DE102015222411A1 - Data exchange between a lighting device and a mobile terminal - Google Patents

Abstract

The invention relates to a lighting system (100) comprising a mobile terminal (14) and a lighting device (12), which is designed for data exchange with the mobile terminal (14). The illumination device (12) comprises a data storage unit (11) which is designed to provide location-specific measured value data and / or identification data of the illumination device (12), an encryption unit for encrypting the location-specific measured value data and / or identification data (ID) of the illumination device (12) a message (code) with a first key (EKey), and a transmitting unit (13, 16) for sending the encrypted message (code) to the mobile terminal (14), the mobile terminal (14) being adapted to transmit the transmitted Message (code) to receive. The invention further relates to a method for data exchange between a lighting device (12) and a mobile terminal (14). The method includes providing location-specific measured value data and / or identification data (ID) of the illumination device (12), encrypting this data into a message (code) with a first key (EKey) by the illumination device (12), sending the encrypted message (code) to the mobile terminal (14) by the illumination device (12), and receiving the sent message (code) by the mobile terminal (14).

Description

The invention relates to a lighting system according to the preamble of claim 1. Furthermore, the invention relates to a method according to the preamble of claim 15.

Known systems for data exchange between a lighting device and a mobile terminal based on the transmission of a unique light identification information (LID), which can be received and detected using a mobile terminal. In this context, the WO 2015/148696 A1 Position-based action techniques using light-based communication. Light-based communication signals may be used to encode or otherwise provide data which, in turn, may be used to determine the position of a device receiving these signals. Therefore, light-based communication can be used to facilitate various actions, for example, based on the position of a light-based communication receiver, which has been determined using data received via the light-based communication signals. There are numerous use cases for location-based actions involving light-based communication such as security applications, check-in applications, location-based payment transactions, and permissions and access to information that can all be localized. Actions may include temporarily disabling or enabling light-based communications receiver hardware or software, such as disabling device cameras in high-security areas, providing another layer of security and using the location of the light-based communications receiver as part of a larger process.

In this context, further from the EP 1 263 150 B1 a data transmission system with a local beacon is known, on the one hand with communicating and / or information transmitting infrastructure facilities, such as a central service server or the Internet, and / or communicating with one or more other local beacons in communication and on the other side for wireless communication connection with one or more, located in their environment end devices a combined transmitting / receiving device or in special cases only a pure transmitting device and which is arranged in, at or at the location of an electric lighting device. The local beacon is provided with an intelligently operated memory and / or processing functionality related to the data to be transmitted wirelessly, wherein the memory functionality of the local beacon is to hold information so that this information is then multiple times to users equipped with a suitable terminal can be issued without having to be retrieved by the infrastructure facilities each time, and that the processing functionality is that certain processing operations otherwise performed in a central processing unit of the infrastructure facilities or in the terminal itself are outsourced to the local beacon become.

Such known systems require a considerable effort in the construction of the infrastructure, so that it is desirable for an operator of such a lighting system that users resort to his services.

It is therefore an object of the present invention to provide a lighting system and a method in which it is ensured that a lighting device can only be operated together with one or more predetermined terminals. This object is achieved by a lighting system having the features of patent claim 1 and by a method having the features of patent claim 15. Advantageous developments of the present invention are the subject matter of the dependent claims.

The invention relates to a lighting system comprising a mobile terminal and a lighting device, which is designed for data exchange with the mobile terminal.

According to the invention, the illumination system is further developed in that the illumination device comprises a data storage unit which is designed to provide location-specific measured value data and / or identification data of the illumination device. In this case, the illumination system further comprises an encryption unit for encrypting the location-specific measured value data and / or identification data of the illumination device in a message with a first key, and a transmitting unit for sending the encrypted message to the mobile terminal, wherein the mobile terminal is adapted to the transmitted message to recieve.

The inventors have recognized that, in particular, static identification data (ID) transmitted by one lighting system can also be read out and used by others. The identification data can thus be read out by a third party and entered into separate maps, so that a link between identification data and position arises. Consequently Services may be developed by third parties without having to set up their own system of information and transmission resources, or to contribute to the costs of the existing infrastructure. Thus, this service is no longer exclusive to the one who finances the system and the infrastructure.

Identification data and / or measurement data, which are bound to an installation location of the illumination device, are therefore no longer freely accessible according to the invention, but are transmitted in encrypted form.

Preferably, the transmitting unit may be a part of the illumination device, in particular a constructively connected to the illumination device component. However, it can also be provided that the transmission unit belonging to the illumination unit is arranged outside the illumination device, wherein there is a data connection between the illumination device and the transmission unit, preferably a wired data connection. The encryption unit may be part of the illumination device and / or the transmission unit, wherein preferably the encryption unit is part of the illumination device, and thus the measured value data and / or identification data are already transmitted in encrypted form to the transmission unit. The encryption unit can be realized, for example, as a program module on a program-controlled computing unit, for example on a microprocessor or microcontroller. The illumination device particularly preferably comprises a program-controlled data processing unit which comprises both the data storage unit and the encryption unit.

