 METHOD FOR CONTROLLING ACCESS TO A RESERVED AREA WITH CONTROL OF THE VALIDITY OF A STOCKETED ACCESS
专利摘要:
The method comprises the steps of: presenting a mobile terminal (30) to an access control point (14), capturing an image (24) carried by the access control point (14), representative an encoded computer data, by means of a camera (36) of the terminal (30), and decryption, by the terminal (30), of the image (24) captured by the camera (36), to deduce therefrom the encoded computer data, which is a unique identifier of the access control point (14), establishing a wireless connection (22) between the mobile terminal (30) and the access control point (14), by the mobile terminal (30), by means of the unique identifier of the access control point (14) decrypted, transmission to the access control point (14), by the mobile terminal (30), of a access title to the reserved area stored in its memory (38), via the wireless connection (22), and checking the validity of the data of said access ticket by the control point gateway (14). 公开号:FR3018655A1 申请号:FR1400597 申请日:2014-03-12 公开日:2015-09-18 发明作者:Philippe Dailly 申请人:Thales SA; IPC主号:
专利说明:
[0001] The present invention relates to a method for controlling access to an area reserved by a control system and to controlling the validity of an access ticket stored in the memory of a mobile terminal. access control to the reserved area, the method being of the type comprising the following steps: presentation of a mobile terminal to an access control point of the access control system, capture of an image carried by the access control point, representative of an encoded data item, by means of a camera of the mobile terminal, and decryption, by the mobile terminal, of the image captured by the camera, to deduce therefrom the computer data encoded . The operators of public transport networks, to ensure that the users of their network are authorized users paying a user fee for the network, generally equip their network with a system for controlling access to the public transport network. . This access control system most often includes access control points located at the entrance of the public transport network, ie at the entrance of the network vehicles (buses, trams and subways). ) or at the entrance of the loading docks in the said vehicles. These access control points are adapted to verify that the ticket of the user, constituting a title of access of the user to the public transport network, and which is loaded on a support, is valid. Refillable cards, most often without contact, are generally used as supports for these tickets. With regard to media intended for occasional users, however, this solution has the disadvantage of representing a significant cost for the operator, since it must provide the user with said rechargeable cards. To circumvent this problem, the public transport network operators have tried to use as support for a ticket a medium that is already in the possession of the user. They have thus turned towards the smartphones, which have the advantage of already equipping a large number of users and possess security and contactless communication functions that make them capable of fulfilling all the functions of conventional media. . The solutions developed today to use the computers as transport ticket media most often use near field communication (better known by the acronym NFC, "Near Field Communication"). These solutions are managed by the mobile operators, who provide the terminals, the infrastructure and the billing system to the public transport operator. They are disadvantageous in more ways than one. First, they allow only very few users to use it, because few devices are equipped with NFC chips. In addition, they make the public transport operator dependent on mobile operators, SIM card manufacturers, and mobile phone manufacturers. As for other solutions that do not use near-field communication, they generally require permanent communication between the office and a central server of the access control system, communication that is difficult when the user moves in a space where the electromagnetic wave propagation is bad, like a subway station. Also known from WO 2008/062179 a method of controlling the validity of a ticket, stored in the memory of a digital personal assistant, by a validator. This method comprises a step of capturing a datagram by means of a personal assistant's camera, a step of extracting data from this datagram, and a step of encrypting a Bluetooth transmission between the validator and the personal assistant using the extracted data. An object of the invention is to enable public transport operators to overcome the need to provide specific support for a ticket to each user of their network. Other objectives are to avoid making public transport operators dependent on any other service provider, and to enable them to overcome the need to provide specific support for a ticket for a large number of users. of their network. For this purpose, the subject of the invention is a method of the aforementioned type, in which the encoded data item is a unique identifier of the access control point, the method further comprising the following steps: establishing a wireless connection between the mobile terminal and the access control point, by the mobile terminal, by means of the unique identifier of the decrypted access control point, transmitted to the access control point, by the mobile terminal, an access title to the reserved area stored in its memory, via the wireless connection, and checking the validity of the data of said access ticket by the access control point. According to particular embodiments of the invention, the method also has one or more of the following characteristics, taken alone or in any combination (s) technically possible (s). - The method comprises an additional step of updating the access title by the access control point in the mobile terminal memory via the wireless connection. The update step comprises a sub-step of incrementing a first counter included in the access title, the method further comprising a step of recording a copy of said counter in a central server of the access control system. The step of checking the validity of the data of the access ticket by the access control point comprises a sub-step of checking the conformity of the value of the counter before incrementation with