• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a system with an electrical device (10), in particular with an electrical socket, which is arranged in public or semi-public areas. The system allows power to be drawn from such a device in a flexible, simple and efficient manner by means of a smartphone. For this purpose, the system has a wirelessly controllable power switch (11), which does not require any communication connection between the switch and a central server (30) for power consumption. The central server (30) issues software tickets and authorization tokens for powering the electrical device (10). The switch (11) is intended to establish a wireless communication link with the application program (21) of the smartphone and to receive an authorization token and one or more software tickets from the application program (21). The switch is further provided for validating the authorization token in a first step and, in a second step, for validating the software ticket and closing the switch for a time period defined by the time unit of the software ticket after a positive validation, in which case there is no query about a communication connection to the server (30) is necessary.
    公开号:CH713988A2
    申请号:CH00830/18
    申请日:2018-07-03
    公开日:2019-01-15
    发明作者:Müller Johannes
    申请人:Elektron Ag;
    IPC主号:
    专利说明:

    description
    Field of the Invention The invention relates to a system comprising an electrical device, in particular an electrical socket, and a switch which in an open state disconnects the electrical device from an electrical network and in a closed state the electrical device to the electrical network connects and thus enables a power reference. Further aspects of the invention relate to a corresponding method, a corresponding electrical device and a corresponding application program.
    Background With the ever increasing use of mobile electrical and electronic devices, there is also an increased need to power such devices in the public or semi-public area, in particular to charge batteries of such devices. Unless electricity is to be made available free of charge, solutions are needed to provide and bill electricity costs in a simple and cost-effective manner.
    From GB 2 455 375 A, an electrical socket is known, which can be controlled wirelessly by means of a user device. The power is released via a central provider or a central server. Therefore, a communication connection between the socket and the central provider or the central server is required for power reference.
    [0004] WO 2011/109 460 A2 describes a system which makes it possible to reserve and activate an electric charging station for vehicles by means of a smartphone. The reservation and corresponding payment may be initiated and performed by the smartphone or other computer (e.g., laptop) via a web server. The web server then sends a corresponding reservation certificate with time information (start time, desired loading time, end time) to the smartphone. The smartphone can establish a wireless communication link with the electrical charging station and unlock the charging station for the desired, reserved time by means of the reservation certificate.
    In such a system, an online connection to the web server is necessary for each reservation. In addition, the reservation period must be set in advance. A spontaneous power reference without online connection is therefore not possible.
    US 2015/0130 630 A1 describes a charging station for delivering fuel to a vehicle including an electric vehicle without requiring dedicated access to a communication network, whereby fleet vehicle or individual authorization can be obtained from an access management system. The authorization is wirelessly relayed from a wireless device to the station to allow the delivery of fuel. Subsequently, a protocol comprising the transaction is provided to the access management system by the same or another wireless mobile computing device.
    WO 2011 109 460 describes a system which enables a smartphone or any terminal to reserve and activate a charging device for electric vehicles using a website or a server computer system. A reservation request is accepted by a first terminal using the server. A reservation certificate is provided to a portable second terminal in response to the request using the server. The reservation certificate is accepted by the portable second terminal using an access device. The electric vehicle charger is activated in response to accepting an authentic reservation certificate using the access device.
    In these systems, a prior reservation in each case stating the reservation period is necessary.
    Summary of the Invention It is an object of embodiments of the present invention to provide a system of the type mentioned in the opening paragraph which allows power to be drawn in a flexible, simple and efficient manner.
    A further object of embodiments of the present invention is to provide a system of the type mentioned, which allows a power reference in complete offline operation in a flexible, simple and efficient manner.
    Another object of embodiments of the present invention is to provide a system of the type mentioned, which prevents or makes an abusive power reference difficult.
    A first aspect of the invention relates to a system according to claim 1.
    Accordingly, the system comprises an electrical device, which is designed in particular as an electrical outlet. Furthermore, the system has a wireless controllable switch, which in an open state separates the electrical device from an electrical network and in a closed state connects the electrical device to the electrical network. The system further comprises an electronic communication device, in particular a smartphone, as well as an application program installed on the electronic communication device. Furthermore, the system comprises a central server, which is provided to issue software tickets for a power purchase of the electrical device for the application program. The software tickets have at least one server signature, a validity period and a time unit. Furthermore, the switch has a memory for storing a public key of the server. The switch is intended to establish a wireless communication link with the application program of the electronic device, to receive one or more software tickets from the application program and to validate the server book signature of the software ticket and the validity period after receiving a software ticket. After a positive validation of the server signature and the validity period, the switch is closed for a time period defined by the software ticket or upon receipt of multiple tickets for a time period defined by the relative time units of the software tickets and thus the electrical device for power reference is enabled.
    Such a system makes it possible to provide sockets and other electrical devices in a public or semi-public space in a cost-effective and very flexible way for a power reference and bill the use simply and efficiently.
    The switch can operate completely self-sufficient according to embodiments of the invention and only requires power. In particular, no communication connection between the switch and the central server is necessary for the current reference. The "logic" of the switch and the "logic" of the application program and the server are completely separate according to embodiments of the invention. The communication links between the electronic communication device and the switch on the one hand and between the electronic communication device and the server on the other hand are completely separate according to embodiments of the invention. This makes it possible to operate the electrical device also in places where there is no possibility to connect to the Internet (No WLAN, no mobile network coverage, no wired Internet connection). This is common, for example, in underground garages or cellars.
    The software tickets enable a power reference for the time unit determined by the time unit of the respective software ticket. The granularity of the time units can be adapted by the central server to the respective application and the customer needs. The time units are relative time units and independent of an absolute time. For example, the time units of the software ticket could be 15 minutes or 30 minutes or 1 hour or even one day. Preferably, the respective user has a plurality of software tickets with different time units, so that he can flexibly put together a desired service life. Software tickets according to embodiments of the invention with relative time units offer in particular the advantage of greater flexibility compared to reservation certificates with predetermined reservation times. This allows users to spontaneously use electrical outlets near them when needed without the need for an online connection. The software tickets are valid for a predefined validity period and during this validity period, the user can use the software tickets without the need for an online connection. The validity of the software ticket may be an absolute time, i. a date and optionally a time, or even a relative time, i. a certain period of time, e.g. a week or a month. In a relative time specification, according to embodiments, the application program can convert the relative time specification into an absolute time specification.
