ZHANG YISE (CA)
WEN YEFENG (CA)
US20150015364A1 | 2015-01-15 | |||
US20120096909A1 | 2012-04-26 | |||
US20130127593A1 | 2013-05-23 | |||
US20050283839A1 | 2005-12-22 | |||
US7624280B2 | 2009-11-24 | |||
US20110291798A1 | 2011-12-01 | |||
US20150278556A1 | 2015-10-01 |
What is claimed is: 1. A process for secure access of physical assets, the process comprising: obtaining a public key of an accessing party, the public key corresponding to a private key controlled by the accessing party, the public key and private key conforming to an asymmetric cryptographic scheme; transmitting the public key to an electronic lock of a physical asset, the electronic lock configured to control physical access to the physical asset; once an electronic device associated with the accessing party is in proximity to the physical asset, receiving encrypted unlock data from the electronic lock, the encrypted unlock data based on plaintext unlock data that is encrypted by the electronic lock using the public key; transmitting the encrypted unlock data to the electronic device; receiving decrypted unlock data from the electronic device, the decrypted unlock data based on decryption of the encrypted unlock data as controlled by the electronic device and using the private key; and transmitting the decrypted unlock data to the electronic lock for comparison of the decrypted unlock data to the plaintext unlock data by the electronic lock, so that the electronic lock can allow physical access to the physical asset upon determining that the decrypted unlock data matches the plaintext unlock data. 2. The process of claim 1, wherein the public key is associated with a digital certificate and wherein transmitting the public key to the electronic lock comprises transmitting the digital certificate to the electronic lock. 3. The process of claim 2, further comprising initiating a validation of the digital certificate upon the electronic device coming into proximity to the physical asset and only transmitting the decrypted unlock data to the electronic lock if validation of the digital certificate is successful. 4. The process of claim 3, wherein the physical asset is a package that is physically deliverable and designed to contain physical goods. 5. The process of claim 3, wherein the physical asset is a door that is designed to provide access to a room. 6. A process for secure access of physical assets, the process comprising: obtaining, at an electronic device associated with an accessing party, a certificate according to a cryptographic scheme, the certificate associated with an electronic lock securing a physical asset; once the electronic device is in proximity to the physical asset, transmitting the certificate to the electronic lock; once the certificate is received at the electronic lock, encrypting the certificate according to the cryptographic scheme; transmitting the encrypted certificate to the electronic device; forwarding the encrypted certificate from the electronic device to a certificate system for validation; at the certificate system, validating the encrypted certificate and encrypting a validation result according to the cryptographic scheme; transmitting encrypted validation result to the electronic device; forwarding the encrypted validation result from the electronic device to the electronic lock; decrypting the encrypted validation result according to the cryptographic scheme; and validating the encrypted certificate according to the cryptographic scheme so that the electronic lock can allow physical access to the physical asset upon determining that the encrypted certificate is valid. 7. The process of claim 6, wherein the cryptographic scheme is an asymmetric cryptographic scheme wherein a private key is held by the electronic lock and the certificate system. 8. The process of claim 7, wherein the physical asset is a package that is physically deliverable and designed to contain physical goods. 9. The process of claim 7, wherein the physical asset is a door that is designed to provide access to a room. 10. An electronic lock for controlling physical access to a physical asset, the electronic lock comprising: memory for storing at least an indication of a public key conforming to an asymmetric cryptographic scheme and at least one element of plaintext unlock data, the public key corresponding to a private key controlled by an accessing party of the physical asset; a wireless interface for wirelessly communicating data with a wireless network; a processor connected to the memory and the wireless interface, the processor configured to encrypt the plaintext unlock data using the public key to obtain encrypted unlock data and to initiate transfer of the encrypted unlock data via the wireless interface to an electronic device controlled by the accessing party; a locking mechanism connected to the processor and configured to lock and unlock the physical asset according to control signals received from the processor; a power source for powering the memory, processor, wireless interface, and locking mechanism; and the processor further configured to compare the plaintext unlock data to decrypted unlock data received via the wireless interface from the electronic device controlled by the accessing party to determine whether the decrypted unlock data matches the plaintext unlock data, processor further configured to transmit an unlock signal to the locking mechanism when the decrypted unlock data matches the plaintext unlock data. 11. The electronic lock of claim 10, wherein the public key is associated with a digital certificate, the memory for storing one or more digital certificates received via the wireless interface. 12. The electronic lock of claim 11, wherein the processor is configured to transmit a validation request for validating the digital certificate via the wireless interface to a certificate authority in response to receiving a validation trigger via the wireless interface from the electronic device controlled by the accessing party, the processor configured to only transmit the unlock signal to the locking mechanism after successful validation of the digital certificate. 13. The electronic lock of claim 12, wherein the physical asset is a package that is physically deliverable and designed to contain physical goods. 14. The electronic lock of claim 12, wherein the physical asset is a door that is designed to provide access to a room. |
Field
[0001] This disclosure relates to computer networks, more specifically, to cryptographic security of physical assets.
Background
[0002] Computer systems are increasingly relied upon to facilitate the selling, distribution, renting, and general organization of assets in the physical world. For example, online computer systems are increasingly being used to ship packages containing goods to a purchaser's doorstep, and online services allow renters to rent rooms for occupancy. Despite security improvements in the computer field to the systems and networks which facilitate such activity, a gap in security may exist.
[0003] For example, physical package delivery is often inherently insecure with packages often being left on doorsteps or in other insecure locations. Even those entrusted with delivering packages may not always have the best interests of the package receiver in mind. Packages are often opened by unauthorized individuals, sometimes having their contents perused or even stolen. These problems are becoming more widespread with the ever increasing proliferation of Internet shopping.
