/output (SDIO)
    42
    DDR3 random-access memory (RAM)
    43
    DDR3 memory bus
    44
    Subscriber identity module (SIM)
    45
    Module bus connector
    46
    Card reader
    47
    Panel certificate authority
    48
    Reader certificate authority
    49
    Root certificate authority
    50
    Signed
    51
    First private key
    52
    Second private key
    53
    Third private key
    54
    Fourth private key
    55
    Digital certificate of first public key
    56
    Digital certificate of third public key
    57
    Manufacture
    58
    Operation
    59
    Generation of first private key and first public key
    60
    Signing of digital certificate by root certificate authority
    61
    First public key
    62
    Second public key
    63
    Third public key
    64
    Fourth public key
    65
    Transmission of digital certificate
    66
    Transmission of private key and public key
    67
    At least checksum
    68
    Generation of third private key and third public key
    69
    Scan of local network for card reader
    70
    Authentication via root certificate authority
    71
    Transmission of third public key from card reader to control panel
    72
    Generation of symmetric key
    73
    Encryption of symmetric key using third public key
    74
    Transmission of encrypted symmetric key from control panel to card reader
    75
    Decryption of symmetric key using third private key
    76
    Communication between control panel and card reader using symmetric key
    77
    Service technician
    78
    Host system
    79
    Initiation of installation
    80
    Mutual authentication
    81
    Confirmation of integration and installation
    82
    Computation of hash of third public key
    83
    Display of hash
    84
    Prompt to check hash against card reader
    85
    Confirmation of hash
    86
    Encryption of first public key using third public key
    87
    Transmission of encrypted first public key from control panel to card reader
    88
    Decryption of first public key using third private key
    89
    Encryption of data using first public key
    90
    Transmission of encrypted data from card reader to control panel
    Citation list
  • The following literature is cited throughout this document.
    • Patent literature
    • Non-patent literature
  • NORMAN, Thomas L.. Electronic Access Control. 1st edition. Oxford: Butterworth-Heinemann, 2012. ISBN 0123820286. p.221-239.

Claims (15)