    The server signature can be carried out in particular by means of a private or secret key of an asymmetric encryption system. The switch has stored in its memory the corresponding public key and can thus validate the server signature in a secure manner.
    The validity period of the software tickets is a security element, which ensures that users of the system, the software tickets can not use after expiration. The period of validity can be adapted as desired to the respective security level of the application and can, according to embodiments, e.g. a week or a month or 3 months. The shorter the validity period, the higher the security level.
    The software tickets also have a user ID. According to such an embodiment, the software tickets are personalized tickets that are uniquely assigned to a user of the system. Such a user identification represents another efficient and advantageous security element. For example, this allows unambiguous assignments of software tickets to be assigned to a user and to block them for further use of the system.
    In addition, the server is provided to issue authorization tokens for users of the system, the entitlement token having at least one device identifier, a user identifier, and a validity period.
    Such authorization tokens represent another advantageous element for the security of the system. The authorization token represents a general or basic authorization of the user identification associated user to use an electrical device according to the device identifier of the permission token. According to embodiments of the invention, an authorization token can also have a plurality of device identifications and accordingly represent a basic authorization to use a plurality of devices.
    In addition to an authorization token, however, according to embodiments of the invention, at least one valid software ticket for a power reference is still required. Thus, according to embodiments of the invention for
    Power reference always at least two elements or objects necessary, namely a permission token and at least one software ticket.
    Such a system, according to which both an authorization token and at least one software ticket is required to purchase electricity, is a technically very efficient and flexible solution. Thus, the permissions for the individual devices of the system can be efficiently and flexibly changed, revoked and expanded by means of the authorization tokens. At the same time, the software tickets retain their validity when the authorization tokens are changed, and it is therefore not necessary for them to be changed in the case of such a change to the authorization tokens available to a user. The software tickets are thus preferably valid and usable independently of a particular electrical device for a plurality of electrical devices.
    Thus, for example, in the case of a tenant who changes the apartment and according to e.g. requires other permission tokens for other common spaces, revokes the old permission tokens, and issues new tokens, while the originally issued software tickets remain valid and can be used in the new home.
    In addition, such a system allows efficient withdrawal of permissions, e.g. in case of abuse by the user. As soon as the permission tokens become invalid and the user does not receive any new valid permission tokens, they can no longer use the software tickets.
    A device identifier is a unique identifier of the electrical device or the switch assigned to the electrical device, e.g. a serial number.
    The period of validity of the authorization token ensures that users who are no longer online until the end of the validity period and therefore no longer receive updated authorization tokens can no longer use the electrical devices of the system thereafter.
    The validity period of the authorization token can be adapted to the respective security level of the application. The shorter the validity period, the higher the security level.
    The validity period of the permission token can be identical to the validity period of the software tickets according to embodiments. According to other embodiments, the validity period of the authorization token can also be different from the validity period of the software tickets. In addition, software tickets issued at different times may have different validity periods. In addition, the validity period of the software tickets may be e.g. Depending on the value or the relative time unit of the software tickets are issued or by other factors, such as. the user.
    According to embodiments of the invention, the validity period of the software tickets is longer or greater than the validity period of the authorization tokens. As a result, it can be ensured in an efficient manner that, on the one hand, the software tickets are valid for a long time and, correspondingly, the expenditure for renewing them is reduced. On the other hand, any security requirements may be accommodated by the shorter validity period of the authorization tokens. In particular, this can ensure that a user connects to the server at the latest at the end of the validity period of the authorization token in order to renew the authorizations.
    According to one embodiment of the invention, the validity period of the software tickets may also be unlimited, i. E. the validity period is infinite.
    The authorization tokens can be used according to embodiments of the invention to implement a two-stage validation process. Such a two-stage validation process includes a first validation step and a second validation step. In the first validation step, the authorization token is validated, and in a second validation step, one or more software tickets are validated. Thus, at least one authorization token and at least one software ticket for power purchase are always required.
    As a result, the safety of the system can be increased in an efficient and flexible manner, as already explained above. In addition, such a permission token allows the implementation of more advantageous functions.
    Thus, according to embodiments, the switch may be configured to derive a relative time base for the switch from the validity period of the entitlement token. This in turn allows a particularly simple design of the switch. Thus, the switch can be configured in such a system without its own absolute time base. On the one hand this is inexpensive and on the other hand allows the operation of the electrical devices in places where there is no radio coverage, e.g. in underground garages. Moreover, such a relative time base provides security advantages over an absolute time base.
    According to embodiments, the switch always updates its time base according to the latest validity period it has received from an authorization token. If, for example, the switch has the validity period May 2017 as the current time base and then receives an authorization token with the validity period June 2017, it switches its internal relative time base to June 2017. He could then set an internal timer, for example, 1 to 10 days, during which he still accepts authorization tokens and software tickets with validity May 2017. After that, only authorization tokens and software tickets with a validity period could be used
    June 2017 will be accepted. In this way, the switch always updates its time base using the received permission tokens.
    According to another embodiment, the application program is configured to display to the user, within a predefined distance, the electrical devices for which the user has appropriate permission tokens. In addition, the application program can display occupancy information of these electrical devices. Occupancy information may indicate, for example, which devices are free, which are occupied and until when they are occupied.
    According to another embodiment, the system may be configured such that the application program receives an updated list of authorization tokens at the start of the application program and / or each time the application program communicates with the server.
    This effectively increases the security of the system and makes it possible to flexibly and promptly keep users' respective authorizations up to date.
    According to a further advantageous embodiment of the invention, the electronic communication device is a mobile phone, in particular a smartphone. In addition, the user ID is linked to the mobile phone number of the mobile phone.
    Such a mobile telephone number is always associated with an International Mobile Subscriber Identity (IMSI). In addition, there are legal requirements in a large number of countries, for example Germany and Switzerland, according to which a person must identify himself when acquiring a new SIM card and thus a new IMSI and thus prove his identity when purchasing a SIM card. Therefore, embodiments of the invention enable a clear identification of the users of the system based on the IMSI or the associated mobile telephone number.