[0004] As another example, online booking of private rooms is similarly insecure. It is often desirable for an individual to be able to rent one's apartment, house, or other room, through an online booking service without the need to be present at the room upon the arrival of a visitor to allow the visitor access to the room. Individuals renting rooms therefore often hide room keys in a nearby location, simply leave the room unlocked, or rely on alternative means for accessing the room, and provide the visitor with instructions for how to find the room key or otherwise access the room. Such methods are inherently insecure, however, since hidden keys may be discovered, and unlocked doors may be entered by unauthorized individuals, whether by chance occurrence or by an individual aware of the room renter's security methods. Summary
[0005] This disclosure relates to cryptographic security of physical assets using an electronic lock and a process for unlocking the electronic lock when brought into proximity to an electronic device. The physical asset may be a package being delivered, a door to a rentable room, or another physical asset.
[0006] The electronic lock has a public key and the electronic device has a corresponding private key. When the electronic lock and electronic device are brought into proximity, the electronic lock and electronic device exchange data to unlock the electronic lock to allow access to the physical asset by the accessing party.
[0007] According to an aspect of this disclosure, a process for secure access of physical assets is provided. The process includes obtaining a public key of an accessing party, the public key corresponding to a private key controlled by the accessing party, the public key and private key conforming to an asymmetric cryptographic scheme, and transmitting the public key to an electronic lock of a physical asset, the electronic lock configured to control physical access to the physical asset, once an electronic device associated with the accessing party is in proximity to the physical asset, receiving encrypted unlock data from the electronic lock, the encrypted unlock data based on plaintext unlock data that is encrypted by the electronic lock using the public key, transmitting the encrypted unlock data to the electronic device, receiving decrypted unlock data from the electronic device, the decrypted unlock data based on decryption of the encrypted unlock data as controlled by the electronic device and using the private key, and transmitting the decrypted unlock data to the electronic lock for comparison of the decrypted unlock data to the plaintext unlock data by the electronic lock, so that the electronic lock can allow physical access to the physical asset upon determining that the decrypted unlock data matches the plaintext unlock data.
[0008] In some embodiments, the public key is associated with a digital certificate, and transmitting the public key to the electronic lock comprises transmitting the digital certificate to the electronic lock. [0009] In some embodiments, the process includes initiating a validation of the digital certificate upon the electronic device coming into proximity to the physical asset and only transmitting the decrypted unlock data to the electronic lock if validation of the digital certificate is successful.
[0010] According to another aspect of this disclosure, a process for secure access of physical assets is provided. The process includes obtaining, at an electronic device associated with an accessing party, a certificate according to a cryptographic scheme, the certificate associated with an electronic lock securing a physical asset, once the electronic device is in proximity to the physical asset, transmitting the certificate to the electronic lock, once the certificate is received at the electronic lock, encrypting the certificate according to the cryptographic scheme, transmitting the encrypted certificate to the electronic device, forwarding the encrypted certificate from the electronic device to a certificate system for validation, at the certificate system, validating the encrypted certificate and encrypting a validation result according to the cryptographic scheme, transmitting encrypted validation result to the electronic device, forwarding the encrypted validation result from the electronic device to the electronic lock, decrypting the encrypted validation result according to the cryptographic scheme, and validating the encrypted certificate according to the cryptographic scheme so that the electronic lock can allow physical access to the physical asset upon determining that the encrypted certificate is valid.
[0011] In some embodiments, the cryptographic scheme is an asymmetric cryptographic scheme wherein a private key is held by the electronic lock and the certificate system.
[0012] In some embodiments, the physical asset is a package that is physically deliverable and designed to contain physical goods.
[0013] In some embodiments, the physical asset is a door that is designed to provide access to a room.
[0014] According to another aspect of this disclosure, an electronic lock for controlling physical access to a physical asset is provided. The electronic lock includes memory for storing at least an indication of a public key conforming to an asymmetric cryptographic scheme and at least one element of plaintext unlock data, the public key corresponding to a private key controlled by an accessing party of the physical asset, a wireless interface for wirelessly communicating data with a wireless network, a processor connected to the memory and the wireless interface, the processor configured to encrypt the plaintext unlock data using the public key to obtain encrypted unlock data and to initiate transfer of the encrypted unlock data via the wireless interface to an electronic device controlled by the accessing party, a locking mechanism connected to the processor and configured to lock and unlock the physical asset according to control signals received from the processor, a power source for powering the memory, processor, wireless interface, and locking mechanism, the processor further configured to compare the plaintext unlock data to decrypted unlock data received via the wireless interface from the electronic device controlled by the accessing party to determine whether the decrypted unlock data matches the plaintext unlock data, processor further configured to transmit an unlock signal to the locking mechanism when the decrypted unlock data matches the plaintext unlock data.
[0015] In some embodiments, the public key is associated with a digital certificate, the memory for storing one or more digital certificates received via the wireless interface.
[0016] In some embodiments, the processor is configured to transmit a validation request for validating the digital certificate via the wireless interface to a certificate authority in response to receiving a validation trigger via the wireless interface from the electronic device controlled by the accessing party, the processor configured to only transmit the unlock signal to the locking mechanism after successful validation of the digital certificate.
[0017] Other features and advantages are described in greater detailed below. Brief Description of the Drawings
[0018] The drawings illustrate, by way of example only, embodiments of the present disclosure. [0019] FIG. 1 is a diagram of a system for physical package delivery according to the present invention.
[0020] FIG. 2 is a diagram showing a process for physical package delivery according to the present invention.
[0021] FIG. 3 is a diagram of an electronic lock for a package according to the present invention.
[0022] FIG. 4 is a diagram of detailed example of the package access control system and certificate/key system shown in FIG. 1.
[0023] FIG. 5 is a diagram of a system for online room booking and electronic lock accessing according to the present invention.
[0024] FIG. 6 is a diagram showing a process for secure remote key access granting according to the present invention.
