Method for operating a locking system, locking system, and tube safe

Abstract

A method for operating a locking system comprising an electronic key and an electronic lock and a central unit which in locking operation is used locally separately from the electronic key and the electronic lock, wherein in the method an external authorization code is generated by the central unit by means of an authorization code determination program, the external authorization code is transferred to the electronic key and the external authorization code is saved in a memory by the electronic key, wherein, on interaction of the electronic key with the electronic lock, the external authorization code is read out from the memory by the electronic lock and is checked by a processor of the electronic lock in that, using an internal authorization code determination program, the processor itself determines an internal authorization code and compares it with the external authorization code received by the electronic key and wherein, in the event of the determined internal authorization code being identical to the transferred external authorization code, the processor permits an opening process.

Claims

1. A method for operating a locking system comprising an electronic key and an electronic lock and a central unit which in locking operation is used locally separately from the electronic key and the electronic lock, the method generates an external authorization code by the central unit by means of an authorization code determination program, the external authorization code is transferred to the electronic key and the external authorization code is saved in a memory by the electronic key, on interaction of the electronic key with the electronic lock, the external authorization code is read out from the memory by the electronic lock and is checked by a processor of the electronic lock in that, using an internal authorization code determination program, the processor itself determines an internal authorization code and compares it with the external authorization code received by the electronic key and, in the event of the determined internal authorization code being identical to the transferred external authorization code, the processor permits an opening process; wherein, prior to installation of the electronic lock at its intended location, the electronic lock is activated by the central unit, wherein in so doing the central unit matches the electronic lock identification code and the electronic lock cycle counter status with the identification code saved in the central unit and the stored cycle counter status.

2. A method according to claim 1, wherein the authorization code determination program of the central unit determines the external authorization code in such manner that only one-off opening is permitted therewith.

3. A method according to claim 2, wherein the authorization code determination program of the central unit determines the authorization code inter alia by taking account of a cycle counter.

4. A method according to claim 3, wherein the authorization code determination program of the electronic lock likewise determines the internal authorization code by taking account of a cycle counter.

5. A method according to claim 1, wherein the authorization code determination programs of the central unit and of the electronic lock determine the respective authorization code by taking account of the identification code of the electronic key and of the identification code of the electronic lock.

6. A method according to claim 1, wherein the authorization codes are determined by the authorization code determination programs by means of a hash algorithm.

7. A method according to claim 1, wherein the identification code of the electronic lock is stored in a secured memory.

8. A method according to claim 1, wherein, on activation of the electronic lock, the central unit matches passwords to be stored between the electronic lock and the central unit.

9. A method according to claim 1, wherein an assignment password is matched on activation of the electronic lock.

10. A method according to claim 1, wherein, on activation of the electronic key, the central unit matches the electronic key identification code with the electronic key identification code stored in the central unit.

11. A method according to claim 1, wherein, on activation of the electronic key, an assignment password is saved in the memory.

12. A method according to claim 1, wherein the electronic key identification code is stored in an electronic key memory.

13. A method according to claim 1, wherein it is only possible to write to and read out from the electronic key memory when a security hash code is used.

14. A method according to claim 13, wherein, to save the external authorization code, the security hash code is determined by a processor in the electronic key.

15. A method according to claim 13, wherein, for reading out the external authorization code from the secured memory of the electronic key, a processor in the electronic lock generates a security hash code for accessing the secured memory.

16. A method according to claim 1, wherein a memory of a security processor is used as the memory in the electronic key.

17. A method according to claim 1, wherein status signals of the electronic lock are transferred to the electronic key for display.

18. A method according to claim 17, wherein the electronic key has a processor which controls signal elements for displaying the electronic lock statuses transferred by the electronic lock.

19. An electronic locking system comprising an electronic key and an electronic lock which are configured to be caused to interact with one another by a contact assembly and a mating contact assembly, the electronic key has a processor which interacts with an input unit by means of which an externally generated authorization code is transferable to the processor, the processor interacts with a memory and writes the externally generated authorization code into the memory and the electronic lock has a processor which, on interaction of the electronic key with the electronic lock via the contact assembly and the mating contact assembly, interacts with the memory in the electronic key in order to read out the externally generated authorization code; and wherein, prior to installation of the electronic lock at its intended location, the electronic lock is activated by the central unit, wherein in so doing the central unit matches the electronic lock identification code and the electronic lock cycle counter status with the identification code saved in the central unit and the stored cycle counter status.