that of the copy of the counter recorded on the the central server, the data of the access ticket being declared valid only in the case where such compliance is verified. - The access ticket includes a validity timestamp, and the step of checking the validity of the data of said access ticket by the access control point comprises the following sub-steps: reading the time stamp validity of the access ticket, and comparison of said limit date stamp with the date-time of the presentation time of the mobile terminal at the access control point. The method comprises a step of connecting the mobile terminal to the central server via the Internet, a step of checking the validity of the access ticket data by the central server and, in the case where the central server concludes the validity of said data; of the access ticket, a step of replacing the timestamp limit of validity of the access ticket by a later date-time limit. The step of checking the validity of the data of the access ticket by the central server comprises a substep of checking the conformity of the value of the counter with that of the counter copy recorded on the central server, the title access valid only in the event that such compliance is verified. - The step of checking the validity of the data of the access ticket by the central server comprises a sub-step of verifying the integrity of the data of the access ticket, the access ticket being declared valid only in the case where the integrity of said access ticket is verified. The step of checking the validity of the data of the access ticket by the central server comprises a substep of comparison between a first unique identifier included in the access ticket and a second identifier specific to the mobile terminal, for example a MAC address of the mobile terminal, the access ticket being declared valid only in case of matching between the first and second identifiers. - In the case where the time stamp is earlier than the date-time of the presentation time of the mobile terminal at the access control point, the access title is declared invalid. - In the case where the time stamp is earlier than the date-time of the presentation time of the mobile terminal at the access control point, the access control point connects to the central server to check the compliance of the the value of the counter before incrementation to that of the counter copy recorded on the central server, the access ticket being declared valid only in the case where such conformity is verified. - The update step includes a substep of timestamp of the access title. - The step of checking the validity of access point data by the access control point includes a substep of verifying the data integrity of the access title, the access title n ' being declared valid only in the case where the integrity of the access ticket is verified. The step of checking the validity of the data of the access ticket by the access control point comprises a substep of comparison between a first unique identifier included in the access ticket and a second terminal specific identifier; mobile, for example a MAC address of the mobile terminal, the access ticket being declared valid only in case of matching between the first and second identifiers. - The access ticket comprises a digital signature for the verification of its authenticity, said signature being a function of an identifier specific to the mobile terminal, for example a MAC address of the mobile terminal. - The unique identifier is the MAC address of the access control point. - The image carried by the access control point is a barcode, in particular a two-dimensional barcode. - The wireless network is a Bluetooth network. Other features and advantages of the invention will appear on reading the description which follows, given solely by way of example and with reference to the appended drawings, in which: FIG. 1 is a diagrammatic view of a reserved zone access control system and a mobile terminal for carrying out a method according to the invention, FIG. 2 is an illustration of a transport ticket stored in a memory of the mobile terminal of FIG. 1 is a block diagram of an access control method according to the invention, FIG. 4 is a block diagram detailing the substeps of a first step of checking the validity of the data of FIG. FIG. 5 is a block diagram of the substeps of a substep of checking the validity of the access ticket data by a control point. Stage Access Figure 4, and FIG. 6 is a block diagram detailing the substeps of a second step of checking the validity of the access title data of the method of FIG. 3. [0002] The access control system 10 of Figure 1 is intended to control the access of users to a reserved area, in particular to a public transport network. For this purpose, the access control system 10 comprises, in known manner, a central server 12 and a plurality of access control points 14. The access control system 10 further comprises communication means 16 each access control point 14 with the central server 12. The server 12 is connected to the Internet and is adapted to communicate with mobile terminals via the Internet to sell tickets to be loaded on said mobile terminals and control the validity of the transport tickets loaded on said mobile terminals. For this purpose, the server 12 includes a memory (not shown) storing an identifier for each ticket sold. Each access control point 14 is disposed at an entrance to the reserved area, that is to say at an entrance of one of the vehicles of the transport network and / or at an entrance of a platform of access to one of said vehicles. Each access control point 14 comprises a validator 17 and, preferably, a gantry or gateway for access control to the transport network (not shown), associated with the validator, to block access to the transport network when the ticket that is presented to validator 17 is not valid. Each validator 17 comprises wireless communication means 20, for example a Bluetooth chip coupled to an antenna, for exchanging data between the validator 17 and other terminals via a wireless connection 22, typically a Bluetooth connection. According to the invention, each access control point 14 carries a representative image 24 of an encoded computer data element, said encoded data item being a unique identifier, for example a MAC (Media Access Control) address. wireless communication means 20 