WO2023169689A1 - Utilisation améliorée de capteurs minibar - Google Patents

Utilisation améliorée de capteurs minibar Download PDF

Info

Publication number
WO2023169689A1
WO2023169689A1 PCT/EP2022/056369 EP2022056369W WO2023169689A1 WO 2023169689 A1 WO2023169689 A1 WO 2023169689A1 EP 2022056369 W EP2022056369 W EP 2022056369W WO 2023169689 A1 WO2023169689 A1 WO 2023169689A1
Authority
WO
WIPO (PCT)
Prior art keywords
sensor
minibar
key
data
address
Prior art date
Application number
PCT/EP2022/056369
Other languages
English (en)
Inventor
Ulf Landberger
Original Assignee
Dometic Sweden Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dometic Sweden Ab filed Critical Dometic Sweden Ab
Priority to PCT/EP2022/056369 priority Critical patent/WO2023169689A1/fr
Publication of WO2023169689A1 publication Critical patent/WO2023169689A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity

Definitions

  • the present disclosure invention relates to improvements in refrigerators, and mainly of minibars of the type typically provided in hotel rooms, where the guest removes certain items or articles, generally a beverage, at his or her will, and is charged for these with his hotel bill.
  • refrigerators wherein there are stored small bottles of alcoholic beverages, soft drinks and other items or articles, and the hotel guest is provided with a key which enables the hotel guest to remove any item he or she desires, and the guest is charged for such items with his/her hotel bill.
  • a minibar sensor is a device that may for example measure, or detect, some type of input within its physical environment.
  • the input may be any one of a great number of environmental phenomena of the minibar in question and may, e.g., be light, temperature, moisture and pressure.
  • a minibar sensor may additionally, or alternatively, be a device that is operable to sense or otherwise detect the removal of an item from a minibar (and/or addition of an item to the minibar).
  • the minibar sensor converts the detected, or measured, input to an electronic signal.
  • the electronic signal may be converted into human-readable information at the sensor location or transmitted electronically over a network for reading or further processing, e.g. by a processor or processing device, at a distant location.
  • the sensor data may be used by other devices for taking decisions and/or controlling functions of the minibar based on the received sensor data.
  • sensors are used more and more to receive information that otherwise would have been unknown.
  • sensors it may be possible for a user to view a certain type of sensor input and it may furthermore be possible to use the sensor input for subsequent decisions and/or actions.
  • subsequent decisions and/or actions may be controlled based on incorrect assumptions. For example, if a sensor input does not correspond to a real value of a measured parameter, an incorrect function may be controlled instead of the correct function. Alternatively, the correct function may be controlled, but in an incorrect way. Accordingly, incorrect subsequent decisions and/or actions may lead to unnecessary actions and/or damages. This may result in unduly high costs.
  • the present disclosure recognizes the fact that existing minibar systems may be inadequate in that they sometimes do not provide sufficient sensor security.
  • the present disclosure invention therefore addresses the need for improvements in this regard.
  • the inventor of the various aspects and embodiments of this disclosure has realized, after inventive and insightful reasoning, that it has to be possible to verify data that is transmitted between the minibar sensor and the device.
  • the inventor has realized that this may be achieved by using a key, which is shared between the minibar sensor and the device.
  • the key may be used to verify the data integrity of the sensor data transmitted from the minibar sensor.
  • the key may, for example, be an encryption key.
  • a general object of the aspects and embodiments described throughout this disclosure is to provide a way of verifying data integrity of sensor data from a minibar sensor, i.e. a sensor which is used in a minibar system.
  • minibar is used to mean a small-sized refrigerator.
  • a minibar is placed or otherwise positioned in a hotel room containing a selection of drinks which, if consumed, are charged to the occupant's bill.
  • a method for securing communication between the minibar sensor and a device, which is separate and distinct from the minibar sensor.
  • the minibar sensor is used in a minibar system configured to monitor and control functions of at least one (i.e. one or several) minibar.
  • the method comprises receiving, from a control device, an identifier of the minibar sensor and a request for an address of the minibar sensor and a key for the minibar sensor.
  • the identifier of the minibar sensor is to be related to the address and the key for the minibar sensor.
  • the method further comprises generating, as a response to the received request, the key for the minibar sensor.
  • the generated key is to be used for verifying data integrity of sensor data transmitted from the minibar sensor.
  • the method comprises transmitting, to the control device, a message comprising the address of the minibar sensor and the generated key for the sensor.
  • the method further comprises transmitting sensor data to the device.
  • the sensor data is transmitted with a sequence number and a checksum encrypted with the generated key for the sensor.
  • the address of the minibar sensor may be a Media Access Control address (MAC) address and the encrypted checksum may be a keyed-hash message authentication code (HMAC).
  • MAC Media Access Control address
  • HMAC keyed-hash message authentication code
  • the method further comprises storing the generated key for the minibar sensor together with the received identifier of the minibar sensor.
  • the method further comprises receiving, from the control device, a message configuring the minibar sensor to transmit sensor data periodically to the device.
  • the address of the minibar sensor and the key for the minibar sensor are transmitted to the device using Near Field Communication (NFC).
  • NFC Near Field Communication
  • a method for securing communication between a minibar sensor and a device, which is separate and distinct from the minibar sensor.
