Search

US-12621275-B2 - System and method to control access of ultra-wideband (UWB) devices

US12621275B2US 12621275 B2US12621275 B2US 12621275B2US-12621275-B2

Abstract

An ultra-wideband (UWB) system of a user device is disclosed. The UWB system receives a session identifier associated with a first session key from an access control device to facilitate an access control operation for the user device. Based on successful mutual authentication between the user device and the access control device, a secure data exchange session is scheduled between the user device and the access control device based on the first session key and a second session key that is generated by a secure element of the user device. First transaction payloads that include the session identifier are received from the access control device during the secure data exchange session. The first transaction payloads are decrypted by way of a ranging payload set, to generate second transaction payloads. The access control operation is executed based on the second transaction payloads.

Inventors

  • Srivathsa Masthi Parthasarathi
  • Sreenivasaiah Hanumapura Venkateshaiah
  • Michael Stark
  • Pablo Corbalán Pelegrín

Assignees

  • NXP B.V.

Dates

Publication Date
20260505
Application Date
20240306
Priority Date
20231212

Claims (20)

  1. 1 . An ultra-wideband (UWB) system of a user device, wherein the UWB system comprises: a UWB processor configured to: provide to a secure element of the user device, a session identifier associated with a first session key based on reception of the session identifier from an access control device, wherein the first session key is generated by the access control device to facilitate an access control operation for the user device, and wherein the first session key is generated by the access control device and a second session key is generated by the secure element when a mutual authentication between the user device and the access control device is successful; schedule a secure data exchange session between the user device and the access control device, wherein the secure data exchange session is scheduled based on the first session key and the second session key; receive during the secure data exchange session, a plurality of first transaction payloads from the access control device, wherein each of the plurality of first transaction payloads includes the session identifier and each of the plurality of first transaction payloads is encrypted; request a ranging payload set from the secure element based on the plurality of first transaction payloads, wherein the ranging payload set includes the second session key and the session identifier; and decrypt based on the ranging payload set, each of the plurality of first transaction payloads to generate a plurality of second transaction payloads, wherein the access control operation is executed based on the plurality of second transaction payloads.
  2. 2 . The UWB system of claim 1 , wherein when the user device is within a first range of the access control device, a setup message is received by a host processor of the user device from the access control device, and wherein the UWB processor is further configured to: receive a set of setup signals from the host processor, wherein the set of setup signals is generated based on the setup message; and perform a transition of the UWB system from a low power mode to a normal mode based on the reception of the set of setup signals, wherein the mutual authentication between the user device and the access control device is initiated based on the transition of the UWB system to the normal mode.
  3. 3 . The UWB system of claim 1 , further comprising a memory, wherein the UWB processor is further configured to: store the ranging payload set received from the secure element in the memory, wherein the ranging payload set is erased from the secure element upon providing the ranging payload set to the UWB system; and generate a payload key based on the ranging payload set received from the secure element, wherein the payload key is utilized to decrypt the plurality of first transaction payloads to generate the plurality of second transaction payloads.
  4. 4 . The UWB system of claim 3 , wherein the UWB processor is further configured to: provide the plurality of second transaction payloads to the secure element; receive upon providing the plurality of second transaction payloads, a plurality of first transaction responses from the secure element, wherein the plurality of first transaction responses are generated by the secure element based on the plurality of second transaction payloads; and encrypt based on the payload key, each of the plurality of first transaction responses to generate a plurality of second transaction responses.
  5. 5 . The UWB system of claim 4 , wherein the first session key and the second session key are identical such that an encryption of a plurality of first transaction requests by the access control device is identical to the encryption of the plurality of first transaction responses by the UWB system, wherein the plurality of first transaction requests are encrypted to generate the plurality of first transaction payloads, wherein the plurality of first transaction requests are generated by the access control device when the user device is within a transaction area of the access control device, and wherein the plurality of first transaction responses are provided by the secure element to the UWB system based on the plurality of second transaction payloads.
  6. 6 . The UWB system of claim 4 , wherein the UWB processor is further configured to: transmit the plurality of second transaction responses to the access control device; receive a transaction signal from the access control device based on the transmission of the plurality of second transaction responses to the access control device, wherein the transaction signal is generated by the access control device based on processing of the plurality of second transaction responses; and provide the transaction signal to the secure element, wherein the access control operation is detected to be successful by the secure element based on reception of the transaction signal by the secure element.
  7. 7 . The UWB system of claim 6 , wherein the UWB processor is further configured to erase the second session key from the memory, based on the reception of the transaction signal from the access control device.
  8. 8 . The UWB system of claim 4 , wherein each of the plurality of second transaction responses includes a first value, wherein the first value is utilized by the access control device to determine when the user device is within a transaction area of the access control device, and wherein the access control operation is executed when the user device is within the transaction area of the access control device.
  9. 9 . The UWB system of claim 1 , wherein the plurality of first transaction payloads is received by the UWB processor when the user device is detected to be within a transaction area of the access control device.
  10. 10 . The UWB system of claim 1 , wherein the UWB processor is further configured to: receive a plurality of authentication requests from the access control device when the user device is detected to be within a first range of the access control device, wherein the plurality of authentication requests are generated to initiate the mutual authentication between the user device and the access control device; and provide the plurality of authentication requests to the secure element, wherein a plurality of authentication responses are generated by the secure element, based on the plurality of authentication requests.
