Field of the invention

The invention relates to a lock system and to the creation of electronic keys in the lock system.

Background of the invention

Known in the art are door locks comprising a lock case and a locking latch, which door locks can be opened and closed mechanically. Also known in the art are electrical locks, which can be controlled to open and close by means of electrical commands and electrical opening means.

In recent times locks that can be opened wirelessly, e.g. by means of a mobile phone, have also been launched onto the market. In systems of this type the owner of a lock can send to different devices a user right, i.e. an electronic key for a lock he/she owns. In this way the lock owner can create keys for different devices and for different people. In systems that are known in the art, electronic keys are sent from one device to another when delivering the electronic keys. This is a problem from the viewpoint of the functioning of a lock system because when electronic keys are sent often, there is a risk that their information can be hijacked from communications occurring between devices. In this type of case the wrong party can receive a right to open a lock and the security level of the lock system has declined.

Brief description of the invention

The purpose of the present invention is to achieve a new type of lock system, in which electronic keys can be created and delivered safely to different devices. The lock system comprises a server and at least one lock, and a key created by the system can be delivered to a device, such as e.g. to a mobile device. The operation according to the system is characterized by what is disclosed in the independent claims of the application.

I the solution according to the invention a server receives a request for creating an electronic key from the device of a user administering a lock or locks. After this, in response to the request the server sends to the device of the user administering the lock the reference data of the electronic key. After this the reference data of the key can be delivered to a party for whom the key was intended to be created. After this the server receives a request for delivery of the electronic key from the mobile device on the basis of the reference data of the electronic key. After this, the server creates and encrypts an electronic key and sends the encrypted electronic key to the mobile device from which the request for delivering a key was received. The electronic key can provide a lock-opening right for one lock or many locks. After this the mobile device can open the lock or locks by means of the electronic key. In one embodiment of the invention the electronic key is a bit sequence.

The solution according to the invention now presented has some significant advantages when it is compared to prior-art solutions. The electronic key reference to be used in the solution of the invention is an indirect indicator to the data itself i.e. the electronic key itself. Instead of using an electronic key itself, in the solution according to the invention a reference of the electronic key is handled in procedures relating to administration of the electronic key in the functions of a server, such as e.g. a cloud service server, of a mobile device and of a lock. The electronic key itself is used and sent only when it is necessary to do so. This improves the security of the system against misuse because the information about the electronic key itself remains more secret than in a situation in which the key data itself is sent to many devices and is recorded in different databases. When electronic keys containing information to be protected do not need to be recorded in databases, by means of the system according to the invention many services and functions can be realized with the aid of a reference of an electronic key because the reference of an electronic key can be handled more easily without the content of the electronic key itself being revealed. Another advantage of the system according to the invention is that both an electronic key and also an electronic key reference are independent of each other and are random bit sequences. That being the case, an electronic key cannot be directly deduced by means of the electronic key reference alone.

In one embodiment of the invention the request for creating an electronic key from the device of a user administering the lock comprises an identifier of that mobile device for which the key is created, and the server sends the electronic key exclusively to that mobile device. This further improves the security of a lock system. In one embodiment of the invention the lock updates the information about the electronic keys suited to it from the server, and by means of this information the lock knows which electronic keys have the right to open the lock.

In one embodiment of the invention a mobile device requests the opening of a lock by sending an encrypted electronic key to the lock when it is in the proximity of the lock. The lock decrypts the encryption of the encrypted key sent by the mobile device and compares the information to the information received from the server about electronic keys suited to the lock. If an electronic key sent by another device is also found from the information received from the server about keys suited to the lock, the lock opens. If an electronic key sent by another device is not found from the information received from the server about keys suited to the lock, the lock is kept locked.

Brief description of the figures

In the following, the invention will be described in more detail by the aid some examples of its embodiment with reference to the drawing, wherein, Fig. 1 presents a schematic view of the operating principle of one embodiment of the invention.

Detailed description of the invention

The solution according to the invention is based on electronic keys (eKeys), which are administered by means of electronic key references (eKey references), which can be used in a lock system comprising mobile devices, locks and at least one server, e.g. the server of a cloud service. In the solution of the invention a mobile device is a device that can receive an electronic key and that can communicate with the server and the lock. Some examples of mobile devices are mobile terminals, tablets, smartwatches, handheld computers, smartphones, et cetera.

