U.S. patent application number 17/447389 was filed with the patent office on 2022-07-28 for trusted monitoring system and method.
The applicant listed for this patent is 1997 Irrevocable Trust for Gregory P. Benson. Invention is credited to Greg Benson, Matthew Anthony Fistonich.
Application Number | 20220237997 17/447389 |
Document ID | / |
Family ID | 1000006272393 |
Filed Date | 2022-07-28 |
United States Patent
Application |
20220237997 |
Kind Code |
A1 |
Benson; Greg ; et
al. |
July 28, 2022 |
TRUSTED MONITORING SYSTEM AND METHOD
Abstract
Methods and apparatus for monitoring remotely located objects
with a system including at least one master data collection unit,
remote sensor units, and a central data collection server are
described. The master unit is configured to monitor any object,
mobile or stationary, including monitoring multiple remote sensor
units associated with the monitored objects. The master unit may be
in a fixed location or attached to a mobile object. The master unit
is configured for monitoring objects that enter and leave an area.
The master unit may act as a parent controller for one or more
child devices including remote sensors or monitors of measurable
conditions including environmental conditions, substance
identification, product identification, and/or biometric
identification. The master unit may discover remote sensor units as
they enter or leave the area where the master unit is located. The
master unit can be remotely reprogrammed such as with authenticated
instructions.
Inventors: |
Benson; Greg; (Rancho Santa
Fe, CA) ; Fistonich; Matthew Anthony; (San Diego,
CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
1997 Irrevocable Trust for Gregory P. Benson |
Del Mar |
CA |
US |
|
|
Family ID: |
1000006272393 |
Appl. No.: |
17/447389 |
Filed: |
September 10, 2021 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
16706445 |
Dec 6, 2019 |
|
|
|
17447389 |
|
|
|
|
15287464 |
Oct 6, 2016 |
10504349 |
|
|
16706445 |
|
|
|
|
14480362 |
Sep 8, 2014 |
|
|
|
15287464 |
|
|
|
|
13724942 |
Dec 21, 2012 |
8830053 |
|
|
14480362 |
|
|
|
|
12641139 |
Dec 17, 2009 |
|
|
|
13724942 |
|
|
|
|
11418380 |
May 3, 2006 |
7656286 |
|
|
12641139 |
|
|
|
|
60735539 |
Nov 10, 2005 |
|
|
|
60677164 |
May 3, 2005 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04N 7/181 20130101;
G06N 5/048 20130101; H04L 67/535 20220501; G08B 13/196 20130101;
H04K 3/22 20130101; G08B 25/14 20130101; H04L 2209/805 20130101;
G06Q 50/28 20130101; G06Q 10/0833 20130101; G05B 13/0275 20130101;
G06F 21/52 20130101; H04L 67/52 20220501; G06Q 50/26 20130101; H04L
63/10 20130101; G07C 5/008 20130101; G08B 13/2454 20130101; G07C
9/37 20200101; H04L 67/025 20130101; H04L 63/101 20130101; H04L
67/12 20130101; G08B 21/12 20130101; G08B 29/04 20130101; G06Q
50/30 20130101; G07C 5/085 20130101; G08B 13/22 20130101; G06N
20/00 20190101; H04L 63/0428 20130101; G06F 11/202 20130101; G06Q
10/08 20130101; G07F 7/0636 20130101; G06F 2221/034 20130101; H04L
9/3236 20130101; H04L 9/3247 20130101; G07C 5/0891 20130101; G07C
9/257 20200101; G08B 29/16 20130101; G07G 3/00 20130101; G07G
1/0036 20130101; G06Q 30/02 20130101; G08B 21/02 20130101; G06N
7/005 20130101; G07C 2009/0092 20130101 |
International
Class: |
G08B 13/22 20060101
G08B013/22; G06N 20/00 20060101 G06N020/00; H04L 9/32 20060101
H04L009/32; H04L 9/40 20060101 H04L009/40; G08B 13/24 20060101
G08B013/24; G08B 21/12 20060101 G08B021/12; H04K 3/00 20060101
H04K003/00; G07G 1/00 20060101 G07G001/00; G07C 5/00 20060101
G07C005/00; G07G 3/00 20060101 G07G003/00; G08B 13/196 20060101
G08B013/196; G08B 25/14 20060101 G08B025/14; G06Q 50/28 20060101
G06Q050/28; G07C 5/08 20060101 G07C005/08; G07F 7/06 20060101
G07F007/06; G06Q 30/02 20060101 G06Q030/02; G08B 29/16 20060101
G08B029/16; G06Q 50/30 20060101 G06Q050/30; H04N 7/18 20060101
H04N007/18; G06Q 50/26 20060101 G06Q050/26; G05B 13/02 20060101
G05B013/02; G06Q 10/08 20060101 G06Q010/08; G08B 21/02 20060101
G08B021/02; H04L 67/52 20060101 H04L067/52; H04L 67/025 20060101
H04L067/025; H04L 67/50 20060101 H04L067/50; H04L 67/12 20060101
H04L067/12; G06F 11/20 20060101 G06F011/20; G07C 9/25 20060101
G07C009/25; G06N 5/04 20060101 G06N005/04; G06F 21/52 20060101
G06F021/52; G06N 7/00 20060101 G06N007/00 |
Claims
1. A remote monitoring system for a vehicle, the system comprising:
an electronic device configured to receive environmental and
spatial data from a plurality of sensors positioned on the vehicle,
the electronic device further configured to receive diagnostic test
instructions from a remote device remotely located from the
vehicle, to conduct one or more self-diagnostic tests on the
electronic device, one or more of the plurality of sensors, and the
data received from one or more of the plurality of sensors based on
the received diagnostic test instructions, and to transmit (a)
information obtained based on the received environmental and
spatial data and (b) results of the one or more diagnostic tests to
the remote device.
2. The system of claim 1, wherein the electronic device is further
configured to receive instructions from at least one of the remote
device or local controls to process the received environmental and
spatial data.
3. The system of claim 2, wherein the instructions are contained in
a script message, the script message comprising a header containing
one or more identification fields and a body containing one or more
tasks to be performed.
4. The system of claim 1, wherein the electronic device is further
configured to authenticate the remote device prior to using the
diagnostic test instructions or any other instructions received
from the remote device.
5. The system of claim 1, wherein the electronic device is further
configured to: compare the received environmental and spatial data
to a range of acceptable values, determine an alarm condition based
upon the received environmental and spatial data, and conduct a
self-diagnosis prior to transmitting the alarm condition to the
remote device.
6. The system of claim 1, wherein the electronic device is further
configured to: determine an alarm condition based upon the received
environmental and spatial data, determine a state of reliability of
the plurality of sensors that the data is received from, and
conduct a self-diagnosis based on the state of reliability prior to
transmitting the alarm condition to the remote device.
7. The system of claim 1, wherein the received diagnostic test
instructions comprise encrypted information and the electronic
device is further configured to decrypt the encrypted
information.
8. The system of claim 1, wherein the electronic device is further
configured to compare at least a portion of the received
environmental and spatial data to a range of acceptable values such
that the obtained information comprises a comparison result, and to
transmit the obtained information to the remote device.
9. The system of claim 1, wherein the electronic device is further
configured to recognize an additional sensor dynamically added to
the plurality of sensors.
10. The system of claim 1, further comprising an electronic master
device authorized to communicate in the system and configured to
transmit a task authorization message to the plurality of sensors,
wherein the task authorization message comprises information
identifying at least one sensor of the plurality of sensors from
which the electronic master devices expects to receive sensed
information, and wherein the at least one sensor is configured to
encode a digital signature and encrypt the sensed information prior
to transmitting the sensed information to the electronic master
device.
11. The system of claim 1, wherein the vehicle comprises an
automobile, a watercraft, or an aircraft.
12. The system of claim 1, wherein the electronic device is further
configured to improve security of communications with the remote
device
13. The system of claim 1, wherein the electronic device is further
configured to improve error handling related to the received
environmental and spatial data.
14. The system of claim 1, wherein the electronic device is further
configured to improve energy savings when processing and
communicating the received environmental and spatial data.
15. The system of claim 1, wherein the electronic device is further
confirmed to authenticate one or more of the plurality of sensors
and the remote device before communicating.
16. A method of remotely monitoring a vehicle, the method
comprising: receiving, at an electronic device, environmental and
spatial data from a plurality of sensors positioned on the vehicle;
receiving diagnostic test instructions from a remote device
remotely located from the vehicle, the diagnostic test instructions
configured to conduct one or more diagnostic tests on the
electronic device, one or more sensors of the plurality of sensors,
and the data received from one or more of the plurality of sensors;
conducting the one or more diagnostic tests on the electronic
device, the one or more sensors of the plurality of sensors, and
the data received from one or more of the plurality of sensors; and
transmitting (a) information obtained based on the received
environmental and spatial data and (b) results of the one or more
diagnostic tests from the electronic device to the remote
device.
17. A remote monitoring system for a vehicle, the system
comprising: a plurality of sensors disposed on the vehicle and
configured to provide environmental and spatial data relating to
the vehicle; and an electronic device in data communication with
the plurality of sensors and configured to: receive the
environmental and spatial data from the plurality of sensors,
receive monitoring instructions from at least one of a remote
device or local controls, the monitoring instructions including at
least one identifier for at least one of the plurality of sensors,
process the received environmental and spatial data based on the
received monitoring instructions, identify processed environmental
and spatial data associated with each of the at least one
identifier, and transmit the identified processed environmental and
spatial data to the remote device with the at least one
identifier.
18. The system of claim 17, wherein the received monitoring
instructions comprise encrypted information and the electronic
device is further configured to decrypt the encrypted information
and encrypt the identified processed environmental and spatial data
for transmission to the remote device.
19. The system of claim 18, wherein the encrypted monitoring
instructions comprise a tolerance range for at least one of the
plurality of sensors and wherein the electronic device is
configured to compare the received environmental and spatial data
from the at least one of the plurality of sensors to the
corresponding received tolerance range.
20. The system of claim 17, wherein the electronic device is
further configured to authenticate the remote device prior to
processing the received environmental and spatial data based on the
received monitoring instructions.
21. The system of claim 17, wherein the electronic device is
further configured to compare at least a portion of the received
environmental and spatial data to a range of acceptable values.
22. The system of claim 17, wherein the electronic device is
further configured to conduct a self-diagnosis or a diagnosis of
the at least one sensor of the plurality of sensors having the at
least one identifier prior to transmitting the identified processed
environmental and spatial data to the remote device.
23. The system of claim 22, wherein the electronic device is
further configured to determine an alarm condition based upon the
received environmental and spatial data, and wherein the electronic
device is further configured to compare the received data to a
range of acceptable values and conduct the self-diagnosis or
diagnosis prior to transmitting the alarm condition to the remote
device.
24. The system of claim 23, wherein the electronic device is
further configured to: determine an alarm condition based upon the
received environmental and spatial data, determine a state of
reliability of the plurality of sensors that the environmental and
spatial data is received from, and conduct a self-diagnosis based
on the determined state of reliability prior to transmitting the
alarm condition to a remote device.
