[go: up one dir, main page]

WO2018055523A1 - A data management system and method - Google Patents

A data management system and method Download PDF

Info

Publication number
WO2018055523A1
WO2018055523A1 PCT/IB2017/055698 IB2017055698W WO2018055523A1 WO 2018055523 A1 WO2018055523 A1 WO 2018055523A1 IB 2017055698 W IB2017055698 W IB 2017055698W WO 2018055523 A1 WO2018055523 A1 WO 2018055523A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
version number
received
stored
mobile communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2017/055698
Other languages
French (fr)
Inventor
Deven HALPERN
Tom Wells
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Proximity Id Pty Ltd
Original Assignee
Proximity Id Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Proximity Id Pty Ltd filed Critical Proximity Id Pty Ltd
Publication of WO2018055523A1 publication Critical patent/WO2018055523A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the present application relates to a data management device, system and method.
  • the present invention seeks to address this. SUMMARY OF THE INVENTION
  • a data management device including: a communications module including a transmitter and a receiver for transmitting signals via a short range communication protocol to a mobile communication device in range of the transmitter and for receiving signals via the short range communication protocol from the mobile communications device; a memory having data stored therein including identification data, data to be managed and a data version identifier; a processor to control the device to: receive encrypted update data via the short range communication protocol from a mobile communication device in range of the data management device; decrypt the received update data and extracting data to be altered in the data being managed and a data version number; compare the received data version number with the stored data version number; and if the received data version number is higher than the stored data version number then altering the data stored in the memory as per the received data and storing the received data version number.
  • a remote data management server includes: a transmitter and a receiver for transmitting and receiving data to and from a mobile communications device; a memory for storing data therein, the data including a plurality of data management device identifications and for each device, data being managed for that device as well as a current data version number; and a processor running executable code thereon to: receive an instruction to alter data from the data being managed; preparing encrypted update data including the data to be altered and a data version number; and transmitting the encrypted update data to a mobile communication device for onward transmission to a remote data management device.
  • a data management method including at a data management device including a memory having data stored therein including identification data, data to be managed and a data version identifier: receiving encrypted update data via a short range communication protocol from a mobile communications device in range of the data management device; decrypting the received update data and extracting data to be altered in the data being managed and a data version number; comparing the received data version number with the stored data version number; and if the received data version number is higher than the stored data version number then altering the data stored in the memory as per the received data and storing the received data version number.
  • Figure 1 is an example data management system
  • Figure 2 is a block diagram illustrating a data management device
  • Figure 3 is a block diagram illustrating an example mobile communications device
  • Figure 4 is a block diagram illustrating an example remote data management server of the access control system.
  • the data management system of the present invention has numerous applications, for purposes of illustration, the data management system will be described in conjunction with a barrier device 10 for preventing access to an area.
  • the barrier device 10 is illustrated as a turnstile. However, it will be appreciated that the barrier device could take any other appropriate form such as a locked door, for example.
  • barrier device illustrated is used to prevent access by a person but it will be appreciated that the barrier device could be used to prevent access by a vehicle, for example.
  • An exemplary application of this is a gate to a house or a boom for a parking lot to name but two examples.
  • the barrier device 10 prevents or allows access to a predetermined area.
  • barrier device 10 and associated data management device 12 are illustrated but in practice a large number of these will make use of the methodology and system described below.
  • a data management device 12 is associated with the barrier device 10 and is located in physical proximity to the barrier device.
  • the data management device 12 includes a communications module 14 ( Figure 2) including a transmitter and a receiver.
  • the communications module 14 is used for transmitting signals via a short range communication protocol to a mobile communication device 16 in range of the transmitter and for receiving signals via the short range communication protocol from the mobile communications device.
  • the mobile communications device 16 in the illustrated embodiment is a mobile telephone. In other examples the mobile communications device could be a different type of device with appropriate communication capability.
  • the short range communication protocol is Bluetooth or more specifically Bluetooth Low Energy. It will be appreciated that any other suitable short range communication protocol can be used such as Near Field Communication (NFC) or high frequency audio communication to name but two of many further examples.
  • NFC Near Field Communication
  • audio communication to name but two of many further examples.
  • the short range communication protocol is a wireless communication protocol.
