최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0162314 (2016-05-23) |
등록번호 | US-9940768 (2018-04-10) |
우선권정보 | DE-10 2013 113 554 (2013-12-05); DE-10 2014 105 243 (2014-04-11) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 4 |
Provided is a method for access control, performed by an access control apparatus, including obtaining access authorization information that is communicated to the access control apparatus having at least one access authorization parameter and first check information; using at least the communicated
Provided is a method for access control, performed by an access control apparatus, including obtaining access authorization information that is communicated to the access control apparatus having at least one access authorization parameter and first check information; using at least the communicated access authorization parameters, the communicated first check information and a second key from a key pair, which second key is stored in the access control apparatus, to perform a first check on whether the communicated first check information has been produced by performing cryptographic operations by means of access authorization parameters corresponding to the communicated access authorization parameters using at least one first key from the key pair, and deciding whether access can be granted, based on the first check delivers a positive result and it is established that at least one predefined set of the communicated access authorization parameters respectively provides access authorization.
1. A method for access control, performed by an access control apparatus, the method comprising: obtaining access authorization information communicated to the access control apparatus and comprising at least one or more access authorization parameters and first check information,first checking, usi
1. A method for access control, performed by an access control apparatus, the method comprising: obtaining access authorization information communicated to the access control apparatus and comprising at least one or more access authorization parameters and first check information,first checking, using at least the communicated access authorization parameters, the communicated first check information and a second key of a symmetrical or asymmetrical key pair, said second key being stored in the access control apparatus, as to whether the communicated first check information was generated by performing cryptographic operations on access authorization parameters corresponding to the communicated access authorization parameters using at least a first key of the key pair,deciding whether access is permitted to be granted, wherein necessary conditions for granting access are that the first checking yields a positive result and that it is determined that at least one predefined set of the communicated access authorization parameters, in view of respective pieces of reference information present in the access control apparatus at least at the time of the first checking, respectively authorize for access,wherein the access control apparatus constitutes an access control apparatus from a plurality of access control apparatuses, wherein a second key of a symmetrical or asymmetrical individual key pair is stored in the access control apparatus, said second key being stored on none of the other access control apparatuses of the plurality of access control apparatuses, and wherein the second key of the key pair that is used in the first checking is the second key of the individual key pair, orwherein a second key of a symmetrical or asymmetrical group key pair is, in addition to said second key of said individual key pair, stored in the access control apparatus, said second key of said group key pair being different than the second key of the individual key pair and being stored in all access control apparatuses of a group of access control apparatuses from the plurality of access control apparatuses, wherein said group of access control apparatuses comprises the access control apparatus, and the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair. 2. A method for generating access authorization information, the method comprising: generating first check information by performing cryptographic operations on one or more access authorization parameters using at least a first key of a symmetrical or asymmetrical key pair,generating access authorization information comprising at least the one or more access authorization parameters and the first check information, andoutputting the access authorization information for storage on an access authorization proving apparatus configured to communicate the access authorization information to at least one access control apparatus in order to enable the latter to decide whether access is permitted to be granted on the basis of the communicated access authorization information, wherein necessary conditions for granting access are that a first checking, using at least the communicated access authorization parameters, the communicated first check information and a second key of the key pair, said second key being stored in the access control apparatus, whether the communicated first check information was generated by performing cryptographic operations on access authorization parameters corresponding to the communicated access authorization parameters using at least the first key of the key pair, yields a positive result and it is determined that at least one predefined set of the communicated access authorization parameters, in view of respective pieces of reference information present in the access control apparatus at least at the time of the first checking, respectively authorize for access,wherein the access control apparatus constitutes an access control apparatus from a plurality of access control apparatuses, wherein a second key of a symmetrical or asymmetrical individual key pair is stored in the access control apparatus, said second key being stored on none of the other access control apparatuses of the plurality of access control apparatuses, and wherein the first key of the key pair that is used in the generating of the first check information is a first key of the individual key pair, orwherein a second key of a symmetrical or asymmetrical group key pair is, in addition to said second key of said individual key pair, stored in the access control apparatus, said second key of said group key pair being different than the second key of the individual key pair and being stored in