25. The system of claim 17, further comprising: an electronic
master device authorized to communicate in the system and
configured to transmit a task authorization message to the sensors,
wherein the task authorization message comprises information
identifying at least one of the plurality of sensors from which to
receive sensed information, and wherein the at least one sensor is
configured to encode a digital signature and encrypt the sensed
information prior to transmitting the sensed information to the
electronic master device.
26. The system of claim 17, wherein the electronic device is in
data communication with the plurality of sensors via one or more of
a wired communication network, a wireless communication network, a
cellular communication connection, and a satellite communication
connection.
27. The system of claim 17, wherein the plurality of sensors
comprise one or more of electromagnetic sensors, air quality
sensors, ultrasonic sensors, chemical sensors, radiological
sensors, radar sensors, altitude sensors, location sensors,
temperature sensors, humidity sensors, audio sensors, radiation
sensors, pressure sensors, and global positioning system
sensors.
28. The system of claim 17, wherein the received environmental and
spatial data comprises one or more of temperature data, air content
information, location information, humidity information, radiation
information, pressure information, tamper information, and audio
information.
29. A vehicle comprising: a plurality of sensors configured to
provide environmental and spatial data relating to the vehicle; and
an electronic device in data communication with the plurality of
sensors and configured to: receive diagnostic test instructions
from a remote device remotely located from the vehicle, conduct one
or more self-diagnostic tests on the electronic device and the data
received from the sensors based on the received diagnostic test
instructions, and transmit (a) information obtained based on the
received environmental and spatial data and (b) results of the one
or more diagnostic tests to the remote device.
30. The vehicle of claim 29, wherein the plurality of sensors and
the electronic device are incorporated into a data collection unit
disposed within or an exterior surface of the vehicle.
31. The vehicle of claim 30, wherein the data collection unit is
attached to a surface of the vehicle via a mounting base.
32. The vehicle of claim 29, wherein the vehicle comprises an
automobile, a ship or an airplane.
33. A remote device for monitoring a vehicle, comprising: a
communication circuit configured to: transmit diagnostic test
instructions to an electronic device that receives environmental
and spatial data from a plurality of sensors positioned on the
vehicle, the diagnostic test instructions causing the remote device
to conduct one or more self-diagnostic tests on the electronic
device and the data received from the sensors, and receive, from
the electronic device, (a) information obtained based on the
received environmental and spatial data and (b) results of the one
or more diagnostic tests.
34. The system of claim 1, wherein the received environmental and
spatial data comprises one or more of temperature data, air content
information, location information, humidity information, radiation
information, pressure information, tamper information, and audio
information.
35. The method of claim 16, wherein the received environmental and
spatial data comprises one or more of temperature data, air content
information, location information, humidity information, radiation
information, pressure information, tamper information, and audio
information.
36. The vehicle of claim 29, wherein the received environmental and
spatial data comprises one or more of temperature data, air content
information, location information, humidity information, radiation
information, pressure information, tamper information, and audio
information.
37. The device of claim 33, wherein the received environmental and
spatial data comprises one or more of temperature data, air content
information, location information, humidity information, radiation
information, pressure information, tamper information, and audio
information.
38. The system of claim 12, wherein the electronic device is
further configured to improve security of communications with the
remote device by utilizing encryption key exchanges between the
electronic device and the remote device for one or more
communications between the electronic device and the remote
device.
39. The system of claim 13, wherein the electronic device is
further configured to improve error handling related to the
received environmental and spatial data by incorporating a packet
checksum in communications between the electronic device, the
remote device, and any other device and using the checksum to
determine integrity of communicated packets.
40. The system of claim 14, wherein the electronic device is
further configured to improve energy savings when processing and
communicating the environmental and spatial data by utilizing one
or more compression algorithms to remove redundancy in
communications between the electronic device and the remote device
and any other device.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation of U.S. patent
application Ser. No. 16/706,445, filed Dec. 6, 2019, which is a
continuation of U.S. patent application Ser. No. 15/287,464, filed
Oct. 6, 2016, issued on Dec. 10, 2019 as U.S. Pat. No. 10,504,349,
which is a continuation of U.S. patent application Ser. No.
14/480,362, filed on Sep. 8, 2014, which is a continuation of U.S.
patent application Ser. No. 13/724,942, filed on Dec. 21, 2012,
issued on Sep. 9, 2014 as U.S. Pat. No. 8,830,053, which is a
continuation of U.S. patent application Ser. No. 12/641,139, filed
on Dec. 17, 2009, which is a continuation of U.S. patent
application Ser. No. 11/418,380, filed on May 3, 2006, issued on
Feb. 2, 2010 as U.S. Pat. No. 7,656,286, which claims priority to
U.S. provisional Application No. 60/677,164 filed on May 3, 2005
and U.S. provisional Application No. 60/735,539 filed on Nov. 10,
2005, each of which is incorporated herein by reference in its
entirety for all purposes.
[0002] U.S. patent application Ser. No. 11/418,380 is one of a set
of related U.S. applications filed May 3, 2006, the set including:
U.S. patent application Ser. No. 11/418,385 (now abandoned), Ser.
No. 11/418,381 (now U.S. Pat. No. 7,609,159), Ser. No. 11/418,380
(now U.S. Pat. No. 7,656,286), Ser. No. 11/418,472 (now abandoned),
Ser. No. 11/417,910 (now abandoned), Ser. No. 11/418,496 (now
abandoned), Ser. No. 11/417,887 (now U.S. Pat. No. 7,512,583), Ser.
No. 11/418,448 (now U.S. Pat. No. 7,526,455), Ser. No. 11/418,382
(now abandoned), Ser. No. 11/418,395 (now abandoned), Ser. No.
11/418,447 (now abandoned), and Ser. No. 11/417,893 (now
abandoned). Each of the set is incorporated by reference in its
entirety.
BACKGROUND
Field
[0003] The field of the invention relates to wireless surveillance
and tracking. More particularly, the invention relates to
monitoring the state of potentially hostile environments and threat
assessment.
Description of the Related Technology
[0004] In the aftermath of Sep. 11, 2001 (9/11), studies have
focused on what could have been done before, during and after;
either to have prevented it from happening or reduced the
destruction and casualties. Two fundamental weaknesses have been
identified: 1) the failure to gather, process and disseminate early
indicators in an efficient manner, and 2) the lack of a common,
interoperable communications platform for distributing all forms of
information. Furthermore, the 9/11 attack pointed out the fact that
virtually every building, vehicle, public venue and person,
regardless of where it is in the world, is potentially vulnerable
as a future target. Thus, there is a need for improved systems and
methods for controlling security risks.
SUMMARY
[0005] The system, method, and devices of the invention each have
several aspects, no single one of which is solely responsible for
its desirable attributes. Without limiting the scope of this
invention, its more prominent features will now be discussed
briefly. After considering this discussion, and particularly after
reading the section entitled "Detailed Description of Certain
Embodiments" one will understand how the features of this invention
provide advantages over other error management solutions.
[0006] An embodiment of this invention provides a trusted and
highly reliable self-contained computer-controlled sensing device
that can be configured to monitor any object with a variable number
of sensors. Some aspects provide tempest construction and remote
re-programmability. Thus some embodiments may be deployed for
virtually any application from home security to aircraft
security.
[0007] One embodiment is a surveillance system including a
plurality of sensors configured to provide environmental and
spatial data, and an electronic device configured to receive the
sampled environmental and spatial data from the sensors. The
electronic device is further configured to receive monitoring
instructions, and to use the received monitoring instructions to
process the received environmental and spatial data.
[0008] Another embodiment is a monitoring system including a
plurality of sensors configured to sense information, and an
electronic device configured to receive data from the sensors. The
electronic device is configured to determine an alarm condition
based upon the received data, and the electronic device compares
the received data to a range of acceptable values and conducts a
self-diagnosis prior to transmitting the alarm condition to a
remote device.
[0009] Another embodiment is a monitoring system including a
plurality of sensors configured to sense information, and an
electronic device configured to receive data from the sensors. The
electronic device is configured to determine an alarm condition
based upon the received data, and the electronic device determines
a state of reliability of the sensor that the data is received
from, and conducts a self-diagnosis based on the determined state
of reliability prior to transmitting the alarm condition to a
remote device.
[0010] One embodiment is a surveillance system including a
plurality of sensors configured to sample environmental and spatial
conditions, and an electronic device configured to receive data
from the sensors. The electronic device is further configured to
monitor the received data for anomalies by comparing the received
data to a range of acceptable values, and the electronic device
includes a motion sensor configured to detect unauthorized contact
with the electronic device.
[0011] Another embodiment is a system including a sensor configured
to sample environmental and spatial conditions, where the sensor
includes a motion sensor. The system also includes an electronic
device configured to receive data from the sensor and to determine
integrity of the received data. The electronic device is further
configured to monitor data received from the motion sensor to
detect unauthorized contact with the sensor.
[0012] Another embodiment is a surveillance system including a
plurality of sensors configured to sample environmental and spatial
conditions, and an electronic device configured to receive data
from the sensors. The electronic device is further configured to
monitor the received data, and the electronic device includes a
motion sensor. The electronic device is further configured to
transmit an alarm condition to a remote device if the motion sensor
data indicates that the electronic device moves outside of a
pre-defined area.
[0013] Another embodiment is a monitoring system including at least
one sensing device including a plurality of sensors including a
motion sensor, and an electronic device configured to receive data
from the sensing device. The electronic device is further
configured to monitor the received data and to determine integrity
of the received data. The electronic device further is configured
to monitor data received from the motion sensor to detect movement
of the sensing device, and the electronic device is further
configured to transmit an alarm condition to a remote device if the
motion sensor data indicates that the sensing device moves outside
of a pre-defined area.
[0014] Another embodiment is a system including a plurality of
sensors, and an electronic device configured to receive data from
the sensors, where the electronic device is configured to transmit
sensor data in a secure manner to a remote server, and where the
electronic device includes a sensor for detecting jamming.
[0015] One embodiment is a system including a plurality of sensors,
and an electronic device including at least two redundant
processors each configured to receive data from the sensors and
determine an alarm condition. The electronic device confirms
determination of an alarm condition by both processors before
generating an alarm signal.
[0016] Another embodiment is a surveillance system including a
plurality of redundant sensors, and an electronic device configured
to receive data from at least two of the redundant sensors and
determine an alarm condition based on redundant data received from
each of the redundant sensors. The electronic device confirms
determination of an alarm condition by a majority of the redundant
sensors before generating an alarm signal.
[0017] Another embodiment is a system including at least one sensor
configured to sample environmental and spatial conditions and to
transmit the sampled data over a plurality of communication links
to an electronic device, and an electronic device configured to
receive data from the sensors over the two communication links and
determine integrity of the data received over the two communication
links. The electronic device determines one of the communication
links to be unreliable based on the integrity of the data
received.
[0018] Another embodiment is a redundant surveillance system
including a first monitoring device configured to receive data over
a first communication link, a second monitoring device configured
to receive data over a second communication link, and a plurality
of redundant sensors in a secure container configured to sample
environmental and spatial conditions configured to transmit the
sampled data over a the first communication link to the first
monitoring device. The redundant sensors are configured to receive
confirmation of receipt of the data from the first monitoring
device over the first communication link, and where the redundant
sensors are configured to transmit the sampled data to the second
monitoring device over the second communication link to the second
monitoring device.