  • the method comprises transmitting, to the minibar sensor, an identifier of the minibar sensor and a request for an address of the minibar sensor and a key for the minibar sensor.
  • the identifier of the minibar sensor is to be related to the address and the key for the minibar sensor.
  • the method further comprises receiving, from the minibar sensor, a message comprising the address of the minibar sensor and the generated key for the minibar sensor.
  • the method further comprises storing the received key for the minibar sensor together with the received address and the identifier of the minibar sensor.
  • the method further comprises transmitting, to the minibar sensor, a message configuring the minibar sensor to transmit sensor data periodically to the device.
  • the method further comprises receiving sensor data from the minibar sensor.
  • the sensor data is received with a sequence number and a checksum encrypted with the generated key for the minibar sensor.
  • the address of the minibar sensor may be a MAC address and the encrypted checksum may be a HMAC.
  • the address of the minibar sensor and the key for the minibar sensor are received from the minibar sensor using NFC.
  • control device is used in a minibar system configured to monitor and control functions of at least one minibar.
  • the method further comprises transmitting a whitelist message to the device, wherein the whitelist message comprises the identifier for the minibar sensor together with the key for the minibar sensor and the address of the minibar sensor.
  • a minibar sensor for securing communication between the minibar sensor and a device.
  • the device is separate and distinct from the minibar sensor.
  • the minibar sensor is configured to implement or otherwise execute the method according to the first aspect.
  • the minibar sensor is configured to receive, from a control device, an identifier of the minibar sensor and a request for an address of the minibar sensor and a key for the minibar sensor.
  • the identifier of the minibar sensor is to be related to the address and the key for the minibar sensor.
  • the minibar sensor is further configured to generate, as a response to the received request, the key for the minibar sensor.
  • the key is to be used for verifying data integrity of sensor data transmitted from the minibar sensor.
  • the minibar sensor is further configured to transmit, to the control device, a message comprising the address of the minibar sensor and the generated key for the minibar sensor.
  • the minibar sensor is further configured to transmit sensor data to the device.
  • the sensor data is transmitted with a sequence number and a checksum encrypted with the generated key for the minibar sensor.
  • the address of the minibar sensor may be a MAC address and the encrypted checksum may be a HMAC.
  • the minibar sensor is further configured to store the generated key for the minibar sensor together with the received identifier of the minibar sensor.
  • the minibar sensor is further configured to receive, from the control device, a message configuring the sensor to transmit sensor data periodically to the device.
  • the address of the minibar sensor and the key for the minibar sensor are transmitted to the device using NFC.
  • a control device for securing communication between a minibar sensor and a device.
  • the device is separate and distinct from the minibar sensor.
  • the control device is configured to implement or otherwise execute the method according to the second aspect.
  • control device is configured to transmit, to the minibar sensor, an identifier of the minibar sensor and a request for an address of the minibar sensor and a key for the minibar sensor.
  • the identifier of the minibar sensor is to be related to the address and the key for the minibar sensor.
  • the control device is further configured to receive, from the minibar sensor, a message comprising the address of the minibar sensor and the generated key for the minibar sensor.
  • control device is further configured to store the received key for the minibar sensor together with the received address and the identifier of the minibar sensor.
  • control device is further configured to transmit, to the minibar sensor, a message configuring the minibar sensor to transmit sensor data periodically to the device.
  • control device is further configured to receive sensor data from the minibar sensor.
  • the sensor data is received with a sequence number and a checksum encrypted with the generated key for the minibar sensor.
  • the address of the minibar sensor may be a MAC address and the encrypted checksum may be a HMAC.
  • the address of the minibar sensor and the key for the minibar sensor are received from the minibar sensor using NFC.
  • control device is further configured to transmit a whitelist message to the device.
  • the whitelist message comprises the identifier for the minibar sensor together with the key for the minibar sensor and the address of the minibar sensor.
  • the object is addressed by a computer program comprising instructions, which when executed by a processor, causes the processor to perform actions according to any of the methods according to the first and the second aspects.
  • the object is addressed by a carrier comprising the computer program of the fifth aspect, wherein the carrier is one of an electronic signal, an optical signal, an electromagnetic signal, a magnetic signal, an electric signal, a radio signal, a microwave signal, or a computer-readable storage medium.
  • Figure la shows a flowchart of an example method performed by a sensor
  • Figure lb is a signalling diagram according to an embodiment
  • Figure 2a is a schematic drawing illustrating a sensor according to embodiments herein;
  • Figure 2b shows an example of data transmitted from a sensor
  • Figure 3 shows an overview of an exemplary minibar of a minibar system
  • Figure 4 shows a flowchart of an example method performed by a control device
  • FIG. 5 is a schematic drawing illustrating a control device according to embodiments herein.
  • Figure 6 shows a schematic view of a computer system.
  • the disclosure presented herein concerns methods and devices for securing communication between a minibar sensor and a device.
  • the device is separate and distinct from the minibar sensor, i.e. the device is a different device than the minibar sensor and the device may be located at another location than the minibar sensor.