all access control apparatuses of a group of access control apparatuses from the plurality of access control apparatuses, wherein said group of access control apparatuses comprises the access control apparatus, and the first key of the key pair that is used in the generating of the first check information is either a first key of the individual key pair or a first key of the group key pair. 3. A method for proving an access authorization, performed by an access authorization proving apparatus, the method comprising: communicating access authorization information comprising at least one or more access authorization parameters and first check information to an access control apparatus in order to enable the latter to decide whether access is permitted to be granted on the basis of the communicated access authorization information, wherein necessary conditions for granting access are that a first checking, using at least the communicated access authorization parameters, the communicated first check information and a second key of a symmetrical or asymmetrical key pair, said second key being stored in the access control apparatus, whether the communicated first check information was generated by performing cryptographic operations on access authorization parameters corresponding to the communicated access authorization parameters using at least a first of the key pair, yields a positive result and it is determined that at least one predefined set of the communicated access authorization parameters, in view of respective pieces of reference information present in the access control apparatus at least at the time of the first checking, respectively authorize for access,wherein the access control apparatus constitutes an access control apparatus from a plurality of access control apparatuses, wherein a second key of a symmetrical or asymmetrical individual key pair is stored in the access control apparatus, said second key being stored on none of the other access control apparatuses of the plurality of access control apparatuses, and wherein the first key of the key pair that is used in a generating of the first check information is a first key of the individual key pair, orwherein a second key of a symmetrical or asymmetrical group key pair is, in addition to said second key of said individual key pair, stored in the access control apparatus, said second key of said group key pair being different than the second key of the individual key pair and being stored in all access control apparatuses of a group of access control apparatuses from the plurality of access control apparatuses, wherein said group of access control apparatuses comprises the access control apparatus, and the first key of the key pair that is used in a generating of the first check information is either a first key of the individual key pair or a first key of the group key pair. 4. A non-transitory computer-readable storage medium storing a computer program comprising program instructions that cause a processor to perform and/or control the method as claimed in claim 1 when the computer program runs on the processor. 5. An access control apparatus comprising at least one processor and at least one memory that includes program code, wherein the memory and the program code are configured to cause the access control apparatus with the at least one processor to perform and/or control: obtaining access authorization information communicated to the access control apparatus and comprising at least one or more access authorization parameters and first check information,first checking, using at least the communicated access authorization parameters, the communicated first check information and a second key of a symmetrical or asymmetrical key pair, said second key being stored in the access control apparatus, as to whether the communicated first check information was generated by performing cryptographic operations on access authorization parameters corresponding to the communicated access authorization parameters using at least a first key of the key pair,deciding whether access is permitted to be granted, wherein necessary conditions for granting access are that the first checking yields a positive result and that it is determined that at least one predefined set of the communicated access authorization parameters, in view of respective pieces of reference information present in the access control apparatus at least at the time of the first checking, respectively authorize for access,wherein the access control apparatus constitutes an access control apparatus from a plurality of access control apparatuses, wherein a second key of a symmetrical or asymmetrical individual key pair is stored in the access control apparatus, said second key being stored on none of the other access control apparatuses of the plurality of access control apparatuses, and wherein the second key of the key pair that is used in the first checking is the second key of the individual key pair, orwherein a second key of a symmetrical or asymmetrical group key pair is, in addition to said second key of said individual key pair, stored in the access control apparatus, said second key of said group key pair being different than the second key of the individual key pair and being stored in all access control apparatuses of a group access control apparatuses from the plurality of access control apparatuses, wherein said group of access control apparatuses comprises the access control apparatus, and the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair. 6. A non-transitory computer-readable storage medium storing a computer program comprising program instructions that cause a processor to perform and/or control the method as claimed in claim 2 when the computer program runs on the processor. 