WO2018235007A1 - Authentication system for users in proximity to a machine and related method - Google Patents

Authentication system for users in proximity to a machine and related method Download PDF

Info

Publication number
WO2018235007A1
WO2018235007A1 PCT/IB2018/054534 IB2018054534W WO2018235007A1 WO 2018235007 A1 WO2018235007 A1 WO 2018235007A1 IB 2018054534 W IB2018054534 W IB 2018054534W WO 2018235007 A1 WO2018235007 A1 WO 2018235007A1
Authority
WO
WIPO (PCT)
Prior art keywords
portable electronic
electronic device
machine
communication channel
memory
Prior art date
Application number
PCT/IB2018/054534
Other languages
French (fr)
Inventor
Federico SEVESO
Pierpaolo GNECCO
Luca OPPO
Original Assignee
Madein.It Srl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Madein.It Srl filed Critical Madein.It Srl
Publication of WO2018235007A1 publication Critical patent/WO2018235007A1/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/23Pc programming
    • G05B2219/23161Hand held terminal PDA displays machine control program when user is near that machine
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24159Several levels of security, passwords
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/31From computer integrated manufacturing till monitoring
    • G05B2219/31197Near field communication nfc
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/36Nc in input of data, input key till input tape
    • G05B2219/36542Cryptography, encrypt, access, authorize with key, code, password
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Definitions

