Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
ELECTRONIC SYSTEM FOR CONTROLLING THE OPENING OF AN OPTO-ELECTRONIC LOCK OF AN ACCESS DOOR, RELATIVE OPTO-ELECTRONIC LOCK AND OPTO-ELECTRONIC KEY FOR OPENING THE LOCK
Document Type and Number:
WIPO Patent Application WO/2021/198756
Kind Code:
A1
Abstract:
It is disclosed an electronic system (10) for controlling the opening of a lock of an access door of a limited environment. The system comprises an opto-electronic key (2) and an opto-electronic lock (3) in the case of operation of the system in an offline mode, and further comprises a network server in the case of operation of the system in an online mode. The opto-electronic key (2) comprises an optical source configured to generate an optical beam (F_O) carrying a data packet (30) which comprises a first field containing a key identifier (KEY_ID) and a second Payload field containing a user identifier (USER_ID) and a Time-based One-Time Password (TOTP tx), wherein the key identifier is in plain text, whilst the Payload is encrypted in case of use of symmetric cryptography.

Inventors:
FUSCO FRANCESCO (IT)
CESPITES GIULIO (IT)
SABATINI STEFANO (IT)
SABATINI DANIELE (IT)
Application Number:
PCT/IB2020/060578
Publication Date:
October 07, 2021
Filing Date:
November 10, 2020
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
BITJAM S R L STARTUP COSTITUITA AI SENSI DELLART 4 COMMA CONVERTITO CON LEGGE N 33/2015 (IT)
International Classes:
G07C9/00; G07C9/26; H04L9/08; H04L9/32; H04L29/06
Attorney, Agent or Firm:
BELLOMIA, Paolo (IT)
Download PDF:
Claims:
CLAIMS

1 . An electronic system (10) for controlling the opening of a lock of an access door of a limited environment, the system comprising an opto-electronic key (2) and an opto-electronic lock (3), wherein the opto-electronic key (2) comprises a processing unit, an optical source and a non-volatile memory (2-1 ) configured to store a configured value of a key identifier (KEYJD) indicative of a unique identifier associated with the opto electronic key, a configured value of a user identifier (USERJD) and a corresponding configured Shared Secret value associated with the value of the user identifier, wherein said configured Shared Secret value is a string consisting of a predetermined number of bits, wherein the lock comprises a processing unit, an optical receiver and a non volatile memory (3-1 ) configured to store a configured value of the user identifier (USERJD) and a corresponding configured Shared Secret value associated with the configured value of the user identifier, the processing unit of the opto-electronic key being configured to: generate (t22) a value of a user identifier (USERJD) as a function of data representative of a sample digital identity of a person (6) using the opto-electronic key; read, from the memory (2-1 ) of the opto-electronic key, the value of the generated user identifier (USERJD) and the corresponding configured Shared Secret value associated with the value of the generated user identifier; generate (t23) a Time-based One-Time Password (TOTP tx) valid for a predetermined period of time, wherein the value of said Password is generated as a function of the configured Shared Secret value and of a timestamp; read, from the memory (2-1 ) of the opto-electronic key, the configured key identifier (KEYJD) and generate a data packet (30) comprising the key identifier (KEYJD; 30-1 ), the user identifier (USERJD; 30-2) and the Time-based One- Time Password (TOTP tx; 30-3); the optical source of the opto-electronic key (2) being configured to generate an optical beam (F_0) carrying the data packet (30) which comprises the key identifier (KEYJD), the user identifier (USERJD) and the Time-based One-Time Password (TOTP tx), the optical receiver of the lock being configured to receive the optical beam (F_0) carrying the data packet (30) and to forward it to the processing unit, the lock processing unit being configured to: receive the data packet and extract (t38) therefrom the value of the key identifier, the user identifier and the Time-based One-Time Password (TOTP tx); read, from the memory (3-1 ) of the lock (3), the value of the configured user identifier and the corresponding configured Shared Secret value associated with the value of the configured user identifier; generate (t39), at the lock, a further Time-based One-Time Password (TOTP rx) valid for a predetermined period of time, wherein said further Password is generated as a function of said configured Shared Secret value and of a timestamp; compare (t40) the value of the further Password (TOTP rx) with respect to the value of the extracted Password (TOTP tx); generate a command signal indicative of a granted or denied authorisation for the opening/closing of the opto-electronic lock, as a function of the positive or negative comparison, respectively.

2. The electronic system (10) according to claim 1 , wherein the memory of the key is further configured to store data representative of a reference digital identity, wherein the key further comprises data acquisition means representative of the sample digital identity, in particular a reader of a sample fingerprint of the finger of the person’s hand, and wherein the key processing unit is further configured to: read, from the memory (2-1 ) of the opto-electronic key (2), data representative of the reference digital identity of the person; comparing the sample digital identity with respect to the reference digital identity; in case of a positive comparison, read from the memory (2-1) the configured Shared Secret value; in the case of a negative comparison, wait for a new acquisition of the data representative of the sample digital identity.

3. The electronic system (10) according to claims 1 or 2, wherein the memory (2-1 ) of the opto-electronic key and the memory (3-1 ) of the lock are further configured to store a configured value of a Symmetric Key (S- KEY) of a symmetric cryptography, wherein the processing unit of the opto-electronic key is further configured to read from its memory the configured value of the Symmetric Key (S-KEY) and to perform, as a function of the read value of the Symmetric Key (S-KEY), a cryptography of a Payload comprising the user identifier and the Password valid only once based on the Time, thereby generating an encrypted Payload, wherein the optical source of the opto-electronic key is further configured to transmit the optical beam (F_0) carrying a data packet (30) comprising the key identifier in plain text and comprises the encrypted Payload, wherein the optical receiver of the opto-electronic lock (3) is configured to receive the optical beam (F_0) carrying the data packet and to extract therefrom the value of the key identifier (KEYJD) in plain text and the encrypted Payload, wherein the processing unit of the opto-electronic lock (3) is configured to: read, from the memory (3-1 ) of the opto-electronic lock (3), the value of the extracted key identifier and a corresponding stored value of the Symmetric Key; decrypt the encrypted Payload by means of the value read of the Symmetric Key and extract the values of the user identifier and the Time-based One-Time Password (TOTP tx).

4. The electronic system (10) according to claim 1 or 2, the system further comprising a network server (4) comprising a medium-long distance signal transceiver, a processing unit and a non-volatile memory (4 to 1 ) configured to store a configured value of the user identifier (USERJD) and a corresponding configured Shared Secret value associated with the configured value of the user identifier, the network server being connected with the opto-electronic lock (3) by means of a communication channel through a medium-long distance telecommunication network, wherein the optical receiver of the opto-electronic lock (3) is configured to receive the optical beam (F_0) carrying the data packet, without performing the extraction, wherein the opto-electronic lock (3) comprises a medium-long distance signal transceiver configured to: transmit, to the network server through the telecommunications network (15), a medium-long distance signal (S2_ld) carrying the value of the key identifier (KEYJD), the user identifier (USERJD) and the Time-based One-Time Password (TOTP tx); receive, from the network server, the medium-long distance signal (S2_ld) carrying a message indicative of a granted or denied authorisation for the opening/closing of the opto-electronic lock and authorise or inhibit the opening/closing of the opto-electronic lock, as a function of the granted or denied authorisation, respectively; wherein the network server comprises a medium-long distance signal transceiver configured to receive (t27) the medium-long distance signal and to extract therefrom the values of the key identifier (KEYJD), the user identifier (USERJD) and the Time-based One-Time Password (TOTP tx), and wherein the processing unit of the network server is configured to: read, from the memory (4-1 ) of the network server (4), the value of the extracted user identifier and a corresponding stored Shared Secret value associated with the value of the extracted user identifier; generate (t29) a further Time-based One-Time Password (TOTP rx) valid for a predetermined period of time, wherein said further Password is generated as a function of said Shared Secret value and of a timestamp; compare (t30) the value of the further Password (TOTP rx) with respect to the value of the extracted Password (TOTP tx); and wherein the medium-long distance signal transceiver of the network server is configured to transmit (t31 ) towards the lock (3) the medium-long distance signal carrying a message indicative of a granted or denied authorisation for the opening/closing of the opto-electronic lock, as a function of the positive or negative comparison, respectively. 5. The electronic system (10) according to claim 4, wherein the memory (2-1 ) of the opto-electronic key and the memory (4-1 ) of the network server (4) are further configured to store a configured value of a Symmetric Key (S-KEY) of a symmetric cryptography, wherein the processing unit of the opto-electronic key is further configured to read from its memory (2-1 ) the configured value of the Symmetric Key (S-KEY) and to perform, as a function of the read value of the Symmetric Key (S-KEY), a cryptography of a Payload comprising the user identifier and the Password valid only once based on the Time, thereby generating an encrypted Payload, wherein the optical source of the opto-electronic key is further configured to transmit the optical beam (F_0) carrying a data packet (30) which comprises the key identifier (KEYJD) in plain text and comprises the encrypted Payload, wherein the transceiver of the network server (4) is configured to receive the medium-long distance signal carrying the data packet and to extract therefrom the value of the key identifier (KEYJD) in plain text and the encrypted Payload, and wherein the processing unit of the network server (4) is configured to: read, from the memory (4-1 ) of the network server (4), the value of the extracted key identifier and a corresponding stored value of the Symmetric Key; decrypt the encrypted Payload by means of the read value of the Symmetric Key and extract the values of the user identifier and the Time-based One-Time Password (TOTP tx).