Detailed Description
[0025] FIG. 1 shows a system 10 for online sales and physical package delivery providing for secure delivery of physical assets, such as packages, to reduce the risk that the package will be subject to unauthorized opening, will have its contents stolen or modified, or will undergo other undesirable interference. This can help in protecting purchased items from being examined or stolen by unauthorized individuals. Features and aspects of this embodiment may be used with the other embodiments described herein.
[0026] The system 10 includes an online sales system 12, a package access control system 14, and a certificate/key system 16 connected for data communications to a wide-area network 18. Each of the systems 12, 14, 16 can include one or more computer servers configured to provide an overall service as described herein. The wide-area network 18 includes any computer network, such as an intranet, a local-area network, a wireless network, a virtual- private network (VPN), a cellular network, the Internet, a combination of such, or similar. [0027] The online sales system 12 is configured to facilitate the purchase of one or more physical goods or products via the wide-area network 18. The online sales system 12 includes a retail, commercial, or other sales system that may be open to the public, may private, or may have other access restrictions. Examples of online sales systems include Amazon.com,
Alibaba.com, Apple.com, Bestbuy.com, Ebay.com, Jd.com, Taobao.com, Tmall.com, and similar. The online sales system 12 may sell products of one or more vendors. The online sales system 12 may be specific to one vendor and may be operated directly by such vendor. One online sales system 12 is discussed, by way of example only, and it is to be understood that the present invention is capable of functioning with any number of online sales systems 12 and may exhibit additional advantages when operating with more than one online sales system 12.
[0028] The package access control system 14 is configured to provide control of physical access to contents of packages delivered on behalf of the online sales system 12 to the purchasing parties. That is, the purchasing party (i.e., the actual purchaser, a delegate or representative thereof, etc.) is able to use the package access control system 14 to control physical access to the contents of packages, where the contents includes goods or products sold by the online sales system 12. It will therefore be understood that the purchasing party may also be referred to as the accessing party.
[0029] The package access control system 14 can be configured to interface with the online sales system 12, via an application programming interface (API) for example, to permit purchasers using the online sales system 12 to request package access control service provided by the package access control system 14. The package access control system 14 can
alternatively or additionally be configured to interface with the certificate/key system 16 to control distribution and management of keys/certificates, so that shippers of goods or products are able to access the needed certificates or keys when the goods or products at the time of shipping. The package access control system 14 will be discussed in more detail below.
[0030] The certificate/key system 16 includes a certificate authority and is configured to generate, issue, store, manage, and/or revoke cryptographic certificates and/or keys, and further may also be configured to allow other parties to check the status of a certificate via the Online Certificate Status Protocol (OCSP), Certificate Revocation List (CRL), or similar certificate revocation status checking mechanism. For instance, a purchasing party may use an electronic device to generate a public-private key pair according to an asymmetric cryptographic scheme.
[0031] In the embodiments described herein, the cryptographic scheme is an asymmetric cryptographic scheme, such as RSA, Digital Signature Algorithm (DSA), and various Elliptic Curve Cryptography (ECC) schemes, providing the security of a public-private key pair. In other embodiments, the cryptographic scheme may be another cryptographic scheme, including a symmetric key cryptographic scheme, such as Advanced Encryption Standard (AES), Triple Data Encryption Algorithm (3DES), Blowfish, and similar, as required by bandwidth or power limitations.
[0032] After a purchasing party uses an electronic device to generate a public-private key pair, the public key may then be stored at the certificate/key system 16, which may also be configured to generate and issue certificates based on such public key. The present invention is contemplated to be useful to a large number of purchasing parties and hence the
certificate/key system 16 may be configured to manage public keys and certificates of such number of purchasing parties.
[0033] The system 10 further includes one or more shipping party computer systems 20 operated by one or more shipping parties and one or more electronic devices 22 controlled by one or more purchasing parties.
[0034] A shipping party can include any individual, organization, or company that loads goods or products into packages 24 for physical delivery 26 to destination locations 28, which are typically specified by the relevant purchasing parties. A shipping party can include a distributor working for a variety of sales parties, the shipping division of a particular sales party, or the like. The shipping party is essentially the party that physically places purchased goods or products into the packages 24.
[0035] The package 24 can be any lockable container offering a physical barrier to the contents. Examples packages include a strong box, a cardboard box, a metal lockbox, an envelope (e.g., especially a tear-resistant or tamper-proof envelope), or any other similar physically deliverable package designed to contain goods or products. The type and strength of package can be selected to meet implementation requirements. An envelope may suffice for small objects of lesser value, while a metal lockbox may be desired for large or highly valuable items.
[0036] A shipping party computer system 20 includes any computer, server, handheld device, or similar electronic device under the control of the shipping party and capable of communicating with the wide-area network 18 and with electronic locks 30 used to control physical access to the packages 24. One function of the shipping party computer system 20 is to load each electronic lock 30 with a certificate generated from the public key (or at least load the public key) belonging to the purchaser of the good or product secured by the electronic lock 30. The shipping party computer system 20 may include handheld electronic devices used by operators to download certificates from the package access control system 14 and load such into the electronic locks 30. Alternatively, the shipping party computer system 20 may include a wireless access point that connects the electronic locks 30 to a VPN controlled by the package access control system 14 for direct loading of certificates into the electronic locks 30.
Alternatively or additionally, the shipping party computer system 20 may trigger the loading process from the package access control system 14 to directly load the certificate to the electronic lock 30 via a secured connection.
[0037] The purchasing parties' electronic devices 22 can include any computers, smartphones, or similar devices controlled by the purchasers of the goods and services offered by the online sales system 12. A purchasing party may be any individual, organization, or company. A purchasing party's electronic device 22 may be controlled by the actual purchaser or someone else in the organization or company.
