Abstract: A wireless node for use in a network of wireless nodes, for performing a localization to determine a location of a mobile device based on respective beacon signals transmitted wirelessly between the mobile device and each of a plurality of the wireless nodes. The first wireless node is configured to: wirelessly transmit or receive the respective beacon signal for use in determining the location of the mobile device; and wirelessly transmit information vouching for one or more others of the wireless nodes as being trusted for use in the localization. This information is transmitted to a device performing the localization (e.g. the mobile device), for use in identifying one or more rogue versions of said wireless nodes.

Abstract: A first plurality (201) of network nodes (120-123, 130-133) of a network (100) is associated with a first cryptographic keying material and the multicast IP address. A second plurality (202) of network nodes (120-123, 130-133) of the network (100) is associated with a second cryptographic keying material and the multicast IP address. The first cryptographic keying material has a different secret than the second cryptographic keying material.

Abstract: Disclosed are systems and methods for cloud-based monitoring and control of physical environments. In various embodiments, a computing device (1350, 1450, 1550) seeking to verify credentials of a lighting system controller (1352, 1452, 1552) may obtain unverified credentials of the lighting system controller. The computing device may transmit, to a first remote device via a first network communication channel, a request to verify the unverified credentials. The computing device may receive verification from the first remote device or a second remote device via a second network communication channel. The second network communication channel may be different than the first network communication channel. The computing device may compare the unverified credentials to the verification data and verify, based on the comparing, that the unverified credentials are legitimate.

Abstract: An electronic network device (200) and an electronic configurator device (300) for provisioning the network device. The network device is configured to send a public key to configurator device (300) over an established first wireless (231) connection, and to receive encrypted credentials wirelessly from the configurator device. The configurator device is configured to receiving the public key over the established first wireless connection, to send credentials wirelessly encrypted with the public key to the network device over the established first wireless connection.

Abstract: In one aspect, a mobile device is located using a signal sent out from the mobile device to nodes of a location network, and the mobile device also sends a tracking preference associated with the signal. This specifies whether a location network is permitted to use the signal to determine the mobile's location, and/or whether a provider of a location related service associated with a location network is permitted to make use of the location. In embodiments the preference may be tagged with the ID of a particular provider. In another aspect, the localization is based on measurements taken by a mobile terminal of signals sent from the nodes, and the nodes also send out an identifier with the signal identifying a provider of a location related service associated with the network. The mobile device can then use this identifier to determine who to share its measurements or location with.

Abstract: A system (200) for protecting location information has beacons (240), a provider server (220) for providing at least one location based service, a location server (230) and mobile devices (210). The mobile device has a location engine (211) for controlling the location information and a location based application (212) for using the location information. The provider server generates unique data and authorizes the location based application, and subsequently provides location based services in dependence on an encrypted location. The location server determines the location based on a property of the radiation and encrypts the location. The location engine obtains a verification of customer data of the location based application, which indicates that use rights allow transfer of the location information to the location based application, and upon obtaining the verification transfers the encrypted location to the location based application.

Abstract: An electronic random number generating device (100) for generating a sequence of random numbers, the electronic random number generating device comprising an electronic parameter storage (110) configured to store multiple functions and for each function of the multiple functions an associated modulus, not all moduli being equal, and an electronic function evaluation device (120) configured to generate an internal sequence of random numbers, the function evaluation device being configured to generate a next number in the internal sequence of random numbers by for each function of the multiple functions, evaluating the function for a previously generated value in the internal sequence of random numbers modulo the modulus associated with the evaluating function, so obtaining multiple evaluation results, and applying a combination function to the multiple evaluation results to obtain the next number in the internal sequence, and an output (140) configured to generate a next number in the sequence of random number

Abstract: Disclosed are systems and methods for cloud-based monitoring and control of physical environments. In various embodiments, a computing device (1350, 1450, 1550) seeking to verify credentials of a lighting system controller (1352, 1452, 1552) may obtain unverified credentials of the lighting system controller. The computing device may transmit, to a first remote device via a first network communication channel, a request to verify the unverified credentials. The computing device may receive verification from the first remote device or a second remote device via a second network communication channel. The second network communication channel may be different than the first network communication channel. The computing device may compare the unverified credentials to the verification data and verify, based on the comparing, that the unverified credentials are legitimate.

Abstract: In one aspect, a mobile device is located using a signal sent out from the mobile device to nodes of a location network, and the mobile device also sends a tracking preference associated with the signal. This specifies whether a location network is permitted to use the signal to determine the mobile's location, and/or whether a provider of a location related service associated with a location network is permitted to make use of the location. In embodiments the preference may be tagged with the ID of a particular provider. In another aspect, the localization is based on measurements taken by a mobile terminal of signals sent from the nodes, and the nodes also send out an identifier with the signal identifying a provider of a location related service associated with the network. The mobile device can then use this identifier to determine who to share its measurements or location with.

Abstract: A method of determining a location of a mobile device based on a first location estimation performed using a first location system, the method comprising: obtaining an initial estimate of the mobile device's location based on a second location estimation that is coarser than the first location estimation; using the initial estimate to select a subset of the reference nodes of the first network that are within a defined vicinity of the mobile device's location; and from amongst a database of respective assistance data for each of the wireless reference nodes stored on a server of the first location system, selectively providing the respective assistance data for each of said subset of wireless reference nodes to a localization module on the mobile device, for the localization module of the mobile device to calculate a finer estimate of the mobile device's location.