6. The electronic system according to any one of the preceding claims, wherein: the reference/sample digital identity is a biometric profile of the person, in particular a fingerprint of a finger of the hand of the person acquired by means of a fingerprint reader mounted in the key (2); the value of the Time-based One-Time Password is generated as defined in standard RFC6238; the Shared Secret value is generated by means of a hash function which takes as input the value of the user identifier (USERJD) or a combination of the user identifier (USERJD) and the Symmetric Key (S-KEY), and generates as output a string comprising at least 128 bits. 7. A method for controlling the opening of a lock of an access door of a limited environment, the method comprising the steps of: a) generating (t22), at an opto-electronic key (2) outside the environment, a value of a user identifier (USERJD) as a function of data representative of a sample digital identity of a person (6) using the opto-electronic key; b) reading, from a memory (2-1 ) of the opto-electronic key, the value of the generated user identifier and a corresponding configured Shared Secret value associated with the value of the generated user identifier, wherein said configured Shared Secret value is a string composed of a predetermined number of bits; c) generating (t23), at the opto-electronic key, a Time-based One-Time Password (TOTP tx) valid for a predetermined period of time, wherein the value of said Password is generated as a function of the configured Shared Secret value and of a timestamp; d) reading, from the memory (2-1 ) of the opto-electronic key, a key identifier (KEYJD) indicative of a unique identifier associated with the opto-electronic key; e) transmitting (t24), from the opto-electronic key (2) towards an opto electronic lock (3) positioned inside the environment, an optical beam (F_0) carrying a data packet (30) comprising the key identifier (KEYJD; 30-1 ), the user identifier (USERJD; 30-2) and the Time-based One-Time Password (TOTP tx; 30-3); f) receiving, at the lock (3), the optical beam and extracting (t38) therefrom the value of the key identifier, the user identifier and the Time-based One-Time Password (TOTP tx); g) reading, from a memory (3-1 ) of the lock (3), the value of the extracted user identifier and a corresponding configured Shared Secret value associated with the value of the extracted user identifier; h) generating (t39), at the lock, a further Time-based One-Time Password (TOTP rx) valid for a predetermined period of time, wherein said further Password is generated as a function of said configured Shared Secret value and of a timestamp; i) comparing (t40) the value of the further Password (TOTP rx) with respect to the value of the extracted Password (TOTP tx); j) authorising or inhibiting the opening/closing of the opto-electronic lock, as a function of the positive or negative comparison, respectively.

8. The method according to claim 7, wherein: step a) comprises: acquiring data representative of the sample digital identity, in particular a sample fingerprint of a finger of the person’s hand; reading, from the memory (2-1 ) of the opto-electronic key (2), data representative of a reference digital identity of the person, in particular a reference fingerprint of the finger of the person’s hand; comparing the sample digital identity with respect to the reference digital identity; in case of a positive comparison, continuing with step b); in case of a negative comparison, waiting for a new acquisition of the data representative of the sample digital identity.

9. The method according to claims 7 or 8, wherein step e) further comprises, before the transmission: reading, from the memory (2-1 ) of the opto-electronic key (2), a configured value of a Symmetric Key (S-KEY) of a symmetric cryptography; performing, as a function of the read value of the Symmetric Key (S-KEY), a cryptography of a Payload comprising the user identifier and the Password valid only once based on the Time, thereby generating an encrypted Payload; and wherein in step e) said transmission comprises transmitting the optical beam (F_0) carrying a data packet (30) which comprises the key identifier in plain text and comprises the encrypted Payload; wherein step f) comprises: receiving, at the opto-electronic lock (3), the optical beam (F_0) carrying the data packet and extracting therefrom the value of the key identifier (KEYJD) in plain text and the encrypted Payload; reading, from the memory (3-1 ) of the opto-electronic lock (3), the value of the extracted key identifier and a corresponding stored value of the Symmetric Key; decrypting the encrypted Payload by means of the read value of the Symmetric Key and extracting the values of the user identifier and the Time- based One-Time Password (TOTP tx).

10. The method according to claims 7 or 8, comprising, instead of steps g)-j), the steps of: g1) transmitting, from the lock (3) to a network server (4) through a telecommunications network (15), a medium-long distance signal (S2_ld) carrying the value of the key identifier (KEYJD), the user identifier (USERJD) and the Time-based One-Time Password (TOTP tx); g2) receiving (t27), at the network server, the medium-long distance signal and extracting therefrom the values of the key identifier (KEYJD), of the user identifier (USERJD) and of the Time-based One-Time Password (TOTP tx); g3) reading, from a memory (4-1 ) of the network server (4), the value of the extracted user identifier and a corresponding stored Shared Secret value associated with the value of the extracted user identifier; hi ) generating (t29), at the network server (4), a further Time-based One-Time Password (TOTP rx) valid for a predetermined period of time, wherein said further Password is generated as a function of said Shared Secret value and of a timestamp;

11 ) comparing (t30) the value of the further Password (TOTP rx) with respect to the value of the extracted Password (TOTP tx);

12) transmitting (t31 ), from the network server towards the lock, the medium- long distance signal carrying a message indicative of a granted or denied authorisation for the opening/closing of the opto-electronic lock, as a function of the positive or negative comparison, respectively; j1 ) receiving (t32), at the lock, the medium-long distance signal and authorising or inhibiting the opening/closing of the opto-electronic lock, as a function of the granted or denied authorisation, respectively.

11 . The method according to claim 10, wherein: step e) further comprises, before the transmission: reading, from the memory (2-1 ) of the opto-electronic key (2), a configured value of a Symmetric Key (S-KEY); performing, as a function of the read value of the Symmetric Key (S-KEY), a cryptography of a Payload comprising the user identifier and the Password valid only once based on the Time, thereby generating an encrypted Payload; and wherein in step e) said transmission comprises transmitting the optical beam (F_0) carrying a data packet (30) which comprises the key identifier (KEYJD) in plain text and comprises the encrypted Payload; and wherein step g2) comprises: receiving, at the network server (4), the medium-long distance signal carrying the data packet and extracting therefrom the value of the key identifier (KEYJD) in plain text and the encrypted Payload; reading, from the memory (4-1 ) of the network server (4), the value of the extracted key identifier and a corresponding stored value of the Symmetric Key; decrypting the encrypted Payload by means of the read value of the Symmetric Key and extracting the values of the user identifier and the Time- based One-Time Password (TOTP tx).

12. A non-transitory computer-readable storage medium having a program comprising software code portions adapted to perform the steps a)-d) or the steps f)-j), j1 ) or the steps g1 ), g2), g3), hi ), i1 ), i2) of the method according to claims 7-11 , when said program is run on at least one computer.