  • the device may be any type of device that may communicate with the minibar sensor. Examples of such devices may be control devices and interacting hubs.
  • the disclosure presented herein concerns a minibar sensor and a method, implemented by the minibar sensor, for securing communication between the sensor and a device.
  • the disclosure presented herein further concerns a control device and a method, implemented by the control device, for securing communication between a minibar sensor and a device.
  • Figure la shows a flowchart of an example method 100 performed by a minibar sensor 200
  • Figure lb is a signalling diagram according to the present disclosure
  • Figure 2 is a schematic drawing illustrating the minibar sensor 200 according to embodiments presented herein.
  • the minibar sensor 200 may be any type of sensor configured to sense, measure and/or detect sensor input data.
  • a minibar sensor 200 may for instance be a device that is operable to sense, measure and/or detect sensor input data such as, e.g., light, temperature, moisture and pressure.
  • a minibar sensor 200 may additionally, or alternatively, be a device that is operable to sense or otherwise detect a removal of an item from a minibar and/or an addition of an item to the minibar.
  • the minibar sensor 200 is configured to perform the method 100 illustrated in Figure la.
  • the minibar sensor 200 may comprise at least one processor 210.
  • the at least one processor 210 may be embodied as software, e.g.
  • the at least one processor 210 may be embodied as a hardware controller. It may be implemented using any suitable, publicly available processor.
  • the at least one processor 210 may be implemented using instructions that enable hardware functionality, for example, by using executable computer program instructions in a general-purpose or special-purpose processor that may be stored on a computer readable storage medium (disk, memory etc.) to be executed by such a processor.
  • the processor 210 may be configured to read instructions from a memory 220 and execute these instructions to secure communication between the minibar sensor 200 and a device 102, 500.
  • the memory 220 may be implemented using any commonly known technology for computer-readable memories such as ROM, RAM, SRAM, DRAM, FLASH, DDR, SDRAM or some other memory technology.
  • the minibar sensor 200 may further comprise at least one transmitter 261 configured to transmit data and/or sensor data to a control device 500 and/or at least one device 102.
  • the minibar sensor 200 may further comprise at least one receiver 262 configured to receive data from the control device 500.
  • the minibar sensor 200 may further comprise a power source 270 such as a battery.
  • the power source 270 may ensure that the processor 210 have enough power to perform the method 100 according to the present disclosure.
  • the minibar sensor 200 may further comprise at least one physical and/or biological sensing unit 280. This at least one unit 280 may be configured to sense, measure and/or detect the input, e.g. a physical parameter, within its physical environment.
  • the minibar sensor 200 may additionally, or alternatively, comprise at least one minibar item sensing unit 290.
  • This at least one unit 290 may be configured to sense or otherwise detect a removal of an item from a minibar and/or an addition of an item to the minibar.
  • said at least one minibar item sensing unit 290 is operable to generate a signal enabling to calculate the removal (or addition) of said removed (or added) article and the processor 210 is operable to process said signal by comparing it with stored data thus determining the removal (or, addition) of said removed (or added) article, e.g. for the purpose of billing.
  • said stored data may be data which is stored locally in memory/-ies of the minibar sensor device 200 or, advantageously, in a separate memory(/-ies) (not shown) of the minibar system.
  • the input sensed, measured or otherwise detected by the minibar sensor 200 may thereafter be forwarded as sensor data 250.
  • the method 100 implemented by the minibar sensor 200 begins with step 110 of receiving, from a control device 500, an identifier of the minibar sensor 200 and a request for an address of the minibar sensor 200 and a key for the sensor 200.
  • the received identifier is an identifier given to the minibar sensor 200 by the control device 500 and may be used to distinguish the minibar sensor 200 from other sensors.
  • the identifier may be a name given by the control device 500 and the identifier may thus, in some embodiments, be a given name.
  • the identifier of the minibar sensor 200 is to be related to the address of the minibar sensor 200 and the key for the minibar sensor 200.
  • the address of the minibar sensor 200 is typically unique and thus represents the sensor identity.
  • the address may be, for example, a Media Access Control (MAC) address.
  • the requested key for the minibar sensor 200 may be an encryption key.
  • the encryption key may be used to encrypt data with.
  • the method 100 continues with step 120 of generating the key for the minibar sensor 200.
  • the generated key is to be used for verifying data integrity of the sensor data transmitted from the minibar sensor 200 and is to be shared between the minibar sensor 200 and the device 102, 500 that is intended to receive data from the minibar sensor 200.
  • verifying the data integrity of the sensor data it may be ensured that the sensor data really is transmitted from the minibar sensor 200 and it may be possible to know exactly from what minibar sensor 200 the information has been received. Additionally, it may be ensured that the sensor data really corresponds to the data it is believed to represent.
  • the key will ensure that information received from the sensor 200 is the same information that was transmitted from the minibar sensor 200.
  • the generated key is a unique key, which is associated with the specific minibar sensor 200 and may only be used with sensor data received from that minibar sensor 200.
  • the generated key may be used for sensor origin authentication.
  • sensor data When sensor data is received from a minibar sensor 200, it may be ensured that the received sensor data can be trusted.
  • Sensor data originating from any minibar sensor 200 that is configured according to the present disclosure may be verified by a receiving device 102, 500 as long as the device 102, 500 is in possession of the generated key. How this may be performed is described in more detail later.