  • a memory 18 has data stored therein including device identification data, data to be managed by the device 12 as well as a data version identifier which identifies a version of the data to be managed and the use of this will be described in more detail below.
  • the data to be managed is a list of mobile communication devices that are allowed access to the area.
  • the data may also include a list of devices that have been allowed access together with the date and time that access was allowed.
  • a processor 20 controls the operation of the data management device 12 and the functionality of this will be described in more detail below.
  • the challenge is that the data that needs to be managed needs to be updated periodically but the device 12 does not have its own communication means by which it can communicate with the server.
  • the device 12 uses a plurality of mobile communications devices 16 to piggy back off as will be described in more detail below.
  • a mobile communications device 16 includes a processor 22 which is used for running executable code thereon.
  • the executable code is typically in the form of a so-called application that executes on the mobile communications device 16. This will be described in more detail below.
  • the mobile communication device 16 also includes a display 24 whereby information can be displayed to a user of the device and a user interface 26 by means of which a user can input information into the device 16.
  • the display 24 will be a screen of the mobile telephone and the user interface 26 includes a keyboard.
  • the keyboard can either be separate keys or can be implemented via the screen which will be a touchscreen.
  • a memory 28 is used for storing data therein including a mobile device identification number.
  • the identification number could be the Mobile Subscriber Integrated Services Digital Network-Number (MSISDN) or International mobile Subscriber Identity (IMSI) both of which are used to identify subscribers in a mobile communications network.
  • MSISDN Mobile Subscriber Integrated Services Digital Network-Number
  • IMSI International mobile Subscriber Identity
  • the user identification is a universally unique identifier (UUID) which is an identifier standard used in software. This will be generated either by the executable application or the server and stored in the memory 28.
  • UUID universally unique identifier
  • the mobile communications device 16 also includes a short range communications module 30 including a short range transmitter and a short range receiver for transmitting and receiving data using a short range communications protocol and a long range communications module 32 including a long range transmitter and a long range receiver for transmitting and receiving data to and from a remote data management server 34 ( Figures 1 and 4).
  • the application executing on the processor 22 of the mobile telephone will periodically instruct the short range communications module 30 to check for a signal transmitted from any data management device 12.
  • This process could be reversed whereby the data management device 12 periodically checks if any mobile communications devices 16 are in range.
  • a short range communication session typically via Bluetooth is set up between the mobile communications device 16 and the data management device 12.
  • the mobile communications device 16 has stored thereon any encrypted data packets received from the server 34 these will be transmitted to the data management device 12 together with an identification of the mobile communications device 16.
  • the mobile communications device 16 may in return receive an encrypted data packet from the data management device 12 for transmission back to the server 34.
  • the data packets will typically include device identification data, data updates and a data version number. This is because data stored in the memory 18 of the data management device in terms of the present invention needs to be kept in sync with data stored in the memory 36 of the server 34.
  • the encrypted data packet transmitted from the mobile communications device 16 to the data management device 12 may include data to be altered in the data being managed on the device 12 and a data version number. This encrypted data packet will have been received via the long range communications module 32 from the server transmitter 42.
  • Any encrypted data packets received by the mobile communications device 16 from the data management device 12 will be transmitted via the long range communications module 32 to the remote data management server 34.
  • the mobile communications device 16 will use whatever network it is connected to at the time to transmit data to the server 34 which could be by using cellular data or a Wifi network, and to then receive data from the server 34.
  • the mobile communications device 16 is not trusted as it is unrelated to the device 12 or the server 34, so the mobile communication device 16 does not decrypt the data packets but merely transfers them backwards and forwards.
  • the remote data management server 34 includes a memory 36, a processor 38, a receiver 40 and a transmitter 42.
  • the server 34 thus includes a number of modules to implement the present invention and an associated memory 36. ln one example embodiment, the modules described below may be implemented by a machine-readable medium embodying instructions which, when executed by a machine, cause the machine to perform any of the methods described above.
  • modules may be implemented using firmware programmed specifically to execute the method described herein.
  • modules illustrated could be located on one or more servers operated by one or more institutions.
  • modules form a physical apparatus with physical modules specifically for executing the steps of the method described herein.
  • the memory 36 stores data therein including a plurality of data management device identifications, and for each device, updated data being managed for that device as well as an updated data version number.