20. An electronic locking system according to claim 19, wherein the memory is a secured memory and in that the processor of the electronic key generates a security code in order to save the externally generated authorization code in the secured memory.

21. An electronic locking system according to claim 19, wherein the processor of the electronic lock generates a security code in order to read out the authorization code saved in the secured memory.

22. An electronic locking system according to claim 19, wherein the electronic key has display elements in order to display electronic lock statuses transferred from the electronic lock to the electronic key.

23. An electronic locking system according to claim 22, wherein the processor of the electronic lock transfers status signals regarding the electronic lock statuses to the electronic key processor and in that the electronic key processor controls the electronic key display elements in accordance with the transferred statuses.

24. An electronic locking system according to claim 20, wherein the secured memory is the memory of a security processor.

25. An electronic locking system according to claim 19, wherein the electronic lock is operable by an electrical voltage source of the electronic key.

26. An electronic locking system according to claim 19, wherein the electronic lock comprises a locking drive for actuating a locking bolt.

27. An electronic locking system according to claim 26, wherein the locking drive of the electronic lock is operable by the electrical voltage source of the electronic key.

28. An electronic locking system according to claim 27, wherein the electronic lock has a voltage transformer in order to operate the locking drive.

29. An electronic locking system according to claim 19, wherein the electronic lock has a switch unit in order to activate or immobilize an external locking system.

30. An electronic locking system according to claim 19, wherein the electronic key has an interface for activating the electronic key by means of a central unit.

31. An electronic locking system according to claim 19, wherein the electronic lock has an interface for activating the electronic lock by a central unit.

32. An electronic locking system according to claim 30, wherein the electronic key and the electronic lock are activated by the central unit via a wired connection.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 is a schematic diagram of an electronic key and an electronic lock of a first exemplary embodiment of a locking system according to the invention;

(2) FIG. 2 is a schematic diagram of activation of the electronic key and electronic lock with a central unit of the electronic locking system;

(3) FIG. 3 is a schematic diagram of one possibility for generating and transferring an external authorization code;

(4) FIG. 4 is a perspective front view of a first exemplary embodiment of a tubular safe without an electronic key positioned thereon;

(5) FIG. 5 is a section through the tubular safe alone line 5-5 in FIG. 4 with electronic key positioned thereon;

(6) FIG. 6 is a perspective view of the tubular safe according to FIG. 4 on opening thereof;

(7) FIG. 7 is a schematic diagram similar to FIG. 1 of a second exemplary embodiment of a locking system according to the invention;

(8) FIG. 8 is a further exemplary embodiment of a tubular safe with an electronic lock integrated in a locking lid and a code which characterizes the electronic lock;

(9) FIG. 9 is a sequence diagram which clarifies the transfer of the code between a user and a central information processing facility;

(10) FIG. 10 shows the hand of a user during input of the authorization code into an electronic key;

(11) FIG. 11 shows the use of the electronic key as a handle on opening the electronic lock;

(12) FIG. 12 shows the arrangement of a physical key on the inner side of the tubular safe locking lid;

(13) FIG. 13 is a sequence diagram which clarifies communication between the user, a client computer, a server, an administrator and the electronic lock;

(14) FIG. 14 is a diagram which clarifies the functions from the standpoint of the user, the client computer, the server and the administrator;

(15) FIG. 15 is a schematic circuit diagram for an application of an electronic lock in cooperation with a control device and a motorized lock;

(16) FIG. 16 is a schematic front view of an electronic key, and

(17) FIG. 17 is a schematic view of the reverse side of an electronic key.

DETAILED DESCRIPTION OF THE INVENTION

(18) A first exemplary embodiment shown in FIG. 1 of an electronic locking system 10 according to the invention, designated overall 10, comprises an electronic key 12 and an electronic lock 14.

(19) The electronic key 12 here comprises a contact assembly 16, in particular comprising spring contacts, which can be brought into operative connection with a mating contact assembly 18, in particular comprising concentric contact rings, via a conductive connection by placing the contact assembly 16 onto the mating contact assembly 18.

(20) Due to the electrical interaction between the electronic key 12 and the electronic lock 14, it is then possible, by means of the electronic key 12, to actuate a locking bolt 22, i.e. to move the latter for example from a locked position into an open position or when required also vice versa.

(21) The electronic key 12 comprises for this purpose a voltage source 32, for example in the form of a battery, which supplies a processor 34 with current and voltage.

(22) The processor 34 is capable of interacting with an input unit 36 and with a security processor 38, which is provided with a secured memory 39.

