Electronic key, electronic closure system and a method for allowing an access authorization

Abstract

The invention relates to an electronic key (32) having at least two contacts (324, 325, 326) for the transmission of data and/or energy to an electronic lock (16). In accordance with the invention, the housing (321) of the electronic key (32) comprises an input device (33) for the entry of an authorization code (36). The invention also relates to an electronic closure system with an electronic key (32) and an electronic lock (16) as well as to a method for secure acquisition of an access authorization or for secure delivery of a key to at least one user (22) by means of an electronic lock (16) and at least one electronic key (32) carried by the user (22).

Claims

1. A method for secure acquisition of an access authorization or for secure delivery of a key for at least one user for opening at least one electronic lock device by at least one electronic key device carried by the user the electronic key device having at least two contacts for the transmission of data and energy to the electronic lock device and, the at least one electronic lock device is provided with at least two contacts for receiving energy and data from said electronic key device, comprising the following method steps: transmittal of at least one item of information characteristic of the electronic lock device and the user to a central data processing centre that is remote from the electronic lock device by means of a communication device, examination of the sent information by the central data processing centre, transmittal of an authorization code to the user by means of the communication device in the case of a positive examination of the information, entry, of the authorization code into the carried electronic key device, bringing said electronic key device with its at least two contacts in contact with said at least two contacts of said electronic lock device, energizing said electronic lock device by said electronic key device and transmitting said authorization code to said electronic lock device for unlocking, unlocking of the electronic lock device of verification of such authorization code.

2. A method in accordance with claim 1, wherein the item of information characteristic of the electronic lock device is formed of a number combination or by a bar code.

3. A method in accordance with claim 1, wherein the item of information characteristic of the user is formed by a letter/number combination and/or a password.

4. A method in accordance with claim 1, wherein, before the transmittal of an authorization code to the user, the data processing centre examines the information characteristic of the electronic lock device and the user and in addition examines a time parameter for the place of use and the time of use that is linked to both items of information.

5. A method in accordance with claim 1, wherein said electronic lock device is arranged on a closure cap of a tubular key safe from which, after unlocking of the electronic lock device, a physical key for entering at least one further area is removable.

6. A method in accordance with claim 1, wherein the electronic lock device passes on a current for activating a motor lock that it received from an electrical voltage source in the electronic key device to said motor lock.

7. A method in accordance with claim 1, wherein the electronic lock device passes on a current for activating a control device that it received from an electrical voltage source of the electronic key device to said control device.

8. A method in accordance with claim 1, wherein the electronic lock device and/or the electronic key device released thereby sends an item of information to the central data processing centre upon the activation and/or the deactivation thereof.

9. A method in accordance with claim 1, wherein a mobile telephone is used as a communication device for the transmittal of the at least one item of information characteristic of the electronic lock device and the user and/or for the reception of the authorization code.

10. A method in accordance with claim 1, wherein the communication device is provided an application program by means of which the at least one item of information characteristic of the electronic lock device and the user is detectable and by means of which the code is receivable.

11. A method in accordance with claim 1, wherein the communication device and the electronic key device form a unit.

12. A method in accordance with claim 1, wherein the authorization code is entered into the electronic key device by the user by means of an input device of said electronic key device.

13. A method in accordance with claim 10, wherein by means of the communication device the authorization code is transmissible to the electronic key device.

Description

(1) An exemplary embodiment of the invention is described hereinafter with reference to the drawing. This shows:

(2) FIG. 1 a tubular key safe having an electronic lock integrated into a closure cap and a code characteristic of the electronic lock,

(3) FIG. 2 a flow chart which clarifies the transmission of the codes between a user and a central data processing centre,

(4) FIG. 3 the hand of a user when entering the authorisation code into an electronic key,

(5) FIG. 4 the use of the electronic key as a handle when opening the electronic lock,

(6) FIG. 5 the arrangement of a physical key on the inside of the closure cap of the tubular key safe,

(7) FIG. 6 a flow chart which illustrates the communication process between the user, a client computer, a server, an administrator and the electronic lock,

(8) FIG. 7 a diagram which illustrates the functions of the user, of the client computer, the server and the administrator

(9) FIG. 8 a schematic circuit diagram for an application of an electronic lock in conjunction with a control device and a motor lock,

(10) FIG. 9 a schematic front view of an electronic key, and

(11) FIG. 10 a schematic view of the rear face of an electronic key.