of the validator 17 of said access control point 14. [0003] In known manner, a MAC address of a device is a physical identifier stored in a network card or a network interface of the equipment and used to assign a unique address to said equipment when it connects to a network via said network card or network interface. [0004] In the example shown, the communication means 16 are wired communication means. In a variant, the communication means 16 are wireless communication means and are preferably compatible with at least one of the following standards: GSM (of the "Global System for Mobile Communications"), CDMA (of the English "Code Division Multiple Access"), UMTS (Universal Mobile Telecommunications System), LTE (Long Term Evolution) or Wi-Fi. The mobile terminal 30 of Figure 1 comprises first wireless communication means 32 compatible with the communication means 20, that is to say, in the context of the example mentioned above, a Bluetooth chip coupled to an antenna. The mobile terminal 30 further comprises second wireless communication means 34, a camera 36, a memory 38, a SIM (Subscriber Identity Module) 40 and a computer 42. The second means of communication without thread 34 support the Internet protocol and are preferably compatible with at least one of the following standards: GSM, CDMA, UMTS, LTE or Wi-Fi. The second memory 38 is preferably a rewritable memory. It stores a ticket emulation application (not shown) which is programmed so that, when it is executed by the computer 42, it decrypts an image of the image 24 captured by the camera 36 so as to deduce therefrom the identifier of the validator 17, and activates the first wireless communication means 32 so as to establish a wireless connection between the mobile terminal 30 and the validator 17, via the communication means 20, 32, by means of the identifier decoded. Said application is also programmed to allow the purchase of tickets to the server 12, and to store in the memory 38 the tickets loaded on the terminal 30 by the server 12. Finally, the application is programmed to transmit the securities transport stored in the memory 38 to the validator 17 when a connection is established between the validator 17 and the terminal 30, and to record the updated transport tickets transmitted by the validator 17 in the memory 38, replacing the previous versions tickets. [0005] A ticket 50 is shown schematically in FIG. 2. [0006] As shown in this Figure, each ticket 50 comprises a data group 52 and a digital signature 54 of the data group 52. The data group 52 comprises an identifier 56 of the ticket 50. It also comprises a first identifier 58 function of the mobile terminal 30 from which it was purchased. It further comprises a validity timestamp 60 of data 52, transport ticket tracking data 61, comprising a counter 62 and a validation timestamp 64, and a transport contract 66. The identifier 56 is typically an identification number. contract associated with the transport ticket 50. It is similar to the identifier stored in the server 12. [0007] The first identifier 58 is for example the MAC address of the first wireless communication means 32 of the mobile terminal 30 with which the ticket 50 has been purchased. The counter 62 is adapted to be incremented by each validator 17 each time the transport ticket 50 is read by a validator 17. [0008] The validation timestamp 64 is a date-time group corresponding to the last moment of reading of the transport ticket 50 by a validator 17. The transport contract 66 is, in a known manner, representative of an authorization to circulate, on at least a part of the transport network, issued to the holder of the transport ticket 50. The transport contract 66 is for example a contract giving unlimited access to part or all of the transport network. In a variant, the transport contract 66 is a transport contract of the "electronic purse" type, representing a quantifiable datum and being adapted to be taken from a certain quantity of said quantifiable datum each time the user travels on the The signature 54 is obtained by applying an encryption key to the data group 52 or to a digest (hash) of said data group 52. The mobile terminal 30 is typically an ordiphone. The access control method 100 according to the invention, implemented by means of the system 10 and the mobile terminal 30, will now be described, with reference to FIGS. 3 to 6. [0009] As can be seen in FIG. 3, this method 100 comprises a first step 110 of purchasing a ticket 50 and loading the ticket 50 into the memory 38 of the mobile terminal 30. In this first step 110, the ticket user who owns the mobile terminal 30 starts the ticket emulation application. With this application, he buys a virtual ticket on the server 12. This ticket 50 is then downloaded to the mobile terminal 30, and stored in the memory 38 by the ticketing emulation application. [0010] At the purchase and loading step 110 follows a step 120 of checking the validity of the ticket loaded when the user accesses the public transport network. This step occurs whenever the user arrives at a public transport network boundary, that is to say at an entrance or exit of the public transport network, in order to access it or to access it. get out. The method 100 further comprises a step 130 of connecting the mobile terminal 30 to the central server 12 via the Internet at regular time intervals or when the user wishes to renew the validity of the data of his ticket 50. This connection is established by means of connection means 34. [0011] Step 130 is followed by a step 140 of checking the validity of the data of the ticket 50 by the central server 12. The method 100 further comprises a step 150 of replacing the time stamp 60 with a date-stamp. later when the data of the title 50 are declared valid by the central server 12, and a step 160 of erasing the ticket 50 of the memory 38 of the mobile terminal 30 when the data of the title 50 are declared invalid by the central server 12. Alternatively, the erasure step 160 is replaced by a step of sending a fine to the user. Referring to Figure 4, step 120 includes a first step 200 of presenting the mobile terminal 30 to a validator 17, the card emulation application being active. This step is followed by a step 205 of capturing the image 24 by the camera 36 of the mobile terminal 30, then by a step 210 of deciphering the image 24 by the card