  • the minibar sensor 200 may additionally store the generated key together with the identifier, illustrated as step 130 in Figures la and lb. By storing the generated key together with the identifier, it may be known to the minibar sensor 200 that the stored key is to be used with sensor data transmitted under the specific given identifier.
  • the control device 500 will receive the key, which may be used for verifying the correctness of the sensor data received from the minibar sensor 200.
  • the generated key is linked to the specific minibar sensor 200 and the key may verify the correctness of the data and confirm the source of the data, i.e. that the sensor data really is transmitted from that specific minibar sensor 200.
  • the present disclosure provides a method 100, implemented in a minibar sensor 200, for securing communication between the minibar sensor 200 and a device 102, 500.
  • a unique key is shared between the minibar sensor 200 and the control device 500 such that the correctness of the data received from the minibar sensor 200 may be verified.
  • the sensor data transmitted from the sensor 200 may be used for subsequent actions or decisions, it is important that the used data really is the intended data. Otherwise, subsequent actions or decisions may be performed based on incorrect data and consequently based on incorrect assumptions.
  • the sensor data may be used to control functions such as, for example, ventilation functions, heater functions, minibar climate control functions, light control functions and security alarm functions of a minibar in question.
  • the function may be controlled in an incorrect way. For example, if a security alarm function is controlled based on incorrect data, the security alarm function may not be triggered. When that happens, there is a major risk that damages may occur. This may lead to unnecessary costs, which additionally may be high.
  • the proposed method 100 and minibar sensor 200 ensure secure communication between the minibar sensor 200 and the device 102, 500.
  • the key of the minibar sensor 200 may be exchanged between the minibar sensor 200 and the device 500 using Near Field Communication (NFC).
  • NFC is a set of short-range wireless technologies, typically requiring a separation of 10 cm or less. Due to the short-range, it may be difficult for anyone to undetected eavesdrop and steal the key.
  • sensor data transmitted from the minibar sensor 200 may be transmitted from the minibar sensor 200 using any available wireless technology.
  • all transfer of information is performed over a secure channel.
  • the secure channel may be provided either by proximity through NFC as previously described, or over an encrypted channel such as, for example, Bluetooth Low Energy (BLE) Generic Attribute Profile (GATT).
  • BLE Bluetooth Low Energy
  • GATT Generic Attribute Profile
  • the minibar sensor 200 may protect the key during the transmittal with a pin code.
  • the pin code used for protecting the key may have been received from the control device 500 together with the received request for the key.
  • the pin code used for protecting the key may have been agreed upon between the minibar sensor 200 and the control device 500 at an earlier time.
  • the minibar sensor 200 may receive, from the control device 500 in step 150, a message configuring the minibar sensor 200 to transmit sensor data periodically to the device 500, 102. Accordingly, the minibar sensor 200 may receive a message that configures the minibar sensor 200 to transmit its sensor data with a certain interval.
  • the sensor data comprises the input data that the minibar sensor 200 has detected or measured within the physical environment. Additionally, or alternatively, sensor data comprises the input data that the minibar sensor 200 has sensed or otherwise detected a removal (or addition) of an article from (to) a minibar in question.
  • the sensor data may be transmitted to be received by the control device 500, which configured the minibar sensor 200.
  • the sensor data may be transmitted to be received by device 102, which may be another device than the control device 500. Accordingly, in these embodiments, the control device 500 may configure the minibar sensor 200 to periodically transmit sensor data that may be received by another device 102. The interval at which the sensor 200 may be configured to transmit sensor data may depend on the type of sensor data received from the minibar sensor 200.
  • some data may be valuable to receive often, with an interval of seconds, while other data may not be necessary to receive that often. This data may be enough to receive with an interval of minutes or even hours.
  • advertising intervals not smaller than approximately 5 seconds may be preferred.
  • the method 100 may further comprise step 160 of transmitting sensor data to the device 102, 500.
  • the sensor 200 may be unaware of which device 500, 102 the transmitted sensor data is intended to be transmitted to. In such embodiments, the sensor data may be broadcasted without an address to the intended recipient.
  • the minibar sensor 200 may be aware of which device 500, 102 the sensor data is intended to be transmitted to and in these embodiments, the sensor data may be transmitted exclusively to that device 102, 500.
  • the generated key shared between the minibar sensor 200 and the device 102, 500 may be used in different ways to verify the correctness of the sensor data.
  • the key may be used to encrypt at least a part of the sensor data before the sensor data is transmitted from the minibar sensor 200 to the device 102, 500.
  • the encrypted said at least a part of the sensor data may not necessarily be the data measured by the minibar sensor 200, the encrypted sensor data may be a part of the data that may be used for verification of the transmitted data.
  • the encrypted sensor data may only be decrypted by a device 102, 500 that has access to the corresponding key that the data has been encrypted with. Examples relating to how the generated key may be used to verify the correctness of the sensor data is going to be described with reference to Figure 2b.
  • FIG. 2b illustrates an example of transmitted sensor data 250.
  • the transmitted sensor data 250 may comprise a Protocol Data Unit (PDU) 236 of 2 to 39 bytes.
