Search

US-12621162-B2 - Method and apparatus for determining whether information authorizes access to a compartment of a compartment system

US12621162B2US 12621162 B2US12621162 B2US 12621162B2US-12621162-B2

Abstract

Disclosed is a method in which a hash value and a first piece of information are obtained from a second device. The hash value is associated with a compartment of the compartment system, and the first piece of information is associated with a first device. Further, a second piece of information is obtained from the first device. Based on the first piece of information and the hash value, it is determined whether the second piece of information authorizes access to one or more compartments of the compartment system. Three associated methods, one executed by a first device, one executed by a second device, and one executed by a mobile device, are also disclosed. In addition, corresponding devices, systems, and computer programs for the respective execution and/or control of one or more of the disclosed methods are disclosed.

Inventors

  • Frank Helferich
  • Thilo Kirchheiner
  • Thomas Baye

Assignees

  • Frank Helferich
  • Thilo Kirchheiner
  • Thomas Baye

Dates

Publication Date
20260505
Application Date
20220921
Priority Date
20210921

Claims (20)

  1. 1 . A method, for example carried out by a first device, the method comprising: determining a hash value, wherein the hash value is based at least on first information and on second information, the hash value and the second information being associated with a compartment of a compartment system, the second information authorizing access to the compartment of the compartment system, and the first information being associated with the first device; outputting the first information to a second device, wherein the second device is not the compartment system; outputting the hash value to the second device; and outputting the second information to a third device so that the second information can be output to the compartment system or made available to the compartment system using the third device or by the third device, wherein the third device is not the compartment system.
  2. 2 . A method, for example carried out by a second device, the method comprising: obtaining first information from a first device, the first information being associated with the first device; obtaining a hash value from the first device, wherein the hash value is based at least on the first information and on second information, the hash value and the second information being associated with a compartment of a compartment system, and the second information authorizing access to the compartment of the compartment system; and outputting the hash value and the first information to the compartment system so that the compartment system can establish, based at least on the first information and the hash value, whether second information provided to the compartment system authorizes access to one or more compartments of the compartment system.
  3. 3 . A method, for example carried out by a compartment system, the method comprising: obtaining a hash value and first information from a second device, the hash value being associated with a compartment of the compartment system, and the first information being associated with a first device; obtaining or acquiring second information, wherein the second device does not have access to the second information; and establishing, based at least on the first information and the hash value, whether the second information authorizes access to one or more compartments of the compartment system.
  4. 4 . A method, for example carried out by a third device, wherein the third device is a mobile device, the method comprising: obtaining or acquiring second information from a first device, the second information being associated with a compartment of a compartment system, the second information authorizing access to the compartment of the compartment system, and wherein the first device is not the compartment system; and transferring the second information to the compartment system or providing the second information for the compartment system so that the compartment system can establish, based at least on first information and a hash value, whether the second information authorizes access to one or more compartments of the compartment system, the first information being associated with the first device; wherein the hash value is based at least on the first information and on the second information and is determined by the first device; wherein the first information and the hash value are obtained by the compartment system from a second device, which does not have access to the second information.
  5. 5 . An apparatus that is a first device or a part thereof, comprising at least one processor and at least one memory including program code, the at least one memory and the program code configured to, with the at least one processor, cause the apparatus to perform and/or control at least: determining a hash value, wherein the hash value is based at least on first information and on second information, the hash value and the second information being associated with a compartment of a compartment system, the second information authorizing access to the compartment of the compartment system, and the first information being associated with the first device; outputting the first information to a second device, wherein the second device is not the ompartment system; outputting the hash value to the second device; and outputting the second information to a third device so that the second information can be output to the compartment system or made available to the compartment system using the third device or by the third device, wherein the third device is not the compartment system.
  6. 6 . The apparatus of claim 5 , wherein the at least one memory and the program code are further configured to, with the at least one processor, cause the apparatus to perform and/or control at least: determining a plurality of hash values, each of which is based at least on the first information.
  7. 7 . The apparatus of claim 6 , wherein the plurality of hash values, each of which is based at least on the first information, is only determined in a predetermined period of time, and wherein in another predetermined period of time, hash values are determined, each of which is based at least on other information instead of at least on the first information.
  8. 8 . The apparatus of claim 5 , wherein the hash value is output in encrypted form and/or with an asymmetric signature and/or wherein the at least one memory and the program code are further configured to, with the at least one processor, cause the apparatus to perform and/or control at least: outputting a counter that can be attributed to the hash value.
  9. 9 . The apparatus of claim 5 , wherein the hash value is an output value of a hashing algorithm, wherein at least the first information and the second information are input values to the hashing algorithm.
  10. 10 . The apparatus of claim 5 , wherein the first information is additional information for a hashing algorithm, which is intended to increase a security of the hashing algorithm, for example a salt.
  11. 11 . An apparatus comprising at least one processor and at least one memory including program code, the at least one memory and the program code configured to, with the at least one processor, cause the apparatus to perform and/or control at least: obtaining first information from a first device, the first information being associated with the first device; obtaining a hash value from the first device, wherein the hash value is based at least on the first information and on second information, the hash value and the second information being associated with a compartment of a compartment system, and the second information authorizing access to the compartment of the compartment system; and outputting the hash value and the first information to the compartment system so that the compartment system can establish, based at least on the first information and the hash value, whether second information provided to the compartment system authorizes access to one or more compartments of the compartment system.
  12. 12 . The apparatus of claim 11 , wherein the hash value is one hash value of a plurality of hash values, each of which is based at least on the first information.
  13. 13 . The apparatus of claim 11 , wherein the hash value is obtained in encrypted form and/or with an asymmetric signature and/or wherein the at least one memory and the program code are further configured to, with the at least one processor, cause the apparatus to perform and/or control at least: obtaining a counter that can be attributed to the hash value.
  14. 14 . An apparatus that is a compartment system or a part thereof, comprising at least one processor and at least one memory including program code, the at least one memory and the program code configured to, with the at least one processor, cause the apparatus to perform and/or control at least: obtaining a hash value and first information from a second device, the hash value being associated with a compartment of the compartment system, and the first information being associated with a first device; obtaining or acquiring second information, wherein the second device does not have access to the second information; and establishing, based at least on the first information and the hash value, whether the second information authorizes access to one or more compartments of the compartment system.
  15. 15 . The apparatus of claim 14 , wherein the at least one memory and the program code are further configured to, with the at least one processor, cause the apparatus to perform and/or control at least: obtaining a plurality of hash values, each of which is associated with one compartment of the compartment system.
  16. 16 . The apparatus of claim 15 , wherein the plurality of hash values comprises one or more hash values, each of which is based at least on the first information.
  17. 17 . The apparatus of claim 14 , wherein establishing whether the second information authorizes access to one or more compartments of the compartment system comprises: determining a check hash value, the check hash value being based at least on the first information and the second information.
  18. 18 . The apparatus of claim 17 , wherein establishing whether the second information authorizes access to one or more compartments of the compartment system further comprises: comparing the check hash value with one or more hash values of a plurality of hash values, each of which is associated with one compartment in the compartment system.
  19. 19 . The apparatus of claim 18 , wherein in establishing whether the second information authorizes to access to one or more compartments of the compartment system, by means of comparing the check hash value with one or more hash values of the plurality of hash values or by means of using the comparison of the check hash value with one or more hash values of the plurality of hash values, the compartment of the compartment system or the compartments of the compartment system to which the second information authorizes access is established.
  20. 20 . The apparatus of claim 17 , wherein the check hash value is an output value of a hashing algorithm, and wherein at least the first information and the second information are input values to the hashing algorithm.