[0019] One embodiment is a monitoring system, where the monitoring
system includes a plurality of communication devices that are
authorized to communicate in the monitoring system. The system also
includes a plurality of sensors authorized and configured to
communicate in the monitoring system, and an electronic device
authorized to communicate in the monitoring system and configured
to receive data in a secure manner from the sensors when a task
authorization message is received and authenticated as having been
transmitted from a remote master device authorized to communicate
in the monitoring system. The task authorization message includes
information identifying at least the sensor from which to receive
the data, and the electronic device authenticates and encrypts the
received data prior to transmitting the received data to the remote
master device.
[0020] Another embodiment is a monitoring system, where the
monitoring system includes a plurality of communication devices
that are configured to communicate in a secure manner in the
monitoring system, the system including a plurality of non-system
sensors configured to sense information, where the non-system
sensors are not authorized to communicate securely in the
monitoring sensor, and an electronic device authorized to
communicate in the monitoring system and configured to receive data
from the non-system sensors when a task authorization message is
received and authenticated as having been transmitted from a remote
master device authorized to communicate in the monitoring system.
The task authorization message includes information identifying at
least the non-system sensor from which to receive the data, and the
electronic device authenticates and encrypts the received data
prior to transmitting the received data to the remote master
device.
[0021] Another embodiment is a monitoring system, where the
monitoring system includes a plurality of communication devices
that are authorized to communicate in the monitoring system. The
system also includes a plurality of sensors configured to sense
information, where the sensors are authorized and configured to
communicate in the monitoring system, and where the sensors are
configured to be in a sleep mode until activated by a task
authorization message received from a master device authorized to
communicate in the monitoring system, and an electronic master
device authorized to communicate in the monitoring system and
configured to transmit a task authorization message to the sensors.
The task authorization message includes information identifying at
least the sensor from which to receive sensed information, and
where the sensor encodes a digital signature and encrypts the
sensed information prior to transmitting the sensed information to
the electronic master device.
[0022] Another embodiment is a monitoring system, where the
monitoring system includes a plurality of communication devices
that are authorized to communicate in the monitoring system, where
the system includes a plurality of sensors, and an electronic
device authorized to communicate in the monitoring system and
configured to receive data from the sensors when a task
authorization message is received and authenticated as having been
transmitted from a remote master device authorized to communicate
in the monitoring system. The task authorization message includes
information identifying at least the sensor from which to receive
the data, the electronic device authenticates and encrypts the
received data prior to transmitting the received data to the remote
master device via a first communication pathway, and the electronic
device is configured to confirm receipt of the transmitted data by
the remote master device.
[0023] One embodiment is a monitoring system including an
environmental sensor configured to detect environmental information
associated with an object, an identification sensor configured to
identify the object, a timing device configured to provide time
information including a time of day and a date, a location sensor
configured to receive location information, and an electronic
device configured to receive data from the environmental sensor,
the identification sensor, the timing device and the location
sensor. The electronic device is further configured to transmit the
received data such that the timing information, object
identification information, the location information and the
environmental information can be linked together, where the linked
data is transmitted to a remote device in a secure manner.
[0024] Another embodiment is a container monitoring system
including a plurality of sensors configured to detect environmental
information about an area inside or outside the container, a timing
device configured to provide time information including a time of
day, a location sensor configure to receive location information,
and an electronic device configured to receive data from the
plurality of sensors, the timing device and the location sensor.
The electronic device is further configured to transmit the
received data such that the timing information, the location
information and the environmental information is synchronized,
where the synchronized data is transmitted to a remote device in a
secure manner.
[0025] Another embodiment is a portable monitoring system including
a tempest constructed housing to provide shielding for enclosed
devices. The housing encloses an environmental sensor configured to
detect environmental information, a timing device configured to
provide time information including a time of day and a date, a
location sensor configured to receive location information, and an
processor configured to receive data from the environmental sensor,
the timing device and the location sensor. The electronic device is
further configured to transmit the received data such that the
timing information, object identification information, the location
information and the environmental information is synchronized,
where the synchronized data is transmitted to a remote device in a
secure manner.
[0026] One embodiment is a system including a plurality of sensors,
a remote device configured to transmit secure instructions, and an
electronic device configured to receive data from the sensors. The
electronic device is further configured to receive the secure
instructions from the remote device, where the secure instructions
direct the electronic device to receive data from one or more of
the sensors.
[0027] Another embodiment is a method including receiving data at
an electronic device from a first sensor, and receiving
instructions from a remote device, where the instructions direct
the electronic device to receive data from a second sensor instead
of the first sensor. The method also includes discontinuing the
receiving of data from the first sensor, and receiving data at the
electronic device from the second sensor.
[0028] Another embodiment is a system including a plurality of
sensors, a remote device configured to transmit encrypted
monitoring instructions, and an electronic device configured to
receive data from the sensors. The electronic device is further
configured to receive and decrypt the monitoring instructions from
the remote device via a network, where the monitoring instructions
include a monitoring schedule for one or more of the plurality of
sensors, and the electronic device is configured to received data
from the sensors in accordance with the received monitoring
schedule.
[0029] Another embodiment is a method including receiving an
encrypted monitoring schedule from a remote device, where the
monitoring schedule defines a sensing schedule for a plurality of
sensors and where the monitoring schedule identifies at least one
alarm threshold. The method also includes decrypting the monitoring
schedule, receiving data from one or more sensors based upon the
received sensing schedule, determining an alarm condition based
upon the alarm threshold and data received from the sensor,
encrypting notification of the alarm condition, and transmitting
the encrypted notification of the alarm condition to the remote
device.
[0030] Another embodiment is a system including a plurality of
sensors, a remote device configured to transmit encrypted
monitoring instructions, where the encrypted monitoring
instructions include a tolerance range for at least one of the
sensors, and an electronic device configured to receive sensor data
from the sensors. The electronic device is further configured to
receive, authenticate and decrypt the encrypted monitoring
instructions from the remote device, the electronic device
configured to compare the sensor data to the received tolerance
range.
[0031] Another embodiment is a method including receiving encrypted
monitoring instructions from a remote device, where the monitoring
instructions include a tolerance range for sensed data from at
least one sensor. The method also includes decrypting the
monitoring instructions, determining whether the sensed data are
within the identified tolerance range, and transmitting an
encrypted alarm signal to the remote device when the sensed data
falls outside the identified tolerance range.
[0032] Another embodiment is a system including a plurality of
sensors, a remote device configured to transmit encrypted
monitoring instructions, where the encrypted monitoring
instructions identify one or more of the plurality of sensors. The
system also includes a sensing schedule, and one or more alarm
thresholds, and an electronic device configured to receive sensor
data from the sensors in accordance with the sensing schedule. The
electronic device is further configured to receive and decrypt the
monitoring instructions, and to identify alarm conditions based
upon the identified alarm thresholds and sensed data from the
sensors.
[0033] Another embodiment is a method including receiving encrypted
monitoring instructions from a remote device, where the monitoring
instructions include a tolerance range for sensed data from at
least one sensor. The method also includes decrypting the
monitoring instructions, determining whether the sensed data are
within the identified tolerance range, and transmitting an
encrypted alarm signal to the remote device when the sensed data
falls outside the identified tolerance range.
BRIEF DESCRIPTION OF THE DRAWINGS
[0034] FIG. 1A illustrates an example of a communication system for
providing redundant communications between one or more master units
and one or more remote sensor units.
[0035] FIG. 1B illustrates another example of a communication
system between communication devices.
[0036] FIG. 2 is a functional block diagram of certain components
of a master unit.
[0037] FIG. 3 is a functional block diagram of certain components
of a remote sensor unit.
[0038] FIG. 4 is a flowchart illustrating certain blocks in a
method of processing communications in a master unit.
[0039] FIG. 5 is a flowchart illustrating certain blocks in a
method of processing communications in a remote sensor unit.
[0040] FIG. 6A is a data packet that may be used in communicating
messages to/from the master units, the central data collection
servers and/or the remote sensor units.
[0041] FIG. 6B is a data packet that may be used in communicating
sampled sensor data from the sensor unit to the master unit.
[0042] FIG. 7 is an example of a data package for communicating
between a master unit and a base station.
[0043] FIG. 8 is a master unit task assignment script for
communicating task assignments to a master unit.
[0044] FIG. 9 is an example of a data collection unit housing.
[0045] FIG. 10 depicts an example of placement of a data collection
unit within a shipping container.
[0046] FIG. 11A to 11C show example embodiments of positioning of
data collection units for use in the global communication system of
FIGS. 1A and 1B.
DETAILED DESCRIPTION
[0047] Methods and apparatus for monitoring remotely located
objects with a system comprised of at least one master data
collection unit, any number of remote sensor units, and a central
data collection server are described. The master unit can be
configured to monitor any object, mobile or stationary, including
monitoring multiple remote sensor units associated with the objects
being monitored. The master unit may be in a fixed location, or
attached to a mobile object. The master unit can be configured for
monitoring objects that enter and leave the area where it is
located. The master unit may act as a parent controller for one or
more child devices, wherein the child devices can be remote sensors
or monitors of various measurable conditions including
environmental conditions, substance identification, product
identification and biometric identification. The master unit may be
able to discover new remote sensor units as they enter or leave the
area where the master unit is located. The master unit may be able
to be remotely reprogrammed. The reprogramming may be accomplished
with authenticated instructions.
[0048] The remote sensor units are configured to communicate with
the master unit. The communication can be over a secure
communication link. Remote sensors can be commanded to provide
monitored information to the master unit on an as needed basis, on
a fixed time basis or in other ways. Remote sensor units may be
connected to various peripheral measuring devices.
[0049] The central data collection server is connected to the
master unit via one or more communication links. The central data
collection server can send instructions to the master unit over the
one or more communication links. The instructions can include
monitoring task instructions, reprogramming instructions,
diagnostic test instructions and others.
[0050] Redundancy of system elements adds to the reliability of the
system. In some embodiments, each unit (e.g., central data
collection servers, master units and remote sensor units can
communicate over at least two communication links to at least two
other entities. In some embodiments, independent (redundant)
encryption key exchanges are used for all messaging between the
various units. In some embodiments redundant power supplies are
used for the units.
[0051] What follows is the description of a universal "black-box"
surveillance device capable of use in buildings, bridges, vehicles
or containers so as to create a uniform surveillance infrastructure
across all vertical applications. Each device would be configured
to sample, transmit and process phenomena in exactly the same
manner so as to eliminate the notorious problem with data
analysis--comparing `apples` data to `oranges` data. By
standardizing all common processes, this invention overcomes the
stovepipe nature of traditional solutions and opens the door to
near real-time sharing of early-warning data. Indeed, managers of
critical infrastructure are increasingly acknowledging their
interdependence and desire to collaborate on the creation of a 360
degree surveillance capability built for interoperability with a
goal of prevention.
[0052] In the following description, specific details are given to
provide a thorough understanding of the disclosed methods and
apparatus. However, it will be understood by one of ordinary skill
in the art that the disclosed methods and apparatus may be
practiced without these specific details. For example, electrical
components may be shown in block diagrams in order not to obscure
certain aspects in unnecessary detail. In other instances, such
components, other structures and techniques may be shown in detail
to further explain certain aspects.