(23) Not only are an identification code ICK and an assignment password of the key 12 stored in the secured memory 39, but an externally generated authorization code BCZ can also be saved therein by the processor 34.

(24) The processor 34 is additionally provided with an interface 42 which serves to activate and/or configure the processor 34.

(25) A data line 44 furthermore leads from the processor 34 to the memory 39 and onward to a data contact 46 of the contact assembly 16.

(26) A ground line 48 leads directly from the voltage source 32 on the one hand to the processor 34 and on the other hand to a ground contact 52 of the contact assembly 16.

(27) Via a switch unit 54, the processor 34 is capable of activating a supply line 58 leading from the voltage source 32 to a supply contact 56 of the contact assembly 16.

(28) On interaction of the contact assembly 16 of the electronic key 12 with the mating contact assembly 18 of the electronic lock 14, the ground contact 52 comes into contact with a mating ground contact 62, in particular in the form of a contact ring, and the supply contact 56 comes into contact with a mating supply contact 66, in particular in the form of a contact ring. A processor 72 provided in the electronic lock 14 is thus activatable by the electronic key 12 and operable with the voltage source 32 of the electronic key 12 without the electronic lock 14 requiring an internal voltage source for this purpose.

(29) Furthermore, the data contact 46 of the contact assembly 16 also comes into contact in this case with a mating data contact 68, in particular in the form of a contact ring, of the mating contact assembly 18, which is in turn connected via a data line 74 to the processor 72.

(30) A memory 76 in the form of an EEPROM, which also accommodates an identification code ICL of the electronic lock 14 and an assignment password, a clock 78 and a locking drive 82 are also coupled with the processor 72.

(31) The processor 72 can furthermore be activated and/or configured via an interface 84 coupled with this processor.

(32) The processor 72 is in turn operated with the voltage of the voltage source 32; in the case of a locking drive 82 likewise to be operated via the voltage source 32, a voltage transformer 86 is preferably provided in the electronic lock 14, which transformer converts the voltage provided by voltage source 32 into a higher voltage for example for operating the locking drive.

(33) A log memory 88, in which activities of the processor 72 of the electronic lock 14 are logged and saved, is additionally associated with the processor 72.

(34) The locking system 10 according to the invention now operates as follows:

(35) The externally generated authorization code BCZ is transferred to the electronic key 12 via the input unit 36 and saved by the processor 34 in the secured memory 39 of the security processor 38.

(36) For this purpose, the processor 34 calculates a security code SC in the form of a hash code and transfers it with the authorization code BCZ to the security processor 38.

(37) Moreover, the processor 34 activates the supply contact 56 via the switch unit 54, such that this supply contact is at the supply voltage of the voltage source 32.

(38) If a connection is made between the contact assembly 16 of the electronic key 12 and the mating contact assembly 18 of the electronic lock 14, the processor 72 of the electronic lock 14 is powered up by a reset solely by the presence of the supply voltage at the mating supply contact 66 and the presence of ground at the mating ground contact 62 and then begins to communicate with the security processor 38 via the connection of the data line 74 to the data line 44.

(39) However, before the content of the secured memory 39 of the security processor 38 is read out, it is checked whether the security processor 38 is per se authorized to exchange data with the processor 72, for example by checking whether the security processor 38 is listed in a list present in the memory 76.

(40) A security code SC is then calculated in the form of a hash code by the processor 72 and, using the security code SC, the secured memory 39, which comprises the authorization code BCZ, is read out.

(41) The memory 39 is here in particular read out without any activity of the processor 34 of the electronic key 12.

(42) Once the authorization code BCZ has been read out, the processor 72 checks on the basis of an internal authorization code BCS determined with an internal authorization code determination program BCEPS and of an authorization code checking program BCUP, which compares the authorization code BCZ with the authorization code BCS with regard to their identical nature, that the authorization code BCZ is correct and, in the case of one of the authorization codes BCZ and BCS, provides opening of the electronic lock 14.

(43) In the event of authorization code BCZ and BCS being identical, the processor 72 in the first exemplary embodiment activates the locking drive 82 and this moves the locking bolt 22 for example from the locking position thereof into the open position thereof, such that the electronic lock 14 then releases access for example to a secured unit.

(44) At the same time, the processor 72 reads out the clock 78 to create a log which records access to the lock 14, reading out of the access data record ZD from the memory 38 and activation of the locking drive 82, wherein this log is then saved in the log memory 88.

