Method of access to a local service of a device communicating via a terminal

Abstract

A method of access to a local service of a device communicating via a terminal, the method comprising steps of: access to the service via an access terminal by a communicating device; reading by the access terminal of data of the communicating device, the data being personal data relating to the communicating device and/or third-party service data; writing by the access terminal of the data of the communicating device, the third-party data written being chosen from among a set of third-party service data, the choice of the third-party data to be written by the access terminal being dependent on the choosing criteria.

Claims

1. A method of accessing a local service, comprising the steps of: a plurality of communicating devices accessing the local service via a first access terminal of said local service; wherein, for each of the plurality of communicating devices: the first access terminal reads data from the communicating device, the data being personal data relating to the communicating device and/or third-party service data; the first access terminal writes one or more pieces of data to the communicating device, the one or more pieces of data written being selected from among a set of third-party service data, the selection of third-party data to be written by the first access terminal being based on selection criteria, wherein said one or more pieces of data belong to a set of pieces of data comprising a plurality of pieces of data, said plurality of pieces of data of said set constituting together an information item or an instruction, said one or more pieces of data written to the communicating device forming only part of said set of pieces of data; and the communicating devices each accessing the local service via one or more second access terminals, wherein for each communicating device the corresponding second access terminal retrieves the one or more pieces of data written to the communicating devices by the first access terminal; wherein all the pieces of data of said set of pieces of data are distributed among the plurality of communicating devices so as to allow the retrieval of the information item or instruction corresponding to said set of pieces of data; and wherein the pieces of data are distributed in a pseudo-random distribution between the communicating devices, whereby said plurality of communicating devices forms a pseudo-random selection of communicating devices.

2. The method according to claim 1, wherein said selection criteria are defined by the access terminal in relation to the data read from the communicating device.

3. The method according to claim 1, wherein said one or more pieces of data from one of the communicating devices comprise personal data from at least one other of the communicating devices.

4. The method according to claim 1, wherein said one or more pieces of data comprise transfer data intended for the second access terminal.

5. The method according to claim 1, wherein said one or more pieces of data written by the first access terminal are encrypted, and the one or more pieces of data retrieved from the communicating device are decrypted by the one or more second access terminals.

6. The method according to claim 1, wherein said data read from said communicating devices are protected by an access control.

7. The method according to claim 1, wherein said personal data of each communicating device comprise information relating to a user account of the local service.

8. A non-transitory computer program product comprising instructions for implementing the method according to claim 1 when the program is executed by an electronic data processing unit.

9. An access terminal for accessing a local service, comprising: means for managing an access to the local service; a module for reading/writing data contained in each of a plurality of communicating devices; data storage means adapted for storing at least a portion of the data read in the communicating devices, the data read from each communicating device being personal data relating to the communicating device and/or third-party service data; a controller adapted to control, for each of said plurality of communicating devices, the writing in the communicating device of one or more pieces of data selected from among a set of third-party service data, the selection of the third-party data to be written by the first access terminal being based on selection criteria, wherein said one or more pieces of data belong to a set of pieces of data comprising a plurality of pieces of data, said set of pieces of data constituting together an information item or an instruction, said one or more pieces of data written to each communicating device forming only part of said set of pieces of data, wherein the controller is further adapted to distribute all the pieces of data of said set of pieces of data among the plurality of communicating devices, so as to allow the retrieval of the information item or instruction corresponding to said set of pieces of data upon connection of the communicating devices to the local service via one or more second access terminals, wherein the pieces of data are distributed in a pseudo-random distribution between the communicating devices, whereby said plurality of communicating devices forms a pseudo-random selection of communicating devices.

10. The terminal according to claim 9, wherein said selection criteria are determined by the controller in relation to the data read from the communicating devices.

11. The terminal according to claim 9, wherein said selection criteria are determined by the controller in relation to the read data saved in said storage means.

12. The terminal according to claim 9, wherein said third-party data read from the communicating devices comprise instructions for the terminal to be executed by the controller.