  • the data being managed is a list of one or more mobile communications devices that are allowed access to an area where the barrier device is located as well as a list of which mobile communications devices were granted access to the area.
  • the list of devices is typically first uploaded and then maintained by a user who accesses the server 34 using the Internet.
  • the user will typically enter a username and password and will then be allowed to update one or more lists pertaining to their access controllers. Indeed, every time the user wants to make changes to the data being managed, they will access the server 34 by way of the Internet, login using their username and password and then make the data changes they require.
  • this will typically be adding or deleting mobile telephone numbers from the list of mobile telephone numbers which are allowed access to the area.
  • the same encrypted data packet is transmitted to a plurality of mobile communications devices 16 for onward transmission.
  • the plurality of mobile communication devices to which the encrypted data is transmitted are the same mobile communication devices which are identified in the list stored in the memory 36.
  • the mobile communications device 16 therefore receives from the remote access management server 34 the update data and data version identifier including any changes to the list of mobile communication devices that are allowed access to the area to which the identified barrier device prevents access, and transmits this data via the short range communications module to the communications module 14.
  • Any data received is typically stored in the memory 28 of the mobile communications device after having been received and only deleted from t e memory 28 once a confirmation message is received back from the data management device 12 that the list stored in the memory 18 has been successfully updated.
  • the list of devices will be stored in one data block with its own data version number and the log of all devices allowed access will be stored in a number data block with its own data version number.
  • the receiver 40 receives encrypted data packets transmitted from the device 12 to the mobile communications device 16.
  • the data packets will include a data management device identification, data to be altered and a data version identifier.
  • the processor 38 decrypts the data packet and extracts this information.
  • the processor 38 then accesses the memory 36 to determine if any data has been altered in the data in the memory 18.
  • the processor 38 will update the data stored in the memory 36 by altering the data being managed and storing the received data version number.
  • a mobile device identification is also transmitted via the short range communications module 30 from the mobile communications device 16 to the communications module 14 of the data management device 12.
  • the processor 20 will then compare the mobile device identification with a list of mobile device identifications stored in the memory 18. If a match is confirmed, the processor 20 will control the barrier device to open and thereby to allow access to the user of the mobile communications device.
  • the barrier device in one example is only opened when the mobile communications device 1 6 comes within range of the barrier device 10 and associated controller 12. This range will be technology dependent.
  • the list of mobile communications devices that are allowed access by the access controller 12 is constantly kept updated without the need for the controller 12 to have direct communication ability to the server 34. Rather, this communication is piggybacked off existing mobile communications devices.
  • the mobile communications device 16 will only communicate with the server 34 upon receipt of a message from the access controller 12.
  • each updated record is 16-32 bytes per record where a record is either adding or removing a user to/from the controller.
  • An example of such a record is:
  • list updated data referred to above may be comprised of a number of such records where each record indicates a mobile communications device to be added or removed from the list stored on the access controller 12.
  • a controller is attached to a household gate motor which will allow users to gain access to the gate without the need for a cumbersome remote.
  • a user will buy the gate solution, install it and then activate it via a web panel where they will select which users they want to allow access.
  • the present invention provides a system and method for updating data in a memory which does not have long range communication accessibility.
  • remote software updates could be implemented using the same technique for example where the data management device 12 doubles as an access controller the software executing on the processor 20 could be replaced by being transmitted to the device 12 via a mobile telephone 16.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A data management device includes a communications module including a transmitter and a receiver for transmitting signals via a short range communication protocol to a mobile communication device in range of the transmitter and for receiving signals via the short range communication protocol from the mobile communications device. A memory has data stored therein including identification data, data to be managed and a data version identifier. A processor controls the device to receive encrypted update data via the short range communication protocol from a mobile communication device in range of the data management device and decrypt the received update data to extract data to be altered in the data being managed and a data version number. The processor next compares the received data version number with the stored data version number and if the received data version number is higher than the stored data version number then altering the data stored in the memory as per the received data and storing the received data version number.