  • a PDU is a single unit of information transmitted among peer entities of a computer network, here the minibar sensor 200 and the device 102, 500.
  • a PDU is composed of protocolspecific control information and user data.
  • the PDU 236 may comprise a header 242 of 2 bytes, an address of 6 bytes and data 246 of 0 to 31 bytes.
  • the data 246 of the sensor data 250 may comprise, in some embodiments as illustrated in Figure 2b, a checksum 252. In some embodiments, the checksum may be encrypted with the generated and shared key for the minibar sensor 200.
  • a checksum is a sum derived from a block of digital data for detecting errors that may have been introduced during the transmission of the data 250.
  • a device 102, 500 in possession of such key may be able to verify the data integrity of the sensor data 250. Unauthorized reproduction and use of the checksum 252 may accordingly be prevented.
  • an encrypted checksum 252 only the checksum 252 may have to be encrypted with the exchanged key. Not the complete sensor data 250 may have to be encrypted.
  • the encrypted checksum 252 may be, for example, a keyed-hash message authentication code (HMAC).
  • HMAC keyed-hash message authentication code
  • the address of the minibar sensor 200 may be, for example, a MAC address.
  • the sensor data 250 may further comprise a sequence number 254.
  • the sequence number 254 comprised in the sensor data 250 may be a number that increases each time the sensor 200 transmits sensor data 250. By including a sequence number 254 for the sensor data 250, man-in-the-middle attacks may be prevented, or at least reduced. It may not be possible to record and replay previous transmitted data 250 from the minibar sensor 200, as the sequence number 254 in such cases most likely will not correspond to the sequence number expected by the receiving device 102, 500.
  • the sequence number 254 may additionally be encrypted with the generated key for the sensor 200.
  • the transmitted sensor data 250 may comprise one or more sets of data 256. What kind of data that is comprised within the at least one set of data 256 depends on the type of minibar sensor 200.
  • the data may comprise, for example, temperature data, humidity data, barometric pressure data, light intensity data, air quality data, passive IR data, proximity data, location data, minibar item data, and virtual sensor data deducted from sensor data 250.
  • the proposed minibar sensor 200 and method 100 may be used in any minibar system using sensors, but according to one embodiment, the proposed minibar sensor 200 and method 200 may be used with an actuator.
  • An actuator is a component of a machine or device that is responsible for moving and controlling a mechanism or a system. The actuator may thus be responsible for controlling a function. These actuators may take sensor data as input in order to control the particular function.
  • a minibar system is a system that may use sensor data 250 as input in order to monitor and control a plurality of functions of one or more minibars associated with the minibar system.
  • An overview of an exemplary minibar 300 is illustrated in Figure 3.
  • the minibar 300 has a box-like casing 310 and an interior 320. This box-like casing can be closed by means of a door 310a.
  • the example minibar 300 of Fig. 3 may make use of one or more minibar sensors 200 (not shown in Fig. 3). For example, some of the minibar sensors 200 may be based on the principle of load detection.
  • the minibar 300 may be equipped with one or more store areas 330 in the form of shelves resting on minibar sensors 200 in the form of load sensors.
  • the casing 310 advantageously comprises an electronic door lock 340 and electronic door catch 350.
  • the electronic door lock 340 and electronic door catch 350 include a minibar sensor 200 (not shown) to sense whether the door 310 is presently closed or open. All necessary electronics is advantageously mounted in a separate compartment on a rear side of the box-like casing 310 to operably connect the minibar 300 to the overall minibar system.
  • the minibar system may take sensor data 250 as input for controlling various functions of the one or several minibars 300 of the minibar system, it is important that the functions are controlled by the correct input. It is important that received sensor data 250 corresponds to the value which it is believed to represent and it is important that is received from the particular minibar sensor 200 from which it is believed to be received. Furthermore, as the minibar system may receive a plurality of sensor data 250, directly from the minibar sensor 200 or via an interacting hub, it is also important that the received sensor data 250 is not mixed up with any other sensor data. Accordingly, a minibar system may be advantageous to use together with the proposed minibar sensor 200 and method 100.
  • Figure 4 shows a flowchart of an example method 400 performed by the control device 500.
  • Figure 5 is a schematic drawing illustrating the control device 500 according to embodiments presented herein.
  • the control device 500 may be any type of device configured to communicate with a minibar sensor 200 and configured to perform the method 400 illustrated in Figure 4.
  • the control device 500 is the device that begins and controls the sharing of the sensor key.
  • the control device 500 may , e.g., be a terminal such as a mobile phone or tablet, which may comprise an application, or app, used for the method 400.
  • the control device 500 may comprise a graphical user interface 530.
  • the graphical user interface 530 may make it easier for a user to interact with the control device 500.
  • the graphical user interface 530 may be used by a user using the control device 500 to monitor the disclosed method 400.
  • the control device 500 may comprise at least one processor 510.
  • the at least one processor 510 may be embodied as software, e.g. in a cloud-based solution, or the at least one processor 510 may be embodied as a hardware controller. It may be implemented using any suitable, publicly available processor or Programmable Logic Circuit (PLC).
  • PLC Programmable Logic Circuit
  • the at least one processor 510 may be implemented using instructions that enable hardware functionality, for example, by using executable computer program instructions in a general-purpose or special-purpose processor that may be stored on a computer readable storage medium (disk, memory etc.) to be executed by such a processor.