    Since the user ID is integrated into each software ticket and is linked to the server signature, according to this embodiment, each individual software ticket is also clearly linked to the identity of the user. This facilitates legal billing.
    According to a further advantageous embodiment of the invention, the system is adapted to perform a registration process for the registration of a new user. The registration procedure includes the following steps:
    Sending a registration request from the application program of the mobile telephone to the central server via a first communication channel, the registration request including a mobile telephone number;
    Generating a code for user authentication by the server;
    Sending the code from the server to the application program of the mobile telephone via a second communication channel formed separately from the first communication channel;
    Display of the code by the application program on a display of the mobile phone;
    Receiving the code from the application program by inputting the user by means of an input device of the mobile telephone;
    Sending the code for authenticating the user from the mobile to the server via the first communication channel; and
    Registration of the user with a user ID associated with the mobile phone number.
    The first communication channel is preferably an Internet connection, in particular a connection secured by SSL / TLS. The second communication channel is preferably a mobile radio connection, in particular a Short Message Service (SMS).
    By using two separate communication channels, the security of the registration process is increased. In particular, this ensures that the code can only be received by the mobile phone whose number is used for registration.
    According to a further advantageous embodiment of the invention, the relative time units of the software tickets are combined with each other to a total reference duration of the current reference.
    As described above, the time units are relative time units and may be e.g. 15 minutes or 30 minutes or 1 hour or even one day. Preferably, the respective user has a plurality of software tickets with different time units, so that he can combine the software tickets together and can flexibly put together a desired total subscription duration or total useful life. For example, if the user wants to use an outlet for 3 hours and 15 minutes, he can combine 3 software tickets with a time unit of 1 hour and a software ticket with a time unit of 15 minutes.
    Therefore, embodiments of the invention enable a very flexible use of the electrical devices.
    According to a further advantageous embodiment of the invention, the switch is adapted to receive a plurality of software tickets from the application program to add the relative time units of the received software tickets to a total reference period of the power reference and the switch after positive validation of Ser ver Signature and the validity period for a defined by the total reference period of the software ticket period to close and unlock the electrical device for power reference.
    The user is thus according to embodiments of the invention, an electronic wallet or an electronic wallet with a variety of software tickets available that he can put together flexibly and independently and without any network coverage and server connection (offline) can use.
    According to a further embodiment, the software tickets each have an individual ticket identifier.
    Such an individual ticket identifier is a unique identifier for each software ticket, which allows a clear follow-up. This allows the integration of beneficial security features into the system.
    Thus, according to an advantageous embodiment, the switch is configured to store a revocation list with ticket identifiers of software tickets already used and to compare the respective ticket identifier with the revocation list before activation of the electrical device. For a negative comparison result, i. if the ticket identifier is not on the blacklist, the electrical device is unlocked. A positive comparison result, i. if the ticket identifier is on the blacklist, indicates a prior use of the software ticket and thus a misuse. Therefore, in such a case, an activation is denied and prevents reuse of the software ticket.
    This effectively increases the security of the system. In particular, this system works independently of server communication. This prevents misuse even if the user no longer connects to the server to prevent updates.
    According to an advantageous embodiment, two or more electrical devices, which are within radio range of each other, are configured to exchange the respective stored block lists with each other.
    This effectively increases the security of the system. The replacement of the blacklists according to this embodiment is thus decentralized and independent of a server communication. This prevents abusive use even without server updates and creates a decentralized "update cluster" with an increased security level.
    In accordance with an advantageous embodiment, the switch is configured to send the respectively stored blocked list to the application program communicating with it. Further, the application program is configured to forward the blocked list received from the switch to the server.
    According to this embodiment, the server is informed in an efficient manner promptly about already used tickets. This allows the server to mark already redeemed software tickets. This can e.g. used to detect anomalies. According to a further advantageous embodiment, the server could forward the blacklists to the electrical devices to further increase the security level.
    The revocation lists are preferably encrypted with the public key of the server.
    According to another embodiment, the application program is configured such that it automatically deletes the software ticket after sending a software ticket to the electrical switch.
    This prevents further use of the software ticket in a more efficient, simple and elegant manner. Preferably, further security mechanisms are integrated into the application program, which prevent bypassing the automatic deletion function.
    According to embodiments, the application program is configured to make reverse engineering of the application program difficult, in particular by obfuscation techniques, the use of debugger detection techniques, by adding code as a compiled C / C ++ library and / or storing files as dynamic libraries , eg as .so files.
    According to a further advantageous embodiment, the server is configured to perform a renewal mechanism for renewing expired software tickets.
    Since the software tickets have a validity period as a security mechanism, substitution-free expiration can be prevented with such a mechanism. For this, the server receives an expired software ticket from the application program and issues a new software ticket for the expired software ticket with a new validity period. To do this, the server first checks whether the software ticket has actually been used. Further advantageous checks include a verification of the signature, a check whether the user at all has the authorization for the software tickets sent and whether the ticket has actually expired.
    The new software ticket preferably gets the same ticket identifier as the expired software ticket. This effectively impedes or prevents expired tickets that have already been used from being used again. In particular, electrical devices in which the ticket has already been used, can recognize a use of their revocation lists and deny redemption.
    According to a further advantageous embodiment of the invention, the application program is configured such that it has an online mode in which the application program is coupled via a wide-area connection, in particular via an Internet connection, with the central server.
    In online mode, blacklists and usage data can be exchanged with the central server, permission tokens can be updated, and software tickets can be purchased and renewed.
    According to a further advantageous embodiment of the invention, the application program has an offline mode in which the application program has no wide-area connection or other communication connection with the central server. As described above, in such an offline mode, use of the software tickets and the authorization tokens is nevertheless possible, provided they have not yet expired.
    Preferably, the application program is configured to cache usage data, and particularly blacklists, obtained from an off-line electrical device. As soon as it then again has a long-distance connection to the central server, the cached usage data, in particular the cached revocation lists, can be transmitted to the central server.
    According to a further advantageous embodiment of the invention, the wireless communication connection between the application program and the switch is a connection according to the Bluetooth standard, in particular according to the Bluetooth Low Energy (BLE) standard, a connection according to the Near Field Communication (NFC ) Standard or a WLAN connection, in particular a connection according to the IEEE 802.11 standard or the WI-FL standard.
