EP2282297A1 - Security system to control the opening of locking devices using encoded acoustic verifications - Google Patents

Abstract

The system has a transmitting unit for securely transmitting encrypted acoustic accreditations to a mobile phone (20) of an authorized user (18) via a mobile network operator (16). An electroacoustic transducer i.e. microphone (46), senses encrypted acoustic accreditations, and is reproduced by the telephone placed near a lock device (22). A recognizing, analyzing, and authenticating unit for recognizing, analyzing, and authenticating the sensed accreditations, and an electromechanical system controls the unlocking of a handle or a bolt, upon recognizing a compliant accreditation.

Description

The invention relates to locks controlled by means of a dematerialized and encrypted key, this key being conveyed by a portable object held by the user.

The portable object, when approached from the lock, acts as a key for controlling the opening of the lock by means of a numerical data, hereinafter referred to as "certificate" (credential). The accreditation can be protected by implementing various coding and encryption techniques implemented in the lock and / or in the portable object, and to protect the lock and the portable object against fraudulent manipulations, and to secure communication between these two elements.

Many card systems or badges with microcircuit are known, implementing a non-galvanic wireless coupling with the lock, generally an induction coupling. This coupling ensures a bidirectional communication between lock and badge, allowing the lock to read in the memory of the badge accreditation data and order the opening if this data is recognized as compliant.

One of the disadvantages of this technique is the need to have a specific portable object, which must be given to the user and that it must keep with him.

This also results in the multiplication of portable objects, each corresponding to a different lock (home, office, building door, garage, etc.), which ultimately makes the whole inconvenient and subject to the risk of forgetting.

In addition, the system is a fixed system, since if you want to update the authorizations, delete existing authorizations or create new ones, you must either exchange the portable object or update the memory of the latter by means of a protocol and / or a specific reader, always requiring physical manipulation and movement.

A recently developed technique consists in using instead of a dedicated badge a mobile phone equipped with a Near Field Communication (NFC) chip and an NFC antenna, the UICC card ("SIM card"). the phone being used as a security element. Putting the phone into communication with a management site makes it easy to modify the accreditations stored in the phone or SIM card, to carry out online checks, to modify security features or to download new ones, etc.

The major disadvantage of this technique is that it requires a telephone specially equipped to implement the NFC technology. These technologies exist and are fully developed, but today we find a very small fleet of devices, preventing any rapid generalization of the system.

One of the aims of the invention is to propose a lock management and control technique having a maximum level of security, a very great flexibility of implementation, and which can be used with any conventional mobile phone, not necessarily equipped with NFC circuits, in other words a technique that can be used with a pre-existing telephone, without the user having to change his device for an NFC model, and without the use of an additional portable object such as badge or card.

The system of the invention can thus be immediately generalizable to the greatest number, usable by anyone from a standard model phone, unmodified, but enjoying all the security and flexibility of cryptographic techniques modern.

The principle of the invention is based on the use of encrypted acoustic accreditations. These acoustic accreditations are for example in the form of a coded series of tones (DTMF tones or other), emitted by the speaker of a transmitting device and picked up by the microphone of a receiving device.

In the case of the invention, these encrypted acoustic accreditations are "downward" accreditations, that is to say they come from a remote management site, and transmitted to the mobile phone of the user by the network. of the telephony operator. To use the accreditation, the user approaches his phone from the lock and triggers the emission of the series of tones corresponding to the acoustic accreditation encrypted by the speaker of his phone, so that these tones can be captured by a microphone incorporated or coupled to the lock. The latter decodes the accreditation, verifies it and, in case of conformity, unlocks the mechanical parts.

The use of acoustic accreditations is not in itself new, it has already been proposed in other contexts and for other applications, for example by the WO 2008/107595 A2 (Tagattitude).

This document describes a technique for securing logical access to a computer network by a remote terminal, for example by a computer connected to this network via the Internet. The user connects to the network with his computer, simultaneously lights his mobile phone, and calls through it a control site interfaced with the network to which access is requested. To verify the user's authorization, the network sends a sound signal (Acoustic Accreditation) to the remote computer that has just connected, a signal that is reproduced by the speaker of the computer. The user having placed his telephone in front of this loudspeaker, this sound signal is picked up by the telephone, transmitted to the remote control site via the mobile telephone network operator and "listened to" by the control site, who can then check accreditation and authorize access to the computer network by the terminal. Note that in this case it is a "rising" accreditation: the acoustic accreditation is captured by the microphone of the phone which retransmits it to the control site. Knowing the origin of the telephone call, the control site can identify the user through the mobile phone used for this operation, and thus allow logical access to the network by the terminal located near the identified phone.

More specifically, the present invention relates to a secure locking device opening control system, comprising in a manner known per se: at least one lock device provided with electronic circuits for controlling mechanical locking / unlocking members ; a mobile phone available to a user authorized to open the lock device; a remote management site; and a mobile network operator, coupled to the management site and the mobile phone.

In a manner that is characteristic of the invention, the remote management site comprises a database of lock devices and authorized users, with for each user a unique identifier associated with a number mobile phone, and data of access rights and conditions of use, and an accreditation data generator, the accreditations being encrypted acoustic accreditations in the form of single-use audio signals, suitable for opening lock devices listed in the database. Moreover: the system comprises means for securely transmitting said credentials of the management site to the mobile telephone of the corresponding authorized user; the telephone comprises an electro-acoustic transducer capable of reproducing said acoustic accreditations; the lock device comprises an electro-acoustic transducer adapted to capture the acoustic accreditations reproduced by the telephone transducer previously placed close to the lock device; and the lock device comprises means for recognizing, analyzing and authenticating the acoustic accreditations picked up by the transducer, and controlling the unlocking of the mechanical members on recognition of a conforming accreditation.