(12) The closure device 10 illustrated in FIG. 1 is formed by a tubular key safe 12 which is arranged in theft-proof and force-resistant manner in a wall of a building or on a stable carrier in the vicinity of the building. The tubular key safe 12 is locked by means of a closure cap 14 on its front face. An electronic lock 16 is integrated into the closure cap 14 as is illustrated and described in detail in WO 2012/045474 A1 the disclosure of which is hereby incorporated in the present application.

(13) As illustrated in FIG. 5, a physical key 18 by means of which at least one entrance to the not illustrated building and optionally further doors in this building can be opened is arranged on the inside of the closure cap 14.

(14) A code 20 characteristic of the electronic lock 16 is arranged on the closure device 10 which is locked by means of the electronic lock 16. In the exemplary embodiment shown here, this code is in the form of a bar code 20, but it could also be in the form of an Aztec code or an invisible magnetic code. In the simplest case, the code 20 can be read out manually by a user 20. In accordance with one advantageous embodiment, a communication device 24 carried by a user 22 incorporates a sensor or a reading device for automatically acquiring the code 20. The communication device 24 can, for example, be formed by a smartphone the camera of which serves in conjunction with a stored application program (“App”) for reading a bar code or alternatively an Aztec code which is used in the exemplary embodiment as a code 20 characteristic of the electronic lock 16. As has already been mentioned, codes 20 conveyed invisibly such as magnetically or by a radio signal can also be sent out by the electronic lock 16 or a device arranged in its proximity and received or read out by the communication device 24.

(15) The electronic lock 16 is unlockable by means of an electronic key 32 insofar as an authorisation code 36 matching the electronic lock 16 is entered into this electronic key 32. FIG. 3 illustrates how the authorisation code 36 is entered by the user 22 via a keyboard arranged on the electronic key 32. Afterwards, the electronic key 32 can then be placed on the electronic lock 16 as shown in FIG. 4, and be used directly as a handle for opening the closure cap 14.

(16) In accordance with the invention however, this process is preceded by the procedure that is illustrated in FIGS. 2, 6 and 7 wherein the user 22 transmits to a central data processing centre 30 such as the control centre of a security agency for example an item of information characteristic of the electronic lock 16 (the code 20) and an item of information characteristic of himself in the form of a code 26—in the form of a personal password or a letter/number combination for example—by means of the communication device 24. The item of information 20 characteristic of the electronic lock 16 and the item of information 26 characteristic of the personage of the user 22 together form a request data set 34 which, in the simplest case, is conveyed manually by means of a telephone call to the central data processing centre 30. In accordance with one advantageous embodiment of the invention, the transmission of the request data set 34 is automated, for example, in the form of a character string in a short text message (SMS) that is sent by the communication device 24.

(17) The request data set 34 with the codes 20 and 26 contained therein is examined in the data processing centre 30 preferably using an additional comparison with a time parameter 28 (for example the roster or route plan of the user 22). Insofar as this examination leads to a positive result, the data processing centre 30 sends an authorisation code 36 to the communication device 24. In the simplest case, this may again be effected by a telephone call. In accordance with one advantageous development, the transmission of the authorisation code 36 to the communication device 24 is automated, for example, in the form of a character string embedded in a short text message (SMS).

(18) As already mentioned in connection with FIG. 3, the authorisation code 36 is transferred to the electronic key 32 by the user 22 either manually via an input device, especially a keyboard, or, the authorisation code 36 is transmitted automatically by the communication device 24 to the electronic key 32. This transmission can be effected by equipping the communication device 24 with a transmitter and the electronic key 32 with a receiver communicating with this transmitter. For example, the transmission can take place using an infrared signal, Bluetooth or some other suitable close-range transmission protocol.

(19) In accordance with a further development of the invention, the communication device 24 and the electronic key 32 can also be in the form of a structural unit which comprises a sensor for capturing the code 20, an input device for the code 26, a transmitting device for the transmission of the request data set 34 to the central data processing centre 30, a receiver for the receipt of the authorisation code 36 and a memory for storing the authorisation code 36 in the electronic key 32. The structural unit also contains software for detecting the codes 20 and 26, for the automated transmission of the request data set 34, for the automated receiving process and for the storage of the authorisation code 36.