    According to further advantageous embodiments of the invention, other radio communication protocols can be used, which are optimized in particular for short ranges and low power consumption. Short ranges are understood according to preferred embodiments ranges of less than 10m.
    According to another preferred embodiment, the wireless communication link is a direct communication link between the switch and the electronic communication device. Such a direct communication connection does not require any external communication devices such as WLAN routers, but the communication connection can be realized exclusively by means of the transmission and reception means present in the switch and the electronic communication device. As a result, the electricity purchase can be realized independently of any external communication infrastructure.
    As stated above, the electrical device according to embodiments of the invention is a socket.
    Such a socket can be arranged for example in public or semi-public spaces and there enable a power reference via the electronic communication device. For the operation of the socket neither WLAN nor Ethernet nor additional external data cabling is necessary. Therefore, the installation of such a socket requires no special knowledge and can be installed just like a conventional socket.
    According to a further advantageous embodiment of the invention, the electrical device is an electrical load or an electrical load, in particular a washing machine or a sauna.
    With such a configuration, electrical devices that are placed in public or semi-public spaces can be used in a simple and reliable manner by means of the electronic communication device. According to a further advantageous embodiment of the invention, the central server is a cloud server.
    Such a cloud server can administer the key management and usage data as a central location. In particular, such a cloud server may act as an intermediary between the users of the electrical devices and the owners of the electrical devices. Thus, the cloud server on the one hand interfaces with the users of the electrical devices by giving them the desired authorization tokens and software tickets. On the other hand, the cloud server provides an interface to the owners or owners of the electrical devices by providing them with the issued permissions and tickets and thus enables billing.
    Another aspect of the invention relates to a method of operating a switch by means of an application program of an electronic communication device, wherein the switch is provided for disconnecting an electrical device to an electrical network. The method comprises the steps of sending a request for issuing software tickets from an application program of an electronic communication device to a central server and issuing software tickets for the activation of the electrical device for power purchase by the central server. The software tickets have at least one server signature, a validity period and a time unit. Further steps include establishing a wireless communication link between the application program and the switch, sending one or more software tickets to the switch, receiving the one or more software tickets through the switch, verifying the server signature of the software ticket, and the validity period and closing the power purchase switch after positively checking the server signature and the validity period for a time period defined by the time unit of the software ticket.
    Further aspects of the invention relate to an electrical device, a switch and an application program of such a system.
    Further embodiments, advantages and applications of the invention will become apparent from the other dependent claims and from the following description with reference to the figures.
    In this case:
    Brief description of the drawings [0082]
    Fig. 1 shows a system with an electrical device according to an embodiment of the invention;
    Fig. 2 shows a schematically illustrated example of an authorization token;
    Fig. 3 shows a schematically illustrated example of a software ticket;
    4 shows a flowchart of a registration method and an initialization method according to embodiments of the invention;
    FIG. 5 shows a flowchart of a ticket purchase or ticket purchase and the redemption of such a ticket for the purchase of electricity; FIG.
    Fig. 6 is a flowchart showing a renewal mechanism by which expired software tickets can be renewed; and
    7 shows a flowchart of a registration method according to embodiments of the invention.
    Way (s) for carrying out the invention Fig. 1 shows a system 100 with an electrical device 10 and a switch 11. The switch 11 is designed as an electronically controllable switch and is also referred to below as an electronic switch. The electronic switch 11 is configured to disconnect the electrical device 10 from an electrical network 12 in an open state and connect the electrical device 10 to the electrical network 12 in a closed state. With the switch 12 closed, it is thus possible to obtain power from the electrical network 12. According to the embodiment shown in Fig. 1, the electrical device 10 is an electrical outlet. Accordingly, when closed, the electronic switch 11 connects the electrical network 12 to terminal holes 10a for connection to an external electrical device 14. According to other preferred embodiments of the invention, the electrical device 10 itself may be an electrical load, such as an electrical load. a sauna or a washing machine. According to preferred embodiments of the invention, the switch 11 is integrated into the device 10. The electronic switch 11 has a control module 15, which is provided for controlling the electronic switch 11. In addition, the electronic switch 11 has an interface 16, by means of which a wireless communication connection to external devices can be established.
    The electronic switch 11 has a memory 17, in which various information for the control and operation of the electronic switch 11 can be stored. In particular, the memory 11 may be used to store a public key PK of a server 30 for storing a unique device identifier VK, e.g. a serial number, the switch 11 and for storing blacklists SL be configured, as will be explained in more detail below. In addition, the memory 17 preferably serves to store a time base ZB of the switch 11 or the device 10.
    The system 100 further comprises an electronic communication device 20, which may be in particular a smartphone.
    The electronic communication device 20 is configured to control the electronic switch 11. On the communication device 20, an application program 21 is installed, which is configured to establish a direct wireless communication link 25 with the electronic switch 11. This may in particular be a connection according to the Bluetooth standard, but also a WLAN or WIFI connection or an NFC connection. The connection 25 is preferably a direct radio connection between the switch 11 and the communication device 20 without the use of any external communication infrastructure such as WLAN routers, base stations, repeaters or the like. In the control module 15 of the electronic switch 11, a control program is stored, which can communicate with the application program 21.
    The control program may advantageously be stored as firmware in the electronic switch 11. The firmware can build a wireless communication link 25 via the interface 16 with an update program, not shown, of the electronic communication device 20 and refer to firmware updates.
    The update program may e.g. be used by the owner or manager of the electrical devices 10.
    The application program 21 is configured to set up a long-distance connection 41 to a long-distance network 40 via an interface 24 and to set up a communication connection to the central server 30, which is likewise connected to the long-distance network 40. The long-distance network 40 is preferably the Internet and the long-distance connection 41 thus an Internet connection. The connection to the wide area network 40 may e.g. via a cellular network or other wireless network, such as a wireless network done.
    The communication device 20 has a memory 22 in which e.g. the authorization token BT, the software tickets ST and blacklists SL are stored.