7. An apparatus comprising at least one processor and at least one memory that includes program code, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to perform and/or control: generating first check information by performing cryptographic operations on one or more access authorization parameters using at least a first key of a symmetrical or asymmetrical key pair,generating access authorization information comprising at least the one or more access authorization parameters and the first check information, andoutputting the access authorization information for storage on an access authorization proving apparatus configured to communicate the access authorization information to at least one access control apparatus in order to enable the latter to decide whether access is permitted to be granted on the basis of the communicated access authorization information, wherein necessary conditions for granting access are that a first checking, using at least the communicated access authorization parameters, the communicated first check information and a second key of the key pair, said second key being stored in the access control apparatus, whether the communicated first check information was generated by performing cryptographic operations on access authorization parameters corresponding to the communicated access authorization parameters using at least the first key of the key pair, yields a positive result and it is determined that at least one predefined set of the communicated access authorization parameters, in view of respective pieces of reference information present in the access control apparatus at least at the time of the first checking, respectively authorize for access,wherein the access control apparatus constitutes an access control apparatus from a plurality of access control apparatuses, wherein a second key of a symmetrical or asymmetrical individual key pair is stored in the access control apparatus, said second key being stored on none of the other access control apparatuses of the plurality of access control apparatuses, and wherein the first key of the key pair that is used in the generating of the first check information is a first key of the individual key pair, orwherein a second key of a symmetrical or asymmetrical group key pair is, in addition to said second key of said individual key pair, stored in the access control apparatus, said second key of said group key pair being different than the second key of the individual key pair and being stored in all access control apparatuses of a group of access control apparatuses from the plurality of access control apparatuses, wherein said group of access control apparatuses comprises the access control apparatus, and the first key of the key pair that is used in the generating of the first check information is either a first key of the individual key pair or a first key of the group key pair. 8. A non-transitory computer-readable storage medium storing a computer program comprising program instructions that cause a processor to perform and/or control the method as claimed in claim 3 when the computer program runs on the processor. 9. An apparatus comprising at least one processor and at least one memory that includes program code, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to perform and/or control: communicating access authorization information comprising at least one or more access authorization parameters and first check information to an access control apparatus in order to enable the latter to decide whether access is permitted to be granted on the basis of the communicated access authorization information, wherein necessary conditions for granting access are that a first checking, using at least the communicated access authorization parameters, the communicated first check information and a second key of a symmetrical or asymmetrical key pair, said second key being stored in the access control apparatus, whether the communicated first check information was generated by performing cryptographic operations on access authorization parameters corresponding to the communicated access authorization parameters using at least a first key of the key pair, yields a positive result and it is determined that at least one predefined set of the communicated access authorization parameters, in view of respective pieces of reference information present in the access control apparatus at least at the time of the first checking, respectively authorize for access,wherein the access control apparatus constitutes an access control apparatus from a plurality of access control apparatuses, wherein a second key of a symmetrical or asymmetrical individual key pair is stored in the access control apparatus, said second key being stored on none of the other access control apparatuses of the plurality of access control apparatuses, and wherein the first key of the key pair that is used in a generating of the first check information is a first key of the individual key pair, orwherein a second key of a symmetrical or asymmetrical group key pair is, in addition to said second key of said individual key pair, stored in the access control apparatus, said second key of said group key pair being different than the second key of the individual key pair and being stored in all access control apparatuses of a group of access control apparatuses from the plurality of access control apparatuses, wherein said group of access control apparatuses comprises the access control apparatus, and the first key of the key pair that is used in a generating of the first check information is either a first key of the individual key pair or a first key of the group key pair. 10. The method as claimed in claim 1, wherein the second key of the group key pair is stored in the access control apparatus, and wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair. 11. The method as claimed in claim 2, wherein the second key of the group key pair is stored in the access control apparatus, and wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair. 12. The method as claimed in claim 3, wherein the second key of the group key pair is stored in the access control apparatus, and wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair. 13. The access control apparatus as claimed in claim 5, wherein the second key of the group key pair is stored in the access control apparatus, wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair, wherein at least one second key of a symmetrical or asymmetrical further group key pair is further stored in the access control apparatus, said at least one second key of said further group key pair being different than the second key of the individual key pair and the second key of the group key pair and being stored in all access control apparatuses of a further group of access control apparatuses from the plurality of access control apparatuses, wherein said further group of access control apparatuses comprises the access control apparatus and includes, however, at least one or more other access control apparatuses in comparison with the group of access control apparatuses, and wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair, the second key of the group key pair or the