Description

A DATA MANAGEMENT SYSTEM AND METHOD
BACKGROUND OF THE INVENTION
The present application relates to a data management device, system and method.
There are many types of systems and devices which have data stored in a memory associated with the system or device and which do not have long range communication ability.
Managing and updating the data stored in the memory is therefore challenging.
The present invention seeks to address this. SUMMARY OF THE INVENTION
According to one example embodiment, a data management device is provided, the device including: a communications module including a transmitter and a receiver for transmitting signals via a short range communication protocol to a mobile communication device in range of the transmitter and for receiving signals via the short range communication protocol from the mobile communications device; a memory having data stored therein including identification data, data to be managed and a data version identifier; a processor to control the device to: receive encrypted update data via the short range communication protocol from a mobile communication device in range of the data management device; decrypt the received update data and extracting data to be altered in the data being managed and a data version number; compare the received data version number with the stored data version number; and if the received data version number is higher than the stored data version number then altering the data stored in the memory as per the received data and storing the received data version number. According to another example embodiment, a remote data management server includes: a transmitter and a receiver for transmitting and receiving data to and from a mobile communications device; a memory for storing data therein, the data including a plurality of data management device identifications and for each device, data being managed for that device as well as a current data version number; and a processor running executable code thereon to: receive an instruction to alter data from the data being managed; preparing encrypted update data including the data to be altered and a data version number; and transmitting the encrypted update data to a mobile communication device for onward transmission to a remote data management device.
According to another example embodiment, a data management method is provided, the method including at a data management device including a memory having data stored therein including identification data, data to be managed and a data version identifier: receiving encrypted update data via a short range communication protocol from a mobile communications device in range of the data management device; decrypting the received update data and extracting data to be altered in the data being managed and a data version number; comparing the received data version number with the stored data version number; and if the received data version number is higher than the stored data version number then altering the data stored in the memory as per the received data and storing the received data version number.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is an example data management system;
Figure 2 is a block diagram illustrating a data management device;
Figure 3 is a block diagram illustrating an example mobile communications device; and
Figure 4 is a block diagram illustrating an example remote data management server of the access control system.
DESCRIPTION OF EMBODIMENTS
Referring to the accompanying Figures, a data management system is illustrated which implements a data management methodology as will be described below and in accordance with the methodology of the present invention.
While the data management system of the present invention has numerous applications, for purposes of illustration, the data management system will be described in conjunction with a barrier device 10 for preventing access to an area.
It will be appreciated when reading the description that the data management system and method indeed has many other applications too numerous to mention where data stored in a memory needs to be updated but the system or device with which the memory is associated does not have long range communication ability. For example, the system or device is not connected to the Internet.
In any event, in the accompanying drawing, the barrier device 10 is illustrated as a turnstile. However, it will be appreciated that the barrier device could take any other appropriate form such as a locked door, for example.
In addition, the barrier device illustrated is used to prevent access by a person but it will be appreciated that the barrier device could be used to prevent access by a vehicle, for example. An exemplary application of this is a gate to a house or a boom for a parking lot to name but two examples.
In any case, the barrier device 10 prevents or allows access to a predetermined area.
It will be appreciated that a single barrier device 10 and associated data management device 12 are illustrated but in practice a large number of these will make use of the methodology and system described below.
In any event, a data management device 12 is associated with the barrier device 10 and is located in physical proximity to the barrier device.
The data management device 12 includes a communications module 14 (Figure 2) including a transmitter and a receiver.
The communications module 14 is used for transmitting signals via a short range communication protocol to a mobile communication device 16 in range of the transmitter and for receiving signals via the short range communication protocol from the mobile communications device.
Whilst only a single mobile communications device 16 is illustrated, in practice a large number of mobile communications devices 16 will be used. The mobile communications device 16 in the illustrated embodiment is a mobile telephone. In other examples the mobile communications device could be a different type of device with appropriate communication capability.
In one example embodiment, the short range communication protocol is Bluetooth or more specifically Bluetooth Low Energy. It will be appreciated that any other suitable short range communication protocol can be used such as Near Field Communication (NFC) or high frequency audio communication to name but two of many further examples.
It will however be appreciated from the description below that the short range communication protocol is a wireless communication protocol.
Referring to Figure 2, a memory 18 has data stored therein including device identification data, data to be managed by the device 12 as well as a data version identifier which identifies a version of the data to be managed and the use of this will be described in more detail below.
It will be appreciated that the exact nature of the data being managed will depend on the particular application of the device.