In the solution according to the invention both an electronic key and also an electronic key reference can be individual and/or random bit sequences and they can be created independently of each other. An electronic key enables the opening of a lock and it can be recorded in a mobile device and/or in a cloud service. In the solution according to the invention one electronic key corresponds to one reference of an electronic key. The reference of an electronic key can be used e.g. for administering keys and for the purposes of log files. For example, the creation, delivery, removal of rights and usage log of an electronic key can be realized by means of the reference of the electronic key. The reference of an electronic key does not in itself reveal any information about the electronic key or about the physical lock associated with it.

Fig. 1 presents a schematic diagram of a lock system, according to one embodiment of the invention, and its operation. In the exemplary case of Fig. 1 , an electronic key is created in a cloud service, based on user need.

The owner of the lock safely contacts a cloud service, e.g. the Web portal of it via the Internet, with the assistance of his/her device, such as a mobile device or computer. The device of the owner and administrator of the lock requests the reference of the electronic key from the cloud service. By means of this request the owner of the lock gives the right to create a new electronic key for a certain lock administered by the owner. On the basis of the user's request, the system produces an anonymous eKey reference on the server or in the service. After this the server sends the reference data of the electronic key to the device from which the request for creating the reference of the electronic key was received. The reference data of the electronic key can be e.g. a character string or a bit sequence The eKey to be associated with the reference of the electronic key has not yet been created. At this moment the reference of the electronic key has not yet any purpose associated with locks outside the server and/or cloud service. In one embodiment of the invention one electronic key can provide a lock-opening right also for a number of locks instead of for one lock, e.g. for a lock group, which comprises all the locks of one building, in which case by creating one key an opening right for a number of locks is given. When the owner of a lock requests with his/her device the creation of an electronic key reference from the service, he/she can select for which lock or locks he/she wishes to create a key.

Next, the owner of the lock delivers the electronic key reference to the mobile device of the user he/she wishes. Delivery can also be handled electronically by sending the reference e.g. in a message or email or as an image. Delivery can also be handled in another way, e.g. by telling the reference to the desired user verbally or e.g. on a piece of paper.

A user who receives information about the reference of an electronic key starts an application on his/her mobile device, into which application the reference of the electronic key is entered. In one embodiment of the invention the application can also automatically complete the reference of the electronic key in the application, e.g. on the basis of a message or email that has arrived. The application requests the server and/or cloud service to create an electronic key corresponding to the electronic key reference. A user can request the creation of a key from his/her mobile device also in another way, e.g. by means of a website associated with the cloud service.

Based on a request sent from a mobile device, the system creates on a server, e.g. on a server of a cloud service, an encrypted electronic key and forms an association between the electronic key, the electronic key reference on the basis of which the request was made, the mobile device that made the request and the lock. The cloud service marks the reference of the electronic key as used. After this no other electronic key can any longer be created with the same electronic key reference. The server delivers the encrypted electronic key created to the mobile device, in which the eKey is recorded for later use. In one embodiment of the invention an electronic key can be sent only once.

The locks connected to a system can communicate safely via an encrypted connection with a server and/or a cloud service via the Internet. The lock is thus aware of the eKeys and eKey references associated with it, which are administered in the cloud service. The lock can contact the service at certain intervals and can update the list of electronic keys authorized to open the lock. Also the server can notify the lock of changes when they occur such as e.g. when a new key is created or the right of use of an old key is removed.

When a mobile device is in the proximity of a lock it can form an encrypted connection with the lock. The connection can be formed e.g. by means of some short-range technology, such as by means of Bluetooth technology, or by means of WLAN. After this the mobile device requests opening of the lock by means of the encrypted electronic key. The lock receives the encrypted key and decrypts the encryption. After this the lock. e.g. the lock case of the lock or the striking plate of the lock case, compares the information contained in the electronic key to the information it received about electronic keys from the service. The lock opens the locking if the information of these two pieces of information about electronic keys correspond. The lock can record an opening event in a cloud service for monitoring the operation and use of the lock. An opening event is recorded in a database on the basis of the reference of the electronic key and/or on the basis of the identifier of the iock. Opening events, the number of them and/or the numbers of keys created can be recorded in the database and reports can be formed by means of these. The aforementioned data recorded in the database can also be used as the basis for invoicing a customer. in one embodiment of the invention a lock can be opened with a mobile device also when the mobile device is not in the proximity of the lock. In this case other means of contact are used for communications between the lock and the mobile device.