(20) The central data processing centre 30 advantageously comprises at least one client computer 310 and at least one server 320. The client computer 310 serves for the receipt of the request data set 34 and for transmission of this data set to the server 320. The data traffic between the client computer 310 and the server 320 is designated 315 in the Figures.

(21) In the server 320, there are additionally stored time parameters 28 which, for example, illustrate a route plan of the user 22 with a characteristic time for the opening of the pertinent electronic lock 16, preferably including a suitable time buffer (earliest opening time, latest opening time, latest closure time). All the items of data in the server 320 are administered by an administrator 330. The data traffic between the server 320 and the administrator 330 is designated 325 in the Figures.

(22) Preferably, a signal that is sent automatically by a transmitter installed in the electronic lock 16 upon the opening and closure of the electronic lock 16 is also conveyed to the server 320.

(23) In one more developed embodiment and in contrast to the illustration in the FIGS. 2, 6 and 7, the method in accordance with the invention and the system in accordance with the invention can also function fully automatically without human interaction. The receipt of a request data set 34 by the client computer 310, the transmission of the request data set 34 to the server 320, the examination of the characteristic items of information (codes 20 and 26) contained in the request data set 34, the comparison with the at least one time parameter 28, the generation of an authorisation code 36 and the transmission of the authorisation code 36 to the communication device 24, if necessary again via the intermediary of a client computer 310, can all be effected fully automatically preferably under software control.

(24) That the method and system in accordance with the invention for the secure provision of an access authorization and/or for the secure delivery of a key can also be effected fully automatically at the user end 22 has already been described in the context of the possible embodiments of the communication device 24 and the electronic key 32.

(25) In accordance with the invention, the electronic key 32 is provided with an input device 33 by means of which the user 22 can enter into the electronic key the authorisation code 36 conveyed from the central data processing centre 30 to the communication device 24. An electronic key 32 provided with an input device 33 of this type is also generally usable in place of the widespread static input devices utilised today in which the entering of a code by an authorized user can be relatively easily observed by an unauthorized observer and thus represents a considerable safety risk. On the other hand, the entry of a code into a mobile electronic key 32 which is only used subsequently for opening an electronic lock can take place completely unobserved even at some distance from the electronic lock 16.

(26) As in the exemplary embodiment shown here, a key 32 that is placed upon the electronic lock 16 and temporarily connected to the electronic lock 16 preferably by means of magnetic force can be used as an electronic key 32. The magnetic forces are provided by a magnet 329 in the central region of the electronic key 32 and by a mating magnet 161 in the central region of the electronic lock 16, said magnets preferably being in the form of permanent ring magnets which cater for automatic centering of the electronic key 32 with the electronic lock 16 and also for aligning the contacts 324, 325 and 326 relative to the concentric mating contact surfaces 164, 165, 166 on the electronic lock 16 independently of their relative angle.

(27) Likewise however, electronic keys 32 in the form of a transponder for example which cooperate in contact-less manner over a certain distance with the electronic lock 16 are usable.

(28) The electronic key 32 comprises a housing 321 having the input device 33 arranged upon the front face thereof in accordance with FIGS. 3 and 9. In the exemplary embodiment shown here, the input device is a numeric keyboard with 10 digit keys 331, an erase key 332 (“C”) and an enter key 333 (“OK”). On the rear face of the housing 321, there project out three contacts 324, 325 and 326 which are spring mounted in the housing, and of these, the centrally arranged contact 325 for example carries the plus voltage, the outermost contact 324 provides the earth connection and contact 326 serves for serial data transmission.

(29) In the rear view of the electronic key 32 in accordance with FIG. 10, there is also indicated the cover of a battery compartment 327 behind which an accumulator 332 is arranged. This for example, is in the form of a lithium ion accumulator having an output voltage of 3.7 V.

(30) A voltage transformer in the form of a DC/DC converter 323 is arranged in the electronic key 32 for increasing the output voltage to 12 V for example.

(31) Furthermore, the electronic key 32 is provided with at least one interface 328 which in the present case for example is formed by a micro USB interface and serves for programming the electronic key 32 and optionally also for charging the accumulator 322.

(32) The electronic key 32 co-operates with either the electronic lock 16 such as a tubular key safe 12 for example that is shown in FIGS. 1 to 5 or a protected area or some other device requiring access authorization. Here, the term “device” is to be interpreted very widely. The devices may be machines, vehicles or the like, but could also be lockers, safe-deposit boxes or safes or doors to security areas that are to be protected by an electronic lock 16.

