EP3195552A1 - Device and method for administering a network - Google Patents

Device and method for administering a network

Info

Publication number
EP3195552A1
EP3195552A1 EP15728429.0A EP15728429A EP3195552A1 EP 3195552 A1 EP3195552 A1 EP 3195552A1 EP 15728429 A EP15728429 A EP 15728429A EP 3195552 A1 EP3195552 A1 EP 3195552A1
Authority
EP
European Patent Office
Prior art keywords
information
entities
example
network
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP15728429.0A
Other languages
German (de)
French (fr)
Inventor
Gerd ASCHEID
Ramin Lavae Mokhtari
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ice Gateway GmbH
Original Assignee
ICE GATEWAY GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to DE102014113336.6A priority Critical patent/DE102014113336A1/en
Application filed by ICE GATEWAY GmbH filed Critical ICE GATEWAY GmbH
Priority to PCT/EP2015/061131 priority patent/WO2016041646A1/en
Publication of EP3195552A1 publication Critical patent/EP3195552A1/en
Application status is Pending legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/12Network-specific arrangements or communication protocols supporting networked applications adapted for proprietary or special purpose networking environments, e.g. medical networks, sensor networks, networks in a car or remote metering networks
    • H04L67/125Network-specific arrangements or communication protocols supporting networked applications adapted for proprietary or special purpose networking environments, e.g. medical networks, sensor networks, networks in a car or remote metering networks involving the control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/28Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network

Abstract

Inter alia, a method is disclosed comprising: receiving (300, 400) a first information item, wherein the first information item originates from one or more entities (11, 12) of an internal network (13), – making available (301) the first information item and/or an information item based on the first information item, at least partially as a function of an assignment of an information type of the first information item and/or the information item based on the first information item to a first group of entities (31, 33) of an external network (34) in such a way that the first information item and/or the information item based on the first information can be obtained only by the entities of the first group of entities (31, 33) of the external network (34).

Description

 Device and method for managing a network

 Field of the invention

 The present invention relates inter alia to an apparatus and method for managing a network (e.g., a closed network). For example, the present invention relates to an apparatus and method for providing an interface between an internal network and an external network. For example, the present invention relates to an apparatus and method for managing and / or controlling the entities of the first group of entities of the internal network. For example, the present invention relates, inter alia, to an apparatus and method for a wireless infrastructure and / or a wired infrastructure (e.g., optical fiber) in the outdoor area (e.g., for light, sensors, appliances, APPs, traffic, and other web applications).

Background of the invention

Modern cities are growing very fast and for the first time more than 5 billion people live in cities. Therefore, the demand for infrastructure measures is growing rapidly and the competition between cities is increasing. In the prior art, as infrastructure measures, for example, systems for detecting information in the outdoor area are known, which include one or more devices with one or more means for detecting information in the outdoor area. Furthermore, in the prior art, for example, lighting systems are known which comprise one or more remotely controllable devices for controlling a light source. However, a disadvantage of these known systems is the communication with and between the respective devices of the systems. Because this communication takes place via public networks such as the Internet, so that the communication is particularly susceptible to attacks (eg, the interception, manipulation and / or blocking) by unauthorized third parties. Summary of some exemplary embodiments of the present invention

 An object of the present invention is therefore to overcome the above-mentioned disadvantages.

This object is achieved by the subject matter of the main claim and the independent claims. Advantageous exemplary embodiments of the invention can be found in the dependent claims. According to a first aspect of the invention, a method is disclosed which comprises:

 Receiving first information, wherein the first information originates from one or more entities of an internal network,

 Providing the first information and / or information based on the first information at least in part depending on an assignment of an information type of the first information and / or the information based on the first information to a first group of entities of an external network such that the first information and / or the information based on the first information is obtainable only by the entities of the first group of entities of the external network.

For example, the method according to the first aspect of the invention is a method for providing an interface between the internal network and the external network. For example, the method according to the first aspect of the invention is further a method of selectively providing information (eg, payload information). For example, the method according to the first aspect of the invention is a method for outdoor wireless infrastructure (eg, for lights, sensors, appliances, APPs, and other web applications). - -

For example, the steps of the method according to the first aspect of the invention are performed and / or controlled by a server (e.g., the first server disclosed below). According to the first aspect of the invention, there is further disclosed a first server comprising one or more means for at least partially performing and / or controlling the method according to the first aspect of the invention or respective means for at least partially performing and / or controlling the steps of Method according to the first aspect of the invention.

For example, the first server is a server for providing an interface between the internal network and the external network. For example, the first server is also a server for selectively providing information (e.g., payload information). For example, the first server is a wireless outdoor infrastructure server (e.g., for lights, sensors, devices, APPs, and other web applications).

In the present case, a server is to be understood as a hardware (for example a server device). For example, a server device includes means arranged to cause the provision of one or more services to other programs and / or devices. For example, a server device comprises at least one processor and at least one memory containing one or more server programs with program instructions, wherein the memory and the program instructions are arranged to cause the server device, together with the at least one processor, to switch to other programs and / or devices to provide multiple services.

For example, the first server is a server device. For example, the first server is a first server device comprising means configured to execute and / or control the method according to the first aspect of the invention and / or the steps of the method according to the first aspect of the invention. For example, The first server is a first server device comprising at least one processor and at least one memory containing one or more server programs with program instructions, wherein the memory and the program instructions are set up to cause the first server device together with the at least one processor. to execute and / or to control the method according to the first aspect of the invention and / or the steps of the method according to the first aspect of the invention. For example, the first server is a first server device comprising at least one processor and at least one memory including one or more server programs with program instructions, wherein the memory and the program instructions are arranged to cause the first server device together with the at least one processor to perform the at least partially execute and / or control the following steps:

 Receiving first information, wherein the first information originates from one or more entities of an internal network,

Providing the first information and / or information based on the first information at least partially in dependence on an assignment of an information type of the first information and / or the information based on the first information to a first group of entities of an external network such that the first Information and / or based on the first information information only by the entities of the first

Group of entities of the external network is available.

In the present case, a processor should be understood as meaning, for example, control units, microprocessors, microcontrol units such as microcontrollers, digital signal processors (DSP), application-specific integrated circuits (ASICs) or field programmable gate arrays (FPGAs). The memory containing the program instructions may for example be part of the processor, for example a (non-volatile or volatile) program memory and / or main memory of the processor or a part thereof. For example, the first server is a first server device further comprising one or more communication means, the communication means being arranged to send and / or receive information. An example of a communication means is a network interface, the network interface being configured to send and / or receive information over one or more network connections. A network interface comprises, for example, a network card, an antenna, a network module, a network switch and / or a modem. According to the first aspect of the invention, there is further disclosed a first server program comprising program instructions which cause a device (eg the first server device) to at least partially execute the method and / or the steps of the method according to the first aspect of the invention first server program is executed by one or more processors of the device.

The first server program may, for example, be distributed over a network (e.g., the internal network and / or the external network). The first server program may be at least partially software and / or firmware of a processor. It may equally be at least partially implemented as hardware. For example, the first server program may be stored on a computer-readable storage medium, e.g. a touchable, magnetic, electrical, electromagnetic, optical and / or other type of storage medium. The storage medium may be, for example, part of the processor of the first server (for example the first server device), for example a (non-volatile or volatile) program memory and / or main memory of the processor or a part thereof.

According to a second aspect of the invention, a method is disclosed which comprises: Initiating and / or controlling a functional recovery and / or a functional update of one or more entities of a first group of entities of the internal network. For example, the method according to the second aspect of the invention is a method for managing and / or controlling the entities of the first group of entities of the internal network. For example, the method according to the first aspect of the invention is a method for outdoor wireless infrastructure (eg, for lights, sensors, appliances, APPs, and other web applications).

For example, the steps of the method according to the second aspect of the invention are performed and / or controlled by a server (e.g., the second server disclosed below). According to the second aspect of the invention, there is further disclosed a second server comprising one or more means for at least partially performing and / or controlling the method according to the second aspect of the invention or respective means for at least partially performing and / or controlling the steps of Method according to the second aspect of the invention.

For example, the second server is a server for managing and / or controlling the entities of the first group of entities of the internal network. For example, the second server is a server for outdoor wireless infrastructure (e.g., for lights, sensors, devices, APPs, and other web applications).

For example, the second server is a second server device. For example, the second server is a second server device comprising means arranged to execute and / or control the method according to the second aspect of the invention and / or the steps of the method according to the second aspect of the invention second server comprises a second server device comprising at least one processor and at least one memory having one or more server Programs with program instructions, wherein the memory and the program instructions are arranged to cause the second server device together with the at least one processor to carry out the method according to the second aspect of the invention and / or the steps of the method according to the second aspect of the invention and / or to control. For example, the second server is a second server device comprising at least one processor and at least one memory including one or more server programs with program instructions, wherein the memory and the program instructions are arranged to cause the second server device to communicate with the at least one processor at least partially execute and / or control the following steps:

 Initiating and / or controlling a functional recovery and / or a functional update of one or more entities of a first group of entities of the internal network.

For example, the second server is a second server device further comprising one or more communication means, the communication means being arranged to send and / or receive information. An example of a communication means is a network interface, the network interface being arranged to send and / or receive information via one or more network connections.

According to the second aspect of the invention, there is further disclosed a second server program comprising program instructions for causing a device (eg the second server device) to at least partially execute the method and / or the steps of the method according to the second aspect of the invention second server program is executed by one or more processors of the device. The second server program can, for example, be distributed over a network (eg the internal network and / or the external network). The second server profile The program may be at least partially software and / or firmware of a processor. It may equally be at least partially implemented as hardware. The second server program can for example be stored on a computer-readable storage medium, for example a touchable, magnetic, electrical, electromagnetic, optical and / or other type of storage medium. The storage medium may for example be part of the processor of the second server device, for example a (non-volatile or volatile) program memory and / or main memory of the processor or a part thereof. According to a third aspect of the invention, a method is disclosed which the

Steps of the method according to the first aspect of the invention and the steps of the method according to the second aspect of the invention.

For example, the method according to the third aspect of the invention is a method of providing an interface between the internal network and the external network and managing and / or controlling the entities of the first group of entities of the internal network. For example, the method according to the third aspect of the invention is a method for outdoor wireless infrastructure (e.g., for light, sensors, devices, APPs, and other web applications).

For example, the steps of the method according to the third aspect of the invention are performed and / or controlled by one or more servers (eg, the first server and the second server). According to the third aspect of the invention, there is further disclosed a system comprising one or more servers, wherein the servers each comprise one or more means arranged, the method according to the third aspect of the invention and / or the steps of the method according to to execute and / or control the third aspect of the invention together. For example, the system according to the third aspect of the invention includes the first and second servers.

For example, it is conceivable that the first server and the second server are the same server. For example, the first server device described above and the second server device described above are the same server device (eg, a single server device) comprising means arranged, the method according to the first and second aspects of the invention, and / or the steps of the method according to the first and the second second aspect of the invention and / or to control. In this case, the system according to the third aspect of the invention comprises at least this server or server device (e.g., this one server device).

However, it is also conceivable that the first server and the second server are at least partially different. For example, the first server device and the second server device are at least partially different. In this case, the system according to the third aspect of the invention comprises at least the first server and the second server at least partially different from the first server (e.g., the first server device and the second server device at least partially different from the first server device).

According to the third aspect of the invention, there is further disclosed a computer program comprising program instructions which cause a device for at least partially executing the method and / or the steps of the method according to the third aspect of the invention, if the computer program of one or more processors of the Device is running

The computer program according to the third aspect of the invention can be distributable, for example, via a network (eg the internal network and / or the external network). The computer program according to the third aspect of the invention may be at least partially software and / or firmware of a processor. It can equally at least partially implemented as hardware. The computer program according to the third aspect of the invention can be stored, for example, on a computer-readable storage medium, for example a touchable, magnetic, electrical, electromagnetic, optical and / or other type of storage medium. The storage medium may for example be part of a processor, for example a (non-volatile or volatile) program memory and / or main memory of the processor or a part thereof.

The following describes the characteristics of the methods, the server, the system, the server programs and the computer program according to the invention in accordance with the various aspects of the invention - in part by way of example. Unless expressly described, the following disclosure is therefore intended to be equally applicable to the various aspects of the invention. By receiving information in the present case, it should be understood, for example, that the information is received at a device. For example, information may be received at a device over a network connection. For example, the first information is received at one of the first server and / or the first server device. For example, the first information is received via one or more network connections of the internal network. For example, the first information is received from an entity of the internal network. For example, the first server device comprises one or more communication means, the communication means being arranged to receive the first information (e.g., to receive from one entity of the internal network via one or more network connections of the internal network).

For example, the first information is received from the second server and / or the second server device. For example, the second server is arranged to receive the first information from an entity of the internal network and send to the first server. For example, the second server is set up to receive the first information from an entity of the internal network entity and to send it to the first server unsolicited (eg in the form of a push transmission). This is advantageous, for example, to ensure that the sending of the first information to the second server is under the control of the entities of the internal network and can not be controlled by (unauthorized) entities of the external network.

In the present case, information should be understood to mean, for example, information that can be processed by a processor, such as data. For example, information may be contained in one or more data containers, such as one or more data packets and / or one or more files. For example, data may include digital information and / or analog information. Information and / or data may be transmitted (i.e., transmitted and / or received) by, for example, current signals, voltage signals, optical signals and / or radio signals.

For example, the first information is contained in one or more data packets received at the first server and / or at the first server device. For example, the first information is contained in one or more files received by the first server and / or the first server device.

In the present case, for example, information should be understood to originate from an entity if the information has been at least partially generated and / or captured by the entity and / or means of the entity.

For example, the first information has been at least partially generated and / or acquired by one or more entities of the internal network and / or means of the entities of the internal network. For example, the first information is the result of preprocessing performed by one or more entities of the internal network and / or means of the entities of the internal network (eg pre-processing, encrypytion, authentification, etc.). For example, pre-processing serves to ensure optimal and / or secure transmission.

In the present case, for example, information should be understood as being based on another information if the information comprises the other information, for example at least partially, and / or the information is at least partially the result of a summary and / or processing of the other information. For example, the information based on the first information is at least partially the result of processing and / or summarizing the first information.

An information type of information is, for example, at least partially dependent on the place of creation and / or the location of the detection and / or the purpose of the information. Examples of information types are control information, environmental information (e.g., traffic information, weather information, and / or brightness information), and / or state information. For example, control information such as a control instruction and / or a control parameter is used, at least in part, to control an entity (e.g., a device). For example, environmental information is used, at least in part, to inform one or more detectable characteristics of the environment at one or more locations (e.g., about traffic, weather, and / or brightness). State information, for example, is for informing about the state of an entity (e.g., a device).

The first information is for example environmental information (eg traffic information, weather information and / or brightness information) and / or state information. - -

For example, a data container such as a data packet and / or a file containing at least a portion of information may include an indication of the information type of the information. For example, if the first information is included in one or more data packets, the data packets may further include an indication of the information type of the first information. For example, if the first information is contained in one or more files, the files may further include an indication of the information type of the first information (e.g., a corresponding file name extension). For example, it is also conceivable that the first information contains an indication of the information type of the first information.

In the present case, for example, information should be understood as being obtainable by an entity if the information can be obtained at the entity. For example, information is available to an entity if the information is receivable, readable, detectable, retrievable, and / or decryptable by the entity. If information is sent to an entity that is set up to receive the information, the information is receivable, for example, available to the entity. When information is encrypted sent to an entity that is set up to receive and decrypt the information, the information is receivable and decryptable, for example, at the entity. When information is sent in response to a retrieval of the information to an entity configured to receive the information, the information is retrievable and receivable, for example, by the entity, that is, available at the entity.