[0038] I n operation, a purchasing party registers with the package access control system 14 and establishes a public-private key pair. The public key is transmitted to the certificate/key system 16, and the private key is stored on the purchasing party's electronic device 22. When the purchasing party makes a purchase on the online sales system 12, the purchasing party selects an option for secure package delivery. The online sales system 12 communicates with the package access control system 14 according to an established protocol for the physical delivery of the purchase, and the package access control system 14 provides the certificate to the shipping party computer system 20 of the shipper designated by the online sales system 12. The shipping party computer system 20 loads the certificate into the electronic lock 30 of the package 24 containing the purchase. Physical delivery 26 of the package to the destination location 28 occurs, and the purchasing party electronic device 22 comes in proximity to the package 24. The purchasing party then uses their electronic device 22 to inform the package access control system 14 that the package 24 has arrived. In response, the package access control system 14 prompts the electronic lock 30 to use the public key contained in the certificate to generate an encrypted unlock data from plaintext stored in or generated by the electronic lock 30 (e.g., a random series of bits). The electronic lock 30 sends the encrypted unlock data to the package access control system 14, which forwards it to the electronic device 22 of the purchasing party. The electronic device 22 uses the private key to decrypt the encrypted unlock data, and transmits the resulting decrypted unlock data to the package access control system 14, which forwards the decrypted unlock data to the electronic lock 30. The electronic lock 30 then compares the decrypted unlock data to the original plaintext and opens the package 24 if there is a match. The purchasing party thus has total control of access to the contents of the package and can open it upon delivery to the purchasing party or to a location or other party designated by the purchasing party.
[0039] Communications among any or all of the online sales systems 12, the package access control system 14, the certificate/key system 16, the shipping party computer system 20, the purchasers' electronic devices 22, and the electronic locks 30 can be made over a secured connection, such as those facilitated by Transport Layer Security/ Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), or similar.
[0040] FIG. 2 shows a diagram of a process for secure delivery of packages. The process may be implemented using the system 10 discussed above or using another system. For sake of explanation, the process will be described in context of the system 10 discussed above, but this is not intended to be limiting.
[0041] Initially, a purchasing party makes a registration request 50 with the package access control system 14. This can include generation of a cryptographic asymmetric public-private key pair by the purchasing party's electronic device 22. The private key is only kept on the purchasing party's electronic device 22, while the public key is transmitted to the package access control system 14 which can forward the public key to the certificate/key system 16 as part of a registration process 52 with the certificate/key system 16. In other words, registration 50, 52 results in a private key being stored at the purchasing party's electronic device 22, the corresponding public key being stored at the certificate/key system 16, and the package access control system 14 and certificate/key system 16 having sufficient identity information of the purchasing party to obtain the public key in the future, as needed. The registration request 50 may be made directly to the package access control system 14. Alternatively, the registration request 50 may be made through the online sales system 12 at the time of, for example, an impending purchase.
[0042] Next, during a purchase 54 by the purchasing party with the online sales system 12, the purchasing party may request secure physical delivery of the purchased good or product. The online sales system 12 may add, reduce, or waive delivery fees, insurance fees, or other fees based on a secure physical delivery. For instance, secure physical delivery may add to a basic shipping surcharge, but may reduce an insured shipping cost. Secure physical delivery may be automatically selected based on the identity of the purchasing party, may be a default setting, may even be the only setting available.
[0043] The request 56 for secure physical delivery is made by the online sales system 12 to the package access control system 14, which obtains the public key of a purchasing party. The public key may be obtained 58 in the form of a digital certificate, which can be set to expire at a time after the delivery is scheduled to occur or can be revoked, in case of cancellation of the purchase. Identity (subject), expiry time (valid-from, valid-to), and other information for generating the certificate is provided by the package access control system 14 to the certificate/key system 16, which generates the digital certificate and transmits the digital certificate to the package access control system 14. At the least, the digital certificate should contain the public key.
[0044] The package access control system 14 transmits the digital certificate containing the public key to the shipping party computer system 20, which transmits the digital certificate to the electronic lock 30 of the package into which the purchased good or product is being loaded. Loading the digital certificate into the electronic lock 30 can become part of the shipper's standard procedure, along with other tasks such as generating a shipping bill, applying postage or courier slip, and the like. At the time of loading the digital certificate, the shipping party can take a photograph of the contents of the package (just before closing the package) and such photograph can be uploaded by the shipping party computer system 20 to the package access control system 14, as part of proof of shipping.
[0045] The package is closed, the electronic lock 30 is locked, and the package is then physically delivered to the destination location specified by the purchasing party.
[0046] After physical delivery of the package to the destination location, the purchasing party electronic device 22 comes in proximity to the package 24 and the electronic lock 30, and the purchasing party uses their electronic device 22 to send an indication of physical delivery to the package access control system 14. This can include the electronic device 22 logging into a web site or application of the package access control system 14 to indicate this package as having physically arrived. Note that the purchasing party need not be present at the delivery destination location. For instance, an individual at the destination location may communicate to the purchasing party that a package has arrived (e.g., perhaps quoting a sender ID,
package/shipping I D number, etc.). The purchasing party then indicates 64 to the package access control system 14 that the particular package has arrived (e.g., specifying the sender ID, package/shipping I D number, etc. if multiple packages are expected).
[0047] If the purchasing party is required to be present for any reason (e.g., if the value of the delivery content is large), physical presence can be enforced by close-range communication (e.g., Near Field Communication or NFC, Wi-Fi Direct, or similar) of the electronic lock 30 with the purchaser's electronic device 22. That is, the purchasing party indicates 64 to the package access control system 14 that the particular package has arrived after a suitable NFC confirmation between the electronic lock 30 with the purchaser's electronic device 22 has occurred.
[0048] I n response to the delivery indication 64, the package access control system 14 initiates 66 unlocking of the package by triggering the electronic lock 30 to perform certificate validation 68 with the package access control system 14 and/or the certificate/key system 16. The package access control system 14 only proceeds with subsequent actions if the digital certificate is successfully validated.