[0053] It is also noted that certain aspects may be described as a
process, which is depicted as a flowchart, a flow diagram, a
structure diagram, or a block diagram. Although a flowchart may
describe the operations as a sequential process, many of the
operations can be performed in parallel or concurrently and the
process can be repeated. In addition, the order of the operations
may be re-arranged. A process is terminated when its operations are
completed. A process may correspond to a method, a function, a
procedure, a subroutine, a subprogram, etc. When a process
corresponds to a function, its termination corresponds to a return
of the function to the calling function or the main function.
[0054] FIG. 1A illustrates an example of an infrastructure of a
communication system for providing redundant communications between
one or more master units and one or more remote sensor units. The
example illustrated is a cargo ship with multiple shipping
containers 100. The shipping containers 100 may each have one or
more master data collection units 105 (each container is depicted
with one master unit 105 in this example). The containers contain
objects (not shown) that may contain remote sensing units (not
shown) attached to the objects. Additionally, remote sensing units
110 may be positioned at other areas in and/or outside the
containers. In some cases a device may be connected to a plurality
of antennae to overcome positioning problems (e.g., containers
stacked on a ship).
[0055] Preferably, the remote sensor units 110 and the master units
105 communicate over two or more channels to one or more other
communication links to two or more communication devices. As
discussed above, the master units 105 communicate with one or more
remote sensor units 110. However, the master units 105 can also
communicate with various other communication devices and/or
networks, either for the purpose of collecting data or relaying
data to another device with a more robust direct communication
channel, serving as a peer-to-peer or ad hoc-network. For example,
the communication link 1 shows a master unit 105 communicating with
another master unit 105. Communication link 2 shows a master unit
105 communicating with a satellite relay 115. The communication
link 5 illustrates a master unit 105 communicating with a land or
sea based antenna relay 120. The communication links 2a and 3
depict a remote sensor unit 110 communicating with two relay
satellites 115. Communication link 1a depicts a remote sensor unit
110 communicating with another remote sensor unite 110 (e.g., a
relay station). By having the secondary communication links 1, la,
2, 2a, 3, and 5, the instructions and/or responses to instructions
can be forwarded to the intended remote sensor unit 110 or master
unit 105. For example, a master unit 105 can communicate with the
land or sea based antenna 120 which can then forward the
communication to a second master unit 105 via a communication link
5a.
[0056] Intermediary relay stations may also be used in forwarding
messages. For example, the remote sensor 110a may communicate a
monitoring measurement to the relay satellite 115 on communication
link 3, which the forwards the message to an on-ship intermediary
satellite receiver via communication link 6a. The intermediary
on-ship receiver can then forward the message to the master unit
105 (e.g., the master unit that requested a measurement from the
remote sensor) via communication link 6. Other types of
communication links not shown in FIG. 1 that can be part of the
redundant communication infrastructure include cellular telephone
networks, LANs (wired or wireless local area networks), WANs, and
wired networks (for fixed location units).
[0057] FIG. 1B illustrates another example of a communication
system between communication devices. The communication system can
represent communication flow at multiple levels. In one embodiment
the master unit 105 serves as a data collection server and
communicates with one or more of the remote sensor units 110 that
serve as trusted monitoring devices. At another level, the data
collection server can be a central data collection server 125 that
communicates with one or more master units 105 that serve as the
trusted monitoring devices. Communications can be direct between
the data collection server (105 or 125) and the trusted monitoring
devices (110 or 105). Communications can also be relayed via one or
more relay stations such as the relay satellites 115 and the
antennas 120.
[0058] Redundancy of communication as illustrated by the various
communication links of FIG. 1A is only one level of redundancy
offered in some embodiments. Further reliability is afforded by
other redundancy built into the master units and remote sensor
units. FIG. 2 is a functional block diagram of certain components
of a master unit, such as the master units 105 discussed above. The
master unit system 200 preferably includes a redundant
microprocessor component 202. However, a single microprocessor unit
202 could be utilized. The microprocessor 202 may be one or more of
any conventional general purpose single- or multi-chip
microprocessor such as a Pentium.RTM. processor, Pentium II.RTM.
processor, Pentium III.RTM. processor, Pentium IV.RTM. processor,
Pentium.RTM. Pro processor, a 8051 processor, a MIPS.RTM.
processor, a Power PC.RTM. processor, or an ALPHA.RTM. processor.
In addition, the microprocessor 202 may be one or more of any
conventional special purpose microprocessor such as a digital
signal processor. The microprocessor 202 is linked to various other
modules on the master unit system 200 with conventional address
lines, conventional data lines, and/or conventional control lines
for purposes of data transfer, instruction reception and
transmission and data processing.
[0059] Memory is provided by a memory component 204 and/or a data
storage unit 206. Preferably, both the memory component 204 and the
data storage unit 206 provide redundancy in the form of spatial
redundancy (different portions of the same medium), or unit
redundancy where two separate devices contain redundant data.
Memory refers to electronic circuitry that allows information,
typically computer data, to be stored and retrieved. Memory can
refer to external devices or systems, for example, disk drives or
tape drives. Memory can also refer to fast semiconductor storage
(chips), for example, Random Access Memory (RAM) or various forms
of Read Only Memory (ROM), that are directly connected to the
processor. Other types of memory include bubble memory and core
memory. Memory also includes storage devices (internal or external)
including flash memory, optical memory and magnetic memory.
[0060] The master unit system 200 is comprised of various modules
208-228. As can be appreciated by one of ordinary skill in the art,
each of the modules 208-228 comprise various sub-routines,
procedures, definitional statements, and macros. Each of the
modules 208-228 are typically separately compiled and linked into a
single executable program. Therefore, the following description of
each of the modules 208-228 is used for convenience to describe the
functionality of the master unit system 200. Thus, the processes
that are undergone by each of the modules 208-228 may be
arbitrarily redistributed to one of the other modules, combined
together in a single module, or made available in a shareable
dynamic link library. Further each of the modules 208-228 could be
implemented in hardware.
[0061] A networking circuitry module 208 contains logic and or
circuitry for communication of various communication links such as
the communication links 1 through 6 and 1a through 6a discussed
above in reference to FIG. 1A. The networking circuitry module 208
may include circuitry for communicating over wireless communication
links that may comprise, for example, part of a code division
multiple access (CDMA or CDMA2000) communication system, a
frequency division multiple access (FDMA) system, an orthogonal
frequency division multiple access (OFDM) system such as WiMax
(IEEE 802.16x), a time division multiple access (TDMA) system such
as GSM/GPRS (General Packet Radio Service)/EDGE (enhanced data GSM
environment) or TETRA (Terrestrial Trunked Radio) mobile telephone
technology for the service industry, a wideband code division
multiple access (WCDMA), a high data rate (1.times.EV-DO or
1.times.EV-DO Gold Multicast) system, or in general any wireless
communication system employing a combination of techniques. The
networking circuitry module 208 may include circuitry for
communicating over wired communication links that may comprise, for
example, co-axial cable, fiber-optic cable and others.
[0062] An alarm module 210 contains circuitry for receiving
notification, via pushed messaging or through periodic monitoring
of data from various alarm sensors. Alarm sensors may be linked via
wired and or wireless communication links. The alarm sensors may
monitor audible (audio) signals, visual (video) signals, or on/off
type of alerts such as door locks, intruder alerts etc.
[0063] An external ports module 212 may provide I/O to various
external devices including input/output devices, display devices,
printers, cameras, antennas and remote sensors. Preferably,
redundant wireless communication links are also provided, via the
networking circuitry module 208, for any of the external devices
connected via the external ports. Typically, the wired external
devices are connected to the computer using a standards-based bus
system. In different embodiments of the present invention, the
standards based bus system could be Peripheral Component
Interconnect (PCI), Microchannel, SCSI, Industrial Standard
Architecture (ISA) and Extended ISA (EISA) architectures.
[0064] An air circulation component 214 may have multiple input
ports for sampling air from various sources. Ducting is connected
to the ports to be located in various areas of the monitored area.
The air intake system includes a fan, a vacuum or other means of
moving air so as to supply one or more sensors with unadulterated
samples. Details of the air intake analysis system are discussed
below.
[0065] A global positioning system (GPS) 216 is used to track the
location of the master unit. The GPS module may be connected to an
external antenna in situations where the master unit is housed in a
shielded container or location. The GPS system can also receive
measurements from remote sensor units that contain GPS tracking
ability. Thus, multiple objects can be tracked by the same master
unit. In addition, multiple sensor units containing GPS capability
can combine their satellite signals in order to speed up
convergence and capture of the necessary number of GPS satellites.
GPS signals may also be combined with other signals to further
refine the exact location of the object.
[0066] Instructions refer to computer-implemented steps for
processing information in the system. Instructions can be
implemented in software, firmware or hardware and include any type
of programmed step undertaken by components of the system.
Instructions received by and transmitted by the master unit 200 are
typically encrypted. A digital certificate storage and
authentication module 218 is used to establish secure connections
with the multiple remote sensor units, relay units, intermediary
units and central data collection servers of the global system
shown in FIG. 1A. An encryption and decryption module 220 is used
to encrypt messages transmitted by and decrypt messages received by
the master unit 220. Redundant encryption keys can be used over the
redundant channels for added security. The type of encryption for a
given task shall be defined by the Assignment Script discussed
below in reference to FIG. 8.
[0067] An on-board power management module 222 is used to monitor
batteries, backup batteries, and/or fuel cells as well as external
power source reliability and variability. The state of all power
sources is monitored at periodic intervals for both quantity and
quality so as to get early warning of future operational
limitations.
[0068] An external power module 224 is used to convert power from
multiple sources for use when available. The power module 224 can
sense when the master unit is plugged into various voltage levels,
AC and/or DC sources in order to power the unit in multiple areas
of the world having different power levels and reliability.
Filtering can be used to smooth out power surges in areas where the
external power is unreliable. Switching to internal power can be
automated when power spikes or power loss is detected. An
uninterruptible power supply is preferred. In some embodiments,
anomalies in the power supply are logged and reported to the
central data collection server.
[0069] The remote control of door/orifice entry/exit can be
monitored/controlled by module 226. The master unit can control the
unlocking and or opening of doors using electro-mechanical,
pneumatic devices or other means known to those in the art.
[0070] A suite of remote sensor command and control modules 228A to
228K, preferably all redundant, are used to connect peripherals
directly to the master unit or to allow the master unit to interact
with the remote sensors. The various remote sensor types will be
presented below. Additional remote sensor suites can be added to
the master unit by recognizing the presence of a new remote sensor.
For example, the new remote sensor may be recognized by monitoring
for and receiving an identification signal broadcast by the new
remote sensor. The identification signal may contain identification
information that identifies a type of sensor, a model number etc.
The master unit can conduct authentication of the new remote sensor
or transmit the identification information to a central server for
evaluation and/or approval to communicate with the new sensor. The
server can then send a new assignment script that includes new
instructions for adding the new remote sensor to the monitoring
schedule of the master unit. Additionally, new remote sensor slots
can be added by remote programming in order to enhance the number
of remote sensors that the master unit can recognize and/or command
and interact with. In some embodiments, empty slots in the master
device can be filled with new sensors or external, remote child
sensors units can communicate with the master. Preferably, any
sensor is first authenticated prior to communicating with a second
device.