    The central server 30 is preferably designed as a cloud server and is configured to issue software tickets ST and authorization tokens BT for a power reference of the electrical device 10 for the application program 21. In addition, via the long-haul connection 41, e.g. Block lists SL exchanged.
    The server 30 has a secret key SK of an asymmetric encryption system and a corresponding public key PK. The public key is also stored in the memory 17 of the switch 11 as described above.
    A user U of the communication device 20 may download the application program 21, for example, from the central server 30 or another distribution center and register with the central server 30 as a user.
    Preferably, in the delivery state of the devices 10, the unique device identifier VK as a serial number of the device and the public key PK of the server 30 are already stored in the memory 17. This has the advantage that when installing the devices 10, e.g. the sockets, on site no configuration needs to be made. According to further embodiments of the invention, the memory 17 may also include a master key. Such a master key provides an additional layer of security that can be used as the basis for a certificate authority (CA). The CA can be used to derive a certificate for the server.
    FIG. 2 shows a schematically illustrated example of an authorization token BT.
    The authorization token BT has as a device identifier VK a "socket serial number", here designated 1. The authorization token BT furthermore has as user identifier NK a user ID, here denoted by 1234, and a validity period GZ to, here with 082016, i. August 2016, on.
    The authorization token BT is encrypted or signed with the private key SK of the server 30 and can thereby be later authenticated with the public key PK stored in the memory 17 of the switch 11.
    FIG. 3 shows a schematically illustrated example of a software ticket ST.
    The software ticket ST has as a ticket identifier TK on a "ticket ID" "ABC123" and as a user ID NK on a user ID on, here with "1234". The user ID NK corresponds to the authorization token for the same users of the user identifier NK. The software ticket ST also has a time unit ZE, here denoted by "15", which is e.g. Could correspond to 15 minutes. Finally, the software ticket ST still has a validity period GZ, here with "082016", i. E. August 2016, referred to.
    The software ticket ST is encrypted or signed with the private key SK of the server 30 and can thereby be later authenticated with the public key PK stored in the memory 17 of the switch 11.
    4 shows a flowchart of a registration method and an initialization method according to embodiments of the invention.
    The registration method and the initialization method illustrate the steps between the server 30 and the communication device 20 according to FIG. 1.
    In the following it is assumed that the communication device 20 is designed as a smartphone 20 and the electrical device 10 as a socket 10. In addition, it is assumed that socket 10 and switch 11 are formed integrally and have a single device identifier VK.
    In a step 410, the smartphone 20 sends a registration request to the server 30. The registration request may be, for example, a request to register for the use of a group of electrical outlets 10. The server 30 then acquires the user data, checks the general authorization of the user and, for example, also acquires billing addresses or other payment information for billing or payment of the usage. The server 30 is preferably a cloud server and, accordingly, e.g. the administrator of the apartment building from his work computer 50 log on the server 30 and grant the occupant the authorization. In the case of a positive authorization check, the server 30 registers the user U in a step 420. The registration also includes the configuration of the (initial) authorizations and results in an assignment of the user to permitted outlets. In a step 430, the server 30 then sends the application program 21 one or more authorization tokens BT, preferably in the form of a list, and preferably one authorization token for each authorized outlet 10. In a step 440, the smartphone 20 receives and stores the authorization tokens BT, preferably in the form of a list.
    These authorization tokens BT or the list of the authorization tokens BT is updated each time the application program 21 is started and each time the communication with the server 30 is started. This ensures that users' corresponding permissions are updated on a regular basis. In particular, these updates can also be used to update the validity period of the authorization tokens BT.
    The application program 21 is thus registered according to embodiments of a particular user.
    In a step 450, the application program 21 sends an initialization request to the server 30. In a step 460, the server 30 updates the respective authorization tokens BT of the respective user and sends them in a step 470 to the application program 21. In a step 480 stores the application program 21 stores the updated authorization tokens in the memory 22 of the smartphone 20.
    If the application program 21 does not connect to the server 30 for a long period of time in order to avoid, for example, the removal of authorizations, they will become invalid over time due to the expiration of the validity period. In addition, no later than the purchase of software tokens a connection to the server 30 and thus an update of the permissions must be made.
    FIG. 5 shows a flowchart of a ticket purchase or ticket purchase as well as the redemption of such a software ticket for the purchase of electricity.
    In a step 510, the application program 21 of the smartphone 20 sends a request to the server 30 to issue a certain number of software tickets ST. This request may, for example, also contain more detailed information about the desired time unit ST of the software tickets.
    In a step 520, the server 30 checks the general authorization of the user to obtain software tickets. Such a check comprises, in particular, a check as to whether the user has already been registered and whether this registration is still valid.
    If so, the server 30 issues the desired number of software tickets ST, updates the user's entitlement tokens BT, signs the software tickets ST and the updated entitlement tokens BT, and sends the signed software tickets ST and In a step 535, the smartphone 20 stores the received software tickets ST and the authorization tokens BT in the memory 22.
    Thus, the user U can use the associated sockets 10 if necessary, and indeed completely independent of whether he has a communication link to the server 30 or not.
    The socket 10 sends at regular intervals in a step 540 allocation information. This' occupancy information is preferably sent as a broadcast message and can be designed, for example, as advertisement data according to the Bluetooth standard, in particular according to the Bluetooth Low Energy (BLE) standard.
    This allocation information may indicate, for example, whether the respective socket 10 is free or busy and also includes a remaining time, i. E. specify until when the socket is occupied.
    If the user U now wants to use a socket 10 in his environment, he opens and launches the application program 21. The application program 21 then carries out a scan in step 545, e.g. a Bluetooth scan, and verifies that there are suitable sockets 10 in its environment. According to embodiments, it may be configured in the application program 21 which sockets are displayed in the application program. According to one embodiment, the application program 21 displays only sockets for which the user has authorization. According to other embodiments, the application program 21 displays all sockets in the environment. This would allow the user to request missing permissions.
    The user U can then decide in step 545 whether he wants to use one of the displayed sockets and make a corresponding selection.
    In order for a socket 10 to accept software tickets ST, the application program 21 must first authenticate with authorization tokens BT. This will be explained in more detail below.