The mobile terminal is preferably a smartphone, a tablet PC or a laptop.

The identification data is, for example, a static identification number (ID), for example, this may be a manufacturer-assigned serial number of the illumination device. Identification data may further characterize an installation location of the illumination device, for example by geographical coordinates or by the construction of the corresponding building in which the illumination system is installed, dependent value specifications, preferably hierarchically in the building part, floor, corridor, room number or depending on a building-specific own coordinate system.

Measured value data can be obtained, for example, from sensors which are arranged in the illumination device, in particular a luminaire, and which can be interrogated by a mobile terminal, for example, operating time or luminous temperature. Likewise, it may also be provided to read out type-specific data from the luminaire, for example an order number or a rated output.

In a preferred embodiment, the mobile terminal is designed to decrypt the message sent by means of a second key. The second key can be identical to the first key, ie the encryption is symmetrical. Alternatively, an asymmetric encryption may be provided, in which the second key is different from the first key and neither of the two keys can be calculated from the other. The use of asymmetric keys offers a higher level of security, the use of symmetric encryption has the advantage of less complexity of key management. An asymmetric encryption is particularly advantageous if the decryption is to take place directly on the mobile terminal.

In an advantageous development, the mobile terminal is configured such that the second key is stored on the mobile terminal as part of the program code of an application program installed for the evaluation and / or the display of the measured value data and / or the identification data. The second key was thus simultaneously installed during the installation of the application program on the mobile terminal. Likewise, it can be provided that the second key is not included in the program code of the application program, but was obtained in the same way as the application program. This provides a particularly simple way of distributing the key.

According to a further advantageous embodiment, it can be provided that the mobile terminal is designed to receive the second key during an intended operation of an application program installed on the mobile terminal for the evaluation and / or display of the measured value data and / or the identification data. As a result, the second key can be provided to the mobile terminal during operation for the first time or in the form of a key exchange (update), resulting in greater flexibility with regard to a temporal and / or local scope of the keys used in each case. Due to the possibility of providing appropriate keys on demand and the possibility of replacing them during operation, this results in a significantly increased level of protection of the lighting system against unauthorized access.

The illumination system is preferably designed to send the second key to the mobile terminal via a mobile radio network. Such may be, for example, the second generation (2G) mobile communications standard, also known as the GSM standard, the third generation (3G) mobile communications standard known as the Universal Mobile Telecommunication Systems (UMTS) or the LTE. known fourth generation (4G) mobile radio standard work.

According to an alternative preferred embodiment, the lighting system is adapted to transmit the second key to the mobile terminal via the transmitting unit. For the embodiments in which the transmitting unit itself does not have a return channel, a request for key provision via the mobile radio network can be made. For example, a web server can be used to integrate the lighting system into the World Wide Web.

In this case, it can be provided that the illumination device is assigned its own locally valid key, and a further key integrated in the illumination system is assigned a different key. It can also be provided that the same key is assigned to all illumination devices within an illumination system, such a uniform key preferably having only a limited validity.

In a further preferred embodiment, the transmitting unit comprises a lighting means of the lighting device, wherein the lighting device is adapted to send the second key by means of a light-based communication via the lighting means to the mobile terminal. Light-based communication can be used both for low-pressure discharge lamps (fluorescent lamps) and in a particularly preferred manner for LED lamps. Via this communication path, a data signal which includes the encrypted message is modulated onto the light emitted by the illumination device. A more detailed explanation of this technique, termed "light-based communication (LCom)", which is however not required for the understanding of the present invention, is disclosed in U.S.P. WO 2015/148696 A1 to find.

In a further preferred embodiment, the transmitting unit is formed by a radio transmitter, wherein the lighting system is adapted to transmit the second key by means of a radio-based communication via the radio transmitter to the mobile terminal. Such a radio transmitter may preferably be a so-called beacon. Beacons are usually based on Bluetooth Low Energy (BLE) and operate unidirectionally in their intended mode of operation by sending a pulsed radio signal with a given signal strength, making this type of radio transmitter ideal for use in position detection. Beacons typically have approximately uniform radiation in all spatial directions. For this reason, very accurate position determinations can be made about it. However, it can also be provided that a radio transmitter used primarily as a beacon also has an at least temporarily active return channel, by means of which, for example, a parameterization in the form of a configuration or calibration is made possible, for example the transmission of a request for providing a key to the illumination device the return channel of the beacon. Such an operating mode can be activated, for example, when a person with the mobile terminal enters a room in which the lighting device is installed and registered by a motion sensor of the lighting device.

Alternatively, the radio transmitter may for example be in the form of a WLAN router (according to the IEEE 802.11 standard , marketed under the brand name "WIFI"). Such devices are basically designed for bidirectional radio operation and have a much greater range than radio beacons. A bidirectionally operating radio transmitter can thus serve in particular to supplement a multiplicity of illumination devices, each with unidirectionally operating transmitting units.