second key of the further group key pair. 14. The access control apparatus as claimed in claim 5, wherein the second key of the group key pair is stored in the access control apparatus, wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair, wherein provision is not made for changing the second key of the individual key pair in the access control apparatus, for erasing said second key or for exchanging it for another key, but wherein it is provided that the second key of the group key pair can be changed or erased or exchanged for another key. 15. The access control apparatus as claimed in claim 5, wherein the second key of the group key pair is stored in the access control apparatus, wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair, wherein the memory and the program code are configured to cause the access control apparatus with the at least one processor to further perform and/or control: obtaining group key information communicated to the access control apparatus and comprising at least one second key— encrypted with the first key of the individual key pair— of a new symmetrical or asymmetrical group key pair for the same or an at least partly different group of access control apparatuses from the plurality of access control apparatuses,decrypting the communicated encrypted second key of the new group key pair with the second key of the individual key pair, andstoring the second key of the new group key pair obtained by the decrypting in the access control apparatus, such that the second key of the key pair used in the first checking is at least either the second key of the individual key pair or the second key of the new group key pair. 16. The access control apparatus as claimed in claim 15, wherein the memory and the program code are configured to cause the access control apparatus with the at least one processor to further perform and/or control: obtaining second check information communicated to the access control apparatus, andstoring the second key of the new group key pair obtained by the decrypting in the access control apparatus only under the precondition that it is determined in a check that is based at least on the communicated second check information, the second key of the individual key pair and the communicated group key information that the communicated second check information was generated by performing cryptographic operations on the group key information corresponding to the communicated group key information using at least the first key of the individual key pair. 17. The access control apparatus as claimed in claim 16, wherein the group key information further comprises a counter that is incremented with each new group key pair, and wherein the second key of the new group key pair obtained by the decrypting is stored in the access control apparatus only under the further precondition that a value of a counter comprised by the group key information is greater than a value of a counter provided in the access control apparatus, and wherein, in or after the storage of the second key of the new group key pair in the access control apparatus, the value of the counter in the access control apparatus is updated to the value of the counter comprised by the group key information. 18. The access control apparatus as claimed in claim 16, wherein the group key information further comprises an individual identifier of the access control apparatus, and wherein the second key of the new group key pair that is obtained by the decrypting is stored in the access control apparatus only under the further precondition that an individual identifier of the access control apparatus that is stored in the access control apparatus corresponds to the individual identifier comprised in the group key information. 19. The access control apparatus as claimed in claim 15, wherein the group key information further comprises a group identifier associated with the new group key pair, said group identifier being common to all the access control apparatuses of the group of access control apparatuses for which the new group key pair is intended, and wherein the group identifier obtained by the decrypting is stored in the access control apparatus. 20. The access control apparatus as claimed in claim 5, wherein one of the communicated access authorization parameters is an identifier for only one access control apparatus or a group of access control apparatuses, and wherein it is determined that the identifier authorizes for access if the identifier corresponds to an individual identifier of the access control apparatus that is stored in the access control apparatus and/or a group identifier for a group of access control apparatuses to which the access control apparatus belongs. 21. The access control apparatus as claimed in claim 5, wherein the second key of the group key pair is stored in the access control apparatus, wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair, wherein one of the communicated access authorization parameters is an identifier for only one access control apparatus or a group of access control apparatuses, and wherein it is determined that the identifier authorizes for access if the identifier corresponds to an individual identifier of the access control apparatus that is stored in the access control apparatus and/or a group identifier for a group of access control apparatuses to which the access control apparatus belongs, wherein the first check information of communicated access authorization information which has an identifier for only one access control apparatus is generated by performing cryptographic operations on the access authorization parameters using at least a first key of the individual key pair, and wherein the first check information of communicated access authorization information which has an identifier for a group of access control apparatuses is generated by performing cryptographic operations on the access authorization parameters using at least a first key of the group key pair. 22. The access control apparatus as claimed in claim 21, wherein on the basis of the identifier, it is possible in the access control apparatus to identify whether the identifier is an identifier for only one access control apparatus or an identifier for a group of access control apparatuses is involved, such that either the second key of the individual key pair or the second key of the group key pair can be selected in each case appropriately for the first checking. 