  11. 11 . The UWB system of claim 10 , wherein the UWB processor is further configured to: transmit the plurality of authentication responses to the access control device; and receive based on the transmission of the plurality of authentication responses, a status signal from the access control device, wherein the status signal is generated by the access control device based on processing of the plurality of authentication responses.
  12. 12 . The UWB system of claim 11 , wherein the UWB processor is further configured to: generate a query signal based on the status signal; provide the query signal to the secure element to confirm a presence of the second session key in the secure element; receive a confirmation signal from the secure element, wherein the confirmation signal is generated by the secure element based on the query signal confirming the presence of the second session key in the secure element; detect that the mutual authentication is successful based on the confirmation signal; and receive the session identifier associated with the first session key from the access control device when the mutual authentication is detected to be successful.
  13. 13 . An ultra-wideband (UWB) communication method comprising: providing, by a UWB system of a user device to a secure element of the user device, a session identifier associated with a first session key that is received from an access control device, wherein the first session key is generated by the access control device to facilitate an access control operation for the user device, and wherein the first session key is generated by the access control device and a second session key is generated by the secure element when a mutual authentication between the user device and the access control device is successful; scheduling, by the UWB system, a secure data exchange session between the user device and the access control device, wherein the secure data exchange session is scheduled based on the first session key and the second session key; receiving, by the UWB system during the secure data exchange session, a plurality of first transaction payloads from the access control device, wherein each of the plurality of first transaction payloads includes the session identifier and each of the plurality of first transaction payloads is encrypted; requesting, by the UWB system, a ranging payload set from the secure element based on the plurality of first transaction payloads, wherein the ranging payload set includes the second session key and the session identifier; and decrypting, by the UWB system based on the ranging payload set, each of the plurality of first transaction payloads to generate a plurality of second transaction payloads, wherein the access control operation is executed based on the plurality of second transaction payloads.
  14. 14 . The UWB communication method of claim 13 , further comprising: receiving, by the UWB system, a set of setup signals from a host processor of the user device, wherein the set of setup signals is received from the host processor based on the user device being within a first range of the access control device; and performing a transition, by the UWB system from a low power mode to a normal mode based on the reception of the set of setup signals, wherein the mutual authentication between the user device and the access control device is initiated based on the transition of the UWB system to the normal mode.
  15. 15 . The UWB communication method of claim 13 , further comprising: storing, by the UWB system, the ranging payload set received from the secure element in a memory of the UWB system, wherein the ranging payload set is erased from the secure element upon providing the ranging payload set to the UWB system; and generating, by the UWB system, a payload key based on the ranging payload set received from the secure element, wherein the payload key is utilized to decrypt the plurality of first transaction payloads to generate the plurality of second transaction payloads.
  16. 16 . The UWB communication method of claim 15 , further comprising: providing, by the UWB system, the plurality of second transaction payloads to the secure element; receiving, by the UWB system upon providing the plurality of second transaction payloads, a plurality of first transaction responses from the secure element, wherein the plurality of first transaction responses are generated by the secure element based on the plurality of second transaction payloads; and encrypting, by the UWB system based on the payload key, each of the plurality of first transaction responses to generate a plurality of second transaction responses.
  17. 17 . The UWB communication method of claim 16 , further comprising: transmitting, by the UWB system, the plurality of second transaction responses to the access control device; receiving, by the UWB system, a transaction signal from the access control device based on the transmission of the plurality of second transaction responses to the access control device, wherein the transaction signal is generated by the access control device based on processing of the plurality of second transaction responses; providing by the UWB system, the transaction signal to the secure element, wherein the access control operation is detected to be successful by the secure element based on reception of the transaction signal by the secure element; and erasing by the UWB system, the second session key from the memory of the UWB system based on the reception of the transaction signal from the access control device.
  18. 18 . The UWB communication method of claim 13 , further comprising: receiving, by the UWB system, a plurality of authentication requests from the access control device when the user device is detected to be within a first range of the access control device, wherein the plurality of authentication requests are generated to initiate the mutual authentication between the user device and the access control device; and providing, by the UWB system, the plurality of authentication requests to the secure element, wherein a plurality of authentication responses are generated by the secure element, based on the plurality of authentication requests.
  19. 19 . The UWB communication method of claim 18 , further comprising: transmitting, by the UWB system, the plurality of authentication responses to the access control device; and receiving a status signal, by the UWB system from the access control device, wherein the status signal is generated by the access control device based on processing of the plurality of authentication responses.
  20. 20 . The UWB communication method of claim 19 , further comprising: generating, by the UWB system, a query signal; providing, by the UWB system, the query signal to the secure element to confirm a presence of the second session key in the secure element; receiving, by the UWB system, a confirmation signal from the secure element, wherein the confirmation signal is generated by the secure element based on the query signal confirming the presence of the second session key in the secure element; detecting, by the UWB system, that the mutual authentication is successful based on the confirmation signal; and receiving, by the UWB system, the session identifier associated with the first session key from the access control device when the mutual authentication is detected to be successful.