In a further advantageous embodiment, the illumination system has a server unit which is designed to authenticate the mobile terminal within the illumination system and to provide the transmission of the second key for a predefinable time period after the preceding authentication. The key can be transmitted via a secure connection (eg Bluetooth or WLAN / "WIFI"). The authentication of the mobile terminal allows the exclusion of unauthorized access attempts to the lighting system, in particular to the lighting device.

According to an alternative preferred embodiment, the lighting system comprises a server unit, wherein the mobile terminal is adapted to forward the encrypted message from the mobile terminal to the server unit of the lighting system, and wherein the server means is adapted to forward the relayed one Decrypt message using a second key. The encrypted message is thus transmitted to the server unit where it is decrypted and transmitted back to the mobile terminal. This has the advantage that the encryption can be changed arbitrarily and the key does not have to be transferred to many mobile devices, which represents a higher level of security for the system. The local identification data can be used on site for the activation of further services, such as the use of a lighting control. The advantage of this procedure is that the key required for the decryption of the message transmitted by the transmitting unit does not leave the stationarily installed part of the lighting system, that is to say neither the mobile terminal nor any further existing ones incorporated into the lighting system mobile devices must be transferred.

According to an advantageous development, the server unit is designed to send the location-specific measured value data and / or identification data to the mobile terminal.

Alternatively, it can be provided that the decrypted message comprises identification data, which are assigned via a unique assignment function stored in the server position data that are correlated with an installation position of the illumination device, wherein the server unit is adapted to determine the position data of the mounting position and on to send the mobile device. In the case of the server-side decryption with the return of the position information, the encrypted identification data are thus transmitted to the server unit, decrypted there and the conversion of the identification data into the position data also takes place there. Of course, further assignment regulations can be provided via the server unit, which contain additional information data about the illumination device. This position data or information data is then transmitted back to the mobile terminal. Advantage of this embodiment is that on the side of the mobile terminal no relationship between encrypted and unencrypted identification data can be made, since only the encrypted identification data are known to the mobile terminal.

In a further advantageous embodiment, the illumination system has a local signal source, which is arranged in spatial proximity to the illumination device, wherein the mobile terminal is designed to capture a signature of the local signal source and transmit it to the server unit, and wherein the server unit is designed to verify a local presence of the mobile terminal in spatial proximity to the illumination device in an authentication of the mobile terminal. As a result, the security can be further increased by a local authentication takes place. Thus, the further local signal source ensures that the query with the identification data is actually carried out locally, ie locally, and that no readout of the data takes place by third parties, for example by a hacker attack.

In a further advantageous embodiment, the illumination system is designed to transmit the first key from the mobile terminal to the encryption unit. The encryption can be done individually per mobile device. For this purpose, a public key is provided by the mobile terminal, the identification data is then encrypted, so that only the terminal concerned can decrypt this identification data again. In this case, therefore, an asymmetric cryptosystem (public-key cryptosystem) is used.

The invention is further based on a method for data exchange between a lighting device and a mobile terminal, which is developed according to the invention by providing location-specific measured value data and / or identification data of the lighting device, encrypting a message comprising the location-specific measured value data and / or identification data of the lighting device, with a first key by the illumination device and sending the encrypted message to the mobile terminal by the illumination device.

The advantages and features and embodiments described for the illumination system according to the invention apply equally to corresponding methods and vice versa. Consequently, corresponding device features and vice versa can be provided for device features.

The features and feature combinations mentioned above in the description as well as the features and feature combinations mentioned below in the description of the figures and / or in the figures alone can be used not only in the respectively specified combination but also in other combinations or in isolation, without the scope of To leave invention. There are thus also embodiments to be regarded as disclosed by the invention, which are not explicitly shown or explained in the figures, however, emerge and can be generated by separate feature combinations of the described embodiments.

Further advantages and features will become apparent from the following description of embodiments with reference to the accompanying figures. In the figures, like reference numerals designate like features and functions.

Show it:

1 in a simplified schematic representation of a preferred first embodiment of a lighting system according to the invention with a local client-based decryption,

2 in a simplified schematic representation of a preferred second embodiment of an illumination system according to the invention with an asymmetric cryptosystem,

3 in a simplified schematic representation of a preferred third embodiment of an illumination system according to the invention with a server-based decryption,

4 in a simplified schematic representation of the application and transport of the keys for use with the invention,

5 a simplified schematic representation of an exemplary key distribution over a wireless network for the distribution of keys using beacon functionality for use with the invention,

6 a schematic representation of a simplified example of a symmetric encryption of a luminaire identification number and its decryption,

7 a simplified schematic representation of an exemplary composition of an encrypted message,

8th in a simplified schematic representation, the selection of a key for use in the invention,

9 a simplified schematic representation of an exemplary assignment of meaning of the signaling bits for rotation and rotation direction of a key for use with the invention,

10 in a simplified schematic representation, the generation of new keys by bitwise rotation of an existing key for use with the invention, and

11 in a simplified schematic representation of the generation of a new key from two existing keys for use with the invention.