23. The access control apparatus as claimed in claim 5, wherein one of the communicated access authorization parameters is an identifier for the access authorization information or for an access authorization proving apparatus which communicates the access authorization information to the access control apparatus, and wherein it is determined that the identifier authorizes for access if the identifier is not contained in a rejection list stored in the access control apparatus. 24. The access control apparatus as claimed in claim 5, wherein the memory and the program code are configured to cause the access control apparatus with the at least one processor to further perform and/or control: obtaining information communicated to the access control apparatus and comprising at least one fourth key encrypted using at least the first key of the key pair and usable in an authentication of the access control apparatus vis-à-vis an access authorization proving apparatus that communicates the access authorization information to the access control apparatus, or in the check of the authenticity and/or integrity of information communicated to the access control apparatus, anddecrypting the encrypted fourth key using at least the second key of the key pair in order to obtain the fourth key. 25. The access control apparatus as claimed in claim 5, wherein the memory and the program code are configured to cause the access control apparatus with the at least one processor to further perform and/or control: obtaining information communicated to the access control apparatus and comprising at least one combination— encrypted using at least the first key of the key pair— of a fourth key and an identifier for the access authorization information or for an access authorization proving apparatus that communicates the access authorization information to the access control apparatus, wherein the fourth key is usable in an authentication of the access control apparatus vis-à-vis an access authorization proving apparatus that communicates the access authorization information to the access control apparatus, or in the check of the authenticity and/or integrity of information communicated to the access control apparatus, anddecrypting the encrypted combination using at least the second key of the key pair in order to obtain the fourth key and the identifier, wherein the identifier further constitutes one of the communicated access authorization parameters, and wherein it is determined that the identifier contained in the communicated access authorization information authorizes for access if the identifier contained in the communicated access authorization information corresponds to the identifier obtained by decrypting the encrypted information, orif the identifier contained in the communicated access authorization information corresponds to the identifier obtained by decrypting the encrypted information and the identifier is not contained in a rejection list stored in the access control apparatus. 26. The access control apparatus as claimed in claim 25, wherein the access authorization information communicated to the access control apparatus is stored in identical form on at least two access authorization proving apparatuses, wherein the identical access authorization information stored on the at least two access authorization proving apparatuses in each case has the same identifier for the access authorization information and said access authorization information is associated in each case with the same fourth key. 27. The access control apparatus as claimed in claim 26, wherein the access authorization information communicated to the access control apparatus has a limited temporal validity and/or has only a limited permissible number of access processes within its period of validity and/or can be or is only communicated to the access control apparatus by the access authorization proving apparatus if it is determined at the access authorization proving apparatus that there is a need for the access to the access control apparatus. 28. The access control apparatus as claimed in claim 24, wherein the fourth key together with a third key forms a symmetrical or asymmetrical key pair, and wherein the communicated access authorization information further comprises third check information, wherein the memory and the program code are configured to cause the access control apparatus with the at least one processor to further perform and/or control: second checking, using at least a challenge generated by the access control apparatus, the communicated access authorization parameters, the communicated first check information, the communicated third check information and the fourth key, whether the communicated third check information was generated by performing cryptographic operations on information corresponding to the generated challenge, the communicated access authorization parameters and the communicated first check information, using at least the third key,wherein a further necessary condition for granting the access is that the second checking yields a positive result. 29. The access control apparatus as claimed in claim 24, wherein the memory and the program code are configured to cause the access control apparatus with the at least one processor to further perform and/or control: authenticating vis-a-vis an access authorization proving apparatus that includes the access authorization information, using at least the fourth key, wherein the access authorization information is communicated to the access control apparatus by the access authorization proving apparatus only in the event of successful authentication. 