Abstract: The invention relates to the control of networked lighting systems, particularly large scale networked lighting systems, and more specifically to an efficient transmission of messages to control luminaries of a networked lighting system. A basic idea of the invention is to provide an efficient and flexible multicast, particularly group cast message that addresses several or a group of luminaires, and that can control the addressed luminaries in an efficient way by compressing the distributed light settings using a function in order to reduce the communicational overhead.

Abstract: The present invention relates to a method of detecting a failed luminaire and/or light sensor in a lighting system comprising M luminaires and N light sensors. The elements Dsl of an N×M transfer matrix D expresses how each luminaire l affect a light sensor s with respect to sensed light intensity, wherein s=1, 2, . . . N, and l=1, 2, . . . , M.

Abstract: A system (200) for configuring a network device (300) for sharing a key, the shared key being • bits long, the system comprising:—a key material obtainer (210) for—obtaining in electronic form a first private set of bivariate polynomials (252, {hacek over (z)}?(,)), and a second private set of reduction integers (254, f?), with each bivariate polynomial in the first set there is associated a reduction integer of the second set, and a public global reduction integer (256, . . .

Abstract: A method of configuring a network device for key sharing and a method for a first network device to determine a shared key are provided. The method of configuring uses a private private modulus, and a modulus (p1) a public modulus (N), and a bivariate polynomial (f1) having integer coefficients, the binary representation of the public modulus and the binary representation of the private modulus are the same in at least key length (b) consecutive bits. Local key material for a network device is generated by substituting an identity number into the bivariate polynomial and reducing modulo the private modulus the result of the substitution to obtain a univariate polynomial. Security may be increased by adding (440) one or more obfuscating numbers to coefficients of the univariate polynomial to obtain an obfuscated univariate polynomial.

Abstract: A lighting system (100), a light source (110), a device (150), and a method of authorizing the device (150) by the light source (110) are provided. The lighting system (100) comprises a light source (110) to emit light (116), a device (150) to control the light source(110), a first communication channel from the light source (110) to the device (150), and a second communication channel from the device (150) to the light source (110). The first communication channel is formed by modulating information in the emitted light (116) of the light source (110). The light source (110) comprises a challenge generator (118), a light source transmitter (112), a light source receiver (122) and an authorizing means (120). The challenge generator (118) generates a challenge with a cryptographic function receiving an argument comprising a first cryptographic key. The light source transmitter (112) transmits the challenge via the first communication channel.

Abstract: For improving data packet transmission from a collector node to one or more network nodes without additional routing protocols or increase of the overall network load, a system and a method are provided, wherein a node and/or the collector node receiving an uplink data packet addressed to the collector node is adapted to store at least a sender node information and a transmitting node information as a reverse-route information for a predetermined time.

Abstract: A system (200) for configuring a network device (300) for key sharing is provided, and a first (300) and second network device configured to determine a shared key between them.

Abstract: Electronic signature system comprising an electronic key generation device (100) for generating a digital signing-key for digitally signing digital data and a corresponding verification-key for digitally verifying said digitally signed data, an electronic signature generation device (200) for generating a digital signature for digital data using a digital signing-key obtained from an electronic key generation device, and an electronic signature verification device (300) for verifying a digital signature generated by an electronic signature generation device. The verifier has access to a commitment integer and corresponding polynomial derived from private keying material, enabling verification of signature polynomials derived the same private keying material.

Abstract: The present invention relates to a method for access decision evaluation in a building automation and control system, the method comprising: sending, from an accessing device (10) to an accessed device (20), an access request, sending, from the accessed device (20) to a central decision evaluation apparatus (30), an evaluation request asking if the access request is granted or denied, evaluating, at the central decision evaluation apparatus (30), the evaluation request using one or more central access control policies in order to reach a decision on if the access request is granted or denied, deriving, at the central decision evaluation apparatus (30), the one or more central access control policies that was used for evaluation into a device specific access policy, sending, from the central decision evaluation apparatus (30) to the accessed device (20), the decision and the device specific access policy, and storing, at the accessed device (20), the device specific access policy.

Abstract: For secure configuration of network nodes from a backend with low connectivity requirements and workload at the backend and reduced communication overhead, a system, a control unit for a segment controller and a method for secure protocol execution in a network are provided, wherein protocol information is provided to a segment controller (60) for controlling a node (10) and a protocol is performed based on the protocol information to control the node (10), at least one response message of the node (10) being required at the segment controller (60) for performing one or more steps of the protocol.

Abstract: A network device (110) is provided which is configured to determine a shared cryptographic key of key length (b) bits shared with a second network device (120) from a polynomial and an identity number of the second network device. A reduction algorithm is used to evaluate the polynomial in the identity number of the second network device and reduce module a public modulus and modulo a key modulus. The reduction algorithm comprises an iteration over the terms of the polynomial. In at least the iteration which iteration is associated with a particular term of the polynomial are comprised a first and second multiplication. The first multiplication is between the identity number and a least significant part of the coefficient of the particular term obtained from the representation of the polynomial, the least significant part of the coefficient being formed by the key length least significant bits of the coefficient of the particular term.