13. A motor vehicle comprising an electronic system according to any one of claims 1 to 6, wherein the vehicle comprises: a surface which is at least partially transparent with respect to an optical beam, in particular a glass window of a door of the vehicle; or a through hole in the door, in particular comprising an optical fibre positioned along the hole; wherein the opto-electronic lock (3) is mounted inside the passenger compartment of the vehicle in such a way that an optical path is defined between the optical source of the key, when this is positioned outside the vehicle, and the optical receiver of the lock (3), passing through the at least partially transparent surface or the through hole.

14. An opto-electronic key (2) for controlling the opening of a lock of an access door of a limited environment, the key comprising a processing unit, an optical source and a non-volatile memory (2-1 ), wherein the memory (2-1 ) is configured to store a configured value of a key identifier (KEYJD) indicative of a unique identifier associated with the opto electronic key, a configured value of a user identifier (USERJD) and a corresponding configured Shared Secret value associated with the value of the user identifier, wherein said configured Shared Secret value is a string consisting of a predetermined number of bits, wherein the processing unit is configured to: generate (t22) a value of a user identifier (USERJD) as a function of data representative of a sample digital identity of a person (6) using the opto-electronic key; read, from the memory (2-1 ) of the opto-electronic key, the value of the generated user identifier (USERJD) and the corresponding configured Shared Secret value associated with the value of the generated user identifier; generate (t23) a Time-based One-Time Password (TOTP tx) valid for a predetermined period of time, wherein the value of said Password is generated as a function of the configured Shared Secret value and of a timestamp; read, from the memory (2-1 ) of the opto-electronic key, the configured key identifier (KEYJD) and generate a data packet (30) comprising the key identifier (KEYJD; 30-1 ), the user identifier (USERJD; 30-2) and the Time-based One- Time Password (TOTP tx; 30-3); and wherein the optical source of the opto-electronic key (2) is configured to generate an optical beam (F_0) carrying the data packet (30) which comprises the key identifier (KEYJD), the user identifier (USERJD) and the Time-based One-Time Password (TOTP tx).

15. An opto-electronic lock (3) for controlling the opening of an access door of a limited environment, the lock comprising a processing unit, an optical receiver and a non-volatile memory (3-1 ), wherein the memory (3-1 ) is configured to store, in case of operation according to an offline mode, a configured value of a user identifier (USERJD) and a corresponding configured Shared Secret value associated with the configured value of the user identifier, wherein, in case of operation in offline mode, the optical receiver of the lock is configured to receive an optical beam (F_0) carrying a data packet (30) which comprises a key identifier (KEYJD), the user identifier (USERJD) and a Time- based One-Time Password (TOTP tx), and it is configured to forward it to the processing unit, wherein, in case of operation in the offline mode, the processing unit of the lock is configured to: receive the data packet and extract (t38) therefrom the value of the key identifier, the user identifier and the Time-based One-Time Password (TOTP tx); read, from the memory (3-1 ) of the lock (3), the value of the configured user identifier and the corresponding configured Shared Secret value associated with the value of the configured user identifier; generate (t39) a further Time-based One-Time Password (TOTP rx) valid for a predetermined period of time, wherein said further Password is generated as a function of said configured Shared Secret value and of a timestamp; compare (t40) the value of the further Password (TOTP rx) with respect to the value of the extracted Password (TOTP tx); generate a command signal indicative of a granted or denied authorisation for the opening/closing of the opto-electronic lock, as a function of the positive or negative comparison, respectively; and wherein, in case of operation in the online mode, the opto-electronic lock (3) further comprises a medium-long distance signal transceiver, wherein, in case of operation in the online mode, the optical receiver of the lock is configured to receive an optical beam (F_0) carrying a data packet (30) which comprises a key identifier (KEYJD), the user identifier (USERJD) and a Time- based One-Time Password (TOTP tx), wherein the medium-long distance signal transceiver is configured to: transmit a medium-long distance signal (S2Jd) carrying the value of the key identifier (KEYJD), of the user identifier (USERJD) and of the Time-based One-Time Password (TOTP tx); receive the medium-long distance signal (S2Jd) carrying a message indicative of a granted or denied authorisation for the opening/closing of the opto- electronic lock and authorising or inhibiting the opening/closing of the opto electronic lock, as a function of the granted or denied authorisation, respectively. 16. A network server (4) for controlling the opening of a lock of an access door of a limited environment, the server comprising a medium-long distance signal transceiver, a processing unit and a non-volatile memory (4-1 ) configured to store a configured value of a user identifier (USERJD) and a corresponding configured Shared Secret value associated with the configured value of the user identifier, wherein the medium-long distance signal transceiver is configured to: receive (t27) a medium-long distance signal (S2_ld) carrying the values of a key identifier (KEYJD), of the user identifier (USERJD) and of a Time-based One-Time Password (TOTP tx); extract the values of the key identifier (KEYJD), of the user identifier (USERJD) and of the Time-based One-Time Password (TOTP tx); wherein the processing unit of the network server is configured to: read, from the memory (4-1 ) of the network server (4), the value of the extracted user identifier and a corresponding stored Shared Secret value associated with the value of the extracted user identifier; generate (t29) a further Time-based One-Time Password (TOTP rx) valid for a predetermined period of time, wherein said further Password is generated as a function of said Shared Secret value and of a timestamp; compare (t30) the value of the further Password (TOTP rx) with respect to the value of the extracted Password (TOTP tx); and wherein the medium-long distance signal transceiver of the network server is configured to transmit (t31 ) the medium-long distance signal carrying a message indicative of a granted or denied authorisation for the opening/closing of an opto-electronic lock, as a function of the positive or negative comparison, respectively.

Description:
“Electronic system for controlling the opening of an opto-electronic lock of an access door, relative opto-electronic lock and opto-electronic key for opening the lock”

Technical field of the invention

The invention generally relates to the electronics field.

More in particular, the invention concerns an electronic system for controlling the opening of an electronic lock mounted, for example, on a door of a vehicle or on an access door of a home.

Prior art

It is known the use of locks mounted on a door of a motor vehicle so as to allow the locking of the door of the vehicle in the closed position.

Mechanical locks are known which use a mechanical key inserted in the lock itself, wherein the key locks the lock in the closed position by means of a rotation of the key.

Electronic locks and keys are also known, wherein the electronic key controls the opening and closing of a motor-driven electronic lock by means of the radio transmission of an authorisation key between the key and the lock, for example using RFID, NFC or Bluetooth technology.

The mechanical locks can be forced to open using suitable mechanical burglary tools, and, moreover, the same mechanical key can be easily copied.

An electronic key can also be deceived, since it is possible to intercept the authorisation key transmitted via radio and it is sensitive to various cyber attack methods.

Brief summary of the invention

The present invention relates to an electronic system for controlling the opening of an opto-electronic lock of an access door of a limited environment, wherein the system is defined in the attached claim 1 and by its preferred embodiments described in the dependent claims from 2 to 6.

The Applicant has perceived that the electronic system according to this invention has the following advantages: it improves the communication security between the opto-electronic type key and the lock associated with it; it is insensitive to radiofrequency disturbance signals; it allows to define authorisations with which a predetermined user may interact with a predetermined lock, in terms of time (for example, only at predetermined times or up to a specific date) and/or in terms of number of accesses allowed.

It is also an object of the present invention a method for controlling the opening of an opto-electronic lock of an access door as defined in the attached claim 7 and in the preferred embodiments described in the dependent claims 8 to 11.

It is also an object of the present invention a non-transitory storage medium as defined in the attached claim 12.

It is also an object of the present invention a motor vehicle as defined in the attached claim 13.

It is also an object of the present invention an opto-electronic key for controlling the opening of a lock as defined in the attached claim 14.

It is also an object of the present invention an opto-electronic lock for controlling the opening of an access door of a limited environment as defined in the attached claim 15.

It is also an object of the present invention a network server for controlling the opening of a lock of an access door of a limited environment as defined in the attached claim 16.