[0071] FIG. 3 is a functional block diagram of certain components
of a remote sensor unit, such as the remote sensor units 105
discussed above. The remote sensor unit system 300 preferably
includes a redundant microprocessor component 302. However, a
single microprocessor unit 302 could be utilized. The
microprocessor 302 may be one or more of any conventional general
purpose single- or multi-chip microprocessor such as a Pentium.RTM.
processor, Pentium II.RTM. processor, Pentium III.RTM. processor,
Pentium IV.RTM. processor, Pentium.RTM. Pro processor, a 8051
processor, a MIPS.RTM. processor, a Power PC.RTM. processor, or an
ALPHA.RTM. processor. In addition, the microprocessor 302 may be
one or more of any conventional special purpose microprocessor such
as a digital signal processor. The microprocessor 302 is used as
the main computing source of various other modules on the remote
sensor unit system 300 with conventional address lines,
conventional data lines, and/or conventional control lines for
purposes of data transfer, instruction reception and transmission
and data processing. In some embodiments, the remote sensor unit
acts as a slave device to the master unit, e.g., only doing a
subset of the master device functions, e.g., not communicating with
the central data collection server directly.
[0072] Memory is provided by a memory component 304 and/or a data
storage unit 306. Preferably, both the memory component 304 and the
data storage unit 306 provide redundancy in the form of spatial
redundancy (different portions of the same medium), or unit
redundancy where two separate devices contain redundant data.
Memory refers to electronic circuitry that allows information,
typically computer data, to be stored and retrieved. Memory can
refer to external devices or systems, for example, disk drives or
tape drives. Memory can also refer to fast semiconductor storage
(chips), for example, Random Access Memory (RAM) or various forms
of Read Only Memory (ROM), that are directly connected to the
processor. Other types of memory include bubble memory and core
memory. Memory also includes storage devices (internal or external)
including flash memory, optical memory and magnetic memory.
[0073] The remote sensor unit system 300 is comprised of various
modules 308-324. As can be appreciated by one of ordinary skill in
the art, each of the modules 308-324 comprise various sub-routines,
procedures, definitional statements, and macros. Each of the
modules 308-324 are typically separately compiled and linked into a
single executable program. Therefore, the following description of
each of the modules 308-324 is used for convenience to describe the
functionality of the remote sensor unit system 300. Thus, the
processes that are undergone by each of the modules 308-324 may be
arbitrarily redistributed to one of the other modules, combined
together in a single module, or made available in a shareable
dynamic link library. Further each of the modules 308-324 could be
implemented in hardware.
[0074] A networking circuitry module 308 contains logic and or
circuitry for communication of various communication links such as
the communication links 1 through 6 and 1a through 6a discussed
above in reference to FIG. 1A. The networking circuitry module 308
may include circuitry for communicating over wireless communication
links that may comprise, for example, part of a code division
multiple access (CDMA or CDMA2000) communication system, a
frequency division multiple access (FDMA) system, an orthogonal
frequency division multiple access (OFDM) system such as WiMax
(IEEE 802.16x), a time division multiple access (TDMA) system such
as GSM/GPRS (General Packet Radio Service)/EDGE (enhanced data GSM
environment) or TETRA (Terrestrial Trunked Radio) mobile telephone
technology for the service industry, a wideband code division
multiple access (WCDMA), a high data rate (1.times.EV-DO or
1.times.EV-DO Gold Multicast) system, or in general any wireless
communication system employing a combination of techniques. The
networking circuitry module 308 may include circuitry for
communicating over wired communication links that may comprise, for
example, co-axial cable, fiber-optic cable and others.
[0075] An external ports module 312 may provide I/O to various
external devices including input/output devices, display devices,
printers, cameras, antennas and remote sensors. Preferably,
redundant wireless communication links are also provided, via the
networking circuitry module 308, for any of the external devices
connected via the external ports. Typically, the wired external
devices are connected to the computer using a standards-based bus
system. In different embodiments of the present invention, the
standards based bus system could be Peripheral Component
Interconnect (PCI), Microchannel, SCSI, Industrial Standard
Architecture (ISA) and Extended ISA (EISA) architectures.
[0076] An air circulation component 314 may have multiple input
ports for sampling air from various sources. Ducting is connected
to the ports to be located at various locations of the monitored
area. The air intake system includes a fan, a vacuum or other means
of moving air so as to supply one or more sensors with
unadulterated samples.
[0077] A global positioning system (GPS) 316 is used to track the
location of the remote sensor unit. The GPS module may be connected
to an external antenna in situations where the master unit is
housed in a shielded container or location. The GPS system can also
receive measurements from other remote sensor units that contain
GPS tracking ability and are in range of the remote sensor unit.
Signal levels can be used to estimate ranges to other remote sensor
units containing GPS modules 318. In addition, multiple sensor
units containing GPS capability can combine their satellite signals
in order to accelerate acquisition of the necessary number of GPS
satellites.
[0078] Instructions received by and transmitted by the remote
sensor unit 300 are typically encrypted. A digital certificate
storage and authentication module 318 is used to establish secure
connections with the multiple remote sensor units, relay units,
intermediary units and central data collection servers of the
global system shown in FIG. 1A. An encryption and decryption module
320 is used to encrypt messages transmitted by and decrypt messages
received by the master unit 220. Redundant encryption keys can be
used over the redundant channels for added security.
[0079] An on-board power management module 322 is used to monitor
batteries, backup batteries, and/or fuel cells as well as external
power source reliability and variability. In some embodiments,
anomalies in the power supply are logged and reported to a
controlling master unit or forwarded to another communication
device as in a peer-to-peer and/or ad hoc network.
[0080] An external power module 324 is used to convert power from
multiple sources for use when available. The power module 324 can
sense when the master unit is plugged into various voltage levels,
AC and/or DC sources in order to power the unit in multiple areas
of the world having different power levels and reliability.
Filtering can be used to smooth out power surges in areas where the
external power is unreliable. Switching to internal power can be
automated when power spikes or power loss is detected. An
uninterruptible power supply is preferred.
[0081] FIG. 4 is a flowchart illustrating certain blocks in a
method of processing communications in a master unit. The process
400 typically starts in a hibernation state. The master unit then
transfers out of the hibernation state to step 410 in order to
monitor one or more communication links for incoming instructions
(e.g., from the central data collection server 125 in FIG. 1B).
Monitoring for incoming instructions at step 410 can be continuous,
periodic, or random. If no instruction is received at step 410, the
process 400 proceeds to step 415 where it returns to the
hibernation state. If instructions are received at step 410, the
process 400 proceeds to step 420.
[0082] Step 420 involves authenticating the server from which the
received instructions originated. Authentication can include known
techniques such as digital IDs with corresponding digital
signatures. If the authentication shows that the received message
is authentic, the process 400 continues to step 425. However if the
authentication shows the instructions to be false, the process 400
can return to the hibernation state or return to step 410 to detect
another incoming instruction. Details of authentication will be
discussed below in relation to FIGS. 6 and 7.
[0083] If the received instructions are authenticated at step 420,
the process can continue at one or more other steps 430 to 445,
depending on the received instructions. The instructions are
preferably encrypted and the authenticating device decrypts the
instructions before performing and/or instructing other devices to
perform the tasks. The instruction may direct the master unit to
conduct diagnostic tests, step 430, query and authenticate
subsystem modules, components and/or remote sensor units, step 435,
execute tasks defined in a script, step 440, and/or transmit data
packages to one or more remote servers. After completing the
instructed tasks the process 400 generally proceeds to step 415 and
returns to the hibernation state. Details of the various actions
taking place in the steps shown in FIG. 4 will be discussed below
in relation to the individual tasks performed by the master
unit.
[0084] Instructions received by the master unit while performing
the process 400 may require the master unit to transmit
instructions to one or more of the remote servers. Additionally,
the master unit may be programmed to transmit instructions to
remote sensors autonomously without receiving command
instructions.
[0085] FIG. 5 is a flowchart illustrating certain blocks in a
method of processing instructions in a remote sensor unit. In this
example, the instructions pertain to sampling a sensor measurement
and transmitting the sampled data to the master unit. It should be
noted, that the sensor unit can also be instructed to perform
processing to that shown in FIG. 4 (e.g., diagnostic tests,
reprogramming, etc.) The process 500 typically starts in a
hibernation state. The master unit then transfers out of the
hibernation state to step 510 in order to monitor one or more
communication links for incoming instructions (e.g., from the
master unit 105 in FIGS. 1A and 1B). Monitoring for incoming
instructions at step 510 can be continuous, periodic, or random. If
no instruction is received at step 510, the process 500 proceeds to
step 515 where it returns to the hibernation state. If instructions
are received at step 510, the process 500 proceeds to step 520.
[0086] Step 520 involves providing the master unit with the remote
sensor unit's digital ID/signature, thus authenticating the remote
sensor to the master unit that sent the instructions.
Authentication can include known techniques such as digital IDs
with corresponding digital signatures. The master unit can perform
the authentication of the remote sensor's response and determine
whether or not to use the forthcoming sensor data. Authentication
of the master unit to the remote sensor can also be done at step
520. The master unit will provide a digital ID/signature in the
instruction message received at step 510 and the remote sensor will
authenticate the master unit. This two-way type of authentication
protects both the master unit and the remote sensor from being
hacked. If the authentication shows that the received message is
from an authentic master unit, the process 500 continues to step
525. However if the authentication shows the instructions come from
an unauthentic master unit, the process 500 can return to the
hibernation state or return to step 510 to detect another incoming
instruction. Details of authentication will be discussed below in
relation to FIGS. 6 and 7.
[0087] If the received instructions are determined to be authentic
at step 520, the process can continue at step 525 where the remote
sensor unit samples one or more of the measurements that it is
equipped to sample. The remote sensor may be instructed to sample
for a certain time period or at a certain interval. If the sampling
is to be terminated at a certain time, as per predetermined or
received instructions, the sampling is stopped at step 530.
[0088] If the sampling is not stopped at step 530 (e.g., in a case
where a sampling measurement is continued indefinitely or at least
for a period of time longer than the time to update the master
unit), the remote sensor unit may periodically transfer the sampled
data to the master unit. Sampled data that is to be transferred to
the master unit is preferably encrypted at step 535. Prior to
transmitting the encrypted data, the remote sensor unit may proceed
to step 540 to authenticate the master unit on the one or more
communication channels that it will transmit the sampled data
on.
[0089] If the authentication handshake at step 540 (which may be a
two-way authentication) is completed successfully, the process 500
continues at step 545 where the sensor data is transmitted to the
master unit. In some embodiments, the transmitted data can be
digitally compressed. Various compression algorithms can be used to
remove the redundancy in the transmitted data, thereby saving time,
bandwidth, and/or power. After the sensor data is transmitted at
step 545, the process 500 may return to the hibernation state to
receive more instructions, or return to sampling the sensor data at
step 530. In one embodiment, the remote sensor (or any other
transmitting device) is configured to confirm receipt of the data
by the master unit (or any other receiving device). If the remote
sensor (or any other transmitting device) does not confirm receipt
of the data by the master unit (or any other receiving device), the
remote sensor can retransmit the data over a different
communication path (e.g., one of the available redundant
communication links). Redundant communication links may include any
of those discussed above. Details of the other actions taking place
in the steps shown in FIGS. 4 and 5 at the remote sensor unit will
be discussed below in relation to the individual tasks performed by
the sensor unit.
