Method and .Arrangement for Controlling a Remote Device with the aid of a Terminal Device under the Supervision of a Central Unit
The present invention relates to a data-transfer method according to the preamble of Claims 1 and 9.
The invention also relates to a data-transfer system accordmg to the preamble of Claim 20.
Methods of this kind are used are used for controlling remote devices, such as an access- control device, with the aid of a terminal device, such as a mobile station, under the supervision of a central unit.
The term central unit refers to a unit that controls one or several remote devices connected to the central unit, or which receives and processes data coming from remote devices. The term remote device refers to all kinds of devices that perform some function. The function can be, for example, mechanical, electronic, or logical. Thus, the function can be, for example, opening a locking bolt in a door, connecting or measuring a voltage, retrieving data from a database, or recording data in a database. At its simplest, a remote device is a transceiver, which forwards data to other devices.
The state of the art includes systems, which are intended to control remote devices from a central unit and/or transfer data from remote devices to a central unit. The systems can also include several central units. In the systems according to the state of the art, the central units and remote devices are connected with the aid of a data communications network or networks in such a way that data can be transferred between the remote devices and the central units. The data communications networks can be e.g. fixed networks, wireless radio networks or combinations of these. The networks can thus include both fixed and mobile remote devices. The systems according to the state of the art include, for example, access-control systems, monitoring, surveillance, and alarm systems, as well as systems for monitoring the state of health, or the location of a patient, or other person. For example, application publication EP 0 918 428 discloses a monitoring system, which is based on the technology described above. Patent US
6,175,922 discloses a system and method, for example, for making payments or withdrawing money from a bank account. In the system, the customer is identified with the aid of a wireless terminal device in the customer's possession, which contacts an operating device, which is, for example, an automatic cash dispenser. The automatic cash dispenser contacts the central unit, for example, to check the customer's bank account balance or to record a withdrawal. The connection between the terminal device and the operating device is created with the aid of a short-range radio connection or an infrared connection. The data transfer between the operating device and the central unit takes place over a long-range connection, for example, a fixed cable network, or with the aid of long-range radio technology.
The state of the art is described, for example, in publications WO 00/11624 and US 5,748,104.
A drawback of the state of the art is that each operating device must have a data-transfer link to the central unit. In operating devices in which the power supply is not continuous, or which have a limited, intermittent, or uncertain power supply, the power used to maintain the data-transfer link must be minimized. Operating devices of this kind can be in, for example, leisure dwellings, vehicles, containers, warehouse pallets, or trailers. Operating devices to which it is not economically viable to connect to a fixed power network include, for example, parking meters. In practice, the problem is that a data- transfer link, which is implemented with the aid of, for example, a radio or mobile telephone connection, consumes so much power that the operating device requires a relatively powerful and heavy power supply.
The invention is intended to create an entirely new type of method and system for transferring data between a central device, a terminal device, and a remote device, with the aid of which method and system it is possible to resolve the problems of the state of the art described above.
The invention is based on that the system includes a central unit or central units, terminal devices that are connected to the central unit, and remote devices that can be connected to one or several terminal devices when necessary. The term terminal device refers to a
device, from which it is possible to create a data-transfer link both to a central unit and to a remote device. An example of a terminal device is a mobile station, which is arranged to communicate with other devices with the aid of a short-range radio connection. The central unit or central units are thus connected to the terminal devices and, if necessary, a local short-range data-transfer connection is created between the terminal devices and the remote devices. The number of remote devices can be considerably greater than the number of terminal devices. The terminal device B sends a request either to the central unit A or to the remote device C. In the request, the remote device C is requested to perform some operation. If the request is sent to the central unit A, the central unit creates a command on the basis of the request. The command is sent to the terminal device B, from which the command is forwarded to the remote device C. If the terminal device sends the request to the remote device C, the remote device C creates a query on the basis of the request. The query is sent from the remote device C to the terminal device B and is forwarded from there to the central unit A. On the basis of the query, the central unit creates a command and sends the command to the terminal device B, from which the command is forwarded to the remote device C. On the basis of the command, the remote device C performs some specified operation, which can be, for example, opening a door or initiating an alarm. In a preferred embodiment, the queries and commands travelling via the terminal device B are encrypted, so that neither the terminal device nor the possessor of the terminal device can interpret or alter the commands. Thus, the central unit can control the remote device securely, without the system being abused with the aid of the terminal device B.