30. The access control apparatus as claimed in claim 5, wherein the second key of the group key pair is stored in the access control apparatus, and wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair. 31. The apparatus as claimed in claim 7, wherein provision is not made for changing the second key of the individual key pair in the access control apparatus, for erasing said second key or for exchanging it for another key, but wherein it is provided that the second key of the group key pair can be changed or erased or exchanged for another key. 32. The apparatus as claimed in claim 7, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to further perform and/or control: generating group key information comprising at least one second key— encrypted with the first key of the individual key pair— of a new symmetrical or asymmetrical group key pair for the same or an at least partly different group of access control apparatuses from the plurality of access control apparatuses,outputting the group key information for storage on the access authorization proving apparatus, which is configured to communicate the group key information at least to the access control apparatus in order to enable the latter to store in the access control apparatus the second key of the new group key pair, which second key is obtainable by decryption of the communicated encrypted second key of the new group key pair using at least the second key of the individual key pair, such that the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the new group key pair. 33. The apparatus as claimed in claim 7, wherein one of the access authorization parameters is an identifier for only one access control apparatus or a group of access control apparatuses, and wherein it is determined in the access control apparatus that the identifier authorizes for access if the identifier corresponds to an individual identifier of the access control apparatus that is stored in the access control apparatus and/or a group identifier for a group of access control apparatuses to which the access control apparatus belongs. 34. The apparatus as claimed in claim 7, wherein one of the access authorization parameters is an identifier for the access authorization information or for the access authorization proving apparatus which communicates the access authorization information to the access control apparatus, and wherein it is determined that the identifier authorizes for access if the identifier is not contained in a rejection list stored in the access control apparatus. 35. The apparatus as claimed in claim 7, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to further perform and/or control: encrypting a fourth key using at least the first key of the key pair, wherein the fourth key can be used in an authentication of the access control apparatus vis-à-vis the access authorization proving apparatus, which communicates the access authorization information to the access control apparatus, or in the checking of the authenticity and/or integrity of information communicated to the access control apparatus,generating information comprising at least the encrypted fourth key, andoutputting the information for storage on the access authorization proving apparatus, which is configured to communicate the information at least to the access control apparatus in order to enable the latter to decrypt the encrypted fourth key using at least the second key of the key pair and to use said fourth key. 36. The apparatus as claimed in claim 7, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to further perform and/or control: encrypting a combination of a fourth key and an identifier for the access authorization information or for the access authorization proving apparatus, which communicates the access authorization information to the access control apparatus, using at least the first key of the key pair, wherein the fourth key can be used in an authentication of the access control apparatus vis-à-vis an access authorization proving apparatus, which communicates the access authorization information to the access control apparatus, or in the checking of the authenticity and/or integrity of information communicated to the access control apparatus,generating information comprising at least the encrypted combination, andoutputting the information for storage on the access authorization proving apparatus, which is configured to communicate the information at least to the access control apparatus in order to enable the latter to decrypt the encrypted combination using at least the second key of the key pair, in order to obtain the fourth key and the identifier, wherein the identifier further constitutes one of the access authorization parameters, and wherein it is determined in the access control apparatus that the identifier contained in the communicated access authorization information authorizes for access if the identifier contained in the communicated access authorization information corresponds to the identifier obtained by decrypting the encrypted combination. 37. The apparatus as claimed in claim 7, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to further perform and/or control: encrypting a combination of a fourth key and an identifier for the access authorization information or for the access authorization proving apparatus, which communicates the access authorization information to the access control apparatus, using at least the first key of the key pair, wherein the fourth key can be used in an authentication of the access control apparatus vis-à-vis an access authorization proving apparatus, which communicates the access authorization information to the access control apparatus, or in the checking of the authenticity and/or integrity of information communicated to the access control apparatus,generating information comprising at least the encrypted combination, andoutputting the information for storage on the access authorization proving apparatus, which is configured to communicate the information at least to the access control apparatus in order to enable the latter to decrypt the encrypted combination using at least the second key of the key pair, in order to obtain the fourth key and the identifier, wherein the identifier further constitutes one of the access authorization parameters, and wherein it is determined in the access control apparatus that the identifier contained in the communicated access authorization information authorizes for access if the identifier contained in the communicated access authorization information corresponds to the identifier obtained by decrypting the encrypted combination and the identifier is not contained in a rejection list stored in the access control apparatus. 38. The apparatus as claimed in claim 7, wherein one of the access authorization parameters indicates to what extent access is intended to be granted. 39. The apparatus as claimed in claim 7, wherein one of the access authorization parameters indicates to which openings of the access control apparatus or to which openings of an apparatus controlled by the access control apparatus access is intended to be granted. 