emulation application. The identifier of the validator 17 is thus deduced by the card emulation application which, in a step 215, uses this identifier to establish a direct wireless connection 22 between the mobile terminal 30 and the validator 17, via wireless connection means 20 and 32. Step 215 is followed by a step 220 of transmission of the ticket 50 to the validator 17, during which the card emulation application transmits the ticket 50 to validator 17, via the wireless connection 22. Then, during a step 230, the validator 17 checks the validity of the data of the ticket 50. The step 120 further comprises a step 240 of presentation of an alert when the data of the transport ticket 50 is declared invalid, and a step 250 of the treatment of the transport contract 66 when the data 52 of the tickets 50 are declared valid. [0012] In step 240, an alert is presented to the user and / or to a public transport access control organization. This alert is preferably a visual alert and is for example displayed on the validator 17. Optionally, the visual alert is accompanied by an audible alert. Alternatively, the alert is constituted by an audible alert. Optionally, a blocking of the access to the public transport network occurs concurrently at step 240. This blocking is constituted by the non-opening or closing of the gate or access gantry associated with the validator 17. The step 250 is known and includes the verification, by the validator 17, of the fact that the transport contract 66 confers on its holder the authorization to enter or leave the network by the access control point 14. where the transport contract 66 is of the "electronic purse" type, the processing step 250 may also include the taking out, on the contract 66, of a quantity which is a function of the journey made by the user on the network of transport. The processing step 250 is followed by a step 260 authorizing the crossing of the access control point 14 by the user and a step 270 of updating the ticket 50 in the memory 38 of the mobile terminal 30. In the step 260, the validator 17 communicates the information that the crossing of the access control point 14 by the user is authorized. This information is for example displayed on a screen of the validator 17. Preferably, an input or output passage of the transport network is simultaneously released by moving the gate or gantry associated with the validator 17 in the open position. In step 270, the transport ticket 50 is updated by the validator 17 in the memory 38 of the mobile terminal 30, via the wireless connection 22. This step comprises a first sub-step 271 of the timestamp of the title 50, a second substep 272 incrementing the counter 62, and a third substep 273 updating the signature 54. In the timestamp step 271, the validator 17 writes in replacement of the time stamp 64 and the date and time of the reading of the title 50 by the validator 17. In the step 272, the validator 17 increments the counter 62 of the title 50. At the step 273, the signature 54 is recalculated from the updated 52 data. Step 270 is followed by a step 280 of recording a copy of the tracking data 61 in a memory of the central server 12. This step 280 occurs if the communication means 16 are available. If the communication means 16 are unavailable at the time when the mobile terminal 30 is presented to the validator 17, the validator 17 differs the transmission of the copy of the tracking data 61 to the server 12 until the communication means 16 are available. [0013] With reference to FIG. 5, step 230 of checking the validity of the data of the title of the transport ticket 50 by the validator 17 comprises a first step 300 of verifying the integrity of the ticket 50. During this step, the validator 17 checks, by known means, that the signature 54 corresponds to the data 52. If this correspondence is verified, the validator 17 declares the data of the ticket 50 integrity. Otherwise, the validator 17 declares the data of the transport ticket 50 invalid. A step 305 for controlling the blocking of the ticket 50 follows step 300 in the case where the data of the ticket 50 is declared intact. During this step 305, the validator 17 verifies that the identifier 56 of the ticket 50 does not appear in a list of blocked tickets. If the identifier 56 is in said list, the validator 17 declares the data of the transport ticket 50 invalid. Otherwise, the validator 17 concludes that the ticket 50 is not blocked. A step 310 for comparing the first identifier 58 with a second specific identifier of the mobile terminal 30 follows step 305 in the case where the validator 17 concludes that the ticket 50 is not blocked. During this step 310, the validator 17 compares the first identifier 58 with a second identifier specific to the mobile terminal 30, for example the MAC address of the connection means 32. In the case where these identifiers are different, one of the other, the validator 17 declares the data of the transport ticket 50 invalid. In the case where there is adequacy between the two identifiers, the validator 17 moves to a new step 315. The step 315 is a step of reading the limit timestamp 60. It is followed by a step 320 of comparing the time stamp 60 at the date-time of presentation of the mobile terminal 30 to the validator 17. [0014] In the case where the time stamp 60 is earlier than the date-time presentation of the mobile terminal 30 to the validator 17, the validator 17 checks, in a step 325, if it is possible for him to connect to the central server 12. If this connection is impossible, the validator 17 declares the transport ticket 50 invalid. If this connection is possible, the validator 17 queries the central server 12, in a step 330, to check the compliance of the time stamp 64 and the counter 62 with copies of the timestamp 64 and the counter 62 stored on the 12. If the timestamp 64 and / or the counter 62 are not equal to their respective copies, the validator 17 declares the data of the transport ticket 50 invalid. Otherwise, the time stamp 60 is replaced by a later limit date-time, and the data of the transport ticket 50 is declared valid. [0015] In the case where the time stamp 60 is posterior to the moment of presentation of the mobile terminal 30 to the validator 17, the validator 17 preferably checks, during a step 340, whether it is possible for it to connect to the server central 12. If