By providing the first information and / or the information based on the first information such that the first information is obtainable only by the entities of the first group of entities of the external network, it should be understood that the first Information receivable only by the entities of the first group of entities of the external network, read bar, detectable, retrievable and / or decryptable. For example, the first information and / or information based on the first information is provided by the first server such that the first information is receivable, readable, detectable, retrievable, and / or only by the entities of the first group of entities of the external network. or decryptable. For example, the first information and / or the information based on the first information is sent only to the entities of the first group of entities (eg sent only encrypted to the entities of the first group of entities). For example, a group of entities of the external network includes one or more entities of the external network. For example, a group of entities of the internal network includes one or more entities of the internal network. For example, only the entities of a group of entities of the external network are authorized to obtain information from the information type associated with the group of entities of the external network. For example, a group of entities of the external network includes all entities of the external network with the authority to obtain information of a particular type of information. For example, these permissions specify rules for providing information about each type of information. For example, in a memory of the first server device, authorization information about the permissions of one or more groups of entities of the external network may be stored. For example, only the entities of the first group are entities of the external one

Network is entitled to receive information from the information type of the first information and / or the information based on the first information.

By providing the first information and / or the information based on the first information at least partially as a function of an assignment of an information type of the first information and / or on the first information , , tion based on a first group of entities of the external network such that the first information and / or based on the first information information is available only through the (legitimate) entities of the first group of entities of the external network, according to the first Aspect of the invention, for example, be ensured that the first information and / or based on the first information information only by the entities of the information type of the first information and / or based on the first information information associated first group of entities of the external network and not obtainable by entities of a group of entities of the external network other than the first group of entities. This is advantageous, for example, for providing an interface between an internal network and an external network, which enables a selective provision of the first information. By causing and / or controlling a function recovery and / or a function update of one or more entities of a first group of entities of the internal network, for example, it is to be understood that the one or more entities of the first group of entities of the internal network include function recovery information or providing function update information such that the one or more entities of the first group of entities of the internal network are enabled to restore and / or update the function. For example, each of the function recovery information and / or function update information provided to an entity of the one or more entities of the first group of entities of the internal network is at least partially different from the others for further entities of the one or more entities of the first group of entities of the internal one Network provided function recovery information and / or function update information. For example, for each of the entities, one or more Entities of the first group of entities of the internal network each have a respective function recovery information (eg, an individual function recovery information) and / or a respective function update information (eg, an individual function update information) provided.

For example, corresponding function recovery information and / or corresponding function update information is sent to the one or more entities of the internal network (e.g., via one or more network connections of the internal network). For example, corresponding function recovery information and / or corresponding function update information is sent by the second server to the one or more entities of the internal network (e.g., via one or more network connections of the internal network). For example, the one or more entities of the first group of entities of the internal network are the entities of the first group of entities whose function (s) are to be recovered and / or updated. For example, the one or more entities of the first group of entities are the entities of the first group of entities whose function recovery and / or function update are to be initiated and / or controlled (e.g., by the second server). The first group of entities of the internal network comprises, for example, the entities of the internal network whose function recovery and / or function update can be initiated and / or controlled (e.g., by the second server).

By updating a function of an entity, it should be understood in the present case, for example, that one or more functions of the entity are changed, for example by adding a function to the entity, deactivating a function of the entity, and / or activating a function of the entity. In the present case, the restoration of a function of an entity should be understood, for example, to mean that one or more functions of the entity are in a defined state (eg the delivery condition). For example, updating and / or restoring a function of an entity may include storing a program in a memory of the entity and / or changing a program stored in a memory of the entity. Such a program may be, for example, at least partially a driver program, an operating system program and / or an application program. For example, functions (eg, subsequently) can be added and / or removed. For example, the (eg, software) support (eg, software plug-and-play support) may be added and / or removed as a function of a component so that the entities of the first group of entities of the internal network can be connected to such a component ,

This is advantageous, for example, to enable remote management of the functions of the entities of the first group of entities of the internal network (e.g., by the second server). For the functional recovery and / or function update of the function (s) of the entities of the first group of entities of the internal network, in-situ deployment can be avoided in many cases according to the second aspect of the invention. In the present case, a network is to be understood as meaning, for example, a device and / or an infrastructure for the transmission of information (for example data). Examples of a network are a wired network and / or a wireless network. An example of a wired network is an Ethernet. Another example of a wired network is a PoE network (PoE: Power over Ethernet, e.g., an IEEE 802.3af 2003 network or IEEE

802.3at 2009 network) and a PLC network (PLC: Powerline Communication). For example, a PoE network should be understood to include PoE + (Power over Ethernet Plus) and UPoE (Universal Power over Ethernet) networks. An example of a wireless network is a mobile radio network such as a GSM network (GSM: Global System for Mobile Communications), a GPRS network (GPRS: General Packet Radio Service), a UMTS network (UMTS: Universal Mobile , ,

Telecommunications System), an LTE (LTE: Long Term Evolution) network, an advanced LTE network and a 5G cellular network. Another example of a wireless communication network is an IEEE 802 wireless network such as a WLAN (WLAN: Wireless Local Area Network, an IEEE 802.11 network, eg an IEEE 802.11b network), a Wi MAX network (WiMAX: Worldwide Interoperability for Microwave Access, an IEEE 802.16 network), a Bluetooth network (an IEEE 802.15.1 network), a Zigbee network (an IEEE 802.15.4 network), and a 6L0WPAN network (6L0WPAN: IPv6 over low power Wireless Personal Area Network, eg an IEEE 802.15.4 network). A network is, for example, a network with a mesh topology (mesh topology). However, other network topologies are also conceivable (e.g., star topology and / or ring topology). A network may be composed of several different interconnected networks (e.g., include one or more wired networks and / or one or more wireless networks). An example of a network composed of several different interconnected networks is the Internet.

Information can be communicated over the network connections of a network according to one or more network protocols supported by the network. According to a packet-oriented network protocol, information is transmitted, for example, in data packets. Examples of network protocols include the Transmission Control Protocol and Internet Protocol (TCP / IP) protocols, the User Datagram Protocol (UDP), and the Internetwork Packet eXchange (IPX) protocol.

In the present case, the entities of a network should be understood, for example, to mean devices which are set up to transmit and / or receive information about the network (eg via one or more network connections of the network to send and / or receive). The entities of a network are interconnected, for example, via one or more network connections of the network. For example, the entities of a network may at least partially interconnected via one or more encrypted network connections of the network.

For example, the entities of the internal network are interconnected (e.g., directly interconnected) via one or more network connections of the internal network. For example, the entities of the internal network (e.g., immediately) are connected to the internal network. For example, the entities of the internal network are set up and / or include communication means arranged to send and / or receive information (eg, directly) via the internal network (eg, to send and receive one or more network connections of the internal network) / or to receive).

It is also conceivable, for example, for the entities of the internal network to be grouped together, such a group comprising, for example, a master entity and one or more slave entities. For example, only the master entity of such a group is connected (e.g., directly) to the internal network. For example, the entities of such a group are interconnected via a local wireless network (e.g., a local wireless network other than the internal network). For example, the network connections over the local wireless network are protected network connections (e.g., VPN connections). For example, the slave entities of such a group are only indirectly connected to the internal network via the master entity of the group. For example, the slave entities of such a group may only indirectly send and / or receive information over the internal network via the master entity of the group.

For example, the master entities (eg, the master entities of such a group) are established and / or include communication means configured to send (and / or receive) information (eg, directly) over the internal network (eg, via one or more Send and / or receive network connections of the internal network) and information about the local network. , - send and / or receive loose network (eg directly) (eg to send and / or receive via one or more network connections of the local wireless network). For example, the slave entities (eg, the slave entities of such a group) are established and / or include communication means configured to send (eg, directly) information (eg, only) over the local wireless network and / or to receive (eg via one or more network connections of the local wireless network to send and / or receive). For example, the entities of the external network are over one or more

Network connections of the external network are interconnected (e.g., directly interconnected). For example, the entities of the external network are established and / or include communication means arranged to send (and / or receive) information (eg, directly) over the external network (eg, to send and / or via one or more network connections of the external network to recieve).

For example, the internal network and the external network are two different networks. For example, the internal network and the external network are only indirectly and not directly connected. Between the entities of the internal network and the entities of the external network, information can be exchanged, for example, via the first server (eg exchanged exclusively via the first server). For example, the first server is at least partially constituted as an information diode to provide an unidirectional interface for transmitting information of the information type of the first information from the internal network to the external network, and to transmit information from the external network to the external network internal network at least partially blocked. In addition to this interface function, the first server can carry out additional functions. - take such as a data analysis function. For example, the first server is an analysis server (eg, an analytic server).

For example, the second server is an entity of the internal network. For example, the first server is connected only to the second server as an entity of the internal network. For example, the second server is directly connected to the first one. For example, the other entities of the internal network are only connected to the first server via the second server. For example, the first information from one or more entities of the internal network is received at the second server and sent and received by the second server to the first server. This is advantageous, for example, to ensure that the transmission of information from the internal network is controlled by an entity of the internal network (e.g., by the second server of the internal network). In addition to this data forwarding function, the second server can take on additional functions for the other entities of the internal network, such as e.g. a

Management function, a content management function, a remote control function and / or a remote maintenance function.

For example, the internal network may include one or more entities that are wireless or wired (e.g., via PoE or PLC) (e.g., via PoE or PLC). For example, the internal network is at least partially the network of an infrastructure of an automation and / or control system (e.g., an Industrie 4.0 infrastructure). For example, the entities of the internal network and / or the internal network support cloud computing and / or edge computing and / or fog computing.

For example, the internal network is at least partially the network of an outdoor wireless infrastructure (eg, a system for capturing information in the outdoor area and / or a lighting system). For example, the second server is a backend server and / or a backend server device of the wireless infrastructure. , -

For example, the internal network is the network of an outdoor information gathering system and the entities of the internal network include one or more devices having one or more external information gathering means [e.g. Sensors).

For example, the internal network is the network of a lighting system (e.g., a street lighting system), and the entities of the internal network include one or more devices for controlling a light source (e.g., controlling a street lamp bulb). For example, the devices for controlling a lighting device further comprise one or more means for detecting information in the outdoor area. For example, the devices for controlling a light source are at least partially remotely controllable and / or remotely maintainable (e.g., by the second server). Such a device for controlling a luminous means is described, for example, in the patent application with the file reference DE 10 2014 102 678.0, which is expressly incorporated herein by reference. Furthermore, such a device is for example a device manufactured by the company ICE Gateway under the product name ICE Gateway.

For example, the external network is the Internet, and the entities of the external network include one or more Internet-enabled user devices, such as smartphones, computers, notebook computers, and / or tablet computers. The present invention enables the communication of information between two separate networks (eg, two separate infrastructures) at least in the direction from the internal network to the external network. Thus, for example, an unidirectional interface for the transmission of information from the internal network to the external network may be provided. In this case, for example, information of different types of information can in each case be transmitted to different groups of entities of the external network. , -

This is advantageous, for example, to prevent access to the internal network and to restrict access to the information to specific entities and / or groups of entities of the external network. The present invention thus enables a protected and selective exchange of information between two separate networks (e.g., an internal network of an outdoor information system and / or a lighting system and a public network). Further, the present invention enables the central management of the function (s) of the entities of a first group of entities of the internal network. This is advantageous, for example, to enable, at least in part, remote control of the function (s) of entities of the first group of entities of the internal network and remote maintenance of those entities (e.g., by the second server).

Both the ability to communicate information from the internal network to the external network via an interface, as well as the (remote) management of the function (s) of entities of the internal network can facilitate the operation and use of the internal network - ie the management of the internal network Network - therefore significantly simplify and improve. Thus, for example, the devices and methods of the first, second, and third aspects of the invention are each an apparatus and method for managing (e.g., operating) the internal network.

The invention enables and / or supports, for example, so-called FoG computing. At the same time, intelligent entities at both ends of an overall network (eg, the internal and / or external network) process (pre-) processing information and / or data in several stages. The information and / or data is pre-processed in the internal network and in individual entities of the internal network, for example, before being aggregated and analyzed by the first and / or second server and / or in the external network ( processing). - -

Further advantages of the disclosed invention will be described below with reference to exemplary embodiments whose disclosure is intended to apply equally to the respective categories (method, apparatus, system, computer program). According to an exemplary embodiment of the first and third aspects of the invention, the first information is provided by the server device such that the first information is obtainable only by authenticated entities of the first group of entities of the external network. Authenticate the entities of the first group of entities of the external

For the purposes of the present context, a network is understood to mean, for example, that for each of the entities of the first group of entities of the external network, it is checked whether the respective entity is one of the entities of the first group of entities of the external network. For example, an entity of the first group of entities of the external network is authenticated after it has been positively tested whether the entity is an entity of the first group of entities of the external network.

For example, the first information is obtainable only by authenticated entities of the first group of entities of the external network if access to the first information and / or the retrieval of the first information is protected. This can be achieved, for example, if the first information is encrypted (eg encrypted so that it can only be decrypted by entities of the first group of entities of the external network) and / or if the first information is in a protected memory area (eg in a password-protected Storage area accessible only by the entities of the first group of entities of the external network).

For example, the method according to the first and second aspects of the invention further comprises authenticating the entities of the first group of entities of the external network (eg, by the first server). For example, the means of the first server (eg the first server device) are set up to authenticate Execute and / or control the entities of the first group of entities of the external network.

For example, authenticating the entities of the first group of entities of the external network comprises checking for each of the entities at least in part depending on an authentication feature of the respective entity, whether the entity is one of the entities of the first group of entities of the external network. For example, authenticating the entities of the first group of entities of the external network further comprises receiving an authentication feature from each of the entities of the first group of entities of the external network (e.g., via one or more network connections).

An entity's authentication feature is, for example, a network address of the entity, a network address range in which the entity's network address resides, a password (eg, a password entered by a user on the entity), a biometric of a user of the entity (eg, an entity detected biometric feature of a user of the entity) and / or a cryptographic key (eg, a public key and / or a secret key of an encryption method).

For example, as described above, only the entities of the first group of entities of the external network are authorized to obtain information of the information type of the first information. For example, authenticating the entities of the first group of entities of the external network includes checking for each of the entities (e.g., at least in part, depending on an authentication feature) whether the entity is entitled to obtain information from the information type of the first information.

According to an exemplary embodiment of the first and third aspects of the invention, different types of information are respectively associated with at least partially different groups of entities of the external network. - -

For example, different types of information are each associated with different groups of entities of the external network. For example, these various associations reflect the permissions of the respective groups of entities of the external network to obtain information of a particular type of information, and / or, for example, provide rules for providing information of the particular types of information. For example, the first server is configured to provide a rules engine for providing an interface between an internal network and an external network and for selectively providing information at least in part depending on the rules imposed by the associations.

For example, in a memory of the first server device, allocation information about the assignment of the information type of the first information and / or the information based on the first information to the first one may be provided

Group of entities of the external network. For example, in the memory of the first server device, further allocation information about the assignment of further information types (eg, other types of information different from the information type of the first information) may be respectively to a group of entities of the external network (eg, one different from the first group of entities of the external network Group of entities of the external network). For example, the association information specifies rules for the provision of information of the respective information types by the first server device. For example, the first server device is set up, a rules engine to provide an interface between an internal server

Provide network and an external network and for selectively providing information at least partially depending on the predetermined by the mapping information rules. The membership of an entity to a group of entities and / or the authority of an entity may, for example, be derived from a user of the entity - -

(e.g., by the user entering an authentication feature on the entity). This is advantageous, for example, to be able to provide information of different types of information to different user groups (for example, one user group can only receive traffic information and another user group can only receive weather information).