Description

CROSS-REFERENCE TO RELATED APPLICATION This application claims priority under 35 U.S.C. § 119 to Indian patent application no. 202341084716, filed 12 Dec. 2023, the contents of which are incorporated by reference herein. FIELD OF USE The present disclosure relates generally to wireless communication and, more particularly, to a system and a method for controlling access of an Ultra-wideband (UWB) device. BACKGROUND Ultra-wideband (UWB) devices utilize low-energy, short-range communication, and larger bandwidths for interacting with other UWB devices. UWB devices are widely implemented in public transport systems such as metro stations to provide access to users to avail the public transport. In a scenario, a user utilizes a metro line to travel between two metro stations. To gain access to the metro line, the user may utilize a communication device having a UWB chip and a host processor external to the UWB chip, to communicate with a UWB access control device that is implemented at an entrance of the metro station. The UWB access control device initiates an access control operation to provide access to the user when a distance of the communication device is detected to be within a predefined range from the UWB access control device. The UWB access control device generates session tokens to facilitate the access control operation. However, the access control operation requires the session tokens to be typically routed via the host processor, resulting in a delay in providing access to the user. BRIEF DESCRIPTION OF THE DRAWINGS The following detailed description of the embodiments of the present disclosure will be better understood when read in conjunction with the appended drawings. The present disclosure is illustrated by way of example, and not limited by the accompanying figures, in which like references indicate similar elements. FIG. 1 illustrates a schematic diagram of an ultra-wideband (UWB) environment, in accordance with an embodiment of the present disclosure; FIG. 2 illustrates a schematic diagram of operating ranges of an access control device of the UWB environment of FIG. 1, in accordance with an embodiment of the present disclosure; FIGS. 3A-3E represent a process flow diagram that illustrates access control of a user device of the UWB environment of FIG. 1, in accordance with an embodiment of the present disclosure; and FIGS. 4A-4F represent a flowchart that illustrates a UWB communication method executed by the user device and the access control device of the UWB environment of FIG. 1, in accordance with an embodiment of the present disclosure. DETAILED DESCRIPTION The detailed description of the appended drawings is intended as a description of the embodiments of the present disclosure and is not intended to represent the only form in which the present disclosure may be practiced. It is to be understood that the same or equivalent functions may be accomplished by different embodiments that are intended to be encompassed within the spirit and scope of the present disclosure. Overview: An access control device detects a presence of a user device of a user utilizing higher bandwidth technologies such as ultra-wideband (UWB) and initiates an access control operation based on the detection. A host processor of the user device communicates with the access control device during the access control operation. The access control device generates session tokens to facilitate the access control operation. However, the access control operation requires the session tokens to be typically routed via the host processor, resulting in a delay in providing access to the user. Further, the host processor may prompt the user to perform certain tasks before executing the access control operation. Various embodiments of the present disclosure disclose a UWB system of a user device. The user device may further include a processor and a secure element. When the user device is within a first range of the access control device, the UWB system may receive a plurality of authentication requests to facilitate a mutual authentication between the user device and the access control device. A plurality of authentication responses based on the plurality of authentication requests may be generated by the secure element to execute the mutual authentication between the user device and the access control device. Upon successful mutual authentication between the user device and the access control device, a first session key may be generated by the access control device, and a second session key may be generated by the secure element. Further, the UWB system may receive a session identifier from the access control device and provide the session identifier associated with the first session key to the secure element. The UWB system may schedule a secure data exchange session between the user device and the access control device when the user device is detected to be within a transaction area of the access control device. The secure