In a first embodiment, the system comprises means, on sending a request by the mobile phone to the management site, to: verify the authorization of the user in the site database; generate acoustic accreditation by the site generator; and transmit this accreditation to the telephone, for direct reproduction by the transducer thereof previously placed near the transducer of the lock device.

In a second form of implementation, the system comprises means, on sending a request by the mobile phone to the management site, to: verify the authorization of the user in the site database; generate at least one acoustic accreditation by the site generator; transmit on the phone this accreditation, or these accreditations, by implementing an internal applet of the telephone capable of executing the download and storage in a memory of the phone; then, in a second step, activate the internal applet for reproduction of the accreditation, or one of the accreditations, by the telephone transducer previously placed near the transducer of the lock device.

In a third embodiment, the telephone comprises an internal applet forming, in combination with a cryptographic key, a cryptographic generator, and the accreditation data transmitted by the remote site to the telephone is said cryptographic key, so as to allow, on command of the user, the generation of acoustic accreditation by the inner applet and its reproduction by the transducer thereof previously placed near the transducer of the lock device.

In the latter case, the cryptographic key, and possibly the applet, may be stored in a memory of a secure microcircuit card of the telephone, and the system may further include means for conditioning the generation of acoustic accreditation by the internal appletette phone to update by the remote site, or the mobile network operator, validation data necessary for the applet can continue to operate said generation.

In a fourth form of implementation, the system comprises means, on sending a request by the mobile phone to the management site, or the initiative of the management site, to: verify the authorization of the user in the database ; generate at least one acoustic accreditation and convert this accreditation, or these accreditations, into an audio file; transmit this audio file to the phone for download and storage in a phone memory; then, in a second step, to reproduce the audio file by the transducer of the telephone previously placed near the transducer of the lock device.

• dans le cas des première et quatrième formes de mise en oeuvre précitées, le système comprend en outre des moyens pour générer automatiquement ladite requête à partir d'un seuil prédéfini d'accréditations restant mémorisées dans le téléphone, afin d'opérer un rechargement de la mémoire du téléphone par de nouvelles accréditations ;
• le système comprend en outre des moyens pour conditionner la reproduction de l'accréditation acoustique par le transducteur du téléphone à la présentation préalable d'une donnée personnelle de validation délivrée par l'utilisateur au téléphone ;
• le dispositif de serrure comprend un transducteur électro-acoustique apte à reproduire des signaux acoustiques en retour, générés par le dispositif de serrure et codés par des données d'état ou d'historique propres au dispositif de serrure ; et le téléphone comprend un transducteur électro-acoustique apte à capter lesdits signaux en retour ;
• dans ce dernier cas, le téléphone peut comprendre en outre des moyens pour décoder lesdits signaux en retour et afficher le cas échéant à destination de l'utilisateur un message d'alerte fonction desdites données d'état ou d'historique propres au dispositif de serrure, et/ou comprendre des moyens pour transmettre au site gestionnaire lesdits signaux en retour avec lesdites données d'état ou d'historique propres au dispositif de serrure ;
• lorsque l'utilisateur est habilité pour une pluralité de dispositifs de serrure différents, le téléphone est apte à reproduire en une salve unique une pluralité d'accréditations, ladite salve contenant une accréditation correspondant à chacune des dispositifs de serrure pour lesquelles l'utilisateur est habilité ;
• le téléphone comprend en outre une commande rapide d'obtention et/ou de reproduction de l'accréditation par appui sur un bouton dédié du téléphone, ou par activation d'une icône spécifique d'une surface tactile du téléphone ;
• le système est également apte à commander l'activation/désactivation d'une installation d'alarme sur reconnaissance d'une accréditation conforme.

According to various advantageous subsidiary features:

• in the case of the aforementioned first and fourth embodiments, the system further comprises means for automatically generating said request from a predefined threshold of accreditations remaining stored in the telephone, in order to operate a reloading of the phone memory by new accreditations;
• the system further comprises means for conditioning the reproduction of the acoustic accreditation by the telephone transducer to the prior presentation of a personal validation data delivered by the user on the telephone;
• the lock device comprises an electro-acoustic transducer adapted to reproduce acoustic feedback signals generated by the lock device and encoded by state or history data specific to the lock device; and the telephone comprises an electro-acoustic transducer capable of sensing said return signals;
• in the latter case, the telephone may furthermore comprise means for decoding said return signals and display, if appropriate, for the user an alert message according to said state or history data specific to the lock device , and / or comprise means for transmitting to the management site said return signals with said state or history data specific to the lock device;
• when the user is authorized for a plurality of different lock devices, the telephone is adapted to reproduce in a single burst a plurality of accreditations, said burst containing an accreditation corresponding to each of the lock devices for which the user is authorized ;
• the telephone further comprises a quick command to obtain and / or reproduce the accreditation by pressing a dedicated button on the phone, or by activating a specific icon of a touch surface of the phone;
• the system is also able to control the activation / deactivation of an alarm installation on recognition of a conforming accreditation.

• La Figure 1 illustre de façon schématique les principaux éléments contribuant au fonctionnement du système selon l'invention.
• La Figure 2 illustre plus précisément, sous forme de schéma par blocs, les principaux organes constitutifs du téléphone mobile et de la serrure avec laquelle ce dernier est couplé.
• La Figure 3 illustre la manière d'appliquer l'invention à la gestion d'un ensemble de chambres d'hôtel, de façon entièrement automatique et sans qu'il y ait besoin de distribuer aux clients des cartes, badges ou clés.

Various embodiments of the invention will now be described with reference to the appended drawings in which the same reference numerals designate identical or functionally similar elements from one figure to another.