Brief description of the drawings

Further characteristic features and advantages of the invention are given in the following description of a preferred embodiment and of its variants provided by way of example with reference to the accompanying drawings, in which: Figure 1 shows a block diagram of an electronic system for controlling an electronic lock of a vehicle according to the invention; Figure 2 shows at the top a diagram of the method for generating a password valid only once based on the time used in the electronic system according to the invention;

Figure 2 shows at the bottom a data packet transmitted by an opto-electronic key of the electronic system according to the invention;

Figures 3A-3B show a configuration phase of the electronic system according to a first embodiment of the invention;

Figure 3C shows a normal operation phase of the electronic system according to the first embodiment of the invention;

Figures 4A-4B show a configuration phase the electronic system according to a second embodiment of the invention;

Figure 4C shows a normal operation phase of the electronic system according to the second embodiment of the invention.

Detailed description of the invention

It should be noted that in the following description blocks, components or modules which are identical or similar are indicated in the drawings with the same reference numerals, even if they are shown in different embodiments of the invention.

Figure 1 shows an electronic system 10 for controlling a lock 3 of a motor vehicle 50, such as, for example, a motor vehicle with an internal combustion, electric or thermal/electric hybrid engine.

The electronic system 10 comprises the opto-electronic lock 3, an opto electronic key 2 and a network server 4.

Preferably, the electronic system 10 also comprises an electronic device 5 which is used to configure the electronic system 10, as explained in more detail below.

The electronic system 10 is configured to operate according to two operating modes: an online mode, wherein a long distance data connection between the opto-electronic lock 3 of the motor vehicle 50 and the network server 4 is available; an offline mode, wherein the long distance data connection between the opto-electronic lock 3 of the motor vehicle 50 and the network server 4 is not available.

Moreover, each of the two operating modes comprises a configuration phase of the electronic system 10 and a normal operation phase.

The opto-electronic key 2 belongs to a person 6 (that is, a user) who is the owner of the vehicle 50.

The opto-electronic key 2 comprises a non-volatile type memory 2-1 which stores the following configuration parameters:

Key-Identifier;

User-Identifier.

The Key-Identifier (abbreviated below with KEYJD) is a unique identifier associated with the opto-electronic key 2 (for example, an alphanumeric string), which is assigned by the manufacturer of the vehicle 50 and it is stored in the memory 2-1 inside the electronic key 2; consequently, the vehicle manufacturer has a database containing unique values of KEYJD , that is to say, the vehicle manufacturer assigns a different KEYJD to opto-electronic keys belonging to different vehicles.

Alternatively, the KEYJD is a unique identifier associated with the key 2 which is assigned by the manufacturer of the key 2 itself; consequently, the manufacturer of keys (similar to the opto-electronic key 2) has a database containing unique values of KEYJD, that is to say, the key manufacturer assigns a different KEYJD to opto-electronic keys belonging to different vehicles.

The User-Identifier (abbreviated below with USERJD) is a code which is generated as a function of data representative of a digital identity of the person 6.

The digital identity may be one of the following: a biometric profile of the person 6, such as, for example, a fingerprint of a finger of the person 6, data representing the face of the person 6, the voiceprint of the person 6; credentials associated with the person 6, comprising a user name and a password; an authentication token provided by an external authentication service, such as, for example, a Google, Microsoft or Facebook account.

The memory 2-1 is configured to further store data identifying a reference digital identity of the person 6, which have been acquired by the person 6 under secure conditions during a configuration phase which precedes the normal operation phase of the system 10, as explained in more detail below.

It should be noted that it is possible to associate to the same person 6 more than one User-Identifier, such as, for example, a first User-Identifier generated as a function of a biometric parameter of the person 6 and a second User-Identifier generated as a function of a Google account of the person 6.

For the purposes of explaining the invention, it is considered below that the data representative of the identity of the person 6 are a biometric parameter of the person 6, in particular a fingerprint of a finger of the person 6 (for example, the thumb or index finger), thus the User-Identifier is a code generated as a function of the fingerprint of a finger of the person 6: in this case, the opto electronic key 2 comprises a fingerprint sensor configured to acquire in real time a fingerprint of a finger of the person 6 (for example, the thumb or index finger).

Advantageously, during the configuration phase the opto-electronic key 2 a further configuration parameter is associated, denoted by the term Symmetric Key, abbreviated below as S-KEY.

The Symmetric Key is a secret key shared between the opto-electronic key 2 and the opto-electronic lock 3; in other words, the Symmetric Key has been exchanged in advance during the configuration phase (prior to the first operation of the normal operation phase) by means of a secure channel, as explained in more detail below with regard to the description of Figures 3A and 4A.

The Symmetric Key is a value composed of at least 40 bits, preferably equal to 128 bits, such as, for example, a set of bytes generated randomly, a passphrase or a long string of alphanumeric characters.

The value of the Symmetric Key is provided, for example, by an authorised Certification Authority: the manufacturer of the vehicle 50 obtains a value of the Symmetric Key from a Certification Authority and the manufacturer of the vehicle 50 configures the electronic key 2 in such a way as to store in the memory 2-1 the value of the Symmetric Key S-KEY, together with the value of the Key- Identifier KEY ID, thus storing a pair (KEYJD, S-KEY).

The Symmetric Key is a code which is used to encrypt a data packet transmitted from the opto-electronic key 2 towards the opto-electronic lock 3 by means of symmetric cryptography, as explained in more detail below.

The opto-electronic key 2 comprises a processing unit (for example, a microcontroller) and the memory 2-1 .

The opto-electronic key 2 also comprises an optical source (that is, an optical transmitter) for generating an optical beam F_0 which is transmitted towards the opto-electronic lock 3, typically in the visible light band, for example with a frequency of between 380 and 780 nanometres.

Figure 2 shows in the bottom part a data packet 30 which is carried by the optical beam F_0 generated by the optical source of the opto-electronic key 2.

The data packet 30 comprises a first field 30-1 containing the Key-Identifier and comprises a second field (indicated with 30-2 and 30-3) containing the Payload.

The Payload in turn comprises a field 30-2 which comprises the User- Identifier and a further field 30-3 which comprises a password (or token) valid only once based on time and valid for a limited period of time, which is denoted by TOTP (Time-based One-Time Password) in the RFC6238 standard issued by the IETF standard organisation.

The Time-based One-Time password is a variable code which is generated in the opto-electronic key 2 as a function of a current time and as a function of a value indicated as Shared Secret, using an algorithm defined in the RFC6238 standard.

In particular, TOTP is a password (that is to say, a token) which is valid only once and for a predetermined time interval, for example equal to 30 seconds or 60 seconds.

Shared Secret is a code having a length of at least 128 bits which is generated as a function of the User-Identifier (USERJD) and (in the case of symmetric cryptography) also as a function of the Symmetric Key (S-KEY). In particular, Shared Secret is generated by means of a hash function which receives as input the USERJD value or (in the case of symmetric cryptography) a combination of the values of USERJD and S-KEY, so said hash function generates as output a binary string of fixed length (for example equal to 128 bits), using a mathematical algorithm which maps data of arbitrary length in a binary string of fixed length.

An example of a hash function is the family of SHA (Secure Hash Algorithm) functions which comprises the following:

SHA-0: it generates as output a string consisting of 160 bits;

SHA-1 : it generates as output a string consisting of 160 bits;

SHA-2: it generates as output a string consisting of 224, 256, 384 or 512 bits;

SHA-3: it generates as output a string consisting of 224, 256, 384 or 512 bits.

Figure 2 shows in the top part a diagram of the method for generating the TOTP value achieved by means of a suitable software program running on the processing unit of the opto-electronic key 2 during the normal operation phase of the electronic system 10, in the online or offline mode.

The processing unit of the opto-electronic key 2 receives as input the pair of parameters Key-Identifier (KEYJD)-Symmetric Key (S-KEY), which have been previously stored in the local memory 2-1 of the opto-electronic key 2; moreover, the processing unit receives as input the value of the User-Identifier which has been generated as a function of a digital identity of the person 6, such as, for example, a biometric parameter of the person 6, in particular the fingerprint of his/her finger of the hand.

