WO2024094796A1 - Système de communication pour installation d'entrepôt - Google Patents

Système de communication pour installation d'entrepôt Download PDF

Info

Publication number
WO2024094796A1
WO2024094796A1 PCT/EP2023/080564 EP2023080564W WO2024094796A1 WO 2024094796 A1 WO2024094796 A1 WO 2024094796A1 EP 2023080564 W EP2023080564 W EP 2023080564W WO 2024094796 A1 WO2024094796 A1 WO 2024094796A1
Authority
WO
WIPO (PCT)
Prior art keywords
load handling
handling device
wireless communications
communications network
bot
Prior art date
Application number
PCT/EP2023/080564
Other languages
English (en)
Inventor
Parth AMIN
Mohsin SHEIKH
Andy HOWARD
Amy Paula STEPHENS
Nick MARLEY
David Wood
Andrew FEATHERSTONE
Paulo Filipe DOURADO
Original Assignee
Ocado Innovation Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ocado Innovation Limited filed Critical Ocado Innovation Limited
Publication of WO2024094796A1 publication Critical patent/WO2024094796A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B65CONVEYING; PACKING; STORING; HANDLING THIN OR FILAMENTARY MATERIAL
    • B65GTRANSPORT OR STORAGE DEVICES, e.g. CONVEYORS FOR LOADING OR TIPPING, SHOP CONVEYOR SYSTEMS OR PNEUMATIC TUBE CONVEYORS
    • B65G1/00Storing articles, individually or in orderly arrangement, in warehouses or magazines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/087Inventory or stock management, e.g. order filling, procurement or balancing against orders
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/11Arrangements specific to free-space transmission, i.e. transmission through air or vacuum
    • H04B10/114Indoor or close-range type systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B65CONVEYING; PACKING; STORING; HANDLING THIN OR FILAMENTARY MATERIAL
    • B65GTRANSPORT OR STORAGE DEVICES, e.g. CONVEYORS FOR LOADING OR TIPPING, SHOP CONVEYOR SYSTEMS OR PNEUMATIC TUBE CONVEYORS
    • B65G1/00Storing articles, individually or in orderly arrangement, in warehouses or magazines
    • B65G1/02Storage devices
    • B65G1/04Storage devices mechanical
    • B65G1/0464Storage devices mechanical with access from above

