The present invention relates generally to wireless electromechanical locks, and more particularly to batteryless timekeeping for wireless electromechanical locks.
Electromechanical locks use a combination of electronic and mechanical components, typically including an electronic controller, a mechanical locking mechanism, and an electronic actuator capable of switching mechanical components between locked and unlocked states. Mechanical locking mechanisms may comprise, for instance, mechanical bolts and strikes. Some electronic actuators entirely open and close locks, such as by shifting a bolt. Other electronic actuators only release pins or catches so that an operator may open the lock. In either case, electronic actuators are controlled by electronic controllers, which respond to user inputs such as RFID information, passkeys, or other digital certificates. Controllers process and authenticate user inputs, and command electronic actuators to open or close accordingly. Electromechanical locks are conventionally powered with batteries, or by wired connection to a power grid.
Some electromechanical locks incorporate timekeepers such as real time clocks, enabling authentication procedures to depend on time. Such a lock might be configured, for instance, to allow the bearer of a particular digital certificate access into a restricted area only at certain times of day, or on certain days of each month. It is essential for such purposes that the electromechanical lock controller be provided with a trusted time, and not rely on operator-supplied or otherwise unsecured time values for certification.
Some electromechanical locks utilize near field communication (NFC) to communicate wirelessly with an operator. An operator-side interface device can inductively power the electromechanical lock for the duration of certification, thus allowing the lock to dispense with batteries and wired grid connections, reducing maintenance requirements and simplifying installation. Because NFC locks only receive power during intermittent interaction with an operator-side NFC initiator, however, a conventional continuous timekeeper such as a continuously active real time clock cannot be used. As a result, the prior art does not support trusted timekeeping for batteryless locks.
The present invention is directed to an electronic lock controller with a trusted time provider, a near field communication transceiver, and a logic processor. The trusted time provider provides a trusted time value. The near field communication transceiver receives power and a digital credential from an operator-side interface device. The logic processor produces an open or close command for an electromechanical lock based on the trusted time value and the digital credential. The electronic lock controller is powered solely by the near field communication transceiver.
a is a plot of register time vs. actual time for the method of
b is a plot of register time vs. actual time for the network of
Wireless lock network 10 includes devices in direct or indirect wireless communication with electromechanical lock 12. Electromechanical lock 12 is a NFC-capable lock having mechanical and electronic parts. Interface device 14 is an operator-side NFC-capable device for supplying a digital credential to electromechanical lock 12. Interface device 14 may be a dedicated lock controller, such as a NFC fob or remote, or a generic device such as a NFC-capable smartphone running appropriate software. To open electromechanical lock 12, an operator transmits a digital credential from interface device 14 to electromechanical lock 12. Electromechanical lock 12 is powered inductively by interface device 14, and includes no batteries or wired grid connection.
Interface device 14 inductively powers electromechanical lock 12 and communicates with processor 24 via NFC transceiver 22. Processor 24 validates a digital credential from interface device 14 in light of a trusted time, and commands actuator 18 to engage or disengage locking mechanism 20 accordingly. Locking mechanism 20 may be, for instance, a sliding bolt. To conserve power, actuator 18 may only set or release pins or catches of locking mechanism 20, enabling an operator to fully disengage or engage locking mechanism 20 manually.
Processor 24 of electromechanical lock 12 determines the present time with an acceptable degree of accuracy using a trusted time acquisition method, as described hereinafter. (Step 34). Using this trusted time, the lock authenticates the digital credential and transmits a response to interface device 14 indicating whether or not the digital credential is accepted. (Step 36). A digital credential may be authorized to open electromechanical lock 12 only during certain times, or before a certain date, in which case the digital credential may be rejected if the trusted time falls outside of this authorized time period. If the credential is accepted, processor 24 commands actuator 18 to engage or disengage locking mechanism 20, unlocking and allowing the operator to open electromechanical lock 12. (Step 38).
Controller 16 runs on induced power from interface device 14, and does not rely on batteries or wired grid connections for power. Actuator 18 may also be powered by interface device 14. Controller 16 includes some means of acquiring a trusted time for use in authenticating a digital certificate, as disclosed hereinafter.