    For this purpose, it is necessary in a first validation step to authenticate itself to the respective sockets 10 by means of the respective authorization tokens BT. In a first validation step 555, the socket 10 then checks the signature of the authorization token BT, the validity of the period of validity and, in a first validation step 555, the authorization program BT corresponding to the selected outlet 10 whether the device identifier VK matches. Furthermore, in a step 556, the socket 10 performs a comparison or comparison of the relative time base of the socket 10 or of the switch 11 with the period of validity of the received authorization token BT. If the current relative time base of the socket 10 is older than the validity period of the received authorization token BT, the relative time base of the socket 10 or of the switch 11 is updated and set to the newer value.
    Thus, the validity period is transmitted by different users at each authentication on the authorization token BT to the respective socket 10, whereby the current validity period is set in the socket.
    For example, if the switch 11 has the validity period May 2017 as the time base and then receives an authorization token with the validity period June 2017, then it switches its internal relative time base by one month and thus to June 2017. Depending on the desired security level, the switch 11 could additionally start an internal timer with a transition period during which it still accepts authorization tokens and software tickets from May 2017. This would then ensure that users who can not connect or connect to the server 30 for a predefined time can still use their non-updated permission tokens and software tickets.
    [0122] The higher the security level, the shorter this transitional period should be.
    In accordance with preferred embodiments of the invention, the transition period for the software tickets could be longer than the transition period for the authorization tokens. As described above, the permission tokens are preferably updated every time the application program is started and every server communication is not provided for issued software tokens. Thus, according to one embodiment, a system could be provided which always requires a currently valid authorization token before redemption of a software ticket, while software tickets with an expired validity period are still granted a transitional period for redemption. According to embodiments, the transition period is e.g. a few days or a few weeks.
    Then only authorization tokens and software tickets with a validity period June 2017 could be accepted and the user would have to renew his expired tickets.
    According to other embodiments, the validity period for software tickets could also be generally longer than the validity period for authorization tokens. For example, permission tokens might only be valid for one month, while software tickets could have a validity period of three months.
    In a further step 560, the user U then sends one or more software tickets ST according to the desired service life to the selected outlet 10. After sending the software tickets ST, the application program 21 automatically deletes the software ticket ST, so it can not be used again. This automatic deletion function is preferably implemented so that it automatically runs in the background and can not be switched off by the user.
    In a second validation step 562, the socket 10 validates the software ticket (s) ST and, if validly validated, enables the socket 10 in a step 564 for a period corresponding to the time units of the software ticket. The validation of the software ticket ST includes checking the signature, checking the validity period and checking the user identification. In the user identification is checked in particular whether this agrees with the user ID of the authorization identifier and whether the user is thus generally entitled to use the respective socket 10. In addition, the switch 11 checks whether the ticket ID is on the blacklist SL stored in the memory 17.
    In a step 566, the socket 10 then adds the redeemed software ticket ST to the blacklist SL and stores it in the memory 17. In a step 570, the updated blacklist SL is then sent to the application program 21, which in one step 580 forwards to the server 30. In a step 590, the server 30 then updates its stored lock list (s).
    Fig. 6 shows a flowchart of a renewal mechanism by means of which expired software tickets can be renewed.
    In a step 610, the application program 21 of the electronic communication device 20 sends one or more expired software tickets ST to the server 30. In a step 620, the server 30 validates the received tickets ST and verifies that the software tickets ST really have expired and have not been used yet. It is also checked whether the signature is correct, and whether the user at all has the authorization for the sent software tickets ST.
    If the validation is positive, the server 30 in a step 630 new, updated software tickets for the expired tickets ST out. These get the same ticket ID TK as the expired software tickets ST. In a step 640, the renewed software tickets ST are sent to the application program 21, which stores them in a step 650. Thus, the application program 21 can use the renewed software tickets ST again.
    According to embodiments, a change of the public key PK used can also be made via the transfer of a new public key signed by the old public key PK from the server 30 via the application programs 21 to all sockets 10 or switch 11. If the sockets 10 have additionally stored a master key, the sockets 10 must additionally check whether the new public key was derived from the master key.
    FIG. 7 shows a flowchart of a registration method 700 according to embodiments of the invention.
    The flowchart 700 illustrates the steps between the server 30 and the communication device 20 shown in FIG. 1. The communication device 20 has the application program 21 installed as described above.
    The communication device 20 is designed as a smartphone 20 and the electrical device 10 as a socket 10. In addition, it is assumed that socket 10 and switch 11 are formed integrally and have a single device identifier VK.
    In a step 705, the user starts the application program 21 on his smartphone 20. When using the application program 21 for the first time, he then first has to register as a user.
    In a step 710, the smartphone 20 sends a registration request RA to the server 30. The registration request RA may be, for example, a request to register for the use of a group of electrical outlets 10. For registration, the application program establishes a first secure communication channel 701, in particular an Internet connection, for example an SSL / TLS connection, with the server 30. The first communication channel 701 is represented by arrows with a solid line.
    [0138] According to a preferred embodiment, the registration request is input to an encrypted web page input mask provided by the server 30. The web page is preferably encrypted according to the Hypertext Transfer Protocol Secure (HTTPS) communication protocol in order to securely transmit the data entered by the user to the server 30.
    According to the embodiment of the invention shown in FIG. 7, the user must specify at least one telephone number of a mobile radio network, which is referred to below as mobile telephone number MTN. Such a mobile telephone number is always associated with an International Mobile Subscriber Identity (IMSI). Such an IMSI is used in mobile networks, e.g. in GSM, UMTS and LTE mobile networks, as an internal subscriber identifier of the unique identification of network subscribers. The IMSI is stored on a special chip card, the Subscriber Identity Module (SIM). The IMSI number is awarded worldwide only once per SIM by the mobile network operators. In addition, there are legal requirements in a large number of countries, for example Germany and Switzerland, according to which a person must identify himself when acquiring a new SIM card and thus prove his identity when purchasing a SIM card.
    Embodiments of the invention make efficient use of this by unambiguously identifying future users of the system by means of a mobile telephone number.
    Mach receipt of a registration request RA specifying a mobile phone number MTN, the server generates a code C, which acts as an identification code, and sends it in a step 730 via a separate second communication channel 702 to the smartphone 20. The separate second communication channel 702 is preferably a mobile radio connection, in particular a short message (SMS) by means of the Short Message Service (SMS). The second communication channel 702 is shown by a dotted line arrow.