Definitions

  • the disclosure relates to a communications system, and in particular to a communications system for use with robots in a warehouse facility.
  • Grid-based automatic storage and retrieval systems are well known in the art.
  • a plurality of robotic load handlers operate on a horizontal grid structure, underneath which is received a plurality of containers, arranged in a plurality of stacks.
  • the containers are used to hold products and the load handlers are adapted to retrieve containers from one of the plurality of stacks and to deposit a container within one of the stacks.
  • the load handlers may be routed in an autonomous manner (or a semi- autonomous manner) on the grid but a wireless communications system is required to transmit instructions to load handlers and to enable each of the load handlers to communicate with a management system.
  • the claimed apparatus, methods, systems and computer programs are intended to provide improvements relating to communications systems for use in an automated retrieval and storage system which uses a fleet of robotic load handlers.
  • a storage system for a warehouse facility comprising, the storage system comprising: a central computing device; a communication system; and at least one load handling device configured to move around a grid within the warehouse facility and perform operations, wherein the communication system comprises a first wireless communications network and a second wireless communications network such that: the first wireless communications network comprises one or more base stations configured such that communications messages can be transmitted between the central computing device and one or more of the plurality of load handling devices; and the second wireless communications network comprises one or more free space optical point to point wireless communications links, wherein the or each free space optical point to point wireless communications link comprises an optical point to point transceiver, wherein the or each transceiver is configured so that a connection can be formed via the second wireless communications network with a load handling device positioned in a respective predetermined grid location.
  • the or each predetermined grid location may correspond to a charging location for a load handling device.
  • the use of a second communications network enables the first communications network to be used to send communications between the central computing device and the bots operating on the grid of the storage systems.
  • a second wireless communications network for other purposes, such as providing software updates to bots, downloading log files from bots, etc, the second network can be used without consuming resources from the first network, which could affect the transmission of messages to and from the bots.
  • point to point communications links for the second network then a further layer of security is provided as a bot has to be physically located such that it can communicate with the second network.
  • the charging locations are grid locations in which a bot is likely to spend a reasonable period of time (a few tens of minutes), making it an appropriate location at which a software update can be performed.
  • the use of an optical point to point communications link prevents any contention with the frequency bands used for the first network.
  • a request to connect to the central computing device via the second wireless communications network may only be allowed if the load handling device is connected to the central computing device via the first wireless communications network.
  • a load handling device is only able to connect to the to the computing device via the first wireless communications network if the load handling device presents a first cryptographic key. Limiting access to the second network to a bot that is already connected to the first network provides a further layer of security.
  • the storage system may comprise: a first set of parallel tracks extending in an X- direction, and a second set of parallel tracks extending in a Y-direction transverse to the first set in a substantially horizontal plane to form a grid pattern comprising a plurality of grid spaces; a plurality of stacks of storage containers located beneath the tracks, and arranged such that each stack is located within a footprint of a single grid space; the plurality of load handling devices being arranged to selectively move in the X and/or Y directions, above the stacks on the tracks and arranged to transport a storage container.
  • the at least one transporting device may have a footprint that occupies only a single grid space in the storage system, such that a transporting device occupying one grid space does not obstruct a transporting device occupying or traversing the adjacent grid spaces in the X and/or Y direction.
  • a load handling device for use in a storage system, wherein the storage system comprises a central computing device, a first communications network, a second communications network and a grid comprising a first set of parallel tracks extending in an X-direction, and a second set of parallel tracks extending in a Y-direction transverse to the first set in a substantially horizontal plane to form a grid pattern comprising a plurality of grid spaces such that the load handling device is arranged to selectively move in the X and/or Y directions
  • the bot comprises non-volatile data storage, volatile data storage, one or more processors, a first communications interface for communicating via the first wireless communications network and a second communications interface for communicating with the second wireless communications network.
  • the second communications interface may comprise a point to point wireless communications interface.
  • the second communications interface may comprise a free space optical communications interface.
  • the non-volatile data storage of the load handling device may store one or more computer programs.
  • the load handling device may move to a grid location from which it can connect to the second wireless communications network such that it can determine if the one or more computer programs require an update.
  • a request from the load handling device to connect to the second wireless communications network may be rejected unless the load handling device is connected to the computing device via the first wireless communications network.
  • Updates to the one or more computer programs stored by one of the plurality of load handling devices may be transmitted from the central computing device to the load handling device via the second wireless communications network.
  • the load handling device may only connect to the to the computing device via the first wireless communications network if the load handling device presents a first cryptographic key.
  • Updates to the one or more computer programs may be signed using a second cryptographic key.
  • the load handling device may only access the updates to the one or more computer programs if a third cryptographic key is presented.
  • the use of cryptographic keys provides further layers of security, such that only authorised devices that are connected to the first network may connect to the second network & those devices require an additional key to access the software updates.
  • Cryptographic signing of the software prevents the installation of unapproved software to the device.
  • Figure 1 schematically illustrates a storage structure and containers
  • Figure 2 schematically illustrates track on top of the storage structure illustrated in Figure 1 ;
  • Figure 3 schematically illustrates load-handling devices on top of the storage structure illustrated in Figure 1 ;