According to an exemplary embodiment of the first and third aspects of the invention, the provision of the first information and / or the information based on the first information comprises storing the first information and / or the information based on the first information in a first memory area (eg by the first server), wherein the first storage area is associated with the first group of entities of the external network. For example, the means of the first server (eg the first server device) are arranged to execute and / or control the storage of the first information and / or the information based on the first information in a first memory area, the first memory area of the first group of Entities of the external network is assigned. For example, the first storage area is a storage area of a memory of the first server device. However, it is also conceivable that the first memory area is a memory area of a memory of a device different from the first server device.

For example, the first storage area is a database, a partition of a storage, and / or a storage. For example, the first storage area is separated from other storage areas by software and / or hardware.

For example, the information stored in the first storage area is obtainable only by the entities of the first group of entities of the external network. For example, the first memory area is protected in such a way that access to the information stored in the first memory area and / or retrieval of the information stored in the first memory area only by (eg authenticated) entities of the first group of entities of the external network - - is possible. For example, the first memory area is password protected. For example, the first storage area is encrypted.

For example, different memory areas are each assigned at least partially to different groups of entities of the external network. For example, the different memory areas are separated from the other memory areas by software and / or hardware. This is advantageous, for example, to enable separation of the information of the different types of information associated with different groups of entities of the external network.

According to an exemplary embodiment of the first and third aspects of the invention, providing the first information and / or the information based on the first information comprises transmitting the first information and / or the information based on the first information (e.g., by the first server). For example, the means of the first server (e.g., the first server device) is arranged to execute and / or control the transmission of the first information and / or the information based on the first information. For example, the first information and / or the information based on the first information is contained in one or more (transmitted) data packets. For example, the first information and / or the information based on the first information is contained in one or more (sent) files. For example, the function recovery information and / or the function update information is part of a (sent) message.

For example, the first information and / or the information based on the first information is encrypted (eg via one or more encrypted network connections). For example, the first information and / or the information based on the first information is sent encrypted (eg via one or more encrypted network connections) in such a way that they are only transmitted through the entities of the first group of entities are receivable and decryptable. This is advantageous, for example, for protecting the first information and / or the information based on the first information during the transmission and for ensuring that the information is available only to entities of the first group of entities of the external network.

For example, the first information and / or the information based on the first information is sent unsolicited (e.g., sent in the form of a push transmission). For example, the first information and / or the information based on the first information is sent unsolicited by the first server (for example, sent in the form of a push transmission). This is advantageous, for example, to ensure that the control over the transmission lies with the first server and / or the first server device and can not be controlled by (for example, unauthorized) entities of the external network.

For example, the first information and / or the information based on the first information is sent to one or more entities of the external network. For example, the first information and / or the information based on the first information is sent from the server device to one or more entities of the external network.

For example, the first information and / or the information based on the first information is sent from the first server and / or the first server device (eg only) to the entities of the first group of entities of the external network. For example, the first information and / or the information based on the first information is sent from the first server and / or the first server device only to authenticated entities of the first group of entities of the external network (eg, only to entities of the first group of entities of the external network) external network previously authenticated by the first server). This is advantageous, for example, to ensure that the information is available only to entities of the first group of entities of the external network. For example, the first information and / or the information based on the first information is sent from the server device (eg only) to a server of the external network. For example, the server of the external network is set up to make the first information and / or the information based on the first information available only to entities of the first group of entities and / or to ensure that the first information and / or information on the first first information based information is available only through entities of the first group of entities.

For example, the server of the external network is set up, a network portal for accessing the first information and / or the information based on the first information and / or for retrieving the first information and / or the information based on the first information by the entities of first group of entities of the external network. A network portal can be, for example, a web page and / or a program interface such as an interface for SAP applications (Systems Applications Products, SAP) that can be accessed over a network. A network portal may be a portal for the remote control and / or remote maintenance of devices for controlling a light source (e.g., connected LED bulbs and / or LED lights). However, a network portal may also be a portal for providing traffic data (e.g., traffic information) or a portal for providing retail marketing data (e.g., marketing information). A network portal can also be a portal for providing information collected by local sensors such as C02, ozone, precipitation and / or noise and / or the like. For example, the portals provide information as a basis for further decisions or processes that may lead to further events and conclusions.

For example, the server of the external network is set up, a network portal for authenticating the entities of the first group of entities of the external network and / or for accessing the first information and / or on the provide first information based information and / or for retrieving the first information and / or the information based on the first information by the authenticated entities of the first group of entities of the external network. This is advantageous, for example, to ensure that the information is available only to entities of the first group of entities of the external network.

According to an exemplary embodiment of the first and third aspects of the invention, the provision of the first information and / or the information based on the first information comprises summarizing the first information with at least one further piece of information [e.g. by the first server], and providing the aggregated information (e.g., by the first server). In the present case, the summarized information should be understood, for example, as information based on the first information.

For example, the means of the first server (e.g., the first server device) is arranged to execute and / or control the merging of the first information with at least one further piece of information and providing the aggregated information.

By combining the first information with a further piece of information, in the present case it should be understood, for example, that the first information and the further information are aggregated, analyzed and / or evaluated. The aggregation, analysis and / or evaluation can take place, for example, by applying an aggregation algorithm, an analysis algorithm and / or an evaluation algorithm to the first information and the further information. An example of an evaluation algorithm is an algorithm for statistical evaluation (eg an algorithm for determining an average value and / or the distribution of values). For example, the summarized information includes only the result of the summary, such as the result of the aggregation of the information. - result of the analysis of the information and / or the result of the evaluation of the information.

For example, the first information and the other information are each environmental information. For example, the first information and the further information are analyzed for recurring environmental situations in order to be able to make a prediction for the future development of the environmental situation. For example, an analysis of traffic information may reveal that, in a given traffic situation, the likelihood of the future emergence of congestion is particularly high.

For example, the first information and the further information are each status information informing of the state of an entity of the internal network. For example, the first information and the further information are evaluated as to whether maintenance of the entity of the internal network is necessary (for example, because the state of the entity of the internal network deteriorates).

If the entity of the internal network is, for example, a device for controlling a luminous means, the state information can inform, for example, about the state of the luminous means. For example, the state information may include a current / average value for the supply voltage, the brightness, and / or the supply current of the light source. For example, a (e.g., statistical) change in this value may indicate a need for maintenance of the illuminant. In this case, for example, information (for example, information based on the first information) may be provided that maintenance of the illuminant is necessary.

For example, the first information is information of a Bluetooth device (eg, a Bluetooth ID) detected by a radiation sensor for Bluetooth signals. This information can be evaluated, for example together with other information detected by the radiation sensor, to provide a traffic count for the location , , of the radiation sensor (eg a count of cars). For example, all information of a Bluetooth device detected by the Bluetooth signal radiation sensor in a certain period of time each from different Bluetooth devices is counted. In this case, for example, traffic information (eg, information based on the first information) may be provided that includes the result of the count. Alternatively or additionally, it is also conceivable that the information of a Bluetooth device (eg a Bluetooth ID) detected in this example by the radiation sensor for Bluetooth signals is combined with information detected by a sound sensor in order not only to recognize the device, but also whether it is a pedestrian, a bicycle, a car and / or another vehicle and / or in which direction the device is moving. For example, all cars passing by the location of the radiation sensor / sound sensor (eg all cars driving in a certain direction) can be counted. In this case, for example, traffic information (eg as information based on the first information) can be provided, which comprises the result of the counting of the car passing by at the location of the radiation sensor / sound sensor.

This is advantageous, for example, in order to relieve the entities of the external network and to allow a central aggregation (eg aggregation and / or evaluation) of the information, so that the entities of the external network receive the summarized information and not the information have to summarize. This is particularly advantageous if the information would otherwise be grouped together by a plurality of entities of the external network.

According to an exemplary embodiment of the first and third aspects of the invention, the provision of the first information and / or the information based on the first information comprises processing the first information (eg by the first server), and providing the processed information (eg - - through the first server). In the present case, the processed information is to be understood, for example, as information based on the first information.

For example, the means of the first server (e.g., the first server device) is arranged to perform and / or control the processing of the first information, and the provision of the processed information.

In the present case, processing the first information means, for example, the organization, analysis and / or modification of the first information. The organization, analysis and / or modification of the first information can be done, for example, by applying a data processing algorithm to the first information. An example of a data processing algorithm is an evaluation algorithm and / or an analysis algorithm. The processed information includes, for example, only the result of organizing, analyzing, and / or altering the first information.

For example, the first information is status information informing about the state of an entity of the internal network. For example, the first information is evaluated as to whether maintenance of the entity of the internal network is necessary [eg, because the state of the entity of the internal network is out of a predetermined state]. If the entity of the internal network is, for example, a device for controlling a light source is, the state information can inform, for example, about the state of the bulb. For example, the state information may include a current / average value for the supply voltage, the brightness, and / or the supply current of the light source. If this value is above or below a threshold value, maintenance of the illuminant may be necessary, for example. In this case, for example, information (eg, information based on the first information) may be provided that maintenance of the lighting means is necessary. , ,

This is advantageous, for example, to relieve the entities of the external network and allow central processing of the first information so that the entities of the external network receive the processed information and do not have to process the information first. This is particularly advantageous if the first information would otherwise be processed by a plurality of entities of the external network.

According to an exemplary embodiment of the method according to the first and third aspects of the invention, the method further comprises receiving second information (eg by the first server), the second information originating from an entity of a second group of entities of the external network, and providing the second information and / or information based on the second information (eg, by the first server) such that the second information is obtainable only at one or more entities of the internal network.

For example, the means of the first server (eg the first server device) is arranged to receive second information, the second information originating from an entity of a second group of entities of the external network, and providing the second information and / or the information based on the second information such that the second information and / or the information based on the second information is available only to one or more entities of the internal network to execute and / or control.

For example, the second information is received at the first server. For example, the second information is received via one or more network connections of the external network. For example, the second information is received encrypted (eg via one or more encrypted network connections). For example, the first server device comprises one or more communication means, the communication means being arranged to receive the second information (eg, to receive over one or more network connections of the external network). , -

For example, the second information is contained in one or more data packets received at the server device. For example, the second information is contained in one or more files received at the server device.

As described above, an item of information is to be understood, for example, as coming from an entity if the information has been at least partially generated and / or captured by the entity and / or a means of the entity.

For example, the second information has been at least partially generated and / or acquired by the entity of the second group of entities of the external network and / or a means of the entity of the second group of entities of the external network.

For example, the second information is received by the entity of the second group of entities of the external network that have and / or have at least partially generated and / or acquired the second information. For example, the second information is received by the first server from the entity of the second group of entities of the external network that have and / or at least partially generated and / or acquired the second information.

For example, the second information from the entity of the second group of entities of the external network, and / or the means of which at least partially generated and / or acquired the second information, is sent to a server of the external network. For example, the second information is received from the server of the external network. For example, the second information is received by the first server from the server of the external network. For example, the external network server is configured to provide a network portal for receiving second information from the entities of the second group of entities of the external network. For example, a network portal can have a , ,

Web page and / or a program interface such as an interface for an SAP software (Systems Applications Products, SAP), which can be accessed via a network. A gantry may be a portal for remote control and / or remote maintenance of devices for controlling a light source (e.g., connected LED bulbs and / or LED lights). However, a portal may also be a portal for providing traffic data (e.g., traffic information) or a portal for providing retail marketing data (e.g., marketing information). A portal may also be a portal for providing information acquired by local sensors such as C02, ozone, precipitation and / or noise and / or the like. For example, the portals provide information as a basis for further decisions or processes that may lead to further events and conclusions.

For example, the external network server is arranged to provide a network portal for authenticating the entities of the second group of entities of the external network and / or for receiving the second information by the authenticated entities of the second group of entities of the external network. This is advantageous, for example, to ensure that the second information originates only from entities of the second group of entities of the external network.

For example, the information based on the second information is at least partially the result of processing and / or summarizing the second information.

By providing the second information and / or the information based on the second information by the server device such that the second information or the information based on the second information is available only at one or more entities of the internal network can be ensured, for example that the second information and / or the information on the second Information that is based on information can only be obtained by the entities of the internal network and not by entities of the external network.

As described above, information should be understood to be available, for example, as available from an entity, if the information can be obtained at the entity.

For example, the second information and / or the information based on the second information is provided such that the second information and / or the information based on the second information is receivable, readable, detectable, retrievable, and only by one or more entities of the internal network / or is decryptable. For example, the second information and / or the information based on the second information is sent only to one or more entities of the internal network (e.g., sent only encrypted to the entities of the internal network).

As described above, the first server device is at least partially constituted as an information diode to provide an unidirectional interface for transmitting information of the information type of the first information from the internal network to the external network, and to transmit information from the external network at least partially blocked to the internal network. For example, the first server device is at least partially constituted as an information diode so as to further provide an unidirectional interface for the transmission of information originating from the second group of entities of the external network from the external network to the internal network Transmission of other information from the external network to the internal network at least partially blocked. For example, the second information and / or the information based on the second information from the first server and / or the first server device sent to the second server and / or the second server device and received there and sent by the second server to one or more other entities of the internal network (eg sent encrypted). This is advantageous, for example, to ensure that the transmission of information from the internal network is controlled by an entity of the internal network (eg by the second server).

This is advantageous, for example, to enable the transmission of information between two separate networks also in the direction from the external network to the internal network. For example, only information originating from the second set of entities of the external network is sent to the entities of the internal network. Thus, for example, an unidirectional interface may be provided for the transmission of the information originating from the second group of entities of the external network from the external network to the internal network. This is advantageous, for example, to prevent immediate access to the internal network and to be able to limit the communication with the entities of the internal network to the second group of entities of the external network. The present invention thus enables a protected and selective exchange of information between two separate networks.

According to an exemplary embodiment of the first and third aspects of the invention, the second information and / or the information based on the second information is provided only if the second information originates from an entity of the second group of entities of the external network.

For example, only the entities of the second group of entities of the external network are allowed to communicate information (eg via the first server) to one or more entities of the internal network. , -

For example, in a memory of the first server device, authorization information about the permissions of one or more groups of entities of the external network may be stored. This authorization information specifies, for example, rules for the provision of the second information by the first server device. For example, the first server device is configured to provide a rules engine for providing an interface between an internal network and an external network and for selectively providing information at least in part depending on the rules specified by the authorization information.

For example, the second information and / or the information based on the second information is provided only when the second information is received from an entity of the second group of entities of the external network and / or via a protected network connection. A protected network connection is, for example, a network connection via which information is transmitted in encrypted form. An example of a protected network connection is a network connection of a VPN network and / or a network connection according to the https protocol (Hypertext Transfer Protocol Secure, https). According to an exemplary embodiment of the first and third aspects of the invention, the second information and / or the information based on the second information is provided only when the second information originates from an authenticated entity of the second group of entities of the external network (eg becomes). For example, the second information and / or the information based on the second information is provided by the first server device only if the second information is from an authenticated entity of the second group of entities of the external network at the server device and / or via a protected network connection is received at the server device. , ,

By authentication of an entity of the second group of entities of the external network, it should be understood herein, for example, that the entity of the second set of entities is checked to see if the entity is one of the entities of the second set of entities of the external network. For example, an entity of the second group of entities of the external network is authenticated after it has been positively tested whether the entity is an entity of the second set of entities.

For example, the method according to the first and third aspects of the invention further comprises authenticating the entity of the second group of entities of the external network (e.g., by the first server). For example, the means of the first server (e.g., the first server device) is arranged to execute and / or control the authentication of the entity of the second group of entities of the external network.