  1. Method of physical access control using a control panel (10),
    comprising
    storing access profiles on the control panel (10),
    controlling, based on the access profiles, front ends using the control panel (10), operating the control panel (10) using a user interface, and
    storing on the control panel (10) parameters, master and transactional data related to the controlling and operating,
    characterized in
    further storing on the control panel (10) cryptographic keys (51, 61) associated with the control panel (10), wherein the front ends are controlled securely using the cryptographic keys (51, 61).
  2. Method according to Claim 1,
    characterized in
    hosting on the control panel (10) a web service for configuring the access profiles using the cryptographic keys (51, 61).
  3. Method according to Claim 1 or Claim 2,
    characterized in
    encrypting the parameters, master and transactional data using the cryptographic keys (51, 61).
  4. Method according to any of the preceding claims,
    characterized in that
    the cryptographic keys (51, 61) comprise a first private key (51) and a first public key (61), wherein the front ends are controlled using an asymmetric cryptosystem.
  5. Method according to any of the preceding claims,
    characterized in
    further storing on the control panel (10) a digital certificate (55) of the first public key (61) signed (50) by a control-panel certificate authority (47), wherein the control-panel certificate authority (47) stores a second private key (52) and a second public key (62) associated with the control-panel certificate authority (47).
  6. Method according Claim 5,
    characterized in
    storing on a card reader (46) among the front ends a third private key (53), a third public key (63), and a digital certificate (56) of the third public key (63) signed (50) by a front-end certificate authority (48), wherein the front-end certificate authority (48) stores a fourth private key (54) and a
    fourth public key (64) associated with the front-end certificate authority (48).
  7. Method according to Claim 6,
    characterized in
    storing on the control-panel certificate authority (47) a digital certificate of the second public key (62) and
    storing on the front-end certificate authority (48) a digital certificate of the fourth public key (64), wherein the digital certificates of the second and
    fourth public key (64) are each signed (50) by a root certificate authority (49).
  8. Method according to Claim 6,
    characterized in that
    the control-panel certificate authority (47) and the front-end certificate authority (48) are one and the same
    root certificate authority (49).
  9. Method according to Claim 8,
    characterized in that
    the control panel (10) scans (69) a local network for the card reader (46) by broadcasting the first public key (61) on the network,
    the card reader (46) authenticates (70) the control panel (10) via the root certificate authority (49),
    the card reader (46) sends (71) the third public key (63) to the control panel (10), the control panel (10) authenticates (70) the card reader (46) via the root certificate authority (49),
    the control panel (10) generates (72) a symmetric key,
    the control panel (10) encrypts (73) the symmetric key using the third public key (63),
    the control panel (10) sends (74) the encrypted symmetric key to the card reader (46),
    the card reader (46) decrypts (75) the symmetric key using the third private key (53), and
    the control panel (10) and the card reader (46) communicate (76) using the symmetric key.
  10. Method according to any Claim 6 to Claim 9,
    characterized in that, to bring the control panel (10) into service,
    a service technician (77) initiates an installation (79) and configuration of the control panel (10),
    the control panel (10) and a host system (78) mutually authenticate (80), the control panel (10) confirms (81) the installation (79) to the service technician (77),
    the service technician (77) initiates the installation (79) and configuration of the card reader (46),
    the card reader (46) and the control panel (10) mutually authenticate (80), and the card reader (46) confirms (81) the installation (79) to the
    service technician (77).
  11. Method according to any of Claim 6 to Claim 8,
    characterized in that, to bring the control panel (10) into service,
    a service technician (77) initiates an installation (79) of the control panel (10),
    the control panel (10) scans (69) a local network for the card reader (46),
    the card reader (46) sends (71) the third public key (63) to the control panel (10),
    the control panel (10) computes (82) a hash of the third public key (63),
    the control panel (10) displays (83) the hash on the user interface,
    the control panel (10) prompts (84) the service technician (77) to check the hash against the card reader (46),
    the service technician (77) confirms (85) the hash to the control panel (10),
    the control panel (10) encrypts (86) the first public key (61) using the third public key (63),
    the control panel (10) sends (87) the encrypted first public key (61) to the card reader (46),
    the card reader (46) decrypts (88) the first public key (61) using the third private key (53),
    the card reader (46) encrypts (89) data using the first public key (61),
    the card reader (46) sends (90) the encrypted data to the control panel (10), and the control panel (10) confirms (81) the installation (79) to the
    service technician (77).
  12. Control panel (10) comprising means for carrying out a method
    according to any of Claim 6 to Claim 11.
  13. Process for the manufacture (57) of the control panel (10) according to
    Claim 12,
    characterized in
    generating (59) the first private key (51) and the first public key (61),
    signing (60) the digital certificate (55) of the first public key (61),
    transmitting (65) the digital certificate (55) of the first public key (61) to the control panel (10),
    transmitting (66) the first private key (51) and the first public key (61) to the control panel (10),
    receiving from the control panel (10) at least a checksum (67),
    generating (68) the third private key (53) and the third public key (63),
    signing (60) the digital certificate (56) of the third public key (63),
    transmitting (65) the digital certificate (56) of the third public key (63) to the card reader (46),
    transmitting (66) the third private key (53) and the third public key (63) to the card reader (46), and
    receiving from the card reader (46) at least a further checksum (67).
  14. Computer program adapted to perform the method according to any of Claim 1 to Claim 11.
  15. Computer-readable storage medium (15, 42) comprising the program according to Claim 14.
EP16155889.5A 2016-02-16 2016-02-16 Control panel, use, and process for the manufacture thereof Withdrawn EP3208777A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP16155889.5A EP3208777A1 (en) 2016-02-16 2016-02-16 Control panel, use, and process for the manufacture thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP16155889.5A EP3208777A1 (en) 2016-02-16 2016-02-16 Control panel, use, and process for the manufacture thereof

Publications (1)

Publication Number Publication Date
EP3208777A1 true EP3208777A1 (en) 2017-08-23

Family

ID=55404588

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16155889.5A Withdrawn EP3208777A1 (en) 2016-02-16 2016-02-16 Control panel, use, and process for the manufacture thereof

Country Status (1)