[0090] FIG. 6A is a data packet that may be used in communicating
messages to/from the master units, the central data collection
servers and/or the remote sensor units. The packet 600 includes a
packet header 602, a packet body 604 and a packet checksum 606. The
packet 600 is preferably encrypted as discussed above.
[0091] The packet header 602 can contain information necessary for
identifying such things as the length of the packet, the ID of the
recipient of the packet, the data stream ID that the packet is a
part of and other information known to those of skill in the
art.
[0092] The packet body 604 generally contains the message of the
packet. The packet body 604 may contain instructions as discussed
above, sensor measurement data etc. In some embodiments, the packet
body 604 comprises digitally compressed information.
[0093] The packet checksum 606 contains encoded information, e.g.,
a cyclic redundancy check (CRC), which is used to determine the
integrity of the packet when the packet is received. The checksum
may protect the integrity of data by being used to detect errors in
data that are sent through space (e.g., over a communication link)
or time (e.g., storage). A checksum may be calculated by simply
adding up the components of a message or a portion of a message. A
checksum may also be based on the body of the packet containing the
message or a portion of the message. Checksums may be an integer
number of bits or bytes. A checksum may also be based on a
cryptographic hash function. Unlike a simple additive checksum, a
hash function may enable detection of a reordering of the bits in a
message, inserting or deleting zero-valued bits or bytes and
multiple errors that cancel each other out.
[0094] FIG. 6B is a data packet that may be used in communicating
sampled sensor data from the sensor unit to the master unit as in
step 545 of the process 500. In this example, the packet 600A has a
packet header 602 that includes a digital signature field 608, a
task ID field 610 and a sensor ID and version field 612. The
signature field 608 contains the digital signature that is used to
authenticate the remote sensor to the master unit as in step 520 of
the process 500.
[0095] The Task ID field 610 contains a sequence number that is
used by the master unit to identify which task this message
contains a response for. The master units may be monitoring many
remote sensors, each of which may have several task IDs. The size
of the task ID field 610, if a fixed number of bits, should be
large enough to cover the largest number of simultaneous tasks that
the master unit expects to submit. The task ID field 610 could be
variable so as to allow expansion of the number of allowable task
IDs to grow as the number of remote sensors which the master unit
is control of grows.
[0096] The sensor identification field 612 contains information
identifying the identity of a particular remote sensor. The sensor
identification field 612 may contain indexed information that
identifies a number of items such as, for example, the type of
sensor (e.g., a temperature sensor, an air sampling sensor, a
biometric sensor, etc.), the serial number of the sensor to
distinguish from other sensors of the same type, and the version
number of the sensor to distinguish software and/or hardware
versions.
[0097] The packet 600A also contains fields 614 to 618. Field 614
contains the start date and time when the sampled measurements were
sampled. The field 616 contains the sampled data that was sampled
by the sensor from the start time to the stop time. The field 618
contains the stop date and time for the sampled data.
[0098] Field 620 contains the checksum that is used by the master
unit in verifying the integrity of the data packet 600A. If the
integrity is determined to be erroneous, then the master unit may
request that the remote sensor retransmit the message.
[0099] FIG. 7 is a data packet that may be used in communicating
data from the master unit to the central date collection server as
in step 445 of the process 400. In this example, the packet 700 has
a packet header 602 that includes a digital signature field 702, a
task script ID field 704 and a communication channel ID 706. The
signature field 702 contains the digital signature that is used to
authenticate the master unit to the central data collection
server.
[0100] The task script ID field 704 contains a sequence number that
is used by the central data collection server to identify which
task script this message contains a response for. Task scripts will
be discussed below in relation to FIG. 8. As with the task ID field
610, the size of the task script ID field 704, if a fixed number of
bits, should be large enough to cover the largest number of
simultaneous task scripts that may be active simultaneously.
[0101] The Communication channel ID field 706 is used for audit
trail tracking purposes. By combining the communication channel ID
field 706 with the master unit ID (contained in the master unit
digital signature field 702. Maintaining these audit trails may
allow identification of compromised or unreliable devices and/or
compromised communication channels. Maintaining audit trails may
also allow identification of which information was sent by which
device and when it was sent.
[0102] The packet body 604 of the packet 700 contains the fields
708 to 716 which contain the responses to the various script tasks
that the central data collection unit requested of the master unit.
The field 708 contains the start date and time for which the
message contains monitoring information. The field 710 contains the
data sampled from various sensors (two sensors A and B in this
example). The field 712 contains system status information. This
system status information may be the result of diagnostic test done
on the master unit modules and/or components, or they may be the
status of remote sensors that the master unit is the controlling
parent of. Field 714 contains information regarding errors or flags
identifying the errors. Such errors may include errors in
previously received task script instruction messages. Field 716
contains the stop date and time for the data contained in the
packet 700.
[0103] Field 718 contains the checksum that is used by the master
unit in verifying the integrity of the data packet 700. If the
integrity is determined to be erroneous, then the central data
collection unit may request that the remote sensor retransmit the
message.
[0104] FIG. 8 is a master unit task assignment script for
communicating task assignments to a master unit. The header
contains 10 fields containing information identifying the master
unit that the script is targeted for. The digital signature field
is used for authentication of the central data collection server
(or other issuing device) that issued the script instructions.
Other fields in the header may include a various task
classifications including a customer ID, a project ID, and the
targeted master unit ID. Other fields in the header may identify
the location of the master unit including a vessel or structure ID
and/or a location ID. Other header fields may include scheduling or
sequence number information such as a logistics number field, a
service start and/or stop time field, a field designating a
previous script to be replaced by the current script and a script
version number.
[0105] The body of the task assignment script assigns the tasks to
the master unit in the form of an inventory list of all actions and
devices approved to participate (or be utilized) in the current
job. The body fields 1 through 14 list monitoring tasks to be
performed utilizing preferably two remote sensors, designated
sensor A and sensor B in this script. The sensors A and B may be
pre-designated in a previous script or listed in the current script
(not shown in FIG. 8). The master unit will record the various
measurements of the service description tasks listed in the body of
the task assignment script and log in the other portions of the
inventory check list including a comparison check of sensor A to
sensor B (e.g., for identification of a faulty sensor), a sample
interval time, a transmit interval time, a date and time stamp that
the measured data was transmitted back to a central data collection
sever, a field identifying whether the data was logged locally, as
well as records indicating whether or not the encryption key
handshake and authentication tasks were completed successfully. By
preferably using authentication and encryption at the data
collection server, the master unit and the remote sensors, a secure
system for remotely gathering information is formed.
[0106] In some embodiments, the master unit (or a data collection
server) monitors data received from one or more trusted sensors for
the purposes of determining an alarm condition. As discussed above
in reference to the Alarm component 210 of FIG. 2, the master unit
may receive an indication of a state of alarm from a remote sensor
or a sensor connected directly to the master unit via one or more
of the sensor suite ports 228A to 228K. However, the master unit
may also make a determination of an alarm condition based on data
received from remote sensors. In one embodiment, the data received
from the remote trusted sensors is compared against a range of
acceptable values. The master unit performs a self-diagnosis of the
data received from the one or more trusted sensors in order to
prevent false alarms. One method of performing the self-diagnosis
involves receiving similar data from redundant remote trusted
sensors. In one example, a majority rule is used where an alarm is
issued if a majority of the similar sensors are transmitting data
that is outside of the acceptable levels. If there are 2 redundant
remote sensors, then the majority rule may require that both
sensors measure unacceptable levels. If there are three redundant
sensors, then receiving unacceptable levels from two out of the
three will result in a determination of a state of alarm. In
another embodiment, the self-diagnosis is based on a state of
reliability of the trusted monitor that the data is received from.
If a remote sensor has previously been determined to be unreliable
(e.g., using known methods of determining the integrity of the
received data), then the master unit may require additional data
(e.g., from other sensors or a retransmission of data from the same
sensor) to make the self-diagnosis. Other self-diagnosis techniques
that can indicate a corrupt or unreliable source of information
include various forms of error checking such as cyclic redundancy
checks and/or checksums. Another variation of diagnosis comprises
running through a standardized set of routines or measuring
something of a known value. The measured result is compared to
known values in order to detect errors or to calibrate the device.
It should be noted that the central data collection unit can
perform similar alarm state determinations as those presented here,
involving determining an alarm state of one or more master units
and/or remote sensors. In some embodiments the alarm condition can
have more than two states (other than an alarm state and a
non-alarm state). For example, the alarm state may have several
different levels of risk, such as for example, 3, 4, 5, 6, or more
levels of risk with the severity of the risk condition increasing
with each increase in alarm level. For example, if there are 4
alarm levels, alarm level 1 may be a condition where no received
data lies outside the acceptable ranges (e.g., a no alarm state),
level 2 may be if the received data from one or more sensors is
approaching an unacceptable level, level 3 may be where the
received data has exceeded the acceptable level but only by a small
amount and the level 4 condition may cover when the received data
exceeds the unacceptable level by more than the level 3 amount.
[0107] In some embodiments, a monitoring device (e.g., a master
unit or a central data collection unit) can monitor certain
information from a remote sensor and/or a master unit in an attempt
to identify unauthorized tampering of a trusted device in the
closed monitoring network. One example of a method of determining
tampering of a device involves receiving information from a motion
sensor. If a trusted device is a stationary (or mostly stationary)
device, the a motion sensor can be monitored in order to determine
possible tampering. For a stationary device, any motion above the
noise level of the motion sensor may be used as an indication that
someone or something has attempted to move or at least make contact
with the stationary device. For other devices, a movement outside
of a defined localized or proximal area may be an indication of
tampering.
[0108] Besides motion sensors, other monitored information may be
received and used to perform a self-diagnosis so as to determine
improper tampering of the device from which monitored information
is received. For example, various methods of detecting jamming
signals, or detecting high levels of corruptly received data
packets can be an indication of tampering. Such indications of
tampering can be used to flag normally trusted devices of the
network as untrustworthy. Checksums or CRCs are typically used to
identify whether data has been modified between where it originated
(e.g., at a trusted remote sensor) and where it was received (e.g.,
at a master unit and our a data collection server). Jamming signals
may be detected by the resulting corrupt data (e.g., failures of
CRCs or checksums). Jamming signals may also be detected directly
by measuring the level of RF energy within a certain bandwidth of
frequencies. High levels of RF energy within a certain bandwidth
may be used as an indication that the certain bandwidth is being
selectively jammed. Monitoring a plurality of sensors may add
confidence to the positive (or negative) detection of jamming.
[0109] As discussed above, redundancy of information sources,
processors, power supplies, communication links, memory, and
communication devices of all kinds may add security and robustness
to the information monitored in the monitoring system. Redundant
processors may be monitored and if one is determined to be
corrupted, the second one may serve as a temporary backup until the
corrupt processor is fixed and/or replaced. Redundant sensors may
be used to reduce the risk of false alarm by using a majority rules
method of determining and issuing an alarm state as discussed
above. Redundant power supplies may be utilized to lower the
likelihood of power failure.