In the example application under discussion the data to be managed is a list of mobile communication devices that are allowed access to the area. The data may also include a list of devices that have been allowed access together with the date and time that access was allowed.
A processor 20 controls the operation of the data management device 12 and the functionality of this will be described in more detail below.
The challenge is that the data that needs to be managed needs to be updated periodically but the device 12 does not have its own communication means by which it can communicate with the server. In order to solve this problem the device 12 uses a plurality of mobile communications devices 16 to piggy back off as will be described in more detail below.
Referring to Figure 3, a mobile communications device 16 includes a processor 22 which is used for running executable code thereon. The executable code is typically in the form of a so-called application that executes on the mobile communications device 16. This will be described in more detail below.
The mobile communication device 16 also includes a display 24 whereby information can be displayed to a user of the device and a user interface 26 by means of which a user can input information into the device 16.
Where the mobile communications device 1 6 is a mobile telephone, the display 24 will be a screen of the mobile telephone and the user interface 26 includes a keyboard. As is well-known, the keyboard can either be separate keys or can be implemented via the screen which will be a touchscreen.
A memory 28 is used for storing data therein including a mobile device identification number.
The identification number could be the Mobile Subscriber Integrated Services Digital Network-Number (MSISDN) or International mobile Subscriber Identity (IMSI) both of which are used to identify subscribers in a mobile communications network.
In another example, the user identification is a universally unique identifier (UUID) which is an identifier standard used in software. This will be generated either by the executable application or the server and stored in the memory 28. The mobile communications device 16 also includes a short range communications module 30 including a short range transmitter and a short range receiver for transmitting and receiving data using a short range communications protocol and a long range communications module 32 including a long range transmitter and a long range receiver for transmitting and receiving data to and from a remote data management server 34 (Figures 1 and 4).
In any event, in one example embodiment, the application executing on the processor 22 of the mobile telephone will periodically instruct the short range communications module 30 to check for a signal transmitted from any data management device 12.
This process could be reversed whereby the data management device 12 periodically checks if any mobile communications devices 16 are in range.
In either case, a short range communication session typically via Bluetooth is set up between the mobile communications device 16 and the data management device 12.
If the mobile communications device 16 has stored thereon any encrypted data packets received from the server 34 these will be transmitted to the data management device 12 together with an identification of the mobile communications device 16.
The mobile communications device 16 may in return receive an encrypted data packet from the data management device 12 for transmission back to the server 34.
The data packets will typically include device identification data, data updates and a data version number. This is because data stored in the memory 18 of the data management device in terms of the present invention needs to be kept in sync with data stored in the memory 36 of the server 34.
However, changes can be made to the data in either memory 18 or 36 and these changes would then need to be transmitted via the mobile communications device 16 to the other memory.
Thus the encrypted data packet transmitted from the mobile communications device 16 to the data management device 12 may include data to be altered in the data being managed on the device 12 and a data version number. This encrypted data packet will have been received via the long range communications module 32 from the server transmitter 42.
Any encrypted data packets received by the mobile communications device 16 from the data management device 12 will be transmitted via the long range communications module 32 to the remote data management server 34.
It will be appreciated that the mobile communications device 16 will use whatever network it is connected to at the time to transmit data to the server 34 which could be by using cellular data or a Wifi network, and to then receive data from the server 34.
It will also be appreciated that the mobile communications device 16 is not trusted as it is unrelated to the device 12 or the server 34, so the mobile communication device 16 does not decrypt the data packets but merely transfers them backwards and forwards.
Referring now to Figure 4, the remote data management server 34 includes a memory 36, a processor 38, a receiver 40 and a transmitter 42.
The server 34 thus includes a number of modules to implement the present invention and an associated memory 36. ln one example embodiment, the modules described below may be implemented by a machine-readable medium embodying instructions which, when executed by a machine, cause the machine to perform any of the methods described above.
In another example embodiment the modules may be implemented using firmware programmed specifically to execute the method described herein.
It will be appreciated that embodiments of the present invention are not limited to such architecture, and could equally well find application in a distributed, or peer-to-peer, architecture system. Thus the modules illustrated could be located on one or more servers operated by one or more institutions.
It will also be appreciated that in any of these cases the modules form a physical apparatus with physical modules specifically for executing the steps of the method described herein.
The memory 36 stores data therein including a plurality of data management device identifications, and for each device, updated data being managed for that device as well as an updated data version number.
In the present illustrative example, the data being managed is a list of one or more mobile communications devices that are allowed access to an area where the barrier device is located as well as a list of which mobile communications devices were granted access to the area.
The list of devices is typically first uploaded and then maintained by a user who accesses the server 34 using the Internet.
