Sign In to Follow Application
View All Documents & Correspondence

Internet Of Things (Iot) Based Dual Mode Smart Lock System Design Using Crypto Techniques For Granting Time Bound Access With Or Without The Internet Connectivity Or Pre Storing Of Any Access Keys In The Lock

Abstract: For any home owner or property owner it is really a problem if he/she has to leave the work to receive the guest or wait for some visitor to drop in. Similarly if any property owner is in renting business he hasto run every time tohandover/take over the keys from the tenants. Same goes for the staff managed properties wherein the staff often misuses the room facilities as there is no check on the room access. Similarly providing remote access to any property/building/machine/vehiclewhere  there  is  no  mobile  connectivity  or  internet connection hadalways been an issue. Any pre-defined keys stored in the lockor some standards combinations once shared would compromise the lock. Hence,a way was needed to enablesharing of time bound non repetitive KEYsthrough online methodsand also ensure that the access control hardware like locks etc would accept that KEYwithout any need to push/store the same beforehandevery time in the locksystemthereby making it a true offline access system which can identify its KEYwithout being connected to internet. Hence an intelligent and adapted version of hash-based message authentication code (HMAC) -One-Time Password Algorithmas described in RFC4226 and TOTPTime-Based One-Time Password Algorithmas described in RFC6238 is used to design such a system for granting offline access to the properties for management of properties/devices etc

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
28 November 2019
Publication Number
22/2021
Publication Type
INA
Invention Field
COMPUTER SCIENCE
Status
Email
sav@sgintellectual.com
Parent Application

Applicants

Silop Smart Automation Technologies Pvt Ltd
E-561A, 3RD FLOOR, JR PLAZA, PALAM EXTENSTION, SECTOR-7, DWARKA, NEW DELHI – 110075

Inventors

1. RAJNISH BHATIA
A-904,PRAGATI APARTMENT PLOT No. 5C, SECTOR-11, DWARKA, NEW DELHI-110075

Claims

2. The system as claimed in claim 1, wherein the system is adapted to provide an easy and efficient access ecosystem consisting of cloud servers and smart lock to the owner in which the owner can share, withdraw and extend the smart locks ACCESS KEYS online through the mobile or web application to the visitor without the need to be physically present near the smart lock

3. The system as claimed in claim 1, wherein the system is adapted to provide an easy and efficient means to the owner of the smart locks to set the time validity of the ACCESS KEYS like From-To, One Time, Permanent & Recurring. The ACCESS KEYS can even be set in future.

4. The system as claimed in claim 1, wherein the system is adapted to pair the smart lock and the server only once for the secret key exchange. Thereafter the smart Lock need not be connected to internet, mobile or GSM network to be operated. The Smart Lock can operate independently and is not connectivity dependent thereafter to operate for KEY operation. This makes it very secure and also be able to deploy in remote areas where the access is to be granted to a property without the need for the internet at the smart lock site.

5. The system as claimed in claim 1, wherein the system is adapted to intelligently implement HMAC & TOTP algorithms with suitable modifications in an innovative way to design the implemented algorithms and ACCESS KEYS in a unique way so as to provide a user friendly way to operate locks to manage access to any property, building, equipment, vehicle or anything of that sort where this technology can be implemented.

6. The system as claimed in claim 1, operate through complex algorithms, Crypto Keys & MAC Keys for authentication and validation of the KEY in encrypted form without the need to pre-store or pushing the KEY into the Smart Lock every time the KEY is generated. So the access system is not based on KEY matching but on the authentication & validation process though Crypto Algorithms happening at the server and the smart lock independently.

7. The system as claimed in claim 1, wherein the system is adapted to prevent the use or maintain multiple physical KEYS for a smart lock.

8. The system as claimed in claim 1, wherein the system is adapted to provide the owner to manage multiple locks, users and keys from the ease of a single application.

9. The system as claimed in claim 1, wherein the system is adapted to provide a means to the owner to delegate the roles for further issue of ACCESS KEYS. 10.The system as claimed in claim 1, wherein the system is adapted to provide a multiple options to the any user to communicate ACCESS KEYS to the smart lock, which includes RF ACCESS KEY propagated through Bluetooth/Wi-fi using Mobile application; Numeric ACCESS KEY entered through the Keypad; or QR ACCESS KEY : through mobile or a print out on page. 11.The system as claimed in claim 1, wherein the system is adapted to provide an owner the notifications and logs on smart lock operations.