A lighting system 100 according to the invention comprises a lamp 12 for example in the form of a ceiling light. The lamp 12 includes a light bulb 13 , Furthermore, the lighting system comprises 100 a mobile device 14 ,

The lighting system 100 Furthermore, independently of one another and in any desired combination, it can have at least one of the following components: a beacon 16 , a wireless router 18 and a server unit 20 , A beacon 16 which is in direct data connection with the luminaire 12 stands, as well as the light source 13 and an associated operating device (driver) considered as part of the respective lighting device.

The light source 13 can be designed for light-based communication. This is suitable, for example, for navigation in the interior of buildings, so-called indoor navigation. Light-based indoor navigation relies on sending a light ID (LID) using the mobile device 14 can be received and detected. For this purpose, the light ID is modulated into the luminous flux - invisible to the human eye. To the signal with the mobile terminal 14 to detect, a line-of-sight connection between the detector, such as a camera of the mobile terminal 14 , and the bulb 13 exist, which represents the modulated light source. The light ID is from the mobile terminal 14 again filtered out of the light and demodulated.

The invention is based on the further finding that transmitting units, which for local emission of signals, which include location-specific measured value data and / or identification data, often have no return channel, as in the light-based communication via the light source 13 This is the case, whereby encryption based on bidirectional communication can not be used.

The light ID itself can directly contain position information of the light source or else be determined indirectly via a look-up table. For this purpose, an assignment of light ID and position information of the light source takes place in the look-up table. In order to further increase the position accuracy, an optical evaluation can be carried out via an image sensor (camera). For this, the different angles are determined under which the image sensor receives the different light IDs. From three different light IDs can thus determine a clear position in the room via triangulation. The own position of the receiver, for example the camera, in the mobile terminal 14 is in the receiver using Sensors (3D acceleration sensors) determined to detect their own position and compensate for a resulting position-dependent error in the position detection.

In addition to the position information, any further meta-data, for example location-specific measured value data, which are from the luminaire 12 be associated with the light ID. The look-up table can be stored as an integrated part in an application, which on the mobile terminal 14 expires, or on the external server cleanliness 20 be deposited, on which the mobile terminal 14 accesses.

Conversely, the look-up table can also record dynamic information, for example which mobile terminal 14 which position information has queried. Thus, a dynamic motion profile can be recorded (tracking) and saved with a time stamp (tracing). This movement information forms the basis for a variety of location-based services and analyzes.

There are various wireless radio-based systems such as WLAN or Bluetooth that can be used for indoor positioning. Here is the one hand, the position of the transmitter (WLAN access point) in the 1 as an optional wireless router 18 represented or a beacon 16 - In Bluetooth-based radio systems also known as a beacon - known and based on the signal field strength of the received signal (received signal strength, RSSI), the distance between the transmitter and the mobile receiver can be estimated. For a clear position determination at least three different transmission sources are needed (trilateration).

To make matters worse, that the light ID, which may for example be an identification number of a luminaire, always assumes a static value. The same applies to (send) beacons 16 (Beacons), which for the sake of simplicity is described below using the example of a luminaire ID (used synonymously with light ID below) and the associated encryption. If a fixed luminaire ID is encrypted with a fixed encryption key EKey, a fixed code sequence is created again, namely the encrypted message code. This fixed code sequence can also be used as a pseudo ID. Without knowing the actual underlying luminaire ID, a pseudo-ID-based position determination system can be set up.

According to the invention will now be in the lighting system 100 The light ID is not transmitted statically open, but encrypted. A particular challenge is that light does not have a direct return channel for standard lighting. In this respect, classical methods based on the principle of bidirectional communication can not be used. In the 1 various ways are shown, such as a decryption key DKey for decrypting an encrypted message code, which is via the light source 13 is provided by way of a light-based communication, can be obtained.

To prevent unauthorized sharing, alternate encryption keys EKey may be used. Thus, the signal carrying the encrypted message code changes with each new encryption key EKey. If the encryption key EKey is changed weekly, for example, then it is not worthwhile for an unauthorized shared user to repeatedly switch his parasitic application to the new pseudo-IDs. For this purpose, it is possible to provide a series of encryption keys EKey [1... M] in the illumination system 100 to be held, which are then used according to a predetermined pattern. The respective active encryption key EKey [n] and the pattern are then to be synchronized on the send and receive sides.

When using symmetric cryptography methods, the first key, that is to say the encryption key EKey, and the second key, that is to say the decryption key DKey, are identical.

Hereinafter, a dependency of the encryption key EKey on the location will be indicated by Ekey [loc], a dependence of the encryption key EKey on time by Ekey [temp], and a dependency on both time and location EKey [temp, loc]. For example, EKey [n, loc] identifies an encryption key currently activated and used for the encryption operation of the respective local illumination devices, which jointly use the same key, ie in the extreme case of a single illumination device, if all illumination devices within the illumination system use their own keys. In the latter case, loc represents a running index from 1 to the number of individual lighting devices in the lighting system.

An encryption key EKey [n-1, loc] designates a key which was active before the encryption key EKey [n, loc] and has been replaced by the latter. Similarly, EKey [n + 1, loc] describes an encryption key that is not yet activated, but to do so is determined to take the place of the current encryption key EKey [n, loc].

