`
`(19) World Intellectual Property Organization
`International Bureau
`
`7 June 2001 (07.06.2001) AQUATATAA
`
`(43) International Publication Date
`
`(10) International Publication Number
`WoO01/40605 Al
`
`
`(51) International Patent Classification’:
`GO7C 9/00, HO4M 11/00
`
`E05B 49/00,
`
`(81) Designated States (national): AE, AG, AL, AM, AT, AT
`(utility model), AU, AZ. BA, BB, BG, BR, BY, BZ, CA,
`CH. CN, CR, CU, CZ, CZ (utility model), DE, DE (utility
`model), DK, DK (utility model), DM, DZ, EE, EE (utility
`(21) International Application Number:=PCT/DK00/00655
`model), ES, FI, FI (utility model), GB, GD, GE, GH, GM,
`HR, HU, ID, IL, IN, 1S, JP, KE, KG, KP, KR, KZ, LC, LK,
`LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, Mx,
`MZ, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SK
`(utility model), SL, TJ, TM, TR, TT, TZ, UA, UG, US, UZ,
`VN, YU, ZA, ZW.
`
`(22) International Filing Date:
`30 November 2000 (30.11.2000)
`
`(25) Filing Language:
`
`English
`
`(26) Publication Language:
`
`English
`
`(30) Priority Data:
`PA 199901714
`
`30 November 1999 (30.11.1999)
`
`DK
`
`(71) Applicant (for all designated States except US): BOR-
`DING DATA A/S [DK/DK]; Naverland 1C, DK-2600
`Glostrup (DK).
`
`(72) Inventor; and
`(75) Inventor/Applicant (for US only): NIELSEN, Ernst,
`Lykke [DK/DK]: Eggjevej 78, DK-4600 Kyge (DK).
`
`(74) Agent: HOFMAN-BANGA/S; Hans Bekkevolds Alle 7,
`DK-2900 Hellerup (DK).
`
`(84) Designated States (regional): ARIPO patent (GH, GM.
`KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian
`patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), European
`patent (AT, BE, CH, CY, DE, DK,ES, FI, FR, GB, GR,IE,
`IT, LU, MC, NL, PT, SE, TR), OAPI patent (BF, BJ. CF,
`CG,CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG).
`
`Published:
`-- With international search report.
`
`For two-letter codes und other abbreviations, refer to the "Guid-
`ance Notes on Codes andAbbreviations" appearingat the begin-
`ning ofeach regular issue of the PCT Gazette.
`
`
`
`(54) Title: AN ELECTRONIC KEY DEVICE, A SYSTEM AND A METHOD OF MANAGING ELECTRONIC KEY INFOR-
`MATION
`
`Pefinition facee
`oO
`authority to
`“SS Tight
`3dministrate iS +
`
`
`
`
`
`admini-
`
`access
`
`strator
`
`O01/40605Al
`
`S
`
`control
`
`unit
`
`(57) Abstract: An efficient method and a system for controlling acccss to a location secured by a lock mechanism controlled by
`a lock control unit, which may provide a high degree of flexibility and a high level of security; the method comprises the steps
`of storing a first access code in the lock control unit, the first access code being indicative of a predeterminedaccessright to the
`location; storing a second access codein a second storage means; using an electronic key device for requesting accessto the location
`by initiating transmitting the access code from the second storage meansto the lock control unit; comparing the transmitted second
`access code with the first access code; andif the first access code correspondsto the second access code,initiating operating the lock
`mechanism; the invention further relates to a method of managing a predetermined accessrightto a location.
`4
`
`APPLE 1005
`
`1
`
`APPLE 1005
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`An electronic key device,
`
`a
`
`system and a method of
`
`managing electronic key information
`
`The invention relates to a method of controlling access
`
`to a location, where access to the location is restricted
`
`by a lock mechanism. Further the invention relates to an
`
`access control system which allows suppliers of goods or
`
`services
`
`to access
`
`a
`
`location, which would otherwise
`
`prevent delivery of
`
`the goods or
`
`the services. Further
`
`10
`
`the invention relates to an electronic key device,
`
`a lock
`
`control unit
`
`and a computer
`
`system for use
`
`in such a
`
`system,
`
`a storage module for use in such an electronic
`
`key device,
`
`and a method of managing a predetermined
`
`access right to a location.