13. The terminal according to claim 9, comprising means for data encryption/decryption.

14. The terminal according to claim 9, comprising a means for controlling access to said read data.

15. The terminal according to claim 9, comprising means for distance communication.

16. A system for accessing a local service, comprising: at least one information system comprising service data; a plurality of communicating devices; and at least one access terminal for accessing the service according to claim 9, and one or more second access terminals to which the communicating devices are configured to connect to access the local service so as to allow the retrieval of all the pieces of data of the set of pieces of data for the reconstitution of the information item or instruction corresponding to said set of pieces of data.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) Other features and advantages of the invention will be apparent on reading the following detailed description of some exemplary embodiments given by way of illustration and not limitation, and with reference to the accompanying drawings in which:

(2) FIG. 1 illustrates the system for accessing a local service according to the invention;

(3) FIG. 2 is a flowchart of the method according to the invention;

(4) FIGS. 3a and 3b illustrate an example of a communicating device accessing the local service via a connected terminal;

(5) FIGS. 4a, 4b and 4c illustrate an example of the communicating device accessing the local service via an unconnected terminal;

(6) FIGS. 5a, 5b and 5c illustrate an example of the communicating device accessing the local service via the connected terminal, after accessing an unconnected terminal; and

(7) FIG. 6 shows the distribution and redundancy of third-party data written by the terminals on the communicating devices.

DETAILED DESCRIPTION

(8) For reasons of clarity, the dimensions of the various elements represented in the figures are not necessarily in proportion to their actual sizes. Identical references correspond to identical elements in the figures.

(9) We refer firstly to FIG. 1 which illustrates an example of a system for accessing a local service according to the invention and comprising: the central system SC, which contains service data and in particular data for the local service in question; access terminals for accessing the local service, of which at least one access terminal BC is connected to the central system SC and at least one access terminal BNC is unconnected; communicating devices DC1 to DC4, each with a memory MEM provided for reading and/or writing by access terminals BC and BNC and thus containing personal data (represented by empty circles) of the communicating device and/or third-party service data (represented by solid circles).

(10) For example, said local service may involve providing electricity at access terminals or renting a vehicle from these terminals. However, the local service may concern other services which will be apparent to those skilled in the art when considering the purpose of the invention.

(11) The central system SC is typically a server-type remote information system. One particular role of the central system SC is to gather, manage, and distribute the data associated with the services and in this case the data related to the local service.

(12) The access terminal BC is connected to the central system SC via a link L1 which may be physical, such as a wired broadband connection. Alternatively, the terminal BC is connected to the central server SC via a cellular communication link, as detailed below. Of course, it is understood that access terminal BNC is a terminal unconnected to the central system SC, and thus by definition it does not have a direct communication link with it.

(13) The communicating devices represented for illustration purposes are such that: communicating device DC1 only contains personal data relating to the communicating device; communicating device DC2 does not have permission to access the local service; communicating device DC3 contains personal data and transfer data to be communicated to an unconnected access terminal BNC; and communicating device DC4 contains personal data and third-party service data (including personal data of another device) to be distributed to other access terminals for passing on to the central system SC.

(14) In one possible embodiment, the communicating device DC2 is read/written by the access terminal in order to retrieve/write data on the device, although without providing the service the device is not authorized to access. It is thus understood that devices other than those capable of being provided the service can also propagate data between different access terminals.

(15) For the personal data described above, it is understood that these data relate directly to the communicating device (access rights, type of device administrator/user, memory size, etc.), a user account (remaining credit, subscribed services, etc.), or the user of the device (identity and contact information, reference for linked electricity meter, etc.).

(16) Here, the communicating devices are represented as a card with memory MEM. This card is capable of establishing a local communication with the access terminals BC and BNC. In particular, this card can be a smart card. However, it is understood that this example is merely illustrative and not limiting, as the communicating devices can also be: mobile phones or digital tablets which have a near field communication module meeting the NFC standard; electronic devices with a Bluetooth communication module; laptop computers with Wi-Fi; or some other device.