Subsequently, the processing unit of the opto-electronic key 2 calculates the value of Shared Secret as a function of the values of the User-Identifier and of the Symmetric Key, using a hash function which receives as input a combination of the values of the User-Identifier and of the Symmetric Key.

Subsequently, the processing unit of the opto-electronic key 2 generates the value of TOTP as a function of the value of Shared Secret and of a value of a timestamp using the algorithm defined in the RFC6238 standard to which reference should be made for further details, wherein the timestamp is derived from a reference time and from a time step.

Subsequently, the processing unit of the opto-electronic key 2 carries out an encryption of the set of the value of the User-Identifier and of the value of the TOTP using the value of the Symmetric Key, thus generating a Payload which includes an encrypted value of the set of the User-Identifier and TOTP.

Lastly, the processing unit of the opto-electronic key 2 generates the data packet 30 having a first field 30-1 containing the Key-Identifier and a second field 30-2, 30-3 containing the Payload, which in turn contains the User-Identifier and TOTP in encrypted form.

The opto-electronic lock 3 is positioned inside the cabin of the motor vehicle 50, so that it is visible by means of an optical path towards the outside of the vehicle 50, through a surface 20 of the vehicle 50 which is transparent with respect to the optical beam F_0, such as, for example, the glass of a window or of the windscreen of the vehicle 50.

For example, the opto-electronic lock 3 is mounted inside the cabin of the vehicle 50 close to the windscreen 20 (that is, the front glass) of the vehicle 50, in particular close to a central position of the upper edge of the windscreen 20.

Alternatively, it is possible to use an optical fibre inserted along a through hole which passes through the door of the vehicle 50: in this way, the optical fibre is such to receive as input the optical beam F_0 generated by the key 2, is such to guide the optical beam received from the input facet (positioned at an end of the hole outside the door) to an output facet (positioned at another end of the hole inside the door), so the optical fibre is such to generate as output an optical beam which is received by the optical sensor of the lock 3 inside the vehicle 50.

It should be noted that the invention is not limited to a lock for opening a door of motorised vehicles, but it may be used more in general for controlling the opening of an access door of a limited environment, such as, for example, the access door of a home or an industrial environment, provided that it is possible to identify (through the access door) an optical path between the key 2 located outside the limited environment and the lock 3 located inside said limited environment; in this case, the KEYJD is a unique identifier associated with the key 2 which is assigned by the manufacturer of the key 2 itself, so the manufacturer of the opto-electronic keys has a database containing unique values of KEYJD, that is to say, the manufacturer assigns a different KEYJD to opto-electronic keys belonging to different access doors of different homes or industrial environments.

The opto-electronic lock 3 comprises a processing unit (for example, a microcontroller or a microprocessor) and an optical receiver for receiving an optical beam F_0 transmitted from the opto-electronic key 2.

The optical receiver is, for example, a photo-diode.

The opto-electronic lock 3 also comprises a long distance wireless signal transceiver configured transmit towards the server device 4, during a normal operation phase of the online mode, a long distance wireless signal S2_r_ld carrying a message that contains the Key-Identifier (KEYJD), the User-Identifier (USERJD) and TOTP, as explained in more detail below relative to the description of Figure 3C.

Moreover, during the normal operation phase of the online mode, the transceiver of the lock 3 is configured to receive from the network server 4 the long distance wireless signal S2Jd carrying a message indicative of an authorisation granted for the opening/closing of the lock 3 or indicative of an authorisation denied for the opening/closing of the lock 3.

In case of operation of the system 10 in the offline mode, the opto electronic lock 3 comprises a non-volatile memory 3-1 which is directly or indirectly connected to the lock 3, wherein said memory 3-1 is configured to store the pair Key-Identifier (KEYJD)-Symmetric Key (S-KEY) and the pair User- Identifier (USERJD)- Shared Secret.

During the normal operation phase of the system in the offline mode, the processing unit of the opto-electronic lock 3 is configured to locally generate a TOTP, as a function of the value of the Shared Secret and of the value of a timestamp, for example as defined in the RFC6238 standard, wherein the timestamp is, for example, derived from a reference time and from a time step.

Moreover, during the normal operation phase of the system 10 in the offline mode, the processing unit of the opto-electronic lock 3 is configured to compare the value of TOTP generated locally with respect to the value of transmitted TOTP (that is, the one transmitted by the opto-electronic key 2 by means of the optical beam F_0): if the value of the local TOTP is equal to the value of the transmitted TOTP, the processing unit of the opto-electronic lock 3 is configured to generate a signal for closing the lock 3 if it is in an open position or, vice versa, opening the lock 3 if it is in a closed position; if the value of the local TOTP is different from the value of the transmitted TOTP, the processing unit of the opto-electronic lock 3 is configured to generate an alarm signal representative of an attempted opening/closing of the lock 3 by a user with an unauthorised key 2.

The alarm signal is configurable and it may be, for example: an audio signal of medium-strong intensity emitted by a loudspeaker of the vehicle 50; an audio signal of low intensity emitted by a miniaturised loudspeaker integrated into the key 2; a visual signal emitted by the optical source of the key 2, such as a fixed or flashing red light for a short time interval (for example, a few seconds).

Preferably, if the value of the local TOTP is different from the value of the transmitted TOTP, the processing unit of the lock 3 is configured to generate (in addition to the alarm signal indicated above) the command signal for closing the lock 3 (that is, blocking the opening of the lock 3), both in the case in which the lock 3 is in the open position and in the case in which the lock 3 is already in the closed position, in order to block the access to the inside of the vehicle 50 to a user having an unauthorised key 2.

For example, the lock 3 comprises an electric motor and suitable mechanical means (for example, a sliding piston) for locking/unlocking the opening of the door of the vehicle 50, wherein said mechanical means are actuated by the electric motor as a function of a driving signal which depends on the value of the command signal generated by the processing unit of the lock 3.

Advantageously, it is used a symmetric cryptography with shared secret key between the electronic key 2 and the network server 4 (online mode) or between the electronic key 2 and the opto-electronic lock 3 (offline mode), in order to protect the messages exchanged between the electronic device 5 and the network server 4.

In this case, the memory 2-1 of the key 2 and the memory 4-1 of the network server 4 are configured to further store the value of the Symmetric Key (S-KEY) associated with the Key-Identifier (ID_KEY), that is a pair of values (ID_KEY, S-KEY): this is obtained by means of the first part of the configuration phase of the online and offline mode, as explained in more detail below with regard to the description Figures 3A and 4A.

During the normal operation phase of the online and offline mode, the processing unit of the opto-electronic key 2 has the function of generating the password based on the time valid only once (TOTP) for a predetermined period of time.

A TOTP value is generated in the opto-electronic key 2 as illustrated above with reference to the description of Figure 2 and another TOTP value is generated in the network server 4 (online mode) or in the lock 3 (offline mode) during the normal operation of the electronic system 10, as explained in more detail below in Figures 3C and 4C regarding the description of the normal operation of the system 10.

The processing unit of the key 2 is also configured, during the normal operation phase, to read from the memory 2-1 identification data of the reference digital identity (which has been previously configured in the second part of the configuration phase) of the person 6 (for example, the fingerprint of his/her finger of the hand), so the processing unit of the key 2 is configured to compare the sample digital identity of the person 6 with respect to the reference digital identity of the person 6: if the value of the sample digital identity is equal to that of the reference digital identity, the processing unit is configured to continue with the generation of TOTP and subsequent transmission of the optical beam F_0 carrying the data packet 30; if the value of the sample digital identity is different from that of the reference digital identity, the processing unit is configured to disregard the acquired sample digital identity, thereby preventing the transmission of the data packet 30 towards the lock 3, so the processing unit of the key 2 waits for receiving a new value of the sample digital identity.

It should be noted that the negative comparison of the digital identity may be caused both by an attempt to open (or close) the door of the vehicle 50 using an key 2 not authorised for said vehicle 50, and in the case in which incorrect data of the sample digital identity of an authorised person 6 has been acquired (for example, a fingerprint of a wet or dirty fingertip of the authorised person 6).