    According to embodiments of the invention, the code C is a one-time code or a one-time password used for unique authentication of the user to the server 30. The code C can be generated, for example, with a random number generator.
    In a step 740, the code is displayed to the user on a display of the smartphone 20. In addition, the user can be displayed in the input mask of the web page in a step 745 a legal notice in which the user is informed of the use of the application program or the software program purchased by the application program. Such an indication could, for example, read as follows: "The user of the application program is uniquely identified by the telephone number of his smartphone and the user acknowledges that the use of the application program contains at best any fee-based services".
    In addition, according to embodiments of the invention, the input mask may include a confirmation button, by means of which the user must confirm that he has taken note of the legal notice and agrees with it.
    If the user agrees, in a step 750 he enters the code in the input mask of the smartphone 20 by means of an input device, in particular by means of a touch-sensitive screen (touch screens), and sends this in a step 760 via the first communication channel 701 to the server 30. The server 30 now generates a user ID in a step 770 and, in a step 780, links this user ID to the mobile telephone number MTN of the user.
    Thus, the user of the application program 20 and its user ID (user ID) by means of the mobile phone number of his smartphone and the corresponding IMSI number uniquely identified to the server 30.
    In addition, according to embodiments of the invention, each individual software ticket and each authorization token associated with the user ID (user ID). Since this user ID is linked to the registration data (mobile telephone number, name) on the server, each individual software ticket and each individual authorization token is also uniquely identified with respect to the server 30.
    Thus, embodiments of the invention facilitate a legal accounting of the use of the software tickets.
    While preferred embodiments of the invention are described in the present application, it should be clearly understood that the invention is not limited to these and may be embodied otherwise within the scope of the following claims.
    权利要求:
    Claims (15)
    [1]
    claims
    A system comprising an electrical device (10), in particular an electrical outlet; a wireless controllable switch (11) which in an open state disconnects the electrical device (10) from an electrical network (12) and in a closed state connects the electrical device (10) to the electrical network (12); an electronic communication device (20), in particular a smartphone (20); an application program 21) installed on the electronic communication device (20); and a central server (30); wherein the server (30) is adapted to issue software tickets and authorization token for a power reference of the electrical device (10) for the application program (21); wherein the software tickets at least comprise: a server signature; a validity period; a relative time unit; and a user identifier; and wherein the authorization tokens comprise at least: a device identifier; a user identifier; and a validity period; the switch (11) having a memory (17) for storing a public key of the server (30); the switch (11) being arranged to establish a wireless communication link with the application program (21) of the electronic device (20); receive one or more software tickets and an authorization token from the application program (21); a two-stage validation process comprising performing a first validation step and a second validation step, wherein in the first validation step the authorization token is validated and in a second validation step one or more software tickets are validated; in the second validation step, validating the server signature and the validity period of the software ticket; to close the switch (11) after positive validation of the server signature and the validity period for a time period defined by the relative time unit of the software ticket and to unlock the electrical device (10) for power purchase.
    [2]
    2. System according to claim 1, characterized in that the electronic communication device is a mobile phone, in particular a smartphone, and that the user identification is linked to the mobile phone number of the mobile phone.
    [3]
    A system according to claim 2, characterized in that the system is arranged to perform a registration process for registering a new user, the registration process comprising the steps of: sending a registration request from the application program of the mobile phone to the central server via a first communication channel; wherein the registration request includes a mobile telephone number; Generating a code for user authentication by the server; Sending the code from the server to the application program of the mobile telephone via a second communication channel formed separately from the first communication channel; Display of the code by the application program on a display of the mobile phone; Receiving the code from the application program by inputting the user by means of an input device of the mobile telephone; Sending the code for authenticating the user from the mobile to the server via the first communication channel; and registering the user with a user identifier associated with the mobile phone number.
    [4]
    4. System according to claim 3, characterized in that the first communication channel is an Internet connection, in particular a secured by SSL / TLS connection, and that the second communication channel is a mobile radio connection, in particular a Short Message Service (SMS), is.
    [5]
    5. System according to any one of the preceding claims, characterized in that the relative time units of the software tickets can be combined with each other to a total reference period of the power reference.
    [6]
    6. System according to one of the preceding claims, characterized in that the switch is provided to receive a plurality of software tickets from the application program; add the relative time units of the received software tickets to a total subscription period of the current purchase; closing the switch (11) after positive validation of the server signature and the validity period for a period of time defined by the total subscription time of the software tickets and to unlock the electrical device (10) for power purchase.
    [7]
    7. System according to one of the preceding claims, characterized in that the switch (11) is provided to derive from the validity period of the permission token, a relative time base for the switch (11).
    [8]
    8. System according to any one of the preceding claims, characterized in that the software tickets each have an individual ticket identifier.
    [9]
    A system according to claim 8, characterized in that the switch (11) is configured to store a block list with ticket identifiers of software tickets already in use; before activation of the electrical device (10) to compare the respective ticket identifier with the block list; to release the electrical device (10) in the event of a negative comparison result; and to refuse activation in the case of a positive comparison result.
    [10]
    A system according to claim 9, characterized in that two or more electrical devices (10) which are within radio range of each other are configured to interchange the respective stored blacklists.
    [11]
    11. A system according to any one of claims 9 or 10, characterized in that the switch (11) is configured to send the respective stored locking bar to the standing in communicative connection with him application program (21); and the application program (21) is configured to forward the block list received from the switch (11) to the server (30).
    [12]
    A system according to any one of claims 8 to 11, characterized in that the server (30) is configured to execute a renewal mechanism for expiring expired software tickets, the server (30) being configured to have an expired software ticket in the renewal mechanism received by the application program (21); and issue a new software ticket for the expired software ticket with a new validity period, the new software ticket having the same ticket identifier as the expired software ticket.