(45) All the statuses of the electronic lock 14 which are to be determined by the processor 72 and displayed to the user are preferably not displayed by the electronic lock 14, but instead transferred via the data line 74 and the data line 44 to the processor 34 of the electronic key 12, which then in turn activates one or more optical display units 92, 94, such as for example LED lamps or display devices or acoustic signal generators, such as for example buzzers, or generates sequences of notes which are transmitted by a loudspeaker.

(46) In order to obtain the intended function of the electronic key 12 and the electronic lock 14, both the electronic key 12 and the electronic lock 14 must be activated by a central unit 102 via a wired connection, which central unit is in turn able to access the interface 42 of the electronic key 12 via an interface 104 and the interface 84 of the electronic lock 14 via an interface 106 simultaneously or also in succession or in each case separately, in order to activate both the electronic key 12 and the electronic lock 14, wherein in particular assignment passwords and/or the respective identification code ICK and the respective identification code ICL and cycle statuses ZZ of the cycle counters ZCZ and ZCS are matched or exchanged between the central unit 102 and the electronic key 12 and the electronic lock 14, i.e. either transferred or read out.

(47) After such activation of the electronic key 12 and the electronic lock 14, the respective connections between the interfaces 42 and 104 and 84 and 106 can be broken and the central unit 102 is capable, by means of an authorization code determination program BCEPZ present in the central unit 102, of determining the respective one-off external authorization code BCZ by means of a hash algorithm, which latter authorization code can then be input, for example by the user, via the input unit 36 into the electronic key 12, whereupon the processor 34 of the electronic key 12 is then capable of saving the authorization code BCZ in the secured memory 39.

(48) After interaction with the electronic key 12, the electronic lock 14 is furthermore then capable (as described) of reading out the external authorization code and, using the authorization code determination program BCEPS together with the identification code ICK, the identification code ICS and the cycle status ZZ of the internal cycle counter ZCS, of determining the internal authorization code BCS by means of the same hash algorithm as in the central unit 102, and checking whether the latter authorization code is identical to the external authorization code BCZ and permitting opening of the locking bolt 22.

(49) As shown in FIG. 3, a locking device 10 according to the invention can be used in the field for example in such a way that an operator can, in the case of a lock 14 arranged stationarily in the field, bring about opening of the lock 14 with an electronic key 12 by the following procedure.

(50) An operator wishing to open a lock 14 arranged stationarily in the field, requests the transfer of an external authorization code BCZ from the central unit 102, for example via a mobile communication unit 112, in particular a portable mobile radio device or another communication device.

(51) The central unit 102 can for this purpose check a plurality of details or request a plurality of details which must be available before the authorization code BCZ is obtained.

(52) Such data are for example a local code LC of the lock 14 and/or a personal code PC of the operator and/or time details ZA at the operator's location and/or location details OA of the operator.

(53) All these items of information can be checked by the central unit 102. In the event that checking of all these items of information and details is positive, the central unit 102 generates an external authorization code BCZ, since the central unit 102 can draw conclusions from the local code LC and/or the personal code PC and/or the time details and/or the location details OA regarding the identification codes ICK and ICL and therefore, using the identification code ICK, known to the central unit, of the electronic key 12 to be used for opening and the identification code ICL of the electronic lock 14 to be opened and the cycle status ZZ of the cycle counter ZCZ, uses the authorization code determination program BCEPZ to generate the external authorization code BCZ by means of a hash algorithm, which latter authorization code is transferred to the operator, for example acoustically or as a message or as a data record, for example via the mobile communication unit 112.

(54) The authorization code BCZ is then transferred by the operator or by the mobile communication unit 112 via the input unit 36 to the electronic key 12.

(55) The authorization code BCZ is in particular only an authorization code BCZ which authorizes one-off opening of the electronic lock 14.

(56) The electronic key 12 then saves this authorization code BCZ in the memory 39 by means of a processor 34.

(57) If the contact assembly 16 is then connected with the mating contact assembly 18, the processor 72 of the electronic lock 14 is activated (as already described) and (as already described) reads out the authorization code BCZ from the electronic key 12.

(58) By internal calculation of an authorization code BCS by means of its authorization code determination program BCEPS using the identification code ICK of the electronic key 12 read out from the secured memory 39, the identification code ICK of the electronic lock 14 saved in the memory 76 and the cycle status ZZ of the cycle counter ZCS of the electronic lock 14 and by checking that the authorization code BCZ is identical to the authorization code BCS by means of its authorization code checking program BCUP, the processor 72 is capable of determining whether the external authorization code BCZ is authorized for subsequent opening of the locking bolt 22 and (if this is the case in the event of the authorization codes being identical) the locking drive 82 is activated for actuation of the locking bolt 22.