More specifically, the method according to the invention is characterized by what is stated in the characterizing portion of Claim 1 or 9.
More specifically, the system according to the invention is characterized by what is stated in the characterizing portion of Claim 20.
Considerable advantages are gained with the aid of the invention.
In the system based on the invention, fewer data-transfer links are required than in solutions according to the state of the art. In the system, data-transfer links are required
from the central unit to each terminal device, but not from the central unit to the remote devices. Thus an infinite number of remote devices can be added to the system, without the data communications network between the central units and the terminal devices having to be altered or updated.
In addition, the power consumption of the remote devices is smaller than in wireless solutions according to the state of the art, because the remote devices send data with the aid of only short-range data-transfer technology, such as Bluetooth™ technology (the Bluetooth trademark is the property of Bluetooth SIG, Inc., USA), or infrared technology. Due to the reduced power consumption of the remote devices, the invention also permits systems according to the state of the art to be expanded to include areas and places in which power supply has previously been a problem. Systems accordmg to the state of the art can also be applied in places in which there is no continuous power supply, or the power supply of which is limited, or in which the power supply is uncertain or intermittent. Such places are, for instance, vehicles, trailers, containers, warehouse pallets, railway cars, boats, leisure dwellings, and warehouses and other buildings. In these places, the power supply can be implemented, for example, with the aid of batteries, wind power, and/or solar panels. In that case, however, it is preferable to minimize the power consumption in order to ensure reliability of operation and to reduce maintenance costs.
In addition, the invention permits the cost-effective and economical implementation of numerous applications. With the aid of the invention, many applications can be implemented with lower establishment costs than before. The use of the invention avoids, for example, high cabling costs, which are practically essential in solutions based on the state of the art. Thus private customers too can be provided with services that could previously mainly only be provided to companies, due to their high costs. Such services are, for example, access-control and burglar-alarm services, as well as building management services, with the aid of which it is possible to monitor, control, and/or time operations forming part of the system, with the aid of data networks.
In the case of access-control applications, there is the additional advantage that the remote devices can be placed where they are protected from vandalism and the weather.
In conventional access-control systems, an identification device, such as a card reader, must often be installed in such a way that anyone can have access to it. The invention allows the identification device to be installed in a more protected location, for example, behind a window, because the terminal device is connected to the identification device by, for example, a radio connection. In addition, the identification device can be placed in such a way that unauthorized persons will not notice that there is an access-control and/or alarm system in the building, vehicle, or other device in question.
In the following, the invention is examined with the aid of examples and with reference to the accompanying drawings.
Figure 1 shows a system and method, with the aid of which data can be transferred between a central unit and a remote device.
Figures 2 and 3 show a system and method based on the invention, in which a remote device C is controlled under the supervision of a central unit A, with the aid of a terminal device B.
Figure 4 shows in greater detail how data can be transferred between the terminal device and the central unit.
The systems of Figures 1 - 3 include a central unit A, a terminal device B, which terminal device is connected to the central unit A with the aid of a long-range data- transfer link, i.e., for example, a GSM, GPRS, or UMTS connection, and a remote device C, which remote device is connected to the terminal device B with the aid of a short-range data-transfer link, i.e., for example, a Bluetooth, radio, or infrared connection.