    [13]
    13. A method for operating a switch (11) by means of an application program (21) of an electronic communication device (20), wherein the switch (11) for enabling an electrical device (10) to an electrical network (12) is provided, wherein the method comprising the steps of: sending a request for issuing software tickets and permission tokens from the application program (21) of the electronic communication device (20) to a central server (30); Issuing software tickets from the server (30) for enabling the electrical device (10) for power purchase; wherein the software tickets at least comprise: a server signature; a validity period; a relative time unit; and a user identifier; Issuing authorization tokens from the server (30); wherein the authorization tokens comprise at least: a device identifier; a user identifier; and a validity period; Establishing a wireless communication link between the application program (21) and the switch (io); Sending one or more software tickets and a token to the switch (11); Receiving the one or more software tickets and the authorization token through the switch (11); Validate the permission token in a first validation step; Checking the server signature of the software ticket and the validity period in a second validation step; Closing the switch (11) for power reference after positive validation of the permission token and positive verification of the server signature and the validity period of the software ticket for a time period defined by the relative time unit of the software ticket or a time period defined by the relative time units of the software ticket.
    [14]
    14. Electrical device, in particular an electrical socket, comprising: a wireless controllable switch (11) which in an open state separates the electrical device (10) from an electrical network (12) and in a closed state the electrical device (10) connects to the electrical network (12); the switch (11) having a memory (17) for storing a public key of the server (30); wherein the switch (11) is adapted to establish a wireless communication link with an application program (21) of an electronic communication device; receive one or more software tickets and an authorization token from the application program (21); wherein the software tickets at least comprise: a server signature; a validity period; a time unit; and a user identifier; wherein the authorization tokens comprise at least: a device identifier; a user identifier; and a validity period; wherein the authorization tokens are a general authorization of the user associated with the user identifier to use an electrical device according to the device identifier; upon receipt of a permission token, in a first validation step, validating the permission token; upon receipt of a software ticket in a second validation step to verify the server signature of the software ticket and the validity period; closing the switch (11) after positively checking the authorization token again the server signature and the validity period of the software ticket for a time period defined by the time unit of the software ticket and to unlock the electrical device (10) for power purchase.
    [15]
    15. Application program for an electronic communication device, in particular a smartphone, wherein the application program (21) is configured to software tickets and authorization tokens for the activation of an electrical device (10), in particular an electrical outlet, for the current from a central server (30 ), the software tickets having at least: a server signature; a validity period; a time unit; and a user identifier; and wherein the authorization tokens comprise at least one device identifier; a user identifier; and a validity period; wherein the application program (21) is further configured to send an entitlement token and one or more software tickets to a wireless controllable switch (11) which in an open state disconnects the electrical device (10) from an electrical network (12) and in a closed state, connecting the electrical device (10) to the electrical network (12).
    类似技术:
    公开号 | 公开日 | 专利标题
    EP2865198B1|2016-04-27|Method for entering identification data of a vehicle into a user database of an internet server device
    DE102012224421A1|2013-07-04|VEHICLE-LINKED SYSTEM AND COMMUNICATION PROCESS
    DE102011122461A1|2013-06-27|Access system for a vehicle and method for managing access to a vehicle
    EP3262859B1|2020-04-01|System for using mobile terminals as keys for vehicles
    DE102013215303A1|2014-02-06|Mobile electronic device
    DE102012012389A1|2013-01-24|Device for controlling access authorization and/or driving authorization for e.g. hire car, has database server transferring authorization data to data carrier and including data memory authorization for protected memory areas
    EP3609732B1|2021-04-21|Control device and method for controlling a charging column
    DE102006015212A1|2007-10-11|Method for protecting a movable good, in particular a vehicle, against unauthorized use
    WO2010145979A1|2010-12-23|Method for registering a mobile radio in a mobile radio network
    DE102011076414A1|2012-11-29|Change of subscription data in an identification module
    EP3424773A1|2019-01-09|System comprising a network switch which can be controlled wirelessly using software tickets
    EP3609731B1|2022-01-26|Method for controlling a charging process of a vehicle at a charging post using first and second authorisation verification
    DE102015005232B4|2017-09-28|Controlling a clearance authorization of a motor vehicle
    DE102016218986A1|2018-04-05|Method for access management of a vehicle
    DE102012221288A1|2014-05-22|A method, apparatus and service means for authenticating a customer to a service to be provided by a service means
    DE102016222100A1|2018-05-17|Method and system for proving possession of a vehicle
    EP2528363A2|2012-11-28|Change of subscription in an identification module
    DE102012016166A1|2014-02-20|Method for operating a subscriber identity module
    EP2688327B1|2018-10-10|Activation of subscriber identity data
    EP3235275B1|2019-11-06|Casting an identity into a secure element
    EP2381712B1|2021-06-02|Secure Reading Data from a Mobile Device with fixed TPM
    DE102013001733A1|2014-07-31|Method for accessing a service of a server via an application of a terminal
    DE102019103302A1|2020-08-13|Method for operating a charging system
    DE102019101120A1|2020-07-23|System and method for managing an authorization for a vehicle
    EP2468025B1|2013-12-18|Method and device for managing a private radio cell
    同族专利:
    公开号 | 公开日
    EP3424772A1|2019-01-09|
    EP3424773A1|2019-01-09|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US20020091555A1|2000-12-22|2002-07-11|Leppink David Morgan|Fraud-proof internet ticketing system and method|
    GB0723197D0|2007-11-27|2008-01-09|Yeandel Kevin|On demand access to a supply of electrical power|
    US20150130630A1|2010-03-02|2015-05-14|Christopher Scott Outwater|Method and apparatus for finding and accessing a vehicle fueling station and for reporting data from remote sensors|
    US8996876B2|2010-03-02|2015-03-31|Liberty Plugins, Inc.|Method and system for using a smart phone for electrical vehicle charging|
    US20120233077A1|2011-03-07|2012-09-13|GM Global Technology Operations LLC|Electric charging station reservation system and method|CN113439283A|2019-03-06|2021-09-24|安加扎设计股份有限公司|Apparatus, system and method for controlling user authority in an appliance|
    CN111585973A|2020-04-16|2020-08-25|北京明略软件系统有限公司|Method and device for managing access|
    法律状态:
    优先权:
    申请号 | 申请日 | 专利标题
    EP17179577.6A|EP3424772A1|2017-07-04|2017-07-04|System comprising a network switch which can be controlled wirelessly using software tickets|
    [返回顶部]