`
`15
`
`20
`
`25
`
`30
`
`Particularly in blocks of flats or companies it is common
`
`that
`
`a number of outer or
`
`front doors or
`
`intermediate
`
`doors must
`
`be passed before getting to a point of
`
`service,
`
`such as an apartment door,
`
`a mailbox,
`
`a service
`
`station or a meter for appliances, an area to be cleaned,
`
`etc. For example in case of delivery of newspapers,
`
`the
`
`delivery man often has to gain access to a stairway in
`
`order to be able to deliver the newspapers at
`
`the locked
`
`private doors or put
`
`them into the letter boxes.
`
`It
`
`frequently causes great difficulties to the delivery men
`
`to find the correct keys in a large bundle of keys, and
`
`the locks are frequently exchanged without
`
`the delivery
`
`company being informed of
`
`this. For
`
`reasons of security
`
`it is also more and more common to lock doors or gates to
`
`backyards, residential areas or company properties, where
`
`for example refuse containers may be placed,
`
`so that the
`
`refuse collection firms have a problem quite similar to
`
`the
`
`firms which
`
`deliver
`
`newspapers.
`
`It will
`
`be
`
`appreciated that similar problems are faced by:
`
`2
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`* postmen
`
`* cleaning companies
`
`*
`
`e
`
`emergency physicians
`
`home help and other care workers
`
`¢ policemen
`
`e
`
`firemen
`
`e artisans
`
`¢ caretakers/superintendents
`
`e
`
`and others.
`
`10
`
`Some of
`
`the above service providers require access on a
`
`daily basis,
`
`such as postmen,
`
`some may require access at
`
`certain time periods,
`
`such as on certain weekdays or at
`
`certain times
`
`of
`
`the
`
`day,
`
`for
`
`example
`
`a
`
`newspaper
`
`delivery man may require access between 6 a.m. and 9 a.m.
`
`15
`
`Furthermore, different
`
`services/deliveries may
`
`require
`
`different access
`
`rights,
`
`for example
`
`firemen,
`
`security
`
`companies or police may require access to all facilities,
`
`while a mailman only requires access to a mailbox.
`
`Thus
`
`an object
`
`of
`
`the
`
`invention is
`
`to provide
`
`an
`
`20
`
`efficient method and a system for controlling access to a
`
`location secured by a lock mechanism controlled by a lock
`
`control unit, which may provide
`
`a
`
`high
`
`degree
`
`of
`
`flexibility and a high level of security.
`
`This is achieved when a method of controlling access to a
`
`25
`
`location secured by a lock mechanism controlled by a lock
`
`control unit
`
`including first storage means comprises the
`
`steps of
`
`3
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`storing a first access code in the first storage means,
`
`the first access code being indicative of a predetermined
`
`access right to the location;
`
`storing a second access code in a second storage means;
`
`using an electronic key device for requesting access to
`
`the location by initiating transmitting the second access
`
`code from the second storage means
`
`to the lock control
`
`unit;
`
`comparing the transmitted second access
`
`code with the
`
`10
`
`first access code stored in the first storage means; and
`
`if the first access code corresponds to the second access
`
`code,
`
`initiating operating the lock mechanism.
`
`Consequently,
`
`it is an advantage of the invention that a
`
`plurality
`
`of
`
`different
`
`access
`
`codes
`
`to
`
`different
`
`15
`
`buildings may be
`
`stored and
`
`related to one or more
`
`electronic key devices,
`
`providing a
`
`flexible way of
`
`customising an access right profile for each electronic
`
`key device.
`
`20
`
`25
`
`30
`
`It
`
`is another advantage of
`
`the invention that each lock
`
`control unit may be provided with a specific set of valid
`
`access
`
`codes
`
`for
`
`that particular
`
`lock control unit.
`
`Therefore, a high degree of advanced functionality may be
`
`implemented by the method according to the invention,
`
`such as different security levels for
`
`a given building,
`
`self-destructive access codes, conditioned access codes,
`
`access codes for limited periods of times, etc.
`
`It
`
`is
`
`a
`
`further advantage of
`
`the invention that
`
`the
`
`access right profile of individual electronic key devices
`
`and lock control units may be changed on short notice or
`
`in regular or random time intervals in order to increase
`
`the security of the access control.