The same applies mutatis mutandis to decryption key DKey, which - unless identical anyway when using a symmetric encryption - to match the respective encryption key EKey match.

For a client-side decryption, ie a decryption on the mobile device 14 , requires the mobile device 14 the decryption key DKey to decrypt the encrypted message code. The decryption key DKey can already be part of the application for this purpose, which is executed on the mobile terminal, for example as a smartphone app.

Alternatively, the decryption key DKey may be the mobile terminal 14 or the application running on it during operation. The provision of the decryption key DKey can i.) Via an external server unit 20 optionally with a locally valid decryption key DKey [loc], for each luminaire 12 is individually assigned, or a global decryption key DKey, which lights for all 12 within the lighting system 100 equal, but if necessary only valid for a limited time. According to ii.), The decryption key DKey may be above the luminaire 12 self-provided. Additionally or alternatively, according to iii.) The decryption key DKey can be made available via a local information source, for example via the beacon 16 or via the wireless router 18 ,

Preferably, it may be provided that a key that is made available locally is only locally valid. The decryption key DKey is provided only after prior authentication of the mobile terminal 14 and limited in time. The decryption key DKey is transmitted via secure connections, such as Bluetooth or WLAN.

The encryption can also be as shown in 2 individually per mobile device 14 respectively. For this purpose, the mobile terminal generates 14 a key pair consisting of a public key PuKey and a private key PrKey, wherein in a first step the public key PuKey to the light 12 is transmitted. The public key PuKey can, for example, via the beacon 16 , the wireless router 18 or the server unit 20 to the light 12 be transmitted. From the light 12 the identification data ID are encrypted and by means of the light bulb 13 sent, so only the mobile device 14 which has the associated private key PrKey, can decrypt this identification data ID again.

A data connection between the server unit 20 and the light 12 is as shown in the 2 via a light management system or building management system 21 given.

A server-side decryption and retransmission to the mobile terminal 14 is in the 3 shown. The encrypted message code becomes the server unit 20 transferred and decrypted there. From there, the identification data ID obtained from the encrypted message code is returned to the mobile terminal 14 transfer. This has the advantage that the encryption can be changed as desired and the decryption key DKey can not be changed to many local terminals 14 or other comparable clients, which is a safer system. The identification data ID can be used on site for the activation of other services such as a lighting control.

To further increase security, a "local authentication" can take place. Here can be ensured by further local signals and sources of information that the requests to the server unit 20 actually takes place locally with the local identification data ID and no reading of the data by third parties, for example by automated queries. A local authentication LocAuth can be done, for example, by using the beacon 16 or the wireless router 18 a location verification VerLoc at the server unit 20 is made.

In a server-side decryption of the encrypted message code can also directly position information Pos to the mobile terminal 14 be sent back. The encrypted message code is for this purpose on the server unit 20 transferred and decrypted there by means of the decryption key DKey. Furthermore, there is also the implementation of the identification data ID in the position information Pos, wherein the position information Pos for any other data, which can be uniquely assigned to the identification data ID, represent. Thus, the position data Pos representative of any further of the lamp 12 attributable data are considered. The position data Pos (or more of the lamp 12 assignable data) are then returned to the mobile terminal 14 transfer. Advantage of this design is that on the side of the mobile terminal 14 no correlation between the encrypted message code and the unencrypted identification data ID can be produced, since only the encrypted message code the mobile terminal 14 is known.

The transmission of an encryption key EKey into a luminaire 12 is in the 4 shown. The transmission of the encryption key EKey can, for example, in the production of the respective lamp 12 Static. The storage of one or more local encryption keys EKey in a luminaire 12 or in a driver 11 (Operating device) of a luminaire 12 Can already be done during production. In particular, the transmission of the local encryption key EKey can take place together with the programming of a luminaire ID in the form of the identification data ID. Based on the identification data ID can be used during commissioning and localization of a luminaire 12 at a certain position, the key assignment also takes place.

During the operation of a light 12 in a lighting system 100 the transmission of an encryption key EKey can also take place dynamically. During operation, new encryption key EKey in the driver 11 the light 12 import. The recording can take place manually via a wired or wireless interface.

For this purpose, an already existing network for light control is particularly suitable, since this usually only small data is necessary and it is a non-public network. This lighting control network is via a building or light management system 21 accessible with appropriate authorization. For example, the server unit 20 as a key server to the building relationship way of light management system 21 access.

Also radio-based transmitting and receiving units, with the driver 11 are connected, for example, the beacon 16 , which is expediently designed for bi-directional radio transmissions in this case, can be used for importing the encryption key EKey. Here are beacons or beacons that come with the lights driver 11 are connected. These can also be used as receivers for data and thus also as a data path for the key distribution. The transceiver units in the form of bidirectional beacons 16 can establish a wireless network with each other, so that only one access point of this wireless network has a gateway 22 is provided, on which the encryption key EKey can be recorded.