For example, as described above, authenticating entities of the second group of entities of the external network is understood herein to mean that the entity of the second set of entities is checked to see if the entity is one of the entities of the second set of entities of the external network. For example, authenticating the entity of the second set of entities comprises checking for the entity at least in part depending on an entity's authentication feature as to whether the entity is one of the entities of the second set of entities. For example, authenticating the entity of the second group of entities of the external network further comprises receiving an authentication feature from the entity (e.g., via one or more network connections).

For example, as described above, only the entities of the second group of entities of the external network are authorized to communicate information to one or more entities of the internal network. For example, authenticating the entities of the first set of entities includes checking for each of the entities (eg, at least in part, depending on an authentication feature) - the entity is authorized to submit information to one or more entities of the internal network.

According to an exemplary embodiment of the method according to the first and third aspects of the invention, the method further comprises checking the second information and / or checking the information based on the second information (e.g., by the first server). For example, the means of the first server (e.g., the first server device) is arranged to execute and / or control the checking of the second information and / or the checking of the information based on the second information.

For example, at least partially, depending on provisioning rule information, it is checked whether the second information and / or the information based on the second information may be provided such that the second information is obtainable only at one or more entities of the internal network. For example, the second information and / or the information based on the second information is provided only if the examination results at least in part depending on provisioning rule information, the second information and / or the information based on the second information may be provided in such a way, the second information is only available at one or more entities of the internal network.

For example, corresponding provisioning rule information is stored in a memory of the first server (e.g., the first server device).

For example, the provisioning rule information specifies that the second information and / or the information based on the second information may be provided only when the second information originates (eg, is received) from an entity of the second group of entities of the external network and / or or whether the second entity originated (eg is received) from an authenticated entity of the second group of entities of the external network. - -

For example, the provisioning rule information specifies that the second information and / or the information based on the second information may be provided only when the second information is received in a predetermined time slot.

For example, the provisioning rule information specifies that the second information and / or the information based on the second information may be provided only if it comprises one or more predetermined instructions and / or parameters, and that the second information and / or the Information based on the second information may not be provided if it comprises deviating instructions and / or parameters.

For example, the provisioning rule information specifies that the second information and / or the information based on the second information may be provided only if it does not include more than a predetermined number of instructions and / or parameters.

The checking is advantageous, for example, in order to prevent the second information and / or the information based on the second information from being provided in an abusive manner.

According to an exemplary embodiment of the first and third aspects of the invention, the provision of the second information and / or the information based on the second information comprises storing the second information and / or the information based on the second information in a second memory area (eg by the first server), the second storage area being associated with the entities of the internal network. For example, the means of the first server (eg the first server device) are arranged to execute and / or control the storage of the second information and / or the information based on the second information in a second memory area, the second one -.

Memory area is assigned to the entities of the internal network. For example, the second storage area is a storage area of a memory of the first server device. However, it is also conceivable that the second memory area is a memory area of a memory of a device different from the first server device.

For example, the information stored in the second storage area is available only through the entities of the internal network. By way of example, the second memory area is protected such that access to the information stored in the second memory area and / or retrieval in the second memory area

Storage area stored information is only possible by entities of the internal network. For example, the second memory area is password protected. For example, the second memory area is encrypted. This is advantageous, for example, to enable a separation of the second information and / or the information based on the second information from other information, such as the first information.

According to an exemplary embodiment of the first and third aspects of the invention, the provision of the second information and / or the information based on the second information comprises sending the second information and / or the information based on the second information to one or more entities of the second information internal network (eg through the first server). For example, the means of the first server (e.g., the first server device) is arranged to execute and / or control the transmission of the second information and / or the information based on the second information to one or more entities of the internal network.

For example, the second information and / or the information based on the second information is contained in one or more (transmitted) data packets. For example, the second information and / or the second information contain underlying information in one or more (sent) files. For example, the function recovery information and / or the function update information is part of a (sent) message. For example, the second information and / or the information based on the second information is encrypted to one or more entities of the internal network (eg, via one or more encrypted network connections). This is advantageous, for example, to protect the second information during the transmission.

For example, the sending of the second information and / or the information based on the second information is initiated by one or more entities of the internal network (e.g., by the second server). For example, the second information or the information based on the second information is retrieved by one or more entities of the internal network (e.g., the second server). This is advantageous, for example, to ensure that the control over the transmission of the second information and / or the information based on the second information lies with the entities of the internal network (eg at the second server and / or the second server device) and not from (eg unauthorized) entities of the external network can be controlled.

For example, the second information and / or the information based on the second information is sent only to the second server. For example, the second server is set up to make the second information and / or the information based on the second information available only to entities of the internal network and / or to ensure that the second information or the information based on the second information is only through Entities of the internal network is available. According to an exemplary embodiment of the first and third aspects of the invention, the provision of the second information and / or the information on the second , , information based summarizing the second information with at least one further information and providing the summarized information (eg by the first server). In the present case, the summarized information should be understood, for example, as information based on the second information.

For example, the means of the first server (e.g., the first server device) is arranged to execute and / or control the merging of the second information with at least one further piece of information and the provision of the aggregated information.

By combining the second information with a further piece of information, it should be understood here, for example, that the second information and the further information are aggregated, analyzed and / or evaluated. The aggregation, analysis and / or evaluation can take place, for example, by applying an aggregation algorithm, an analysis algorithm and / or an evaluation algorithm to the second information and the further information. An example of an evaluation algorithm is an algorithm for statistical evaluation (eg an algorithm for determining an average value and / or the distribution of values). For example, the summarized information includes only the result of the summary, such as the result of the aggregation of the information, the result of the analysis of the information, and / or the result of the evaluation of the information. This is advantageous, for example, to relieve the entities of the internal network and allow a central aggregation (eg aggregation, analysis and / or evaluation) of the information, so that the entities of the internal network receive the summarized information and do not have to summarize the information first , This is particularly advantageous if the information would otherwise be grouped together by a plurality of entities of the internal network. , ,

According to an exemplary embodiment of the first and third aspects of the invention, providing the second information and / or the information based on the second information comprises processing the second information and providing the processed information (e.g., by the first server).

For example, the means of the first server (e.g., the first server device) is arranged to execute and / or control the processing of the second information and the provision of the processed information.

In the present case, processing the second information means, for example, the organization and / or modification of the second information. The organizing and / or altering of the second information may, for example, be done by applying a data processing algorithm to the second information. An example of a data processing algorithm is an analysis algorithm and / or an evaluation algorithm. The processed information includes, for example, only the result of organizing and / or changing the second information. This is advantageous, for example, to relieve the entities of the internal network and allow central processing of the second information, so that the entities of the internal network receive the processed information and do not have to process the information first. This is particularly advantageous if the second information would otherwise be processed by a plurality of entities of the internal network.

According to an exemplary embodiment of the first and third aspects of the invention, the entities of the first group of entities of the external network are at least partially different (eg, completely different) from the entities of the second group of entities of the external network. However, it is also conceivable that the entities of the first groups of entities of the external network and the - -

Entities of the second groups of entities of the external network are at least partially identical (e.g., completely identical).

According to an exemplary embodiment of the first and third aspects of the invention, the second information and / or the information based on the second information comprises control information such as a control instruction and / or a control parameter for controlling one or more entities of the internal network. Control instructions are, for example, instructions to a device for controlling a luminous means which cause the device to turn on, turn off and / or dim the luminous means. Control parameters are, for example, a turn-on instant, a turn-off instant, a dimming value, a turn-on / -off brightness threshold, a supply voltage value, and / or a supply current value. For example, control information comprises one or more firing tables.

For example, a firing table is based, at least in part, on a defined calendar for a location (such as a solar calendar, civil calendar, nautical calendar, and / or the like) that defines the time of sunset and / or sunrise at the location. For example, this calendar can be arbitrarily customized by an editor by a user. Subsequently, for example, a light intensity per unit time is assigned. Thus, the need for additional light can be combined with real needs at any time and at any location. For example, a firing table may cause light from the bulb to first start at 50% and then increase to 100% and then fall back to 30% after a few hours. For example, the start and end times can change by a few minutes each day. , ,

According to an exemplary embodiment of the first and third aspects of the invention, the first information and / or the information based on the first information comprise environmental information and / or state information. For example, the first information is environmental information acquired and / or created by a means of an entity of the internal network and / or an entity of the internal network. For example, one or more entities of the internal network include one or more sensors, wherein the sensors are configured to capture and / or create environmental information. A sensor is to be understood as meaning, for example, a device (eg a video camera) and / or a component (eg a CCD sensor and / or a CMOS sensor), in particular an electrical or electronic component which is set up for certain physical or chemical properties ( eg: radiation, temperature, humidity, pressure, sound, brightness or acceleration) and / or can quantitatively record the material quality of its environment qualitatively or as a measured variable. These quantities are detected, for example, by means of physical or chemical effects and converted into environmental information (for example transformed into a further processable electrical signal). For example, a sensor may be wired and / or wirelessly connected to an entity of the internal network. For example, the entities of the internal network are configured and / or include communication means configured to be connected to one or more sensors and to receive and / or transmit information from the sensors to the sensors. For example, a sensor may be connected to a network interface, a data interface, and / or an analog-to-digital converter of an entity of the internal network. An example of a network interface and / or a data interface is a USB interface, an IEEE 1394 interface, a CAN bus interface, a Zigbee interface, a Bluetooth interface, a serial interface such as an R232 interface and / or a parallel interface such as an IEEE 1284

Interface. For example, the entities of the internal network are responsible for a soft- standard plug & play sensor support (eg due to a corresponding function update). It is also conceivable that a sensor is part of a mobile device such as a mobile phone, wherein the mobile device is wired and / or wirelessly connected to an entity of the internal network and / or the mobile device is an entity of the internal network.

Examples of a sensor are a temperature sensor (eg a thermometer, a thermocouple and / or a thermoresistor), an ambient temperature sensor, a brightness sensor, a motion sensor (eg a motion detector), an acoustic sensor, an ultrasound sensor, radiation sensor (eg for WLAN). Signals and / or Bluetooth signals), a sound sensor (eg a microphone), an optical sensor, an infrared sensor, a light sensor (eg a photodiode and / or a photoresistor), an image sensor (eg an image camera, a CMOS sensor and / or a CCD sensor), a video sensor (eg, a video camera, a CMOS sensor and / or a CCD sensor), a current sensor, a voltage sensor, a power sensor, a chemical sensor (eg, a gas sensor), an explosive material detection sensor, a precipitation sensor and / or a vibration sensor.

For example, the first information is information of a Bluetooth device (eg, a Bluetooth ID) detected by a radiation sensor for Bluetooth signals, which can be collected, summarized and / or processed, for example, for counting cars in traffic, and / or as a basis can be used for marketing information (eg for location-based advertising on smartphones). For example, the first information is a state information acquired and / or created by a means of an entity of the internal network and / or an entity of the internal network. State information is, for example, information about the state of a device for controlling a luminous means, such as, for example, information about one or more control events (eg turn-on, turn-off, power consumption, supply voltage value and / or supply voltage). - - Current value of the bulb) and / or one or more fault events [eg power failure, failure of the bulb).

According to an exemplary embodiment of the third aspect of the invention, initiating and / or controlling the function update of the one or more entities of the first group of entities of the internal network is at least partially dependent on one of an entity of the second group of entities of the external network second information. For example, initiating and / or controlling the function update of the one or more entities of the first group of entities of the internal network occurs at least in part in response to receiving the second information.

For example, the second information is control information for the one or more entities of the first group of entities of the internal network. For example, updating and / or restoring the function of the one or more entities of the first group of entities of the internal network is controlled and / or initiated according to the control information. For example, if the control information includes a control parameter for the one or more entities of the first group of entities of the internal network, then an appropriate recovery and / or update of the

Controls and / or causes control parameters of the one or more entities of the first group of entities of the internal network.

For example, the second information is control information sent from and received by the first server and / or the first server device to the second server and / or the second server device. For example, the second server is arranged to control and / or initiate an update and / or restoration of the function of the one or more entities of the first group of entities of the internal network according to the control information. According to an exemplary embodiment of the method according to the second and third aspects of the invention, the method further comprises transmitting function monitoring information to each entity of the first group of entities of the internal network (eg, by the second server), and receiving one or more function recovery request information from the one one or more entities of the first group of entities of the internal network (eg, by the second server), wherein causing and / or controlling the feature recovery of the one or more entities of the first group of entities of the internal network is at least partially dependent upon the received function recovery request information.

For example, the means of the second server (eg, the second server device) is arranged to send respective performance monitoring information to each entity of the first group of entities of the internal network, and to receive one or more performance recovery request information from the one or more entities of the first group of Initiate and / or control entities of the internal network, wherein causing and / or controlling the functional recovery of the one or more entities of the first group of entities of the internal network at least partially in response to the received function recovery request information.

In the present case, function monitoring information is understood to mean, for example, any information that is suitable for function monitoring of an entity of the first group of entities of the internal network (for example, capable of cooperating with a watchdog functionality of the entity of the first group of entities of the internal network). For example, the format of the function monitoring information is predetermined.

For example, the health monitoring information is contained in one or more data packets. For example, the function monitoring information is in one or more files. For example, the feature monitoring information is part of a message, such as a keep-alive message.

For example, the health monitoring information for each entity of the first group of entities of the internal network is at least partially equal. However, it is also conceivable that the function monitoring information for each entity of the first group of entities of the internal network is at least partially different. In the present case, function recovery request information is to be understood as meaning, for example, any information that is suitable for at least partially triggering and / or controlling the functional recovery of the one or more entities of the first group of entities of the internal network. For example, the format of the function recovery request information is given.

For example, each of the function recovery request information is contained in one or more data packets. For example, each of the function recovery request information is contained in one or more files. For example, each of the function recovery request information is part of a message, e.g. a recovery message.

For example, each of the function recovery request information is generated and sent by each one of the one or more entities of the first group of entities. For example, each function recovery request information includes information about the function (s) to be recovered of the respective entity of the one or more entities of the first group of entities. For example, function recovery request information includes information about the software (eg, the revision level of an operating system and / or program) and / or about the hardware (eg, processor type and / or storage capacity) of the particular entity. For example, the entities of the first group of entities of the internal network each have watchdog functionality. For example, the watchdog functionality for the respective entity monitors whether a health monitoring information (eg, in a specific time period) is received at the respective entity. For example, if no feature monitoring information (eg, in a particular time period) is received at the respective entity, the watchdog functionality causes and / or controls that function recovery request information is generated and sent by the respective entity (eg, sent to the second server). ,

For example, the watchdog functionality includes causing (eg suspecting a malfunction or manipulation of the respective device for controlling a light bulb) to transfer the respective entity to a functional and / or safe state. For example, the watchdog functionality may cause the respective entity and / or a subsystem of that particular entity to be disabled and converted to a functional and / or secure state. For example, the watchdog functionality may cause a primary operating system of the respective entity to be replaced by a secondary operating system (eg, a minimum, guaranteed functional, and normally inactive emergency operating system). For example, a memory of a processor of the particular entity containing the primary operating system could be replaced transparently (eg, on the principle of a double buffer) by another memory of the processor of that particular entity containing the secondary operating system. Subsequently, the secondary operating system could be started (eg by a boot process of the entity, eg the watchdog functionality may include initiating the boot process) and from this functional and / or secure state a function recovery request information may be generated and sent by the respective entity (eg to the entity) second server is sent). , ,

For example, initiating and / or controlling the functional recovery of the one or more entities of the first group of entities of the internal network occurs at least in part in response to the received functional recovery request information. For example, receiving the one or more function recovery request information (e.g., at the second server) triggers the initiation and / or control of functional recovery of the one or more entities of the first group of entities of the internal network. This is advantageous, for example, for enabling central management and restoration of the functions of the entities of the first group of entities of the internal network.