• The Figure 1 schematically illustrates the main elements contributing to the operation of the system according to the invention.
• The Figure 2 illustrates more precisely, in block diagram form, the main components of the mobile phone and the lock with which it is coupled.
• The Figure 3 illustrates how to apply the invention to the management of a set of hotel rooms, fully automatically and without the need to distribute to customers cards, badges or keys.

The principle of implementation of the invention will be explained with reference to Figures 1 and 2 .

One of the essential elements of the invention is a secure management site 10 centralizing in a database DB 12 information to identify and identify a number of lock devices and authorized users for each of these devices locks. For each user, the database lists a unique mobile phone number associated with this user, as well as access right data and conditions of use (access reserved for certain days or certain time slots, expiry date right of access, etc.). Each lock, on the other hand, is listed using a Unique IDentifier (UID), which is uniquely assigned.

The management site 10 also comprises a cryptographic engine forming a generator 14 of accreditation data.

Typically of the invention, the "accreditation data" (credentials) are encrypted acoustic accreditations shaped disposable audio signals, for example (but not limited to) made of a series of DTMF tones double . These audio signals are designed so that they can be carried by the audio transmission channels (voice channel) of a mobile telephone network after scanning.

The management site 10 is coupled to a network of a mobile telephone operator or MNO ( Mobile Network Operator ) via a PGW ( Phone GateWay ) audio telephone gateway and a secure link, for example an IP link. https type .

The mobile telephone network 16 is used conventionally by its various subscribers, each user 18 being in possession of a mobile phone 20 of his own, individualized by the information of the SIM card contained in the telephone set or by a other element unique if the phone operates without a SIM card. Thus, when he uses his personal mobile phone, a user is recognized and identified by the network 16 by means of his subscriber number, and therefore in the same way by the management site 10.

Securing the link between the mobile network 16 and the mobile phone 20 can be operated via a trusted service provider or TSM ( Trusted Service Manager ), able to ensure efficiently and safely the various procedures that description will be exchange or downloading of information between the management site 10 and the mobile phone 20 via the mobile network operator 16.

In the case of a key materialized by a medium such as a card or a badge, a significant part of the security is ensured by the physical delivery of this object to the legitimate user, in the same way that the delivery of a set of keys. In contrast, in the context of the invention, the object used is a mobile phone, so a trivialized object. But it is recognized and authenticated by the SIM card it contains (or by another single element) and which, above all, identifies the user via his phone number (subscriber number). The management site 10 can thus identify a telephone to which it has been connected via the mobile network operator 16 as being that of the authorized user 18, listed in its database 12.

The basic principle of the invention is to reproduce by the speaker of the mobile telephone 20, as an audio signal, the encrypted acoustic accreditation generated by the cryptographic generator 14 and transmitted as a voice signal via the PGW gateway and the mobile network operator 16.

This accreditation reproduced by the mobile telephone 20 is intended to be picked up by a microphone of a lock device 22 so as to control the opening of this lock device.

By "lock device" is meant not only a lock stricto sensu, that is to say a mechanism placed for example on a door to condemn the opening, but also any device to achieve a comparable result, for example a lock barrel considered in isolation, or a more specific locking device comprising various members not grouped in the same lock box, the final goal being to obtain the conviction by mechanical means of physical access to a given place or space, and access to this place or space by unlocking the lock device, on the order of a user, after verification that this user has access rights (i) that are specific to him and (ii) that are specific to the lock device.

For simplicity of description, we will speak later simply "lock", but this term must be understood in its broadest sense, without any restrictive character to a particular type of equipment.

The Figure 2 illustrates, in block diagram form, the main organs of the mobile telephone 20 and the lock 22.

The telephone 20 comprises a microcontroller 24 coupled to various peripheral devices such as transmission / reception circuit 26, display 28, keyboard 30, data memory 32, UICC card ( Universal Integrated Circuit Card, corresponding to the "SIM card" for GSM telephony functions) 34, and acoustic transducer 36.

The lock 22, meanwhile, comprises a microcontroller 38 and an electromechanical system 40 for controlling the unlocking of a bolt or handle 42 by order of the microcontroller 38. The lock has its own means of supply under form of a battery 44, so as to make it electrically autonomous. An external power supply is nevertheless possible

The lock 22 is furthermore individualized by means of a unique identifier UID ( Unique IDentifier ), which is a programmable identifier, listed in the database 12 of the management site 10, making it possible to recognize this or that lock between all, so as to unique.

Characteristically, the lock 22 is further provided with an acoustic transducer in the form of a microphone 46 making it possible to pick up the surrounding sound signals, in particular the acoustic accreditation which will be reproduced by the loudspeaker 36 of the telephone 20, and transforming the acoustic signals captured into electrical signals applied to the microcontroller 38 for decoding, checking, and possibly controlling the unlocking of the mechanical members 40.

Modes of implementing the invention

Several procedures will now be described for the implementation of the invention with the various elements of the system that has just been described.

The primary object of the invention is to allow the user 18 to reproduce by means of the speaker 36 (primary speaker or secondary speaker, in "conference" mode) of his mobile phone 20 Acoustic Accreditation encrypted generated by the remote site 10.

For this, the user places his mobile phone 20 near the microphone 46 of the lock 22 he wishes to unlock and triggers the transmission, in the form of a sound signal, the acoustic accreditation. This latter, picked up by the microphone 46 of the lock, will be analyzed by the microcontroller 38 which, in the event of compliance, will control the unlocking of the mechanical members 40.