In the 5 are several lights 12 as well as several beacons 16 shown forming a wireless communication network. Such a network is referred to as mesh mesh. To access this wireless communication network is the gateway 22 intended. The distribution of decryption key DKey to the different lights 12 This takes place in accordance with the meshing of the network in each case by a beacon 16 to a following in the mesh network beacon 16 ,

The encryption keys EKey may be from a server unit 20 to the local gateway 22 be transferred or via the mobile device 14 to the gateway 22 be transmitted.

Likewise, it can also be provided, the encryption key EKey in a transceiver unit, for example, in a bidirectionally operable beacon 16 , transferred to. Such transceiver units can also send out static identification data ID that are not protected. In order to protect the identification data ID also with these transceiver units, the same method of key distribution can be used. Only this is the decryption key DKey not to the light 12 passed on, but directly from the transceiver units (beacon 16 ) used.

If not a central, for all lights 12 and / or transmit-receive units of uniform valid encryption key EKey is to be used, but for each light 12 / De send unit individual encryption key EKey to be distributed, can be provided for addressing the decryption key DKey in the distribution, the keys individually assign, as in the 2 shown. It is important to use the correct encryption key EKey of the intended luminaire 12 or the transceiver units (which, incidentally, are considered to be part of the lighting device with which they are in direct communication connection). This can be done via a routing table, where all lights 12 or transmit-receive units are mapped locally. In this routing table, the possible communication paths are shown, via which an encryption key EKey can be brought into the correct position. The synchronization of the key selection and sequence can be achieved by a temporal synchronization, which requires a uniform time base on both sides, which has the disadvantage that both components (transmitter and receiver) need a synchronous clock, which means a considerable effort.

The synchronization of the keys can advantageously take place via the data stream of the encrypted message code itself. For this purpose, in addition to the actual encrypted identification data ID, further signaling bits x are used in a signaling bit sequence KeySig of the encrypted message code, as in US Pat 6 shown. Via these signaling bits x, the receiver can be informed which of the respective decryption key DKey [1... M] must be used for decryption.

As shown in the 6 For example, a luminaire ID having the binary value 1010101 may be coded by an encryption key EKey having the binary value 1110000 by means of an XOR operation to the binary value 0100101. The coded value is also attached to a signaling bit sequence KeySig consisting of three signaling bits x, by means of which the receiver can recognize which key he must use to decrypt the message code. In the illustrated example, it is a form of symmetric encryption in which the encryption key EKey is equal to the decryption key DKey. The bitwise application of an XOR operator to the message code and the decryption key DKey again results in the original luminaire ID L-ID.

7 shows by way of example which information can be provided by means of a signaling bit sequence KeySig to a recipient of the encrypted message code. For example, the bit sequence can signal that an encryption is active (EncryptionActive) to reference a key underlying the current encryption from a pool of available keys (KeySelection), as well as a possible shift of the respective output key by a bitwise rotation in a predeterminable number Display bits with predefinable direction (Shift & Direction).

8th shows the possibility of selecting the key from a pool of predefined keys Key_000, Key_001, Key_010, Key_011 ... Key_111 as a function of the signaling bit sequence KeySig. With a number N = 3 of the signaling bits x, this results in 2 ^N = 8 possible keys.

Furthermore, the generation of a unique encryption key EKey in each case in the local light 12 , especially in their drivers 11 , or in the respective local transceiver unit, representative in the 5 represented by the beacons 16 , respectively. The encryption keys EKey [loc] are generated locally and these individually generated local encryption keys EKey [loc] to the server unit 20 For administration, there is a much lower complexity, since there is only one receiver and therefore no routing table has to be created and maintained. Every light 12 For this purpose, it sends out its own individually generated encryption key EKey [loc] together with the respectively fixed identification data ID, that of the luminaire 12 have been assigned. Instead of the identification data ID can also be the exact local position of the luminaire 12 where this key is used. So will on the server unit 20 a table is constructed showing the local keys and the individual identification data ID or the position of the luminaire 12 / the beacon 16 (Transceiver unit) contains.

To the lighting system 100 Even better, key generation can be done by the server unit 20 to be triggered. This will be a signal to all beacons 16 /To shine 12 / Send-receive units sent as in the 5 shown. Ideally, this process is performed in times where the lighting system 100 is not in use or no or only a small amount of data prevails, for example, at night. Thus, changes on the side of the server unit 20 only once the encryption key EKey [temp] while the lights 12 or the beacons 16 then locally generate an independent encryption key EKey [temp, loc] from each of them.

To distribute the amount of data resulting from the feedback of the new encryption key EKey, an individual time offset can be defined. Not to every unit, that is, the components meshed in the mesh mesh in the form of the lamp 12 , Beacons 16 and other transceiver units such as wireless routers 18 , each having its own key generator, an individual time offset between the new key generation signal and the sending of the new encryption key EKey to the server unit 20 Having to tell, which means a considerable addressing and communication effort, this time offset can be programmed in the production of the respective devices.

Alternatively or additionally, a firmly stored individual identification number or manufacturer number can be used as offset / time offset. Thus, not all subscribers at the same time change the encryption key EKey on the network, but instead switch it off in a time-delayed manner and then transmit it. The generation and activation of the key can thus be made separately.