`
`4
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`A location according to the invention may be a physical
`
`location,
`
`such as
`
`a building,
`
`an area, or
`
`some other
`
`residential,
`
`industrial,
`
`commercial or office facility,
`
`where access
`
`to the location is controlled by a
`
`lock
`
`mechanism,
`
`such as a physical
`
`lock at a door, a window,
`
`a
`
`gate
`
`or
`
`the
`
`like. Access
`
`to
`
`the
`
`location may
`
`be
`
`controlled at
`
`a single point of entry or at a plurality
`
`of access points. Furthermore,
`
`a
`
`location may also be a
`
`part of
`
`a building, area, etc.,
`
`and,
`
`according to the
`
`10
`
`invention, access to different parts of a location may be
`
`controlled individually,
`
`such as at
`
`an outer gate,
`
`a
`
`front door, within an elevator granting access at all or
`
`selected floors,
`
`at
`
`doors
`
`to
`
`individual
`
`apartments,
`
`offices,
`
`sections,
`
`rooms,
`
`storage facilities,
`
`such as
`
`15
`
`drawers, safes, etc. The location may be stationary, such
`
`as a building, or mobile such as a vehicle,
`
`a container,
`
`a ship, or the like.
`
`Furthermore,
`
`the location may also be an installation,
`
`an
`
`such
`
`as
`
`a
`
`control unit
`
`of
`
`industrial
`
`facility,
`
`20
`
`electric meter,
`
`a
`
`computer
`
`system or
`
`the like, where
`
`access to the location is controlled by a lock mechanism,
`
`such
`
`as
`
`a physical
`
`lock
`
`at
`
`a
`
`control
`
`box,
`
`or
`
`an
`
`electronic lock,
`
`such as a hardware lock of a computer.
`
`The
`
`term access
`
`to a
`
`location may also comprise user
`
`25
`
`access to a computer or computer program where access is
`
`controlled by
`
`a
`
`software
`
`lock mechanism restricting
`
`access
`
`to a
`
`software application,
`
`to stored data,
`
`communications facilities, or the like.
`
`An access
`
`right according to the invention may be the
`
`
`
`30
`
`right
`
`to interact with a
`
`location. Examples of access
`
`rights include the right to enter a building, an area,
`
`a
`
`facility, etc.,
`
`the right to operate a machine,
`
`a device,
`
`a vehicle,
`
`a computer, etc.,
`
`the right to open or close a
`
`door,
`
`a Window,
`
`a container,
`
`a box, etc.,
`
`and the right
`
`5
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`to receive or deliver goods, data information, etc., as
`
`the access
`long as
`mechanism.
`
`right can be controlled by a
`
`lock
`
`An access
`
`right may have certain attributes specifying
`
`properties
`
`of
`
`the
`
`access
`
`right.
`
`Examples
`
`of
`
`such
`
`properties
`
`include
`
`one
`
`or more validity periods,
`
`a
`
`security level, an identification of related lock control
`
`units and/or electronic key devices,
`
`a password,
`
`a number
`
`of
`
`times
`
`the
`
`access
`
`right
`
`is valid,
`
`or
`
`any other
`
`10
`
`attribute specifying a property of the access right.
`
`When the electronic key device is a mobile communications
`
`device,
`
`the method may
`
`be
`
`implemented with standard
`
`devices, which may be used for
`
`regular communications
`
`purposes.
`
`15
`
`When
`
`the electronic key device
`
`comprises
`
`the
`
`second
`
`storage means,
`
`the transmission of the second access code
`
`to the lock control unit may be based upon a short range,
`
`fast communications channel.
`
`Consequently,
`
`in
`
`a preferred embodiment
`
`the method
`
`20
`
`further comprises
`
`the step of
`
`transmitting the second
`
`access code from the electronic key device to the lock
`
`control unit. It is an advantage of this embodiment that
`
`the direct communication is fast and does not need to
`
`involve an additional communications network provider.
`
`25
`
`30
`
`When the step of transmitting the second access code from
`
`the
`
`second
`
`storage means
`
`to
`
`the
`
`lock
`
`control unit
`
`comprises
`
`the step of
`
`transmitting the access code via
`
`wireless
`
`data
`
`communication,
`
`a
`
`fast
`
`and
`
`convenient
`
`interface between the electronic key device and the lock
`
`control unit may be provided without
`contact.
`
`the need of physical
`
`6
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`In a preferred embodiment of
`
`the invention the wireless
`
`data communication utilises infrared data communication.
`
`It
`
`is
`
`an
`
`advantage
`
`of
`
`this
`
`embodiment
`
`that
`
`the
`
`communication may
`
`be
`
`based
`
`upon
`
`reliable
`
`standard
`
`components which are available as part of many devices,
`
`such as mobile phones, personal digital assistants, or
`
`the like.