  • the present invention relates in its general aspect to the sector of devices and methods of electronic authentication for users and in detail firstly concerns an authentication system for operations on machines, in particular an authentication system for users in proximity to a machine.
  • the present invention also concerns an authentication method for users in proximity to a machine.
  • document US 2009079537 describes a device that guarantees that a user only accesses the operations and functions that they are authorised to perform on the machine. From the technology available from such document it is not however possible to obtain a log of the operations performed on the machine itself.
  • Document US 2006026672 describes an industrial automation system that comprises a secure access device, an industrial automation device - representing the aforesaid machine - and a user interface associated with a security interface.
  • Such user interface is configured to provide the user with the possibility to access data stored inside the industrial automation device.
  • the secure interface is configured to receive information data from the access device and, based on such information data, provide authorisation for the user to access the data stored inside the industrial automation device.
  • the technology illustrated in this document has some disadvantages.
  • the company responsible for managing the industrial automation device would not have the possibility to keep a record of the data on the various industrial machines in a centralised way, as the data are contained on the individual machine.
  • JP 20061 19860 illustrates an authentication system for operations on industrial systems that comprises a means for authenticating an operator operating on a system by means of an univocal identification.
  • the object of the present invention is therefore that of describing a system and a method that advantageously enables the drawbacks described above to be solved.
  • an authentication method for users in proximity to a machine comprising:
  • an electronic identification step for identifying a portable electronic device univocally associated with a user, said electronic identification step being performed by an electronic radio transmitting device installed on board, and/or on, said machine;
  • step - a step of receiving and/or transmitting on/from said portable electronic device electronic data univocally associated with said machine, wherein said receiving/transmitting step comprises an electronic access for indirect reading and/or writing to a memory remotely positioned with respect to said machine, wherein said receiving and/or transmitting step takes place automatically without any active action by said user on said portable electronic device.
  • said step of receiving the identification request signal comprises the reception of said identification request signal by said portable electronic device.
  • said electronic radio transmitting device is configured to automatically determine which portable electronic devices are in the immediate vicinity of the machine and/or said step of transmitting said automatic response signal by said electronic device allows said electronic radio transmitting device to map and/or determine the position of one or more portable electronic devices with respect to said machine.
  • said memory is a remotely positioned memory with respect to said machine and to said portable electronic device.
  • Said portable electronic device is preferably of any kind and not limited to an electronic device such as a smartphone on which a software application is installed or however run, specifically designed to allow and establish a remote data connection with an electronic transmitting device of a machine.
  • said method comprises a step of establishing a first communication channel at a short distance between said portable electronic device and said transmitting device.
  • the first communication channel is a direct channel and, optionally, point-to-point.
  • said indirect data transmission exploits at least said first transmission channel.
  • said indirect transmission comprises establishing a second communication channel between said portable electronic device and said memory.
  • the indirect transmission exploits said first transmission channel and said second transmission channel.
  • said method comprises operatively connecting said electronic radio transmitting device with said machine so that between said electronic radio transmitting device and said machine the transmission of electronic data takes place or can take place, and said indirect transmission is performed by means of the operating connection between the electronic radio transmitting device and said machine, optionally on a distinct communication channel from said first communication channel and from said second communication channel.
  • said indirect data transmission step exploits said first communication channel and/or said portable electronic device as an intermediate bridge, and the machine and said memory represent extreme points of the logical connection established by means of said first communication channel and said second communication channel.
  • indirect communication means communication in which a data transceiver device operates as a bridge between two receiving devices, transmitters or transceivers, establishing and electronically managing two separate and distinct communication channels. More preferably, the two communication channels are wireless.
  • said step of transmitting electronic data univocally associated with said machine takes place at the end of a maintenance procedure on said machine, performed by the user and owner of said portable electronic device.
  • said portable electronic device in said receiving/transmitting step on/from said portable electronic device of said data associated with said machine, operates as a bridge in a data updating transmission procedure from said machine to said memory or between said machine and said memory.
  • indirect transmission in which the portable electronic device operates as a bridge, allows the alignment of data between the machine and the database without needing to establish a longdistance connection between said machine and said memory.
  • said electronic radio transmitting device operates in beacon mode.
  • this contributes to making the association procedure between the portable electronic device and said machine automatic.
  • said method further comprises a step of creating an electronic association, for each portable electronic device, between a first identification code of said portable electronic device and a plurality of univocal identification codes, each associated with a specific machine.
  • Such specific user - machine number or type association defines a specific whitelist for each user.
  • said indirect data transmission is made possible and/or established when a verification step of said identification code of said portable electronic device with said whitelist provides a positive outcome.
  • said method further comprises a step of establishing said first communication channel between said portable electronic device and said electronic transmitting device when an identification code of the machine, transmitted by said portable electronic device, is in a whitelist previously stored for said portable electronic device.
  • such whitelist is stored in said memory.
  • such whitelist is updated on said portable electronic device by running a transmission step from said memory towards said portable electronic device.
  • said portable electronic device is configured to perform a plurality of steps for checking the proximity with respect to said machine through a radio control on the connection established with said electronic transmitting device.
  • this allows a constant verification as to whether the user with whom the portable electronic device is associated is effectively in proximity to the machine or not.
  • said receiving and/or transmitting step comprises a step of memorising the electronic data transmitted by said electronic transmitting device towards said portable electronic device.
  • said memorisation step is a temporary memorisation step.
  • Such solution may also be useful when the data connection with said memory is temporarily absent.
  • Such solution is also advantageously optimised by a step of establishing a second communication channel between said memory and said portable electronic device, wherein the second channel is different from said first communication channel. This is followed by a step of electronically checking a presence of said second communication channel between said data transmission device and said memory, and a subsequent step of transmitting said data towards said memory when said portable electronic device detects said presence of said second communication channel.
  • said method comprises a step of generating or defining at least one private key for said machine or said electronic transmitting device, and a subsequent step of transmitting said private key to said portable electronic device.
  • said method comprises a step of transmitting a public key from said memory towards said portable electronic device.
  • said transmission of said private key to said portable electronic device takes place automatically when a first communication channel is created between said portable electronic device and said transmitting device.
  • such solution allows the user to be exonerated from the task of interacting with their portable device for checking the keys, and also ensures that such user does not have to know sensitive keys such as the private key.
  • said method comprises a step of checking access credentials entered by the user into said portable electronic device.
  • such access credentials comprise at least one from a user name and/or password.
  • said access credentials comprise biometric data acquired through sensor means inherent to said portable electronic device.
  • said method comprises a step of checking access credentials, wherein said portable electronic device electronically accesses said memory and verifies a correspondence between said access credentials and a plurality of access credentials previously memorised in said memory and each associated with a respective user.
  • said step of checking access credentials takes place prior to said electronic identification step of said portable electronic device univocally associated with said user. Even more preferably, said step of checking access credentials takes place prior to said step of receiving an identification request signal transmitted by said electronic radio transmitting device followed by a step of transmitting an automatic response by said portable device.
  • said step of checking access credentials takes place prior to said receiving/transmitting step on/from said portable electronic device of electronic data univocally associated with said machine.
  • said method further comprises a step of transmitting commands from said portable electronic device to said machine.
  • a check allows the portable electronic device to be used as a remote servo-control for activating the machine.
  • an authentication system for users in proximity to a machine comprising:
  • an electronic radio transmitting device adapted to be installed on board, and/or on, a machine, said electronic device having at least one first operating configuration in which it transmits an identification request signal and electronically and automatically identifies the portable electronic device on which said software application is run following a transmission of a response signal to said identification request signal, said response signal being automatically transmitted by said portable electronic device univocally associated with said user;
  • a server comprising a memory susceptible to having electronic data memorised relating to at least one machine equipped with said electronic radio transmitting device, said server being configured to receive and/or transmit to said portable electronic device electronic data univocally associated with said machine.
  • said identification request signal is a signal transmitted in non-selective mode. More specifically, said signal is a signal transmitted in broadcast mode.
  • said electronic radio transmitting device is configured to be operatively connected to said machine.
  • non-selective signal means a signal that does not incorporate a code or equivalent means or selective call signal adapted to be decoded by a sub-portion of a plurality of receiving devices that would otherwise be enabled for its reception and correct decoding.
  • the use of a signal transmitted in broadcast mode allows all portable electronic devices to be virtually able to establish the first communication channel with said at least one machine, without the need for complex interventions by the user.