The number N of signaling bits x determines the number of possible keys m = 2 ^N. At N = 8 we get a choice of m = 256 different keys, or at N = 3 like in the 8th In order to further increase the number of keys but not to increase the number of signaling bits x further or to further reduce the address space for the actual identification data ID, it is also possible to use entire groups of keys which are assigned via the Signaling bits x are addressed. Using 256 groups of 100 keys each produces 25,600 different keys. At a transmission rate of 100 milliseconds per encrypted identification data ID, a key would repeat itself every 2,560 seconds or after about 42 minutes, so that reading out would take a correspondingly long time.

To the protection of the lighting system 100 To further increase, instead of a centralized request for key generation, a local individual randomized key generation can also take place. This random control can be triggered by internal counters that start with random values. The timebase can be chosen so that key generation can occur within hours, days or weeks. Once a new local encryption key EKey [n + 1, loc] is generated, it will be sent to the server unit 20 transmitted.

As long as the server unit 20 has not yet received and assigned the new individual encryption key EKey [n, loc], it is advantageous if the old encryption key EKey [n-1, loc] is temporarily retained, so that the service is ensured without interruption. On the server unit 20 are old and new encryption key EKey [n - 1, loc], EKey [n, loc] known and thus, for example, both an old and a new query of the identification data ID answer.

For detection and localization of unauthorized service requests or position queries may be on the server unit 20 the "old" encryption keys EKey [n-1, loc], EKey [n-2, loc], EKey [n-2, loc], etc. are further stored so that a key history is created. If an interrogation of identification data ID is now carried out, which has been encrypted with an outdated encryption key EKey [n-2, loc], this is an indication that this is an unauthenticated access. In this way, further measures can be derived, for example, a targeted deactivation of a possibly outdated app on the mobile device 14 which does not yet support encryption, or offering a new app version. Likewise, a localization of the mobile terminal 14 be made, which performs the unauthenticated accesses.

Alternatively or additionally, the signaling bits x can be distributed locally via a further channel, for example via one with the respective driver 11 a lamp 12 connected beacon 16 (Beacon) or over a mobile channel between the server unit 20 or the mobile terminal 14 and the light 12 ,

The effort on such a lighting system 100 without the knowledge of the decryption key DKey, can be further increased if the validity of decryption keys DKey are set to a local dependency, that is, a particular set of decryption keys DKey [loc] only for parts of the lighting system 100 is valid within a certain room. So can over a beacon 16 (Beacon) a rough localization done. From this it can be deduced which decryption key DKey [loc] is valid in this area.

In order to restrict access to a static luminaire ID by means of static encryption key EKey, in particular in the case of symmetrical encryption, in addition to increasing the number N, the key and rotation of these keys can also be the key itself, as in FIG 9 rotate shown. The length of the key and the number and type of key shifts determine the additional encryption space. Assuming that the length of the identification data ID is 10 bits and the length of the key is also 10 bits, the key repeats after ten steps in a shift register. For the above example, this means that each of the 100 Key can be used ten times before repeating itself. This increases the time it takes to repeat a key to 420 minutes.

By extending the key length from 10 bits to 1024 bits, the linearity also increases linearly to 1,224 times (1,024 · 420 minutes = 7,168 hours = approximately 300 days).

From existing keys new keys can be created by combination. If a key Key_1 is linked to another key Key_2 via a calculation rule, for example an XOR link, a new key Key_12 is created as in the 11 shown. at 100 Thus, 4,950 new keys can be generated (N · (N - 1) / 2) with N = number of keys). In this further developed example, this would take a period of time to repeat same message code, which includes the encrypted identification data ID, extend to about 50 times, so to 15,000 days or 41 years.

These methods for encoding a luminaire ID as identification data ID can also be extended to data that could also be transmitted via light and can be transmitted securely using this method.

9 shows possible operations that can be applied to an existing key. For example, the left-hand bit may indicate that a key is to be left-shifted (key shift left, KSL) and / or the right-hand bit in the signaling string, KeySig, may indicate that the key is to be shifted to the right (KSR). , In fact, at the bit level with shift, the rotation of the bits in a shift register is meant, in which a bit pushed out of the shift register is pushed back on the opposite side. The middle bit may be used to indicate that a predefined Calc algorithm is to be executed to change the key or parameters for applying a calculation rule.

10 shows how, starting from an output key Key0, a first key Key1, a second key Key2, a third key Key3, a fourth key Key4 and so forth are generated by bitwise rotation of the key. The application of the first key Key1 to the identification data ID thus results in a first message Code_1, an application of the second key Key2 to the identification data ID accordingly yields a second message Code_2 and accordingly.

11 finally shows how the new key Key_12 can be generated from the key Key_1 and the key Key_2 by bitwise application of an XOR operator.

The embodiments are only illustrative of the invention and are not limiting for these. In particular, concrete embodiments of the cryptographic operations can be designed arbitrarily, without departing from the spirit of the invention.