This is to allow the user, holder of the number of the mobile phone 20 known from the database 12, to prove to the lock 22, also known from the same database 12, that it has the same identity that it proclaims, and that it enjoys the rights of access allowing the opening of this lock. The reproduced sound signal thus constitutes a proof of the user's identity and of his opening rights, hence the terminology "acoustic accreditation". This acoustic accreditation is furthermore encrypted (by cryptographic means in themselves known), and for single use in order to avoid any fraud, particularly by duplication, since it would be very easy to record the acoustic signal and then reproduce it. at will.

1 °) Online mode (direct issue of accreditation)

When he wishes to obtain the opening of the lock 22 in front of which it is located, the user 18 comes into contact with the management site 10 by any appropriate means. This can be achieved by calling a phone number, or sending a message (SMS, MMS, e-mail, instant messaging, etc.) to the server, which will call back the user's phone for issue the authorization in the form of encrypted acoustic accreditation. The transmission of this accreditation is executed immediately and directly. Acoustic accreditation can also be transmitted by a "call back" method: in this case, the user makes telephone contact with the management site, which does not answer him immediately, but after hanging up rings the call back. mobile phone 20 for the user to establish contact with the site again, and it is at this time that acoustic accreditation is issued. In this embodiment, regardless of how the user comes into contact with the remote site, it delivers acoustic accreditation directly to the user, "online", without intermediate storage. This embodiment is particularly simple to implement, since it is sufficient to use the existing infrastructure, without prior adaptation of the phone, including without any need to load an applet or applet, including midlet or cardlet type . The invention can thus be implemented with any type of mobile phone, even very simple, and without any prior intervention on it. Another advantage is the ability to check in real time the validity of the accreditation, for example with the possibility of immediately taking into account a "blacklist" of users or locks. It will be noted in particular that, if the lock is an autonomous lock and independent as is most often the case, it would not be possible to obtain an exchange of information between the server and the lock through the latter.

Moreover, thanks to this online mode, it is possible to have at the managerial site a large amount of information on the use made of acoustic accreditation, including the date and time of use. , and possibly the geographical location of the user (by identification of the cell of the network from which the user calls).

On the other hand, this mode implies having access to the mobile network, which is not always possible (underground car parks, uncovered areas, etc.). On the other hand it does not in principle allow to have, at the user's choice, several accreditations corresponding to several possible locks, to the extent that it is necessary to have a "one for one" correspondence between accreditation and lock .

2 °) Semi-online mode (offline online mode with download)

This mode is usable in particular if access to the network is not assured at the time of use. In this case, the user connects in advance to the management site and receives from it a predetermined number of acoustic accreditations. These accreditations are stored securely in the phone or in a peripheral memory of the phone (for example an SD or MicroSD card).

When the user wants to reproduce an acoustic accreditation to open a lock, he launches an application integrated in his phone that searches for the first accreditation among those that have been stored, reproduces it to open the door, and removes it from memory. And so on to use the following accreditations.

The application allowing this implementation is an applet stored in the phone, previously sent to it by the mobile network operator, or by downloading to an external medium (SD or MicroSD card), or via a connection Internet. In the case of a download via the mobile network operator, the management site will have previously sent a message such as "push SMS" or "WAP push" to the phone, to identify the brand and model of this one and present to the user a link allowing the download of the applet.

When the provision of accreditations stored in the phone has been exhausted, or is running out, and the user is able to access the network again, this credential pool is reloaded for later use .

It is possible to benefit from the link to the network for, at the same time, to trace back to the management site a certain amount of information, including a dated history of the use of previous accreditations.

• attente de l'expiration des accréditations (chaque accréditation étant affectée d'une date limite d'utilisation) ;
• blocage de la fonction de rechargement pour ce téléphone ;
• envoi à la serrure, par le téléphone mobile d'un autre utilisateur, d'une accréditation spécifique de révocation, qui sera conservée dans la serrure pour empêcher le fonctionnement de celle-ci lorsque l'utilisateur révoqué tentera d'en obtenir l'ouverture ;
• programmation spécifique de la serrure, avec déplacement et intervention d'un administrateur qui supprimera les droits d'accès de l'utilisateur pour cette serrure.

To revoke a user, several solutions are possible:

• waiting for the expiry of accreditations (each accreditation having a deadline for use);
• blocking the reload function for this phone;
• sending to the lock, by the mobile phone of another user, a specific revocation accreditation, which will be kept in the lock to prevent the operation thereof when the user revoked will attempt to open it;
• specific programming of the lock, with moving and intervention of an administrator who will remove the access rights of the user for this lock.

3 °) Offline mode

In this embodiment, the acoustic accreditations are generated locally, by the telephone itself. For this purpose, the phone contains an applet or applet, including cardlet type (stored in the UICC card 34) or midlet (stored in the memory 32 of the telephone device). This applet is downloaded by any appropriate means, in the same way as that used in the previous implementation mode: download via the mobile operator, via the internet, etc., or preloaded in the phone to the acquisition of the one -this.

The management site 10 sends the telephone 20 an "accreditation data", which here is no longer the acoustic accreditation itself, but a cryptographic key, stored in the UICC card 34 for security reasons. This cryptographic key, combined with the applet, will constitute a cryptographic generator within the telephone 20. When it wishes to obtain the opening of a lock, the user controls the generation of acoustic accreditation by the applet internal and its reproduction by the transducer of his phone.

It should be noted incidentally that the storage in the UICC makes it possible to revoke the access rights of the user via the control performed by the mobile network on this UICC.

The security of the system can be enhanced by a process of validating the rights of the user by means of a validation bit in the UICC card. This validation bit may for example be sent by the network unsolicited and at regular intervals (or not). In a variant, the telephone may require the remote management site to send the validation bit when a certain number of predetermined conditions are met. In any case, if the validation bit is not obtained the user is immediately revoked.