The user will typically enter a username and password and will then be allowed to update one or more lists pertaining to their access controllers. Indeed, every time the user wants to make changes to the data being managed, they will access the server 34 by way of the Internet, login using their username and password and then make the data changes they require.
In the illustrative example, this will typically be adding or deleting mobile telephone numbers from the list of mobile telephone numbers which are allowed access to the area.
If the user has changed the list of mobile communications devices which are allowed access, these changes will have been stored in the memory 36 and the data version number increased.
This will be compiled into update data by the processor 38 which will then be encrypted and transmitted via the transmitter 42 to the mobile communications device 16 for onward transmission to the data management device 12.
In one example the same encrypted data packet is transmitted to a plurality of mobile communications devices 16 for onward transmission.
In one example, the plurality of mobile communication devices to which the encrypted data is transmitted are the same mobile communication devices which are identified in the list stored in the memory 36.
The mobile communications device 16 therefore receives from the remote access management server 34 the update data and data version identifier including any changes to the list of mobile communication devices that are allowed access to the area to which the identified barrier device prevents access, and transmits this data via the short range communications module to the communications module 14.
Any data received is typically stored in the memory 28 of the mobile communications device after having been received and only deleted from t e memory 28 once a confirmation message is received back from the data management device 12 that the list stored in the memory 18 has been successfully updated.
In an access control example application, what will typically be transmitted from the server to the data management device will be updates to the list of mobile communication devices which are allowed access to the server and what will typically be transmitted from the data management device back to the server will be a log of all devices that have been allowed access, typically including a date and time of access.
In this example, the list of devices will be stored in one data block with its own data version number and the log of all devices allowed access will be stored in a number data block with its own data version number.
This will prevent confusion if updates are made to the list on the server and to the access log on the data management device at the same time.
In order to update the log data in the memory 36, this can occur as follows.
The receiver 40 receives encrypted data packets transmitted from the device 12 to the mobile communications device 16. The data packets will include a data management device identification, data to be altered and a data version identifier.
The processor 38 decrypts the data packet and extracts this information.
The processor 38 then accesses the memory 36 to determine if any data has been altered in the data in the memory 18.
This is done by comparing the received data version identifier with a stored data version identifier in the memory 36. If the received data version number is higher than the stored data version number then the processor 38 will update the data stored in the memory 36 by altering the data being managed and storing the received data version number.
In addition to the above, in an access control example application, a mobile device identification is also transmitted via the short range communications module 30 from the mobile communications device 16 to the communications module 14 of the data management device 12.
The processor 20 will then compare the mobile device identification with a list of mobile device identifications stored in the memory 18. If a match is confirmed, the processor 20 will control the barrier device to open and thereby to allow access to the user of the mobile communications device.
It will be appreciated that the barrier device in one example is only opened when the mobile communications device 1 6 comes within range of the barrier device 10 and associated controller 12. This range will be technology dependent.
In any event, it will be appreciated that the list of mobile communications devices that are allowed access by the access controller 12 is constantly kept updated without the need for the controller 12 to have direct communication ability to the server 34. Rather, this communication is piggybacked off existing mobile communications devices.
In one example, it is envisaged that the mobile communications device 16 will only communicate with the server 34 upon receipt of a message from the access controller 12.
In addition, to reduce data usage, each updated record is 16-32 bytes per record where a record is either adding or removing a user to/from the controller. An example of such a record is:
{Action: "ADD", Identifier:"05c79fe1 -db3a-464c-868a-84e05d989747"}
Thus the list updated data referred to above may be comprised of a number of such records where each record indicates a mobile communications device to be added or removed from the list stored on the access controller 12.
In one example implementation of the above, a controller is attached to a household gate motor which will allow users to gain access to the gate without the need for a cumbersome remote.
It will also allow users to issue access to family members and friends and even define times with which the issued users can enter.
Because these gate motors do not have wired internet, the controller needs to knows who has access and who does not without the controller being updated via the internet.
Thus even though rules are user configured via the Internet, the updating of the controller is not.
In practice, a user will buy the gate solution, install it and then activate it via a web panel where they will select which users they want to allow access.
All they then have to do is drive up to the gate with their mobile telephone, and they will automatically update the controller via short range communication with all users who have been allowed access.
If ever new users are added or old ones removed, it will just take any user, whether allowed or not, to drive within the range of the controller and it will be updated with the new list, again via short range communication. Thus it will be appreciated that the present invention provides a system and method for updating data in a memory which does not have long range communication accessibility.
In a similar manner, remote software updates could be implemented using the same technique for example where the data management device 12 doubles as an access controller the software executing on the processor 20 could be replaced by being transmitted to the device 12 via a mobile telephone 16.