(33) The example in accordance with FIG. 8 shows that the protected device can be released not only directly, but also indirectly by the electronic lock 16. In this case, the electronic lock 16 works as a 220 V protective module for a not illustrated protected device which is eventually released by the actuation of a motor lock 40.

(34) In this case, yet another control device 50 is arranged between the electronic lock 16 and the motor lock 40, wherein this device is adapted to be powered by its own voltage supply but is only activated by the actuation of the electronic lock 16. After the transmission of a valid authorisation code 36 from the electronic key 32 that is not illustrated in FIG. 8 via the mating contact 166 responsible for the transmission of data, the external voltage supply in the control device 50 is activated and actuates the motor lock 50. On the other hand, the voltage needed for operating the control device 50 is provided by the electronic key 32 via the electronic lock 16 for the phase involving the examination of the authorisation code 36. A more detailed description of the control device 50 follows at the end of the description.

(35) The advantage of an indirect actuating process is that if the protected device is not being used then an operating voltage does not have to be applied thereto. This can be initialised when required at any time by the electronic key 32 via the electronic lock 16.

(36) In place of the three contacts 324, 325 and 326 of the electronic key 32 and the three mating contacts 164, 165 and 166 of the electronic lock shown here, two of these contacts are sufficient in the case of a modification wherein the data transmission process is effected simultaneously over the earth contact for example.

(37) A lithium ion accumulator 322 having an input voltage of 3.7 V can briefly provide an output power of 7 Watts by means of a high efficiency DC/DC converter having an output voltage of 12 V. The capacity of the accumulator 322 is then enough for approx. 700 opening actions without being recharged. An under-voltage protective device preferably signals to the electronic key 32 by means of a diode and/or a buzzer that the accumulator voltage has fallen to 2.7 V for example, so that recharging of the accumulator 322 must take place before it can be further employed.

(38) It is also advantageous to provide a not illustrated capacitor in the control device 50 for buffering the energy conveyed by the electronic key 32. The capacitor is charged during or immediately after examination of the access authorization and then it alone effects the subsequent opening or release process using its stored charge capacity. The capacitor ensures that the electronic lock 16 does not remain hanging in an intermediate position during an opening process in the event of inadequate residual capacity of the accumulator 322.

(39) By using parts from the mobile telephony field, the electronic key, the electronic closure system and the method in accordance with the invention are realizable in an economical manner.

(40) Description of the Control Device 50:

(41) Functional Modules

(42) The control electronics can be divided into 5 sub-function modules: micro-controller with memory and a reset controller identification module with timer and signalling function switching stage and fixed voltage outputs current supply DC/DC converter (when this module is used, the external current supply is dispensed with!)
Micro-Controller with Memory and Reset Controller:

(43) A PIC micro-controller from the company Microchip is used for the central control system and the evaluation of all the exchanges of information between a Pylocx system key (electronic key 32) and the control device 50 inclusive of the control of the motor lock 40. In this connection, power consumption, high integration density, economics as well as the great experience with the PC assembler play the crucial role. In order to store data in non volatile manner, the micro-controller communicates over an I.sup.2C bus with an EEPROM at 256 Kb.

(44) A reset controller is utilised in order to switch the micro-controller on and off in a defined manner when switching on the current supply or in the event of short term interruptions of the voltage. This reset controller switches the micro-controller into the reset state at an operating voltage of <2.4V and removes the reset state at an operating voltage of >2.7V.

(45) Identification Module with Timer and Signaling Function:

(46) Each control module (control device 50) must possess an unambiguous, unique and unchangeable identification. The selected component from the DS Family of the company Dallas possesses such a ROM code and is thus outstandingly suitable. In addition, a real-time clock which is necessary for logging events is integrated into this component. Naturally, the real-time clock needs a continuous current supply for which reason a lithium button cell is used here. The lithium cell ensures a supply of current for the real-time clock for at least 10 years. The identification component communicates with the micro-controller using a micro-LAN protocol.

(47) In order to inform the operator about the states of the control device 50, there is an integrated acoustic signal generator (piezo bleeper) which is very easy to hear even through the housing. If a remote signalling function should be desired, an acoustic and/or an optical signal source is connectable via the corresponding output. This external signalling function runs synchronously with the internal one.