The system of Figure 4 includes a control centre A, a terminal device B, a BSS (Base Station System) D, an MSC/VLR (Mobile Switching Centre/Visitor Location Register) E, a GMSC (Gateway MSC) F, an SMSC (Short Message Service Centre) G, a Gateway server H, a UTRAN (UMTS Terrestrial Radio Access Network) J, an IWU (Interworking Unit) K, an SGSN (Serving GPRS Support Node) L, an HLR (Home
Location Register) M, a GGSN (Gateway GPRS Support Node) N, and a data network P, which connects the central unit A and the Gateway server H, the GMSC F, and the GGSN N. The units BSS D, MSC/VLR E, SMSC G, Gateway server H, GMSC F, and HLR M belong to a network based on GSM technology. The units UTRAN J, IWU K, SGSN L, and GGSN N, in turn belong to a network based on UMTS or GPRS technology. The GMSC F, GGSN N, and the Gateway server H are units, with the aid of which GSM, GPRS, and UMTS networks can communicate with the control centre A over an data network, such as the Internet. The data network P, shown in the figure, can be, for example, the Internet, a local area network, a VPN (Virtual Private Network), or a combination of these. With the aid of the data network, it is possible to create, for example, a TCP/IP or switched data connection.
In the system according to Figure 1, when data is transferred between the central unit A and the remote device C, the units are arranged to perform the following operations:
101)
- The remote device C converts the data to be transferred into an encrypted form. The encryption can be carried out, for example, using the technique of a so-called public and secret encryption key, in which case the remote device C encrypts the data with the aid of its secret encryption key. - The remote device C sends the encrypted data to the terminal device B, for example, with the aid of a Bluetooth connection.
- The terminal device B receives the encrypted data from the remote device C.
- The terminal device B sends the encrypted data to the central unit A, for example, with the aid of GSM, GPRS, or UMTS technology. The data can also be sent, for example, with the aid of a data call, or an SMS short message.
- The central unit A receives the encrypted data.
- The central unit A decrypts the encryption of the received data. If the public and secret key encryption techmque is used, the central unit A carries out the decryption using the public encryption key, which key is a pair of the secret key of the remote device C.
102)
- The central unit A converts the data to be sent into an encrypted form. The encryption can be carried out, for example, using the technique of a so-called public and secret
encryption key, in which case the central unit A encrypts the data with the aid of its secret encryption key.
- The central unit A sends the encrypted data to the terminal device B, for example, with the aid of GSM, GPRS, or UMTS technology. The data can also be sent, for example, with the aid a data call, or an SMS short message.
- The terminal device B receives the encrypted data from the central unit A.
- The terminal device B sends the encrypted data to the remote device C, for example, with the aid of a Bluetooth connection.
- The remote device C receives the encrypted data. - The remote device C decrypts the encryption of the received data. If the public and secret key encryption technique is used, the remote device C carries out the decryption using the public encryption key, which key is a pair of the secret key of the central unit A.
In the system according to Figure 2, when the remote device C is being controlled using the remote device B under the supervision of the central unit A, the units are arranged to perform the following operations:
201) The terminal device B sends data to the remote device C, for example, with the aid of a Bluetooth connection. The data can include, for example, a request to perform some operation. The terminal device B can, for example, request the remote device C to open a door or a lock, to deactivate some alarm, or to activate, deactivate, or control some device.
202) The remote device C receives the data sent by the terminal device B and prepares on the basis of this a data totality, which is encrypted and sent, in a manner corresponding to Section 101), to the central unit A. The data totality being sent can be, for example, a query, with the aid of which the remote device C checks an access permit or user rights of the terminal device B or of the possessor of the terminal device B.
203) The central unit A receives and decrypts the data sent by the remote device C, in a manner corresponding to Section 101). On the basis of the received data, the
control centre A can make a database retrieval or other check and, if required, send the data to the remote device C, in a manner corresponding to Section 102). For example, the central unit A can reply to a query coming from the remote device. The reply can be, for example, a command to implement a request coming from the terminal device, or a command to initiate an alarm. In connection with the reply to the query, the central unit can record information, for example, for monitoring access control. On the other hand, the system can be set to operate in such a way that the remote device performs some operation or command, if a reply to the query is not received from the central device.