(59) After the one-off opening of the electronic lock 14, the authorization code BCZ for one-off opening of the electronic lock 14 is used up and can no longer be used for opening this lock.

(60) Even if the access data record ZD were to remain stored in the electronic key 12, renewed activation of the processor 72 of the electronic lock 14 and checking of the authorization code BCZ would reveal that this code was not authorized for re-opening of the electronic lock 14.

(61) In the central unit 102, checking of the items of information transferred via the mobile communication unit 12 with regard to the local code and/or personal code and/or time details and/or location details can be carried out by a person who for example supervises the operator's activities in the field and is capable of evaluating whether these items of information are consistent.

(62) This checking can, however, also be carried out by the central unit 102 under software control.

(63) The authorization code BCZ is, however, determined in the central unit 102 by the authorization code determination program BCEPZ, which makes reference to all or only some of these items of information for determining the authorization code BCZ.

(64) The advantage of the locking system according to the invention can here in particular be considered to be that the electronic lock 14 itself does not require a voltage source, but may be left unused for as long as desired since the entire power supply for activating the processor 72 of the electronic lock and for operating the processor 72 of the electronic lock is provided via the voltage source 32 of the electronic key which is carried by the operator and can therefore always be recharged or replaced by the operator.

(65) Furthermore, due to the activation of the electronic key 12 and the associated electronic lock 14 by the central unit 102, there is an unambiguous correlation between the electronic key 12 and the electronic lock 14 and the central unit 102 and thus an unambiguous correlation between the electronic key 12 intended for opening a specific electronic lock 14 and the likewise correspondingly correlated central unit 102, which applies this correlation of electronic key 12, electronic lock 14 and central unit 102 when calculating the authorization code BCZ. Accordingly, on activation of one or more electronic keys 12 and one or more electronic locks 14 intended for this electrical key 12 by exchange of passwords, exchange or checking of the identification codes ICK and ICS and matching of the cycle counters, initial conditions can be established for the authorization code determination programs BCEPS and BCEPK to be able mutually independently to determine identical authorization codes BCZ and BCS.

(66) Such an electronic locking device can for example be used in a tubular safe designated overall 202 which has a locally fixedly installed tubular body 204 into which a tubular body lid 206 comprising the electronic lock 14 can be inserted and locked to the tubular body 204.

(67) The tubular body lid 206 here bears on the external front side 208 thereof the mating contact unit 18 of the electronic lock 14 with the contact rings 62, 66, 68.

(68) The tubular body 204 is furthermore provided with the local code LC which permits identification of the specific tubular safe 202 at the respective specific location.

(69) As shown in FIG. 5, the tubular body lid serves as a housing for accommodating the electronic lock 14, wherein the locking drive 82 and the locking bolt 22 are also arranged in the tubular body lid 206, such that the locking bolt 22 can engage for example in a locking bolt receptacle 212 on an inner side 214 of the tubular body 204 in order to fix the tubular body lid 206 in its locking position shown in FIG. 5.

(70) Since such tubular safes 202 frequently serve to provide secure storage for access keys, a key container 222 is also retained, for example fixedly mounted or detachably held, on the tubular body lid 206, which container has an accommodation space 224 for a key 226, wherein the key 226 is for example also additionally secured in the accommodation space 224 by a retaining strap 228, such that while the key 226 can indeed be removed from the accommodation space 224, it cannot be separated from the key container 222.

(71) Such a key container 222 has the major advantage that it offers the possibility of arranging the key 226 on the tubular body lid 206 in such a manner that it can be introduced with the tubular body lid 206 into the tubular body 204 simply and without the key being able to jam in the tubular body 204 or between the tubular body 204 and the tubular body lid 206 and can be reliably fixed by locking the tubular body lid 206.

(72) A key container 222 furthermore also offers the possibility, for example when the tubular body 206 is installed in a damp environment, of storing the key 226 dry and/or unsoiled in the tubular body 204, such that for example any dirt entering the tubular body 204 can be kept away from the key 226 during storage thereof.