[0110] Redundant communication links offer many useful tools for
increasing the security and thus the trustworthiness of the
monitoring system of some embodiments. When more than two choices
exist as candidates for the redundant communication links, the best
choice can be determined in several ways. In one method, battery
strength may be used in choosing which redundant communication
links to use. If the on-board power management component 222 or 322
determines that the battery level of a master unit or remote sensor
is low, the communication link requiring the lower transmit power
may be the better choice. If battery life is not a problem, or an
external power source with indefinite power availability is
present, then the most power demanding communication link may be
the best choice since it may prove more reliable and more secure.
If a battery level is detected to be low, the power management
component may activate a recharge state. Recharging can include use
of an external AC or DC power supply, solar power generation, wind
power generation or any of other power generating techniques known
to those of skill in the art.
[0111] In another method, received signal strength may be used as a
deciding factor in which communication link is used between two
communication devices. The signal to noise ratio (SNR) of received
data may be used as an indicator of a reliable channel. One
artifact of jamming may be a low SNR measurement of received data.
SNR may be used to detect jamming on a communication link. By
monitoring the SNR of all available communication links, the
communication link with the highest SNR may be chosen as a best
link between two communication devices.
[0112] In another method, the urgency of the message and/or the
security level of the information level being sent may be crucial
in deciding which communication link to use. In a situation where
the urgency in a message is important, then the estimated time to
transmit and receive the message may be most important. If time is
more critical then security, then a communication link that
utilizes an encryption and/or authentication scheme that requires
several handshakes may be less desirable than a communication link
that has a simple fast way of establishing a link. Some types of
information may call for higher levels of encryption and the
communication links with the best encryption security may be chosen
first.
[0113] In another method of choosing which of a plurality of
communication links to use, some links may be disqualified from
consideration of various reasons. Repeated failure of data
integrity checks may rule out one or more communication links.
Integrity check failures may be an indication of equipment failure
(e.g., an obstructed antenna), jamming, power failure or other
system failures. Redundant antennas may be employed to overcome
equipment failure such as an obstructed antenna. Feedback of
integrity check results may be used as an indication than one
antenna is not as effective as another and the ineffective antenna
may not be used until the effectiveness returns.
[0114] Redundant communication links need not be utilized
simultaneously, although this is one option. Robust communications
between two or more devices can be accomplished using a single
communication link. Robust communications can be more likely if all
data packets are encrypted and authenticated (e.g., signed with a
digital signature). The likelihood of losing data can be reduced if
large internal memory storage is provided for all communication
devices. Redundant memory also reduces likelihood of loss of
information due to storage device failure. Frequent handshakes
between devices, for example frequent data receipt acknowledgements
(Acks) can be used to verify receipt of data. Other methods of
providing robust communication links will be apparent to those of
skill in the art.
[0115] In a situation where a single active channel is being used
to communicate between any two devices in the system, there is a
chance that communications may be interrupted. In some embodiments
that utilize a master/slave hierarchy, the master unit may revert
to the beginning of the task being performed when communication was
interrupted and restart the task. In some embodiments, both devices
may keep a log of actions taken (for example, see the master unit
task assignment script shown in FIG. 8) and communication may be
reestablished at the last uncompleted task in the list.
[0116] Besides reducing the likelihood of a false alarm due to a
failure of a single device, multiple remote sensors spread over a
geographic area offer capabilities that single sensors do not
offer. In some embodiments, redundant sensors can provide an
indication of a location of an event or an object. For example, if
there is a set of remote sensors for detecting radiation sources, a
location of a source of radiation may be pinpointed by
interpolating the strengths of the radiation measurements of each
sensor. A radius of possible locations may be estimated for a given
measurement and estimates from three remote sensors can be used to
triangulate a two dimensional position of the source of the
radiation. Four remote sensors can be used to located an object in
three dimensions. Other examples include temperature sensors used
to locate heat sources, and air quality sensors used to locate
sources of contaminants. Another example uses multiple GPS
receivers to more quickly acquire the number of satellites needed
form establishing a GPS location measurement. The geographic
diversity offered by spreading GPS receivers over an area decreases
the likelihood of all the receivers being blocked (e.g., by
buildings etc.). It should be noted that the remote sensors can be
located in any of the communication devices discussed above
including master units, remote sensors and data collection
servers.
[0117] Another example of utilizing multiple sensors involves a
system for tracking multiple packages or objects in a packaging
system. Each of the packages has at least one sensor measuring at
least one sensed input condition. The input condition may be a
location measurement, an altitude measurement, a temperature,
magnetic field measurement or other measurement. Each of the
packages also has at least one telemetric communicator configured
to provide (e.g., transmit) the sensed input to a coordinating
device. The coordinating device is configured to process the sensed
information. The telemetric communicator is configured to
communicate the sensed information over a first communication link
to the coordinating device. In one embodiment, if the first
communication link is not available (as can be determined by an
integrity check), the telemetric communicator is configured to
transmit the sensed information to another telemetric communicator
contained in another one of the packages. Thus, if one package is
move out of range of the coordinating device, it may still
communicate to the coordinating device via an ad hoc network of one
or more packages. This type of networking can enable the detection
of an object being moved (e.g., being stolen from a warehouse) to
be identified and monitored for tracking purposes.
[0118] Other embodiments provide a system that can track not only
the location of one or more objects, but may also verify that the
proper individual is in possession of the object. These embodiments
include an environmental sensor configured to detect environmental
information about an object. The environmental sensor may detect a
magnetic field, a radio field or some other field associated with
the object. A product identification sensor is configured to
receive information to identify the object. The object may contain
an RFID tag to transmit to the product identification sensor for
identification. There is also a biometric sensor configured to
receive biometric information about an individual. In one aspect
the biometric information is kept on record in a list of
individuals permitted access to the object. The system may also
include a GPS sensor configured to receive GPS location
information. These sensors are all accessible to be monitored by a
trusted electronic device such as, for example, the master control
unit or the data collection server discussed above. The monitoring
device can perform a diagnosis of the sensed information to assess
whether the object being monitored is in danger of being moved and
or tampered with by someone other than the permitted
individuals.
[0119] The sensors in the examples discussed above do not need to
be attached to the objects that they are tracking in all
situations. FIG. 9 shows an example of a housing of a data
collection unit. The data collection unit 900 may be a data
collection server, a master unit or a remote sensor. The unit 900
in FIG. 9 contains an antenna 905 and an LED display 910. The data
collection unit 900 also contains two air sampling tubes 915. The
underside of the housing contains at least two pressure or
proximity activated anti-tamper switches 920, a fastener 925 to
lock to the mounting base and a bus connector 930 to attach to an
optional external power supply, keyboard, display device or similar
peripheral. Preferably, the housing of the unit 900 is of Tempest
construction and shielded to resist external measurement devices
from gaining access to magnetic and or electric emissions.
[0120] FIG. 10 depicts an example of placement of a data collection
unit within a shipping container. The data collection unit 900 is
mounted to a mounting base 1025. The mounting base 1025 may include
one or more external power connections 1020, and be attached to the
container 1000 so as to be difficult to remove. The container 1000
preferably includes multiple antenna 1015 (external and/or
internal), where the container in FIG. 10 includes three external
antenna. The multiple antenna can provide directional diversity for
transmission and reception of signals in case one or more antenna
are obstructed. The container 1000 can also comprise multiple
internal sensors such as a passage control sensor 1005. The passage
control sensor 1005 can permit individuals or objects with proper
identification devices (biometrics, smart cards, RFID cards etc.)
to enter the container 1000 or an area 1030 within the container. A
door sensor 1010 may also indicate whether a door of the area 1030
within the container has been opened. Other sensors, not shown in
FIG. 10, may include sensors for detecting the presence of certain
objects within the container 1000. Such sensors may include
ultrasound pattern sensors, radar or x-ray pattern sensors and
others. The data collection unit 900 may use comparison of the
ultrasound, x-ray and/or radar patterns to detect changes in the
content and/or layout of objects in the container. This can allow
for the detection of objects added, moved and/or removed from the
container 1000.
[0121] FIGS. 11A to 11C show other example embodiments of places
for positioning of data collection units. FIG. 11A shows
positioning of the data collection unit 900 within an airliner
1100. FIG. 11B shows positioning of the data collection unit 900
within an automobile 1120. FIG. 11C shows positioning of the data
collection unit 900 within a building 1130. The embodiment in FIG.
11C includes an audio capture device 1132 and a video capture
device 1134 that can be used to monitor audio and video/image data
(e.g., of people entering and/or leaving the building 1130.
[0122] An exemplary use of some of the features of the monitoring
system discussed above will now be described. This example
describes a scenario for monitoring a shipping container. A central
server of the monitoring system is provided information such as
company information, product description and ID numbers (e.g.
manifest), safety disclosures, customs disclosures, financial
disclosures and receiver party information about the various items
in the container.
[0123] The central server may also be provided with biometric data
of authorized personnel permitted to access the container.
Authorized personnel may have a hand-held-device (HHD) that is
configured to communicate with a monitoring system in the
container. Upon approaching the container an authorized person can
scan the container's identifying information with the HHD at which
point an authorization process determines whether to issue an
electronic authorization key. The authorization process may include
the authorized personnel scanning a biometric fingerprint with the
HHD. The HHD can then perform an authentication process based on
the biometric scan. If the authentication process is successful,
the key can be transmitted to the Master Controller located inside
the container.
[0124] The Master Controller (MC) receives the key and compares it
to the most recent Job Assignment Script (JAS) received from the
backend server. If the key codes match, the MC sends a signal to
the solenoid to unlock the door of the container and simultaneously
starts image capture from both the internal and external cameras.
The cameras are remote sensors that the MC is in communication
with. The images are stored to the local disk memory of the MC and
every 100th frame may be relayed to the central server.
[0125] When the authenticated personnel enters the container, he
may install the necessary sensors depending on the contents of the
container. In this example, the personnel installs radiological
sensors, one sensor in each corner of the container and attaches
special ducting connected to the MC to pull air from several
locations. He first scans each sensor device with the HHD, mounts
the sensors securely in place, then transmits the data to the MC
with the HHD. The MC compares the sensor codes to the JAS to verify
authenticity and instructs each sensor to conduct a self-diagnosis
and tamper check.
[0126] At this point the MC performs a complete self-diagnostic
routine of all sensors and systems, then sends the results to the
central server. When the diagnostic tests are completed
successfully, the server will respond to the MC with approval to
reseal the container.
[0127] Upon arrival at the loading dock, an authorized personnel
scans his personal and corporate ID badges on the scanner mounted
on the container door. The codes are passed to the MC and compared
with the values in the JAS. If the key codes match, the MC sends a
signal to the solenoid to unlock the door of the container and
simultaneously starts image capture from both the internal and
external cameras.
[0128] As other personnel come within range of the container,
scanners read each of their personal identity cards and the product
codes in or on the boxes. In the meantime, the cameras are
operating continuously to record all activity in the container. In
this case, the JAS has dictated that all activity be recorded in a
real-time log file and that it be relayed to the central server
every five minutes. If any unauthorized personnel attempts to enter
the container. Motion sensors can detect the presence of a moving
body with no readable ID badge. The MC consults the JAS and finds
that such breaches are to be handled with both a local audible
alarm and a message to the central server.