It should be emphasized that, in a preferred embodiment, the mobile station B that sends the data to the remote device C in stage 201, and the mobile station B, with the aid of which the data is transferred in accordance with stages 101 and 102 between the central unit A and the remote device C in stages 202 and 203, is the very same mobile station.
In the system according to Figure 3, when the remote device C is being controlled with the aid of the terminal device B under the supervision of the central unit A, the units are arranged to perform the following operations:
301) The terminal device B sends data to the central unit A, for example, with the aid of GSM, GPRS, or UMTS technology. The data can also be sent, for example, with the aid of a data call or an SMS short message. The data can include, for example, a request to perform some operation. For example, the terminal device B can request the cenfral unit A to open a door or lock located in connection with the remote device C, to deactivate some alarm, or to activate, deactivate, or control some device.
302) The central unit A receives the data sent by the terminal device B and, on the basis of this, prepares a data totality, which is encrypted and sent to the remote device C in a manner corresponding to Section 102). The central unit A can, for example, perform a database retrieval on the basis of the data received from the terminal device B and check the user rights or access permits relating to the terminal device or the possessor of the terminal device. The data sent to the
remote device C can include a command to implement a request coming from the terminal device, or a command to initiate an alarm. In connection with answering a query, the central unit can record data, for example, for monitoring access control.
303) The remote device C receives and decrypts the data sent by the remote device B, in a manner corresponding to Section 102. On the basis of the data received, the remote device can, for example, implement a command sent by the central unit A. If necessary, the remote device C can also send data to the central unit A. The data sent to the central unit can be, for example, an acknowledgement of the reception of data, or of the implementation of a command, or a notification of the terminal device B moving outside the range of the remote device C.
It should be emphasized that, in a preferred embodiment, the mobile station B that sends the data to the central device A in stage 301, and the mobile station B, with the aid of which the data is transferred in accordance with stages 101 and 102 between the central unit A and the remote device C in stages 302 and 303, is the very same mobile station.
Figure 4 shows in greater detail how data can be transferred between the terminal device
B and the central unit A. The figure shows four alternative ways of transferring data.
Alternative 1 :
401) The terminal device B sends, according to Section 101), an SMS short message, containing encrypted data, to the BSS D.
402) The BSS D receives the SMS short message sent by the terminal device B and forwards it to the MSC E.
403) The MSC E receives the SMS short message from the MSC E and forwards it to the SMSC G.
404) The SMSC G receives the short message from the MSC E and forwards it to the gateway server H.
405) The gateway server receives the SMS short message from the SMSC, converts the data of the SMS short message to the form demanded by the data network, and sends the converted data to the cenfral unit A over the data network.
416) The central unit A receives the data from the data network P and decrypts the encryption, according to Section 101).
Alternative 2:
The terminal device B can be connection to the central unit with the aid of a GSM data call. In this case, the system forms a data-call connection between the terminal device B and the central unit A. In order to transfer the data, the following operations are performed in the system:
406) The terminal device B converts the data into an encrypted form and sends it to the BSS D.
407) The BSS D receives the data from the terminal device B and forwards it to the MSC E.
408) The MSC D receives the data from the BSS and forwards it to the GMSC F.
409) The GMSC F receives the data from the MSC D, converts the data into the form demanded by the data network, and sends the converted data to the central unit A over the data network P.
416) The central unit A receives the data from the data network P and decrypts the encryption, according to Section 101).
Alternative 3:
The terminal device B can be connected to the central unit by packet switching, with the aid of a UMTS connection. In order to transfer data, the following operations are then performed in the system:
410) The terminal device B converts the data into an encrypted form and sends it to the UTRAN J.
411) The UTRAN J receives the data from the terminal device B and forwards it to the IWU K, with the aid of the SGSN L.
414) The SGSN L receives the data from the UTRAN J and forwards it to the GGSN
N.
415) The GGSN N receives the data from the SGSN L, converts the data into the form demanded by the data network and sends the converted data to the cenfral unit A over the data network P.