• attente de l'expiration des accréditations ;
• envoi à la serrure par un tiers d'une accréditation spécifique de révocation ;
• déplacement d'un administrateur pour intervention sur la serrure et annulation des droits de l'utilisateur.

As in the previous case, other modes of revocation are possible:

• waiting for the expiry of accreditations;
• sending to the lock by a third party a specific revocation accreditation;
• removal of an administrator for intervention on the lock and cancellation of the rights of the user.

4 °) "Attachment" mode

This mode of implementation is a variant of the semi-in-line mode.

The difference is mainly because the accreditations are not sent by the voice channel of the mobile network, but in the form of a file attached to a message type email, MMS or IM.

The advantage of this solution is to use the means of downloading pre-existing files in the phone, especially with the phones with elaborate functions of the "smartphone" type, and this without the need to download a specific application beforehand , keep it in the phone and have it run by the time when it comes.

5 °) Mixed modes

Various adaptations and variations of the above modes can be envisaged.

Thus, it is possible to combine several modes between them, to deliver acoustic accreditation. For example, the system may require that the first opening of a lock by a given user is necessarily performed in a direct "on-line" mode, the following accesses may however be operated according to other modes, for example "semi- online "or" offline "

The system may also impose on the user that at a certain predetermined frequency (for example once on N ), the opening is necessarily performed in an "on-line" mode, the other uses being able to be performed by means of the other modes. .

6 °) Additional validation

• entrée d'un code personnel de type "PIN code" avant la délivrance de l'accréditation acoustique, soit à chaque utilisation, soit une fois sur N, soit à intervalles de temps réguliers ;
• validation de type biométrique, au moyen d'un lecteur biométrique incorporé au téléphone ou par un système de reconnaissance d'empreinte vocale utilisant le microphone du téléphone. Une empreinte biométrique spécifique est stockée dans la mémoire 32 du téléphone ou dans la carte UICC 34, ou encore dans la base de données 12 pour traitement par le serveur distant. La fréquence de la validation biométrique peut, ici encore, être choisie : à chaque utilisation, une fois toutes les N utilisations, à intervalles réguliers, etc.

Another precaution to increase the security consists, whatever the mode of implementation chosen, to provide additional validation by the user, for example:

• entering a personal code of the "PIN code" type before the issuance of the acoustic accreditation, either at each use, or once on N , or at regular intervals of time;
• biometric-type validation, by means of a biometric reader incorporated in the telephone or by a voiceprint recognition system using the telephone microphone. A specific biometric fingerprint is stored in the memory 32 of the phone or in the UICC card 34, or in the database 12 for processing by the remote server. The frequency of the biometric validation can again be chosen: at each use, once every N uses, at regular intervals, etc.

Improvements and complements of implementation Feedback

This improvement consists, essentially, in using the mobile phone to pick up signals emitted by the lock, so as to transmit information from the lock to the management site via a user's phone and the mobile network, taking advantage of the establishment by this user of a connection in the downward direction (from the management site to the lock) to trace information in the opposite direction (from the lock to the management site).

It is indeed very useful for the management site to have information stored in the lock, for example status data (fault indicator, battery level, proof of opening, etc.) or data of the lock. history of the successive uses of this lock.

The improvement of the invention is particularly applicable to locks of stand alone type , that is to say operating completely independently without being connected to any network that would allow it to exchange data.

It is possible to use the transducer 46 of the lock by operating it in reverse mode (to emit sound signals instead of capturing them), or to provide a specific transducer for reproducing sound signals.

The feedback can be triggered by a system administrator, by means of an applet downloaded to his mobile phone. When he wishes to recover data from a lock, he presents his phone to the lock and delivers a specific acoustic command signal that orders, with all the necessary security guarantees, to the lock to return the required information. This information is transmitted in the form of acoustic signals, encrypted or not, reproduced by the acoustic transducer of the lock. These signals are then picked up by the phone's microphone and processed by the applet embedded in it, for immediate or subsequent transmission to the management site.

The feedback can also be operated without the need to move an administrator to where the lock is located, taking advantage of the fact that an authorized user requests the opening of the lock. For this purpose, during the opening process triggered at the initiative of the user, the lock sends back to the user's phone relevant information such as low battery signal, need for maintenance, malfunction, proof opening, etc. This information can be translated by the phone applet into alert messages (" low battery ") displayed on the phone screen, these alert messages being repeated if necessary at regular intervals. Another possibility is to send this information to the management site via the mobile network, so that an administrator can then take appropriate corrective action.

In other words, each user becomes a source of information for the system, which is particularly advantageous in the case of fully autonomous locks.

In a variant of this improvement, the control signal, instead of being delivered by the telephone, is emitted by a general sound installation of the building, which allows to simultaneously transmit this signal to a very large number of locks. This same installation can be equipped with microphones that can also listen to the signal delivered by the locks.

Multiple accreditations in salvo

When a user has access rights on a plurality of different locks, he must normally choose manually, in a list which is presented to him on the display of his telephone, the type of lock which he wants to control the opening, this to obtain the issuance of a corresponding conforming accreditation.

An improvement consists, in order to avoid this manipulation, in having the telephone issue a plurality of accreditations in a single burst, the salvo containing an accreditation corresponding to each of the locks for which the user is authorized. Among the multiple accreditations that will be captured by the lock, it will recognize, by means of an appropriate code, that which is intended for it, and it is the latter, and it alone, which can then order the opening of the lock. lock.

Speed dial

It is possible and advantageous to control the emission of acoustic accreditations by the telephone by pressing a button or a dedicated key of the telephone, or by activation of a specific icon in the case of a touch screen telephone.