  • Figure 4 schematically illustrates a single load-handling device with containerlifting means in a lowered configuration
  • Figure 5 schematically illustrates cutaway views of a single load-handling device with container-lifting means in a raised and a lowered configuration
  • Figure 6 shows a schematic depiction of a communications system which enables a plurality of bots to communicate with a central computing device
  • Figure 7 shows a shows a schematic depiction of a system which enables the secure deployment of software code to a bot
  • Figure 8 shows a schematic depiction of shows a further example of the communications system of Figures 6 and 7;
  • Figure 9 shows a schematic depiction of a bot PC
  • Figure 10 shows a schematic depiction of a method by which the cryptographic keys can be transferred
  • Figure 11 shows a schematic depiction of an example of the bootloader contents
  • Figure 12 shows a schematic depiction of a computer device 1200 used in the implementation of a communications system.
  • Figure 1 illustrates a storage structure 1 comprising upright members 3 and horizontal members 5, 7 which are supported by the upright members 3.
  • the horizontal members 5 extend parallel to one another and the illustrated x-axis.
  • the horizontal members 7 extend parallel to one another and the illustrated y-axis, and transversely to the horizontal members 5.
  • the upright members 3 extend parallel to one another and the illustrated z-axis, and transversely to the horizontal members 5, 7.
  • the horizontal members 5, 7 form a grid pattern defining a plurality of grid cells.
  • containers 9 are arranged in stacks 11 beneath the grid cells defined by the grid pattern, one stack 11 of containers 9 per grid cell.
  • Figure 2 shows a large-scale plan view of a section of track structure 13 forming part of the storage structure 1 illustrated in Figure 1 and located on top of the horizontal members 5, 7 of the storage structure 1 illustrated in Figure 1.
  • the track structure 13 may be provided by the horizontal members 5, 7 themselves (e.g. formed in or on the surfaces of the horizontal members 5, 7) or by one or more additional components mounted on top of the horizontal members 5, 7.
  • the illustrated track structure 13 comprises x-direction tracks 17 and y-direction tracks 19, i.e. a first set of tracks 17 which extend in the x-direction and a second set of tracks 19 which extend in the y- direction, transverse to the tracks 17 in the first set of tracks 17.
  • the tracks 17, 19 define apertures 15 at the centres of the grid cells.
  • the apertures 15 are sized to allow containers 9 located beneath the grid cells to be lifted and lowered through the apertures 15.
  • the x-direction tracks 17 are provided in pairs separated by channels 21
  • the y-direction tracks 19 are provided in pairs separated by channels 23. Other arrangements of track structure may also be possible.
  • FIG 3 shows a plurality of load-handling devices 31 moving on top of the storage structure 1 illustrated in Figure 1.
  • the load-handling devices 31 which may also be referred to as robots 31 or bots 31 , are provided with sets of wheels to engage with corresponding x- or y-direction tracks 17, 19 to enable the bots 31 to travel across the track structure 13 and reach specific grid cells.
  • the illustrated pairs of tracks 17, 19 separated by channels 21 , 23 allow bots 31 to occupy (or pass one another on) neighbouring grid cells without colliding with one another.
  • a bot 31 comprises a body 33 in or on which are mounted one or more components which enable the bot 31 to perform its intended functions. These functions may include moving across the storage structure 1 on the track structure 13 and raising or lowering containers 9 (e.g. from or to stacks 11 ) so that the bot 31 can retrieve or deposit containers 9 in specific locations defined by the grid pattern.
  • the illustrated bot 31 comprises first and second sets of wheels 35, 37 which are mounted on the body 33 of the bot 31 and enable the bot 31 to move in the x- and y- directions along the tracks 17 and 19, respectively.
  • two wheels 35 are provided on the shorter side of the bot 31 visible in Figure 4, and a further two wheels 35 are provided on the opposite shorter side of the bot 31 (side and further two wheels 35 not visible in Figure 4).
  • the wheels 35 engage with tracks 17 and are rotatably mounted on the body 33 of the bot 31 to allow the bot 31 to move along the tracks 17.
  • two wheels 37 are provided on the longer side of the bot 31 visible in Figure 4, and a further two wheels 37 are provided on the opposite longer side of the bot 31 (side and further two wheels 37 not visible in Figure 4).
  • the wheels 37 engage with tracks 19 and are rotatably mounted on the body 33 of the bot 31 to allow the bot 31 to move along the tracks 19.
  • the bot 31 also comprises container-lifting means 39 configured to raise and lower containers 9.
  • the illustrated container-lifting means 39 comprises four tapes or reels 41 which are connected at their lower ends to a container-engaging assembly 43.
  • the container-engaging assembly 43 comprises engaging means (which may, for example, be provided at the comers of the assembly 43, in the vicinity of the tapes 41 ) configured to engage with features of the containers 9.
  • the containers 9 may be provided with one or more apertures in their upper sides with which the engaging means can engage.
  • the engaging means may be configured to hook under the rims or lips of the containers 9, and/or to clamp or grasp the containers 9.
  • the tapes 41 may be wound up or down to raise or lower the container-engaging assembly, as required.
  • One or more motors or other means may be provided to effect or control the winding up or down of the tapes 41 .
  • the body 33 of the illustrated bot 31 has an upper portion 45 and a lower portion 47.
  • the upper portion 45 is configured to house one or more operation components (not shown).
  • the lower portion 47 is arranged beneath the upper portion 45.
  • the lower portion 47 comprises a container-receiving space or cavity for accommodating at least part of a container 9 that has been raised by the container-lifting means 39.
  • the container-receiving space is sized such that enough of a container 9 can fit inside the cavity to enable the bot 31 to move across the track structure 13 on top of storage structure 1 without the underside of the container 9 catching on the track structure 13 or another part of the storage structure 1 .
  • the container-lifting means 39 controls the tapes 41 to lower the container-gripping assembly 43 and the corresponding container 9 out of the cavity in the lower portion 47 and into the intended position.
  • the intended position may be a stack 11 of containers 9 or an egress point of the storage structure 1 (or an ingress point of the storage structure 1 if the bot 31 has moved to collect a container 9 for storage in the storage structure 1 ).
  • the upper and lower portions 45, 47 are separated by a physical divider, the upper and lower portions 45, 47 may not be physically divided by a specific component or part of the body 33 of the bot 31 .
  • the bot 31 includes a wheel-positioning mechanism for selectively engaging either the first set of wheels 35 with the first set of tracks 17 or the second set of wheels 37 with the second set of tracks 19.
  • the wheel-positioning mechanism is configured to raise and lower the first set of wheels 35 and/or the second set of wheels 37 relative to the body 33, thereby enabling the load-handling device 31 to selectively move in either the first direction or the second direction across the tracks 17, 19 of the storage structure 1.