Claims

CLAIMS:
1 . A data management device is provided, the device including: a communications module including a transmitter and a receiver for transmitting signals via a short range communication protocol to a mobile communication device in range of the transmitter and for receiving signals via the short range communication protocol from the mobile communications device; a memory having data stored therein including identification data, data to be managed and a data version identifier; a processor to control the device to: receive encrypted update data via the short range communication protocol from a mobile communication device in range of the data management device; decrypt the received update data and extracting data to be altered in the data being managed and a data version number; compare the received data version number with the stored data version number; and if the received data version number is higher than the stored data version number then altering the data stored in the memory as per the received data and storing the received data version number.
2. A device according to claim 1 wherein the processor further: accesses the data being managed to determine if any data has been altered by the data management device; and if any data has been altered, encrypting the altered data together with a current data version number of the data stored in the memory and sending this encrypted data to the mobile communication device for onward transmission to a server.
3. A device according to claim 1 or claim 2 wherein the device is associated with an electronic access control system and the data stored in the memory includes a list of mobile communication devices that are allowed access to the area.
4. A device according to any preceding claim wherein the data being managed includes a list of identifications of mobile communication devices that are allowed access to an area.
5. A device according to claim 4 wherein the data to be altered includes adding or removing one or more identifications of mobile communication devices that are allowed access to the area from the list.
6. A device according to claim 4 or claim 5 wherein together with the received encrypted update data, an identification of the mobile communication device in range of the data management device is received, and wherein the device compares the received identification with the stored list of mobile communication devices and if the received identification is in the list, transmitting a message to a barrier device to open to allow the user of the mobile communication devices access to the area.
7. A remote data management server including: a transmitter and a receiver for transmitting and receiving data to and from a mobile communications device; a memory for storing data therein, the data including a plurality of data management device identifications and for each device, data being managed for that device as well as a current data version number; and a processor running executable code thereon to: receive an instruction to alter data from the data being managed; prepare encrypted update data including the data to be altered and a data version number; and transmit the encrypted update data to a mobile communication device for onward transmission to a remote data management device.
8. A remote data management server according to claim 7 wherein the processor further: receives encrypted update data from the mobile communication device; decrypts the received update data and extracts data to be altered in the being managed at the server and a data version number; compares the received data version number with the stored data version number; and if the received data version number is higher than the stored data version number then updating the data stored in the memory using the received data to be altered and storing the received data version number.
9. A data management method is provided, the method including at a data management device including a memory having data stored therein including identification data, data to be managed and a data version identifier: receiving encrypted update data via a short range communication protocol from a mobile communications device in range of the data management device; decrypting the received update data and extracting data to be altered in the data being managed and a data version number; comparing the received data version number with the stored data version number; and if the received data version number is higher than the stored data version number then altering the data stored in the memory as per the received data and storing the received data version number.
10. A method according to claim 9 wherein the method further includes: accessing the data being managed to determine if any data has been altered in the memory of the data management device; and if any new data has been altered, encrypting the altered data together with a current data version number of the data stored in the memory and sending this encrypted data to the mobile communication device for onward transmission to a server.
1 1 . A method according to claim 9 or claim 10 wherein the device is associated with an electronic access control system and the data stored in the memory includes a list of mobile communication devices that are allowed access to the area.
12. A method according to any one of claims 9 to 1 1 wherein the data being managed includes a list of identifications of mobile communication devices that are allowed access to an area.
13. A method according to claim 12 wherein the data to be altered includes adding or removing one or more identifications of mobile communication devices that are allowed access to the area from the list.
14. A method according to claim 12 or claim 13 wherein together with the received encrypted update data, an identification of the mobile communication device in range of the data management device is received, and wherein the device compares the received identification with the stored list of mobile communication devices and if the received identification is in the list, transmitting a message to a barrier device to open to allow the user of the mobile communication devices access to the area.
PCT/IB2017/055698 2016-09-22 2017-09-20 A data management system and method Ceased WO2018055523A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2016/06577 2016-09-22
ZA201606577 2016-09-22