  • said electronic radio transmitting device in said first operating configuration, transmits said identification request signal and is subsequently configured automatically in a reception mode in which it is able to receive response signals coming from one or more portable electronic devices on which said application is installed.
  • this configuration is defined as beacon mode.
  • said electronic radio transmitting device comprises a radio frequency front-end with adjustable transmission power.
  • said electronic radio transmitting device comprises a software means for adjusting said transmission power.
  • said electronic radio transmitting device is a short distance communication device.
  • short distance means wireless data transceiving on a local scale, however limited to a maximum of about 50m and even more preferably delimited to a maximum of 10m.
  • distance limitation allows there to be reasonable certainty of a "true proximity" of the user equipped with their portable electronic device to the machine itself.
  • said electronic transmitting device operates according to the Bluetooth standard, more preferably Bluetooth ⁇ Low Energy.
  • said system comprises a first short distance communication channel created between said electronic radio transmitting device and said portable electronic device, said first communication channel being established by means of said software application and a second long distance communication channel created between said portable electronic device and said server, said second communication channel being established by means of said software application.
  • said portable electronic device is configured as an indirect intermediate communication bridge between said server and said machine, said indirect communication taking place on said first and on said second communication channel; in said indirect communication said reception and/or transmission of electronic data univocally associated with said machine takes place.
  • said system is configured to create indirect data transmission between said server, and/or said memory, and said machine, wherein said portable electronic device establishes an intermediate bridge in the establishment and/or maintenance of said indirect communication and/or comprises a second operating configuration in which said portable electronic device establishes said second communication channel between itself and said server and/or said memory, said second communication channel allowing and/or establishing an indirect communication between said machine or said electronic radio transmitting device and said server and/or said memory.
  • said system is configured to perform the transmission of said electronic data univocally associated with said machine from said portable electronic device towards said server; such transmission takes place at the end of a maintenance procedure on said machine, performed by the user and owner of said portable electronic device.
  • the end of said maintenance procedure on said machine corresponds with a logout action of said user from the software application installed on board, and/or on, said portable electronic device.
  • said system comprises an electronic association, for each portable electronic device, between a first identification code of said portable electronic device and a plurality of univocal identification codes, each associated with a specific machine, wherein such specific user - machine number or type association defines a specific whitelist for each user defines a whitelist for each user.
  • Such user - machine number or type association defines a specific whitelist for each user.
  • said whitelist is electronically memorised on said memory.
  • said portable electronic device is configured to perform a plurality of steps for checking the proximity with respect to said machine through a radio control on the connection established with said electronic transmitting device.
  • this allows a constant verification as to whether the user with whom the portable electronic device is associated is effectively in proximity to the machine or not.
  • said system is configured to perform the temporary memorisation of electronic data transmitted by said electronic transmitting device towards said portable electronic device.
  • said indirect communication is a ciphered communication. More in particular, said ciphering takes place both on the first communication channel and on the second communication channel.
  • At least one private key for said machine or said electronic transmitting device is generated or defined, and there is a subsequent step of transmitting said private key to said portable electronic device.
  • said electronic radio communication device performs the transmission of a public key from said memory towards said portable electronic device.
  • said system is configured to check access credentials entered by the user into said portable electronic device.
  • said access credentials comprise biometric data acquired through sensor means inherent to said portable electronic device.
  • said electronic radio communication device can be configured in a second operating mode in which it can receive commands from said portable electronic device to said machine.
  • Portable electronic device means any electronic device adapted to be worn and/or carried by a user and provided with a radio frequency stage such as to be able to realise at least a temporary connection for transmitting and receiving electronic data on a mobile telephone network or a long distance wireless network.
  • Data connection channel means a wireless communication channel on which electronic data travel in two directions from and towards electronic devices.
  • data connection channel is a data connection on a mobile telephone network, or even a WLAN connection.
  • Identity request signal and “response signal” mean electromagnetic signals transmitted by a transmitter device to a receiver device.
  • Logical connection or logical link means a connection for transmitting data that exploits a channel between said first or second data connection channel, between a first and a second device; the logical connection or link can comprise different levels of the OSI model.
  • Radio beacon means an electronic device provided with a radiofrequency front-end adapted to transmit a radio recognition signal automatically and in a substantially repetitive or continuous way.
  • FIG. 1 illustrates a block diagram of a preferred and non-limiting embodiment of the system according to the present invention
  • figure 2 illustrates a further - conceptual - diagram of the embodiment of the invention according to figure 1 ;
  • FIG. 3 illustrates a logical connection block diagram between a first user environment and a second server environment, in the performance of the method according to the present invention.
  • the present invention was conceived in order to realise a system that allows a plurality of users to substantially automatically access one or more machine tools or industrial machines so as to perform operations, for example maintenance, allowing records to be kept of the updates or maintenance operations that are performed on each machine so as to have a database of information, that is centralised and constantly up to date, in relation to the aforesaid machines.
  • the system comprises: a plurality of machines, for example and not limited to packaging machines or lathes and therefore industrial machines, or household electric appliances such as ovens or fridges, identified with reference number 100 and each arranged in its own position hence also at a notable distance from each other; a plurality of portable electronic devices 30 each provided to a respective user 20; and a server 300, remotely positioned with respect to the machines 100 and the users 20, in which electronic information related to the aforesaid machines is memorised according to the methods and terms described better below.
  • a plurality of machines for example and not limited to packaging machines or lathes and therefore industrial machines, or household electric appliances such as ovens or fridges, identified with reference number 100 and each arranged in its own position hence also at a notable distance from each other; a plurality of portable electronic devices 30 each provided to a respective user 20; and a server 300, remotely positioned with respect to the machines 100 and the users 20, in which electronic information related to the aforesaid machines is memorised according to the methods and terms described better below.
  • server 300 is a private server.
  • the Applicant has found that the use of a private server improves performance in terms of security in the management of the electronic communications that take place in the system.
  • Each machine 100 also comprises, in addition to its own useful devices for performing the task for which it was originally conceived, a radio transmitting device that operates like a radio beacon 10, therefore using transmission without selective calling preambles and, therefore, operating in broadcast mode.
  • the beacon which preferably operates in UHF band, at a frequency in the order of 2-3GHz and according to the Bluetooth Low Energy standard, is coupled to a suitable antenna 11 for transmitting a signal over a short distance.
  • the radio beacon 10 is operatively connected with the machine 100, in particular electrically connected or connected with a wireless channel so as to be able to establish data transceiving with the latter.
  • the system according to the present invention is based on a plurality of logical connections that take place according to a well determined sequence in order to provide automatic and guided access of the user 20 on the specific machine in the performance of maintenance or other emergency operations.
  • At least one data processing unit operates on the server 300, which, according to known configurations to a person skilled in the art, may be a general purpose type processor or a dedicated processor.
  • the server 300 remotely positioned with respect to the machine and the portable electronic devices 30 provided to users 20 further comprises a memory 301 in which the following are memorised:
  • a whitelist in which for each user 20, i.e. for each access credential, a list of machines 100 is associated which the specific user 20 is authorised to access;
  • Such memory 301 further comprises a plurality of public keys that are transmitted towards the portable electronic devices 30 of the users.
  • the exchange of electronic information or data in two directions between the memory 301 and the machine 100 takes place by means of the portable electronic device 30, which in a preferred and non-limiting embodiment of the present invention comprises a smartphone onto which a specific software application is loaded.
  • Such software application when run on said phone, advantageously allows a first communication channel chi to be established between the machine 100 and the portable electronic device 30 itself and, subsequently, a second communication channel chi2 between said portable electronic device 30 and the server 300.
  • the first communication channel chi and the second communication channel chi2 both radio and therefore wireless, are distinguished from each other by different types.
  • the second communication channel chi2 implies the creation of logical links on a network with a larger size and capacity, preferably on a mobile radio communication channel (GSM or evolutions) or on WiFi or WiMax, with a remote device - i.e. the server 300.
  • GSM mobile radio communication channel
  • WiFi Wireless Fidelity
  • the server 300 Such differentiation, especially in relation to the first communication channel chi allows each portable electronic device 30 to be made visible for the related machine 100 - and vice versa - only when they are in relative proximity to each other.
  • the first channel is a communication channel in which the connection between the electronic radio transmitting device 10 and the portable electronic device 30 is direct from a logical point of view, of the point-to-point type, and without the interposition of signal re-transmission means
  • the second communication channel the transceiving of electronic data takes place on an indirect connection, meaning in this sense that between the portable electronic device 30 and the server 300 there is an intermediate signal re-transmission means such as, by way of non-limiting example, BTS, MSC or BSC in the case of radio communication on a mobile telephone network or modem, switch, router, in the case of transmission on a WiFi network.
  • establishing the first communication channel chi is only possible when the user 20 is in proximity to said machine 100 or machines 100, in particular on the machines on which they are authorised to operate.