(73) As shown in FIG. 5 and FIG. 6, the electronic key 12 according to the invention is arranged in a housing 232 which has a reverse side 234 positionable on the front side 208 of the tubular body lid 206, which reverse side has the contact assembly 16 for contacting the mating contact assembly 18 on the front side 208 of the tubular body lid 206 and, on the front side 236 thereof opposite the reverse side 234, bears the input unit 36′ which, in this case, takes the form of a keypad or touch panel and serves for inputting the authorization code BCZ.

(74) A magnetic connection 238 is provided for detachably fixing the housing 232 of the electronic key 12 to the tubular body lid 206, which magnetic connection comprises either two magnets M1 and M2 or a magnet M1 and an element magnetizable thereby.

(75) The magnetic connection here serves not only to fix the electronic key 12 detachably to the electronic lock, but also to align the contact assembly 16 centrally relative to the mating contact assembly 18.

(76) This magnetic coupling between the housing 232 and the tubular body lid 206 makes it possible, when the electronic lock 14 is unlocked, to remove the tubular body lid 206, which constitutes the housing for the electronic lock 14, with the housing 232 of the electronic key 12 from the tubular body 206 by withdrawing the tubular body lid 206 from the tubular body 204.

(77) In order furthermore to permit a local display to the effect that the tubular body lid 206 is reliably located in the tubular body 204, it is for example possible to provide a magnet 242 on the key container 222, to detect the position of the magnet within the tubular body by a magnetic field sensor 244 which is arranged on the tubular body, with regard to the position of the magnet in the tubular body 204, and so to ascertain whether the key container 222 and preferably then also the tubular body lid 206 are arranged in a position in the tubular body 204 in which the tubular body lid 206 is locked by the locking bolt 22 loaded for example by a resilient energy storage mechanism 24.

(78) If the position of the tubular body lid 206 is likewise to be acquired in this respect, it is also possible to arrange a magnet 246 in the tubular body lid 206 and to acquire the position thereof by a magnetic field sensor 248 likewise arranged on the tubular body 204, such that it is possible to detect both the correct position of the key container 222 and the correct position of tubular body lid 206 in the locking position thereof and transfer this for example by a transfer unit 252 either wirelessly or by wired connection to a security center or also the central unit 102.

(79) In a second exemplary embodiment of a locking device 10 according to the invention, shown in FIG. 7, all those parts which are identical to those of the first exemplary embodiment are provided with the same reference signs such that, with regard to the description thereof, reference can be made to the full content of the first exemplary embodiment.

(80) In contrast to the first exemplary embodiment, however, the electronic lock 14′ is not provided with a locking drive 82, but instead with a switch unit 262 which is capable of establishing or interrupting a connection between external terminal connections 264 and 266 of the electronic lock 14′, such that it is possible via the external terminal connections 264 and 266 to activate or immobilize an existing locking system 268.

(81) The external terminal connections 266 and 264 can for example serve to interrupt a current supply to the pre-existing locking system 268 and so disable it or to establish the current supply thereto and thus activate the pre-existing locking system 268.

(82) The existing locking system 268 can here be a locking system of any desired structure which is for example already present and fully installed in a building, such that the locking device 10′ according to the invention merely serves to disable completely or to activate this locking system 268.

(83) A pre-existing locking system 268 which has a low level of security can thus be secured with the locking system 10′ according to the invention which has a very high level of security, without having to completely uninstall the existing locking system 268 and install a new locking system.

(84) A locking device 310 shown in FIG. 8 is formed by a tubular safe 312 which is arranged in theft- and burglar-proof manner in a wall of a building or on a robust support in the vicinity of the building. The tubular safe 312 is closed at the front side thereof by means of a locking lid 314. An electronic lock 316, as is shown and described in detail in WO 2012/045474 A1, the disclosure content of which is hereby included in the subject matter of the present application, is integrated into the locking lid 314.

(85) On the inner side of the locking lid 314, there is arranged a physical key 318 (as shown in FIG. 12), with which it is possible to open at least one access to the building (not shown) and optionally further doors in this building.

(86) On the locking device 310 locked by means of the electronic lock 316, which for example corresponds to that of the first exemplary embodiment, there is arranged a code 320 which characterizes the electronic lock 316. In the exemplary embodiment shown, this code takes the form of a barcode 320, but can also be formed by an Aztec code or an invisible magnetic code. In the simplest case, the code 320 can be manually read out by a user 320. According to an advantageous development, a communication device 324 carried by the user 322 has a sensor or a reader for automatically acquiring the code 320. The communication device 324 can for example be formed by a smartphone, the camera of which, in conjunction with stored application software (an “app”), serves to read in a barcode or alternatively an Aztec code which are used in the exemplary embodiment as the code 320 which characterizes the electronic lock 316. As already mentioned, codes 320 which are invisible, magnetic or transferred via a radio signal may be emitted by the electronic lock 316 or a facility arranged in the vicinity thereof and received or read out by the communication device 324.