  • the processor 510 may be configured to read instructions from a memory 520 and execute these instructions to secure communication between the control device 500 and a sensor 200.
  • the memory 520 may be implemented using any commonly known technology for computer-readable memories such as ROM, RAM, SRAM, DRAM, FLASH, DDR, SDRAM or some other memory technology.
  • the control device 500 may further comprise at least one transmitter 551 configured to transmit data to the sensor 200 and/or at least one device 102.
  • the control device 500 may further comprise at least one receiver 552 configured to receive data from the sensor 200.
  • the control device 500 may further comprise a power source 570 such as a battery. The power source 570 may ensure that the control device 500 may have enough power to perform the method 400.
  • the methods 100 and 400 may be performed using NFC.
  • NFC uses inductive coupling between two nearby loop antennas effectively forming an air-core transformer.
  • the method 400 may thus begin when the control device 500 is placed on, or very close to, the minibar sensor 200.
  • a user of the control device 500 may first choose and activate a sensor installation mode, e.g. the user may start the method 400 through an application of the control device 500 before the control device 500 is placed on, or close to, the minibar sensor 200.
  • the method 400 begins with step 410 of transmitting, to the minibar sensor 200, an identifier of the minibar sensor 200 and a request for an address of the minibar sensor 200 and a key for the minibar sensor 200.
  • the identifier of the minibar sensor 200 is to be related to the address and the key for the minibar sensor 200.
  • the identifier of the minibar sensor 200 may have been chosen by a user of the control device 500 and may thus e.g. be a given name.
  • the user may have named the minibar sensor 200 through an application on the control device 500 and may thus have chosen the identifier to be any name suitable for the minibar sensor 200.
  • control device 500 may have automatically named the minibar sensor 200 based on available information regarding the minibar sensor 200.
  • the method 400 further continues with step 420 of receiving, from the minibar sensor 200, a message comprising the requested address of the minibar sensor 200 and the generated key for the minibar sensor 200.
  • the control device 500 may further be configured to store the received key for the minibar sensor 200 together with the received address and the identifier of the minibar sensor 200, corresponding to step 430 of the method 400. By storing the key with the address and the identifier, it may be ensured that the correct key is used for the sensor data 250 received from the corresponding minibar sensor 200. In some embodiments, the control device 500 may receive sensor data 250 from a plurality of sensors. In such case, it is important that the correct key is related to the correct minibar sensor 200.
  • the method 400 may further comprise step 440 of transmitting, to the minibar sensor 200, a message configuring the minibar sensor 200 to transmit sensor data 250 periodically to the device 500, 102.
  • the control device 500 may transmit a configuration to the minibar sensor 200, which configures the minibar sensor 200 to transmit data with certain intervals.
  • the interval by which the minibar sensor 200 may be configured to transmit the sensor data 250 may be specified, for example, by a user via the control device 500. In other embodiments, the interval may be determined automatically by the control device 500 depending on the type of sensor 200 communicating with the control device 500. For example, it may be more valuable to receive sensor data relating to temperature more often than sensor data 250 relating to a water level.
  • a sensor configured to measure temperature data may be configured to transmit sensor data more often than a water level sensor.
  • the method 400 may further comprise step 460 of receiving sensor data 250 from the sensor 200.
  • the sensor data 250 may be received with a sequence number and a checksum encrypted with the generated key for the sensor 200.
  • the address of the sensor may be a MAC address and the encrypted checksum may be a HMAC.
  • the control device 500 may first have whitelisted the minibar sensor 200 to that device 102.
  • the method 400 may further comprise step 450 of transmitting a whitelist message to the device 102.
  • the whitelist message comprises the identifier for the sensor 200 together with the key for the sensor 200 and the address of the sensor 200.
  • the control device 500 may be configured to communicate to other devices 102 that data received from the specified minibar sensor 200 is approved and may be used for subsequent actions.
  • the device 102 may receive the information needed for verifying the data integrity of the sensor data 250 received from the minibar sensor 200.
  • the device 102 may use the received key to verify the data integrity of data received from a minibar sensor 200 matching the whitelisted given sensor name and address.
  • the device 102 may then be configured to determine independently if the data is the expected data from the minibar sensor 200.
  • the control device 500 may distribute the key and the address of the minibar sensor 200 to the devices 102 that are intended to receive data from the sensor 200.
  • the minibar sensor 200 does not have to exchange its key and address with other devices 102 than the control device 500.
  • the minibar sensor 200 may thus perform the so-called onboarding process once, with one device 500, but may still be possible to exchange data with several devices 102, 500.
  • control device 500 may keep control over which devices 102 that may be allowed to verify and thus use, the data received from the sensor 200.
  • the key may be exchanged using NFC in some embodiments.
  • NFC may be used during the onboarding process
  • the sensor data 250 may be transmitted using any available wireless technology.
  • the device 102 which may receive the whitelist message, may be any device, but in some embodiments, the device 102 may be an interacting hub, or a sensor hub.
  • the interacting hub, or sensor hub may be a device that verifies the integrity of the received sensor data 250 and then forwards it to other devices, which may use the sensor data 250.
