Abstract: The resource metering system comprises: an end-point device (25) consuming a resource, in particular for usage in a building (2) or in an outdoor lighting system, said device comprising a detection unit that produces status information and an indicator of usefulness; a smart meter (20) comprising: a communication circuitry provided with an interface adapted for receiving from said device status information and said indicator of usefulness; a metrology device connected to a medium (17) that provides the resource to said device; and a control circuitry connected to the metrology device for collecting resource consumption data, the control circuitry being connected to the communication circuitry and adapted to produce monitoring data to be securely transmitted to a server (10) after processing the status information and said indicator. Monitoring data are used when determining consumption tariffs, so as to encourage energy efficient usage of the device.

Abstract: The present invention relates to a method for access decision evaluation in a building automation and control system, the method comprising: sending, from an accessing device (10) to an accessed device (20), an access request, sending, from the accessed device (20) to a central decision evaluation apparatus (30), an evaluation request asking if the access request is granted or denied, evaluating, at the central decision evaluation apparatus (30), the evaluation request using one or more central access control policies in order to reach a decision on if the access request is granted or denied, deriving, at the central decision evaluation apparatus (30), the one or more central access control policies that was used for evaluation into a device specific access policy, sending, from the central decision evaluation apparatus (30) to the accessed device (20), the decision and the device specific access policy, and storing, at the accessed device (20), the device specific access policy.

Abstract: The present invention relates to a method for access decision evaluation in a building automation and control system, the method comprising: sending, from an accessing device (10) to an accessed device (20), an access request, sending, from the accessed device (20) to a central decision evaluation apparatus (30), an evaluation request asking if the access request is granted or denied, evaluating, at the central decision evaluation apparatus (30), the evaluation request using one or more central access control policies in order to reach a decision on if the access request is granted or denied, deriving, at the central decision evaluation apparatus (30), the one or more central access control policies that was used for evaluation into a device specific access policy, sending, from the central decision evaluation apparatus (30) to the accessed device (20), the decision and the device specific access policy, and storing, at the accessed device (20), the device specific access policy.

Abstract: The invention provides methods, devices (102, 110, 124, 136) and communication systems (100) for establishing end-to-end secure connections and for securely communicating data packets. Such a communication system (100) comprises a first device (124, 136), an intermediate device (110) and a second device (102). The first device (124, 136) communications via a first network (120), which is based on a first transport protocol and a first transport security protocol with the intermediate device (110). The second device (102) communications via a second network, which is based on a second transport protocol and a second transport security protocol with the intermediate device (110). The intermediate device (110) modifies packets received via first network to packets suitable for communication via the second network, and vice versa. The first device (124, 136) is able to reconstruct a header of a received packet as if the packet was sent via the second network (108) and its transport and security protocols.

Abstract: The present invention relates to verification of the authenticity of a lighting device. There is provided a lighting device which is capable of emitting coded light. The lighting device has a challenge receiver, arranged to receive a challenge, and a response transmitter, arranged to generate and transmit a response to the challenge. The response is generated by means of the challenge and a secret key in combination. Furthermore, there is provided a corresponding verification device generating the challenge and providing it to the lighting device, and analyzing the response in order to check the authenticity of the lighting device.

Abstract: A system including a server system, a user terminal and a hardware token, for providing secure access to a data record. The server system comprises storage means (1) for storing a plurality of data records, a data record (2) having associated therewith a sequence of secrets (14) shared with a hardware token (60) corresponding to the data record (2), the server system (100) further being arranged for storing user authentication information (3). User authenticating means (10) are provided for receiving authentication credentials (11) of a user from a user terminal (200) and authenticating the user as an authorized user, based on the authentication credentials (11) of the user and the stored authentication information (3). Secret-receiving means (9) are provided for receiving a representation of a secret (13) revealed by a hardware token (60) and information identifying the data record corresponding to the hardware token from the terminal.

Abstract: The invention provides methods, devices (102, 110, 124, 136) and communication systems (100) for establishing end-to-end secure connections and for securely communicating data packets. Such a communication system (100) comprises a first device (124, 136), an intermediate device (110) and a second device (102). The first device (124, 136) communications via a first network (120), which is based on a first transport protocol and a first transport security protocol with the intermediate device (110). The second device (102) communications via a second network, which is based on a second transport protocol and a second transport security protocol with the intermediate device (110). The intermediate device (110) modifies packets received via first network to packets suitable for communication via the second network, and vice versa. The first device (124, 136) is able to reconstruct a header of a received packet as if the packet was sent via the second network (108) and its transport and security protocols.

Abstract: A system including a server system, a user terminal and a hardware token, for providing secure access to a data record. The server system comprises storage means (1) for storing a plurality of data records, a data record (2) having associated therewith a sequence of secrets(14)shared with a hardware token (60) corresponding to the data record (2), the server system(100) further being arranged for storing user authentication information (3). User authenticating means (10) are provided for receiving authentication credentials (11) of a user from a user terminal (200) and authenticating the user as an authorized user, based on the authentication credentials (11) of the user and the stored authentication information (3). Secret-receiving means (9) are provided for receiving a representation of a secret (13) revealed by a hardware token (60) and information identifying the data record corresponding to the hardware token from the terminal. Marking means (12) are provided for marking the unused secret (s3) as used.

Abstract: The resource metering system comprises: an end-point device (25) consuming a resource, in particular for usage in a building (2) or in an outdoor lighting system, said device comprising a detection unit that produces status information and an indicator of usefulness; a smart meter (20) comprising: a communication circuitry provided with an interface adapted for receiving from said device status information and said indicator of usefulness; a metrology device connected to a medium (17) that provides the resource to said device; and a control circuitry connected to the metrology device for collecting resource consumption data, the control circuitry being connected to the communication circuitry and adapted to produce monitoring data to be securely transmitted to a server (10) after processing the status information and said indicator. Monitoring data are used when determining consumption tariffs, so as to encourage energy efficient usage of the device.