(87) The electronic lock 316 is openable by means of an electronic key 332, provided that an authorization code 336 appropriate to the electronic lock 316 is input into this electronic key 332. FIG. 10 shows how the authorization code 336 is input by the user 322 via a keypad arranged on the electronic key 332. The electronic key 332 can then, as shown in FIG. 11, be positioned on the electronic lock 316 and be used directly as a handle for opening the locking lid 314.

(88) According to the invention, however, this process is preceded by the procedure shown in FIGS. 9, 13 and 14, in which the user 322 transfers the item of information which characterizes the electronic lock 316 (the code 320) and an item of information which characterizes this user in the form of a code 326 (for example in the form of a personal password or a letter/number combination) by means of the communication device 324 to a central information processing facility 330 (for example a security service control room). The item of information 320 which characterizes the electronic lock 316 and the item of information 326 which characterizes the user 322 together form a query data record 334 which, in the simplest case, is transferred manually via a telephone call to the central information processing facility 330.

(89) According to an advantageous development of the invention, the query data record 334 is transferred automatically, for example as a character string in a short message (SMS) sent by the communication device 324.

(90) In the information processing facility 330, the query data record 334 with the codes 320 and 326 contained therein is checked, preferably with additional matching with a time parameter 328 (for example the duty roster or planned route of the user 322). If this checking leads to a positive result, the information processing facility 330 generates an authorization code 336, as was described in the first exemplary embodiment of the locking system, and sends this code to the communication device 324. In the simplest case, this may again proceed by means of a telephone call.

(91) According to an advantageous further development, the authorization code 336 is transferred to the communication device 324 automatically, for example in the form of a character string embedded in a short message (SMS).

(92) The authorization code 336 is either transferred by the user 322, as already mentioned in connection with FIG. 10, manually via an input device, in particular a keypad, to the electronic key 332 or the authorization code 336 is transferred automatically by the communication device 324 to the electronic key 332. This transfer may be achieved by the communication device 324 having a transmitter and the electronic key 332 having a receiver which communicates with this transmitter. The transfer can be made, for example, via an infrared signal, via Bluetooth or another suitable short-range transmission protocol.

(93) According to a further development of the invention, the communication device 324 and the electronic key 332 can also form a structural unit which has a sensor for acquiring the code 320, an input device for the code 326, a transmitter for transferring the query data record 334 to the central information processing facility 330, a receiver for receiving the authorization code 336 and a memory for storing the authorization code 336 in the electronic key 232. The structural unit also contains software for acquiring the codes 320 and 326, for automatic transfer of the query data record 334, for automatic reception and for storing the authorization code 336.

(94) The central information processing facility 330 advantageously has at least one client computer 310 and at least one server 3320. The client computer 3310 serves to receive the query data record 34 and to transfer this data record to the server 3320. The data traffic between the client computer 3310 and the server 3320 is denoted 3315 in the Figures.

(95) The server 3320 additionally stores time parameters 328 which for example depict a planned route of the user 322 with a time, preferably with an appropriate time buffer (earliest opening time, latest opening time, latest closing time), which characterizes the opening of the electronic lock 316 in question. All the data in the server 3320 are managed by an administrator 3330. The data traffic between the server 3320 and the administrator 3330 is denoted 3325 in the Figures.

(96) A signal which is automatically transmitted by a transmitter installed on the electronic lock 316 on opening and locking of the electronic lock 316 can also be transferred to the server 3320.

(97) In a further developed embodiment, at variance with the representation in FIGS. 9, 13 and 14, the method and locking system can also function fully automatically without human interaction. Reception of a query data record 334 by the client computer 3310, transfer of the query data record 334 to the server 3320, checking of the characterizing items of information (codes 320 and 326) contained in the query data record 334, matching with the at least one time parameter 328, generation of an authorization code 336 and transfer of the authorization code 336 to the communication device 324, optionally again with interposition of a client computer 3310 can preferably proceed fully automatically under software control.

(98) It has already been described in connection with the possible embodiments of the communication device 324 and the electronic key 332 that the method and system according to the invention for secured approval of an access authorization or for secured key transfer can proceed fully automatically even from the standpoint of the user 322.