According to an exemplary embodiment of the second and / or third aspect of the invention, functional monitoring information is repeatedly sent to each entity of the first group of entities of the internal network. For example, function monitoring information is sent to each entity of the first group of entities of the internal network at regular and / or irregular intervals. For example, the transmitted health monitoring information is at least partially different. However, it is also conceivable that the transmitted function monitoring information is at least partially the same.

According to an exemplary embodiment of the second and / or third aspect of the invention, initiating and / or controlling the function recovery and / or the function update of the one or more entities of the first group of entities of the internal network comprises sending a function recovery information and / or Function update information (eg, a respective function recovery information and / or a respective function update information) to each of the one or more entities of the first group of entities of the internal network (eg, by the second server). For example, the means of the second server (eg the second server device) is set up to send the function recovery information. , , mation and / or the function update information to execute and / or control each of the one or more entities of the first group of entities of the internal network. For example, each of the function recovery information and / or function update information sent to an entity of the one or more entities of the first group of entities of the internal network is at least partially different from the others to the further entities of the one or more entities of the first group of entities internal network information, and / or feature update information. For example, each entity of the one or more entities of the first group of entities of the internal network are each sent respective functional restoration information (eg, individual function recovery information) and / or respective feature update information (eg, individual feature update information).

For example, the one or more entities of the first set of entities are the entities of the first set of entities whose function (s) are to be restored and / or updated. For example, the one or more entities of the first group of entities are the entities of the first group of entities whose function recovery and / or function update is to be initiated (e.g., by the second server). For example, function recovery information (e.g., a respective function recovery information) is sent to each of the one or more entities of the first group of entities of the internal network from which functional recovery request information was received.

For example, the function recovery information and / or the function update information is contained in one or more (transmitted) data packets. For example, the function recovery information and / or the function update information is in one or more (sent) files - - contain. For example, the function recovery information and / or the function update information is part of a (sent) message.

For example, the function recovery information and / or the function update information is sent over one or more network connections of the internal network.

According to an exemplary embodiment of the second and / or third aspect of the invention, the respective function recovery information comprises a respective function recovery program and / or the respective functional update information comprises a respective function update program.

For example, the function recovery information and / or the function update information for each of the one or more entities of the first group of entities of the internal network includes a function recovery program and / or a function update program, respectively.

For example, each of the function recovery information and / or function update information sent to an entity of the one or more entities of the first group of entities of the internal network is at least partially different from the others to the further entities of the one or more entities of the first group of entities internal network information, and / or feature update information. For example, each of the function recovery information and / or function update information sent to a respective one of the one or more entities of the first group of entities of the internal network includes a respective function recovery program and / or a respective function update program (eg, a function recovery program and / or a function update program) for the respective entity of the one or more entities of the first group of entities of the internal network). , -

For example, the function recovery program and / or the function update program is at least partially different for each of the one or more entities of the first group of entities of the internal network. However, it is also conceivable that the function recovery program and / or the function update program for each of the one or more entities of the first group of entities of the internal network are at least partially identical.

For example, a function recovery program includes program instructions that cause an entity of the first group of entities of the internal network (eg, a device) to recover one or more functions of the entity (eg, to store a program in a memory of the entity and / or to modify one cause the program to be stored in a memory of the entity) when the function recovery program is executed by one or more processors of the entity. For example, the respective function recovery program comprises program instructions that cause the respective entity of the first group of entities of the internal network to function recovery when the function update program is executed by one or more processors of that particular entity.

For example, a function update program includes program instructions that cause an entity of the first group of entities of the internal network (eg, a device) to update one or more functions of the entity (eg, to store a program in a memory of the entity and / or to modify one in one Cause memory of the entity stored program) when the function recovery program is executed by one or more processors of the entity. For example, the respective function update program includes program instructions that cause the respective entity of the first group of entities of the internal network to update functions when the function update program is executed by one or more processors of that particular entity. - -

For example, such a function update program may also link functions of multiple entities of the internal network. For example, environmental information acquired by a sensor connected to a first entity of the internal network may affect (e.g., control) a function of a second entity of the internal network (e.g., a controller of a lighting device). For example, by a first function update program, a corresponding function update of the first entity of the internal network and by a second function update program a corresponding function update of the second entity of the internal network can be initiated.

An example of a function recovery program and / or a function update program is an installation program and / or an update program.

According to an exemplary embodiment of the second and / or third aspect of the invention, the function recovery information for each of the one or more entities of the first group of entities of the internal network includes a function recovery time and / or a recovery period, respectively.

For example, the functional recovery time specifies a time at which the entity from which the functional recovery information is received commences and / or completes the functional recovery (eg, the time at which the recovered function (s) will be activated). For example, the function recovery period specifies a time period for which the entity at which the functional recovery information is received commences and / or completes the functional recovery (eg, the period in which the restored function (s) will be activated). This is advantageous, for example, for centrally managing the time / period of functional recovery. - and / or to be able to control. For example, you can prevent all entities from activating the restored feature (s) at the same time.

For example, the functional recovery time and / or the functional recovery period is at least partially different for each of the one or more entities of the first group of entities of the internal network. For example, the function recovery information provided for the one or more entities of the first group of entities of the internal network each differ at least in part from the function recovery time and / or the function recovery period.

This is advantageous, for example, if the one or more entities of the first group of entities of the internal network are devices for controlling a luminous means in order to prevent the luminous means from being activated all at once (resulting, for example, in a breakdown of the energy supply network of the luminous means and / or the lighting network could lead).

According to an exemplary embodiment of the second and / or third aspect of the invention, the function update information for each of the one or more entities of the first group of entities of the internal network comprises a function update time and / or a function update period, respectively.

For example, the function update timing specifies a time at which the entity at which the function update information is received is the one

Function update starts and / or completes (eg the time when the updated function (s) will be activated). For example, the function update period specifies a time period for which the entity at which the feature update information is received begins and / or completes the feature update (eg, the period in which the updated feature (s) are activated ). This is for example advantageous to the time / period - - to centrally manage and / or control the function update. For example, it can be prevented that all entities simultaneously activate the updated feature (s). For example, the function update time and / or function update period is at least partially different for each of the one or more entities of the first group of entities of the internal network. For example, the function update information provided for the one or more entities of the first group of entities of the internal network each differ at least in part from the function update time and / or the function update period.

This is also advantageous, for example, if the one or more entities of the first group of entities of the internal network are devices for controlling a luminous means in order to prevent the luminous means from being activated all at once (resulting, for example, in a collapse of the energy supply network of the luminous means). or the lighting network).

According to an exemplary embodiment of the first, second and / or third aspect of the invention, the internal network is a closed network (e.g., a private network). For example, a closed network is used exclusively for communicating information between entities of a closed group of entities. For example, only entities of the closed group of entities can communicate information over the closed network. For example, a closed network may be physically and / or logically separate from other networks. An example of a closed network is, for example, a virtual private network (VPN).

For example, the second server is an entity of the closed group of entities. - -

For example, the internal network at least partially includes a machine-to-machine network. For example, the internal network is at least partially a machine-to-machine network. Machine-to-machine (M2M) stands for the automated exchange of information between terminals such as sensors, machines, vending machines, vehicles or containers with each other and / or with a server device, e.g. using the Internet and various access networks such as mobile networks.

For example, the internal network at least partially includes a VPN network.

For example, the internal network at least partially includes the network of outdoor wireless infrastructure (e.g., an outdoor information collection system and / or a lighting system). By external wireless infrastructure is meant, for example, an infrastructure (e.g., a network) for at least partially wireless communication of information (e.g., data) between various entities of one or more systems.

For example, the internal network at least partially includes a wired network such as a PoE network. For example, one or more entities of the internal network are connected to a PoE switch via a PoE network, and the PoE switch is connected to the second server via another network (eg, the Internet and / or a VPN network), for example , For example, the PoE switch is part of an entity of the internal network.

For example, the internal network at least partially includes the network of a lighting system. For example, as described above, the entities of the internal network are part of an illumination system, wherein the entities of the internal network include, for example, one or more devices for controlling a light source and the second server. For example, the devices for controlling a luminous means are at least partially via a line-connected _.

Network such as a PoE network or a PLC network connected to the second server and / or the second server device. This is advantageous, for example, in order to be able to use the same connection (for example the same line and / or the same cable) for supplying power to a device for controlling lighting means and for communicating with this device for controlling a lighting device. It is also conceivable that the devices for controlling a luminous means are at least partially connected via a wireless network to the second server and / or the second server device. For example, the devices for controlling a light source are connected to the second server and / or the second server device via a machine-to-machine network and / or a VPN network. For example, the machine-to-machine network and / or the VPN network extend over one or more wired networks and / or one or more wireless networks. For example, the second server is connected to the first server and / or the first server device. For example, there is no direct connection of the devices for controlling a light source to the one with the first server and / or the first server device. For example, the devices for controlling a light source (e.g., only) via the second server are connected to the one with the first server and / or the first server device.

According to an exemplary embodiment of the first, second and / or third aspects of the invention, one or more of the entities of the internal network comprises one or more communication means arranged to provide an access point of a wireless network (eg, an access point of a Wi-Fi network). Hot spots).

According to an exemplary embodiment of the first, second and / or third aspect of the invention, the external network is an open network (eg, a public network). For example, an open network is used to convey information between entities of an open group of entities. For example - All entities of the open group of entities can join (eg, if they are set up to send and / or receive information over the open network) and provide information over the open network. An example of an open network is, for example, the Internet. For example, one or more servers of the external network are connected to the first server (eg the first server device).

For example, a server of the external network receives the first information and / or the information based on the first information from the first server and, as described above, provides a network portal for accessing the first information and / or the first information based information and / or retrieving the first information and / or information based on the first information by the entities of the first group of entities of the external network. For example, a server of the external network receives the second information from the entity of the second group of entities of the external network, and sends the second information to the first server (e.g., the first server device).

The above-described embodiments and exemplary embodiments of the present invention should also be understood as disclosed in all combinations with each other.

Further advantageous exemplary embodiments of the invention are the following detailed description of some exemplary embodiments of the present invention, in particular in conjunction with the figures refer. However, the figures enclosed with the application are intended only for the purpose of clarification but not for determining the scope of protection of the invention. The accompanying drawings are not necessarily to scale and are merely exemplary of the general concept of the present invention. In particular, features included in the figures should by no means be regarded as a necessary part of the present invention. , ,

1 is a block diagram of an exemplary embodiment of a system according to the third aspect of the invention;

 a block diagram of an exemplary embodiment of a server according to the first aspect of the invention;

 a block diagram of an exemplary embodiment of a server according to the second aspect of the invention;

 FIG. 12 is a flowchart showing steps of an exemplary embodiment of the method according to the first aspect of the invention; FIG. FIG. 12 is a flowchart showing steps of an exemplary embodiment of the method according to the first aspect of the invention; FIG. shows a flowchart with communication steps of an exemplary embodiment of the method according to the first aspect of the invention;

 FIG. 12 is a flowchart showing steps of an exemplary embodiment of the method according to the second aspect of the invention; FIG. and

 shows a flowchart with steps of an exemplary embodiment of the method according to the second aspect of the invention.

Fig. 1 shows a block diagram of an exemplary embodiment of a system 1 according to the third aspect of the invention. The system 1 is divided into 3 zones, which are overwritten in Fig. 1 with zone 1, zone 2 and zone 3. The zones correspond, for example, to different levels of protection. For example, zone 3 has the highest level of protection, zone 2 has the medium level of protection, and zone 1 has the lowest level of protection. - -

Zone 3 of the system 1 comprises servers 10 and entities 11 and 12 of an internal network 13. Server 10 is an entity of the internal network. Server 10 is a second server according to the second and third aspects of the invention. In FIG. 1, the servers 10 and entity 11 and the optional entity 12 are shown by way of example. However, it is conceivable that in addition to the optional entity 12, zone 3 includes one or more other optional entities of the internal network. Further, it is also conceivable that zone 3 of the system 1 comprises only one entity of the internal network (e.g., the only entity of the internal network). For example, zone 3 of system 1 includes all entities of the internal network.

The server 10 and the entities 11 and 12 of the internal network 13 are connected to the internal network 13 and via the internal network 13 via respective network links 14, 15 and 16 of the internal network 13. The network connections 14 and 15 are shown in FIG. 1 by way of example as wireless network connections and the network connection 16 by way of example as a wired network connection. However, it is also conceivable that the network connections 14 and 15 are at least partially wired network connections and / or the network connection 16 at least partially a wireless network connection.

For example, the internal network 13 is a closed network (e.g., a private network). For example, only the server 10 and the entities 11 and 12 of the internal network 13 may communicate (e.g., send and / or receive) information over the internal network 13. For example, information is transmitted encrypted in the internal network (e.g., between the server 10 and / or the entities 11 and 12).

FIG. 1 also shows the optional entities IIa and IIb as well as the optional network 11c and the optional component lld, which are each connected via one of the wireless network connections 17a, 17b, 17c and 17d to entity 11 of the intrinsic network. - - Network 13 are connected. It is conceivable that the entity is connected to further optional entities, components and / or networks (eg 1 to n entities, components and / or networks). For example, the wireless network links 17a, 17b, 17c, and 17d are network links of a local wireless network. For example, the wireless network connections 17a, 17b, 17c, and 17d are protected network connections over a local wireless network (eg, VPN connections).

For example, entity 11 and optional entities IIa and IIb form a group of entities of the internal network, where entity 11 is, for example, a master entity and entities IIa and IIb are, for example, slave entities. For example, the slave entities of such a group are only indirectly connected to the internal network 13 via the master entity of the group (eg via the network connection 17a and / or 17b to the master entity and via the master entity to the internal network 13 connected). For example, the slave entities of such a group may only indirectly send and / or receive information over the internal network 13 via the master entity of the group.

For example, the entity 11 may be connected via the network links 17c to a network 11c other than the internal network, such as a local wireless network (e.g., a mesh network and / or an ad hoc network).

For example, the entity 11 may be connected via the network connection 17d to an external component lld such as a sensor. For example, internal network 13 includes a first network (eg, a wireless network) and a second network (eg, a wired network). For example, the first network is a wireless machine-to-machine network. For example, the second network is a VPN network that is based on a public network such as the Internet. , ,

For example, the internal network 13 is the network of a lighting system. For example, server 10 is a backend server of the lighting system. For example, entity 11 and optional entities IIa, IIb, and 12 are devices for controlling a light bulb that are connected to one or more bulbs. For example, the server 10 is configured to communicate information via the internal network 13 to the entities 11 and 12. For example, the server 10 is arranged to communicate information via the internal network 13 and the entity 11 to the entities IIa and IIb. For example, in zone 3, the server 10 has cryptographic keys necessary for, for example, transmitting information to the entities 11, IIa, IIb, and 12 of the internal network. For example, these cryptographic keys are necessary to convey information (e.g., control information) from the server 10 to the entities 11, 11a, 11b and 12 via the internal network 34. For example, in zone 3, the server 10 may only communicate with the internal network 13 via network connection 16 and with the server 20 via connection 22.