(48) Switching Stage and Fixed Voltage Outputs:

(49) The control module (control device 50) has to be very versatile with regard to the motor locks 40 and electrical bolts that are to be attached. For this reason, a relay is selected as a potential-free change-over-switch for controlling the motor locks 40 or the electrical bolts. If a DC voltage is needed for controlling circuit elements, then a fixed voltage can be connected over the corresponding output by the potential-free change-over-switch. The fixed voltage output can be configured by means of a jumper (in the interior of the control device). There are 3 voltages to choose from: 6V, 9V or 12V each providing a maximum of 500 mA. The fixed voltages are stabilized and screened (residual ripple<20 mV).

(50) Current Supply:

(51) The control module (control device 50) is powered by mains voltage. A power unit in the form of an encapsulated switched-mode power supply is used. A fine fuse (200 mA, slow-acting) is provided in the primary circuit of the power unit for overload protection purposes. The fine fuse is located inside the control device 50. Input voltages of 110 to 250 V AC 50/60 Hz are connectable by appropriate circuitry in the switched power supply. The switched power supply delivers a 12 V DC output voltage, the 6 V DC and the 9 V DC are generated from the 12 V DC using a fixed voltage regulator (on the cooling plate).

(52) In the event of a power failure, the control device 50 can be supplied with an external voltage (emergency power). For this purpose, a Pylocx emergency power unit is connected to the Pylocx contact point (electronic lock 16). The voltage of the internal battery (9V) of the Pylocx emergency power unit is thereby made available directly to the control module (control device 50) via the central contact 165 of the Pylocx contact point (electronic lock 16). The corresponding Pylocx transponder is then connected in this way to the emergency power unit. The further operation is the same as in normal operation. It should be taken into consideration that 12 V locks can only be supplied to a limited extent by the 9 V emergency power source. In like manner, the current is limited to 300 mA due to battery operation.

(53) DC/DC Converter:

(54) The DC/DC converter is activated over the emergency power input (innermost contact of the contact point) of the control device. The voltage (3.7 V DC) of the accumulator 322 being fed in here from the electronic key 32 is transformed up by the DC/DC converter to 12 V DC. This 12 V DC is supplied to the power supply unit of the control device. Instead of the 12 V DC that is generated by the switched power supply from the 230 V AC, this 12 V DC is now directly available for the internal electronics of the control device as well as for the activation of an external motor lock. Consequently, an external power supply is not necessary for the operation of the system.

(55) Further Hardware Components in the Control Electronics:

(56) A 5-pole contact strip is provided for loading the firmware of the micro-controller during the manufacturing process. A software update of the firmware can also be carried out via this contact strip. The contact strip is located directly on the printed circuit board of the control device 50 and is not accessible to the user. Moreover, EMV protection components are provided outwardly on the interfaces. The micro-LAN, the control inputs and the universal input are protected by suppressor diodes, the external signal output is protected by a VDR over voltage device. In order to increase the protective function, further elements for protecting the micro-LAN line and the operating voltage line are located on the printed circuit board. The micro-LAN line is protected by a further varistor. The emergency power line is likewise protected by a varistor. In addition, a Zener diode with PPTC is inserted for the protection of the DC voltage. By virtue of these measures, DC voltages (without current limiting) of up to 30V and static high voltages of up to 6 kV are reliably blocked. In order to block 220 V alternating voltage which can be fed in over the contact point, two gas discharge tubes in a separate housing can be connected between the control device 50 and the contact point (electronic lock 16). The mandatory blocking capacitors were taken into consideration.

LIST OF REFERENCES

(57) 10 closure device 12 tubular key safe 14 closure cap 16 electronic lock 161 mating magnet 164 mating contact surfaces 165 mating contact surfaces 166 mating contact surfaces 18 key 20 code (for 16) 22 user 24 communication device (of 22) 26 code (of 22) 28 time parameter 30 data processing centre 310 client computer 315 data traffic (between 310 and 320) 320 server 325 data traffic (between 320 and 330) 330 administrator 32 electronic key 321 housing 3211 attachment eye 322 accumulator 323 voltage converter (DC/DC) 324 contact 325 contact 326 contact 327 battery compartment 328 interface (e.g. micro USB) 329 magnet 33 input device (keyboard) 331 keys (alphanumeric) 332 erase key (Dear) 333 enter key (OK) 34 request data set 36 authorisation code 38 opening/closure signal (from 16) 40 motor lock 50 control device