(99) According to the invention, the electronic key 332 is provided with an input device 333, by means of which the user 322 can input the authorization code 336, transferred by the central information processing facility 330 to the communication device 324, into the electronic key. Such an electronic key 332 provided with an input device 333 is generally also usable instead of the stationary input devices which are today already in widespread use, in which the input of a code by an authorized user can relatively easily be observed by an unauthorized observer and which consequently represents a considerable security risk. In contrast, a code can be input completely unobserved and at some distance from the electronic lock 316 into a mobile electronic key 332, which is only subsequently used for opening an electronic lock.

(100) As in the exemplary embodiment shown, a key 332 placed onto the electronic lock 316 and preferably temporarily connected by magnetic force to the electronic lock 316 can be used as the electronic key 332. The magnetic forces are provided by a magnet 3329 in the central region of the electronic key 332 and by a counter-magnet 3161 in the central region of the electronic lock 316, which magnets preferably take the form of permanent ring magnets and ensure automatic centering of the electronic key 332 with the electronic lock 316 and alignment of the contacts 3324, 3325 and 3326 with the concentrically arranged mating contact faces 3164, 3165, 3166 on the electronic lock 316 irrespective of their relative angle to one another.

(101) It is, however, likewise possible to use electronic keys 332, for example in the form of a transponder, which interact contactlessly over a certain distance with the electronic lock 316.

(102) The electronic key 332 has a housing 3321, on the front side of which according to FIGS. 10 and 16 is arranged the input device 333. In the exemplary embodiment shown, this is a numerical keypad with 10 number keys 3331, a clear key 3332 (“C”) and an input key 3333 (“OK”). Three contacts 3324, 3325 and 3326 resiliently mounted in the housing project out on the reverse side of the housing 3321, the centrally arranged contact 3325 thereof for example passing the positive voltage, the furthest outwardly located contact 3324 representing the ground connection and the contact 3326 serving for serial data transfer.

(103) The rear view of the electronic key 332 according to FIG. 17 also shows the lid of a battery compartment 3327 behind which a storage battery 3332 is arranged. This takes the form, for example, of a lithium-ion storage battery with an output voltage.

(104) The electronic key 332 is furthermore provided with at least one interface 328, which in the present case is for example formed by a micro-USB interface and serves for programming the electronic key 332 and optionally also for charging the storage battery 3322.

(105) The electronic key 332 interacts either with the electronic lock 316 shown in FIGS. 8 to 13 for example on a tubular safe 312 or on a protected space or another facility for which access authorization is required. The term “facility” should here be interpreted very broadly. An electronic lock 316 can protect not only machines, vehicles or the like, but also safe-deposit boxes, deposit boxes for valuables, safes or doors to security areas.

(106) The example according to FIG. 15 shows that the protected facility can be released by the electronic lock 316 not only directly but also indirectly. In this latter case, the electronic lock 316 comprises a 220 V protective module for a protected facility (not shown) which is ultimately not released until a motorized lock 340 is actuated.

(107) In this case, between the electronic lock 316, which for example corresponds to that of the second exemplary embodiment according to FIG. 7, and the motorized lock 340 a control device 50 is additionally arranged which can be powered by means of an internal power supply, but is not activated until the electronic lock 316 is actuated. Once a valid authorization code 336 has been transferred by the electronic key 332, not shown in FIG. 15, via the mating contact 3166 responsible for data transfer, the external power supply on the control device 350 is activated and the motorized lock 350 actuated. A more detailed description of the control device 50 follows at the end of the description.

(108) The advantage of indirect actuation is that, while the protected facility is not in use, no operating voltage need be applied to it. It can be initialized at any time as required by the electronic key 332 via the electronic lock 316.

Method for operating a locking system, locking system, and tube safe

Assignee

Inventors

Cpc classification

Classification Explorer

G07C9/00912

PHYSICS

Classification Explorer

G07C2009/00634

PHYSICS

Classification Explorer

G07C9/00857

PHYSICS

Classification Explorer

G07C2009/0088

PHYSICS

Classification Explorer

G07C2009/00936

PHYSICS

Classification Explorer

G07C2009/00492

PHYSICS

Classification Explorer

G07C9/00571

PHYSICS

Classification Explorer

G07C9/0069

PHYSICS

Classification Explorer

G07C2009/00761

PHYSICS

International classification

Classification Explorer

G07C9/00

PHYSICS

Abstract

Claims

Description