| 摘要 |
Provided is a method for access control, performed by an access control apparatus, including obtaining access authorisation information that is communicated to the access control apparatus having at least one access authorization parameter and first check information; using at least the communicated access authorisation parameters, the communicated first check information and a second key from a key pair, which second key is stored in the access control apparatus, to perform a first check on whether the communicated first check information has been produced by performing cryptographic operations by means of access authorisation parameters corresponding to the communicated access authorisation parameters using at least one first key from the key pair, and deciding whether access can be granted, based on the first check delivers a positive result and it is established that at least one predefined set of the communicated access authorisation parameters respectively provides access authorisation. |
| 主权项 |
1. An access control apparatus comprising at least one processor and at least one memory that includes program code, wherein the memory and the program code are configured to cause the access control apparatus with the at least one processor to perform and/or control:
obtaining access authorization information communicated to the access control apparatus and comprising at least one or more access authorization parameters and first check information, first checking, using at least the communicated access authorization parameters, the communicated first check information and a second key of a symmetrical or asymmetrical key pair, said second key being stored in the access control apparatus, as to whether the communicated first check information was generated by performing cryptographic operations on access authorization parameters corresponding to the communicated access authorization parameters using at least a first key of the key pair, deciding whether access is permitted to be granted, wherein necessary conditions for granting access are that the first checking yields a positive result and that it is determined that at least one predefined set of the communicated access authorization parameters, in view of respective pieces of reference information present in the access control apparatus at least at the time of the first checking, respectively authorize for access. wherein the access control apparatus constitutes an access control apparatus from a plurality of access control apparatuses, wherein a second key of a symmetrical or asymmetrical individual key pair is stored in the access control apparatus, said second key being stored on none of the other access control apparatuses of the plurality of access control apparatuses, and
wherein the second key of the key pair that is used in the first checking is the second key of the individual key pair, orwherein a second key of a symmetrical or asymmetrical group key pair is, in addition to said second key of said individual key pair, stored in the access control apparatus, said second key of said group key pair being different than the second key of the individual key pair and being stored in all access control apparatuses of a group of access control apparatuses from the plurality of access control apparatuses, wherein said group of access control apparatuses comprises the access control apparatus, and the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair. |