Advantageously, if the processing unit of the key 2 is such to detect a plurality of attempts to open/close the lock 3 with a negative comparison of the digital identity in a limited period of time (for example, at least three failed attempts within a time interval equal to 10 seconds), the processing unit of the key 2 is configured to generate an alarm signal representative of an attempted opening/closing of the lock 3 by a user having an unauthorised digital identity for that key 2 (for example, the key 2 has been stolen from the authorised user).

The alarm signal is configurable and may be, for example: an audio signal of medium-strong intensity emitted by a loudspeaker of the vehicle 50; an audio signal of low intensity emitted by a miniaturised loudspeaker integrated in the key 2; a visual signal emitted by the optical source of the key 2, such as a fixed or flashing red light for a short time interval (for example, a few seconds).

The electronic key 2 further comprises suitable electronic components for driving the optical source and a battery for powering the optical source and the electronic components.

Advantageously, the optical source of the opto-electronic key 2 is a light emitting diode (LED).

The electronic device 5 comprises a processing unit, a short distance signal transceiver (for example, a Bluetooth or Wi-Fi wireless signal) and a medium-long distance signal transceiver (for example, a wireless signal of the 2G, 3G, 4G or 5G type). The electronic device 5 may be of the fixed type (for example, a desktot personal computer) equipped with suitable wired data communication interfaces, for example of the Ethernet and USB type.

Alternatively, the electronic device 5 is of the mobile type (such as, for example, a smartphone, a tablet or a laptop personal computer) and comprises a short distance wireless signal transceiver (for example, Bluetooth or Wi-Fi) to exchange a short distance wireless signal S_r_sd with the key 2 and a medium- long distance wireless signal transceiver (for example of the 2G, 3G, 4G or 5G type) for transmitting a long distance wireless signal S1_r_ld towards the network device 4.

The processing unit of the electronic device 5 executes a software program (or a software application) to perform the configuration of the electronic system 10 during the configuration phase of the online and offline mode.

In particular, during a first part of the configuring phase of the online and offline mode, the short distance signal transceiver of the electronic device 5 is configured to transmit towards the opto-electronic key 2 the short distance wireless signal S_r_sd carrying a key registration request and it is configured to receive the short distance wireless signal S_r_sd carrying the Key-Identifier (KEYJD) and (in case of use of symmetric cryptography) also the Symmetric Key (S-KEY).

Advantageously, the short distance wireless signal S_r_sd is transmitted on a secure channel which uses a cryptography, in particular the TLS protocol (Transport Layer Security) version 1 .2 or higher.

Moreover, during a second part of the configuration phase of the online and offline mode, the short distance signal transceiver of the electronic device 5 is configured to transmit towards the opto-electronic key 2 the short distance wireless signal S_r_sd carrying a key registration request of a user identifier and it is configured to receive from the key 2 the short distance wireless signal S_r_sd carrying the User-Identifier (USER-ID), Secret Key and the Key-Identifier (S-KEY) associated with them.

Moreover, during the second part of the configuration phase of the online mode, the transceiver of medium-long distance signals S1_r_ld of the electronic device 5 is configured to transmit towards the network server 4 the long distance wireless signal S1_r_ld carrying ID_KEY, USERJD and Shared Secret.

Advantageously, the medium-long distance signal S1_r_ld is transmitted on a secure channel which uses a cryptography, in particular the TLS protocol (Transport Layer Security) version 1 .2 or higher.

The network server 4 is an electronic device positioned inside a medium- long distance telecommunication network 15 (for example, the Internet).

The network server 4 performs cloud type services using, for example, Web Services.

The network server 4 comprises a medium-long distance signal transceiver and a processing unit (for example, a microprocessor).

The network server 4 comprises a non-volatile memory 4-1 configured to store, in case of operation of the system 10 in the online mode, the value of Key- Identifier (KEYJD) and the pair of values User-Identifier (USERJD)-Shared Secret.

Moreover, if symmetric cryptography is used between the key 2 and the server 4, the memory 4-1 is further configured to store the value of the Symmetric Key (S-KEY) associated with the Key-Identifier (KEYJD), that is the pair of values (KEYJD-S-KEY).

During the normal operation phase of the system 10 in the online mode, the transceiver of the network server 4 is configured to receive a medium-long distance signal S2Jd carrying a message containing the Key-Identifier (KEYJD), the User-Identifier (USERJD) and transmitted TOTP, thus the transceiver is configured to extract at least the value of KEYJD from the received message.

During the normal operation phase of the system in the online mode, the processing unit of the network server 4 is configured to receive the data packet 30 carrying KEYJD and the Payload, it is configured to extract the value of USERJD and TOTP from the Payload, it is configured to read from the memory 4-1 the pair of values (USERJD, Shared Secret) corresponding to the value of USERJD extracted and finally it is configured to identify the value of Shared Secret associated with the extracted value of USER ID. If the Payload is encrypted with a symmetric cryptography, the processing unit is further configured to extract the value of KEYJD from the data packet 30, it is configured to read from the memory 4-1 the pair of values (KEYJD, S-KEY) corresponding to the received value of KEYJD and to identify the value of S-KEY associated with the extracted value of KEYJD, thus the processing unit of the network server 4 is configured to perform the decrypting from the Payload (using the identified value of S-KEY) and finally to extract the values of USERJD and TOTP from the Payload.

Moreover, during the normal operation phase of the system in the online mode, the processing unit of the network server 4 is configured to locally generate a TOTP, as a function of the value of Shared Secret read from the memory 4-1 and of the value of a timestamp (for example derived from a reference time and from a time step) as defined in the RFC6238 standard.

Moreover, during the normal operation phase of the system 10 in the online mode, the processing unit of the network server 4 is configured to compare the TOTP value generated locally in the network server 4 with respect to the value of the transmitted TOTP (that is, the one transmitted by the opto-electronic lock 3 and then received by means of the medium-long distance signal S2Jd): if the value of local TOTP is equal to the value of transmitted TOTP, the transceiver of the network server 4 is configured to transmit towards the lock 3 the medium-long distance signal S2Jd carrying a message indicative of an authorisation granted for opening the lock 3 if it is in a closed position or an authorisation granted for closing the lock 3 if it is in an open position; if the value of local TOTP is different from the value of transmitted TOTP, the transceiver of the network server 4 is configured to transmit towards the lock 3 the medium-long distance signal S2Jd carrying a message indicative of an authorisation denied for unlocking the opening of the lock 3 if it is in a closed position or an authorisation denied for closing the lock 3 if it is in an open position.

It is descrived hereinafter the operation of the electronic system 10 in the online operating mode, referring also to Figures 1 , 2A, 2B and 2C.

For the purposes of explaining the invention, the following hypotheses are considered: the opto-electronic key 2 comprises a fingerprint sensor and a LED for generating the optical beam F_0; the memory 2-1 inside the opto-electronic key 2 stores a pair of values Key-Identifier (KEYJD)-Symmetric Key (S-KEY), a pair of values (USERJD- Shared Secret) and identification data of the reference fingerprint of the thumb of the person 6, wherein USERJD is associated with the person 6 and KEYJD is associated with the key 2 which belongs to the person 6; the memory 4-1 of the network server stores a pair of values (KEYJD-S- KEY) and a pair of values (USERJD, Shared Secret), wherein USERJD is associated with the person 6 and KEYJD is associated with the key 2 which belongs to the person 6; the opto-electronic lock 3 comprises a photo-diode for detecting the optical beam F_0; the electronic device 5 is a smartphone; the long distance signal S1_rjd is a wireless signal of the mobile phone type (for example, 4G or 5G); the short distance signal S_r_sd is a Wi-Fi wireless signal; a shared symmetric cryptography is used to protect the data which is transmitted by means of the communication channel between the key 2, the lock 3 and the network server 4;

TOTP is generated as defined in the RFC6238 standard and Shared Secret with a hash function which receives as input a combination of the values of USERJD and S-KEY.

