Control of access to an on-line service via a Li-Fi network

Abstract

Control of access to an on-line service, the access to the service being requested, via a communication network, by a terminal suitable for receiving data broadcast by a plurality of devices for data transmission by light modulation producing a light beam. In particular: each transmission device is characterized by a unique identifier; and each transmission device belongs to a group of devices. The following steps, carried out by a server connected to the transmission devices, are provided: upon receiving a request from the terminal to access the service via a second transmission device identified by a second identifier, verifying whether a previous access request for said same terminal was accepted for a first transmission device identified by a first identifier; and, when the first and second identifiers correspond to devices of the same group, processing the access request.

Claims

1. A method for controlling access to an online service, the access to the service being requested, via a communication network, by a terminal suitable for receiving data broadcast by a plurality of data transmission devices, said devices producing a beam of light, said data broadcast being implemented by a modulation of said produced light beam, wherein: each transmission device is characterized by a unique identifier, each transmission device belongs to a group of devices, and wherein a server connected to the transmission devices implements: upon receiving a request from the terminal to access the service via a second transmission device from the plurality of data transmission devices identified by a second identifier, verifying whether a previous access request for the same terminal was accepted for a first transmission device from the plurality of data transmission devices identified by a first identifier, when the first and second identifiers correspond to devices of the same group, processing the access request by accepting the access request; and when the first and second identifiers do not correspond to devices of the same group, rejecting the access request.

2. The method according to claim 1, further comprising a step of: disconnecting the terminal in response to the access request when the first and second identifiers do not correspond to devices of the same group.

3. The method according to claim 1, wherein the identifier of at least one transmission device belongs to multiple groups at the same time.

4. The method according to claim 3, wherein each group is associated with a predetermined geographical area, and a transmission device whose identifier belongs to two groups at the same time is able to provide the terminal with continuity of access to the service between two geographical areas as the terminal moves between these two geographical areas.

5. The method according to claim 1, wherein each access request from a terminal comprises an identifier of the terminal and an identifier of the transmission device through which access to the service is requested by that terminal.

6. The method according to claim 1, wherein a time delay is also taken into account, and wherein the access request is processed when the first and second identifiers correspond to devices of the same group, and if said previous access request was granted for the first device within a shorter time than the time delay.

7. The method according to claim 1, wherein the transmission of data at least towards the terminal is protected by encryption, and wherein a shared encryption key is assigned to transmission devices of the same group.

8. The method according to claim 1, wherein the modulated light is within the visible spectrum.

9. A non-transitory computer storage medium storing instructions of a computer program wherein an execution of said instructions by a processor causes an implementation of the method according to claim 1.

10. A server for controlling access to an online service, wherein said server comprises a digital circuit connected to a database storing said groups of identifiers of transmission devices for implementing the method according to claim 1.

11. A method for controlling access to an online service, the access to the service being requested, via a communication network, by a terminal suitable for receiving data broadcast by a plurality of data transmission devices, said devices producing a beam of light, said data broadcast being implemented by a modulation of said produced light beam, wherein: each transmission device is characterized by a unique identifier, each transmission device belongs to a group of devices, and wherein a server connected to the transmission devices implements: upon receiving a request from the terminal to access the service via a second transmission device from the plurality of data transmission devices identified by a second identifier, verifying whether a previous access request for the same terminal was accepted for a first transmission device from the plurality of data transmission devices identified by a first identifier, when the first and second identifiers correspond to devices of the same group, processing the access request by accepting the access request, and when the first and second identifiers do not correspond to devices of the same group, not processing the access request.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) Other features and advantages of the invention will be apparent upon examining the following detailed description and the attached drawings in which:

(2) FIG. 1 illustrates an exemplary implementation of a service provided by a transmission device 14;

(3) FIG. 2 schematically illustrates a system comprising a plurality of transmission devices for implementing the invention;

(4) FIG. 3 shows an example of steps implemented in the context of a method according to the invention.

DETAILED DESCRIPTION

(5) We will now refer to FIG. 2, in which a plurality of transmission devices, having the respective identifiers ID1 to ID7, are connected to a common server SERV which typically comprises a digital circuit including for example: a communication interface COM, in particular for communicating with the transmission devices, connected to a processor PROC, cooperating with a memory unit MEM capable of storing temporary data, as well as permanent data such as the instructions of a computer program within the meaning of the invention, as well as identifier data stored in distinct groups GP1, GP2, GP3 in a database.