`
`When
`
`the second storage means
`
`iS a
`
`removable
`
`storage
`
`module
`
`adapted
`
`to
`
`be
`
`removably
`
`inserted into
`
`the
`
`10
`
`electronic key device,
`
`a standard device may be easily
`
`adapted for the use according to the invention and access
`
`codes may be transferred to the electronic key device by
`
`insertion of a suitable storage module.
`
`When
`
`the method
`
`further
`
`comprises
`
`the
`
`step
`
`of
`
`transmitting, via a communications network, at least one
`
`access code from an access code management system to a
`
`selected one of
`
`the electronic key device and the lock
`
`control
`
`unit,
`
`access
`
`codes may
`
`be
`
`generated
`
`and
`
`maintained at a central computer system and transmitted
`
`to the electronic key device or the lock control unit. It
`
`is an advantage of the invention that an access code may
`
`be transmitted to a plurality of electronic key devices
`
`and
`
`lock control units
`
`substantially simultaneously.
`
`Hence,
`
`a synchronisation between lock control units and
`
`electronic key devices may be ensured at all times.
`
`15
`
`20
`
`25
`
`When the method further comprises the steps of sending a
`
`request
`
`from the electronic key device to an access code
`
`Management
`
`system comprising the second storage means;
`
`and transmitting the second access code from the access
`
`30
`
`code management
`
`system to
`
`a
`
`selected one
`
`of
`
`electronic key device and the lock control unit,
`
`the
`
`the
`
`access codes do not need to be stored in the electronic
`
`key device and storage space in the electronic key device
`
`7
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`may be saved.
`
`It
`
`is another advantage of
`
`the invention
`
`that
`
`the use of
`
`access
`
`codes may be
`
`supervised and
`
`tracked by a central access code management system.
`
`When the method further comprises the step of storing a
`
`plurality of access codes for a plurality of respective
`
`locations in the second storage means, one electronic key
`
`device may be used for a plurality of
`
`locations without
`
`reducing the level of security.
`
`When the method further comprises the step of storing a
`
`10
`
`plurality of valid access
`
`codes
`
`corresponding to a
`
`plurality of
`
`respective
`
`access
`
`rights
`
`in the
`
`first
`
`storage means, different
`
`types of access rights may be
`
`provided via the same lock control unit. This may include
`
`different
`
`security
`
`levels
`
`or
`
`different
`
`types
`
`of
`
`15
`
`interaction or access at the location.
`
`When the method further comprises the step of storing in
`
`a
`
`third storage means
`
`information about
`
`attempts
`
`to
`
`access the location,
`
`a high degree of visibility about
`
`the access codes may be provided as well as
`the use of
`the basis for additional services.
`
`20
`
`When
`
`the
`
`access
`
`right
`
`comprises
`
`a
`
`first
`
`attribute
`
`specifying a property of
`
`the predetermined access right,
`
`and wherein the first access code comprises information
`
`about
`
`the first attribute, access codes with additional
`
`25
`
`functionality,
`
`such as
`
`self-destructive access
`
`codes,
`
`etc., may be generated.
`
`In
`
`a
`
`preferred
`
`embodiment
`
`of
`
`the
`
`invention
`
`the
`
`predetermined access right has a validity period and the
`
`first
`
`access
`
`code
`
`comprises
`
`information
`
`about’
`
`the
`
`30
`
`validity period.
`
`8
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`When
`
`the method
`
`further
`
`comprises
`
`the
`
`step
`
`of
`
`invalidating the first access code, an access code may be
`
`replaced by a new access code,
`
`for example in cases of
`
`misuse or loss of an electronic key device.
`
`As mentioned above the invention further relates to an
`
`access
`
`control
`
`system for
`
`controlling access
`
`to
`
`a
`
`location being secured by a
`
`lock mechanism,
`
`the access
`
`control system comprising
`
`an electronic key device including first storage means
`
`10
`
`adapted to store data items
`
`identifying a plurality of
`
`predetermined access rights, and first transmitting means
`
`adapted to transmit a first control signal
`
`indicative of
`
`a request
`
`for granting a requested one of
`
`the plurality
`
`of predetermined access rights; and
`
`15
`
`a
`
`lock control unit
`
`including first
`
`receiving means
`
`adapted to receive a second control signal
`
`indicative of
`
`a reguest for granting the requested access right, first
`
`processing means adapted to perform a verification of the
`
`received request,
`
`and control means adapted to initiate
`
`20
`
`operating the lock mechanism depending on the result of
`the verification.