It may be noted that there is a configuration phase comprising a first part having a duration DT1 (Figure 2A) and a second part having a second duration DT2 (Figure 2B); moreover, there is a subsequent normal operation phase having a duration DT3-1 (Figure 2C).

The configuration phase is comprised between the instant t1 and the instant t19.

The first part of the configuration phase starts at the initial instant t1 : the person 6 starts a suitable application on the smartphone 5 and generates, by means of it, a request for registering the opto-electronic key 2. The smartphone 5 transmits towards the opto-electronic key 2 the short distance wireless signal S_r_sd carrying said registration request.

At the instant t2 (after t1 ) the transceiver of the opto-electronic key 2 receives the short distance wireless signal S_r_sd carrying said registration request, at the instant t3 (after t2) the processing unit of the opto-electronic key 2 reads from the memory 2-1 of the opto-electronic key 2 the pair of values (KEYJD, S-KEY).

At the instant t4 (after t3) the transceiver of the opto-electronic key 2 transmits towards the smartphone 5 the short distance wireless signal S_r_sd carrying a message carrying the pair of values (KEYJD, S-KEY).

At the instant t5 (after t4) the short distance transceiver of the smartphone 5 receives the short distance wireless signal S_r_sd carrying said message carrying the pair of values (KEYJD, S-KEY), at the instant t6 (after t5) the long distance transceiver of the smartphone 5 transmits towards the network server 4 the long distance wireless signal S1_rjd carrying a message containing a configuration request and containing the pair of values (KEYJD, S-KEY).

At the instant t7 (after t6) the transceiver of the network server 4 receives the long distance wireless signal S1_rjd carrying said message containing the configuration request and the pair of values (KEYJD, S-KEY), at the instant t8 the processing unit of the network server 4 stores the pair of values (KEYJD, S- KEY) in the memory 4-1 of the network server 4 and then terminates the first part of the configuration phase.

Thus, at the end of the first part of the configuration phase of the online mode, the pair of values (KEYJD, S-KEY) has been stored in the memory 4-1 of the network server 4, wherein said pair of stored values (KEYJD, S-KEY) will be subsequently used by the processing unit of the network server 4 in the normal operation phase of the system 10 in the online mode.

The first part of the configuration phase is performed, for example, by the manufacturer of the vehicle 50 during the production of the vehicle 50 or at the end of the production of the vehicle 50, in any case before the sale of the vehicle 50. More generally, the automobile company which produces the vehicle 50 emits a batch of opto-electronic keys (made like the key 2) and configures unique values of pairs (KEYJD, S-KEY) in different keys of the batch of keys and configures in the memory 4-1 of the network server 4 the pairs of values (KEYJD, S-KEY) of all the keys of the batch.

At the initial instant t10 the second part of the configuration phase starts, wherein the configuration of the fingerprint of the person 6 is performed.

The person 6 generates, by means of the application running on the smartphone 5, a request for registration of a user identifier.

The smartphone 5 transmits towards the opto-electronic key 2 the short distance wireless signal S_r_sd carrying said registration request of the user identifier.

At the instant t11 (after t10) the transceiver of the opto-electronic key 2 receives the short distance wireless signal S_r_sd carrying the request for registration of the user identifier, thus the opto-electronic key 2 waits to acquire a fingerprint of a finger (for example, the thumb) of the person 6, by means of the integrated sensor.

At the instant t12 (after t11 ) the person 6 rests the fingertip of his/her finger (thumb) on the sensor of the opto-electronic key 2, the opto-electronic key 2 acquires the reference fingerprint of the fingertip (thumb) of the person 6, which thus constitutes his/her reference digital identity.

At the instant t13 (after t12) the processing unit of the opto-electronic key 2 generates a value of a User-Identifier (USERJD) as a function of the data representative of the reference fingerprint (acquired at the instant t12) of the fingertip (thumb) of the person 6.

Moreover, at the instant t13 the processing unit of the opto-electronic key 2 generates a value of the Shared Secret as a function of the value of USERJD and of the value of S-KEY, using a hash function, for example 128 which receives as input a combination of the values of USERJD and S-KEY, thus generating a string of 128 bits which thus constitutes the value of Shared Secret. At the instant t14 (after t13) the processing unit of the opto-electronic key 2 stores the pair of values (USERJD-Shared Secret) in the memory 2-1 of the opto-electronic key 2.

At the instant t15 (after t14) the processing unit of the opto-electronic key 2 reads from the memory 2-1 the value of KEYJD, the transceiver of the opto electronic key 2 transmits towards the smartphone 5 the short distance wireless signal S_r_sd carrying the value of the KEYJD and the pair of values (USERJD- Shared Secret) which have been generated in the opto-electronic key 2 at the instant t13.

At the instant t16 (after t15) the short distance signal transceiver of the smartphone 5 receives the short distance wireless signal S_r_sd carrying the value of KEYJD and the pair of values (USERJD-Shared Secret).

At the instant t17 (after t16) the medium-long distance signal transceiver of the smartphone 5 transmits towards the network server 5 the long distance wireless signal S1_rjd carrying the value of KEYJD and the pair of values (USERJD-Shared Secret).

At the instant t18 (after t17) the transceiver of the network server 4 receives the long distance wireless signal S1_rjd carrying the value of KEYJD and the pair of values (USERJD-Shared Secret), at the instant t19 the processing unit of the network server 4 stores the pair of values (USERJD- Shared Secret) in the memory 4-1 of the network server 4 and terminates the second part of the configuration phase (and thus also the entire configuration phase).

Thus, at the end of the configuration phase the pair of values (KEYJD, S- KEY) and the pair of values (USERJD, Shared Secret) have been stored in the memory 4-1 of the network server 4, wherein said stored values of the pair (KEYJD, S-KEY) and of the pair (USERJD-Shared Secret) will subsequently be used by the processing unit of the network server 4 during the normal operation phase of the system 10 in online mode.

The second part of the configuration phase is, for example, performed immediately after the sale of the vehicle 50. If the automobile company has issued a batch of keys, only the key 2 of the vehicle 50 which has actually been sold is registered in the second part of the configuration phase.

The normal operation phase of the online mode of the system 10 starts at instant t21 .

At the instant t21 the person 6 rests the fingertip of a finger (thumb) on the sensor of the opto-electronic key 2, the opto-electronic key 2 acquires the fingerprint of the fingertip (thumb) of the person 6, which thus constitutes his/her sample digital identity acquired in real time.

At the instant t22 (after t21 ) the processing unit of the opto-electronic key 2 generates a value of USERJD as a function of the data representative of the sample fingerprint (acquired at the instant t21 ) of the fingertip of the finger (thumb) of the person 6, the processing unit reads from the memory 2-1 the pair of values (USERJD, Shared Secret) corresponding to the received value of USERJD and then it identifies the value of Shared Secret associated with the generated value of USERJD.

Subsequently, the processing unit of the opto-electronic key 2 performs a comparison between the value of the sample fingerprint (generated in real time) and the value of the reference fingerprint (previously stored into the memory 2-1 in the second part of the configuration phase) and detects that the two values are equal.

At the instant t23 (after t22) the processing unit of the opto-electronic key 2 generates in real time a value of a TOTP, as a function of the identified value of Shared Secret and of the value of a timestamp derived from a reference time and from a time interval as defined in the RFC6238 standard, using for said generation the algorithm defined in the RFC6238 standard: said generated value of TOTP at the key 2 will be referred to below as transmitted TOTP, to distinguish it from another TOTP which will be generated locally to the network server 4.

At the instant t24 (after t23) the person 6 presses a key on the opto electronic key 2, the processing unit of the key 2 reads from the memory 2-1 the pair of values (KEYJD, S-KEY) (previously stored in the memory 2-1 in the configuration phase) and the corresponding value of USERJD (previously stored in the memory 2-1 ), then the processing unit of the key 2 reads from the memory 2-1 the value of S-KEY and performs a cryptography of the Payload having the field 30-2 containing the value of USERJD and the field 30-3 containing the value of transmitted TOTP (generated before instant t23), thus generating the encrypted Payload.