Abstract: An electronic random number generating device (100) for generating a sequence of random numbers, the electronic random number generating device comprising an electronic parameter storage (110) configured to store multiple functions and for each function of the multiple functions an associated modulus, not all moduli being equal, and an electronic function evaluation device (120) configured to generate an internal sequence of random numbers, the function evaluation device being configured to generate a next number in the internal sequence of random numbers by for each function of the multiple functions, evaluating the function for a previously generated value in the internal sequence of random numbers modulo the modulus associated with the evaluating function, so obtaining multiple evaluation results, and applying a combination function to the multiple evaluation results to obtain the next number in the internal sequence, and an output (140) configured to generate a next number in the sequence of random number

Abstract: A method of configuring a network device for key sharing, the method comprising obtaining (410) in electronic form at least two parameter sets, a parameter set comprising a private modulus (p1) a public modulus (N), and a bivariate polynomial (f1) having integer coefficients, the binary representation of the public modulus and the binary representation of the private modulus are the same in at least key length (b) consecutive bits, generating local key material for the network device comprising obtaining (420) in electronic form an identity number (A) for the network device, and for each parameter set of the at least two parameter sets obtaining a corresponding univariate polynomial, by determining, using a polynomial manipulation device, a univariate polynomial from the bivariate polynomial of the parameter set by substituting (430) the identity number into said bivariate polynomial, and reducing the result of the substitution modulo the private modulus of the parameter set, and electronically storing (450)

Abstract: The invention provides methods, devices (102, 110, 124, 136) and communication systems (100) for establishing end-to-end secure connections and for securely communicating data packets. Such a communication system (100) comprises a first device (124, 136), an intermediate device (110) and a second device (102). The first device (124, 136) communications via a first network (120), which is based on a first transport protocol and a first transport security protocol with the intermediate device (110). The second device (102) communications via a second network, which is based on a second transport protocol and a second transport security protocol with the intermediate device (110). The intermediate device (110) modifies packets received via first network to packets suitable for communication via the second network, and vice versa. The first device (124, 136) is able to reconstruct a header of a received packet as if the packet was sent via the second network (108) and its transport and security protocols.

Abstract: The present invention relates to verification of the authenticity of a lighting device. There is provided a lighting device which is capable of emitting coded light. The lighting device has a challenge receiver, arranged to receive a challenge, and a response transmitter, arranged to generate and transmit a response to the challenge. The response is generated by means of the challenge and a secret key in combination. Furthermore, there is provided a corresponding verification device generating the challenge and providing it to the lighting device, and analyzing the response in order to check the authenticity of the lighting device.

Abstract: For reducing and homogenizing an end-to-end delay of data packet transmissions in a large-scale wireless mesh network, a device, a system and a method are provided for controlling data packet transmission in the wireless network, wherein transmission parameters of an intermediate node are adjusted based on a distance between the intermediate node and a sender node.

Abstract: The present invention relates to a system and corresponding method for a secure end-to-end patient healthcare system which includes wireless medical sensors adapted to be attached to a patient's body and in communication with each other forming a body sensor network within a wireless medical sensor network including one or more body sensor networks; ?-secure keying means incorporated into each wireless medical sensor for enabling secure communications between the wireless medical sensors, and a personal security manager within the body sensor network and in communication with the wireless medical sensors within the body sensor network, the personal security manager providing secure communications with backend services and providing security relationships within the body sensor network by means of the ?-secure keying means, wherein the ?-secure keying means are such that a coalition of no more than ? compromised wireless medical sensors conceals a pairwise key between any two non-compromised wireless medical s

Abstract: A method for securing communications between a first node (N1) and a second node (N2) in a network (1) further comprising a management device (2) provided with root keying materials, the method comprising the following steps: the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key, the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine, the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key, used for securing communications with the second node.

Abstract: A first communication unit (101) comprises: a processor (203) for obtaining local key material defining a first key generating function from a Trusted Third Party (TTP). An identity processor (205) obtaining an identity for a second communication unit (103 and a key generator (207) determines a first cryptographic key from the first key generating function based on the identity. A generator (209) locally generates a perturbation value which is not uniquely determined by data originating from the TTP. A key modifier (211) determines a shared cryptographic key by applying the perturbation value to the first cryptographic key. The second communication unit (103) also obtains key modifying data and uses it to determine a cryptographic key for the first communication unit (101). It then generates possible values of the perturbation value, and subsequently possible shared cryptographic keys. It then selects one that matches cryptographic data from the first communication unit (101).

Abstract: The present invention relates to a method of detecting a failed luminaire and/or light sensor in a lighting system comprising M luminaires and N light sensors. The elements Dsl of an N×M transfer matrix D expresses how each luminaire l affect a light sensor s with respect to sensed light intensity, wherein s=1, 2, . . . N, and l=1, 2, . . . , M.