Abstract: A system (200) for protecting location information has beacons (240), a provider server (220) for providing at least one location based service, a location server (230) and mobile devices (210). The mobile device has a location engine (211) for controlling the location information and a location based application (212) for using the location information. The provider server generates unique data and authorizes the location based application, and subsequently provides location based services in dependence on an encrypted location. The location server determines the location based on a property of the radiation and encrypts the location. The location engine obtains a verification of customer data of the location based application, which indicates that use rights allow transfer of the location information to the location based application, and upon obtaining the verification transfers the encrypted location to the location based application.

Abstract: In one aspect, a mobile device is located using a signal sent out from the mobile device to nodes of a location network, and the mobile device also sends a tracking preference associated with the signal. This specifies whether a location network is permitted to use the signal to determine the mobile's location, and/or whether a provider of a location related service associated with a location network is permitted to make use of the location. In embodiments the preference may be tagged with the ID of a particular provider. In another aspect, the localization is based on measurements taken by a mobile terminal of signals sent from the nodes, and the nodes also send out an identifier with the signal identifying a provider of a location related service associated with the network. The mobile device can then use this identifier to determine who to share its measurements or location with.

Abstract: The present invention relates to a method for access decision evaluation in a building automation and control system, the method comprising: sending, from an accessing device (10) to an accessed device (20), an access request, sending, from the accessed device (20) to a central decision evaluation apparatus (30), an evaluation request asking if the access request is granted or denied, evaluating, at the central decision evaluation apparatus (30), the evaluation request using one or more central access control policies in order to reach a decision on if the access request is granted or denied, deriving, at the central decision evaluation apparatus (30), the one or more central access control policies that was used for evaluation into a device specific access policy, sending, from the central decision evaluation apparatus (30) to the accessed device (20), the decision and the device specific access policy, and storing, at the accessed device (20), the device specific access policy.

Abstract: A wireless network (252) has a mesh structure of wireless communication links between nodes (210, 220). The network enables an unsecured node (230) to join the network by exchanging joining messages with a configurator (200). The configurator (200) is arranged for determining network security states including an insecure state in which all nodes are in the unsecured mode and the network is open for joining nodes; a partially secure state in which at least one node (210, 220) is in the secured mode and the network is open for joining nodes; and a secure state in which the network is closed to nodes in the unsecured mode. The nodes detect the security state and adapt their operation to the detected security state of the network and the mode of the device. The adapted operation enables flexible security bootstrapping of the network.

Abstract: A wireless node for use in a network of wireless nodes, for performing a localization to determine a location of a mobile device based on respective beacon signals transmitted wirelessly between the mobile device and each of a plurality of the wireless nodes. The first wireless node is configured to: wirelessly transmit or receive the respective beacon signal for use in determining the location of the mobile device; and wirelessly transmit information vouching for one or more others of the wireless nodes as being trusted for use in the localization. This information is transmitted to a device performing the localization (e.g. the mobile device), for use in identifying one or more rogue versions of said wireless nodes.

Abstract: An electronic network device (200) and an electronic configurator device (300) for provisioning the network device. The network device is configured to send a public key to configurator device (300) over an established first wireless (231) connection, and to receive encrypted credentials wirelessly from the configurator device. The configurator device is configured to receiving the public key over the established first wireless connection, to send credentials wirelessly encrypted with the public key to the network device over the established first wireless connection.

Abstract: A first plurality (201) of network nodes (120-123, 130-133) of a network (100) is associated with a first cryptographic keying material and the multicast IP address. A second plurality (202) of network nodes (120-123, 130-133) of the network (100) is associated with a second cryptographic keying material and the multicast IP address. The first cryptographic keying material has a different secret than the second cryptographic keying material.

Abstract: The disclosure relates to a lighting system which can be controlled from a wireless device in dependence on complying with an access rule that the wireless device is determined to be within in a spatial region associated with the lighting system. The disclosure provides apparatus for securing against the lighting system being controlled from a device located outside the relevant region via a rogue relay device located in that region. The apparatus comprises a user location module configured to determine user location information indicative of whether a user is accompanying the wireless device in the region associated with the lighting system, and an access module which is configured with a further access rule: that it does not allow the control of the lighting system by the wireless device if the user location information is indicative of the wireless device being unaccompanied by a user.

Abstract: A network device (110) is provided which is configured to determine a shared cryptographic key of key length (b) bits shared with a second network device (120) from a polynomial and an identity number of the second network device. A reduction algorithm is used to evaluate the polynomial in the identity number of the second network device and reduce module a public modulus and modulo a key modulus. The reduction algorithm comprises an iteration over the terms of the polynomial. In at least the iteration which iteration is associated with a particular term of the polynomial are comprised a first and second multiplication. The first multiplication is between the identity number and a least significant part of the coefficient of the particular term obtained from the representation of the polynomial, the least significant part of the coefficient being formed by the key length least significant bits of the coefficient of the particular term.

Abstract: A wireless device comprising: a wireless interface for communicating with a network of reference nodes, and a location module configured to obtain a measurement of a respective signal communicated between the wireless interface and each of a plurality of said reference nodes. The location module is also supplied with a respective set of transformed coordinates for each of said plurality of reference nodes, transformed relative to their actual physical coordinates. Using said signal measurements and the transformed coordinates of said plurality of reference nodes, the wireless device then submits information indicative of a transformed location of the wireless device to an interpretation function. Based on the interpretation function, the wireless device is thereby able to access functionality relating to the physical location of the mobile terminal.