Description

CROSS-REFERENCE TO RELATED PATENT APPLICATIONS This patent application claims priority to German Patent Application No. 10 2021 124 350.5, filed Sep. 21, 2021, the entire teachings and disclosures of which are incorporated herein by reference thereto. FIELD Exemplary embodiments of the invention relate to methods, devices, systems, and computer programs for determining whether a piece of information authorizes access to one or more compartments of a compartment system, in particular wherein the compartment system is a compartment system for collecting and/or depositing consignments of courier or delivery services. BACKGROUND Compartment systems are used in various ways, for example, in the form of locker systems or package mailbox systems. An example of a package compartment system is the package station of the applicant, into which a recipient registered with the station can have consignments delivered. The courier places the consignment in a compartment of a package station located near the recipient and/or previously designated by the recipient, locks the compartment and notifies the recipient accordingly. In order for the notified recipient to remove a consignment provided for them from a compartment of the compartment system, the compartment system must establish that the recipient is authorized to gain access to one or more compartments of the compartment system. BRIEF SUMMARY With regard to a compartment system, it is generally desirable that it can reliably, efficiently, robustly and securely establish that a user is authorized to access one or more compartments of the compartment system in order to subsequently grant access to the corresponding compartments. In addition, it is desirable for the use of a compartment system to be flexible so that not only the applicant, who manages a plurality of compartment systems, but also a partner company with different devices or systems can generate access data for compartments of a compartment system in order to make it available to different delivery services or online retailers, for example. For example, compartments can be rented to the partner company on a long-term basis, which then decides independently on the use of the compartments. The technical management of its compartments, whether and which deliveries are placed in them and who the persons authorized to open the compartments are, can therefore be carried out by the partner company, i.e. its technical systems. The technical systems of the applicant can then be limited to the provision of the compartments and the authentication process for opening a compartment. No distinction is made, for example, as to whether the compartment is opened for inserting a delivery by delivery services or end customers or for removal or inspection. With regard to security, it is particularly relevant that unauthorized access to compartments of the compartment system is prevented. In the event that unauthorized access to a compartment of the compartment system has in fact occurred, it is also relevant to establish at which point in the system, i.e. in whose area of responsibility, a security leak has occurred. If, for example, compromised access data were used during unauthorized access, it is relevant to establish in which system or part of a system the access data were able to be intercepted. This is particularly true if different devices or systems can generate access data for compartments of a compartment system. In terms of efficiency and robustness, it is particularly relevant that little data needs to be collected and/or processed for providing the compartments and for authorizing the compartment opening. It is therefore advantageous, for example, that an opening code for a compartment contains only a few digits. While in some cases the package station can be operated by scanning a barcode of a printout or a mobile device display, it may also be possible to enter the opening code manually (e.g. if the scanner is defective or if the printout/display is difficult to read). When scanning the opening code, the compartment system then only needs to detect and process few digits (and, for example, correspondingly few digits need to be transmitted to it or entered). On the other hand, it is a disadvantage that the opening code only contains few digits, since it can then be more easily determined by trial and error on the compartment system or by an attacker of the technical infrastructure (hacker, insider attacker), for example by a brute force attack. With regard to reliability, it is desirable that the compartment system functions independently of whether a data connection, e.g. of a wireless or wired type, is permanently available between the compartment system and a system, e.g. comprising one or more servers, and whether a user can obtain information from the system and/or can exchange information with the system at the time they wish to prove their authorization to access one or more compartments. The object of t