  • the first communication channel is established, such first communication channel chi is kept active for the entire duration of the operation of the user 20 on the machine 100, i.e. for the whole duration of the period of time in which their portable electronic device 30 is in proximity to the machine 100.
  • the first communication channel chi has been established between a particular portable electronic device 30 and a particular machine 100, it is no longer possible for further electronic devices to be able to establish further connections on the electronic radio transmitting device 10.
  • the beacon 10 of the machine 100 continues to transmit its univocal identification code in defined time intervals until a portable electronic device 30 enters the range of action.
  • Such univocal identification code is entered in an identification request signal s1 of mobile devices that is transmitted from the beacon 10 towards the various portable electronic devices 30 that can be associated with the system.
  • the beacon 10 is configured to transmit following the Bluetooth Low Energy standard and/or in "broadcast" and therefore not selective mode.
  • the beacon 10 comprises a small processor or programmable data processing unit in order to define an area within which the user with their own portable electronic device 100 can be located for establishing the first communication channel chi.
  • the beacon 10 has a variable power radio frequency front-end, preferably but not limited to between -22dBm and +8dBm in accordance with which the size of such area is indirectly defined.
  • the beacon 10 can further be provided with an energy saving system which is configured for "listening" for the presence of Bluetooth scanner signals coming from portable electronic devices 30 in the area previously indirectly defined, and after a certain number of minutes has passed without having detected any presence, it dilates the time interval between two consecutive transmissions of a beacon, until a Bluetooth scanner signal coming from a further portable electronic device 100 enters the aforementioned proximity area again.
  • the Bluetooth scanner signals correspond to response signals s2 to identification request signals s1. In order to promote the facility with which such power is adjusted, the adjustment takes place via software.
  • the software adjustment of the transmission power level of the beacon 10 cannot be performed by a user through their own portable electronic device, but only through different devices. This reinforces the security of establishing the first communication channel as it strongly limits the people and/or devices authorised or that can be authorised to change the power.
  • the server environment 400 and the user environment are made unconnected with each other. This above all requires the presence of a mobile radio telephone network - if the portable electronic device 30 uses such infrastructure - or a WiFi or WiMax network or the like equipped with the respective gateway.
  • the correlation between the server environment 400 and the user environment 401 takes place when such user 20, through their portable electronic device, enters the correct access credentials on the latter.
  • the software application is configured to cause their immediate transmission from the portable electronic device 30 towards the server 300, using the second communication channel ⁇ 3 ⁇ 4 upon receiving such access credentials, the server 300 accesses the memory 301 and checks whether such access credentials correspond with the credentials of a previously memorised profile. Only in the positive case can the portable electronic device 30 provided to the user 20 realise an access means to the electronic data related to the machine 100. In the negative case, access to such data is prevented and the user - through their portable electronic device - cannot access the server 300 or access the beacon 10.
  • the portable electronic device 30 provided to the user 20 can access the machines
  • the portable electronic device 30 enters the area of the beacon 10 of a machine 100
  • the first univocal code related to the machine is received by the portable electronic device 30 of the user 20 and from this compared with the whitelist found on the memory 301 of the server.
  • the server environment and the user environment can be placed in communication (figure 4, arrow BA2).
  • the portable electronic device 30 of the user establishes a "bridge", in particular both a physical and logical bridge, of communication between the machine 100 and the server 300, where the radio transmitting device 10 is - and at operating process level switches from the first operating configuration - in a second operating configuration, distinct from the first configuration, whose data transceiving is therefore indirect and is made possible by the operating connection, previously described, which exists between the machine 100 and the server 300.
  • the indirect communication between the server (or the memory associated therewith) and the machine is therefore the sum of two direct point-to-point communications established by the first and by the second communication channel chi, chi2.
  • the beacon 10 transmits a private coding key towards said portable electronic device 30 which, through the software application, associates such private coding key to a second public key transmitted by the server 300 in a subsequent step.
  • the user data, the cryptography key of the server environment are compared with the user data, with the cryptography key of the server environment, generating the actual authentication procedure (blocks 402, 403).
  • the portable electronic device 30 provided to the user therefore realises a key correspondence control system which, if positive, allows the portable electronic device 30 to be used, through its own data connection towards the server 300, as a radio bridge for updating the machine data 100 on the server 300 and - likewise - for allowing the download and therefore the reception of data related to the machine 100 from the server 300 towards the device itself so as to facilitate the performance of the service and maintenance operations that the user has to implement on the machine (figure 4, blocks 404, 405; arrow BA3).
  • the server environment is able to manage the memorisation and analysis of the data (block 406, figure 4) while the user environment can manage and analyse (block 407, figure 4) the server 300 data.
  • the memory 301 resident on the server 300 there is therefore a database containing all the data collected by the machines and in particular the registers of all the human-object interactions, the scripts that, from the analysis of the collected data, lead to follow-ups (both independent operations through hardware devices, such as disconnecting the power supply in case of overheating, and alarm messages to enabled users - in the cases in which the human quality contribution is indispensable, such as for maintenance).
  • each user 20 can perform a plurality of operations, in particular access all the data related to the object that have been stored in the database memorised in the memory 301 of the server and advantageously draw up documents or fill in forms that will be saved directly in the database on the server 300 through a transmission specifically managed directly by the portable electronic device 30 of the user towards the server itself.
  • the user 20 can also impart commands to the machine 100.
  • Such imparting of commands implies secure transmission (encrypted or ciphered) of electronic data for sending commands from said portable electronic device 30 to the machine 100 which, in particular, takes place after generating or defining the private key for the machine 100 or for said electronic transmitting device 10 and after transmitting the private key to the portable electronic device 30, and after comparing the private key with the public key received from the portable electronic device 30.
  • the portable electronic device also becomes a remote servo-control for the machine 100, which transmits commands that cannot be banally intercepted.
  • said commands towards the machine 100 can be transmitted directly by the server 300, through the bridge established by the portable electronic device 30.
  • Such commands are commands
  • the user is invited to perform a logout on the software application run on their portable electronic device 30.
  • the software application which is still running, is configured to perform a step of transmitting and memorising on the memory 301 of the server 300 an automatic 'certification' on the in situ presence of the user 20, on the residence time of the actual user and on the new information that they may have loaded into the IT system, and the instructions that they have imparted to the machine 100.
  • the software application starts a software timer that is kept active and with an incremental time calculation that cannot be reset manually by the user until said logout takes place.
  • the electronic datum associated with the result of the time calculation at the time of logout is transmitted, through the second communication channel chi2 and still securely, towards the memory 301.
  • the portable electronic device provided to the user may even not operate correctly and, more in particular, may be subject to reception interruptions on the mobile radio network or the WiFi connection such as to jeopardise the stability of the logical connection between the machine 100 and the server 300 by means of the bridge established precisely by said portable electronic device 30.
  • the machines 100 may be in areas that cannot be reached by the field of the mobile telephone repeaters, e.g. because they are positioned in isolated or underground environments.
  • temporary technical failures can occur such as to cause a temporary interruption of the service and a drop of the second communication channel.
  • the Applicant has advantageously configured the software application to memorise any data transmitted by the machine 100 through the first communication channel towards the portable electronic device 30, advantageously exploiting part of the memory already present in the latter, and performing the re-transmission of the data updated on the second communication channel towards the memory 301 of the server 300 following the recovery of the second communication channel.
  • the procedure described above is performed automatically by the portable electronic device 30, in which - in case of interruption of the second communication channel - the software application is configured in a recovery attempt configuration for recovering the communication channel towards the server 300 such as to cause repeated attempts to re-establish the link with the latter.
  • the fact that such procedure is performed automatically allows the user not to be engaged with this activity and therefore leaves them to concentrate on their traditional maintenance and service operations on the machines.
  • the Applicant also observed that users operating in machine maintenance may also not have sufficient technical knowledge to understand the exact problem of the interruption of the connection with the server 300 and its recovery mode if manual. Therefore, the use of an automatic configuration for attempting to re-establish the second communication channel with the server 300 also allows the software application to be made adapted for use by non-expert personnel in the management and recovery of wireless connections with a remote data processing unit and memory.
  • the Applicant has observed that it is often necessary to check that the user performing the maintenance operation is effectively always present on the machine or not. This makes it possible to perform, for example, a more efficient time calculation and prevent misuse by maintenance users.
  • the Applicant has also observed that the presence of an interruption of the incremental calculation provided by the logout is not optimised for obviating the misuse drawback. Therefore, although optionally, the system of the present invention is also configured to cause a repeated electronic check of the presence of the portable electronic device 30 within the proximity area of the machine.
  • Such electronic presence check is operated by the electronic radio transmitting device 10 in automatic mode, at predetermined time intervals - by way of non- limiting example every 10 minutes - and is only launched when the first communication channel is already established. Equivalently, such repeated electronic check can be performed from the portable electronic device 30, e.g. by periodically checking the presence and quality of the connection with the electronic radio transmitting device 10.