In the "online" mode, the user assigns a button or an icon to this function, which will trigger the dialing of the server number and allow him to receive the acoustic accreditation in return. In the "semi-online" or "offline" modes, the applet ( cardlet or midlet ) asks the user to choose automatically or manually the button or the icon that he wishes to order the fast obtaining of acoustic accreditation by the technique described above.

Application: hotel management

• un système 48 de gestion de l'établissement ou PMS (Property Management System), qui est un système de gestion d'hôtel classique, ici relié à la base de données 12 du site gestionnaire 10 par une liaison sécurisée, par exemple une liaison internet de type https,
• un système 50 de réservation hôtelière ou RS (Reservation System), qui est un système permettant à tout utilisateur qui se connecte d'obtenir une réservation dans un hôtel de son choix et de fournir les différentes informations nécessaires à l'enregistrement de cette réservation. Le système de réservation RS est couplé au système PMS 48 de gestion de l'établissement, et éventuellement à la base de données 12 du site gestionnaire 10.
• un système 52 de création de cartes de chambre ou LFDS (Lock Front Desk System) 52, permettant d'enregistrer l'utilisateur au moment de son arrivée ou check-in à l'hôtel, soit par l'intermédiaire d'un réceptionniste, soit directement par l'utilisateur dans le cas d'un système en libre-service. Ce système LFDS est relié au système PMS 48 et éventuellement à la base de données 12.

This key management application for a hotel will be described with reference to the Figure 3 . This figure shows the various elements of the whole of the Figure 1 , to which are furthermore associated:

• an establishment management system 48 or PMS ( Property Management System ), which is a conventional hotel management system, here connected to the database 12 of the management site 10 by a secure link, for example an internet link https type ,
• a reservation system 50 or RS ( Reservation System ), which is a system allowing any user who connects to obtain a reservation in a hotel of his choice and provide the various information necessary for the registration of this reservation. The reservation system RS is coupled to the management system PMS 48 of the establishment, and possibly to the database 12 of the management site 10.
• a system 52 for creating room cards or LFDS ( Lock Front Desk System ) 52, to register the user at the time of his arrival or check-in at the hotel, either through a receptionist, either directly by the user in the case of a self-service system. This LFDS system is connected to the PMS system 48 and possibly to the database 12.

We will now describe the different stages of this hotel application, particularly insisting on the peculiarities resulting from the use of the system of the invention (for the rest, the process implemented is a conventional process, which will be described only by summary way).

1 °) Booking

The hotel reservation system RS 50 communicates with a database listing among the proposed hotels those that are equipped to implement the technique of the invention.

The customer makes a reservation with the RS 50 system by any conventional technique: internet, WAP application by phone, phone call, travel agency, etc. When the reservation is made, the system RS checks whether the hotel requested can operate with the acoustic accreditation system according to the invention. If so, this option is offered to the customer requesting the reservation, and he can accept this proposal by a standard "terms and conditions" acceptance technique for that particular service.

• informations personnelles (nom, etc.),
• numéro de carte de crédit,
• numéro éventuel de carte de fidélité,
• numéro de passeport ou de carte d'identité,
• numéro de téléphone mobile,
• adresse électronique (e-mail qu'il peut recevoir sur son téléphone mobile, identifiant de messagerie instantanée).

The client then communicates to the RS system a certain amount of information, including:

• personal information (name, etc.),
• Credit Card Number,
• eventual number of loyalty card,
• passport number or identity card number,
• phone number,
• email address (email he can receive on his mobile phone, instant messaging ID).

At the end of the reservation process, the customer receives a confirmation message, informing them in particular that he can obtain the delivery of the key to his room directly via his mobile, without the delivery of a badge or card. the reception upon arrival at the hotel. It can also receive the applet ( midlet or cardlet ) necessary in the case of implementation in a "semi-online" or "offline" mode.

If the customer does not yet participate in a loyalty program, the system may offer to subscribe, this loyalty program may include including the benefit of the system of the invention, which will allow him to obtain the delivery of the key in the form of acoustic accreditation.

2 °) Preparation for the reception of the client

Once the customer has made his reservation and accepted to receive his key in the form of acoustic accreditation on his mobile phone, the hotel reservation system 50 RS communicates to the management system 48 of the establishment PMS 48 the details of the reservation , in particular the fact that this reservation includes the issue of a key in the form of acoustic accreditation.

• numéro de téléphone mobile,
• adresse électronique,
• dates d'arrivée et de départ,
• numéro de réservation,
• coordonnées de l'hôtel.

The RS 50 system also informs the PMS system 48 of the mobile communication means chosen by the customer (mobile phone number, mobile phone e-mail, instant messenger). A room assignment priority level can also be assigned to the reservation. In parallel, the RS 50 reservation system or the PMS 48 system informs the management site 10 of the reservation, by sending the following information:

• phone number,
• email address,
• dates of arrival and departure,
• reservation number,
• contact details of the hotel.

3 °) Activation before the client's arrival

This phase essentially consists of allocating a room to the client for the duration of his stay, and having the managing site generate a corresponding encrypted acoustic accreditation. It can be ordered in many ways.

a) order at the initiative of the management system of the PMS establishment

• numéro de chambre,
• numéro de téléphone mobile,
• adresse électronique,
• dates d'arrivée et de départ,
• numéro de réservation.

The management system 48 of the PMS institution first assigns a room number and sends the following information to the LFDS room card generation system 52:

• room number,
• phone number,
• email address,
• dates of arrival and departure,
• reservation number.

• chaîne de données correspondant, sous forme chiffrée, à la clé virtuelle de la chambre,
• numéro de téléphone mobile,
• adresse électronique,
• dates d'arrivée et de départ,
• numéro de réservation,
• coordonnées de l'hôtel.