40. The apparatus as claimed in claim 7, wherein the second key of the group key pair is stored in the access control apparatus, and wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair. 41. The apparatus as claimed in claim 9, wherein the access authorization information is generated by an access authorization generation apparatus and stored in the access authorization proving apparatus before the access authorization proving apparatus is issued for the first time to a user of the access authorization proving apparatus. 42. The apparatus as claimed in claim 9, wherein the access authorization information is generated by an access authorization generation apparatus and communicated to the access authorization proving apparatus via an at least partly wireless communication link. 43. The apparatus as claimed in claim 9, wherein communicating information from the access authorization proving apparatus to the access control apparatus is performed wirelessly. 44. The apparatus as claimed in claim 9, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to further perform and/or control: communicating group key information comprising at least one second key— encrypted with the first key of the individual key pair— of a new symmetrical or asymmetrical group key pair for the same or an at least partly different group of access control apparatuses from the plurality of access control apparatuses, to the access control apparatus in order to enable the latter to store in the access control apparatus the second key of the new group key pair, which second key is obtainable by decryption of the communicated encrypted second key of the new group key pair using at least the second key of the individual key pair, such that the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the new group key pair. 45. The apparatus as claimed in claim 9, wherein one of the access authorization parameters is an identifier for only one access control apparatus or a group of access control apparatuses, and wherein it is determined in the access control apparatus that the identifier authorizes for access if the identifier corresponds to an individual identifier of the access control apparatus that is stored in the access control apparatus and/or a group identifier for a group of access control apparatuses to which the access control apparatus belongs. 46. The apparatus as claimed in claim 9, wherein one of the access authorization parameters is an identifier for the access authorization information or for the access authorization proving apparatus, and wherein it is determined that the identifier authorizes for access if the identifier is not contained in a rejection list stored in the access control apparatus. 47. The apparatus as claimed in claim 9, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to further perform and/or control: communicating to the access control apparatus information comprising at least one fourth key that is encrypted using at least the first key of the key pair and that can be used in an authentication of the access control apparatus vis-à-vis the access authorization proving apparatus, or in the checking of the authenticity and/or integrity of information communicated to the access control apparatus, in order to enable the latter to decrypt the encrypted fourth key using at least the second key of the key pair and to use said fourth key. 48. The apparatus as claimed in claim 9, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to further perform and/or control: communicating to the access control apparatus information comprising at least one combination— encrypted using at least the first key of the key pair— of a fourth key and an identifier for the access authorization information or for the access authorization proving apparatus, wherein the fourth key can be used in an authentication of the access control apparatus vis-à-vis the access authorization proving apparatus or in the checking of the authenticity and/or integrity of information communicated to the access control apparatus, in order to enable the latter to decrypt the encrypted combination using at least the second key of the key pair, in order to obtain the fourth key and the identifier, wherein the identifier further constitutes one of the access authorization parameters, and wherein it is determined in the access control apparatus that the identifier contained in the communicated access authorization information authorizes for access if the identifier contained in the communicated access authorization information corresponds to the identifier obtained by decrypting the encrypted combination. 49. The apparatus as claimed in claim 9, wherein the memory and the program code are configured to cause the apparatus with the at least one processor to further perform and/or control: communicating to the access control apparatus information comprising at least one combination— encrypted using at least the first key of the key pair— of a fourth key and an identifier for the access authorization information or for the access authorization proving apparatus, wherein the fourth key can be used in an authentication of the access control apparatus vis-à-vis the access authorization proving apparatus or in the checking of the authenticity and/or integrity of information communicated to the access control apparatus, in order to enable the latter to decrypt the encrypted combination using at least the second key of the key pair, in order to obtain the fourth key and the identifier,wherein the identifier further constitutes one of the access authorization parameters, and wherein it is determined in the access control apparatus that the identifier contained in the communicated access authorization information authorizes for access if the identifier contained in the communicated access authorization information corresponds to the identifier obtained by decrypting the encrypted combination and the identifier is not contained in a rejection list stored in the access control apparatus. 50. The apparatus as claimed in claim 9, wherein one of the access authorization parameters indicates to what extent access is intended to be granted. 51. The apparatus as claimed in claim 9, wherein one of the access authorization parameters indicates to which openings of the access control apparatus or to which openings of an apparatus controlled by the access control apparatus access is intended to be granted. 52. The apparatus as claimed in claim 9, wherein the second key of the group key pair is stored in the access control apparatus, and wherein the second key of the key pair that is used in the first checking is either the second key of the individual key pair or the second key of the group key pair.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.