  • the wheel-positioning mechanism may include one or more linear actuators, rotary components or other means for raising and lowering at least one set of wheels 35, 37 relative to the body 33 of the bot 31 to bring the at least one set of wheels 35, 37 out of and into contact with the tracks 17, 19.
  • only one set of wheels is configured to be raised and lowered, and the act of lowering the one set of wheels may effectively lift the other set of wheels clear of the corresponding tracks while the act of raising the one set of wheels may effectively lower the other set of wheels into contact with the corresponding tracks.
  • both sets of wheels may be raised and lowered, advantageously meaning that the body 33 of the bot 31 stays substantially at the same height and therefore the weight of the body 33 and the components mounted thereon does not need to be lifted and lowered by the wheelpositioning mechanism.
  • the bot 31 is moved as necessary in the X and Y directions so that the container-gripping assembly 43 is positioned above the stack 11 .
  • the container-gripping assembly 43 is then lowered vertically in the Z direction to engage with the container 9 on the top of the stack 11 .
  • the containergripping assembly 43 grips the container 9, and is then pulled upwards on the tapes 41 , with the container 9 attached.
  • the container 9 is accommodated within the vehicle body and is held above the level of the tracks.
  • the load handling device 30 can be moved to a different position in the X-Y plane, carrying the container 9 along with it, to transport the container 9 to another location.
  • the tapes 41 are long enough to allow the load handling device 30 to retrieve and place containers from any level of a stack 11 , including the floor level.
  • the weight of the vehicle may be comprised in part of batteries that are used to power the drive mechanism for the wheels 35, 37.
  • a plurality of load handling devices 31 are provided, so that each bot 31 can operate simultaneously to increase the throughput of the system.
  • the system illustrated in Figure 3 may include specific locations, known as ports, at which containers 9 can be transferred into or out of the system.
  • An additional conveyor system (not shown) is associated with each port, so that containers 9 transported to a port by a bot 31 can be transferred to another location by the conveyor system, for example to a picking station (not shown).
  • containers 9 can be moved by the conveyor system to a port from an external location, for example to a container-filling station (not shown), and transported to a stack 11 by the bots 31 to replenish the stock in the system.
  • Each bot 31 can lift and move one container 9 at a time. If it is necessary to retrieve a container (“target container”) that is not located on the top of a stack 11 , then the overlying containers (“non-target containers”) must first be moved to allow access to the target container. This is achieved in an operation referred to hereafter as “digging”. During a digging operation, one of the bots 31 sequentially lifts each non-target container 9a from the stack 11 containing the target container 9b and places it in a vacant position within another stack 11 . The target container 9b can then be accessed by the bot 31 and moved to a port for further transportation.
  • Each of the bots 31 is under the control of a grid controller.
  • Each individual container 9 in the system is tracked, so that the appropriate containers 9 can be retrieved, transported and replaced as necessary. For example, during a digging operation, the locations of each of the non-target containers is logged, so that the non-target containers can be tracked.
  • the system described with reference to Figures 1 to 5 has many advantages and is suitable for a wide range of storage and retrieval operations.
  • it allows very dense storage of product, and it provides a very economical way of storing a huge range of different items in the containers 9, while allowing reasonably economical access to all of the containers 9 when required for picking.
  • messages may be transmitted to the bots. These may be short messages, for example an instruction to move a container from a first location to a second location, or the messages may be larger, for example an update to the computer code which is used to operate the bot or a component of the bot. Similarly, it may be necessary for the bot to send messages to a central management system, for example to report operating parameter values, operating state reports etc.
  • a communications system which can be used is disclosed in the Applicant’s international patent application WO 2015/185726.
  • Figure 6 shows a schematic depiction of a communications system 100 which enables a plurality of bots 31 to communicate with a central computing device 400.
  • the central computing device executes a number of different computer programs such that it is able to transmit instructions to each of the plurality of bots and to receive messages back from each of the plurality of bots.
  • the messages sent from the central computing device to a bot may instruct the bot to: move to a specific grid location; deposit the container it is carrying at its present location; retrieve the top-most container from its current location; move to a charging point for battery charging; etc.
  • the messages returned by a bot to the central computing device may comprise: an acknowledgement that a message from the computing device has been received and is being actioned; a request that the bot moves to a charging point for battery charging; a request that the bot returns for maintenance activity etc.
  • the central computing device controls the operation of the storage and retrieval system such that, amongst other things, products received are stored for subsequent retrieval; stored products are retrieved such that customer orders can be picked, packed and despatched in a timely manner; the products stored within the storage and retrieval system are arranged & re-arranged to support the efficient operation of the system.
  • the communications system 100 comprises base stations 200A and 200B. Each of the bots 31 comprises a radio antenna such that it can communicate with one of the base stations.
  • the communications system may further comprise a base station controller (BSC) 300 which controls the operation of the base stations, for example when a bot is being handed over from a first base station to a second base station.
  • BSC base station controller
  • the BSC is in communication with the computing device and is configured to route messages from the computing device to a bot via the appropriate base station, and vice versa.
  • Known wireless communications systems for use with such automated storage and retrieval systems are disclosed in WO 2015/185726, WO 2018/127437 and WO 2018/177788.
  • the communications system may comprise more than two base stations.
  • the communications may only comprise a single base station. In such a case, the base station controller is not required in the communications system.
  • FIG. 7 shows a schematic depiction of a system which enables the secure deployment of software code to a bot 31 which is operating as a part of an automated storage and retrieval system.
  • the system comprises one or more base stations 200 (only one of which is shown in Figure 7 for the sake of clarity), a base station controller (BSC) 300, central computing device 400, a cryptographic server 500 and a plurality of bots 31 (again, for the sake of clarity only one of the plurality of bots is shown in Figure 7).
  • BSC base station controller
  • central computing device 400 central computing device 400
  • a cryptographic server 500 a plurality of bots 31
  • each of the plurality of bots 31 further comprises a communications interface 34 and a bot PC 40.