Abstract

The present invention relates to an authentication method for users in proximity to a machine (100), said method comprising: - an electronic identification step for identifying a portable electronic device (30) univocally associated with a user (20), said electronic identification step being performed by an electronic radio transmitting device (10) installed on board, and/or on, said machine (100); - a step of receiving an identification request signal (s1) transmitted by said electronic radio transmitting device (10) followed by a step of transmitting an automatic response signal (s2) by said portable electronic device; - a step of receiving and/or transmitting on/from said portable electronic device (30) electronic data univocally associated with said machine (100), wherein said receiving/transmitting step comprises an electronic access for indirect reading and/or writing to a memory (301) remotely positioned with respect to said machine (100), wherein said receiving and/or transmitting step takes place automatically without any active action by said user on said portable electronic device (30).

Description

DESCRIPTION
"Authentication system for users in proximity to a machine and related method"
Field of the invention
The present invention relates in its general aspect to the sector of devices and methods of electronic authentication for users and in detail firstly concerns an authentication system for operations on machines, in particular an authentication system for users in proximity to a machine.
The present invention also concerns an authentication method for users in proximity to a machine.
Prior art
To date, the widespread distribution of machines, mainly machine tools and industrial machines, for the selling/retailer company has increased the need to keep a record of the machine itself. In particular when the machine is subject to warranty or a service/maintenance contract, selling companies need to keep closer records of the status of the machines sold. As the number of machines sold has increased, natural evolution has led to the establishment of an electronic register at least of the serial numbers and users of machines, meaning the customers.
In particular, the need felt by machine selling/retailer companies is that of keeping a record of the effective intervention on the machine by qualified personnel. Because of the large number of machines that the company often has to manage, it is difficult to keep a record of this information manually, which is time consuming and implies the risk of errors in manual operation, by way of non-limiting example, the entry of maintenance operation updating data into a database owned by the company itself, which has now become less manageable.
For example, document US 2009079537 describes a device that guarantees that a user only accesses the operations and functions that they are authorised to perform on the machine. From the technology available from such document it is not however possible to obtain a log of the operations performed on the machine itself.
Document US 2006026672 describes an industrial automation system that comprises a secure access device, an industrial automation device - representing the aforesaid machine - and a user interface associated with a security interface. Such user interface is configured to provide the user with the possibility to access data stored inside the industrial automation device. In particular, the secure interface is configured to receive information data from the access device and, based on such information data, provide authorisation for the user to access the data stored inside the industrial automation device.
The technology illustrated in this document has some disadvantages. Notably, the company responsible for managing the industrial automation device would not have the possibility to keep a record of the data on the various industrial machines in a centralised way, as the data are contained on the individual machine.
Nevertheless, the procedure illustrated in the above document is strongly manual. It therefore requires the user's intervention in order to access the security interface installed on the industrial automation device. JP 20061 19860 illustrates an authentication system for operations on industrial systems that comprises a means for authenticating an operator operating on a system by means of an univocal identification.
The object of the present invention is therefore that of describing a system and a method that advantageously enables the drawbacks described above to be solved.
Summary of the invention
According to the present invention, an authentication method for users in proximity to a machine is realised, said method comprising:
- an electronic identification step for identifying a portable electronic device univocally associated with a user, said electronic identification step being performed by an electronic radio transmitting device installed on board, and/or on, said machine;
- a step of receiving an identification request signal transmitted by said electronic radio transmitting device followed by a step of transmitting an automatic response signal by said portable electronic device;
- a step of receiving and/or transmitting on/from said portable electronic device electronic data univocally associated with said machine, wherein said receiving/transmitting step comprises an electronic access for indirect reading and/or writing to a memory remotely positioned with respect to said machine, wherein said receiving and/or transmitting step takes place automatically without any active action by said user on said portable electronic device.
According to a further preferred and non-limiting aspect of the present invention, said step of receiving the identification request signal comprises the reception of said identification request signal by said portable electronic device.
According to a further preferred and non-limiting aspect of the present invention, said electronic radio transmitting device is configured to automatically determine which portable electronic devices are in the immediate vicinity of the machine and/or said step of transmitting said automatic response signal by said electronic device allows said electronic radio transmitting device to map and/or determine the position of one or more portable electronic devices with respect to said machine.
According to a further preferred and non-limiting aspect of the present invention, said memory is a remotely positioned memory with respect to said machine and to said portable electronic device.
Said portable electronic device is preferably of any kind and not limited to an electronic device such as a smartphone on which a software application is installed or however run, specifically designed to allow and establish a remote data connection with an electronic transmitting device of a machine.
According to a further preferred and non-limiting aspect of the present invention, said method comprises a step of establishing a first communication channel at a short distance between said portable electronic device and said transmitting device.
Preferably, although in a non-limiting way, in said receiving/transmitting step on/from said portable electronic device, there is an indirect data transmission step between said machine and said memory. According to a further preferred and non-limiting aspect of the present invention, the first communication channel is a direct channel and, optionally, point-to-point.
According to a further preferred and non-limiting aspect of the present invention, said indirect data transmission exploits at least said first transmission channel.
According to a further preferred and non-limiting aspect of the present invention, said indirect transmission comprises establishing a second communication channel between said portable electronic device and said memory.
According to a further preferred and non-limiting aspect of the present invention, the indirect transmission exploits said first transmission channel and said second transmission channel.
According to a further preferred and non-limiting aspect of the present invention, said method comprises operatively connecting said electronic radio transmitting device with said machine so that between said electronic radio transmitting device and said machine the transmission of electronic data takes place or can take place, and said indirect transmission is performed by means of the operating connection between the electronic radio transmitting device and said machine, optionally on a distinct communication channel from said first communication channel and from said second communication channel.
In detail, said indirect data transmission step exploits said first communication channel and/or said portable electronic device as an intermediate bridge, and the machine and said memory represent extreme points of the logical connection established by means of said first communication channel and said second communication channel.
More in particular, in accordance with the present invention "indirect communication" means communication in which a data transceiver device operates as a bridge between two receiving devices, transmitters or transceivers, establishing and electronically managing two separate and distinct communication channels. More preferably, the two communication channels are wireless.
In particular, according to a preferred and non-limiting aspect of the present invention, said step of transmitting electronic data univocally associated with said machine takes place at the end of a maintenance procedure on said machine, performed by the user and owner of said portable electronic device.
According to a further aspect of the present invention, in said receiving/transmitting step on/from said portable electronic device of said data associated with said machine, said portable electronic device operates as a bridge in a data updating transmission procedure from said machine to said memory or between said machine and said memory.
Advantageously, indirect transmission, in which the portable electronic device operates as a bridge, allows the alignment of data between the machine and the database without needing to establish a longdistance connection between said machine and said memory.
According to a preferred and non-limiting aspect of the present invention, said electronic radio transmitting device operates in beacon mode. Advantageously, this contributes to making the association procedure between the portable electronic device and said machine automatic. According to a preferred and non-limiting aspect of the present invention, said method further comprises a step of creating an electronic association, for each portable electronic device, between a first identification code of said portable electronic device and a plurality of univocal identification codes, each associated with a specific machine.
Advantageously, in the operating context of the present invention, it is therefore possible to define on which machines a user can operate or not. This therefore allows a specific user - machine number or type association to be realised on which they can operate.
Such specific user - machine number or type association defines a specific whitelist for each user. According to a further preferred and non-limiting aspect of the present invention, said indirect data transmission is made possible and/or established when a verification step of said identification code of said portable electronic device with said whitelist provides a positive outcome.
In order to advantageously allow the connection between the portable electronic device and the machine(s) in accordance with the preceding consideration to be managed, according to a further preferred and non-limiting aspect of the present invention, said method further comprises a step of establishing said first communication channel between said portable electronic device and said electronic transmitting device when an identification code of the machine, transmitted by said portable electronic device, is in a whitelist previously stored for said portable electronic device.
Preferably although in a non-limiting way, such whitelist is stored in said memory.
Preferably although in a non-limiting way, such whitelist is updated on said portable electronic device by running a transmission step from said memory towards said portable electronic device.
According to a preferred and non-limiting aspect of the present invention, said portable electronic device is configured to perform a plurality of steps for checking the proximity with respect to said machine through a radio control on the connection established with said electronic transmitting device.
Advantageously, this allows a constant verification as to whether the user with whom the portable electronic device is associated is effectively in proximity to the machine or not.
According to a preferred and non-limiting aspect of the present invention, said receiving and/or transmitting step comprises a step of memorising the electronic data transmitted by said electronic transmitting device towards said portable electronic device.
Advantageously such solution makes it possible not to lose data that should be sent to the remote memory regardless of whether the portable electronic device has an active data connection with said memory or not.
According to a preferred and non-limiting aspect of the present invention, said memorisation step is a temporary memorisation step. Such solution may also be useful when the data connection with said memory is temporarily absent.
Such solution is also advantageously optimised by a step of establishing a second communication channel between said memory and said portable electronic device, wherein the second channel is different from said first communication channel. This is followed by a step of electronically checking a presence of said second communication channel between said data transmission device and said memory, and a subsequent step of transmitting said data towards said memory when said portable electronic device detects said presence of said second communication channel.
According to a preferred and non-limiting aspect of the present invention, said method comprises a step of generating or defining at least one private key for said machine or said electronic transmitting device, and a subsequent step of transmitting said private key to said portable electronic device.
Furthermore, said method comprises a step of transmitting a public key from said memory towards said portable electronic device.
Advantageously such solution allows an asymmetric key ciphering to be implemented in which the decoding intelligence is assigned to the portable electronic device.
More in particular, said transmission of said private key to said portable electronic device takes place automatically when a first communication channel is created between said portable electronic device and said transmitting device. Advantageously, such solution allows the user to be exonerated from the task of interacting with their portable device for checking the keys, and also ensures that such user does not have to know sensitive keys such as the private key.
According to a further preferred and non-limiting aspect of the present invention, said method comprises a step of checking access credentials entered by the user into said portable electronic device.
Preferably, such access credentials comprise at least one from a user name and/or password.
Alternatively, where possible, said access credentials comprise biometric data acquired through sensor means inherent to said portable electronic device.
According to a further aspect of the present invention, said method comprises a step of checking access credentials, wherein said portable electronic device electronically accesses said memory and verifies a correspondence between said access credentials and a plurality of access credentials previously memorised in said memory and each associated with a respective user.
More in particular, said step of checking access credentials takes place prior to said electronic identification step of said portable electronic device univocally associated with said user. Even more preferably, said step of checking access credentials takes place prior to said step of receiving an identification request signal transmitted by said electronic radio transmitting device followed by a step of transmitting an automatic response by said portable device.