Specification

The present invention relates to a fully automated Internet of Things Cloud based smart access system like locks etc that would provide an efficient way of granting access to the properties, buildings, equipment, vehicles etc through the time bound keys which could be shared online electronically without the need for handing/taking over the physical keys and without the need for the smart lock to be connected to the internet or GSM network. The operating keys will be generated with special techniques using modified hash & timed based algorithms at the back end. The keys would be communicated to the lock through wireless means or through Numeric keypad or QR Coding. The access system would verify the keys and operate in standalone mode without the need for net connectivity.
Backfiround of the Invention
For any home owner or property owner it is really a problem if he/she has to leave the work to receive the guest or wait for some visitor to drop in. Similarly if any property owner is in renting business he has to run every time to handover/take over the keys from the tenants. Same goes for the staff managed properties wherein the staff often misuses the room facilities as there is no check on the room access. Similarly providing remote access to any property/building/machine/vehicle where there is no mobile connectivity or internet connection had always been an issue. Any pre-defined keys stored in the lock or some standards combinations once shared would compromise the lock. Hence, a way was needed to enable sharing of time bound non repetitive KEYs through online methods and also ensure that the access control hardware like locks etc would accept that KEY without any need to push/store the same beforehand every time in the lock system thereby making it a true offline access system which can identify its KEY without being connected to internet. Hence an intelligent and adapted version of hash-based message authentication code (HMAC) - One-Time Password Algorithm as described in RFC4226 and TOTP Time-Based One-Time Password Algorithm as described in RFC6238 is used to design such a system for granting offline access to the properties for management of properties/devices etc.
Objects of The Invention
Objective One: To design a system that would provide an easy and efficient means of granting offline/online time bound access to the properties/buildings/vehicles using combination of hardware and software through sharing the ACCESS KEYS (AK) online/remotely

Objective Two: To design a Lock owner-user-admin eco system for sharing, deleting, extending of ACCESS KEYS online for multiple Locks. The ACCESS KEYS would be time bound or one time or of recurring nature.
Objective Three: To design the system in such a way that the Lock can decipher the ACCESS KEYS in standalone manner through Crypto Techniques and take the actions without any need of net connectivity or any connectivity to cloud server.
Objective Four: To have unique access key generation software that would generate unique ACCESS KEYS each time depending upon the variable parameters.
Objective Five: To provide user multiple options of communicating the ACCESS KEYS to the access Locks i.e. through key pad, though wireless connectivity, through QR code mechanism and any other as needed.
Objective Six: To provide lock owner to manage multiple properties, multiple locks and multiple lock users.
Summary
An embodiment of the present invention discloses an Internet of Things (loT) enabled cloud-based smart locking system having an ecosystem of Hardware locking mechanism with appropriate embedded software capable of decrypting the key and taking actions, the Lock owner, Lock User, Server and the Client Application (Mobile/Desktop).
Another embodiment of the present invention presents a unique and more practical way of generating the ACCESS KEYS at the server end using RFC4226/6238 algorithms as adapted and modified in this invention. The ACCESS KEY is generated on demand by the owner. The ACCESS KEYS is then communicated to the Lock which then checks the code validity and take action accordingly.

In another embodiment of the invention the ACCESS KEYS can be in electronic form or QR code form or human readable form. These can communicate to the access system through Wireless connectivity (Bluetooth/Wi-Fi/RF/IR etc), QR Scanner and keypad respectively.
Brief Description of the Drawinfis
Figure 1 shows the pictorial view of the system function
Figure 2 illustrates the generic architecture according to an embodiment of the present invention.
Figure 3 shows the physical components of the access system in detail with different modes of communicating the access key to the hardware.
Figure 4 shows the complete cycle.
Figure 5 shows the initialization process
Figure 6 shows the Key Request & Action process
Detailed Description of the Invention
Figure 1 shows a pictorial view of the entire system. The access system owner generates the ACCESS KEYS and share with the intended visitor/guest. The visitor using the ACCESS KEYS sent on his mobile in the form of electronic/Numeric/QR Code can then use that to gain entry through the access system. The access system by itself need not be connected to the internet post initialization.
Figure 2 illustrates the generic architecture according to an embodiment of the present invention. The access lock system connects to the mobile and can also connect with the Gateway (optional) via Bluetooth or Wi-Fi and also directly with Wi-Fi/GSM (optional). The Gateway connects to the local Wi-Fi network. The Mobile and Gateway connects with our Cloud Server where our complex algorithm manages access system operations and the users.
The access system gets synchronized with the cloud through mobile and/or the Gateway. Once synchronized the access system can even operate in standalone mode. The keys are either