this connection is possible, the validator 17 proceeds with the step 330 described above. If this connection is impossible, the validator 17 declares the data of the transport ticket 50 valid and, in a step 345, puts the time stamp 64 and the counter 62 in memory and waits for the communication means 16 to be available. Then, when the communication means 16 are available, the validator 17 provides the central server 12 the timestamp 64 and the counter 62 stored. In a step 350, the server 12 checks the compliance of the time stamp and the counter 62 with the copies of the timestamp 64 and the counter 62 which it has memorized. In the case where the timestamp 64 and / or the counter 62 are not equal to their respective copies, the server 12 controls the blocking of the ticket 50 during a step 355. For this purpose, the server 12 registers the identifier 56 of the transport ticket 50 on the list of blocked tickets, and communicates the updated list to each validator 17 of the system 10. In a variant, the blocking step 355 is replaced by a step of sending the ticket 'a fine to the user. With reference to FIG. 6, the step 140 of checking the validity of the data of the transport ticket 50 by the central server 12 comprises a first substep 400 of verifying the integrity of the data of the ticket 50. step 140 further comprises a sub-step 410 for controlling the blocking of the ticket 50, a step 420 for comparing the first identifier 58 with a second identifier specific to the mobile terminal 30, and a sub-step 430 for controlling the security of the ticket. compliance of the timestamp 64 and the counter 62 with the copies of the timestamp 64 and the counter 62 stored on the server 12. [0016] During step 400, the central server 12 verifies, by known means, that the signature 54 corresponds to the data 52. If this correspondence is verified, the central server 12 declares the transport ticket 50 integrates and proceeds with the Step 410. In the opposite case, the central server 12 declares the transport ticket 50 invalid. In step 410, the central server 12 verifies that the identifier 56 of the ticket 50 is not in a list of blocked tickets. If the identifier 56 is in said list, the central server 12 declares the transport ticket 50 invalid. In the opposite case, the central server 12 concludes that the ticket 50 is not blocked and proceeds with step 420. In step 420, the central server 12 compares the first identifier 58 with a second specific identifier to the mobile terminal 30, for example to the MAC address of the connection means 32. In the case where these identifiers are different from each other, the central server 12 declares the transport ticket 50 invalid. In the case where there is adequacy between the two identifiers, the central server 12 proceeds with step 430. In step 430, the central server compares the timestamp 64 and the counter 62 to the timestamp and counter associated with the title transport 50 stored on the server 12. [0017] In the case where the timestamp 64 and / or the counter 62 are not equal to their respective copies stored on the server 12, the central server 12 declares the data of the transport ticket 50 invalid. In the opposite case, the central server 12 declares the data of the transport ticket 50 valid. Thanks to the invention described above, the public transport operators can overcome the need to provide specific support for a ticket to each user of their network, the mobile terminal of some of these users can be substituted to such a specific support. In addition, since it is sufficient for the mobile terminal of the user to have a camera and wireless communication means, a large number of existing mobile terminals are likely to be used to implement the invention. Operators will be able to overcome the need to provide specific support for a ticket for a large number of users of their network. In addition, only occasional communication of the mobile terminal 30 with the central server 12 being necessary, the method 100 is particularly suitable for use in spaces where the propagation of electromagnetic waves is bad, such as metro stations. In addition, the method 100 offers good protection against fraud attempts. It is indeed difficult for a fraudster to duplicate the ticket 50 for use on another mobile terminal 30, since the identifier 58 would then no longer correspond to the specific identifier of the mobile terminal 30 on which the ticket 50 would be charged. The replay fraud is also prevented, since the time stamp 64 and the counter 62 carried by the ticket 50 would then no longer correspond to their copies stored in the server memory 12. Finally, the method 100 can be set implemented with great independence from mobile operators, SIM card providers and mobile phone manufacturers, so that public transport operators are not likely to become dependent on these service providers. It will be noted that, in the method 100 described above, the steps 230 and 140 for checking the validity of the ticket 50 by the validator 17 and by the central server 12 each comprise a substep, respectively 310, 420, for comparing the first identifier 58 to a second identifier specific to the mobile terminal 30. In another variant of the invention (not shown), the ticket 50 does not include the first identifier 58, and the substeps 310, 420 are omitted; the signature 54 of the ticket 50 is then calculated by using an identifier specific to the mobile terminal 30 with which the ticket 50 has been purchased, for example the MAC address of the first communication means 32 of said mobile terminal 30. It will be noted that also that, in the method described above, the transport ticket 50 is stored in an unsecured memory 38 of the mobile terminal 30. In another variant of the invention (not shown), the transport ticket 50 is registered in a secure memory of the mobile terminal 30, for example the memory of the SIM card 40 or the memory of an encrypted SD card (of the "Secure Digital"), and the wireless connection established between the mobile terminal 30 and the validator 17 in step 215 is an encrypted connection. Finally, it should be noted that, although the invention has been described in the context of access controls to public transport networks, it is not limited to this area alone, and more broadly concerns all the control systems of public transport networks. access to reserved areas.