416) The central unit A receives the data from the data network P and decrypts the encryption, according to Section 101).
Alternative 4:
412) The terminal device B converts the data into an encrypted form and sends it to the BSS D.
413) The BSS D receives the data from the terminal device B and forwards it to the SGSN L.
414) The SGSN L receives the data from the BSS D and forwards it to the GGSN N.
415) The GGSN N receives the data from the SGSN L, converts the data in the form demanded by the data network and sends the converted data to the central unit A over the data network P.
416) The central unit A receives the data from the data network P and decrypts the encryption, according to Section 101).
Embodiments of the invention, differing from those disclosed above, can also be envisaged within the scope of the invention.
In addition to the solutions disclosed in Figure 4 and in the related text, the long-range transfer of data between the central unit and the terminal device can also be implemented with the aid of other technologies. The data can be transferred, for example, with the aid of USSD (Unstructured Supplementary Service Data) technology. One versed in the art will be able to implement long-range wireless data transfer between a central unit and a terminal device, on the basis of the examples given in this document, with the aid of, for example, USSD technology.
On the basis of the invention, payment systems can be developed, in which the terminal device is used as a means of payment while the remote device acts as the charging unit. Such an embodiment is advantageous, for example, in car parks, as the payer can pay while sitting in a car. With the aid of a wireless connection, the payer need not even open the window. According to the invention, the data being transferred is encrypted, so that the possessor of the terminal device cannot abuse the system. The aforementioned access-control applications can also be advantageously implemented in car parks.
A payment system can be implemented with the aid of the invention, for example, in such a way that the paying customer uses their mobile station to send a debit authorization, which can include, for example the customer's identifier and/or a single- use password, to the remote device. On the basis of the debit authorization, the remote device forms a debit request, which the remote device sends via the customer's mobile station to a central unit, such as a bank's system, which performs the debit. The central unit can also send notification of the performance of the debit to the remote device, via the customer's mobile station. A payment system can also be implemented, for example, in such a way that the paying customer uses their mobile station to correspondingly send a debit authorization to a central unit, such as a bank's system. Upon reception of the
debit authorization, the central unit performs the debit and sends notification of the debit via the customer's mobile station, for example, to the seller's remote device.
The invention can also be advantageously applied in the sphere of health and medical care. Devices for monitoring vital functions have been in hospitals already for some decades. The devices have for a long time been quite large and heavy, so that the person being monitored has in practice had to remain in a hospital bed. In addition, the transfer of data from the devices has taken place over the hospital's own wired data-transfer network to its own monitoring systems. In addition, for years various kinds of personal safety systems have been available for elderly people. These permit rapid contact to be made through a monitoring system to a service centre, which can send assistance to the person requiring it, for example, in a case of sudden illness. The state of the art also includes devices, which monitor the state of a patient or old person and automatically make an alarm if necessary. The devices are often implemented as bracelets. Such devices are disclose in patents US 5,515,858 and US 5,670,944. A drawback of these devices is that they limit the range of movement of the patient. The device only operate in the area within which the device can contact its central unit, so that the limiting factor becomes the range of the radio contact and the extent of the system's base-station network. In principle, a mobile network could be used as the base-station network, but in that case the device, for example, a bracelet, would become unreasonably large and heavy. The invention allows the coverage area of the monitoring system to be extended, so that the monitoring device or bracelet can be small and light, while the transfer of data between the bracelet and the central unit can take place with the aid of a terminal device. This permits the safety of a patient or old person to be ensured, without restricting their movement. In addition, hospital resources can be saved, as the state of patients can be monitored while they are at home, instead of being in a ward. One advantage of the aforementioned embodiment is the possibility it provides for transferring large amounts of data to health care systems, automatically, comprehensively, and in real time. In addition, the data transfer can be two-way, so that the person's vital functions can be actively affected, for example, from a hospital's measurement and control systems. It is also possible to envisage that the data can be processed simultaneously in several control systems, so that several systems participate in the monitoring of the person. With the increase in the speed of data networks, it is
even possible for certain specialized measurement and control functions to be carried out in other countries, so that patients, whom it is at present impossible to monitor and treat at all in Finland, could even be treated in their own locality. A corresponding embodiment can also be used for the surveillance of convicted criminals, without unreasonably restricting the life of the convict. Prisoners granted leave can, for example, be required not to leave a locality. This can be checked by means of a light bracelet, which the prisoner cannot detach without damaging the bracelet. A function can also be added to the bracelet, which warns the wearer of the bracelet with, for example, a sound alarm, if the bracelet cannot contact the terminal device.