Zone 1 of the system 1 comprises servers 30 and 32 as well as entities 31 and 33 of the external network 34. Illustrated in FIG. 1 are the server 30 and the entity 31 as well as the optional server 32 and the optional entity 33 by way of example. However, it is conceivable that in addition to the optional server 32 and optional entity 33, zone 1 may include one or more other optional servers and / or entities of the external network. Furthermore, it is also conceivable that zone 1 of the system 1 comprises only one entity of the external network. The servers 30 and 32 and the entities 31 and 33 of the external network 34 are interconnected via respective network links 35, 36, 37 and 38 of the external network 34 to the external network 34 and via the external network 34. The network connections 35, 36, 37 and 38 are shown by way of example in FIG. 1 as a wired network connection. However, it is also conceivable that the network connections 35, 36, 37 and 38 are at least partially wireless network connections. , ,

For example, the external network 34 is an open network (e.g., a public network). For example, the servers 30 and 32 as well as the entities 31 and 33 of the external network 34 may communicate (e.g., send and / or receive) information over the external network 34.

For example, the external network 34 includes the Internet. For example, servers 30 and 32 are Internet servers. For example, the entities 31 and 33 are Internet-enabled user devices such as smartphones, computers, notebook computers, and / or tablet computers. For example, servers 30 and 32 are arranged to receive information from the server 20 and to provide access and / or retrieval via the external network 34 by entities of one or more groups of entities of the external network 34 and / or information of entities of one or more groups of entities of the external network 34 via the external network 34 and to send to the server 20. For example, servers 30 and 32 are arranged to provide a network portal as a user interface. For example, servers 30 and 32 are user interface servers (e.g., user interface servers). However, it is also conceivable that servers 20 and 32 are arranged to provide a programming interface (e.g., an API interface). For example, servers 30 and 32 are programming interface servers (e.g., API servers).

Zone 2 of the system 1 comprises a server 20. Server 20 is a first server according to the first and third aspects of the invention. It is conceivable that, in addition to the server 20, zone 2 comprises one or more further first servers.

The server 20 is connected via the connection 22 to the internal network server 10 and via connections 23 and 24 to the servers 30 and 32 of the external network 34. The connections 22, 23 and 24 are each a network connection, for example. For example, connection 22 is a network connection over a closed network (eg, a VPN network) over which only server 10 and server 20 can communicate information. For example, the connection a network connection via a closed network (eg a VPN network) via which only the server 30 and the server 20 can transmit information. For example, connection 24 is a network connection over a closed network (eg, a VPN network) over which only entity 31 and server 20 can communicate information.

For example, in some or all of the connections of the server 20, the server 10, and the servers 30 and 32, optional firewalls 22, 25, and 26 are arranged. These may be, for example, hardware-based and / or software-based firewalls. The firewalls provide additional separation of the zones. For example, in the connections 23 and 24, a firewall 25 is arranged. For example, in connection 22 a firewall 21 is arranged. It is also conceivable that, additionally or alternatively, at least partially diode servers are arranged in these connections. The entities 11 and 12 of the internal network 13 (in zone 3) are, for example, exclusively via the server 10 (in zone 3) and the server 20 (in zone 2) with the servers 30 and 32 and the entities 31 and 33 of the external network 34 (in zone 3). For example, information between the entities 11 and 12 of the internal network 13 and the servers 30 and 32 and the entities 31 and 33 of the external network 34 may be communicated exclusively through the server 10 and the server 20. The server 20 thus provides, for example, an interface between the internal network 13 and the external network 34.

For example, users over the entities of the external network 34 may not communicate directly with the entities of the internal network 13 (eg, the lighting system), but only through the servers 20 with the entities of the internal network. If the internal network 13, as described above by way of example, is the network of a lighting system, control information for the lighting system may be sent to the entities 11 and 12 (eg, via the server 20 and server 10 only (eg, a backend server of the lighting system) - -

Devices for controlling a bulb) are transmitted. Server 20 is, for example, an analysis server (e.g., an analytic server).

In Fig. 1, the server 10 and the server 20 are separated and shown connected only by connection 22. However, it is also conceivable that the server 10 and the server 20 are the same server. For example, the functions of the server 10 and the server 20 in this case may be provided by two virtualized server instances of the same server. Alternatively or additionally, it is also conceivable that the servers 30 and 32 and the server 20 are the same server. For example, the functions of the servers 30 and 32 and the server 20 in this case may be provided by three virtualized server instances of the same server.

For example, servers 10 and 20, entities 11, 12, and internal network 13, as well as network connections 14, 15, 16 form an intelligent outdoor infrastructure, for example, for controlling and managing components of a distributed system such as a lighting system an automation and / or production system (eg an Industrie 4.0 infrastructure). For example, optional entities IIa and IIb are also part of such infrastructure. FIG. 2a shows a block diagram of an exemplary embodiment of the first server 20 according to the first and third aspects of the invention.

Processor 200 is designed in particular as a microprocessor, microcontroller such as microcontroller, digital signal processor (DSP), application-specific integrated circuit (ASIC) or Field Programmable Gate Array (FPGA).

Processor 200 executes program instructions stored in program memory 220 and, for example, stores intermediate results or the like in main memory 210. For example, program memory 220 is a non-volatile memory such as a flash memory, a magnetic memory, an EEPROM memory (electrically erasable programmable read only memory) and / or an optical memory. -

Main memory 210 is for example a volatile or non-volatile memory, in particular a random access memory (RAM) such as a static RAM memory (SRAM), a dynamic RAM memory (DRAM), a ferroelectric RAM memory (FeRAM). and / or a magnetic RAM memory (MRAM).

Program memory 220 is preferably a local volume permanently attached to the server 20. Hard disks permanently connected to the server 20 are, for example, hard disks installed in the server 20. Alternatively, the data carrier can also be, for example, a data carrier which can be connected separably to the server 20, such as a memory stick, a removable data carrier, a portable hard disk, a CD, a DVD and / or a floppy disk.

Program memory 220 stores the operating system of server 20, which is at least partially loaded into main memory 210 when the server 20 is started and executed by the processor 200. In particular, at start-up by the server 20, at least a portion of the kernel of the operating system is loaded into the main memory 210 and executed by the processor 200. The operating system of Server 20 is preferably a Windows, UNIX, Linux, Android, and / or iOS operating system. Preferably, the operating system of the server 20 is different from the operating system of the server 10 in order to make it more difficult to attack the server 20 and the server 10.

Only the operating system allows the use of server 20 for data processing. It manages, for example, resources such as main memory 210 and program memory 220 and network interface 230 as well as optional network interface 240, provides basic functions to other programs through programming interfaces, among other things, and controls the execution of programs.

Furthermore, program instructions 220 store, for example, program instructions which, when the processor 220 executes the program instructions, cause the processor 220 at least to carry out the method according to the first and third aspects of the invention - - partially perform and / or control. For example, a first server program according to the first aspect of the invention is stored in program memory 220.

Processor 200 controls network interface 230 and optional network interface parts 240, with control of network interfaces 230 and 240 being enabled, for example, by a device translator that is part of the kernel of the operating system. Network interfaces 230 and 240 are, for example, each a network card, a network module and / or a modem and are each set up to establish one or more connections of the control device 20 to a network. For example, network interfaces 230 and 240 are each configured to receive information about the network and forward it to processor 200 and / or to receive information from processor 200 and send it over the network. For example, network interface 230 is configured to send information to one or more entities of an external network (eg, one or more of servers / entities 30, 31, 32, and 33 of external network 34) and / or information from one or more To receive entities of the external network (eg from one or more of the server / entities 30, 31, 32 and 33 of the external network 34). For example, network interface 230 is configured to send and / or receive information about connections 23 and 24. For example, optional network interface 240 is configured to send information to one or more entities of an internal network (eg, server 10) and / or to receive information from one or more entities of the internal network (eg, server 10). For example, optional network interface 240 is configured to send and / or receive information over connection 22. However, it is also conceivable that server device 20 comprises only one network interface, which is set up corresponding to network interface 230 and network interface 240. -.

FIG. 2b shows a block diagram of an exemplary embodiment of the second server 10 according to the first and third aspects of the invention. For example, the structure of server 10 corresponds to the structure of server 20. Processor 100 executes program instructions stored in program memory 120 and stores, for example, intermediate results or the like in main memory 110. For example, program memory 120 is a non-volatile memory such as flash memory. Memory, a magnetic memory, an EEPROM memory (electrically erasable programmable read only memory) and / or an optical memory. Main memory 110 is, for example, a volatile or non-volatile memory, in particular a random access memory (RAM) such as a static RAM (SRAM), a dynamic RAM (DRAM), a ferroelectric RAM (FeRAM). and / or a magnetic RAM memory (MRAM). Program memory 120 is preferably a local volume permanently attached to server 10. Hard disks permanently connected to the server 10 are, for example, hard disks which are built into the server 10. Alternatively, the data carrier may also be, for example, a data carrier which can be detachably connected to the server 10, such as a memory stick, a removable data carrier, a portable hard disk, a CD, a DVD and / or a floppy disk.

In program memory 120, the operating system is stored by server 10, which is at least partially loaded into main memory 110 when the server 10 is started and executed by the processor 100. In particular, at start-up by the server 10, at least a portion of the kernel of the operating system is loaded into the main memory 110 and executed by the processor 100. The operating system of Server 10 is preferably a Windows, UNIX, Linux, Android, and / or iOS operating system. Preferably, the operating system of the server 10 is different from the operating system of the server 20 to complicate an attack on the server 10 and the server 20 - -

Only the operating system allows the use of server 10 for data processing. It manages, for example, resources such as main memory 110 and program memory 120 and network interface 130 as well as optional network interface 140, provides basic functions, among other things through programming interfaces, to other programs and controls the execution of programs.

Furthermore, program instructions 120 store, for example, program instructions which, when the processor 120 executes the program instructions, cause the processor 120 to execute and / or control the method according to the first and third aspects of the invention at least in part. For example, a first server program according to the first aspect of the invention is stored in program memory 120.

Processor 100 controls network interface 130 and optional network interfaces 140, with control of network interfaces 130 and 140 being enabled, for example, by a device replay program that is part of the kernel of the operating system. Network interfaces 130 and 140 are, for example, each a network card, a network module and / or a modem and are each set up to establish one or more connections of the control device 10 to a network. For example, network interfaces 130 and 140 are each configured to receive information about the network and forward it to processor 100 and / or to receive information from processor 100 and send it over the network. For example, network interface 130 is configured to send information to one or more other entities of the internal network (eg, one or more of entities 11 and 12 of internal network 13) and / or information from one or more other entities of the external network (eg from one or more of the entities 11 and 12 of the internal network 13). For example, network interface 130 is configured to send and / or receive information over network connection 16. For example, is optional - -

Network interface 140 configured to send information to server 20 and / or receive information from server 20. For example, optional network interface 140 is configured to send and / or receive information over connection 22. However, it is also conceivable that server 10 includes only a network plant interface, which is set up according to the network interface 130 and the network interface 140.

3a shows a flowchart 3 with steps of an exemplary embodiment of the method according to the first aspect of the invention, which are executed and / or controlled by the server 20 according to FIG. 2a. For example, program instructions of a program stored in the program memory 220 executed by the processor 200 cause the server 20 to execute and / or control the steps of the flowchart 3. Hereinafter, the steps of the flowchart 3 will be described by way of example in connection with the system 1 shown in FIG. For example, the steps of flowchart 3 may also be part of an exemplary embodiment of the method according to the third aspect of the invention (e.g., along with the steps of flowcharts 6 and / or 7 described below). In step 300, first information is received at the server 20, wherein the first information originates from one or more entities of the internal network 13.

For example, the first piece of information comes from the entity 11 of the internal network 13. As described above, information is to be understood, for example, as originating from an entity, if the information is at least partially generated by the entity and / or means of the entity, and / or was recorded. For example, the entity 11 and / or entity 11 has at least partially created and / or created the first information. For example, the first information is an environmental information (eg, brightness information) that is at least partially detected by a sensor of the entity 11. However, it is also conceivable that the For example, first information is a state information generated at least in part by the entity 11.

For example, the server 20 receives the first information from server 10 or one of the entities 11, IIa, IIb, and 12 of the internal network 13.

For example, the entity 11 sends the acquired and / or generated first information to the server 10 via the internal network 13 (eg, via the network connections 14 and 16 of the internal network 13). For example, the server 10 receives the first information via the internal network 13 from the entity 11 and sends it via the connection 22 to the server 20. For example, the first information is received in step 300 from the server 10 via the connection 22 at the server 20.

In step 301, the first information or information based on the first information is at least partially related to a first type of information of the first information and / or the information based on the first information to a first group of entities of the external network 34 Server 20 is provided such that the first information and / or based on the first information information is available only through the entities of the first group of entities of the external network 34.

As described above, information should be understood herein to be available, for example, as being obtainable by an entity, if the information at the entity can be obtained. For example, information is available to an entity if the information is receivable, readable, detectable, retrievable, and / or decryptable by the entity.

For example, the information based on the first information is at least partially the result of processing and / or summarizing the first information. - -

As described above, for example, different types of information are each assigned to different groups of entities of the external network 13. For example, only the entities of a group of entities of the external network are authorized to obtain information from the information type associated with the group of entities of the external network. For example, a group of entities of the external network includes all entities of the external network with the authority to obtain information of a particular type of information. For example, authorization information and / or association information are stored in the program memory 220 of the server 20, respectively.

For example, the entity 31 of the external network 34 is entitled to obtain information of the information type of the first information and / or the information based on the first information (eg, environmental information). For example, the entity 31 is an entity of the first group of entities of the external network 34 that are authorized to obtain information of the information type of the first information and / or the information based on the first information (other possible entities of that group of entities of the external Network are not shown). In this case, the first information and / or the information based on the first information is provided in step 301 by the server 20, for example, such that it is available at the entity 31 of the external network 34 (eg by the entity 31 of the external network 34 receivable and / or retrievable). For example, in this case, the first information is sent from server 20 to server 30, which is set up, for example, the first information for accessing and / or retrieving via external network 34 through entity 31 (eg via network connections 35 and 37 of FIG external network 34) and by other entities of the first group of entities of the external network. However, it is also conceivable that the first information and / or the information based on the first information is sent by server 20 (eg directly) to the entity 31 and further entities of this group of entities of the external network. For example, the first information is provided in step 301 such that it is not passed through by the first group of entities of the external - -

Network's various entities of external network 34 (e.g., entity 33 of external network 34).

For example, the entity 33 of the external network 34 is only entitled to obtain information from an information type (e.g., state information) different from the information type of the first information. For example, the entity 33 is an entity of a group of entities of the external network 34 that are authorized to obtain information from an information type different from the information type of the first information (further possible entities of this group of entities of the external network are not shown, for example). If information of such an information type is obtained at the server 20 in step 300, it is provided in step 301, for example, available at the entity 33 of the external network 34 (eg, receivable by the entity 33 of the external network 34) / or is available). For example, in this case, the information is sent to entity 32, which is, for example, set up to provide the information for accessing and / or retrieving via external network 34 through entity 33 (e.g., via network connections 36 and 38 of external network 34). In optional step 302, a second information is received at the server 20, wherein the second information originates from an entity of a second group of entities of the external network 34.

For example, the second information comes from the entity 31 of the external network 34. For example, the second information is at least partially acquired and / or generated by the entity 31. For example, the second information is at least partially a user input captured by the entity 31.

For example, only the entities of the second group of entities of the external network 34 are authorized to communicate information via the server 20 to one or more entities of the internal network 13. For example, entity 31 is , the external network 34, an entity of the second group of entities of the external network 34, which are entitled to transmit information via the server 20 to one or more entities of the internal network 13 (further possible entities of this group of entities of the external network are not shown).