More in particular, said step of checking access credentials takes place prior to said receiving/transmitting step on/from said portable electronic device of electronic data univocally associated with said machine.
Advantageously, this makes it possible to check whether the user equipped with the portable electronic device is effectively authorised to proceed before establishing the connection between the memory and the machine. According to a further aspect of the present invention, said method further comprises a step of transmitting commands from said portable electronic device to said machine. Advantageously, such a check allows the portable electronic device to be used as a remote servo-control for activating the machine.
According to the present invention, an authentication system for users in proximity to a machine is also realised, said system comprising:
- a software application adapted to be run on a portable electronic device univocally associated with a user;
- an electronic radio transmitting device adapted to be installed on board, and/or on, a machine, said electronic device having at least one first operating configuration in which it transmits an identification request signal and electronically and automatically identifies the portable electronic device on which said software application is run following a transmission of a response signal to said identification request signal, said response signal being automatically transmitted by said portable electronic device univocally associated with said user;
- wherein said software application causes the transmission of said response signal in automatic mode;
- and a server comprising a memory susceptible to having electronic data memorised relating to at least one machine equipped with said electronic radio transmitting device, said server being configured to receive and/or transmit to said portable electronic device electronic data univocally associated with said machine.
According to a preferred and non-limiting aspect of the present invention, said identification request signal is a signal transmitted in non-selective mode. More specifically, said signal is a signal transmitted in broadcast mode.
According to a further preferred and non-limiting aspect of the present invention, said electronic radio transmitting device is configured to be operatively connected to said machine.
In accordance with the present invention "non-selective signal" means a signal that does not incorporate a code or equivalent means or selective call signal adapted to be decoded by a sub-portion of a plurality of receiving devices that would otherwise be enabled for its reception and correct decoding.
Advantageously, the use of a signal transmitted in broadcast mode allows all portable electronic devices to be virtually able to establish the first communication channel with said at least one machine, without the need for complex interventions by the user.
According to a further preferred and non-limiting aspect of the present invention, said electronic radio transmitting device, in said first operating configuration, transmits said identification request signal and is subsequently configured automatically in a reception mode in which it is able to receive response signals coming from one or more portable electronic devices on which said application is installed.
In particular, this configuration is defined as beacon mode.
Preferably, although in a non-limiting way, said electronic radio transmitting device comprises a radio frequency front-end with adjustable transmission power.
Advantageously this allows the area of "proximity" of the user to said machine to be indirectly defined.
According to a further preferred and non-limiting aspect of the present invention, said electronic radio transmitting device comprises a software means for adjusting said transmission power. According to a further preferred and non-limiting aspect of the present invention, said electronic radio transmitting device is a short distance communication device.
Preferably although in a non-limiting way, "short distance" means wireless data transceiving on a local scale, however limited to a maximum of about 50m and even more preferably delimited to a maximum of 10m. The Applicant has observed that distance limitation allows there to be reasonable certainty of a "true proximity" of the user equipped with their portable electronic device to the machine itself.
Preferably although in a non-limiting way, said electronic transmitting device operates according to the Bluetooth standard, more preferably Bluetooth © Low Energy.
According to a further preferred and non-limiting aspect of the present invention, said system comprises a first short distance communication channel created between said electronic radio transmitting device and said portable electronic device, said first communication channel being established by means of said software application and a second long distance communication channel created between said portable electronic device and said server, said second communication channel being established by means of said software application.
More in particular, said portable electronic device is configured as an indirect intermediate communication bridge between said server and said machine, said indirect communication taking place on said first and on said second communication channel; in said indirect communication said reception and/or transmission of electronic data univocally associated with said machine takes place.
According to a further preferred and non-limiting aspect of the present invention, said system is configured to create indirect data transmission between said server, and/or said memory, and said machine, wherein said portable electronic device establishes an intermediate bridge in the establishment and/or maintenance of said indirect communication and/or comprises a second operating configuration in which said portable electronic device establishes said second communication channel between itself and said server and/or said memory, said second communication channel allowing and/or establishing an indirect communication between said machine or said electronic radio transmitting device and said server and/or said memory.
According to a preferred and non-limiting aspect of the present invention, said system is configured to perform the transmission of said electronic data univocally associated with said machine from said portable electronic device towards said server; such transmission takes place at the end of a maintenance procedure on said machine, performed by the user and owner of said portable electronic device.
In detail, the end of said maintenance procedure on said machine corresponds with a logout action of said user from the software application installed on board, and/or on, said portable electronic device.
According to a preferred and non-limiting aspect of the present invention, said system comprises an electronic association, for each portable electronic device, between a first identification code of said portable electronic device and a plurality of univocal identification codes, each associated with a specific machine, wherein such specific user - machine number or type association defines a specific whitelist for each user defines a whitelist for each user. Such user - machine number or type association defines a specific whitelist for each user.
According to a preferred and non-limiting aspect of the present invention, said whitelist is electronically memorised on said memory.
According to a preferred and non-limiting aspect of the present invention, said portable electronic device is configured to perform a plurality of steps for checking the proximity with respect to said machine through a radio control on the connection established with said electronic transmitting device.
Advantageously, this allows a constant verification as to whether the user with whom the portable electronic device is associated is effectively in proximity to the machine or not.
According to a preferred and non-limiting aspect of the present invention, said system is configured to perform the temporary memorisation of electronic data transmitted by said electronic transmitting device towards said portable electronic device.
According to a further preferred and non-limiting aspect of the present invention, said indirect communication is a ciphered communication. More in particular, said ciphering takes place both on the first communication channel and on the second communication channel.
According to a preferred and non-limiting aspect of the present invention, in said system at least one private key for said machine or said electronic transmitting device is generated or defined, and there is a subsequent step of transmitting said private key to said portable electronic device.
Furthermore, in said system said electronic radio communication device performs the transmission of a public key from said memory towards said portable electronic device.
According to a further preferred and non-limiting aspect of the present invention, said system is configured to check access credentials entered by the user into said portable electronic device.
Alternatively, where possible, said access credentials comprise biometric data acquired through sensor means inherent to said portable electronic device.
According to a further aspect of the present invention, said electronic radio communication device can be configured in a second operating mode in which it can receive commands from said portable electronic device to said machine.
In the present description the following definitions are applied.
"Portable electronic device" means any electronic device adapted to be worn and/or carried by a user and provided with a radio frequency stage such as to be able to realise at least a temporary connection for transmitting and receiving electronic data on a mobile telephone network or a long distance wireless network.
"Data connection channel" means a wireless communication channel on which electronic data travel in two directions from and towards electronic devices. Preferably, such data connection channel is a data connection on a mobile telephone network, or even a WLAN connection.
"Identification request signal" and "response signal" mean electromagnetic signals transmitted by a transmitter device to a receiver device. "Logical connection or logical link" means a connection for transmitting data that exploits a channel between said first or second data connection channel, between a first and a second device; the logical connection or link can comprise different levels of the OSI model.
"Radio beacon" means an electronic device provided with a radiofrequency front-end adapted to transmit a radio recognition signal automatically and in a substantially repetitive or continuous way.
Description of the figures
These and other characteristics of the invention will be further described with reference to one or more preferred and non-limiting embodiments of the present invention, to which the following description portion refers and with reference to the appended figures, in which:
- figure 1 illustrates a block diagram of a preferred and non-limiting embodiment of the system according to the present invention;
- figure 2 illustrates a further - conceptual - diagram of the embodiment of the invention according to figure 1 ;
- figure 3 illustrates a logical connection block diagram between a first user environment and a second server environment, in the performance of the method according to the present invention.
Detailed description of the invention
As briefly mentioned in the preceding portion of text, the present invention was conceived in order to realise a system that allows a plurality of users to substantially automatically access one or more machine tools or industrial machines so as to perform operations, for example maintenance, allowing records to be kept of the updates or maintenance operations that are performed on each machine so as to have a database of information, that is centralised and constantly up to date, in relation to the aforesaid machines.
As represented in figure 1 and in figure 2, the system according to the present invention comprises: a plurality of machines, for example and not limited to packaging machines or lathes and therefore industrial machines, or household electric appliances such as ovens or fridges, identified with reference number 100 and each arranged in its own position hence also at a notable distance from each other; a plurality of portable electronic devices 30 each provided to a respective user 20; and a server 300, remotely positioned with respect to the machines 100 and the users 20, in which electronic information related to the aforesaid machines is memorised according to the methods and terms described better below.
Although such characteristic must not be interpreted as being limiting in terms of the scope of the present invention, such server 300 is a private server. The Applicant has found that the use of a private server improves performance in terms of security in the management of the electronic communications that take place in the system.
Each machine 100 also comprises, in addition to its own useful devices for performing the task for which it was originally conceived, a radio transmitting device that operates like a radio beacon 10, therefore using transmission without selective calling preambles and, therefore, operating in broadcast mode. The beacon, which preferably operates in UHF band, at a frequency in the order of 2-3GHz and according to the Bluetooth Low Energy standard, is coupled to a suitable antenna 11 for transmitting a signal over a short distance.
Preferably, but in a non-limiting way, the radio beacon 10 is operatively connected with the machine 100, in particular electrically connected or connected with a wireless channel so as to be able to establish data transceiving with the latter.
The system according to the present invention is based on a plurality of logical connections that take place according to a well determined sequence in order to provide automatic and guided access of the user 20 on the specific machine in the performance of maintenance or other emergency operations.
At least one data processing unit operates on the server 300, which, according to known configurations to a person skilled in the art, may be a general purpose type processor or a dedicated processor.
The server 300, remotely positioned with respect to the machine and the portable electronic devices 30 provided to users 20 further comprises a memory 301 in which the following are memorised:
- access credentials for each user 20, in the case in question a username and password pair, or biometric data that can advantageously be found through the sensors of the portable electronic device 30;
- a whitelist, in which for each user 20, i.e. for each access credential, a list of machines 100 is associated which the specific user 20 is authorised to access;
- a plurality of univocal identification codes of each machine 100, transmitted by the beacon 10 through the antenna 11 , in which such univocal identification codes of each machine 100 are used to create the aforesaid whitelist; and
- a plurality of univocal identification codes for each of said portable electronic devices 30.
Such memory 301 further comprises a plurality of public keys that are transmitted towards the portable electronic devices 30 of the users.
The exchange of electronic information or data in two directions between the memory 301 and the machine 100 takes place by means of the portable electronic device 30, which in a preferred and non-limiting embodiment of the present invention comprises a smartphone onto which a specific software application is loaded.
Such software application, when run on said phone, advantageously allows a first communication channel chi to be established between the machine 100 and the portable electronic device 30 itself and, subsequently, a second communication channel chi2 between said portable electronic device 30 and the server 300. In particular, the first communication channel chi and the second communication channel chi2, both radio and therefore wireless, are distinguished from each other by different types.
The procedure of waiting for a response signal by a portable electronic device for the establishment of the first communication channel ch1 between the machine 100 and the portable electronic device 30 realises a first operating configuration for the electronic device itself.