`
`As
`
`the
`
`above
`
`system and
`
`its preferred embodiments
`
`correspond to the method and its preferred embodiments
`
`described above
`
`and
`
`in the
`
`following,
`
`and
`
`since
`
`it
`
`25
`
`comprises
`
`corresponding advantages,
`
`not all of
`
`these
`
`advantages will be described again.
`
`When
`
`the electronic key device further comprises first
`
`input means
`
`for
`
`receiving
`
`data
`
`items
`
`identifying
`
`predetermined access rights,
`
`a plurality of access codes
`
`30
`
`for
`
`a plurality of
`
`locations or access
`
`rights may be
`
`input, edited,
`
`rearranged, or the like.
`
`9
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`When the electronic key device further comprises second
`input means for receiving data items input by a user,
`the
`data
`items
`identifying predetermined
`access
`rights,
`
`access codes may be input by the user.
`
`When
`
`the electronic key device further comprises
`
`third
`
`from a user
`input
`receive
`to
`adapted
`input means
`indicating a selection of a first one of the plurality of
`access
`rights
`stored in the first
`storage means;
`and
`
`least
`for displaying information about at
`display means
`one of the plurality of access rights stored in the first
`
`10
`
`a user interface is provided to the user
`storage means,
`for selecting a desired access right
`from a plurality of
`
`stored access rights.
`
`When
`
`the data items stored in the first storage means
`
`15
`
`rights,
`for predetermined access
`comprise access codes
`the lock control unit may compare received access codes
`
`with a plurality of stored access codes.
`
`in a preferred embodiment of the invention
`Consequently,
`a selected one of
`the first and second control signals
`
`20
`
`comprises a first access code for
`
`the requested access
`
`right.
`
`25
`
`In a
`
`further preferred embodiment of
`
`the invention the
`
`lock control unit further comprises second storage means
`adapted to store a plurality of data items corresponding
`to
`a
`plurality
`of
`access
`codes
`for
`respective
`predetermined
`access
`rights;
`and wherein
`the
`first
`processing means
`is adapted, upon receipt of
`the second
`control signal,
`to compare the first access code received
`via the second control signal with at
`least one of
`the
`
`30
`
`plurality of access codes stored in the second storage
`means.
`
`10
`
`10
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`It
`
`is an advantage of
`
`the invention that it provides a
`
`high level of security.
`
`In yet another preferred embodiment of the invention the
`
`electronic
`
`key
`
`device
`
`is
`
`a portable
`
`communications
`
`device.
`
`When the first receiving means is adapted to receive the
`
`first control signal,
`
`the first control signal indicative
`
`of
`
`the request
`
`for granting the requested access right
`
`may
`
`be
`
`transmitted directly from the electronic key
`
`10
`
`device to the lock control unit.
`
`In yet another preferred embodiment of the invention the
`
`first control signal
`
`is a wireless data communications
`
`signal.
`
`In yet another preferred embodiment of the invention the
`
`15
`
`first
`
`transmitting means
`
`is an infrared communications
`
`port.
`
`When the lock control unit further comprises fourth input
`
`means
`
`for
`
`receiving data items corresponding to access
`
`codes granting predetermined access rights, access codes
`
`20
`
`and other related data corresponding to a plurality of
`
`access
`
`rights,
`
`such as different security levels,
`
`time
`
`constraints, etc. may be stored and easily changed in the
`
`lock control unit.
`
`When the lock control unit further comprises fifth input
`
`25
`
`means for receiving data items input by a user,
`
`the data
`
`items
`
`corresponding
`
`to
`
`access
`
`codes
`
`granting
`
`predetermined access
`
`rights,
`
`an
`
`authorised user may
`
`input, edit, or delete access codes stored in the lock
`
`control unit, possibly after providing a password or
`
`30
`
`another security verification.
`
`11
`
`11
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`Alternatively or additionally, when the system further
`
`comprises computer means including
`
`third storage means adapted to store a plurality of data
`
`items corresponding to respective predetermined access
`
`rights and including respective access codes;
`
`first communications means adapted to transmit at
`
`least
`
`one access code to a selected one of
`
`the electronic key
`
`device and the lock control unit; and
`
`the selected one of
`
`the electronic key device and the
`
`10
`
`lock control unit further comprises second communications
`
`means adapted to receive the transmitted at
`
`least one
`
`access
`
`code,
`
`access
`
`codes may be
`
`transmitted from a
`
`central access code management system. This may be done
`
`in response to a specific request for an access right or
`
`15
`
`in order
`
`to store one or more
`
`access
`
`codes
`
`in the
`
`electronic key device or in the lock control unit.