Publications (1)

Publication Number Publication Date
WO2018055523A1 true WO2018055523A1 (en) 2018-03-29

Family

ID=60120091

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2017/055698 Ceased WO2018055523A1 (en) 2016-09-22 2017-09-20 A data management system and method

Country Status (1)

Country Link
WO (1) WO2018055523A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090181662A1 (en) * 2007-09-01 2009-07-16 David Fleischman Postponed Carrier Configuration
US20140020437A1 (en) * 2005-03-18 2014-01-23 Phoniro Ab Lock actuating device and an access control system
US20150310685A1 (en) * 2009-11-27 2015-10-29 Phoniro Ab Access control method, and associated lock device and administration server
WO2016023558A1 (en) * 2014-08-14 2016-02-18 Poly-Care Aps Method for operating a door lock by encrypted wireless signals

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140020437A1 (en) * 2005-03-18 2014-01-23 Phoniro Ab Lock actuating device and an access control system
US20090181662A1 (en) * 2007-09-01 2009-07-16 David Fleischman Postponed Carrier Configuration
US20150310685A1 (en) * 2009-11-27 2015-10-29 Phoniro Ab Access control method, and associated lock device and administration server
WO2016023558A1 (en) * 2014-08-14 2016-02-18 Poly-Care Aps Method for operating a door lock by encrypted wireless signals

Similar Documents

Publication Publication Date Title
EP2179560B1 (en) Wireless device authentication and security key management
US20240048985A1 (en) Secure password sharing for wireless networks
US9330514B2 (en) Systems and methods for locking device management
KR102406757B1 (en) A method of provisioning a subscriber profile for a secure module
EP2858393B1 (en) Subscription manager secure routing device switching method and device
US10826945B1 (en) Apparatuses, methods and systems of network connectivity management for secure access
KR101289530B1 (en) Method and apparatus for bearer and server independent parental control on smartphone, managed by the smartphone
CN113286290B (en) Method and device for downloading configuration files of group equipment
KR20120131541A (en) Method for smart phone registration when accessing security authentication device and method for access authentication of registered smart phone
CN106656923A (en) Device association method, key update method and apparatuses
US20170238235A1 (en) Wireless router and router management system
JP5724039B2 (en) COMMUNICATION SYSTEM, MOBILE COMMUNICATION DEVICE, MIGRATION CONTROL DEVICE, MIGRATION CONTROL METHOD, AND MIGRATION CONTROL PROGRAM
US20170238236A1 (en) Mac address-bound wlan password
US10075447B2 (en) Secure distributed device-to-device network
US11178145B2 (en) Network apparatus and control method thereof
WO2016190811A1 (en) Seamless unique user identification and management
KR101854389B1 (en) System and Method for application authentication
WO2018055523A1 (en) A data management system and method
EP4241415B1 (en) A method of, a provisioner and a system for provisioning a plurality of operatively interconnected node devices in a network
CN108769989A (en) A kind of wireless network connection method, wireless access device and equipment
WO2017165043A1 (en) Mac address-bound wlan password
KR20180068513A (en) Method, apparatus and computer program for managing password of home hub terminal
KR20180099304A (en) System and method for zone communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17785009

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17785009

Country of ref document: EP

Kind code of ref document: A1