  • the interacting hub, or sensor hub may be connected to several sensors 200 at the same time and may distribute, after the control device 500 has provided it with the sensor address, key and name, sensor data 250 between other devices.
  • the proposed control device 500 and method 400 may be used in any system, but according to one preferred embodiment, the control device 500 and method 400 may be used in a minibar system.
  • a minibar system is a system that may take sensor data 250 as input for monitoring and controlling a plurality of functions of at least one minibar.
  • minibar systems may include many functions which may be controlled by the minibar system, it is important that the functions are controlled based on the correct input. It is important that received sensor data 250 corresponds to the value which it is believed to represent and it is important that the received sensor data 250 is received from the particular minibar sensor 200 from which it is believed to be received. Furthermore, it is also important that the received sensor data 250 is not mixed up with any other sensor data. Accordingly, the minibar system may be advantageous to use together with with the proposed control device 500 and method 400.
  • the present disclosure provides methods and devices for securing communication between a minibar sensor 200 and a device 102, 500.
  • a key which may be used to verify data integrity of data received from the minibar sensor 200, it may be assured that the data is the expected data and that the data really is received from the minibar sensor 200.
  • the disclosure presented herein concerns a computer program comprising instructions, which when executed by a processor, causes the processor to perform actions according to any of the methods described with reference to Figures la and lb and Figure 4.
  • the disclosure presented herein concerns a carrier comprising the computer program of the previously described aspect, wherein the carrier is one of an electronic signal, an optical signal, an electromagnetic signal, a magnetic signal, an electric signal, a radio signal, a microwave signal, or a computer-readable storage medium.
  • FIG. 6 is a block diagram illustrating an exemplary computer system 600 in which embodiments of the present invention may be implemented.
  • This example illustrates a computer system 600 such as may be used, in whole, in part, or with various modifications, to provide the functions of the disclosed devices 200, 500.
  • various functions may be controlled by the computer system 600, including, merely by way of example, transmitting a given sensor name and a request for an address and a key of the minibar sensor 200 and receiving the requested address and key.
  • the computer system 600 is shown comprising hardware elements that may be electrically coupled via a bus 690.
  • the hardware elements may include one or more central processing units 610, such as the at least one processor 510, one or more input devices 620 (e.g., a mouse, a keyboard, etc.), and one or more output devices 630 (e.g., a display device, a printer, etc.).
  • the computer system 600 may also include one or more storage device 660.
  • the storage device(s) 660 may be disk drives, optical storage devices, solid- state storage device such as a random-access memory (“RAM”) and/or a read-only memory (“ROM”), which can be programmable, flash-updateable and/or the like.
  • RAM random-access memory
  • ROM read-only memory
  • the computer system 600 may additionally include a computer-readable storage media reader 650, a communications system 660 (e.g., a modem, a network card (wireless or wired), an infrared communication device, BluetoothTM device, cellular communication device, etc.), and a working memory 680, which may include RAM and ROM devices as described above.
  • a processing acceleration unit 670 can include a digital signal processor, a special-purpose processor and/or the like.
  • the computer-readable storage media reader 650 can further be connected to a computer-readable storage medium, together (and, optionally, in combination with the storage device(s) 660) comprehensively representing remote, local, fixed, and/or removable storage devices plus storage media for temporarily and/or more permanently containing computer- readable information.
  • the communications system 660 may permit data to be exchanged with a network, system, computer and/or other component described above.
  • the computer system 600 may also comprise software elements, shown as being currently located within the working memory 680, including an operating system 688 and/or other code 686. It should be appreciated that alternative embodiments of a computer system 600 may have numerous variations from that described above. For example, customized hardware might also be used and/or particular elements might be implemented in hardware, software (including portable software, such as applets), or both. Furthermore, connection to other computing devices such as network input/output and data acquisition devices may also occur.
  • Software of the computer system 600 may include code 686 for implementing any or all of the function of the various elements of the architecture as described herein.
  • software stored on and/or executed by a computer system such as the system 600, can provide the functions of the disclosed system. Methods implementable by software on some of these components have been discussed above in more detail.
  • the present disclosure provides methods, devices, computer programs and carriers for securing communication between a minibar sensor 200 and a device 102, 500. By providing a key, which may be used to verify data integrity of data received from the minibar sensor 200, it may be assured that the data is the expected data and that the data really is received from the sensor 200.
  • the aspect and embodiments described in the present disclosure may be advantageous to use together with minibar systems.
  • references to computer program, instructions, code etc. should be understood to encompass software for a programmable processor or firmware such as, for example, the programmable content of a hardware device whether instructions for a processor, or configuration settings for a fixed-function device, gate array or programmable logic device etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Selective Calling Equipment (AREA)