[0049] If the digital certificate is successfully validated, the package access control system 14 triggers the electronic lock 30 to use the public key to encrypt unlock data. Plaintext unlock data can be, for example, a random or pseudo-random string, bit sequence, or other data that is generated by the electronic lock 30. The electronic lock 30 encrypts the plaintext unlock data using the public key to obtain encrypted unlock data.
[0050] The electronic lock 30 then transmits 72 the encrypted unlock data to the package access control system 14, which receives the encrypted unlock data and transmits 74 it to the electronic device 22 of the purchasing party.
[0051] The purchasing party's electronic device 22 then decrypts 76 the encrypted unlock data using the private key, which, if the delivery was securely and properly executed, will correspond to the public key at the electronic lock 30. The electronic device 22 thereby obtains decrypted unlock data, which, if the delivery was securely and properly executed, will correspond to the plaintext unlock data at the electronic lock 30. The electronic device 22 transmits 78 the decrypted unlock data to the package access control system 14.
[0052] The package access control system 14 receives the decrypted unlock data from the electronic device 22 and transmits 80 it to the electronic lock 30. [0053] Upon receiving the decrypted unlock data, the electronic lock 30 performs a comparison 82 of the decrypted unlock data to the plaintext unlock data and unlocks the package to allow physical access to its contents upon determining that the decrypted unlock data matches the plaintext unlock data.
[0054] As can be seen from the above, the package can only be opened as triggered by the person in control of the device having the private key. The package access control system acts as distributor of digital certificates and an intermediary for unlock data. This allows for secure opening of the package and can reduce theft or other unauthorized opening of packages.
[0055] The public/private key pair provides a fundamental level of security to the entire system, which provides encryption/decryption of the plaintext that is used for authentication of the purchaser. The digital certificate based on the key pair described above provides additional protection in the entire process described in FIG. 2. A certificate can be validated based on the issuer of the certificate (known as certificate chain validation). A certificate can also expire. A certificate can also be revoked by the certificate/key system 16. There are additional validation mechanisms for certificates. RFC 6125 and RFC 5280 can be referenced for further detail.
[0056] FIG. 3 shows a diagram of the electronic lock 30. The electronic lock 30 includes memory 100, a wireless interface 102, a processor 104, a locking mechanism 106, and a power source 108 mutually connected. The electronic lock 30 may further include other components, such as a global positioning system (GPS) receiver 110 and a near-field communications (NFC) device 118. In some embodiments, the locking mechanism 106 can interface with a standalone component, such as a Secure Integrated Circuit (Secure IC), for providing identity verification for engaging and disengaging the locking mechanism 106.
[0057] The memory 100 stores at least one indication of a public key 112 conforming to an asymmetric cryptographic scheme and at least one element of plaintext unlock data 114. The public key corresponds to a private key controlled by a purchasing party of the package. The indication of a public key 112 may be the public key itself, a certificate containing the public key, or a reference to a public key stored elsewhere. The public key 112 is used to encrypt the plaintext unlock data 114 to obtain encrypted unlock data 120. Although plaintext unlock data can be generated by the processor 104 on the fly, as needed, the plaintext unlock data 114 relevant to the current delivery guarded by the lock needs to persist for the duration of the unlocking process (see steps 66 - 82 in FIG. 2). The memory 100 further stores a program 116 configured to be executed by the processor 104 to perform encryption, perform the unlock data comparison, perform data communications, and perform other functionality discussed herein.
[0058] The wireless interface 102 is configured to wirelessly communicate data between the processor 104 and memory 100 and a wireless network via which the package access control system 14 is available. The wireless interface 102 can include one or more of a Wi-Fi interface, a cellular (2G, 3G, 4G, LTE, etc.) interface, a Bluetooth interface, a nearfield interface, and similar. In one example, the wireless interface 102 is data-only a 3G cellular interface. In other examples, wireless interface 102 is a long range, low power (LoRa ® ) interface.
Alternatively or additionally, the wireless interface 102 can be configured to piggyback onto a wide-area network connection provided by the electronic device 22 of the purchasing party (e.g., to use the electronic device 22 as a relay, via a Wi-Fi hotspot, Bluetooth connection, or NFC).
[0059] The wireless interface 102 can be configured to transmit location data 124 obtained from the GPS receiver 110 to the package access control system 14 for location tracking of the package 24.
[0060] The wireless interface 102 can be configured to receive over-the-air (OTA) update data 126 from the package access control system 14 for updating any contents of the memory 100, such as the program 116 or the public key 112.
[0061] The processor 104 is configured to execute the program 116 to encrypt the plaintext unlock data 114 using the public key 112 to obtain encrypted unlock data. By way of the program 116, the processor 104 initiates transfer of the encrypted unlock data via the wireless interface 102 to the electronic device 22 controlled by the purchasing party, and further awaits reception of a response from the electronic device 22 containing decrypted unlock data.
[0062] The processor 104 is further configured, via the program, to compare the plaintext unlock data 114 to the decrypted unlock data 122 received via the wireless interface 102 from the electronic device 22 controlled by the purchasing party. The comparison has as its goal to determine whether the decrypted unlock data 122 matches the plaintext unlock data 114. In response to a match, the processor 104 transmits an unlock signal to the locking mechanism 106.
[0063] When the public key 112 is stored as or with a digital certificate, the processor 104 is configured to transmit a validation request for validating the digital certificate via the wireless interface 102 is response to receiving a validation trigger via the wireless interface 102.
Successful certificate validation is a condition of opening the package, so the program 116 configured the processor to only transmit the unlock signal to the locking mechanism 106 after successful validation of the digital certificate, in addition to the matching of the decrypted unlock data matches the plaintext unlock data 114.
[0064] The locking mechanism 106 is controlled by the processor 104 and powered, at least to unlock, by the power source 108. The locking mechanism is configured to lock and unlock the package 24 according to control signals received from the processor 104. It is preferred that the locking mechanism 106 remain locked in case of power failure to prevent circumvention of the present invention by way of draining the power source 108. Any suitable locking mechanism can be used, such as electrically controllable pin tumbler locks, tubular locks, electric strike locks, dead bolt locks, and similar .