One variation of the invention could be its application to the short-term internal pharmaceutical treatment of a person. In that case, for example, the pharmaceutical taken internally by the person could include extremely small dosing and measurement devices, which are connected to the hospital prescribing the pharmaceutical treatment, via a terminal device. At the same time, devices measuring the body's blood pressure and heart rate can report the person's real-time state to the hospital's system. Thus the blood pressure and heart rate can be adjusted rapidly, by giving commands from the hospital's control system to alter the dosage of the pharmaceutical in the blood. The embodiment can also be implemented in such a way that the patient themselves can dose the pharmaceutical, within limits monitored by the system.
With the aid of the invention, anti-theft systems can be extended to include smaller valuables. For example, a small remote device can be installed in paintings, home electronics, or furniture, which is in contact with a terminal device located in the apartment. If the valuable is moved outside the range of the terminal device, the terminal device and/or the remote device will imtiate an alarm, or other anti-theft measure. On the other hand, the system can also be implemented in such a way that the remote device in the valuable will initiate an alarm, if the remote device detects that it is being moved and the remote device does not have a connection with an authorized terminal device. In other words, only a person who has an authorized terminal device with them can move the valuable without initiating an alarm.
The method can also be applied in such a way that the remote device can, at the request
of the central unit, advise a person carrying a terminal device how to reach it, within the limitations of its range. This is advantageous, especially in large warehouses. In addition, the user can also obtain, for example, information on the object from the terminal device. Thus, the user can see at once next to the object, who has moved the object and when. For example, if the object has been damaged, this information may be very important.
The term data-transfer link refers to an arrangement, with the aid of which it is possible to transfer data between two units. A data-transfer link can be implemented, for example, with the aid of radio technology, copper-cable technology, optical-fibre technology, infrared technology, internet technology, some other technology, or a combination of the aforesaid technologies. The data-transfer link can be a fixed connection, a circuit-switched and dial-up connection, or a packet-switched connection. The data-transfer link can also be such that a connection is not always available, due, for example, to overloading or congestion.
Encryption can also be implemented using encryption methods that are not disclosed in the examples.
In the embodiments of the invention, there may be one or several central units while the central units can operate independently, in co-operation with other units, or under the control of some other unit.
The transfer of data from the remote device to the central unit via the terminal device can be termed a transparent transfer. Thus, the terminal device transfers the data it receives from the remote device, or correspondingly from the central unit, transparently to the central unit, or correspondingly to the remote device.
The concepts 'long range' and 'short range' must be understood in relation to each other. Conventionally, the term short range refers to a range of at most about 10 m, 100 m, or
200 m, depending on the technology and environment. Examples of short-range wireless technologies are infrared technology and Bluetooth technology. Short-range wireless data transfer technology is used, for example, in local area networks, in pico networks,
in data transfer between wireless terminal devices, and in remote controllers. The term long range refers to a wider range such as a range of kilometres and even hundreds, or even thousands of kilometres. Examples of long-range wireless technologies are mobile telephone technology and paging technologies. The range of long-range wireless data transfer technology is considerably wider than the range of short-range wireless data fransfer technology.
The device referred to in the examples can be, for example, an alarm system, a car or part of it, a door, a lock, an access-control device or system, a lighting device, a signboard device, a display device such as a liquid crystal display, a dosing device, a beverage or product dispenser, a sound-reproduction device, or a ticket- vending machine.