Abstract

La présente divulgation concerne entre autres un procédé, mis en œuvre par un capteur minibar qui est utilisé dans un système minibar ayant un ou plusieurs minibars (300), pour sécuriser une communication entre le capteur minibar et un dispositif qui est séparé et distinct du capteur minibar. Le procédé comprend la réception, en provenance d'un dispositif de commande, d'un identifiant du capteur minibar et d'une demande d'adresse et de clé du capteur minibar. L'identifiant du capteur minibar doit être associé à l'adresse et à la clé du capteur minibar. Le procédé comprend en outre la génération de la clé du capteur minibar. La clé générée doit être utilisée pour vérifier l'intégrité de données des données de capteur transmises à partir du capteur minibar. Ensuite, le procédé consiste à transmettre, au dispositif de commande, un message comprenant l'adresse et la clé générée pour le capteur minibar.
PCT/EP2022/056369 2022-03-11 2022-03-11 Utilisation améliorée de capteurs minibar WO2023169689A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2022/056369 WO2023169689A1 (fr) 2022-03-11 2022-03-11 Utilisation améliorée de capteurs minibar

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2022/056369 WO2023169689A1 (fr) 2022-03-11 2022-03-11 Utilisation améliorée de capteurs minibar

Publications (1)

Publication Number Publication Date
WO2023169689A1 true WO2023169689A1 (fr) 2023-09-14

Family

ID=81326491

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2022/056369 WO2023169689A1 (fr) 2022-03-11 2022-03-11 Utilisation améliorée de capteurs minibar

Country Status (1)

Country Link
WO (1) WO2023169689A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180191687A1 (en) * 2016-12-31 2018-07-05 Intel Corporation Secure communications for sensor data
US20200313871A1 (en) * 2019-03-25 2020-10-01 Micron Technology, Inc. Secure sensor communication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180191687A1 (en) * 2016-12-31 2018-07-05 Intel Corporation Secure communications for sensor data
US20200313871A1 (en) * 2019-03-25 2020-10-01 Micron Technology, Inc. Secure sensor communication

Similar Documents

Publication Publication Date Title
CN109844822B (zh) 用于车辆的被动进入/被动启动系统以及方法
US11242031B2 (en) Method and apparatus for authenticating vehicle smart key
EP3410410A1 (fr) Contrôle d'accès à un système de casier
EP3496054B1 (fr) Contrôle d 'accès sans interruption sécurisé
EP3223452B1 (fr) Procédé et appareil pour fournir un service sur la base d'identifiant d'équipement utilisateur
CN114501363A (zh) 用于车辆的被动进入/被动启动系统以及方法
US10581601B2 (en) Secure wireless communication device and method
US10343649B2 (en) Wireless key system and method
US20160353305A1 (en) Internet of things (iot) automotive device, system, and method
WO2018075427A1 (fr) Système de l'internet des objets (iot) et procédé de sélection d'un canal de communication secondaire
US20150102906A1 (en) Systems and methods for controlling a locking mechanism using a portable electronic device
CN107431645A (zh) 用于自动无线网络认证的系统和方法
JP2017522754A (ja) 電子アクセス制御デバイス及びアクセス制御方法
WO2016130199A1 (fr) Utilisation d'éléments sécurisés pour authentifier des dispositifs dans une communication point à point
CN102882678B (zh) 一种非接触式烧写种子的方法及系统
US10841118B2 (en) Automatic pairing method and server
CN107430499B (zh) 在IoT系统中精确地感测用户位置的系统和方法
US20230362649A1 (en) Devices and Methods for Securing Communication Between a Sensor and a Device
US20220408263A1 (en) Access control system and method
CN109716808A (zh) 网络访问控制
KR101677249B1 (ko) 사용자 토큰을 이용하여 사물 인터넷 장치를 제어하기 위한 보안 처리 장치 및 방법
WO2023169689A1 (fr) Utilisation améliorée de capteurs minibar
US20210392120A1 (en) Secure device coupling
US20180213370A1 (en) Electronic access control applying an intermediate
WO2022031699A1 (fr) Synchronisation de réponse chiffrée pour détection de présence

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22714395

Country of ref document: EP

Kind code of ref document: A1