Thus, it has been shown above how encryption of localized information can be configured.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• WO 2015/148696 A1 [0002, 0020]
• EP 1263150 B1 [0003]

Cited non-patent literature

• IEEE 802.11 standard [0022]

Claims (15)

Lighting system ( 100 ) comprising: - a mobile terminal ( 14 ), - a lighting device ( 12 ), which are used for data exchange with the mobile terminal ( 14 ), characterized in that the illumination device ( 12 ) comprises: - a data storage unit ( 11 ), which is adapted to location-specific measured value data and / or identification data of the lighting device ( 12 ), an encryption unit for encrypting the location-specific measured value data and / or identification data (ID) of the illumination device ( 12 ) in a message (code) with a first key (EKey), and - a transmitting unit ( 13 . 16 ) for sending the encrypted message (code) to the mobile terminal ( 14 ), the mobile terminal ( 14 ) is adapted to receive the transmitted message (code). Lighting system ( 100 ) according to claim 1, characterized in that the mobile terminal ( 14 ) is adapted to decrypt the transmitted message (code) by means of a second key (DKey). Lighting system ( 100 ) according to claim 2, characterized in that the mobile terminal ( 14 ) is configured such that the second key (DKey) is stored as part of the program code of an application program for the evaluation and / or the display of the measured value data and / or the identification data on the mobile terminal ( 14 ) is stored. Lighting system ( 100 ) according to claim 2 or 3, characterized in that the mobile terminal ( 14 ) is adapted to the second key (DKey) during normal operation of a for the evaluation and / or the display of the measured value data and / or the identification data (ID) on the mobile terminal ( 14 ) received application program. Lighting system ( 100 ) according to claim 4, characterized in that the lighting system ( 100 ) is adapted to the second key (DKey) to the mobile terminal ( 14 ) via a mobile network. Lighting system ( 100 ) according to claim 4, characterized in that the lighting system ( 100 ) is adapted to the second key (DKey) to the mobile terminal ( 14 ) via the transmitting unit ( 13 . 16 ) to send. Lighting system ( 100 ) according to claim 6, characterized in that the transmitting unit ( 13 . 16 ) a light source ( 13 ) of the lighting device ( 12 ), wherein the illumination device ( 12 ) is adapted, the second key (DKey) by means of a light-based communication via the light source to the mobile terminal ( 14 ) to send. Lighting system ( 100 ) according to claim 6, characterized in that the transmitting unit ( 13 . 16 ) by a radio transmitter ( 16 . 18 ), the lighting system ( 100 ) is adapted to the second key by means of a radio-based communication via the radio transmitter to the mobile terminal ( 14 ) to send. Lighting system ( 100 ) according to one of the preceding claims 5 to 8, characterized in that the illumination system ( 100 ) a server unit ( 20 ), which is adapted to the mobile terminal ( 14 ) within the lighting system, and to provide the transmission of the second key (DKey) for a predetermined period of time after the previous authentication. Lighting system ( 100 ) according to claim 1, characterized in that the lighting system ( 100 ) a server unit ( 20 ), wherein the mobile terminal ( 14 ) is adapted to the encrypted message (code) from the mobile terminal ( 14 ) to the server unit ( 20 ) of the lighting system, and wherein the server unit ( 20 ) is adapted to decrypt the forwarded message (code) by means of a second key (DKey). Lighting system ( 100 ) according to claim 10, characterized in that the server unit ( 20 ) is adapted, the location-specific measured value data and / or identification data (ID) to the mobile terminal ( 14 ) to send. Lighting system ( 100 ) according to claim 10, characterized in that the decrypted message comprises identification data (ID) which is stored in the server unit ( 20 Assigned unique assignment function position data (Pos) are associated with an installation position of the lighting device ( 12 ) are correlated, the server unit ( 20 ) is designed to determine the position data (Pos) of the installation position and to the mobile terminal ( 14 ) to send. Lighting system ( 100 ) according to one of claims 9 to 12, characterized in that the illumination system ( 100 ) a local signal source ( 18 ), which in close proximity to the lighting device ( 12 ), wherein the mobile terminal ( 14 ) is adapted to a signature of the local signal source ( 18 ) and to the server unit ( 20 ), and wherein the server unit ( 20 ) is adapted to provide a local presence of the mobile terminal ( 14 ) in spatial proximity to the illumination device ( 12 ) in an authentication of the mobile terminal ( 14 ) to verify. Lighting system ( 100 ) according to claim 1 or 2, characterized in that the lighting system ( 100 ) is adapted to the first key (EKey) from the mobile terminal ( 14 ) to the encryption unit. Method for data exchange between a lighting device ( 12 ) and a mobile terminal ( 14 ), characterized by: - providing location-specific measured value data and / or identification data (ID) of the illumination device ( 12 ), - encrypting the location-specific measured value data and / or identification data of the illumination device ( 12 ) in a message (code) with a first key (EKey) through the illumination device ( 12 ), - sending the encrypted message (code) to the mobile terminal ( 14 ) by the illumination device ( 12 ), and - Receiving the sent message (code) by the mobile terminal ( 14 ).

Images