  • the communications interface 34 enables communication between the bot and a base station 200 and may comprise a suitable modem device, for example a 4G modem, WiFi modem, etc.
  • the communications interface 34 is connected to the bot PC 40 such that signals received from a base station can be routed to the bot PC and vice versa.
  • the structure of the bot PC 40 will be described below with reference to Figure 9.
  • messages can be communicated between the central computing device and the bot PC of a bot, such that control messages transmitted by the central computing device can be received by a bot PC and the message then processed such that the bot takes action: for example, the bot may; activate one of the drive mechanisms of the bot to move the bot in its present direction; activate the container-lifting means to lower or lift a container; activate the wheel-positioning mechanism so as to change the direction in which the bot will move, etc.
  • messages from the bot PC may be routed back to the central computing device such that, for example, if data generated in a bot, for example from a sensor, is indicative of an imminent failure state then the central computing device can instruct the bot to return to a maintenance area such that preventative action can be taken or alternatively, the bot may be remotely directed back to a maintenance area.
  • Each fulfilment centre will comprise such a communication system and it should be understood that a single enterprise is likely to comprise a plurality of such fulfilment centres.
  • the components which form each of these systems can be considered to form a separate security zone 600.
  • Each of those security zones may be connected to an enterprise security zone 700.
  • the enterprise security zone 700 may comprise an enterprise cryptographic server 710.
  • cryptographic operations may be used in the operation of a bot PC, and by extension the operation of a bot.
  • a set of cryptographic keys are generated, such that each set of cryptographic keys comprises one or more cryptographic keys.
  • the enterprise cryptographic server 710 may be used to generate a set of cryptographic keys for each of the plurality of bots that operate in each of the fulfilment centres that are operated by the enterprise which operates the enterprise cryptographic server 710.
  • the set of keys may be then be transferred to the respective bots and then used in the operation of the bots.
  • the keys may be distributed to the respective bots via the cryptographic server 500 for the fulfilment centre in which the bot operates.
  • a cryptographic server 500 may generate the plurality of sets of keys that are required for use by the plurality of bots which are active in that fulfilment centre.
  • the creation of the sets of keys by the cryptographic server may be initiated or otherwise controlled by the enterprise cryptographic server.
  • the enterprise cryptographic server and the or each cryptographic server 500 perform the functions of a certificate authority within a public key infrastructure, and that of other entities, such that digital certificates and cryptographic keys can be created, managed and revoked as required to facilitate the operation of the bots within a fulfilment centre, and other operations of the fulfilment centre, in a secure manner.
  • a fulfilment centre may not have a cryptographic server deployed within in it.
  • the necessary cryptographic functionality may be provided by the enterprise cryptographic server.
  • a cryptographic server located on one fulfilment centre may provide the required cryptographic functionality for one or more further fulfilment centres.
  • the enterprise cryptographic server may provide the required cryptographic functionality for all of the fulfilment centres.
  • one or more of the set of cryptographic keys may need to be supplied to a different entity.
  • a company which operates automated storage and retrieval systems to deliver products to customers is unlikely to be manufacturing the bots which are operated within the storage and retrieval system.
  • the manufacturer will need to operate a further cryptographic server which is capable of receiving and managing the received keys.
  • Secure communications channels will need to be provided to ensure the secure transmission of keys between different entities.
  • Figure 8 shows a further example of the communications system 100 described above with reference to Figures 6 and 7.
  • the communications system 100 further comprises a second wireless communications network.
  • the second wireless communications network is a point-to-point wireless communications network and comprises one or more point-to-point wireless transceivers.
  • the or each transceiver 450 of the second wireless communications network is connected to the central computing device 400, for example by fixed Ethernet communication links.
  • the second wireless communications network is a point-to-point optical free space communications network. It should be understood that while the cryptographic server 500 and the base station(s) 300 are not shown in Figure 8 for the sake of clarity, they are still present in the communications system of Figure 8.
  • Each of the plurality of bots may further comprise a second network interface 36, which is connected to the bot PC 40.
  • the second network interface is also configured such that the bot PC is able to communicate with the central computing device via the second wireless communications network.
  • the central computing device may comprise a software repository 410 which comprises the operating system and one or more applications necessary to control the operation of the bot (see below in relation to Figure 9). If the software of a bot requires an update then the necessary files may be transferred from the software repository to the bot via the second wireless communications network and then installed onto the bot PC.
  • the software repository may, in an alternative, be stored elsewhere, for example on a server or cloud computing platform which is communicably connected to the central computing device and from which software can be transferred to a bot.
  • the second wireless communications network may comprise a plurality of transceivers which are configured such that they can communicate with a bot which is located at a predetermined grid cell location.
  • a bot if a bot requires an upgrade to one or more of the elements of the software that operates the bot PC then the bot can navigate to one of the predetermined grid cell locations such that the second network interface 36 of the bot can communicate with one of the plurality of transceivers of the second wireless communications network.
  • the transceivers of the second wireless communications network may be configured such that they can communicate with a bot which is located a charging location, which may be located at the perimeter of the grid.
  • the bot when a bot moves to a charging location, to recharge the battery (or batteries) that power the bot, then the bot can connect to the central computing device via the second wireless communications network. If one or more of the elements of the software that operates the bot PC require an upgrade than those elements can be transferred from the software repository to the bot via the second wireless communications network and then installed onto the bot PC.
  • FIG. 9 shows a schematic depiction of a bot PC 40 which comprises central processing unit (CPU) 4010, random access memory (RAM) 4020, read only memory (ROM) 4030, non-volatile data storage unit 4040, cryptoprocessor 4050 and one time programmable memory (OTPM) 4060.
  • the non-volatile data storage unit 4040 comprises a bootloader 4042, an operating system 4044 and one or more applications 4046.