Country Link
EP (1) EP3208777A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003088166A2 (en) * 2002-04-08 2003-10-23 Corestreet, Ltd. Physical access control
US20070094716A1 (en) * 2005-10-26 2007-04-26 Cisco Technology, Inc. Unified network and physical premises access control server
US20080029598A1 (en) * 2001-12-26 2008-02-07 Vivotech, Inc. Adaptor for magnetic stripe card reader
US20080072314A1 (en) * 2006-09-15 2008-03-20 Tyco Safety Products Canada Ltd. Method and apparatus for automated activation of a security system
US20130222107A1 (en) * 2012-01-20 2013-08-29 Identive Group, Inc. Cloud Secure Channel Access Control
US20140282993A1 (en) * 2013-03-14 2014-09-18 Brivo Systems, Inc. System and Method for Physical Access Control
US20140320261A1 (en) * 2011-03-17 2014-10-30 Assa Abloy Ab Method for upgrading rfid readers in situ

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080029598A1 (en) * 2001-12-26 2008-02-07 Vivotech, Inc. Adaptor for magnetic stripe card reader
WO2003088166A2 (en) * 2002-04-08 2003-10-23 Corestreet, Ltd. Physical access control
US20070094716A1 (en) * 2005-10-26 2007-04-26 Cisco Technology, Inc. Unified network and physical premises access control server
US20080072314A1 (en) * 2006-09-15 2008-03-20 Tyco Safety Products Canada Ltd. Method and apparatus for automated activation of a security system
US20140320261A1 (en) * 2011-03-17 2014-10-30 Assa Abloy Ab Method for upgrading rfid readers in situ
US20130222107A1 (en) * 2012-01-20 2013-08-29 Identive Group, Inc. Cloud Secure Channel Access Control
US20140282993A1 (en) * 2013-03-14 2014-09-18 Brivo Systems, Inc. System and Method for Physical Access Control
US8881252B2 (en) 2013-03-14 2014-11-04 Brivo Systems, Inc. System and method for physical access control

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NORMAN, THOMAS L.: "Electronic Access Control", 2012, BUTTERWORTH-HEINEMANN, pages: 221 - 239
NORMAN, THOMAS L: "Electronic Access Control", 2012, BUTTERWORTH-HEINEMANN, pages: 221 - 239

Similar Documents

Publication Publication Date Title
CN110995642B (en) Providing secure connections using pre-shared keys
CN103714639B (en) A kind of method and system that realize the operation of POS terminal security
CN102315942B (en) Security terminal with Bluetooth and communication method thereof of security terminal and client end
US10567428B2 (en) Secure wireless ranging
CN101131756B (en) Security authentication system, device and method for electric cash charge of mobile paying device
EP2424185A1 (en) Method and device for challenge-response authentication
JP2005509231A5 (en)
CN107104795B (en) Method, framework and system for injecting RSA key pair and certificate
EP2937806A1 (en) Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device
CN110738776B (en) Method and system for opening Bluetooth access control, Bluetooth device and working method thereof
CN109544747A (en) Encryption key update method, system and the computer storage medium of intelligent door lock
CN104464048A (en) Electronic coded lock unlocking method and electronic coded lock unlocking device
CN105827656A (en) Identity authentication method based on NFC payment and device
CN112669104B (en) Data processing method of leasing equipment
EP2215553A1 (en) System and method for authenticating one-time virtual secret information
KR20120072032A (en) The system and method for performing mutual authentication of mobile terminal
CN106027249A (en) Identity card reading method and system
CN102355662A (en) Key exchanging method on basis of wireless low-cost equipment
EP2993856B1 (en) Establishment of communication connection between mobile device and secure element
CN111444496A (en) Application control method, device, equipment and storage medium
CN202918498U (en) SIM card adapter, mobile terminal and digital signature authentication system
EP3208777A1 (en) Control panel, use, and process for the manufacture thereof
CN115297137A (en) Shared bicycle using method, electronic equipment and storage medium
CN106372557B (en) Certificate card information acquisition method, device and system
US8953804B2 (en) Method for establishing a secure communication channel

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20180223

RAV Requested validation state of the european patent: fee paid

Extension state: MA

Effective date: 20180223

Extension state: MD

Effective date: 20180223

RAX Requested extension states of the european patent have changed

Extension state: BA

Payment date: 20180223

Extension state: ME

Payment date: 20180223

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

19U Interruption of proceedings before grant

Effective date: 20191230

19W Proceedings resumed before grant after interruption of proceedings

Effective date: 20200901

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: XCCELO SYSTEMS GMBH

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20201111

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20210323