communicated to the access system through mobile or through Gateway directly wirelessly or the key can be punched in directly into the lock physically.
Gateways, though optional, are needed for Real-Time remote communication with access system. A Gateway connects to User local WiFi and communicates with access system using Bluetooth/Wi-fi/other wireless techniques.
User would need a Gateway/direct Wi-Fi/GSM connectivity to:
> Remotely operate the access system in person by the operator
> Remotely Delete a Live KEY (numeric/QR) issued earlier
> Remotely Change the Time on the access system
> Get Real-time Notification
Figure 3 shows the physical components of the access system.
(a) Main board: consists of main program to decipher the ACCESS KEYS and send out the control signals
(b) Key pad: To enter the human readable numeric ACCESS KEYS
(c) QR Scanner: To accept the ACCESS KEYS in the form of QR code
(d) RF Transmitter receiver: To send the data and receive the ACCESS KEYS
(e) Clock: Time keeping for accurate deciphering of access key validity
Figure 4 shows the complete cycle according to an embodiment of the present invention.
The client application creates its profile details at the server. When lock is first paired through the client application the lock details are sent to the server. An Owner ACCESS KEYS is automatically generated on the owner application. If owner wants to share key with third party he/she request key from the server which can then be shared by the owner to the third party
Figure 5. Shows the initialization phase:-
Step 1 : The client application is registered on the server through unique key exchange to identify the application and the client
Step 2: The client application then looks for the locks in the vicinity through Bluetooth/Wi-fi and add the desired lock to the server. The application reads the device parameters.

Step 3: The device parameters are then transferred to the server
Step 4/5: A unique Crypto Secret Key (CSK) is then generated and transferred to the lock device through the application. Along with that another MAC KEY is generated and transferred to the lock device for authenticating the ACCESS KEY
From this point on, both the mobile application and access system are independent of each other because the access system knows the algorithm and crypto key to decipher any opening key that has been generated by the client application.
The Crypto key can be updated or changed depending upon the need and necessity
Figure 6. Following actions take place during the exchange phase:-
Step 1: Owner Client Application requests for ACCESS KEYS from server sending validity time for a particular access device and a particular receiver pre-registered user account in case of Electronic Key. For QR and Numeric Key no pre-registration is needed. Following types of ACCESS KEYS can be generated:
> Timed: Owner specifies the Start Date and Time and End Date and Time.
> Permanent: these are predefined ACCESS KEYS with minimum one year validity.
> Cyclic : Pattern/Recurring Everyday 2:00pm to 4:00pm, or Every Tuesday, Thursdays, Sunday between 3:00pm - 6:00pm)
> One Time : For only one time access
> Delete: To erase all pre-generated Keys
Step 2: The server generates ACCESS KEYS and sends it to the receiver user account
Step 3: The key receiver User then communicates the ACCESS KEYS to the access device like lock which decrypts the key and take the action of opening/denying the access device
Step 4: The success/failure is then communicated back to the receiver user and the owner application
ACCESS KEYS generation process at the Server end The ACCESS KEYS are divided into two three part codes:

Part 1: Authentication code of the ACCESS KEY. This is TOTP generated using HOTP using Crypto Secret Key (CSK) for that particular lock and the time parameters
Part 2: Window Code: Time Window of the ACCESS KEY needed to loop back and check the validity of the TOTP
Part 3; Type code of ACCESS KEY to indicate the type of action needed to be taken by the Lock
AAAAAA WWW TT
(Authentication TOTP) (Validation Window Code) (Type Code)
The process uses the standard open algorithm RFC4226 for generating HOTP: An HMAC-Based One-Time Password Algorithm-SHA256/512 with Crypto Secret Key generated by the server at the time of a particular lock initialization and then generating TOTP Time-Based One-Time Password Algorithm using RFC6238 algorithms with modified parameters.
Counter is the function of current/From time validity of the ACCESS KEYS divided by the time least count
For the invention purpose we are modifying the value of the time step as 1800000 milliseconds to 3600000 milliseconds
Step 1: Generate an HMAC-SHA-256/512 value using Crypto Secret Step 2: Generate a 4-byte string (Dynamic Truncation) Step 3: Compute an HOTP value
Basically, we define TOTP as TOTP = HOTP (CSK, counter + window), where TS is an integer and represents the number of time steps between the initial counter time TO and the current Unix time.
More specifically, Counter = (Current Unix time - TO) / TS, where the default floor function is used in the computation.
Window code is generated using a special algorithm which indicates the time period of validity, based on which the back calculations for validation.