In fact, while the first communication channel chi relates to a short distance communication, the second communication channel chi2 implies the creation of logical links on a network with a larger size and capacity, preferably on a mobile radio communication channel (GSM or evolutions) or on WiFi or WiMax, with a remote device - i.e. the server 300. Such differentiation, especially in relation to the first communication channel chi allows each portable electronic device 30 to be made visible for the related machine 100 - and vice versa - only when they are in relative proximity to each other.
Therefore, while the first channel is a communication channel in which the connection between the electronic radio transmitting device 10 and the portable electronic device 30 is direct from a logical point of view, of the point-to-point type, and without the interposition of signal re-transmission means, in the second communication channel the transceiving of electronic data takes place on an indirect connection, meaning in this sense that between the portable electronic device 30 and the server 300 there is an intermediate signal re-transmission means such as, by way of non-limiting example, BTS, MSC or BSC in the case of radio communication on a mobile telephone network or modem, switch, router, in the case of transmission on a WiFi network.
Preferably, although in a non-limiting way, establishing the first communication channel chi is only possible when the user 20 is in proximity to said machine 100 or machines 100, in particular on the machines on which they are authorised to operate. When the first communication channel is established, such first communication channel chi is kept active for the entire duration of the operation of the user 20 on the machine 100, i.e. for the whole duration of the period of time in which their portable electronic device 30 is in proximity to the machine 100. Optionally, when the first communication channel chi has been established between a particular portable electronic device 30 and a particular machine 100, it is no longer possible for further electronic devices to be able to establish further connections on the electronic radio transmitting device 10.
In detail the beacon 10 of the machine 100 continues to transmit its univocal identification code in defined time intervals until a portable electronic device 30 enters the range of action. Such univocal identification code is entered in an identification request signal s1 of mobile devices that is transmitted from the beacon 10 towards the various portable electronic devices 30 that can be associated with the system. Preferably it is configured to transmit following the Bluetooth Low Energy standard and/or in "broadcast" and therefore not selective mode. In particular, the beacon 10 comprises a small processor or programmable data processing unit in order to define an area within which the user with their own portable electronic device 100 can be located for establishing the first communication channel chi. In particular, the beacon 10 has a variable power radio frequency front-end, preferably but not limited to between -22dBm and +8dBm in accordance with which the size of such area is indirectly defined. The beacon 10 can further be provided with an energy saving system which is configured for "listening" for the presence of Bluetooth scanner signals coming from portable electronic devices 30 in the area previously indirectly defined, and after a certain number of minutes has passed without having detected any presence, it dilates the time interval between two consecutive transmissions of a beacon, until a Bluetooth scanner signal coming from a further portable electronic device 100 enters the aforementioned proximity area again. The Bluetooth scanner signals correspond to response signals s2 to identification request signals s1. In order to promote the facility with which such power is adjusted, the adjustment takes place via software. The software adjustment of the transmission power level of the beacon 10 cannot be performed by a user through their own portable electronic device, but only through different devices. This reinforces the security of establishing the first communication channel as it strongly limits the people and/or devices authorised or that can be authorised to change the power.
Until a mutual recognition between the beacon 10, the user 20 through their own portable electronic device 30 and the server 300 has been electronically verified, as illustrated in figure 4, the server environment 400 and the user environment are made unconnected with each other. This above all requires the presence of a mobile radio telephone network - if the portable electronic device 30 uses such infrastructure - or a WiFi or WiMax network or the like equipped with the respective gateway.
The correlation between the server environment 400 and the user environment 401 takes place when such user 20, through their portable electronic device, enters the correct access credentials on the latter. When such access credentials are entered, the software application is configured to cause their immediate transmission from the portable electronic device 30 towards the server 300, using the second communication channel οΙ¾ upon receiving such access credentials, the server 300 accesses the memory 301 and checks whether such access credentials correspond with the credentials of a previously memorised profile. Only in the positive case can the portable electronic device 30 provided to the user 20 realise an access means to the electronic data related to the machine 100. In the negative case, access to such data is prevented and the user - through their portable electronic device - cannot access the server 300 or access the beacon 10.
In the positive case, the portable electronic device 30 provided to the user 20 can access the machines
100 - and therefore the beacons 10 - for which it is in the whitelist. Specifically, when the portable electronic device 30 enters the area of the beacon 10 of a machine 100, the first univocal code related to the machine is received by the portable electronic device 30 of the user 20 and from this compared with the whitelist found on the memory 301 of the server. In the event that the univocal code of the machine 100 is within the whitelist for the specific user (comparison with positive outcome), which is a sign that the user 20 is enabled to operate on the machine 100, the server environment and the user environment can be placed in communication (figure 4, arrow BA2). At this point the portable electronic device 30 of the user establishes a "bridge", in particular both a physical and logical bridge, of communication between the machine 100 and the server 300, where the radio transmitting device 10 is - and at operating process level switches from the first operating configuration - in a second operating configuration, distinct from the first configuration, whose data transceiving is therefore indirect and is made possible by the operating connection, previously described, which exists between the machine 100 and the server 300. The indirect communication between the server (or the memory associated therewith) and the machine is therefore the sum of two direct point-to-point communications established by the first and by the second communication channel chi, chi2.
The procedures described above take place automatically, i.e. without the user having to interact with the software application being run on their portable electronic device. In order to guarantee secure communication between the devices in play, a security protocol with an asymmetric key is advantageously implemented. In particular, the beacon 10 at this point transmits a private coding key towards said portable electronic device 30 which, through the software application, associates such private coding key to a second public key transmitted by the server 300 in a subsequent step. The user data, the cryptography key of the server environment are compared with the user data, with the cryptography key of the server environment, generating the actual authentication procedure (blocks 402, 403).
The portable electronic device 30 provided to the user therefore realises a key correspondence control system which, if positive, allows the portable electronic device 30 to be used, through its own data connection towards the server 300, as a radio bridge for updating the machine data 100 on the server 300 and - likewise - for allowing the download and therefore the reception of data related to the machine 100 from the server 300 towards the device itself so as to facilitate the performance of the service and maintenance operations that the user has to implement on the machine (figure 4, blocks 404, 405; arrow BA3). In this way, the server environment is able to manage the memorisation and analysis of the data (block 406, figure 4) while the user environment can manage and analyse (block 407, figure 4) the server 300 data.
Preferably, on the memory 301 resident on the server 300 there is therefore a database containing all the data collected by the machines and in particular the registers of all the human-object interactions, the scripts that, from the analysis of the collected data, lead to follow-ups (both independent operations through hardware devices, such as disconnecting the power supply in case of overheating, and alarm messages to enabled users - in the cases in which the human quality contribution is indispensable, such as for maintenance).
Through the use of the software application, each user 20 can perform a plurality of operations, in particular access all the data related to the object that have been stored in the database memorised in the memory 301 of the server and advantageously draw up documents or fill in forms that will be saved directly in the database on the server 300 through a transmission specifically managed directly by the portable electronic device 30 of the user towards the server itself.
According to a preferred and non-limiting embodiment of the present invention, through the portable electronic device 30 the user 20 can also impart commands to the machine 100. Such imparting of commands implies secure transmission (encrypted or ciphered) of electronic data for sending commands from said portable electronic device 30 to the machine 100 which, in particular, takes place after generating or defining the private key for the machine 100 or for said electronic transmitting device 10 and after transmitting the private key to the portable electronic device 30, and after comparing the private key with the public key received from the portable electronic device 30. In this way, advantageously, the portable electronic device also becomes a remote servo-control for the machine 100, which transmits commands that cannot be banally intercepted.
Alternatively, said commands towards the machine 100 can be transmitted directly by the server 300, through the bridge established by the portable electronic device 30. Such commands are commands At the end of the operations, the user is invited to perform a logout on the software application run on their portable electronic device 30. When such logout is performed, the software application, which is still running, is configured to perform a step of transmitting and memorising on the memory 301 of the server 300 an automatic 'certification' on the in situ presence of the user 20, on the residence time of the actual user and on the new information that they may have loaded into the IT system, and the instructions that they have imparted to the machine 100. From an operating point of view, when the access credentials are entered, in the portable electronic device 30 the software application starts a software timer that is kept active and with an incremental time calculation that cannot be reset manually by the user until said logout takes place. The electronic datum associated with the result of the time calculation at the time of logout is transmitted, through the second communication channel chi2 and still securely, towards the memory 301.
The Applicant realised that, in certain circumstances and environments, the portable electronic device provided to the user may even not operate correctly and, more in particular, may be subject to reception interruptions on the mobile radio network or the WiFi connection such as to jeopardise the stability of the logical connection between the machine 100 and the server 300 by means of the bridge established precisely by said portable electronic device 30. In fact, the machines 100 may be in areas that cannot be reached by the field of the mobile telephone repeaters, e.g. because they are positioned in isolated or underground environments. Likewise - both on the mobile network and on WiFi networks - temporary technical failures can occur such as to cause a temporary interruption of the service and a drop of the second communication channel. In order not to allow the interruption of the system operation, and however to allow the updating capacity of the database contained in the memory 301 of the server 300 and the rest of the functionalities of the system previously described to be maintained unaltered, the Applicant has advantageously configured the software application to memorise any data transmitted by the machine 100 through the first communication channel towards the portable electronic device 30, advantageously exploiting part of the memory already present in the latter, and performing the re-transmission of the data updated on the second communication channel towards the memory 301 of the server 300 following the recovery of the second communication channel.
The procedure described above is performed automatically by the portable electronic device 30, in which - in case of interruption of the second communication channel - the software application is configured in a recovery attempt configuration for recovering the communication channel towards the server 300 such as to cause repeated attempts to re-establish the link with the latter.
Advantageously, the fact that such procedure is performed automatically, allows the user not to be engaged with this activity and therefore leaves them to concentrate on their traditional maintenance and service operations on the machines. In noting this advantage, the Applicant also observed that users operating in machine maintenance may also not have sufficient technical knowledge to understand the exact problem of the interruption of the connection with the server 300 and its recovery mode if manual. Therefore, the use of an automatic configuration for attempting to re-establish the second communication channel with the server 300 also allows the software application to be made adapted for use by non-expert personnel in the management and recovery of wireless connections with a remote data processing unit and memory.
Finally, the Applicant has observed that it is often necessary to check that the user performing the maintenance operation is effectively always present on the machine or not. This makes it possible to perform, for example, a more efficient time calculation and prevent misuse by maintenance users. The Applicant has also observed that the presence of an interruption of the incremental calculation provided by the logout is not optimised for obviating the misuse drawback. Therefore, although optionally, the system of the present invention is also configured to cause a repeated electronic check of the presence of the portable electronic device 30 within the proximity area of the machine. Such electronic presence check is operated by the electronic radio transmitting device 10 in automatic mode, at predetermined time intervals - by way of non- limiting example every 10 minutes - and is only launched when the first communication channel is already established. Equivalently, such repeated electronic check can be performed from the portable electronic device 30, e.g. by periodically checking the presence and quality of the connection with the electronic radio transmitting device 10.
Finally, it is clear that additions, modifications or variations may be applied to the subject matter of the present invention that are obvious to a person skilled in the art without departing from the scope provided by the appended claims.