(6) Thus, a terminal SM (having the identifier ID-SM) may be in communication with a transmission device of identifier ID2 at time t1. When establishing the connection with device ID2, the latter simply transmits the identifier ID-SM to the server SERV.

(7) The server SERV stores this identifier ID-SM (typically as part of said temporary data) in association with the identifier ID2. Then, in case of mobility of the terminal SM, such that it receives at a subsequent time t2 the beam from another transmission device of identifier ID3, the terminal SM attempts to connect to this device ID3 (for example to have better reception than with the previous device ID2). To this end, the terminal SM transmits its identifier to the new device ID3 which sends this identifier ID-SM to the server SERV.

(8) The server therefore receives a new request for association between identifiers ID-SM and ID3, for a terminal of identifier ID-SM already present in the memory MEM. The server SERV is thus able to determine, for the terminal SM, whether the two identifiers of devices ID2 and ID3 are in the same group GP1 in its database.

(9) If such is the case, then the request to connect the terminal to device ID3 can be accepted. Otherwise, it is rejected.

(10) Thus, a terminal can be moved from one group GP1 to another GP2, in different geographical areas for example, if at least one transmission device ID3 belongs to both groups at the same time, as shown in the example in FIG. 2.

(11) We now refer to FIG. 3 which details the steps of the mobility situation illustrated in FIG. 2, in an exemplary embodiment. In a first step SI, as long as the communication of the terminal SM with the transmission device of identifier ID2 is of satisfactory quality for example, the terminal SM remains connected to device ID2 (OK arrow). In contrast, for example for a signal-to-noise ratio below a threshold (KO arrow exiting test S1), the terminal can attempt to connect with a new neighboring device, for example of identifier ID3, in step S2. In this case, in step S3, the terminal communicates its identifier ID-SM to device ID3, which is then relayed to the server SERV.

(12) In step S4, the server SERV checks its database and its memory MEM to see if there is an identifier (for example ID2) of the same group GP1 as the new device of identifier ID3 and which was previously in communication with the terminal of identifier ID-SM.

(13) If this is not the case (KO arrow exiting test S4), then the request to access the service of the terminal SM via device ID3 is rejected in step S5. In step S6, the terminal can be notified of the rejection. The user can, in step S7, attempt to reconnect to another device (or to the same device ID3 if a time delay is implemented, described below with reference to step S8).

(14) If the identifier of the new transmission device ID3 is indeed identified in the same group GP1 as the former device ID2 (OK arrow exiting test S4), in one exemplary embodiment a delay routine is applied in step S8, as follows: the server determines a time difference between when the terminal connected to the previous device ID2 and its connection attempt to the new device ID3. If this time difference t is greater than a delay threshold denoted tempo (KO arrow exiting test S8), it means that this is a new connection attempt, in absolute terms, of the terminal with the device ID3 and it is then appropriate to recheck the authorization to access the terminal service. It is not then a simple data transmission relay between device ID2 and device ID3: in such case, the access request is rejected (step S5), and the user of the terminal SM must then reconnect once again in order to access the service (step 57), for example by providing an access code or the like.

(15) However, if the aforementioned time difference is less than the tempo threshold (OK arrow exiting test S8), then device ID3 receives authorization in step S9 to connect to the terminal SM and communication can thus be continued between device ID3 and the terminal SM in step S10.

(16) For example, said delay can be implemented by referring to a clock that may be comprised in the processor PROC (for example by running a time in/time out type of routine).

(17) Of course, the invention is not limited to the embodiments described above as an example; it extends to other variants.

(18) Regarding the bulb identifiers discussed above, any type of identifier can be attributed to a bulb, in particular enabling precise control of the stream of data which can be labeled as coming from that bulb or routed towards that bulb.

(19) Said terminal identifier may further be a user identifier (a user typically having multiple terminals). It may be an IMSI identifier (provided to the server after a declaration procedure). Thus, while the terminal remains facing the same bulb, the access authorization for the service is still valid (a time delay may also optionally be implemented so that the access to the service over time will eventually be restricted without new identification).

(20) Said server SERV may for example be connected to multiple devices such as the computer 11 of FIG. 1, in order to manage different groups of transmission devices (connected for example to different computers for different services).