For example, the second information is received at step 302 from the server 30 at the server 20 (e.g., via network connection 23). For example, the external network server 30 is configured to receive the second information from an entity of the second group of entities of the external network and send it to the server 20. However, it is also conceivable that the second information is received by the entity 31 at the server 20 in step 302.

In optional step 303, the second information and / or information based on the second information is provided by the server 20 such that the second information is obtainable only at one or more entities of the internal network 13.

As described above, information should be understood herein to be available, for example, as being obtainable by an entity, if the information at the entity can be obtained. For example, information is available to an entity if the information is receivable, readable, detectable, retrievable, and / or decryptable by the entity. For example, the second information and / or the information based on the second information is provided in step 303 for accessing and / or retrieving by the server 10 of the internal network 34. For example, the second information and / or the information based on the second information is sent in step 303 to the server 10, which is configured to transmit information to the entities 11 and 12 via the internal network 13. For example, the second information and / or the information based on the second information is sent to the server 10 in step 303 only when the server 10 retrieves and / or accesses the second information. - -

For example, the information based on the second information is at least partially the result of processing and / or summarizing the second information. FIG. 3b shows a flow diagram 4 with steps of an exemplary embodiment of the method according to the first aspect of the invention, which are executed and / or controlled by the server 20 according to FIG. 2a. For example, program instructions of a computer program stored in the program memory 220 executed by the processor 200 cause the server 20 to execute and / or control the steps of the flowchart 4. In the following, the steps of the flowchart 4 will be described by way of example in connection with the system 1 shown in FIG. For example, the steps of flowchart 4 may also be part of an exemplary embodiment of the method according to the third aspect of the invention (e.g., along with the steps of flowcharts 6 and / or 7 described below).

In step 400, first information is received at server 20 from server 10 of internal network 13 (e.g., via connection 22). For example, as described above in detail at step 300, the first information comes from the entity 11 of the internal network.

In optional step 401, the first information is processed and / or summarized with further information. In the present case, processing the first information means, for example, the organization, analysis and / or modification of the first information. The organization and / or modification of the first information can be done, for example, by applying a data processing algorithm to the first information. For example, the images can be sent to an observation camera (eg for privacy reasons) with poor resolution, unless certain events occur, such as a stand-alone bag. , -

By combining the first information with a further piece of information, in the present case it should be understood, for example, that the first information and the further information are aggregated, analyzed and / or evaluated. For example, the detection of Bluetooth signals by a radiation sensor for Bluetooth signals, the existence and direction of a device in a circular environment around the radiation sensor can be determined, and by an ultrasonic sensor, the position and structure of the object can be detected. By summarizing this information, it is possible to evaluate whether a pedestrian, a car and / or another vehicle is moving in a certain direction. Other summaries of information may be used, for example, to provide marketing information (such as when a store would like to give discounts to a select number of customers, or to evaluate how many customers are nearby, and how often they have already been there). Also, for example, shocks can be detected and evaluated by comparing them with the position and history of vibration information at other locations to determine whether it is shock from an earthquake or, for example, shock from passing traffic.

In general, summarized and / or processed information usually represent a greater additional value than information acquired by individual sensors. For example, the result of these value-added services can lead to even more complex processes that can subsequently be executed. For example, the flow of information (eg, the flow of information to a passing pedestrian) may be different on a beautiful sunny day than during an earthquake or in bad weather. The response to the sent messages, for example, can be recorded, processed and evaluated again, for example, to be different and more effective when the events occur again. - -

The result of processing and / or summarizing in step 401 is, for example, information based on the first information.

In step 402, the first information and / or the information based on the first information is sent to one or more entities of the external network 34. For example, as described above, only the entities of a first group of entities of the external network 34 are allowed to obtain information of the information type of the first information and / or the information based on the first information. For example, the entity 31 of the external network 34 is entitled to obtain information of the information type of the first information and / or the information based on the first information. For example, in this case, the first information and / or the information based on the first information is sent in step 402 to the entity 30, which is set up, for example, the first information and / or the information based on the first information for accessing and / or or retrieving over the external network 34 by the entity 31 (eg, via the network connections 35 and 37 of the external network 34) and / or to provide further entities of the first group of entities of the external network. For example, the external network server 30 is set up, a network portal for authenticating the entities of the first group of entities of the external network, and for accessing the first information and / or the first information based on the authenticated entities of the first group of entities of the external network. For example, authenticating the entities of the first group of entities includes checking for each of the entities (eg, at least in part, depending on an authentication feature) whether the entity is eligible for information of the information type of the first information and / or the information based on the first information To receive information.

In an optional step 403, second information is received from an entity of the external network 34 at the server 20. For example, the second Information in step 403, as described above in detail at step 302, is received at the server 20 from the server 30 (eg, via network connection 23).

For example, as described above at step 302, only the entities of the second group of entities of the external network 34 are permitted to communicate information via the server 20 to one or more entities of the internal network 13. For example, the entity 31 of the external network 34 is authorized to communicate information via the server 20 to one or more entities of the internal network 13. For example, the external network server 30 is configured to provide a network portal for authenticating the entities of the second group of entities of the external network 34 and for receiving the second information from one of the authenticated entities of the second group of entities of the external network 34. For example, the external network server 30 is further configured to send the second information received from one of the authenticated entities of the second group of entities of the external network to the server 20. For example, authenticating the entities of the second set of entities includes checking for each of the entities (eg, at least in part, depending on an authentication feature) whether the entity is authorized to provide information about the server 20 to one or more entities of the internal network 13 to submit.

In an optional step 404, the second information is processed by the server 20 and / or summarized with further information. In the present case, processing the second information means, for example, the organization, analysis and / or modification of the second information. The organization, analysis and / or modification of the second information can be carried out, for example, by applying a checking algorithm and / or a data processing algorithm to the second information. Summarizing the second information with a further piece of information, the present case For example, it can be understood that the second information and the further information are aggregated and / or evaluated.

The result of processing and / or summarizing in step 405 is, for example, information based on the second information.

In step 405, the second information and / or the information based on the second information is sent to one or more entities of the internal network. For example, in step 405, the second information and / or the information based on the second information is sent to one or more entities of the internal network only if the second of one (eg, authenticated) entity of the second group of entities of the external Network originates.

For example, the second information and / or the information based on the second information is sent in step 405 to the server 10 of the internal network 13, which is configured to communicate information to the entities 11 and 12 via the internal network 13. For example, as described above in detail at step 303, the second information and / or the information based on the second information is not sent to the server 10 until the server 10 has the second information and / or the information based on the second information retrieves and / or accesses it.

FIGS. 4a and 4b show a flowchart 5 with communication steps of an exemplary embodiment of the method according to the first aspect of the invention, which run in the system 1 according to FIG.

In step 500, entity 11 of internal network 13 sends first information to server 10 of internal network 13. For example, the first information is environmental information (eg, brightness information) captured at least partially by a sensor of entity 11. However, it is also conceivable that the first information, for example, an at least partially generated by the entity 11. - -

State information is. For example, the entity 11 sends the acquired and / or generated first information to the server 10 via the internal network 13 (eg, via the network connections 14 and 16 of the internal network 13). In step 501, the first information is sent to server 10 of the internal network 13 received. For example, the server 10 receives the first information in step 501 via the internal network 13 from the entity 11 (e.g., via the network connections 14 and 16 of the internal network 13). In step 502, the first information is sent from entity 10 of internal network 13 to server 20 (e.g., via connection 22).

In step 503, the first information is received at the server 20 (e.g., via connection 22). This corresponds, for example, at least substantially to step 400 described above. For example, the first information is subsequently processed and / or summarized by the server 20.

In step 504, the first information and / or information based on the first information is sent from the server 20 to the entity 30 of the external network 34 (e.g., via connection 23). This corresponds, for example, at least substantially to the above-described step 402.

For example, as described above, only the entities of a first group of entities of the external network 34 are allowed to obtain information of the information type of the first information and / or the information based on the first information. For example, the external network server 30 is set up, a network portal for authenticating the entities of the first group of entities of the external network, and for accessing the first information and / or the first information based on the authenticated entities of the first group of entities of the external network. For example, authenticating the entities of the first group of entities includes checking for each of the entities (eg, at least in part, depending on an authentication feature) whether the entity is eligible for information of the information type of the first information and / or the information based on the first information To receive information. For example, the entity 31 of the external network 34 is entitled to obtain information of the information type of the first information and / or the information based on the first information.

In step 505, the first information and / or the information residing on the first information is received at the entity 30 of the external network 34 (e.g., via connection 23). For example, the first information and / or information based on the first information is subsequently provided by the server 30 via the network portal for accessing and / or retrieving over the external network 34 by (eg authenticated) entities of the first group of entities of the external network ,

In step 506, the entity 31 accesses the first information and / or the information based on the first information (e.g., via the network connections 35 and 37, e.g., via the network portal).

In step 507, the first information and / or the information based on the first information in response to the access to the first information and / or the information based on the first information in step 506 from the server 30 to the first entity 31 of the external Network 34 sent (eg via the network factory connections 35 and 37).

For example, the server 30 first authenticates the entity 31 of the external network 34 and then sends the first information and / or the information based on the first information in response to the access to the first information and / or the information based on the first information Step 506 to the authenticated first entity 31 of the external network 34. In step 508, the first information and / or information based on the first information is received at the entity 31 from the server 30 (eg, via the network connections 35 and 37).

In step 509, second information is sent from entity 31 to server 30 (e.g., via network connections 35 and 37). For example, the second information is at least partially detected and / or generated by the entity 31. For example, the second information is at least partially a user input captured by the entity 31.

For example, the external network server 30 is configured to provide a network portal for authenticating the entities of the second group of entities of the external network and for receiving the second information from one of the authenticated entities of the second group of entities of the external network. For example, authenticating the entities of the second set of entities includes checking for each of the entities (eg, at least in part, depending on an authentication feature) whether the entity is authorized to supply information about the server 20 to one or more entities of the internal network 13 to transfer. For example, only the entities of the second group of entities of the external network 34 are authorized to communicate information via the server 20 to one or more entities of the internal network 13. For example, the entity 31 of the external network 34 is authorized to communicate information about the server 20 to one or more entities of the internal network 13.

For example, the entity 31 of the external network 34 first authenticates itself to the server 30 (eg via the network portal) and then sends the second information to the server 30 of the external network 34 (eg via the network portal). In step 510, the second information is received at the server 30 from the entity 31 (eg, via the network connections 35 and 37).

In step 511, the second information is sent from server 30 to server 20 (e.g., via connection 23).

For example, the external network server 30 is further configured to send the second information received from one of the authenticated entities of the second group of entities of the external network to the server 20. For example, the second information is sent from the server 30 to the server 20 only when entity 31 of the external network 34 has authenticated to the server 30.

In step 512, the second information is received at the server 20 (e.g., via connection 23). This corresponds at least substantially to step 403 described above. For example, the second information is subsequently processed and / or summarized by the server 20.

In step 513, the second information and / or information based on the second information is retrieved by the server 10 from the server 20 (e.g., via connection 22).

In step 514, the second information and / or the information based on the second information is sent from the server 20 to the server 10 in response to the retrieval in step 507 (e.g., via connection 22). This essentially corresponds to the above-described step 405.

In step 515, the second information and / or the information based on the second information is received at the server 10 (eg via connection 22). In step 516, the second information and / or the information based on the second information is sent from the server 10 to the entity 11 (and eg the entity 12) (eg via the network connections 16 and 14). In step 517, the second information and / or information based on the second information is received by entity 11 (eg, via network connections 16 and 14).

5a shows a flowchart 6 with steps of an exemplary embodiment of the method according to the second aspect of the invention, which are executed and / or controlled by the server 10 according to FIG. 2b. For example, program instructions of a computer program stored in the program memory 120 executed by the processor 100 causes the server 10 to execute and / or control the steps of the flowchart 6. Hereinafter, the steps of the flowchart 6 will be described by way of example in connection with the system 1 shown in FIG. For example, the steps of flowchart 6 may also be part of an exemplary embodiment of the method according to the third aspect of the invention (e.g., along with the steps of flowcharts 4 and / or 5 described above).

In a step 600, a function update and / or a functional recovery of one or more entities of a first group of entities of the internal network 13 is initiated and / or controlled. By updating a function of an entity, it should be understood in the present case, for example, that one or more functions of the entity are changed, for example by adding a function to the entity, deactivating a function of the entity, and / or activating a function of the entity. By restoring a function of an entity, it should be understood in the present case, for example, that one or more functions of the entity are transferred to a defined state (eg, the delivery state). For example, updating ren and / or restoring a function of an entity, storing a program in a memory of the entity and / or changing a program stored in a memory of the entity. The first group of entities of the internal network comprises, for example, the entities of the internal network whose function recovery and / or function update can be initiated and / or controlled by the server 10. For example, the entities of the first group of entities of internal network 13 include entities 11, IIa, IIb, and 12 of internal network 13 (other possible entities of the first group of entities of internal network 13 are not shown). The entities of the first group of entities of the internal network 13 are preferably all entities of the internal network other than the server 10.

By causing and / or controlling a functional recovery and / or a functional update of one or more entities of a first group of entities of the internal network 13, for example, it will be understood that the one or more entities of the first group of entities of the internal network will provide function recovery information and / or function update information is provided such that the one or more entities of the first group of entities of the internal network are enabled to restore and / or update the function (s). For example, corresponding function recovery information and / or function update information is sent in step 600 from the server 10 to the one or more entities of the internal network (e.g., via the network connections 14, 15 and 16 of the internal network 13).

For example, the one or more entities of the first group of entities of the internal network are the entities of the first group of entities whose function (s) are to be recovered and / or updated. For example, the one or more entities of the first group of entities are the entities the first group of entities whose function recovery and / or function update is to be initiated and / or controlled by the server 10.

5b shows a flow diagram 7 with steps of an exemplary embodiment of the method according to the second aspect of the invention, which are executed and / or controlled by the server 10 according to FIG. 2b. For example, program instructions of a computer program stored in the program memory 120 executed by the processor 100 cause the server 10 to execute and / or control the steps of the flowchart 7. In the following, the steps of the flow chart 7 will be described by way of example in connection with the system 1 shown in FIG. For example, the steps of flowchart 7 may also be part of an exemplary embodiment of the method according to the third aspect of the invention (e.g., along with the steps of flowcharts 4 and / or 5 described above).

In an optional step 700, respective health monitoring information from server 10 is sent to each entity of a first group of entities of the internal network (e.g., via network connections 14, 15 and 16). As described above, the first group of entities of the internal network comprises, for example, the entities of the internal network whose function recovery and / or function update can be initiated and / or controlled by the server 10. For example, the entities of the first group of entities of internal network 13 include entities 11, IIa, IIb, and 12 of internal network 13 (other possible entities of the first group of entities of internal network 13 are not shown).

In the present case, a function monitoring information should be understood to mean, for example, any information that is suitable for function monitoring of an entity of the first group of entities of the internal network (eg suitable with a watchdog functionality of the entity of the first group of entities of the internal group). network). For example, the format of the function monitoring information is predetermined.

For example, the respective health monitoring information for each entity of the first group of entities of the internal network is at least partially equal. However, it is also conceivable that the respective function monitoring information for each entity of the first group of entities of the internal network is at least partially different. For example, the entities 11, IIa, IIb, and 12 of the first group of entities of the internal network each have watchdog functionality. For example, the watchdog functionality for each entity monitors whether feature monitoring information (e.g., in a particular time period) is being received at the respective entity. For example, if no feature monitoring information (e.g., in a particular time period) is received at the respective entity, the watchdog functionality causes and / or controls that function recovery position request information is sent from the respective entity to the server 10. For example, function monitoring information is sent to each entity of the first group of entities of the internal network at regular and / or irregular intervals.