Type of Key code is as follows:-
OneTime - 0
Timed - 1
Erase All - 2
Recurring - 3-9
The intermediate ACCESS KEYS is in the form
AAAAAAAAWWWT
The Access Key is further added with the hashed MAC to ensure that the message is not spoofed. The final ACCESS KEY is in the form
AAAAAAAAWWWTMAC
This ACCESS KEY can then will be communicated to the lock in the form of Numeric Key/QR Key/RF Key as the case may be. The Numeric Key will be in human readable form.
ACCESS KEYS decryption process at the device end
Soon the ACCESS KEY is communicated to the lock it first carries out authentication process through MAC KEY and then extracts the TOTP, Window and Type code from the ACCESS KEY. It checks for any previous entry in the local data base. If it exists then it take actions as per the type of the ACCESS KEY.
If none then uses TOTP procedure to verify the authenticity of the ACCESS KEY based on the authentication code and the window code. Once verified it then takes action as per the access code type.
Various ACCESS KEYS are handled as follows:-
One Time: Entered into local database so as to reject the same ACCESS KEY if entered again
within the same time step.
Timed: Entered in the database with validity time to enable quick operation during next input
upto the valid time
Recurring: entered into database with details
Erase : Erase all the previous passwords

We claim:

1.An Internet of Things (loT) enabled cloud-based Access Control Systems and Locks which
can operate both online and offline, comprising of all or few of the following items
a processing unit adapted to include one or more instructions along with data for controlling the lock;
a Bluetooth/Wi-Fi module to communicate with the Bluetooth devices and the Wi-Fi router for exchange of data and RF ACCESS KEYS;
a keypad to enter the Numeric ACCESS KEYS;
a QR Scanner to accept the QR ACCESS KEYS; and
a power supply which can be battery or the adaptor.
2. The system as claimed in claim 1, wherein the system is adapted to provide an easy and efficient access ecosystem consisting of cloud servers and smart lock to the owner in which the owner can share, withdraw and extend the smart locks ACCESS KEYS online through the mobile or web application to the visitor without the need to be physically present near the smart lock
3. The system as claimed in claim 1, wherein the system is adapted to provide an easy and efficient means to the owner of the smart locks to set the time validity of the ACCESS KEYS like From-To, One Time, Permanent & Recurring. The ACCESS KEYS can even be set in future.
4. The system as claimed in claim 1, wherein the system is adapted to pair the smart lock and the server only once for the secret key exchange. Thereafter the smart Lock need not be connected to internet, mobile or GSM network to be operated. The Smart Lock can operate independently and is not connectivity dependent thereafter to operate for KEY operation. This makes it very secure and also be able to deploy in remote areas where the access is to be granted to a property without the need for the internet at the smart lock site.

5. The system as claimed in claim 1, wherein the system is adapted to intelligently implement HMAC & TOTP algorithms with suitable modifications in an innovative way to design the implemented algorithms and ACCESS KEYS in a unique way so as to provide a user friendly way to operate locks to manage access to any property, building, equipment, vehicle or anything of that sort where this technology can be implemented.
6. The system as claimed in claim 1, operate through complex algorithms, Crypto Keys & MAC Keys for authentication and validation of the KEY in encrypted form without the need to pre-store or pushing the KEY into the Smart Lock every time the KEY is generated. So the access system is not based on KEY matching but on the authentication & validation process though Crypto Algorithms happening at the server and the smart lock independently.
7. The system as claimed in claim 1, wherein the system is adapted to prevent the use or maintain multiple physical KEYS for a smart lock.
8. The system as claimed in claim 1, wherein the system is adapted to provide the owner to manage multiple locks, users and keys from the ease of a single application.
9. The system as claimed in claim 1, wherein the system is adapted to provide a means to the owner to delegate the roles for further issue of ACCESS KEYS.
10.The system as claimed in claim 1, wherein the system is adapted to provide a multiple options to the any user to communicate ACCESS KEYS to the smart lock, which includes RF ACCESS KEY propagated through Bluetooth/Wi-fi using Mobile application; Numeric ACCESS KEY entered through the Keypad; or QR ACCESS KEY : through mobile or a print out on page.

11.The system as claimed in claim 1, wherein the system is adapted to provide an owner the notifications and logs on smart lock operations.

Documents

Application Documents

# Name Date
1 201911048995-FORM FOR STARTUP [28-11-2019(online)].pdf 2019-11-28
2 201911048995-FORM FOR SMALL ENTITY(FORM-28) [28-11-2019(online)].pdf 2019-11-28
3 201911048995-FORM 1 [28-11-2019(online)].pdf 2019-11-28
4 201911048995-EVIDENCE FOR REGISTRATION UNDER SSI(FORM-28) [28-11-2019(online)].pdf 2019-11-28
5 201911048995-DRAWINGS [28-11-2019(online)].pdf 2019-11-28
6 201911048995-COMPLETE SPECIFICATION [28-11-2019(online)].pdf 2019-11-28
7 201911048995-FORM 3 [29-11-2019(online)].pdf 2019-11-29
8 201911048995-ENDORSEMENT BY INVENTORS [29-11-2019(online)].pdf 2019-11-29
9 201911048995-Power of Attorney.pdf 2019-12-09
10 Abstract.jpg 2019-12-14