[0065] The power source 108 is for powering components of the electronic lock 30, such as the memory 100, processor 104, wireless interface 102, and locking mechanism 106. The power source 108 can include any one or more of a rechargeable battery, a disposable battery, a capacitor, an inductive charging coil, a wireless charging module, a port for receiving external power, or similar device. For example, the power source 108 can include a non-removable rechargeable battery with a charging port.
[0066] The GPS receiver 110 is configured to track location information of the package 24 and electronic lock 30. As the content of the package 24 may include valuable items, knowing the exact location of the package 24 and electronic lock 30 is important, especially if the package 24 and the electronic lock 30 become lost. The location tracking information from the GPS receiver 110 is forward via wireless interface 102 to the package access control system 14 for storage and/or monitoring. The location tracking information is also useful information for improving the routing of the package 24 during delivery. The GPS receiver 110 can be cycled off/on to reduce power consumption.
[0067] The NFC device 118 is configured to check for the physical presence of the purchaser by communicating with a similar NFC device in the purchaser's electronic device 22.
[0068] FIG. 4 shows a detailed example of the package access control system and certificate/key system shown in FIG. 1. A certificate authority (CA) server 152 is the root certificate authority server that is responsible for signing certificates of the sub-CA 160 and for signing the CA-signed (OCSP) 150. The CA-signed OCSP 150 is part of the certificate validation process 68. The CA database and key storage 154 keep track of the certificates that the CA server 152 issues and securely store the private key that generates the root CA certificate. The CA server 152 and CA database and key storage are kept offline for additional security. Only the CA-signed OCSP 150 is required to be online. The sub-CA 160 is the certificate authority that issues certificates for package access control system 14 and electronic locks 30. The sub-CA- signed OCSP 162 is part of the certificate validation process 68 that provides revocation status of a given certificate. The sub-CA-signed OCSP 162 works along with the CA-signed OCSP 150 to provide the full revocation status of a given certificate. The sub-CA database 158 keeps track of the certificates that the sub-CA 160 issues. Key storage 156 securely stores the private key that generates the sub-CA certificate. The registration authority (RA) 164 is used in processing or rejecting certificate signing requests (CSR) which are part of obtaining a certificate 58. The front-end server 168 serves as an entry point for all requests from purchasers' electronic devices 22, electronic locks 30, shipping party computer system 20, online sales systems 12, and the package access control system 14. The user database 166 saves information concerning shippers, purchasers, electronic locks, transactions, location tracking, certificate information, and similar. The front-end server 168 and user database 166 may be the same as the package access control system 14 or may be components of the package access control system 14.
[0069] Similar systems and processes to those described in FIG. 1 - 4 can be applied in other applications to provide cryptographically secure access for accessing parties to other physical assets, or for identity authentication for any person or any device connectable to the wide-area network 18. For example, FIG. 5 shows a system 210 for online room booking and electronic lock accessing. System 210 provides for secure sharing of digital keys to reduce the risk that a door lock, which blocks physical access to a rented room, will be subject to unauthorized opening and ingress, will have its keys stolen or modified, or will undergo other undesirable interference. In the description below, reference numerals that are in common with reference numerals used in FIG. 1 to FIG. 4 will be understood to refer to the same, or similar. Features and aspects of this embodiment may be used with the other embodiments described herein.
[0070] The system 210 includes an online booking system 212, a digital lock access control system 214, and a certificate/key system 16 connected for data communications to a wide-area network 18. Each of the systems 212, 214, 16 can include one or more computer servers configured to provide an overall service as described herein. The wide-area network 18 includes any computer network, such as an intranet, a local-area network, a wireless network, a virtual- private network (VPN), a cellular network, the Internet, Bluetooth network, a combination of such, or similar.
[0071] The online booking system 212 is configured to facilitate the reservation of one or more renting rooms via the wide-area network 18. The online booking system 212 includes a hotel, hospitality services, or other online booking system that may be open to the public, may private, or may have other access restrictions. Examples of online booking systems include Airbnb.com, Booking.com, Xiaozhu.com, Ctrip.com, Tivago.com, and similar. The online booking system 212 may rent rooms of one or more owners. The online booking system 212 may be specific to one owner and may be operated directly by such owner. One online booking system 212 is discussed, by way of example only, and it is to be understood that the present invention is capable of functioning with any number of online booking systems 212 and may exhibit additional advantages when operating with more than one online booking system 212.
[0072] The digital lock access control system 214 is configured to provide control of physical access to renting rooms reserved on behalf of the online booking system 212 to the purchasing party (hereinafter referred to as the visitor or the visiting party). That is, the visiting party (i.e., the actual visitor, guest, a delegate or representative thereof, etc.) is able to use the digital lock access control system 214 to control physical access to the reserved rooms, where the rooms are reserved by the online booking system 212. The digital lock access control system 214 can be configured to interface with the online booking system 212, via an application programming interface (API) for example, to permit visitors using the online booking system 212 to request key access control service provided by the digital lock access control system 214. The digital lock access control system 214 can alternatively or additionally be configured to interface with the certificate/key system 16 to control distribution and management of keys/certificates, so that owners of the renting rooms are able to access the needed certificates or keys. The digital lock access control system 214 will be discussed in more detail below. It will therefore be understood that the visiting party may also be referred to as the accessing party.
[0073] The certificate/key system 16, as discussed previously with reference to FIG. 1, includes a certificate authority and is configured to generate, issue, store, manage, and/or revoke cryptographic certificates and/or keys, and further may also be configured to allow other parties to check the status of a certificate via the Online Certificate Status Protocol (OCSP), Certificate Revocation List (CRL), or similar certificate revocation status checking mechanism. For instance, a visiting party may use an electronic device to generate a public- private key pair according to an asymmetric cryptographic scheme, such as RSA, Digital Signature Algorithm (DSA), and various Elliptic Curve Cryptography (ECC) schemes. The public key may then be stored at the certificate/key system 16, which may also be configured to generate and issue certificates based on such public key. The present invention is contemplated to be useful to a large number of visiting parties and hence the certificate/key system 16 may be configured to manage public keys and certificates of such number of visiting parties.