(17) Furthermore, the access terminals BC and BNC which are the points of entry for accessing the local service comprise: a means for managing access to the service (not represented in the figures); a module COM for reading/writing data on a communicating device; a data storage means DB suitable for storing at least a portion of the data read on the communicating device, the data read from the device being personal data relating to the communicating device and/or third-party service data; a controller CTRL suitable for controlling the writing on the communicating device of third-party data selected from among a set of third-party service data stored in said storage means, the selection of the third-party data to be written being based on selection criteria.

(18) The module COM is adapted for reading/writing data locally on communicating devices seeking access to the local service. The term “locally” is understood to mean a read/write which can be achieved within a radius of a few meters, according to the limits of the communication technology used by the access terminals and communicating devices (NFC, Bluetooth, Wi-Fi, etc.).

(19) The controller CTRL may constitute a means of implementing a cryptographic technique allowing encryption/decryption protecting the access to data stored in the memory MEM of the communicating devices.

(20) In one embodiment, the access terminals BC contain a means of distance communication (not represented in the figures). The terminals can thus communicate remotely with the central system SC via a network NET and a mobile telephony cellular network connection L2. In this embodiment, a longer distance communication established directly between the terminals and communicating devices (which would have a means of long-range communication) can be considered.

(21) The third-party service data do not directly concern the user of the communicating device. These data are preferably not accessible and/or are protected. The third-party service data may be, for example: personal data of at least one other communicating device; lists of communicating devices authorized or not authorized to access the local service; histories of terminal usage use by communicating devices; transfer data intended for access terminals; or data from various services, alternatively or in addition to the data delivered by the access terminals.

(22) Thus, the user unknowingly receives and distributes third-party service data when using the local service with his communicating device.

(23) In this case, when a user accesses a connected access terminal BC, some or all of the data in the memory MEM of the communicating device can be saved to the storage means DB of the terminal and communicated to the central system SC which integrates them with the data related to the local service and/or other associated services. In return, and as explained in reference to the next figures, data can be written based on selection criteria determined by the controller CTRL of the terminal. The written data can supplement, replace, or erase the data contained in the memory MEM of the communicating devices with data to be distributed to other terminals, particularly unconnected terminals.

(24) When the user accesses an unconnected access terminal BNC, some or all of the data in the memory MEM of his device are also saved in the storage means DB of the terminal BNC. For this, it is advantageous to provide storage means DB of high capacity, at least for these terminals BNC that are not designed to retrieve data directly from the central system SC. Thus, to replace the direct connection, all data from devices accessing the service are stored so as to construct a service database locally. It is understood that the access terminals (particularly terminals BNC) can then act as a “buffer” or “repeater” to ensure more reliable dissemination, distribution, and redundancy of the data as explained below. Such terminals can be chosen based on the selection criteria determined when writing the data, then relaying the information to be distributed within the system. The data distribution phenomenon described above can be compared to a data “pollination” of the terminals by the communicating devices.

(25) According to one embodiment, an administrator-type communicating device may include more memory MEM than a user-type communicating device. In this manner, the “administrator” communicating devices can contain more third-party service data, more third-party transfer data, or other data.

(26) It is understood that through the data distribution and redundancy (detailed below) carried out by the terminals BC and BNC on the communicating devices, the loss or destruction of one of the communicating devices (for example device DC1) does not compromise the system since it is possible to recover the data it originally contained from other terminals it has already accessed or via its data written within the third-party data of other devices (for example device DC4).

(27) We will now refer to FIG. 2 which shows the main steps of the method implemented by the access terminals BC and BNC.

(28) In a first step S1, a communicating device DC approaches the access terminal with the intention of accessing the service. The communicating device DC is then detected by the module COM when it is sufficiently close to establish a local communication.