Subsequently, the LED of the opto-electronic key 2 generates the optical beam F_0 carrying the data packet 30 having the first field 30-1 containing the value in plain text of KEYJD and having a second field which comprises the encrypted Payload.

The optical beam F_0 passes through the glass of the windscreen of the vehicle 50 (or the glass of a window of a door of the vehicle 50) and at the instant t25 it is received by the photo-diode of the opto-electronic lock 3 inside the vehicle 50.

At the instant t26 the long distance signals transceiver of the opto electronic lock 3 transmits towards the network server 4 the long distance signal S2_ld carrying the data packet 30 containing the value in plain text of the Key- Identifier (KEYJD) and the encrypted value of the USERJD and of transmitted TOTP contained into the field of the Payload.

At the instant t27 the long distance signals transceiver of the network server 4 receives the long distance signal S2Jd carrying a message containing the plain text value of the KEYJD and the encrypted value of the Payload (which in turn contains USERJD and transmitted TOTP) and sends said values of KEYJD and Payload to the processing unit of the network server 4.

At the instant t28 the processing unit of the network server 4 receives the data packet 30 carrying the value of KEYJD (in plain text) and the Payload (encrypted) and extracts the value of KEYJD from the message; subsequently, the processing unit reads from the memory 4-1 the pair of values (KEYJD, S- KEY) corresponding to the extracted value of KEYJD and identifies the value of S-KEY associated with the received value of KEYJD.

Subsequently, the processing unit of the network server 4 performs the decrypting from the Payload using the identified value of S-KEY and extracts from the Payload the values of USERJD and transmitted TOTP. Subsequently, the processing unit reads from the memory 4-1 the pair of values (USERJD, Shared Secret) corresponding to the value of extracted USERJD and identifies the value of Shared Secret associated with the extracted value of USERJD.

At the instant t29 (after t28) the processing unit generates locally a TOTP as a function of the identified value of Shared Secret and of the value of a timestamp (derived from a reference time and from a time step as defined in the RFC6238 standard), using for said generation the algorithm defined in the same RFC6238 standard: said value of TOTP generated at the network server 4 will be referred to hereinafter as the receiving TOTP (in order to distinguish it from transmitted TOTP previously generated in the opto-electronic key 2).

It is assumed that the time interval between the instant t23 (in which the value of transmitted TOTP is generated) and the instant t29 (in which the local value of receiving TOTP is generated) is less than the period of time of validity of the time-based one-time password, which is typically equal to 60 seconds, which is sufficient for the person 6 to perform the operations for acquiring the fingerprint and pressing a button on the electronic key 2 in order to generate the optical beam F_0 towards the lock 3.

At the instant t30 (after t29) the processing unit of the network server 4 performs a comparison between the local value of TOTP (generated at the network server 4) and the transmitted TOTP value (generated at the lock 3), thus it detects that the values of the two TOTPs are equal to each other; consequently, the processing unit of the network server 4 generates a signal indicative of an authorisation to unlock the lock 3 and at the instant t31 (after t30) the long distance signals transceiver of the network server 4 transmits towards the lock 3 the long distance signal S2Jd carrying a message indicative of an authorisation to unlock the lock 3 of the vehicle 50.

At the instant t32 (after t31 ) the transceiver of the lock 3 receives the long distance wireless signal S2Jd carrying the message indicative of the authorisation to unlock the lock 3, thus the processing unit of the lock 3 generates a command signal indicative of an unlocking of the lock 3 in an open position, for example driving the electric motor integrated into the door of the vehicle 50 and connected with mechanical means which unlock the opening of the door.

Preferably, at the instant t33 (after t32) the processing unit of the lock 3 generates a signal indicative of the unlocking of the opening of the lock 3, thus the transceiver of the lock 3 transmits towards the network server 4 the long distance signal S2_ld carrying a message indicative of the unlocking of the opening of the lock 3.

At the instant t34 (after t33) the transceiver of long distance signals of the network server 4 receives the long distance signal S2_ld carrying the message indicative of the unlocking of the opening of the lock 3 and the normal operation phase terminates, thus the person 6 can open the door of the vehicle 50 associated with the lock 3.

It should be noted that for simplicity the case is considered wherein the memory 4-1 of the network server 4 stores a pair of values (KEYJD, S-KEY) and a pair of values (USERJD, Shared Secret) since a single person 6 has been considered, but more generally the memory 4-1 is such to store a plurality of pairs of values (KEYJD, S-KEY) and a corresponding plurality of pairs of values (USERJD, Shared Secret), wherein said plurality corresponds to the number of keys (similar to the opto-electronic key 2) which are authorised to open the door of a vehicle on which a lock similar to the opto-electronic lock 3 is mounted.

Referring to Figures 1 , 4A, 4B and 4C, they show the operation of the electronic system 10 in the offline operating mode.

In this case, the long distance connection between the network server 4 and the lock 3 is not available, thus during the normal operation mode the operations of extracting KEYJD, USERJD and transmitted TOTP (instant t38), generation of receiving TOTP (instant t39), comparison between the values of transmitted OTP and receiving OTP (instant t40) and generation of the command for unlocking the lock 3 (t42) are performed in the lock 3 itself.

Moreover, the operation of the system 10 in the first part of the r configuration phase of the offline mode differs from that of the online mode in that at the instant t6' the electronic key 2 generates towards the lock 3 the optical beam F_0 carrying a message containing a configuration request and contains the pair of values (KEYJD, S-KEY) stored in the memory 2-1 of the opto electronic key 2.

After the instant t7' the lock 3 receives the optical beam F_0 carrying said message containing the configuration request and the pair of values (KEYJD, S- KEY), thus at the instant t8' the pair of values (KEYJD, S-KEY) is stored in the memory 3-1 which is connected directly or indirectly to the lock 3.

Thus, at the end of the first part of the configuration phase of the offline mode, the pair of values (KEYJD, S-KEY) has been stored in the memory 3-1 associated with the lock 3, wherein said pair of stored values of (KEYJD, S-KEY) will be subsequently used in the normal operation phase of the system 10 in the offline mode.

Moreover, the operation of the system 10 in the second part of the configuration phase of the offline mode differs from that of the online mode in that at the instant t17' (after t13) the electronic key 2 generates towards the lock 3 the optical beam F_0 carrying a message containing the pair of values (USERJD, Shared Secret) generated at the instant t13 in the opto-electronic key 2.

After the instant t18' the lock 3 receives the optical beam F_0 carrying said message containing the pair of values (USERJD, Shared Secret), thus at the instant t18' the pair of values (USERJD, Shared Secret) is stored in the memory 3-1 which is connected directly or indirectly to the lock 3.

Thus, at the end of the configuration phase of the offline mode, the pair of values (KEYJD, S-KEY) and the pair of values (USERJD, Shared Secret) have been stored in the memory 3-1 associated with the lock 3, wherein said stored values of (KEYJD, S-KEY) and (USERJD, Shared Secret) will be subsequently used in the normal operation phase of the system 10 in the offline mode.

According to a variant of the invention, the Payload of the data packet 30 further comprises a third field containing information representative of one or more commands representative of one or more functions to be performed on the vehicle 50, for example opening the boot, switching on the headlights of the vehicle 50, switching on the light of the passenger compartment of the vehicle 5. In this case, the key 2 comprises a further button (separate from the button for opening/closing the lock 3) having the function of generating the command to be executed.

The operation according to said variant is similar to that described above, with the difference that the function associated with the considered command is activated only after the authorisation to access the lock 3 has been granted, by the network server 4 (online mode) or by the lock 3 itself (offline mode).

It is also an object of the present invention a method for controlling the opening of a lock of an access door of a limited environment as defined in the appended method claims.

In the case of the offline operating mode, the method is performed by means of a software program which is run partly on an electronic processor (for example, a microcontroller) of the opto-electronic key 2 and partly on an electronic processor (for example, a microprocessor) of the opto-electronic lock 3.

In the case of the online operating mode, the method is performed by means of a software program which is run partly on an electronic processor of the opto-electronic key 2, partly on an electronic processor of the opto-electronic lock 3 and partly on an electronic processor (for example, a microprocessor) of the network server 4.