The LFDS system 52 then generates a virtual key for this room and this period, and sends the following information to the management site 10, via a secure link:

• corresponding data string, in encrypted form, to the virtual key of the chamber,
• phone number,
• email address,
• dates of arrival and departure,
• reservation number,
• contact details of the hotel.

The management site 10 acknowledges receipt of this information and translates into an acoustic accreditation, generated by the generator 14, the data corresponding to the virtual key of the room.

The management site 10 then sends the customer's mobile phone a message (SMS, e-mail or instant messenger) informing him of the number of the room assigned to him and the telephone number he will have to dial when he located in front of the door of this room in order to obtain acoustic accreditation allowing access to this room. Alternatively, the management site can send the acoustic accreditations in the form of an attached file (by MMS, instant messaging or e-mail) file that the client will open to reproduce the acoustic accreditation when it is in front of the door. his room.

In a variant of this first solution, the data string corresponding to the virtual key of the chamber, instead of being sent by the LFDS system 52, is sent by the PMS system 48, which sends this data string to the site. manager 10, the rest of the operations being unchanged.

In another variant of this first solution, the data string, instead of being sent to the management site 10 by the LFDS system 52, is via the reservation system RS 50, thus avoiding the use of a specific secure link. between the LFDS 52 system and the management site 10.

b) order with pre-registration

In this alternative, the management site 10 sends to the customer on his mobile phone, shortly before his arrival at the hotel, pre-registration information, with a link to which he will have to connect, or a telephone number to dial, to confirm the registration. This pre-registration information can be sent by an SMS "push SMS", by e-mail or by instant messaging.

At any time, the customer can accept the registration by clicking on the link or by calling the phone number that has been indicated. The management site 10 then informs the PMS system 48 of this acceptance of the record, which can then be executed by the PMS system as previously described.

c) manual control

• numéro de chambre attribuée,
• numéro de téléphone mobile du client,
• adresse électronique du client,
• dates d'arrivée et de départ,
• numéro de réservation,
• coordonnées de l'hôtel.

In this other solution, the activation is managed manually. For this purpose, before the client arrives at the hotel, an operator connects to an application of an ASP ( Application Service Provider ) hosted application provider over the Internet and provides him with the following information:

• assigned room number,
• mobile phone number of the customer,
• Customer's email address,
• dates of arrival and departure,
• reservation number,
• contact details of the hotel.

The application of the ASP provider communicates to the management site 10 the corresponding data, and the latter can then either send pre-registration information to the customer on his mobile (see above), or send him directly the information of the number of room and the information necessary to obtain acoustic accreditation when it is in front of the door of the room.

The variants exposed above, for example the sending of acoustic accreditations in the form of an attached file, are also applicable to this manual implementation.

4 °) Issuance of accreditation

• le client appelle le numéro de téléphone qui est indiqué dans le message qu'il a reçu (en cliquant directement sur un lien ou en composant le numéro de téléphone), pour obtenir et reproduire l'accréditation acoustique ;
• en variante, le site gestionnaire ne répond pas directement mais délivre un message accusant réception de l'appel et demandant au client de raccrocher ; juste après, le site gestionnaire rappelle le client et lui délivre l'accréditation acoustique ;
• en mode "pièce jointe", le client ouvre le fichier audio qu'il a reçu en du site gestionnaire par e-mail, messagerie instantanée ou MMS, de manière à reproduire l'accréditation acoustique ;
• en mode "semi-hors ligne" ou "hors ligne", le client lance l'application lui permettant de reproduire l'accréditation acoustique.

The customer arrives on the spot and goes directly to his room. Acoustic accreditation can be issued in several ways:

• the customer calls the telephone number which is indicated in the message he has received (by clicking directly on a link or by dialing the telephone number), to obtain and reproduce the acoustic accreditation;
• alternatively, the management site does not respond directly but delivers a message acknowledging the call and asking the customer to hang up; just after, the management site reminds the customer and delivers the acoustic accreditation;
• in "attachment" mode, the client opens the audio file he has received from the management site by e-mail, instant messenger or MMS, so as to reproduce the acoustic accreditation;
• in "semi-offline" or "offline" mode, the client launches the application allowing him to reproduce the acoustic accreditation.

5 °) Opening of the door

The customer approaches his mobile phone door lock, which is equipped with a system to listen to the phone. The lock translates acoustic accreditation into an unlocking authorization. If the acoustic accreditation is compliant, the lock is unlocked and it is sufficient for the customer to open the door, the same way he would have proceeded with a badge that would have been issued at the reception of the hotel.

The same process is repeated at each door opening during the hotel stay. Eventually, the customer can obtain from the reception a badge that he can use in addition to his mobile phone. All transactions are of course recorded in order to establish a history of uses of the lock.

6 °) Feedback

At the time when the customer receives acoustic accreditation from the management site 10, the latter informs the PMS system 48 that the accreditation has been delivered to the customer, and when. In the "semi-online", "offline" and "attachment" modes, the management site 10 can also generate feedback to the PMS system 48.

7 °) Special cases

The system makes it easy to manage various special cases.

When booking, the customer can inform the system that several other people will also have access to the room. It then indicates the mobile phone numbers and email addresses of other people, so that everyone can also receive an acoustic accreditation for the duration of the stay.

Moreover, at any time, the customer can ask the reception of the hotel, or automatically by the system LFDS 52, the delivery of a "duplicate" of its acoustic accreditation in the form of a badge. These badges are likely to work in parallel with the acoustic accreditations reproduced by the mobile phone.

Finally, in case of loss or theft of his mobile phone, the customer will inform the reception of the hotel or its mobile operator so that a replacement badge can be issued. Once this badge is used to open the door, previous Accreditations will be revoked by the system.

8 °) Departure

Several solutions can be implemented.