`
`In yet another preferred embodiment of
`
`the invention a
`
`selected one of
`
`the electronic key device and the lock
`
`control unit further comprises third communications means
`
`20
`
`for transmitting,
`
`to the computer means,
`
`an information
`
`signal
`
`indicative of
`
`information about
`
`the corresponding
`
`transmitted
`
`or
`
`received
`
`request
`
`for
`
`granting
`
`the
`
`requested access right.
`
`It
`
`is an advantage of
`
`the invention that
`
`information
`
`25
`
`about electronic key devices, access codes, access right
`
`grantees,
`
`the use of access codes, etc, may be acquired
`
`and maintained at
`
`a central service to provide optimal
`
`transparency and security to the access right owner.
`
`In a preferred embodiment of
`
`the invention the first
`
`30
`
`communications means
`
`is
`
`adapted to transmit
`
`a
`
`third
`
`12
`
`12
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`control
`
`signal
`
`to the
`
`lock
`
`control unit
`
`initiating
`
`invalidation of at least one access code.
`
`In a preferred embodiment of the invention the requested
`
`access
`
`right comprises
`
`a first attribute specifying a
`
`property of
`
`the requested access right,
`
`and wherein the
`
`first access code comprises information about
`
`the first
`
`attribute.
`
`In a preferred embodiment of the invention the requested
`
`access right has a validity period, and the first access
`
`10
`
`code comprises information about
`
`the validity period.
`
`The invention further relates to a lock control unit for
`
`use in a
`
`system described above and in the following,
`
`wherein the lock control unit comprises
`
`first receiving means adapted to receive a control signal
`
`indicative of a request
`
`for granting a requested access
`
`right,
`
`first processing means
`
`adapted to perform a
`
`verification of
`
`the received request,
`
`and control means
`
`adapted to initiate operating a lock mechanism depending
`
`on the result of the verification.
`
`The invention further relates to an electronic key device
`
`for use in a system described above and in the following,
`
`wherein the electronic key device comprises
`
`15
`
`20
`
`first
`
`storage means
`
`adapted
`
`to
`
`store
`
`data
`
`items
`
`identifying a plurality of predetermined access rights,
`
`25
`
`and first transmitting means adapted to transmit a first
`
`control
`
`signal
`
`indicative of
`
`a
`
`request
`
`for granting a
`
`requested one of
`
`the plurality of predetermined access
`
`rights.
`
`The
`
`invention further
`
`relates
`
`to a
`
`removable
`
`storage
`
`30
`
`module
`
`for use
`
`in an electronic key device described
`
`above and in the following, wherein the removable storage
`
`13
`
`13
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`module
`
`is
`
`adapted to store data items
`
`identifying a
`
`plurality of predetermined access rights.
`
`In a preferred embodiment of the invention,
`
`the removable
`
`storage module further comprises second processing means
`
`adapted
`
`to
`
`initiate
`
`transmitting
`
`a
`
`control
`
`signal
`
`indicative of
`
`a
`
`request
`
`for granting a selected one of
`
`the plurality of predetermined access rights.
`
`The
`
`invention further relates to a computer
`
`system for
`
`use with a system described above and in the following,
`
`10
`
`wherein the computer system comprises
`
`fourth storage means adapted to store a plurality of data
`
`items corresponding to respective access codes indicative
`
`of predetermined access rights;
`
`third processing means
`
`adapted to generate
`
`a
`
`second
`
`access code indicative of a first access right;
`
`fourth communications means
`
`adapted to transmit
`
`the
`
`second access code to a selected one of
`
`the electronic
`
`key device and the lock control unit.
`
`In a preferred embodiment of
`
`the invention the fourth
`
`processing means
`
`is adapted to generate a
`
`third access
`
`code,
`
`different
`
`from
`
`the
`
`second
`
`access
`
`code,
`
`corresponding to the first access right;
`
`15
`
`20
`
`the fourth communications means
`
`is adapted to transmit
`
`25
`
`the third access code to the lock control unit; and
`
`the fourth communications means is adapted to transmit a
`
`fourth control signal
`
`to the lock control unit initiating
`
`invalidation of the second access code.