权利要求:
Claims (15) [0001] CLAIMS. A method (100) for controlling access to an area reserved by a system (10) for controlling access to the reserved area, the method (100) comprising the following steps: presentation (200) of a terminal mobile (30) at an access control point (14) of the access control system (10), capturing (205) an image (24) carried by the access control point (14), representative of an encoded computer data, by means of a camera (36) of the mobile terminal (30), and decryption (210), by the mobile terminal (30), of the image (24) captured by the camera ( 36) for deriving the encoded computer data, characterized in that the encoded computer data is a unique identifier of the access control point (14), and in that the method (100) further comprises the following steps: establishing (215) a wireless connection (22) between the mobile terminal (30) and the access control point (14) by the mobile terminal (30), by means of the unique identifier of the access control point (14) decrypted, transmission (220) to the access control point (14), by the mobile terminal (30), of a title access (50) to the reserved zone stored in its memory (38), via the wireless connection (22), and control (230) of the validity of the data of said access title (50) by the control point access (14). [0002] 2. An access control method (100) according to claim 1, comprising an additional step of updating (270) the access ticket (50) by the access control point (14), in the memory (38) of the mobile terminal (30) via the wireless connection (22). [0003] An access control method (100) according to claim 2, wherein the updating step (270) comprises a substep (272) of incrementing a first counter (62) included in the access title (50), the method (100) further comprising a step (280) of recording a copy of said counter (62) in a central server (12) of the access control system (10); ). [0004] 4. An access control method (100) according to claim 3, wherein the step of controlling (230) the validity of the access title data (50) by the access control point (14). ) comprises a sub-step (330) for checking the conformity of the value of the counter (62) before incrementing with that of the counter copy recorded on the central server (12), the access title data (50) being declared valid only in the case where such conformity is verified. [0005] The access control method (100) according to claim 3 or 4, wherein the access title (50) comprises a validity timestamp (60), and the control step (230) of the validity of the data of said access ticket (50) by the access control point (14) comprises the following substeps: - reading (315) of the validity limit timestamp (60) of the access ticket ( 50), and - comparing (320) said limit timestamp (60) with the date-time of the presentation time of the mobile terminal (30) at the access control point (14). [0006] 6. An access control method (100) according to claim 5, comprising a step (130) of connection of the mobile terminal (30) to the central server (12) via the Internet, a step (140) for checking the validity. data from the access ticket (50) by the central server (12) and, in the case where the central server (12) concludes the validity of said access ticket data (50), a step (150) of replacing the expiration date stamp (60) of the access ticket (50) with a later limit date-time. [0007] The access control method (100) of claim 6, wherein the step of controlling (140) the validity of the access title data (50) by the central server (12) comprises a step (430) of checking the conformity of the value of the counter (62) with that of the counter copy recorded on the central server (12), the access ticket (50) being declared valid only in the where such conformity is verified. [0008] The access control method (100) according to claim 6 or 7, wherein the step of controlling (140) the validity of the access title data (50) by the central server (12) comprises a sub-step (400) for verifying the data integrity of the access ticket (50), the access ticket (50) being declared valid only in the case where the integrity of said access ticket (50) is checked. [0009] 9. An access control method (100) according to any one of claims 6 to 8, wherein the step of controlling (140) the validity of the data access title (50) by the central server (12) comprises a sub-step (420) of comparison between a first unique identifier (58) included in the access title (50) and a second identifier specific to the mobile terminal (30), for example a MAC address of the terminal mobile (30), the access ticket (50) being declared valid only in case of adequacy between the first and second identifiers. [0010] 10. An access control method (100) according to any one of claims 5 to 9, wherein, in the case where the timestamp (60) is earlier than the date-time of the moment of presentation from the mobile terminal (30) to the access control point (14), the access ticket (50) is declared invalid. [0011] 11. An access control method (100) according to any one of claims 5 to 9, wherein, in the case where the timestamp (60) is earlier than the date-time of the moment of presentation from the mobile terminal (30) to the access control point (14), the access control point (14) connects to the central server (12) to check the conformity of the value of the counter (62) before incrementing to that of the counter copy recorded on the central server (12), the access ticket (50) being declared valid only in the case where such compliance is verified. [0012] The access control method (100) according to any one of claims 2 to 11, wherein the updating step (270) comprises a sub-step (271) of the timestamp of the title of access (50). [0013] 13. An access control method (100) according to any one of the preceding claims, wherein the step of controlling (230) the validity of the data of the access ticket (50) by the control point d access (14) comprises a sub-step (300) for verifying the integrity of the data of the access ticket (50), the access ticket (50) being declared valid only in the case where the integrity of said access ticket (50) is verified. [0014] 14. An access control method (100) according to any one of claims 1 to 13, wherein the step of controlling (230) the validity of the data access title (50) by the point of access control (14) comprises a sub-step (310) of comparison between a first unique identifier (58) included in the access title (50) and a second identifier specific to the mobile terminal (30), for example a MAC address of the mobile terminal, the access ticket (50) being declared valid only in case of adequacy between the first and second identifiers. [0015] 15. An access control method (100) according to claim 8 or 13, wherein the access title (50) comprises a digital signature (54) for the verification of its authenticity, said signature (54) being function an identifier specific to the mobile terminal, for example a MAC address of the mobile terminal.