  • the bot PC is configured such that the CPU is communicably connected to each of the RAM, the ROM, the non-volatile data storage unit and the OTPM such that the CPU may: access data stored within one or more of those entities; process the accessed data; or write data to the RAM and/or the non-volatile data storage unit.
  • the CPU is also communicatively coupled to the communications interface 34 such that data received from the communications system 100 may be transferred to the CPU for processing and, similarly, data generated by the CPU may be routed to the central computing device 400 via the communications interface 34 and the communications system.
  • the bot PC is further configured such that the each of the bootloader 4042, the operating system 4044 and the one or more applications 4046 can communicate with the cryptoprocessor 4050.
  • the operating system and the one or more applications may be integrated into a single software package which can control the operation of the bot, communicate with the communications system, etc.
  • the operating system may comprise a variant of Linux the one or more applications may comprise a single computer program.
  • the operating system and the one or more applications may be firmware.
  • the and one time programmable memory (OTPM) 4060 may be provided as a separate module, for example a PCB or similar, that can be connected to the bot PC. Thus, one or more keys may be permanently written into the OTPM (see below) and the OTPM can then be subsequently installed into the bot PC
  • cryptographic operations may be used in the operation of a bot PC, and by extension the operation of a bot.
  • a set of cryptographic keys are generated, such that each set of cryptographic keys comprises one or more cryptographic keys.
  • each set of cryptographic keys may be generated by the enterprise cryptographic server or by a cryptographic server 500.
  • Figure 10 shows a schematic depiction of a method by which the cryptographic keys can be transferred.
  • a key set is generated for one of the plurality of bots.
  • One or more of the keys of the key set is then transferred to the respective bot (S1020). such that the received keys are then stored by the bot (S1030).
  • the bot may make a request (S1040), for example, to connect to the communications system 100 via one of the base stations 200.
  • the bot may make requests of different types.
  • One of the keys held by the bot may be presented and if a cryptographic challenge is passed then the bot request is allowed (S1070).
  • a private cryptographic key held in a cryptography server may be used to decode a request which has been encoded by a public cryptographic key held by the bot. If the cryptographic challenge is not passed then the bot request is denied (S1060).
  • step S1020 one or more private keys and/or one or more public keys are transferred to the bot, such that one or more further private keys are retained at the cryptographic server.
  • One or more public keys may also be retained at the cryptographic server.
  • the key(s) received by the bot may be stored in the non-volatile data storage unit of the bot PC.
  • a key may be permanently written into the one time programmable memory (OTPM) 4060 such that the key is permanently associated with the respective bot.
  • OTPM one time programmable memory
  • the permanently stored key may be a public key or a private key.
  • One or more keys may be permanently stored in the OTPM.
  • a public key stored in the bot may be used to encrypt a message that can be sent to the cryptographic server.
  • the cryptographic server may then decrypt the message using one of the private keys held in the cryptographic server, the private key being selected from the same set of cryptographic keys as the public key stored in the bot.
  • a response to the message to the bot can then be sent.
  • the bot may request to connect to a base station 200 of the communications network 100 . If the correct key is used to encrypt the request then the bot is allowed to connect to the communications network.
  • the bot PC comprises a cryptoprocessor, which may be, for example, a Trusted Platform Module.
  • the cryptoprocessor may generate one or more further keys which can then be used by the bot, either for operations which are internal to the bot or for operations which involve entities external to the bot. These one or more further keys may be generated based on one or more of the key(s) received from the cryptographic server.
  • the cryptoprocessor may be used to generate a symmetric key which can be used to encrypt the contents of the non-volatile data storage unit.
  • one or more symmetric keys may be generated and used to encrypt the contents of one or more of the bootloader, the operating system and the one or more applications.
  • an asymmetric key may be generated which is then used to create a device identity which can be used by the bot in communications with the central communications device 400.
  • the software for a bot can be accessed by the bot from the software repository 410, which may be stored within the central computing device.
  • the software packages can be signed using a cryptographic key generated by a cryptographic server.
  • a key held by a bot can be used to authenticate the or each software package that the bot needs to download.
  • a bot may only be able to access the software repository if it can present an appropriate key to the central computing device.
  • Table 1 below gives en example of a set of keys that could be stored and used by a bot.
  • Table 1 Exemplary set of keys held by a bot It can be seen from Table 1 that the use of such an exemplary set of keys would make use of cryptographic keys to ensure that: only an authorised bot could connect to the communications network; that only firmware that had been cryptographically signed could be downloaded and installed onto the bot; that the wireless communications between a bot and the central computing device are encrypted; that the data stored in the bot is encrypted; and that the central computing device can initiate a secure remote log-in to the bot, for example for maintenance purposes.
  • a security audit may determine that if a security risk is below a predetermined level then there is no need to take mitigations against it.
  • further keys may be used to protect other aspects of the bots operation.
  • One of keys can be used to enrol the bot with the network and the second may be used for ongoing communication with a base station of the communications network.
  • a further key may be used to encrypt the IP packets which are transmitted between the bot PC and the central computing device. It will be understood that keys of greater strengths may be used if it is deemed necessary.
  • FIG 11 shows a schematic depiction of an example of the contents of the code which is written into the bootloader 4042 of a bot (see Figure 9).
  • the boot image 1100 comprises a boot image header 1110, secure boot descriptor 1120, peripheral configuration code 1130 and stage 2 code 1140.
  • the secure boot 1120 descriptor comprises certificate 1 1121 , certificate 2 1122, certificate 3 1123, certificate 4 1124, certificate revocation list (CRL) 1125, peripheral configuration code signature 1126 and Stage 2 code signature 1127.
  • CTL certificate revocation list
  • the boot up header 1110 defines the locations of the different elements of the boot image 1100 in the boot loader.
  • the secure boot descriptor 1120 is loaded into memory.
  • the four certificates (certificate 1 , certificate 2, certificate 3 & certificate 4) are referred to as a certificate block 1128.
  • a hash of the certificate block can be permanently written into the OTPM.