Real time clock server 40 is a device comprising a real time clock and a wireless transceiver. Real time clock server 40 tracks the current time and is not directly accessible to the operator of electromechanical lock 12. Real time clock server 40 may be located locally or remotely from electromechanical lock 12. Real time clock server 40 may, for instance, be a web server, or a server at a remote broadcasting station or an artificial satellite. Alternatively, real time clock server 40 may be a local, low-power wireless device such as a fob carried by a user, or local wireless server in a region secured by electromechanical lock 12.
In one embodiment, real time clock server 40 provides a timestamped digital credential to interface device 14 periodically, or on demand. Each time stamped credential includes a digitally signed timestamp indicating the time (according to real time clock server 40) at which the credential was issued. Each credential may be valid only for a limited duration, or for a predetermined number of uses.
In one embodiment, low power timer 44 is energized inductively with each NFC interaction between electromechanical lock 12 and interface device 14. Low power timer 44 may be an extremely low power conventional timekeeper which draws on order 200 nA or less from a storage capacitor, or a decay timer which estimates time elapse based on charge decay of a storage capacitor. Low power timer 44 is used to periodically or continuously update the register time stored in register 42, thereby supplementing the “high water mark” method described above, and providing a more continuous and more accurate trusted time. Low power timer 44 can operate for several hours or days after charging inductively with NFC interaction between electromechanical lock 12 and interface device 14. Should low power timer 44 run out of energy and stop, register 42 will cease being updated until the next NFC interaction between electromechanical lock 12 and interface device 14, effectively reverting to the previously described embodiment without low power timer 44.
a and 5b are graphs of the time stored in register 42 versus actual time, indicating when certificates are received.
Real time clock server 40 produces a certified time CT in response to transaction code TC, and sends certified time CT to interface device 14. (Step 204). Certified time CT comprises a real time clock value and a validation certificate specific to transaction code TC. Interface device 14 forwards certified time CT to electromechanical lock 12 (Step 206), where processor 24 of electromechanical lock validates the certified time CT based on transaction code TC. If validation indicates that certified time CT is genuine, controller 16 of electromechanical lock 12 accepts certified time CT as a trusted time.
The embodiments of lock networks 10a and 10b may be combined. In one such combination, controller 16 checks the elapsed time on timer 44 (as described above with respect to
The embodiments of lock networks 10a and 10c may be combined, much like the embodiments of lock networks 10a and 10b, and to substantially the same effect.
Several methods have been presented for providing trusted time for electromechanical lock 12. In some embodiments, electromechanical lock 12 may be capable of performing a plurality of these methods. Electromechanical lock 12 may, for instance, select a method for providing trusted time according to availability of particular real time clock servers, on according to instructions from interface device 14. In one embodiment, the digital certificate transmitted by interface device 14 specifies a method for providing trusted time from among a list of methods electromechanical lock 12 is capable of performing.
Similarly, multiple real time clock servers 40 may be directly or indirectly available to electromechanical lock 12. Electromechanical lock 12 may select a real time clock server 40 based on circumstances such as signal strength, or based on outside instructions, such as instructions carried in the digital certificate transmitted from interface device 14.
The preceding methods for providing a trusted time require very little power expenditure, yet offer adequate long term accuracy. This low power draw enables electromechanical lock 12 is able to be powered by power scavenging system 50 and NFC power induction from interface device 14, alone, thereby avoiding the maintenance and replacement costs of batteries, and the installation challenges associated with wired grid connection.
While the invention has been described with reference to an exemplary embodiment(s), it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from the essential scope thereof. Therefore, it is intended that the invention not be limited to the particular embodiment(s) disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
Number | Name | Date | Kind |
---|---|---|---|
5397884 | Saliga | Mar 1995 | A |
6680877 | Lienau | Jan 2004 | B1 |
20070200665 | Studerus | Aug 2007 | A1 |
20080116746 | Hein | May 2008 | A1 |
20090207701 | Jacques | Aug 2009 | A1 |
20100073129 | Pukari | Mar 2010 | A1 |
20110035604 | Habraken | Feb 2011 | A1 |
Number | Date | Country |
---|---|---|
196 33 159 | Feb 1998 | DE |
197 49 081 | May 1999 | DE |
1 981 003 | Oct 2008 | EP |
2006098690 | Sep 2006 | WO |
Entry |
---|
Partial International Search Report for International Application No. PCT/US2012/034521 filed Apr. 20, 2012 (7 pages). |
Number | Date | Country | |
---|---|---|---|
20120270496 A1 | Oct 2012 | US |