类似技术:
公开号 | 公开日 | 专利标题 EP1687953B1|2008-01-23|Method for the authentication of applications EP3221815B1|2021-05-19|Method for securing a payment token FR2854303A1|2004-10-29|METHOD FOR SECURING A MOBILE TERMINAL AND METHOD APPLICATIONS, THE EXECUTION OF APPLICATIONS REQUIRING A HIGH SECURITY LEVEL EP3117641B1|2019-04-10|Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal EP1549011A1|2005-06-29|Communication method and system between a terminal and at least a communication device EP2545721B1|2015-06-24|Protection against rerouting in an nfc circuit communication channel WO2006056669A1|2006-06-01|Method of securing a telecommunication terminal that is connected to terminal user identification module FR2993382A1|2014-01-17|SECURE ELECTRONIC ENTITY FOR THE AUTHORIZATION OF A TRANSACTION FR2989799A1|2013-10-25|METHOD FOR TRANSFERRING A DEVICE TO ANOTHER RIGHTS OF ACCESS TO A SERVICE EP3189485A1|2017-07-12|Electronic ticket management FR2765985A1|1999-01-15|METHOD FOR MANAGING A SECURE TERMINAL EP1368716B1|2005-02-09|Anti-cloning method WO2016207715A1|2016-12-29|Secure management of electronic tokens in a cell phone EP3095223B1|2022-03-16|Method of transmitting encrypted data, method of reception, devices and computer programs corresponding thereto EP2369780B1|2018-09-12|Method and system for validating a transaction, and corresponding transactional terminal and programme WO2000042731A1|2000-07-20|Method for secure data loading between two security modules EP2471237B1|2013-06-05|Mobile electronic device configured to establish secure wireless communication FR3060161A1|2018-06-15|TECHNIQUE FOR MANAGING A RIGHT OF ACCESS TO A SERVICE FOR A COMMUNICATOR DEVICE FR2856497A1|2004-12-24|Virtual prepaid card usage code determining process, involves selecting user number associated with selected serial number, and using selected user number during certificate generation time, to determine specific usage WO2016087754A1|2016-06-09|Method implemented in an identity document and associated identity document WO2007085726A1|2007-08-02|Certification with distributed certification authority FR2933560A1|2010-01-08|ELECTRONIC CERTIFICATION DEVICE
同族专利:
公开号 | 公开日 WO2015135793A1|2015-09-17| CA2941313A1|2015-09-17| AU2015230197A1|2016-09-29| ES2734723T3|2019-12-11| EP3117641B1|2019-04-10| US10491600B2|2019-11-26| EP3117641A1|2017-01-18| ZA201606156B|2017-11-29| US20170019413A1|2017-01-19| DK3117641T3|2019-07-15| FR3018655B1|2017-08-25|
引用文献:
公开号 | 申请日 | 公开日 | 申请人 | 专利标题 US20020043566A1|2000-07-14|2002-04-18|Alan Goodman|Transaction card and method for reducing frauds| EP1276081A2|2001-07-14|2003-01-15|Bundesdruckerei GmbH|Ticket system| WO2008062179A2|2006-11-23|2008-05-29|Philip Wesby|System and method for data acquisition and processing| EP2306692A1|2009-10-02|2011-04-06|Research In Motion Limited|Methods and devices for facilitating bluetooth pairing using a camera as a barcode scanner| US20110208645A1|2010-02-24|2011-08-25|Cubic Corporation|Virtual fare card and virtual fare device| GB2485442A|2010-10-26|2012-05-16|Cubic Corp|Analysis of transport identifier data to recognize potential patterns, relationships or sequences that could represent misuse of an account|CN111192383A|2020-01-09|2020-05-22|广州视声智能科技有限公司|Bluetooth technology-based access control management method and Bluetooth access control equipment|US6347338B1|1997-11-26|2002-02-12|International Business Machines Corporation|Precomputed and distributed security system for a communication network| US10129261B2|2004-06-23|2018-11-13|Nokia Technologies Oy|Method for serving location information access requests| US8271789B2|2004-08-13|2012-09-18|Scheidt & Bachmann Gmbh|System and method for managing usage authorizations based on the use of smart cards| US20090022314A1|2005-02-10|2009-01-22|Ntt Docomo , Inc.