In one embodiment of the invention if a request for the creation and delivery of an electronic key is cancelled before there has been time to create the electronic key itself, the electronic key is not created. If an electronic key is cancelled after it has been created, the electronic key is not delivered to the person making the request. If an electronic key is cancelled after it has been created and delivered, the lock notices when it checks the electronic key that the electronic key in question does not have the right to open the lock in question.

In one embodiment of the invention the reference of an electronic key can be sent to the system of some service provider, e.g. of a transport service, domestic service, cleaning service or guard service, which system sends the key onwards to the desired mobile device. In this case the system of the service provider can request an electronic key from the server of the key system with the reference of the electronic key and in this case the server can send the electronic key created to the system of the service provider and not directly to the mobile device. In this case the electronic key is sent from the system of the service provider to a mobile device of an employee that needs to enter an apartment, it is also possible that the system of the service provider requests the creation of a key directly to a certain mobile device. In one embodiment of the invention also an electronic key created for an individual mobile device in different embodiments of the invention can be sent onwards from one mobile device to another mobile device.

In one embodiment of the invention the reference of an electronic key and/or the electronic key can also comprise lock location information. The lock location information can also be sent in connection with the reference of the electronic key and/or in connection with the electronic key or separately if the reference of the electronic key and/or the electronic key does not itself comprise lock location information. The geographic data or location information of a lock can be added to the reference of an electronic key and/or to an electronic key, e.g. at the stage of creating them or at the stage of sending them.

The lock location information can be expressed as geographic data, such as a GPS coordinate, or as a coordinate of some other position location system, such as an indoor position location system. A mobile device can, if the user so desires, or automatically, guide the user to a lock from a longer distance away by means of coordinates. In this way a user can be guided to a lock and/or to a door from a long distance away. The location information of a lock can be utilized when opening the lock, e.g. in such a way that the device requesting opening of the lock sends to the lock also the geographic data of the lock and also the geographic data of the lock sent by the device requesting opening must correspond to the correct geographic data of the lock, in addition to the correct electronic key, for the lock to be opened.

The lock used in the system according to the invention can e.g. comprise a lock case, which comprises a locking latch and a latch mechanism. The latch mechanism comprises electronic means for opening and/or closing the locking latch. Means for communicating with mobile devices and/or a server can be arranged in connection with the lock case. In one embodiment of the invention, the lock functions mechanically and the mechanical lock can also be opened and/or closed electronically.

Information transfer in the solution according to the invention is digital, and authentication methods and/or encryption methods to ensure data security are used in the lock application. Encryption and authentication of telecommunications can be used when the lock uses telecommunications with mobile devices and with the server.

By means of encryption and authentication it is ensured that the lock reacts only to commands given by an identified and verified party. An unauthorized device cannot create or send to the lock a control message in an acceptable format and therefore cannot mislead the lock into performing incorrect functions.

The aim of authentication is therefore to ensure that the devices communicating with each other recognize one another. In this way, a fraudulent device cannot control another device. Likewise, transmission of information to a fraudulent device is also prevented. Authentication can be performed before permitting use of the service.

Authentication can be one-way (server identifies user) or two-way (service identifies user, and the user the service).

In the solution according to the invention the lock ensures, by means of authentication, before communication, that requests relating to the operation of the lock come from an identified device (from an identified server or mobile device). By checking the identity of the server and the mobile device, the lock ensures that the device of an unauthorized person (intruder) cannot control the operation of the lock. The server verifies by means of authentication that the lock with which the server communicates is the correct lock. In this way the lock does not transmit electronic keys giving the right to open a lock for other locks than the correct lock.

After successful authentication, information, which is encrypted, can be transferred. Various encryption technologies used in telecommunications or in computers can be used as encryption methods for encrypting the messages of the information transfer. Encryption means the converting of the plain text information to be encrypted into a type of format that makes clarification of the original information either impossible or too expensive (i.e. breaking the encryption takes too much time or resources compared to the value of the encrypted information).