[0074] The system 210 further includes one or more key owner computer systems 220 operated by one or more key owner parties, and further includes one or more visitor electronic devices 222 controlled by one or more visiting parties.
[0075] A key owner party can include any individual, organization, or company that secures a room, indicated at room location 228, which includes a door 224 secured with electronic lock 230, which grants access through the door 224 for a visitor visiting the room.
[0076] Electronic lock 230 is similar to electronic lock 30 and operates in a similar manner as described in FIG. 3, with the modification that the electronic lock 230 is suitable to lock a door. In some embodiments, electronic lock 230 does not maintain direct access to the wide- area network 18 for power-saving purposes. In such embodiments, the electronic lock 230 can connect to the wide-area network 18 through a nearby LoRa ® station, or through pairing with a nearby mobile device, including electronic device 222, through Bluetooth, NFC, ZigBee, or similar.
[0077] I n the present embodiment, the door 224 can include a wood door, a metal door, or any other similar physical door to provide access to a room. More generally, in some embodiments, the door 224 can be any lockable container offering a physical barrier to the contents, such as a key box (e.g., the key box used by real estate agents for showing houses). The type and strength of door 224 can be selected to meet implementation requirements. In some applications, a key box for opening a door may suffice for remote area with less security concerns, while a metal door may be desired for highly populated area with higher security concerns.
[0078] A key owner computer system 220 includes any computer, server, handheld device, or similar electronic device under the control of the key owner party and capable of communicating with the wide-area network 18 and with electronic lock 230 used to control physical access to the door 224. One function of the key owner computer system 220 is to load each electronic lock 230 with a server certificate generated from the public key (or at least load the public key) belonging to the digital lock access control system 214. The key owner computer system 220 may include handheld electronic devices used by operators to download server certificates from the digital lock access control system 214 and load such into the electronic locks 230. In addition, the key owner computer system 220 also forwards the lock public key generated by electronic lock 230 to the digital lock access control system 214. Alternatively, the key owner computer system 220 may include a wireless access point that connects the electronic locks 230 to a VPN controlled by the digital lock access control system 214 for direct loading of certificates into the electronic locks 230. Alternatively or additionally, the key owner computer system 220 may trigger the loading process from the digital lock access control system 214 to directly load the certificate to the electronic lock 230 via a secured connection.
[0079] The visitor electronic device 222 can include any computers, smartphones, or similar devices controlled by the visitor of the room and services offered by the online booking system 212. A visitor party may be any individual, organization, or company. A visitor electronic device 222 may be controlled by the actual visitor or someone else in the organization or company.
[0080] In operation, a visitor party registers with the digital lock access control system 214 and establishes a public-private key pair. The public key is transmitted to the certificate/key system 16, and the private key is stored on the visitor electronic device 222. When the visitor party makes a reservation on the online booking system 212, a certificate is issued for the period of visiting to the visitor party by the certificate/key system 16, known as the visitor's certificate. Upon visiting the reserved room, the electronic lock 230 establishes a connection with visitor electronic device 222. To prove visitor party's identity, visitor's electronic transmits its visitor's certificate issued by certificate/key system 16 to the electronic lock 230. Once received, electronic lock 230 uses the server certificate push down by key owner computer system 220 to encrypt the visitor's certificate together with a token of random string and some random sa lt. The encrypted message is sent to visitor electronic device 222 a nd ask it to forward it to digital lock access control system 214. I n response, the digita l lock access control system 214 decrypts the message a nd extract the visitor's certificate for va lidation. The validation result is encrypted using the corresponding lock's pu blic key together with the same token from the decrypted message and a ra ndom salt. This newly encrypted message is sent to the visitor electronic device 222 a nd ask it to forward to electronic lock 230. Once received, the electronic lock 230 decrypts the message using its private key and read the authentication result from it. If the authentication fails, the electronic lock 230 drops this message, Otherwise, the electronic lock 230 uses the public key contained in the visitor's certificate to generate a n encrypted unlock data from plai ntext stored i n or generated by the electronic lock 230 (e.g., a random series of bits). The electronic lock 230 sends the encrypted u nlock data to the visitor electronic device 222. The visitor electronic device 222 uses the private key to decrypt the encrypted unlock data, encrypts the u nlock message using the electronic lock 230's pu blic key and tra nsmits the resulting encrypted un lock data back to the electronic lock 230. The electronic lock 230 then compares the decrypted u nlock data to the original plaintext and opens the door 224 if there is a match. The visitor pa rty th us has total control of access to the room behind the door.
[0081] Communications among a ny or all of the online booking systems 212, the digital lock access control system 214, the certificate/key system 16, the key owner computer system 220, the visitors' electronic devices 222, a nd the electronic locks 230 can be made over a secured connection, such as those facilitated by Transport Layer Secu rity/ Secure Sockets Layer (TLS/SSL), I nternet Protocol Security (I PSec), or similar.
[0082] FIG. 6 shows a diagram of a process for secu re remote key access granting. The process may be implemented using the system 210 (in FIG . 5) discussed above or usi ng another system. For sake of explanation, the process wi ll be described in context of the system 210 discussed above, but this is not intended to be limiting.
[0083] I nitially, certificate/key system 16 sets up the initial key for the electronic lock 230 du ring the man ufactu ring a nd packagi ng processes at step 250 with a pre-negotiated key assignment. Once the customer purchases the electronic lock 230, the customer (e.g. a key owner) sets up the electronic lock 230 using key owner computer system 220 at step 252. At step 252, a server certificate is created by certificate/key system 16 using a pair of public key and private key store on the certificate/key system 16.