|Information processing device, read terminal, non-public information read system, non-public information read method, information processing program, and non-public information read program| US20060268902A1|2005-05-24|2006-11-30|Cingular Wireless Ii, Llc|Dynamic dual-mode service access control, location-based billing, and e911 mechanisms| JPWO2007007546A1|2005-07-08|2009-01-29|日本電気株式会社|Terminal, security setting method, and program thereof| KR100755435B1|2005-10-04|2007-09-04|삼성전자주식회사|Digital broadcasting conditional access terminal and method thereof| US8353052B2|2007-09-03|2013-01-08|Sony Mobile Communications Ab|Providing services to a guest device in a personal network| US20100246902A1|2009-02-26|2010-09-30|Lumidigm, Inc.|Method and apparatus to combine biometric sensing and other functionality| US8621203B2|2009-06-22|2013-12-31|Nokia Corporation|Method and apparatus for authenticating a mobile device| US8879994B2|2009-10-02|2014-11-04|Blackberry Limited|Methods and devices for facilitating Bluetooth pairing using a camera as a barcode scanner| US9041511B2|2011-05-03|2015-05-26|Verizon Patent And Licensing Inc.|Facility management using mobile devices| US8943605B1|2012-01-25|2015-01-27|Sprint Communications Company L.P.|Proximity based digital rights management| US8933776B2|2012-07-20|2015-01-13|Qualcomm Incorporated|Relative positioning applications in wireless devices| EP2883370B1|2012-08-09|2018-03-21|Sony Interactive Entertainment Inc.|Information processing terminal, information processing method, program, and information storage medium|CN106127890A|2016-06-17|2016-11-16|北京千丁互联科技有限公司|Control of bluetooth access equipment, Bluetooth terminal, control of bluetooth access management system and method| JP2020162015A|2019-03-27|2020-10-01|セイコーエプソン株式会社|Printer and radio connection method| IT201900015701A1|2019-09-05|2021-03-05|Foodea Lab S R L|COMPUTER-IMPLEMENTED METHOD AND SYSTEM FOR SECURE IDENTIFICATION OF DISCONNECTED OBJECTS AND THEIR LOCATIONS.|
法律状态:
2016-03-31| PLFP| Fee payment|Year of fee payment: 3 | 2017-03-31| PLFP| Fee payment|Year of fee payment: 4 | 2018-03-30| PLFP| Fee payment|Year of fee payment: 5 | 2018-09-21| TP| Transmission of property|Owner name: REVENUE COLLECTION SYSTEMS FRANCE SAS, FR Effective date: 20180822 | 2020-03-31| PLFP| Fee payment|Year of fee payment: 7 | 2021-12-10| ST| Notification of lapse|Effective date: 20211105 |
优先权:
[返回顶部]
申请号 | 申请日 | 专利标题 FR1400597A|FR3018655B1|2014-03-12|2014-03-12|METHOD FOR CONTROLLING ACCESS TO A RESERVED AREA WITH CONTROL OF THE VALIDITY OF A STOCKETED ACCESS TITLE IN THE MEMORY OF A MOBILE TERMINAL|FR1400597A| FR3018655B1|2014-03-12|2014-03-12|METHOD FOR CONTROLLING ACCESS TO A RESERVED AREA WITH CONTROL OF THE VALIDITY OF A STOCKETED ACCESS TITLE IN THE MEMORY OF A MOBILE TERMINAL| EP15707634.0A| EP3117641B1|2014-03-12|2015-03-03|Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal| US15/124,423| US10491600B2|2014-03-12|2015-03-03|Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal| PCT/EP2015/054376| WO2015135793A1|2014-03-12|2015-03-03|Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal| CA2941313A| CA2941313A1|2014-03-12|2015-03-03|Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal| AU2015230197A| AU2015230197A1|2014-03-12|2015-03-03|Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal| ES15707634T| ES2734723T3|2014-03-12|2015-03-03|Access control procedure to a reserved area with validity control of an access title stored in the memory of a mobile device| DK15707634.0T| DK3117641T3|2014-03-12|2015-03-03|Method for controlling access to a defined area with control of the validity of an access permission stored in the memory of a mobile terminal| ZA2016/06156A| ZA201606156B|2014-03-12|2016-09-06|Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal| 相关专利
Sulfonates, polymers, resist compositions and patterning process
Washing machine
Washing machine
Device for fixture finishing and tension adjusting of membrane
Structure for Equipping Band in a Plane Cathode Ray Tube
Process for preparation of 7 alpha-carboxyl 9, 11-epoxy steroids and intermediates useful therein an
国家/地区
|