In an optional step 701, one or more function recovery request information from one or more entities of the first group of entities of the internal network 13 is received at the server 10. For example, in step 701, function recovery request information is received from entities 11 and 12 of the first group of entities of internal network 13 (eg, via network connections 14 and 16, and 15 and 16). As described above, functional recovery request information is understood here to mean, for example, any information that is suitable for triggering and / or controlling the functional recovery of the one or more entities of the first group of entities of the internal network 13, at least in part. For example, the format of the function recovery position request information is given.

For example, each of the function recovery request information is generated and sent by each one of the one or more entities of the first group of entities.

In a step 702, respective function recovery information is sent to each entity of the one or more entities of the first group of entities of the internal network 13. For example, sending the respective function recovery information to the entity of the one or more entities of the first group of entities of the internal network 13 is at least partially responsive to the one or more function recovery request information received in step 701. For example, respective function recovery information is sent to each of the one or more entities of the first group of entities of the internal network 13, from which function recovery request information was received in step 701.

For example, the respective function recovery information for the respective entity of the one or more entities of the first group of entities of the internal network includes a function recovery program with program instructions that cause the respective entity of the first group of entities of the internal network 13 to recover one or more functions of the entity (eg, cause a program to be stored in a memory of the entity and / or to modify a program stored in a memory of the entity) when the function recovery program is executed by one or more processors of the respective entity. An example for A feature recovery program is an installer and / or an update program.

For example, the respective function recovery information for the respective entity of the one or more entities of the first group of entities of the internal network 13 includes a function recovery time and / or a function recovery period.

For example, the functional recovery time specifies a time at which the respective entity will begin and / or complete functional recovery (e.g., the time at which the recovered function (s) will be activated). For example, the functional recovery period specifies a time period for the entity to begin and / or complete the functional recovery (e.g., the period in which the recovered function (s) will be activated).

For example, the functional recovery time and / or the functional recovery period is at least partially different for each of the one or more entities of the first group of entities of the internal network.

For example, in step 702, a first function recovery information having a first function recovery time is sent to the entity 11 of the internal network (eg, via the network connections 16 and 14), and a second function recovery information is sent to the entity 12 of the internal network with a second one of the first different recovery times sent (eg via the network connections 16 and 15).

Modern cities are growing very fast and for the first time more than 5 billion people live in cities. Therefore, the demand for infrastructure measures is growing rapidly and the competition between cities is increasing. For example, the collection of data is necessary for these measures. This capture is outdoors According to the prior art very complex and complicated, for example, because there is no reliable infrastructure for the DC-powered sensors. For example, in the prior art batteries and solar panels must be installed on the light poles to operate various sensors. For example, these sensors generate data that is unsecured and not encrypted. Other state-of-the-art solutions are offered as Internet-enabled solutions. The generated and / or recorded data of the different solutions are also scattered and, for example, do not flow into a central database of the customer. The individual solutions known in the prior art for the detection of sensor data are also constructed, for example, independently of each other, so that customers have to deal with many different interfaces. In the outdoor sector, the state of the art also lacks, for example, a secure and easy-to-use infrastructure for DC-based sensors, devices and as a communication hub for many smartphones and tablets and intelligent cars. However, the security of a possible infrastructure, which is based on a variety of sensors and devices in the outdoor area, but requires some security. The failure of such an infrastructure would mean the failure of all related services. Therefore, such an infrastructure must not only provide the basic services, but also be protected against failures and attacks and / or be able to recover from failures and attacks (hackers, power and network failure) (recovery). In this regard, the present invention is particularly advantageous because it provides a suitable secure and reliable infrastructure for DC powered luminaires, sensors, devices, APPs, and Web applications that can be used reliably, flexibly, and cost-effectively by many applications.

The present invention enables the provision of an outdoor infrastructure for light, sensors, APPs, traffic and cloud services in smart cities (outdoor wireless infrastructure for lights, sensors, APPs, traffic and cloud services in smart cities). An infrastructure may include, but is not limited to, networked intelligent entities (eg, devices for controlling a light bulb), an internal network (eg, an M2M network of telco such as DT), and one or more Zone 3 servers. For example, the sum of the entities, the internal network, and the one or more servers of Zone 3 provides an intelligent infrastructure. This can include all intelligence in the infrastructure (eg intelligence for LED control, sensor control, streaming for apps, etc.), so that the use of plug & play components such as "stupid" sensors is possible.For example, the present invention, that instead of a complete component (eg a complete luminaire), for example, a "none-finished component" (none-finished component) can be connected to the infrastructure.

In the infrastructure, the entities of the internal network can be grouped. For example, a master has 3G or LTE or 2G ... connection. Others are connected to Master. There are 1-n sensors per entity of the internal network, which are controlled by the respective entity. Here can also be a connection to an external network (e.g., a meshed network). An example of this would be "failure networks." In emergencies, the entities of the internal network, for example, become part of another network (eg, if 3G / networks and / or power should fail.) An outdoor lighting system on a smart building usually also comprises distributed networks Components in buildings based on meshed networks.

For example, a Telco network is 1-n (can also be multiple networks if it is international). For example, the Telco network collects everything and connects to the one or more Zone 3 servers.

The exemplary embodiments of the present invention described in this specification are also to be understood as being disclosed in all combinations with one another. In particular, the description of a feature encompassed by an embodiment should also be present, unless explicitly explained to the contrary should not be so understood that the feature is essential or essential to the operation of the embodiment. The sequence of the method steps described in this specification in the individual flowcharts is not mandatory, alternative sequences of the method steps are conceivable. The method steps can be implemented in various ways, so an implementation in software (by program instructions), hardware, or a combination of both to implement the method steps is conceivable. Terms used in the claims, such as "comprising,""comprising,""including,""containing," and the like, do not exclude other elements or steps. The phrase "at least partially" includes both the "partial" and "full" cases, and the phrase "and / or" shall be understood to disclose both the alternative and the combination, "A and." / or B "means" (A) or (B) or (A and B) ". A plurality of units, persons or the like means several units, persons or the like in the context of this specification. The use of the indefinite article does not exclude a majority. A single device can perform the functions of several units or devices mentioned in the claims. Reference signs indicated in the claims should not be regarded as limitations on the means and steps employed.

Claims

P a n t a n s p r e c h e
A method, comprising:
 Receiving (300, 400) first information, wherein the first information originates from one or more entities (11, 12) of an internal network (13), providing (301) at least the first information and / or information based on the first information partly in accordance with an assignment of an information type of the first information and / or the information based on the first information to a first group of entities (31, 33) of an external network (34) such that the first information and / or on the first Information based information is obtainable only by the entities of the first group of entities (31, 33) of the external network (34).
The method of claim 1, wherein different types of information are each associated at least partially with different groups of entities of the external network (34).
3. The method of claim 1, wherein providing the first information and / or the information based on the first information comprises:
 Transmitting (402) the first information and / or the information based on the first information.
4. The method of claim 1, wherein providing the first information and / or the information based on the first information comprises:
 Summarizing (401) the first information with at least one further information and / or processing (401) the first information, and
Providing the summarized and / or processed information. The method of any one of claims 1 to 4, further comprising:
Receiving (302, 403) second information, the second information originating from an entity of a second group of entities (31, 33) of the external network (34), and
 Providing (303) the second information and / or information based on the second information such that the second information is obtainable only at one or more entities (11, 12) of the internal network (13).
The method of claim 5, wherein the second information and / or the information based on the second information is provided only when the second information originates from an entity of the second group of entities (31, 33) of the external network (34).
Method according to one of claims 5 to 6, wherein the providing of the second information and / or based on the second information information comprises:
 Transmitting (405) the second information and / or the information based on the second information to one or more entities (11, 12) of the internal network (13).
Method according to one of claims 5 to 7, wherein the providing of the second information and / or based on the second information information comprises:
 Summarizing (404) the second information with at least one further information and / or processing (404) the second information, and
Providing the summarized and / or processed information.
Method according to one of claims 5 to 8, wherein the entities of the first group of entities (31, 33) of the external network (34) are at least partially are different from the entities of the second group of entities (31. 33) of the external network (34).
Method according to one of claims 5 to 9, wherein the second information and / or the information based on the second information comprises control information for controlling one or more entities (11, 12) of the internal network (13).
Method according to one of claims 1 to 10, wherein the first information and / or based on the first information information includes environmental information and / or state information.
The method of any one of claims 1 to 11, further comprising:
Causing (600) and / or controlling a functional recovery and / or a functional update of one or more entities of a first group of entities (11, 12) of the internal network (13).
The method of claim 12, further comprising:
 Transmitting (700) function monitoring information to each entity of the first group of entities (11, 12) of the internal network (13),
Receiving a function recovery request information (701) from one or more entities of the first group of entities (11, 12) of the internal network (13), wherein initiating and / or controlling the recovery of the one or more entities of the first group of entities of the internal network at least partially in response to the one or more received function recovery request information.
The method of claim 13, wherein function monitoring information is repeatedly sent to each entity of the first group of entities (11, 12) of the internal network (13). The method of claim 12, wherein initiating and / or controlling feature recovery and / or feature updating of the one or more entities of the first group of entities of the internal network comprises:
 Transmitting (702) function recovery information and / or function update information to each of the one or more entities of the first group of entities (11, 12) of the internal network (13).
The method of claim 15, wherein the respective function recovery information comprises a respective function recovery program and / or the respective function update information comprises a respective update program.
The method of any one of claims 15 to 16, wherein the respective function recovery program comprises program instructions that cause the respective entity of the first group of entities (11, 12) of the internal network (13) to recover if the function update program of one or more a plurality of processors of that respective entity, and / or wherein the respective function update program comprises program instructions that cause the respective entity of the first group of entities of the internal network to update functions when the function update program is executed by one or more processors of that respective entity.
A method according to any one of claims 15 to 17, wherein the function recovery information for each of the one or more entities of the first group of entities (11, 12) of the internal network (13) respectively specifies a function recovery time and / or a function recovery period , and / or wherein the functional update information for each of the one or more entities of the first group of entities of the domestic each time a function update time and / or a function update period specifies.
19. The method according to any one of claims 1 to 18, wherein the internal network (13) is a closed network.
A method according to any one of claims 1 to 19, wherein the external network (34) is an open network.
Computer program comprising:
 Program instructions that cause a device to at least partially execute the method and / or the steps of the method according to one of claims 1 to 20, when the computer program is executed by one or more processors of the device.
System comprising
 one or more servers (10, 20, 30), wherein the servers each comprise one or more means arranged, the method according to one of claims 1 to 20 and / or the steps of the method according to one of claims 1 to 20 in common execute and / or control.
The system of claim 21, wherein the system comprises a first server (20) and a second server (10), wherein the first server (20) comprises one or more means arranged to perform the method of any one of claims 1 to 11 and and / or to carry out and / or to control the steps of the method according to one of claims 1 to 11, and wherein the second server (10) comprises one or more means arranged, the method according to one of claims 12 to 20 and / or execute and / or control the steps of the method according to any one of claims 12 to 20,
EP15728429.0A 2014-09-16 2015-05-20 Device and method for administering a network Pending EP3195552A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
DE102014113336.6A DE102014113336A1 (en) 2014-09-16 2014-09-16 Device and method for managing a network
PCT/EP2015/061131 WO2016041646A1 (en) 2014-09-16 2015-05-20 Device and method for administering a network

Publications (1)

Publication Number Publication Date
EP3195552A1 true EP3195552A1 (en) 2017-07-26

Family

ID=53385582

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15728429.0A Pending EP3195552A1 (en) 2014-09-16 2015-05-20 Device and method for administering a network

Country Status (5)

Country Link
US (1) US20170230462A1 (en)
EP (1) EP3195552A1 (en)
CA (1) CA2961332A1 (en)
DE (1) DE102014113336A1 (en)
WO (1) WO2016041646A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10078658B2 (en) * 2015-07-10 2018-09-18 Whether or Knot LLC Systems and methods for electronic data distribution
DE102016008957B4 (en) * 2016-07-13 2018-01-25 Audi Ag Direct access to bus signals in a motor vehicle
US10317888B2 (en) 2017-03-01 2019-06-11 PLETHORA IloT, S.L. Device and system including multiple devices for supervision and control of machines in industrial installation

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5742762A (en) * 1995-05-19 1998-04-21 Telogy Networks, Inc. Network management gateway
US5958016A (en) * 1997-07-13 1999-09-28 Bell Atlantic Network Services, Inc. Internet-web link for access to intelligent network service control
AU3968201A (en) * 1999-11-03 2001-06-04 Avantcom Network, Inc. Method and apparatus for proprietary data collection and distribution
US8857704B2 (en) * 2012-01-13 2014-10-14 Logic PD, Inc. Methods for embedding device-specific data to enable remote access to real time device data
US9122255B2 (en) * 2012-09-15 2015-09-01 Honeywell International Inc. Remote access gateway configurable control system
DE102014102678B4 (en) 2013-06-13 2016-09-15 Ice Gateway Gmbh Apparatus and method for controlling a light source

Also Published As

Publication number Publication date
WO2016041646A1 (en) 2016-03-24
CA2961332A1 (en) 2016-03-24
DE102014113336A1 (en) 2016-03-17
US20170230462A1 (en) 2017-08-10

Similar Documents

Publication Publication Date Title
Gharaibeh et al. Smart cities: A survey on data management, security, and enabling technologies
US9551781B2 (en) Efficient localization of transmitters within complex electromagnetic environments
Miettinen et al. IoT Sentinel: Automated device-type identification for security enforcement in IoT
US9110101B2 (en) Method and system for packet acquisition, analysis and intrusion detection in field area networks
US9112896B2 (en) Mobile risk assessment
US10119714B2 (en) System and method for remotely controlling IR-enabled appliances via networked device
US20160044035A1 (en) Systems and Apparatuses for a Secure Mobile Cloud Framework for Mobile Computing and Communication
US20160359878A1 (en) Synthetic data for determining health of a network security system
JP6321015B2 (en) Multi-layer authentication method for facilitating communication between smart home devices and cloud-based servers
US10262210B2 (en) Method and system for encrypting network credentials using password provided by remote server to provisioning device
EP3149597B1 (en) Electromagnetic threat detection and mitigation in the internet of things
US9094407B1 (en) Security and rights management in a machine-to-machine messaging system
US8941465B2 (en) System and method for secure entry using door tokens
JP2018519761A (en) HA system including desired scene realization based on user selectable list of addressable home automation (HA) devices and related methods
JP6510977B2 (en) Subscription notification mechanism for distributed state synchronization
US10152864B2 (en) Distributed rules engines for robust sensor networks
EP2976856B1 (en) Sensor nodes with multicast transmissions in lighting sensory network
KR101634295B1 (en) System and method for providing authentication service for iot security
CN104246785A (en) System and method for crowdsourcing of mobile application reputations
KR20170018808A (en) Context specific management in wireless sensor network
Dorsemaine et al. Internet of Things: a definition & taxonomy
Ansari et al. An Internet of things approach for motion detection using Raspberry Pi
US20170093910A1 (en) Dynamic security mechanisms
US10467411B1 (en) System and method for generating a malware identifier
Kanuparthi et al. Hardware and embedded security in the context of internet of things

Legal Events

Date Code Title Description
17P Request for examination filed

Effective date: 20170407

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AV Request for validation of the european patent

Extension state: MA

AX Request for extension of the european patent to:

Extension state: BA ME

DAV Request for validation of the european patent (in any country) (deleted)
DAX Request for extension of the european patent (to any country) (deleted)