  • the contents of the certificate block can be hashed and compared with the value stored in the OTPM. If the values do not match then the boot up is aborted as the certificate values have been changed. If there is a match then the boot up process can proceed.
  • the peripheral code signature code can be compared with the peripheral code stored in the bootloader. Again, if there is a match then the boot up procedure can proceed but if there is no match then the boot up is aborted.
  • the next step is to compare the Stage 2 code signature with the Stage 2 code, with the boot up proceeding if there is a match between the signature and the code.
  • the execution of the Stage 2 code causes the operating system and then the one or more applications to be executed. If there is no match then the boot up process is aborted.
  • the failure of a bot to boot up is likely to be due to a file being corrupted or an incorrect key being used to generate a certificate or a signature. Such errors must be remedied such that the bot can be used subseqently
  • the CRL holds a list of certificates which have been revoked, for example, by the enterprise cryptographic server and which are no longer recognised.
  • the four certificates (certificate 1 , certificate 2, certificate 3 & certificate 4) are, in one example, derived from keys 1 to 4 listed above in table 1 .
  • Figure 12 shows a schematic depiction of a computer device 1200 used in the implementation of a communications system of the present disclosure that may include a central processing unit (“CPU”) 1202 connected to a storage unit 1214 and to a random access memory 1206.
  • the CPU 1202 may process an operating system 1201 , application program 1203, and data 1223.
  • the operating system 1201 , application program 1203, and data 1223 may be stored in storage unit 1214 and loaded into memory 1206, as may be required.
  • Computer device 1200 may further include a graphics processing unit (GPU) 1222 which is operatively connected to CPU 1202 and to memory 1206 to offload intensive image processing calculations from CPU 1202 and run these calculations in parallel with CPU 1202.
  • GPU graphics processing unit
  • An operator 1207 may interact with the computer device 1200 using a video display 1208 connected by a video interface 1205, and various input/output devices such as a keyboard 1215, mouse 1212, and disk drive or solid state drive 1214 connected by an I/O interface 1204.
  • the mouse 1212 may be configured to control movement of a cursor in the video display 1208, and to operate various graphical user interface (GUI) controls appearing in the video display 1208 with a mouse button.
  • GUI graphical user interface
  • the disk drive or solid state drive 1214 may be configured to accept computer readable media 1216.
  • the computer device 1200 may form part of a network via a network interface 1211 , allowing the computer device 1200 to communicate with other suitably configured data processing systems (not shown).
  • One or more different types of sensors 1235 may be used to receive input from various sources.
  • control of the storage system may be performed by an appropriately configured industrial computing device, however the functionality of the computing device may be implemented using virtually any manner of computer device including a desktop computer, laptop computer, tablet computer, wireless handheld or a cloud computing platform.
  • the computing device or devices may execute one or more software instances, for example virtual machines and or containers.
  • the present system and method may also be implemented as a computer- readable/useable medium that includes computer program code to enable one or more computer devices to implement each of the various process steps in a method in accordance with the present disclosure. In case of more than one computer devices performing the entire operation, the computer devices are networked to distribute the various steps of the operation.
  • the terms computer-readable medium or computer useable medium comprises one or more of any type of physical embodiment of the program code.
  • the computer-readable/useable medium can comprise program code embodied on one or more portable storage articles of manufacture (e.g. an optical disc, a magnetic disk, a tape, etc.), on one or more data storage portioned of a computing device, such as memory associated with a computer and/or a storage system.
  • the disclosure provides systems, devices, methods, and computer programming products, including non-transient machine-readable instruction sets, for use in implementing such methods and enabling the functionality described previously.
  • the storage and retrieval system may be of a size such that a single base station is sufficient to provide radio coverage to the entirety of the grid surface.
  • the BSC may be retained as a separate entity or the functionality of the BSC may be incorporated into to the base station.
  • the language “movement in the n-direction” (and related wording), where n is one of x, y and z, is intended to mean movement substantially along or parallel to the n-axis, in either direction (i.e. towards the positive end of the n-axis or towards the negative end of the n-axis).
  • the word “connect” and its derivatives are intended to include the possibilities of direct and indirection connection.
  • x is connected to y” is intended to include the possibility that x is directly connected to y, with no intervening components, and the possibility that x is indirectly connected to y, with one or more intervening components.
  • direct connection is intended
  • the words “directly connected”, “direct connection” or similar will be used.
  • support and its derivatives are intended to include the possibilities of direct and indirect contact.
  • x supports y is intended to include the possibility that x directly supports and directly contacts y, with no intervening components, and the possibility that x indirectly supports y, with one or more intervening components contacting x and/or y.
  • the word “mount” and its derivatives are intended to include the possibility of direct and indirect mounting.
  • x is mounted on y is intended to include the possibility that x is directly mounted on y, with no intervening components, and the possibility that x is indirectly mounted on y, with one or more intervening components.
  • controller is intended to include any hardware which is suitable for controlling (e.g. providing instructions to) one or more other components.
  • a processor equipped with one or more memories and appropriate software to process data relating to a component or components and send appropriate instructions to the component(s) to enable the component(s) to perform its/their intended function(s).
  • the present disclosure provides a communications system for use with an automated storage and retrieval system such as might be used in a warehouse facility.
  • the communications system comprises first and second wireless communications networks, with the first wireless communications network being used to communicate with load handling devices under normal operations.
  • the second wireless communications network may be a free space optical network which is used to provide software updates to the load handling devices and to receive data from the load handling devices such as log files.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Economics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • Marketing (AREA)
  • Human Resources & Organizations (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Development Economics (AREA)
  • Operations Research (AREA)
  • Accounting & Taxation (AREA)
  • Electromagnetism (AREA)
  • Mechanical Engineering (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Warehouses Or Storage Devices (AREA)