For example, the departure can be recorded via the hotel's internal television system, with payment by credit card. To do this, the customer selects the "check out" option of the internal television system, which makes his bill appear on the TV screen. He then accepts this invoice by clicking on an "acceptance" button, which triggers the establishment of a form of payment by credit card. The customer completes or completes this form with all the necessary information and validates the payment.

In an improvement, the management site 10 is involved in the payment validation process, delivering an acoustic accreditation signal via the payment application. This acoustic accreditation is reproduced by the speakers of the television set in the customer's room and, at the same time, the management site 10 dials the mobile telephone number of the customer. The latter answers and presents his phone in front of the speakers of the television, which "closes the loop" of the process and makes it possible to validate the payment, with the authorization of the management site 10.

In yet another variant, instead of using the internal television circuit of the hotel, the customer is only asked to pick up the phone from his room and dial a number corresponding to the "check out" function. Once in communication with the corresponding service, the customer validates his acceptance of the invoice by transmitting to this service, via his mobile phone, the acoustic accreditation he used to open his door. This maneuver is interpreted as an acceptance the invoice, the amount of which will be debited on the customer's credit card.

In all cases, an e-mail is sent to the customer mentioning the receipt of the payment and giving details of the invoice. The customer can also obtain a paper copy of the bill at the hotel reception desk or at an ATM located in the lobby.

Claims (15)

A secure locking device opening control system, comprising: - At least one lock device (22) provided with electronic circuits for controlling mechanical locking / unlocking members; - a mobile phone (20) available to a user (18) authorized to open the lock device; a remote management site (10); and a mobile network operator (16), coupled to the management site and to the mobile telephone,
characterized in that : - the remote management site includes: A database (12) of lock devices and authorized users, with for each user a unique identifier associated with a mobile phone number, and data of access rights and conditions of use, and An accreditation data generator (14), the accreditations being acoustic accreditations encrypted in the form of single-use audio signals, suitable for opening the lock devices listed in the database; the system comprises means for securely transmitting said credentials of the management site to the mobile telephone of the corresponding authorized user; the telephone (20) comprises an electro-acoustic transducer (36) adapted to reproduce said acoustic accreditations; - The lock device (22) comprises an electro-acoustic transducer (46) adapted to capture the acoustic accreditations reproduced by the telephone transducer previously placed near the lock device; and - The lock device (22) comprises means for recognizing, analyzing and authenticating the acoustic accreditations picked up by the transducer, and controlling the unlocking of the mechanical members on recognition of a conforming accreditation. The system of claim 1, comprising means, on sending a request by the mobile phone to the management site, to: - check the authorization of the user in the database of the site, - generate acoustic accreditation by the site generator, and - Transmit this accreditation to the phone, for direct reproduction by the transducer thereof previously placed near the transducer of the lock device. The system of claim 1, comprising means, on sending a request by the mobile phone to the management site, to: - check the authorization of the user in the database of the site, generate at least one acoustic accreditation by the site generator, transmitting on the telephone this accreditation, or these accreditations, by implementing an internal applet of the telephone capable of executing the downloading and storage in a memory (32) of the telephone,
then, in a second step: - Activate the internal applet for reproduction of the accreditation, or one of the accreditations, by the transducer of the phone previously placed near the transducer of the lock device. The system of claim 1, wherein: the telephone comprises an internal applet forming, in combination with a cryptographic key, a cryptographic generator, the accreditation data transmitted by the remote site to the telephone is said cryptographic key,
so as to allow, on command of the user, the generation of acoustic accreditation by the inner applet and its reproduction by the transducer thereof previously placed near the transducer of the lock device. The system of claim 4, wherein the cryptographic key, and optionally the applet, are stored in a memory of a secure microcircuit card (34) of the phone. The system of claim 4, further comprising means for conditioning the generation of acoustic accreditation by the internal applet of the telephone to the remote site, or mobile network operator, updating a validation data necessary for the applet to continue to operate said generation. The system of claim 1, comprising means, on sending a request by the mobile phone to the management site, or at the initiative of the management site, to: - check the authorization of the user in the database, generate at least one acoustic accreditation and convert this accreditation, or these accreditations, into an audio file, - transmit on the phone this audio file for download and storage in a phone memory,
then, in a second step: - reproduce the audio file by the phone's transducer previously placed near the transducer of the lock device. The system of one of claims 3 or 7, further comprising means for automatically generating said request from a predefined threshold of accreditations remaining stored in the phone, in order to perform a reload of the phone memory by new accreditations. The system of claim 1, further comprising means for conditioning the reproduction of the acoustic accreditation by the telephone transducer to the prior presentation of personal validation data delivered by the user over the telephone. The system of claim 1, wherein: the lock device comprises an electro-acoustic transducer capable of reproducing acoustic signals in return, generated by the lock device and encoded by state or history data specific to the lock device; and the telephone comprises an electro-acoustic transducer capable of sensing said signals in return. The system of claim 10 wherein: - The phone further comprises means for decoding said feedback signals and display if appropriate to the user an alert message function of said state or history data specific to the lock device. The system of claim 10 wherein: - The phone further comprises means for transmitting to said management site said feedback signals with said state or history data specific to the lock device. The system of claim 1, wherein: the user is empowered for a plurality of different lock devices; - The phone is adapted to reproduce in a single burst a plurality of accreditations, said burst containing an accreditation corresponding to each of the lock devices for which the user is entitled. The system of claim 1, wherein: - The phone also includes a quick command to obtain and / or reproduction of the accreditation by pressing a dedicated button on the phone, or by activation of a specific icon of a touch surface of the phone. The system of claim 1, wherein the system is also adapted to control the activation / deactivation of an alarm installation upon recognition of a conforming accreditation.

Images