[0084] A visitor makes a reservation request at step 254 with the online booking system 212. Once the reservation is confirmed, the online booking system 212 sends a notification 256 to the digital lock access control system 214. Upon receiving, the certificate/key system 16 sends request 258 to initiate the certificate signing request.
[0085] Once the visitor electronic device 222 receives the request 258, the visitor electronic device 222 starts the certificate signing process 260 by generating a key pair and signing request. This can include generation of a cryptographic asymmetric public-private key pair by the visitor electronic device 222. The private key is only kept on the visitor electronic device 222.
[0086] A certificate signing request 262 along with the public key is transmitted to the certificate/key system 16 which can forward the public key to the certificate/key system 16 as part of notification step 256 with the certificate/key system 16. In other words, registration steps 254 and notification step 256 results in a private key being stored at the visitor electronic device 222, the corresponding public key being stored at the certificate/key system 16, and the online booking system 212 and certificate/key system 16 having sufficient identity information of the visitor party to obtain the public key in the future, as needed. The registration request at step 254 may be made directly to the digital lock access control system 214 (e.g. Figure 5). Alternatively, the registration request at step 254 may be made through the online booking system 212. In addition, a visitor certificate is issued by certificate/key system 16 and transmitted to visitor electronic device 222 at step 263.
[0087] When the visitor party arrives at the door step at room location 228, the visitor comes in proximity to the door 224 and the electronic lock 230, and the visitor uses their visitor electronic device 222 to connect with electronic lock 230 via Bluetooth, Near Field Communication (NFC), or similar. Once connected, visitor electronic device 222 initiates the unlocking process by sending an unlocking the request at step 264 together with the visitor's certificate to the electronic lock 230. Once received, electronic lock 230 uses server certificate loaded in step 252 to encrypt an authentication request including the visitor party's certificate, together with a randomly generated token and salt, and send it to visitor electronic device 222 at step 266.
[0088] Visitor electronic device 222 forwards this authentication request 268 to certificate/key system 16. Certificate/key system 16 decrypts the authentication request at step 270 using its private key to obtain the visitor's certificate. Certificate/key system 16 validates this certificate and encrypts the authentication result, together with the received token and randomly generated salt, using the public key of electron lock 230 then transmits it to the visitor electronic device 222 at step 272. Next, visitor electronic device 222 forwards this encrypted message to electronic lock 230 so that the electronic lock 230 can decrypt the message using its private key at step 276 to know the authentication result.
[0089] If the authentication result fails, electronic lock 230 declines the unlocking request made at step 264. Otherwise, the electronic lock 230 generates a random sting or bit steam and encrypts it with the public key extracted from visitor party's certificate, then sends this encrypted message to visitor electronic device 222 at step 278. Once the visitor electronic device 222 receives the message, it decrypts the message at step 278 using its private key and sends the decrypted message back to the electronic lock 230 at step 280. At step 282 the electronic lock 230 compares the newly received message with the random string or bit stream it generated in step 278. If the string matches, then the electronic lock 230 is unlocked.
[0090] After the unlock process is completed on the electronic lock 230, electronic lock 230 encrypts the unlocking result/status using the server certificate and sends it to the visitor electronic device 222 at step 284. The visitor electronic device then forwards this message to the certificate/key system 16 at step 286. The certificate/key system 16 then decrypts the result/status and notifies the key owner computer system 220. [0091] As can be seen from the above, the electronic lock 230 can only be opened as triggered by the person who is authorized by an issued certificate during a period of time and having the private key. The digital lock access control system 214 acts as distributor of digital certificates and an intermediary for unlocking data, allowing for secure opening of the digital lock and can reduce theft or other unauthorized opening of doors. Details of the digital lock access control system 214 are similar to that of the package access control system 14, and operates in a similar manner as described with reference to FIG. 4.
[0092] The public/private key pair provides a fundamental level of security to the system, which provides encryption/decryption of the plaintext that is used for authentication of the visitors. The digital certificate based on the key pair described above provides additional protection in the process described in FIG. 5. A certificate can be validated based on the issuer of the certificate (known as certificate chain validation). A certificate can also expire. A certificate can also be revoked by the certificate/key system 16. There are additional validation mechanisms for certificates. RFC 6125 and RFC 5280 can be referenced for further detail.
[0093] In view of the above description, it should now be apparent that the present invention offers numerous advantages for secure access to physical assets by accessing parties. For one, the contents of packages can be securely delivered to their purchasers or designated individuals. Additionally, access to rooms can be securely rented and accessed by visitors. Snooping and theft can be reduced. Other applications of the systems and methods described herein can also be used for identity authentication for any person or any device connectable to a network.
[0094] Further, in the package delivery embodiment, even if the package becomes lost, it can be trackable by location information captured during the delivery. Other advantages will be apparent to those skilled in the art.
[0095] Further, while the present invention, as applied to package delivery, is described in the context of retail Internet sales, the techniques discussed herein may find similar uses, which also fall within the scope of the present invention. For example, the present invention can be applied to private delivery of packages between two end parties, such as individuals, organizations, or companies. That is, a supplier company may wish to ship orders to customer companies using the techniques described herein. In such example, the online sales system is unnecessary or is replaced by a supplier order system or similar system. In another example, the present invention is applied to automated (e.g., drone) deliveries, in that the package is the drone payload and the electronic lock can be a separate lock or a mechanism that holds the payload to the drone.
[0096] In addition, though the present invention is described in terms of certificates, which are preferred over bare public keys, it should be apparent that the present invention can be implemented with public keys and without using certificates to still realize many of the advantages.
[0097] While the foregoing provides certain non-limiting example embodiments, it should be understood that combinations, subsets, and variations of the foregoing are contemplated. The monopoly sought is defined by the claims.
Next Patent: THERMOFORMABLE MASKING FILM AND METHOD OF USING THE SAME