`
`In a
`
`further preferred embodiment of
`
`the invention the
`
`30
`
`fourth
`
`processing means
`
`is
`
`adapted
`
`Lo
`
`initiate
`
`14
`
`14
`
`
`
`WO 01/40605
`
`- 14 -
`
`PCT/DK00/00655
`
`invalidation of
`
`the second access code and generating a
`
`third access
`
`code,
`
`corresponding to the first access
`
`right
`
`and different
`
`from the second access code,
`
`upon
`
`request
`
`from a user.
`
`In another preferred embodiment of
`
`the invention,
`
`the
`
`fourth
`
`processing means
`
`is
`
`adapted
`
`to
`
`initiate
`
`invalidation of the second access code and generation of
`
`a fourth access code, corresponding to the first access
`
`right
`
`and different
`
`from the
`
`second access
`
`code,
`
`in
`
`10
`
`predetermined time intervals.
`
`The
`
`invention further relates to a method for using an
`
`access
`
`control
`
`system described
`
`above
`
`and
`
`in
`
`the
`
`following for managing a predetermined access right
`
`to a
`
`location,
`
`the access right being owned by an access right
`
`15
`
`owner and to be granted to an access right grantee,
`
`the
`
`method comprising the steps of
`
`generating a first access code indicative of
`
`the access
`
`right;
`
`transferring the first access
`
`code
`
`to a
`
`lock control
`
`20
`
`unit,
`
`the control unit being adapted to control access to
`
`the location;
`
`transferring a
`
`second access code to an electronic key
`
`device;
`
`acquiring information data about
`
`the use of
`
`a selected
`
`29
`
`one of the first and second access codes;
`
`providing at
`
`least one additional service based on the
`
`acquired information data to a selected one of the access
`
`right owner and the access right grantee.
`
`15
`
`15
`
`
`
`WO 01/40605
`
`- 15 -
`
`PCT/DK00/00655
`
`The
`
`invention will
`
`be explained more
`
`fully below in
`
`connection with preferred embodiments and with reference
`
`to the drawings,
`
`in which:
`
`fig.
`
`la-b show data flow diagrams of
`
`two embodiments of
`
`the access code management according to the invention;
`
`fig. 2a-c show block diagrams of
`
`three embodiments of a
`
`system for controlling access to a location according to
`
`the invention;
`
`fig.
`
`3 shows a flow diagram of the access code management
`
`10
`
`process according to an embodiment of the invention;
`
`fig.
`
`4 shows an example of an access code according to an
`
`embodiment of the invention;
`
`fig. Sa-b show embodiments of an electronic key device
`
`according to the invention;
`
`15
`
`fig. 6a-c show flow diagrams of three embodiments of the
`
`access control process according to the invention;
`
`fig.
`
`Ja-e
`
`show
`
`data
`
`flow diagrams
`
`of
`
`different
`
`embodiments of
`
`the access control process according to
`
`the invention;
`
`20
`
`25
`
`fig. 8a-b show block diagrams of two embodiments of
`
`the
`
`software components of the access code management system
`
`according to the invention.
`
`Fig.
`
`la shows
`
`the principle of
`
`an embodiment of
`
`the
`
`invention using the delivery of newspapers as an example.
`
`The invention is, however, not restricted to the delivery
`
`of newspapers.
`
`If,
`
`in the first instance,
`
`it is imagined
`
`that the invention is worked by a single company, fig.
`
`la
`
`may be explained as follows:
`
`16
`
`16
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`A newspaper company 5 has a number of subscribers who are
`
`to have
`
`their newspaper delivered to their
`
`respective
`
`residence.
`
`Information on
`
`the
`
`subscribers
`
`and
`
`their
`
`electronic access codes are kept
`
`in a database at
`
`the
`
`newspaper company 5. The information may be transferred
`
`from this database to a number of electronic key devices,
`
`such as mobile phones 2. A newspaper delivery man 1 may
`
`receive the information relevant
`
`for the subscribers on
`
`his route as a printed list including the access codes.