The handling of encrypted information is generally two-directional: the information to be encrypted can be converted into an unreadable format for encrypting the information and correspondingly the encrypted information can be returned back to the original format for utilizing it. Examples of algorithms to be used for the encryption of the information are, inter alia, DES, AES and Blowfish. Also the electronic key itself can be encrypted with these methods or with other encryption methods.

The invention thus relates to a method for creating an electronic key in a lock system, which comprises at least one lock and a server. In the method a request for creating an electronic key is received from the device of a user administering the lock, in response to the request the reference data of the electronic key is sent to the device of the user administering the lock, a request for delivering the electronic key is received from the mobile device, to which request the reference data of the electronic key is attached, an electronic key is created and encrypted, and the encrypted electronic key is sent to the mobile device from which the request for delivering a key was received.

In one embodiment of the invention the request for creating an electronic key from the device of a user administering the lock comprises an identifier of thai mobile device for which the key is created, and the server sends the electronic key exclusively to that mobile device.

In one embodiment of the invention the lock updates the information about the electronic keys suited to it from the server.

In one embodiment of the invention the mobile device records an encrypted electronic key in its memory after receiving the electronic key.

In one embodiment of the invention a mobile device requests the opening of a lock by sending an encrypted electronic key to the lock when it is in the proximity of the lock. In one embodiment of the invention the lock decrypts the encryption of an encrypted key sent by a mobile device and compares the information to the information received from the server about electronic keys suited to the lock.

In one embodiment of the invention if the electronic key sent by the mobile device is also found from the information received from the server about keys suited to the lock, the lock opens.

In one embodiment of the invention if the electronic key sent by the mobile device is not found from the information received from the server about keys suited to the lock, the lock is kept locked.

In one embodiment of the invention the electronic key is a bit sequence.

In one embodiment of the invention the identifier of a mobile device is a phone number, an e-mail address or other address, by means of which the mobile device and/or the user of the mobile device can be reached.

In one embodiment of the invention one electronic key corresponds to one reference data item of an electronic key, and the reference data item of an electronic key and the electronic key contain different contents that are independent of each other. in one embodiment of the invention only one electronic key can be created with one reference data item of an electronic key.

The invention thus relates to a lock system, which comprises a server and at least one lock and which is adapted to implement the aforementioned methods.

The invention thus aiso relates to a lock, which comprises a lock case that can be fixed into the door, which lock case comprises a locking latch and a latch mechanism, wherein the latch mechanism comprises electronic means for opening and/or closing the locking latch. Means for transmitting information between a lock and a server as well as between a lock and a mobile device are arranged in connection with the lock case. In one embodiment of the invention the lock is adapted to transmit information between the lock and the server using a wired and/or wireless connection.

In one embodiment of the invention the lock is adapted to update the information about the electronic keys suited to it from the server.

In one embodiment of the invention the lock is adapted to decrypt the encryption of an encrypted key sent by a mobile device and to compare the information to the information received in the lock from the server about electronic keys suited to the lock.

In one embodiment of the invention if the electronic key sent by the mobile device is also found from the information received from the server about keys suited to the lock, the lock is adapted to open.

In one embodiment of the invention if the electronic key sent by the mobile device is not found from the information received from the server about keys suited to the lock, the lock is adapted to remain locked. The invention thus also relates to the server of a lock system, which lock system comprises at least one lock. The server is adapted to receive a request for creating an electronic key from the device of a user administering the lock, and to send, in response to the request the reference data of the electronic key to the device of the user administering the lock. The server is adapted to receive a request for delivering the electronic key from the mobile device, to which request the reference data of the electronic key is attached, and to create and encrypt an electronic key. The server is adapted to send the encrypted electronic key to the mobile device from which the request for delivering a key was received. In one embodiment of the invention the request for creating an electronic key from the device of a user administering the lock comprises an identifier of that mobile device for which the key is created, and the server is adapted to send the electronic key exclusively to that mobile device. It is obvious to the person skilled in the art that the different embodiments of the invention are not limited solely to the examples described above, and that they may therefore be varied within the scope of the claims presented below. The characteristic features possibly presented in the description in conjunction with other characteristic features can also, if necessary, be used separately to each other,