Claims

1. An authentication method for users in proximity to a machine (100), said method comprising:
- an electronic identification step for identifying a portable electronic device (30) univocally associated with a user (20), said electronic identification step being performed by an electronic radio transmitting device (10) installed on board, and/or on, said machine (100);
- a step of receiving an identification request signal (s1) transmitted by said electronic radio transmitting device (10) followed by a step of transmitting an automatic response signal (s2) by said portable electronic device;
- a step of receiving and/or transmitting on/from said portable electronic device (30) electronic data univocally associated with said machine (100), wherein said receiving/transmitting step comprises an electronic access for indirect reading and/or writing to a memory (301) remotely positioned with respect to said machine (100), wherein said receiving and/or transmitting step takes place automatically without any active action by said user on said portable electronic device (30).
2. The method according to claim 1 , further comprising a step of establishing a first communication channel (ch1) at a short distance between said portable electronic device (30) and said electronic radio transmitting device (10).
3. The method according to claim 1 or claim 2 wherein in said receiving/transmitting step on/from said portable electronic device, there is an indirect data transmission step between said machine (100) and said memory (301).
4. The method according to claim 2 and 3, wherein said indirect transmission comprises establishing a second communication channel (ch2) between said portable electronic device (30) and said memory (301) and/or wherein the method comprises a step of establishing a second communication channel between said portable electronic device (30) and said memory (301);
the indirect transmission exploiting said first transmission channel (ch1) and said second transmission channel (ch2).
5. The method according to claim 3 or 4 wherein in said receiving and/or transmitting step on/from said portable electronic device (30) of said data associated with said machine (100), said portable electronic device (30) operates as a bridge in a data updating transmission procedure from said machine (100) to said memory (301).
6. The method according to claim 4, comprising operatively connecting said electronic radio transmitting device (30) with said machine (100) so that between said electronic radio transmitting device (30) and said machine (100) the transmission of electronic data takes place or can take place, and said indirect transmission is performed by means of the operating connection between the electronic radio transmitting device (30) and said machine (10), optionally on a distinct communication channel from said first communication channel (ch1) and from said second communication channel.
7. The method according to one or more of the preceding claims, further comprising a step of creating an electronic association, for each portable electronic device (30), between a first identification code of said portable electronic device (30) and a plurality of univocal identification codes, each associated with a specific machine (100).
8. The method according to one or more of the preceding claims when dependent on claim 2, further comprising a step of establishing said first communication channel (ch1) between said portable electronic device (30) and said electronic transmitting device (10) whenever an identification code identifying the machine (100), transmitted by said portable electronic device, is in a whitelist previously memorised for said portable electronic device (30).
9. The method according to any one of the preceding claims, wherein said portable electronic device (30) or said radio transmitting device (10) are configured to perform a plurality of steps for checking the proximity with respect to said machine (10) through a radio control on the connection established with said electronic transmitting device.
10. The method according to claim 1 , wherein said receiving and/or transmitting step comprises a step of memorising the electronic data transmitted by said electronic radio transmitting device (10) towards said portable electronic device (30).
11. The method according to claim 10, comprising a step of establishing a second communication channel (ch2) between said memory (301) and said portable electronic device (30), said method further comprising a step of electronically checking a presence of said second communication channel (ch2) between said data transmitting device and said memory, and a subsequent step of transmitting said data towards said memory whenever said portable electronic device detects said presence of said data connection channel.
12. The method according to claim 11, further comprising a step of generating or defining at least one private key for said machine (100) or said electronic radio transmitting device (10), and a subsequent step of transmitting said private key to said portable electronic device (30); said method further comprising a step of transmitting a public key from said memory to said portable electronic device (30).
13. The method according to claim 12, wherein said transmission of said private key to said portable electronic device takes place automatically when said first communication channel (ch1) is created between said portable electronic device (30) and said electronic radio transmitting device (10).
14. The method according to any one of the preceding claims, further comprising a step of checking access credentials, wherein said portable electronic device (30) electronically accesses said memory (300) and verifies a correspondence between said access credentials and a plurality of access credentials previously memorised in said memory (301) and each associated with a respective user.
15. The method according to claim 14, wherein said step of checking access credentials takes place prior to said step of electronically identifying said portable electronic device (30) univocally associated with said user and prior to said step of receiving an identification request signal transmitted by said electronic radio transmitting device (10) followed by a step of transmitting an automatic response by said portable device (30) and further comprising a step of transmitting commands from said portable electronic device to said machine.
16. An authentication system for users in proximity to a machine, said system comprising:
- a software application adapted to be run on a portable electronic device (30) univocally associated with a user (20);
- an electronic radio transmitting device (10) adapted to be installed on board, and/or on, a machine, said electronic device having at least one first operating configuration in which it transmits an identification request signal (s1) and electronically and automatically identifies the portable electronic device (30) on which said software application is run following a transmission of a response signal (s2) to said identification request signal (s1), said response signal (s2) being automatically transmitted by said portable electronic device (30) univocally associated with said user;
- wherein said software application causes the transmission of said response signal (s2) in automatic mode;
- and a server (300) comprising a memory (301) susceptible to having electronic data memorised relating to at least one machine (100) equipped with said electronic radio transmitting device (10), said server (300) being configured to receive and/or transmit to said portable electronic device (300) electronic data univocally associated with said machine (10).
17. The system according to claim 16 wherein said identification request signal (s1) is a signal transmitted in non-selective mode and/or wherein said electronic radio transmitting device (30) is configured to be operatively connected to said machine (100); said system being configured to create indirect data transmission between said server (300), and/or said memory (301), and said machine (100), wherein said portable electronic device establishes an intermediate bridge in the establishment and/or maintenance of said indirect communication.
18. The system according to claim 16 or 17, comprising a second operating configuration in which said portable electronic device (30) establishes said a second communication channel (ch2) between itself and said server (300) and/or said memory (301), said second communication channel (ch2) allowing and/or establishing an indirect communication between said machine or said electronic radio transmitting device (10) and said server (300) and/or said memory (301).
19. The system according to claim 17 or 18, wherein said electronic radio transmitting device (10), in said first operating configuration, transmits said identification request signal (s1) and is subsequently configured automatically in a reception mode in which it is able to receive response signals (s2) coming from one or more portable electronic devices (30) on which said application is installed, wherein said electronic radio transmitting device (10) comprises a radio frequency front-end with adjustable transmission power.
20. The system according to any one of the preceding claims 17-19, comprising a first short distance communication channel (ch1) created between said electronic radio transmitting device (10) and said portable electronic device (30), said first communication channel being established by means of said software application and a second long distance communication channel (ch2) created between said portable electronic device (30) and said server (10), said second communication channel being established by means of said software application.
21. The system according to any one of claims 17-20, comprising an electronic association, for each portable electronic device (30), between a first identification code of said portable electronic device and a plurality of univocal identification codes, each associated with a specific machine, wherein such specific user - machine number or type association defines a specific whitelist for each user defines a whitelist for each user and wherein said portable electronic device (30) or said electronic radio transmitting device (10) are configured to periodically perform in automatic mode a proximity check of said portable electronic device (30) with respect to said machine through a radio control on the connection established with said electronic transmitting device.
PCT/IB2018/054534 2017-06-21 2018-06-20 Authentication system for users in proximity to a machine and related method WO2018235007A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT102017000069300A IT201700069300A1 (en) 2017-06-21 2017-06-21 User authentication system in the vicinity of a machine and associated method
IT102017000069300 2017-06-21

Publications (1)

Publication Number Publication Date
WO2018235007A1 true WO2018235007A1 (en) 2018-12-27

Family

ID=60182951

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/054534 WO2018235007A1 (en) 2017-06-21 2018-06-20 Authentication system for users in proximity to a machine and related method

Country Status (2)

Country Link
IT (1) IT201700069300A1 (en)
WO (1) WO2018235007A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113382943A (en) * 2019-03-28 2021-09-10 因温特奥股份公司 Method and system for enabling a communications gateway

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060026672A1 (en) * 2004-07-29 2006-02-02 Rockwell Automation Technologies, Inc. Security system and method for an industrial automation system
EP2077473A1 (en) * 2007-09-10 2009-07-08 Fisher-Rosemount Systems, Inc. Location dependent control access in a process control system
EP2927854A1 (en) * 2014-04-04 2015-10-07 Rockwell Automation Technologies, Inc. Industrial-enabled mobile device
WO2016179377A1 (en) * 2015-05-05 2016-11-10 The Lake Companies, Inc System and method for monitoring and controlling a manufacturing environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060026672A1 (en) * 2004-07-29 2006-02-02 Rockwell Automation Technologies, Inc. Security system and method for an industrial automation system
EP2077473A1 (en) * 2007-09-10 2009-07-08 Fisher-Rosemount Systems, Inc. Location dependent control access in a process control system
EP2927854A1 (en) * 2014-04-04 2015-10-07 Rockwell Automation Technologies, Inc. Industrial-enabled mobile device
WO2016179377A1 (en) * 2015-05-05 2016-11-10 The Lake Companies, Inc System and method for monitoring and controlling a manufacturing environment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113382943A (en) * 2019-03-28 2021-09-10 因温特奥股份公司 Method and system for enabling a communications gateway
CN113382943B (en) * 2019-03-28 2023-12-19 因温特奥股份公司 Method and system for enabling a communication gateway

Also Published As

Publication number Publication date
IT201700069300A1 (en) 2018-12-21

Similar Documents

Publication Publication Date Title
US10992672B2 (en) System and method for automatic wireless network authentication
AU2020244502B2 (en) Remote monitoring and control system for a barrier operator
EP3314977B1 (en) Systems, methods, and apparatus to configure embedded devices
US9832173B2 (en) System and method for securely connecting network devices
EP2798887B1 (en) Low cost proximity pairing mechanism in wireless personal area networks
US20180152420A1 (en) System and method for securely connecting network devices
US20130090057A1 (en) System And Method For Validating A Detachable Antenna
JP6800881B2 (en) Systems and methods for accurately detecting the user's position in the IoT system
EP3449656A1 (en) Network access control
EP3123665B1 (en) Network node security using short range communication
WO2018235007A1 (en) Authentication system for users in proximity to a machine and related method
EP3664408B1 (en) Communication system and method for authorizing an appliance
US20060058053A1 (en) Method for logging in a mobile terminal at an access point of a local communication network, and access point and terminal for carrying out the method
EP3007095B1 (en) System and method of pairing wireless sensors with an access point control panel
CN110063052A (en) Confirm the method and system of BLUETOOTH* pairing
CN113841185A (en) System and method for a doorbell device to initiate a state change of an access control device and/or control panel in response to two-factor authentication
KR102271329B1 (en) Method for Accessing Network by using Near Field Communication
KR101542102B1 (en) Method and system for providing security service using wireless data communication
US20240144761A1 (en) Security system for a moveable barrier operator
US20220292899A1 (en) Multi-factor facility access and control
KR101536595B1 (en) Visitor Certification Method by Using Sound Wave Data Communication and OTP and Visitor Certification System thereof
KR102271332B1 (en) Method for Accessing Network by using Bluetooth

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18739949

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18739949

Country of ref document: EP

Kind code of ref document: A1