(29) In a second step S2, the controller CTRL orders the module COM to read at least some of the data of the communicating device to determine whether the accessing device has the permissions and/or authorization to access the service and/or terminal Where appropriate, the data read by the module COM can be decrypted by the controller CTRL according to a cryptographic technique appropriate for the encryption performed by the terminals when writing data to the devices.

(30) When the accessing communicating device has no access permissions or authorization (arrow N exiting the test in step S2), communication with the communicating device is ended by the terminal (in step S8), as the service is therefore not provided.

(31) When the communicating device has the access permissions and/or authorization (arrow Y exiting the test in step S2), the controller CTRL orders the module COM in step S3 to read all the data MEM.sub.data contained in the memory MEM of the communicating device DC, said data including the personal data of the accessing communicating device and/or third-party service data.

(32) In step S4, the data MEM.sub.data are compared with the data DB.sub.data, the latter being stored in the storage means DB of the terminal. The DB.sub.data can be data read from communicating devices that have previously accessed the terminal or data originating from the central system if the terminal is connected.

(33) When the comparison of the data MEM.sub.data and DB.sub.data determines that data MEM.sub.data are more recent than data DB.sub.data (arrow Y exiting the test in step S4), then the controller orders in step S5 that the data DB.sub.data be updated with the most recently read data MEM.sub.data, via an update function UPDT for example.

(34) When the data MEM.sub.data are not more recent (arrow N exiting the test in step S4), the access terminal directly implements step S6. In step S6, the controller CTRL of the terminal chooses data DB.sub.data.sup.cc according to the selection criteria, denoted here as CC, from among the read data MEM.sub.data and the data DB.sub.data. The selection criteria CC determined by the controller CTRL are defined in relation to: the read data MEM.sub.data from the accessing communicating device, the storage means DB having possibly been updated with said read data; the read data from communicating devices that have previously accessed the access terminal, being data DB.sub.data already stored in the DB.

(35) As stated above, the selection criteria may be an information dissemination priority, a data distribution or redundancy to be achieved, the memory capacity of the communicating device, or some other selection criteria.

(36) In a next step S7, the controller CTRL orders the module COM to write onto the accessing communicating device DC the selected data DB.sub.data.sup.cc. The data written by the module COM are then used to update data MEM.sub.data stored in the memory MEM of the device DC, according to an equivalent update function UPDT. The data written by the module COM may be encrypted by the controller CTRL at this stage.

(37) After step S7, the terminal can end communications with the communicating device DC in step S8 and deliver or provide the service requested by the user.

(38) The selected data DB.sub.data.sup.cc written to the device DC will be communicated by the communicating device DC itself to other access terminals subsequently accessed by the user of the device. The data DB.sub.data.sup.cc could also reach the central system SC if one of the terminals accessed by the user is a connected access terminal BC.

(39) However, the flowchart in FIG. 2 is in no way limiting, and the steps can be implemented in a different sequence. For example, step S2 of determining the access permissions of the device DC may occur after steps S3 to S7. In such an example, it is then understood that the data of a device having no access rights for the service (such as the abovementioned device DC2) can still be read/written by the terminals so that the service data is propagated.

(40) We will now refer to FIGS. 3-10, illustrating an exemplary implementation of the method on the terminals of the access system.

(41) In the particular case in FIG. 3a, a user presents his communicating device DC in order to access the local service at the connected terminal BC. Analogously to steps S1 and S2, the device DC is detected by the module COM of the terminal BC, then the controller CTRL orders that at least a part of the data contained in the memory MEM of the device DC is read. Here, the personal data (open circles in MEM) actually include the authorization to access the service. In addition, the personal data of the device DC are already contained in the storage means DB of the terminal BC (the user having previously accessed this terminal at least once for example). The personal data have therefore already been passed on, via link L1 or L2, to the central system SC which has stored them internally as third-party data linked to the local service.