`
`The newspaper delivery man 1 may then enter the access
`
`codes into his mobile phone 2, preferably via the keypad
`
`of
`
`the mobile phone 2. Preferably,
`
`the access codes are
`
`stored on the SIM card of
`
`the mobile phone 2,
`
`and they
`
`may be entered in a special order which fits the delivery
`
`of goods
`
`and services,
`
`such as delivery of newspapers
`
`along a predetermined route. With this mobile phone 2,
`
`the delivery man 1 can get access to a locked stairway in
`
`a building when the mobile phone 2
`
`is provided with the
`
`correct electronic access code information, which may be
`
`transmitted electronically from the mobile phone 2
`
`to a
`
`lock 3 at
`
`the door
`
`to the residence. The
`
`lock 3
`
`is
`
`adapted to receive the signals from the mobile phone 2
`
`and to cause the door
`
`to be unlocked. The valid access
`
`10
`
`15
`
`20
`
`codes may be manually entered into the lock,
`
`for example
`
`25
`
`by service staff
`
`4
`
`receiving a printed list of valid
`
`access
`
`codes
`
`and
`
`their
`
`corresponding locks
`
`from the
`
`newspaper company 5. The service staff 4 may enter
`
`the
`
`access codes into the lock 3 via a keypad, dip switches
`
`or
`
`the like. As
`
`an additional advantage of
`
`the system
`
`30
`
`according to
`
`this
`
`embodiment
`
`of
`
`the
`
`invention,
`
`the
`
`newspaper company 5 can see whether
`
`the delivery man 1
`
`has unlocked the door to the stairway, e.g.
`
`in the event
`
`of a complaint of non-delivery of the newspaper.
`
`The electronic key device
`
`of
`
`the
`
`invention and
`
`the
`
`35
`
`associated
`
`management
`
`of
`
`electronic
`
`access
`
`code
`
`17
`
`17
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`information, however, may also form the basis for several
`
`different companies.
`
`Again taking newspapers
`
`as
`
`an
`
`example,
`
`the different
`
`roles of the various companies and the corresponding data
`flow are described with reference to fig.
`lb. The first
`company involved may be the one that prints and delivers
`
`the newspaper and,
`therefore,
`it requires access to the
`subscriber's residence. As an access right grantee 153,
`the first company receives access codes
`from the access
`
`a second company, organisation or
`code administrator 151,
`person, who manages the electronic key system and who may
`
`operate as
`
`a
`
`service provider
`
`for
`
`the delivery of
`
`a
`
`number of different goods and services. The administrator
`
`151 also transfers the access codes to the lock control
`
`units 121 which control
`
`the locks
`
`in the subscriber’s
`
`151 may also supply the
`The administrator
`residence.
`access right grantee 153 with the electronic key devices
`and, possibly, other necessary physical as well as non-
`
`physical
`
`tools, by which,
`
`for example,
`
`the access right
`
`owner 152 may be able to administer both the lock control
`
`units
`
`121
`
`and the electronic key devices
`
`and access
`
`codes. This may happen under control of the administrator
`
`third company may
`a
`151. Alternatively or additionally,
`be involved, which owns electronic key devices, or which
`
`code
`transmitting access
`network operator
`a
`be
`may
`information to mobile telephones used as
`an electronic
`
`key device. A fourth company may own the building or have
`a business agreement with the owner of
`the building to
`administer access to the building,
`and thus the fourth
`
`company may be the access
`
`right owner 152, who agrees
`
`with the administrator 151 about
`
`the installation of the
`
`lock control unit 121,
`
`and who defines the respective
`
`access rights for the different access right holders 153.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`The
`electronic
`control unit
`installed by the administrator
`
`121 may
`be
`owned
`151,
`the access
`
`and
`right
`
`18
`
`18
`
`
`
`WO 01/40605
`
`PCT/DK00/00655
`
`owner
`
`152,
`
`the
`
`access
`
`right grantee
`
`153 or
`
`a
`
`fifth
`
`company. The administrator
`
`151 may also provide value
`
`added services,
`
`such as performance statistics to the
`
`access right grantee 153 or
`
`the access right owner 152,
`
`based on access data acquired from the lock control unit
`
`121.
`
`These
`
`services may
`
`be
`
`self-service
`
`functions,
`
`physical services,
`
`time and material services or plain
`
`information services.
`
`The invention thus means that
`
`the use of modern technol-
`
`10
`
`ogy can form the basis for new service companies that can
`
`make the delivery of goods and services more efficient,
`
`and which can guarantee the necessary security systems
`
`which the consumers will demand from an electronic key
`
`according to the invention.
`
`15
`
`20
`
`25
`
`30
`
`It will be appreciated that the electronic key according
`
`to the invention may be supplemented with much other in-
`
`formation that may be related to the use of
`
`the elec-
`
`tronic key. For ex