Abstract

En ce qui concerne la présente invention, la présente invention concerne un système de communication destiné à être utilisé avec un système de stockage et de récupération automatisé tel qu'il peut être utilisé dans une installation d'entrepôt. Le système de communication comprend des premier et second réseaux de communication sans fil, le premier réseau de communication sans fil étant utilisé pour communiquer avec des dispositifs de gestion de charge dans des opérations normales. Le second réseau de communication sans fil peut être un réseau optique à espace libre qui est utilisé pour fournir des mises à jour logicielles aux dispositifs de gestion de charge et pour recevoir des données provenant des dispositifs de gestion de charge tels que des fichiers journaux.
PCT/EP2023/080564 2022-11-03 2023-11-02 Système de communication pour installation d'entrepôt WO2024094796A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB2216377.8 2022-11-03
GB2216377.8A GB2624157A (en) 2022-11-03 2022-11-03 Communications system

Publications (1)

Publication Number Publication Date
WO2024094796A1 true WO2024094796A1 (fr) 2024-05-10

Family

ID=84839787

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2023/080564 WO2024094796A1 (fr) 2022-11-03 2023-11-02 Système de communication pour installation d'entrepôt

Country Status (2)

Country Link
GB (2) GB2624157A (fr)
WO (1) WO2024094796A1 (fr)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010118412A1 (fr) * 2009-04-10 2010-10-14 Casepick Systems, Llc Système de stockage et de récupération
WO2015185726A2 (fr) 2014-06-05 2015-12-10 Ocado Innovation Limited Systèmes et procédés de communication
WO2018095751A1 (fr) * 2016-11-22 2018-05-31 Ocado Innovation Limited Dispositif de commande et procédé de système de communication sans fil
WO2018127437A1 (fr) 2017-01-08 2018-07-12 Ocado Innovation Limited Système de communication sans fil comportant des détecteurs de signaux étrangers reçus
WO2018177788A1 (fr) 2017-03-27 2018-10-04 Ocado Innovation Limited Système de communication sans fil avec discrimination entre signaux reçus externes
WO2021021807A1 (fr) * 2019-07-29 2021-02-04 Nimble Robotics, Inc. Systèmes de stockage et procédés de préhension robotique
US20220129389A1 (en) * 2020-10-26 2022-04-28 Micron Technology, Inc. Online Security Services based on Security Features Implemented in Memory Devices
WO2022200124A1 (fr) * 2021-03-26 2022-09-29 Signify Holding B.V. Procédé et appareil pour éviter la saturation dans des systèmes optiques sans fil point à point

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201701615D0 (en) * 2017-02-01 2017-03-15 Ocado Innovation Ltd Safety system for an automated storage and picking system and method of operating thereof
GB2579034B (en) * 2018-11-15 2021-05-05 Trustonic Ltd Software installation method
GB202105316D0 (en) * 2021-04-14 2021-05-26 Ocado Innovation Ltd An automated load handling system
US20220335140A1 (en) * 2022-06-30 2022-10-20 Intel Corporation Cryptographic computing isolation for multi-tenancy and secure software components

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010118412A1 (fr) * 2009-04-10 2010-10-14 Casepick Systems, Llc Système de stockage et de récupération
WO2015185726A2 (fr) 2014-06-05 2015-12-10 Ocado Innovation Limited Systèmes et procédés de communication
EP3152956A2 (fr) * 2014-06-05 2017-04-12 Ocado Innovation Limited Systèmes et procédés de communication
WO2018095751A1 (fr) * 2016-11-22 2018-05-31 Ocado Innovation Limited Dispositif de commande et procédé de système de communication sans fil
WO2018127437A1 (fr) 2017-01-08 2018-07-12 Ocado Innovation Limited Système de communication sans fil comportant des détecteurs de signaux étrangers reçus
WO2018177788A1 (fr) 2017-03-27 2018-10-04 Ocado Innovation Limited Système de communication sans fil avec discrimination entre signaux reçus externes
WO2021021807A1 (fr) * 2019-07-29 2021-02-04 Nimble Robotics, Inc. Systèmes de stockage et procédés de préhension robotique
US20220129389A1 (en) * 2020-10-26 2022-04-28 Micron Technology, Inc. Online Security Services based on Security Features Implemented in Memory Devices
WO2022200124A1 (fr) * 2021-03-26 2022-09-29 Signify Holding B.V. Procédé et appareil pour éviter la saturation dans des systèmes optiques sans fil point à point

Also Published As

Publication number Publication date
GB2624054A (en) 2024-05-08
GB202216377D0 (en) 2022-12-21
GB2624157A (en) 2024-05-15

Similar Documents

Publication Publication Date Title
JP6971452B2 (ja) 車両制御用の制御装置、非一時的なコンピュータ可読媒体、及び、車両制御用の制御装置によって実行される方法
JP2019194129A (ja) 搬送デバイスの移動を制御する方法、システムおよび装置
BR112020006803A2 (pt) sistema de coordenação de manipulação de objeto e método de realocação de um recipiente de transporte
JP2020536027A (ja) ケースのストレージ・ピッキングシステム及びストレージ・ソーティング統合システム
US20180157866A1 (en) Automated manufacturing system with adapter security mechanism and method of manufacture thereof
KR101423377B1 (ko) 제어 장치, 기판 처리 방법, 기판 처리 시스템, 기판 처리 시스템의 운용 방법, 로드 포트 제어 장치 및 그것을 구비한 기판 처리 시스템
CN111325506A (zh) 仓库配置方法及装置、存储介质、电子装置
CN115412167A (zh) 用于无线通信系统的控制器及方法
CN110457113B (zh) 泛在电力物联网智能终端的管理控制系统及管理控制方法
Jiang et al. Flexible space-sharing strategy for storage yard management in a transshipment hub port
US8096408B2 (en) Segmented material conveyor system, threshold assembly and method for making and using the same
WO2024094796A1 (fr) Système de communication pour installation d'entrepôt
WO2024094794A1 (fr) Système de stockage sécurisé comprenant des gestionnaires de charge
CN109712923A (zh) 一种晶圆周转装置及晶圆周转方法
CN111781928A (zh) Agv的接入方法、装置、调度系统及设备、存储介质
KR102606130B1 (ko) 클라우드 기반 창고 통합 관리 시스템 및 그 제어 방법
WO2023285487A1 (fr) Poste de préparation de commandes
WO2023170179A1 (fr) Système de communication
WO2023170162A1 (fr) Système de communication pour installation d'entrepôt avec robots
Meller Considerations when designing an autostoretm system
WO2023170167A1 (fr) Système de commande
US20240336429A1 (en) Picking station
WO2024141551A1 (fr) Système de stockage
US12085921B2 (en) Managing firmware and software updates within a secure deployment system
WO2023153236A1 (fr) Système pour fournir de l'énergie à un groupe de systèmes de fabrication de semi-conducteurs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23802159

Country of ref document: EP

Kind code of ref document: A1