(42) However, if the personal data contained in the memory MEM of the device DC are more recent than the corresponding data on the storage means DB (arrow Y exiting the aforementioned step S4), then the corresponding data in the DB are updated with the data read from MEM (according to step S5). Next, the data updated in the DB will be sent on to the central system SC by the terminal BC.

(43) Referring now to FIG. 3b, the controller CTRL orders that third-party transfer data be written, these data being intended for other terminals (for example for a software update). Thus, the transfer data contained in the DB of the terminal BC are written by the module COM to the MEM of the device DC.

(44) After having accessed the local service at the access terminal BC, the user accesses an unconnected access terminal BNC as shown in FIG. 4a. This access terminal contains personal data of a user who had previously accessed this terminal.

(45) After detection of the device DC by the module COM of the terminal BNC, we now refer to FIG. 4b in which the controller CTRL of the terminal BNC orders the reading of data from the accessing device DC. For this example, it is understood that the terminal BNC retrieves the software update transfer data intended for it. The controller CTRL is able to implement the instructions relating to the transfer data and actually update the terminal.

(46) Next, in one possible example, the data from the previous user need to be forwarded quickly to the central system SC. Thus, according to the aforementioned steps S6 and S7 and in reference to FIG. 4c, the controller CTRL orders the writing of selected third-party data (in this case the personal data of the previous user) to the device DC. In addition, the user of the device DC subscribes on the terminal BNC to a new local service. The controller CTRL of the terminal BNC then also orders the writing, via the module COM, of personal data relating to the new subscription (represented in the figure by two additional open circles).

(47) We now refer to FIG. 5a, where the user of the communicating device DC once again requests access to the local service from a connected terminal BC. In FIG. 5b, the module COM reads on the device DC new data related to said subscription and to the third-party data concerning the prior user on terminal BNC. These read data are saved by the controller CTRL to the storage means DB of the terminal BC. Thus, as represented in FIG. 5c, the connected terminal BC can send the new data read from the device DC on to the central system SC, which stores them as new data associated with said local service.

(48) In a preferred embodiment, the third-party data written by the terminal according to the selection criteria may be only a portion of the data needed (pieces of data) to reconstruct the complete instruction or information item when read. Thus, even if a malicious attack successfully accesses the third-party data on a device, the stored pieces of third-party data do not allow a complete reconstruction of the instruction or information item. To achieve this, the determined selection criteria are aimed at distributing the various component pieces of data, of the instruction/information item to be disseminated, across different devices accessing the terminals. A same piece of data may be written to multiple accessing communicating devices, possibly but not necessarily consecutive, to ensure redundancy of the piece of data.

(49) We now refer to FIG. 6, which illustrates an example of data distribution and redundancy. It is understood that the N-related sequence is relative to the order in which devices reach the unconnected terminal BNC. Here, the third-party data are read from device DCN−4. The third-party data read in this case are an information item to be distributed to a particular access terminal. The terminal BNC therefore stores these third-party data in its storage means DB. The selection criterion then determined by the controller of the terminal BNC is intended to write the third-party data originating from DCN−4 to devices that habitually access that particular access terminal Thus, when device DCN−1 has never accessed this particular terminal according to its personal data, the terminal BNC does not write to DCN−1 said third-party data to be distributed. However, device DCN is habitually used to access the local service at that terminal and the data in question should be distributed to it. The controller CTRL therefore orders that a first piece of data among the third-party data originating from DCN−4 be written to it. When device DCN+8 accesses BNC, said device having the same habits as DCN, then the controller CTRL orders that a second piece of data be written to DCN+8. For redundancy, the controller CTRL can order that the first piece of data be written to a subsequently accessing device DCN+10.

(50) Of course, the invention has been described according to a few embodiments but can be applied to other embodiments which will be apparent to those skilled in the art. For example, the validity of the access rights of a communicating device could be temporary (valid for only a few weeks, for example), so that the user is forced to connect regularly to a connected terminal and update the service data with service data coming directly from the central system.