[0129] Once loading is complete, the supervisor closes the
container doors, scans his ID cards and enters a code confirming
the loading is complete. The message is forwarded to the MC which
then sends a signal to activate the solenoid thus locking the door.
The MC performs an integrity check of all locks and orifice
sensors, takes a baseline sample from all sensors activated as
defined by the JAS. The results are relayed to the central server.
If all data is in conformance, the server issues an authorization
key to the MC which in turn illuminates green LEDs at several
locations around the exterior of the container. At this point, the
container is ready to be transported to the shipping terminal.
[0130] Prior to picking up the container, the trucking company
provides the central server with information including the truck ID
number, the driver ID number, the relevant container ID and the
shipper ID. An electronic authorization key is then transferred to
the driver's HHD. Upon arrival at the Wang facility, the driver
scans his index finger on his HHD, then scans the truck ID tags,
the container ID and the Wang facility ID. The information is
relayed to the MC in the container. The MC compares the information
and keys to those received in the last JAS, and determines if they
are consistent. In this case, the driver was replaced at the last
minute and authorization was not received. The LEDs on the
container turn red and the HHD instructs the driver to contact his
management. His management repeats the registration procedure using
his ID, and the central server issues new instructions to his HHD.
These changes now allow the driver to successfully mount the
container on his truck and remove it from the shipper premises.
[0131] When the container's MC detects movement due to the truck
moving, it starts the transportation section of the JAS. In this
case GPS antenna are scheduled to collect route information and the
full range of environmental sensors are sampling every five minutes
inside the container.
[0132] Both the shipping terminal operator and the ship captain can
perform similar procedures as that of the trucking company above
such that accountability for the container is never in
question.
[0133] Once the ship is underway, the JAS for this particular
container shipment dictates the following tasks: 1) Sample
environmental once every 15 minutes, 2) Capture one image frame
from each camera every five minutes, and 3) Transmit all samples to
server once per hour.
[0134] The first time the MC attempts to communicate with the
server, it detects a weak signal from all its own antenna as the
container is surrounded by other containers. The JAS dictates a
secondary alternative of peer to peer relay with adjacent
containers. The MC for this container authenticates itself with a
neighbor MC and requests relay which in turn does the same until a
container is found with clear access and a strong signal to the
satellite or relay antenna.
[0135] During the voyage to the destination port, the ship
encounters a heavy storm with 30 foot seas. The MC's motion sensors
detect pitching in excess of 30 degrees at 20 second intervals. As
this value is well outside the norm (the acceptable ranges dictated
by the JAS), the MC queries adjacent containers for redundant
motion readings and determines that the reading is not in error nor
is it significantly different than neighboring containers (an
indication that the container is not being stolen). Through the
voyage the cameras and audio sensors can record video and audio to
detect shifting cargo that may result in product damage.
[0136] When the ship arrives in port at Los Angeles, the
accountability procedures outlined above can be repeated for each
handling situation and entity.
[0137] Well before the container arrives, authorized personnel of
the receiving company can logon to the central server to track
developments along the way.
[0138] When the container arrives at the destination dock,
personnel can perform biometric authentication as was done in
previous situations. The authorization information is relayed to
the container's MC where it performs an authorization process to
determine whether to issue an electronic key. The MC may consult
with the server.
[0139] The Master Controller (MC) receives the key and compares it
to the most recent Job Assignment Script (JAS) received from the
backend server. If the key codes match, the MC sends a signal to
the solenoid to unlock the door of the container and simultaneously
starts image capture from both the internal and external cameras.
The images are stored to the local disk memory and every 100th
frame is relayed to the server.
[0140] At the destination unloading dock, personnel come within
range of the container, scanners read each of their personal
identity cards and the product codes in or on the boxes as they are
removed from the container. Cameras operate continuously to record
all activity in the container. In this case, the JAS has dictated
that all activity be recorded in a real-time log file and that it
be relayed to the server every fifteen minutes. This example is
meant to describe the varied monitoring methods that some
embodiments can provide.
[0141] Another exemplary use of some of the features of the
monitoring system discussed above will now be described. This
example describes the use of the technology for monitoring an
office building.
[0142] The monitoring system in this example is used as a sentry
system for the office building. The central server may be provided
with information including company identifying information,
business description and employee ID numbers, safety disclosures,
structural disclosures, financial disclosures and vendor
information.
[0143] A security personnel downloads authorization information to
a handheld device (HHD) then scans his index finger to confirm
identity. The HDD instructs him to retrieve a new device from
SecureTech's inventory with ID nr 98765. The security personnel
scans the box seal then performs a visual integrity inspection and
enters his findings to the HHD. He then transmits the information
to the sentry system Master Controller (MC) which performs an
authorization process with a remote server to determine whether to
issue an electronic key. If successful, the key is transmitted to
the Master Controller along with its first Job Assignment Script
(JAS).
[0144] The Master Controller (MC) receives the key and compares it
to the most recent Job Assignment Script (JAS) received from the
backend server. If the key codes match, the MC sends a signal to
the solenoid to unlock the housing of the MC.
[0145] The security personnel then proceeds to follow instructions
provided by the HDD to perform the following tasks: [0146] 1. Open
the MC housing [0147] 2. Install one modular sensor controller
inside the MC to detect proprietary equipment tags. [0148] 3.
Connect the MC to pre-existing devices in the building: [0149] a.
ID card readers [0150] b. Proprietary tag reader--sensor heads
[0151] c. Cameras [0152] d. Door sensors [0153] e. Elevator
activity sensors [0154] f. Wide-area microphones [0155] g. Portable
x-ray bag scanner [0156] h. Air-ducting from all entry passages to
the MC input portal.
[0157] Prior to mounting or connecting the MC, the security
personnel scans each device with the HHD, mounts them securely in
place, then transmit the data to the MC. The MC compares the sensor
codes to the JAS to verify authenticity and instructs each sensor
to conduct a self-diagnosis and tamper check.
[0158] Once installation of the remote sensors and the Sentry box
has been completed, the MC performs a complete diagnostic routine
of all sensors and systems, then sends the results to the remote
server over both a wired and wireless link (redundant communication
links). If all is in order, the server will respond with an
activation key and issue a new JAS to the MC.
[0159] In one example scenario, exterior cameras detect a
middle-aged man just outside the door for prolonged periods of time
on three days in the same week. On Tuesday of the following week,
the main exterior camera focused on the entrance became occluded
(11:22:28). Upon detection, the MC referenced the backup measures
specified in the JAS and immediately acted to reposition internal
camera 4 in the lobby to point in the direction of the main
entrance. Two minutes later (11:24:21), a heavily disguised person
entered the lobby with a large suitcase. Since these two events
fall outside the normal operating ranges for these two measurements
as defined in the most recent JAS, the data is immediately relayed
to the central server via both wired and wireless connections.
[0160] Such a message is accomplished using the following process
steps. [0161] 1. The MC conducts a self-diagnosis of all critical
components and stores the results; [0162] 2. Outbound data is
assembled into a list of files and compressed to one package.
[0163] a. Camera frames are synchronized with corresponding
date/time [0164] b. Camera frames are linked to Lat/Long of
building as well as position of the anomaly within a pre-defined
grid for the space in question. [0165] 3. The JAS is consulted for
the current encryption parameters and the above package is
encrypted accordingly. [0166] 4. The message is digitally signed
using the remote server's key [0167] 5. Identical copies of the
package are sent via a wired and cell connection. [0168] 6. The MC
waits for notice of successful receipt from the remote server.
[0169] Several minutes later, the MC detects abnormally high
electromagnetic interference. As a result, the ID badge scanner
malfunctions and permits an unauthorized person to slip into the
main lobby. Already on heightened alert, the MC forwards the event
immediately to the server and receives an instant response to shut
down elevator operation and lock all exterior doors. All security
personnel are alerted to the breach and the intruder is captured.
This example is meant only to describe the varied monitoring
methods that some embodiments can provide.
[0170] Additional innovative embodiments are contemplated.
[0171] In one innovative aspect a surveillance system is provided.
The system includes a plurality of sensors configured to provide
environmental and or spatial data. The system also includes an
electronic device configured to receive the sampled environmental
and or spatial data from the sensors. The electronic device is
further configured to receive monitoring instructions, and to use
the received monitoring instructions to process the received
environmental and/or spatial data.
[0172] In some implementations, the system also includes a remote
device configured to provide the monitoring instructions to the
electronic device. The electronic device may be configured to
authenticate the remote device prior to using the monitoring
instructions to process the received environmental and/or spatial
data. One or more of the sensors included in the system may be
enclosed within a tamper and eavesdrop proof enclosure. In some
implementations, the monitoring instructions may be contained in a
script message. Them received monitoring instructions may be
encrypted. In such implementations, the electronic device is
further configured to decrypt encrypted monitoring instructions. It
may be desirable for the electronic device to be further configured
to compare at least a portion of the received sensor data to a
range of acceptable values and to transmit the data to the remote
device. The electronic device may be configured to conduct a
self-diagnosis prior to transmitting the data to the remote
device.
[0173] In another innovative aspect a monitoring system is
provided. The monitoring system includes a plurality of sensors
configured to sense information. The monitoring system also
includes an electronic device configured to receive data from the
sensors. The electronic device is configured to determine an alarm
condition based upon the received data. The electronic device is
configured to compare the received data to a range of acceptable
values and conduct a self-diagnosis prior to transmitting the alarm
condition to a remote device.
[0174] In some implementations the electronic device is configured
to transmit the alarm condition to the remote device over a
plurality of communication links. The plurality of communication
links may include at least two or more of a code division multiple
access system, a frequency division multiple access system, and
orthogonal frequency division multiple access system, a time
division multiple access system, a terrestrial trunked radio
system, and a wideband code division multiple access system. The
received data may include redundant data from two or more of the
sensors. The electronic device may be configured to conduct the
self-diagnosis based on a majority rule of the redundant data from
the two or more sensors. The electronic device may also be
configured to conduct the self-diagnosis by performing an integrity
check of the received data. The electronic device may be further
configured to determine the alarm condition to be in a state of
alarm if the received data lies outside the range of this
acceptable values and the self-diagnosis shows no failure
conditions.
[0175] In yet another innovative aspect, a monitoring system is
provided. The monitoring system includes a plurality of sensors
configured to sense information. The monitoring system further
includes an electronic device configured to receive data from the
sensors. The electronic device is configured to determine an alarm
condition based upon the received data. The electronic device is
further configured to determine a state of reliability of the
sensor that the data is received from. The electronic device is
further configured to conduct a self-diagnosis based on the
determine state of reliability prior to transmitting the alarm
condition to a remote device.
[0176] In some implementations, the electronic device is configured
to transmit the alarm condition to the remote device over a
plurality of communication links. The electronic device may be
configured to determine the state of reliability based on a
checksum. The self-diagnosis may comprise the electronic device
requesting a first sensor to retransmit the sensed information if
the data from the first sensor is determined to be unreliable. The
self-diagnosis may comprise the electronic device requesting a
second sensor to retransmit redundant data if the data from a first
sensor is determined to be unreliable where the redundant data is
requested from substantially the same type of sensor and location.
In some implementations the electronic device is further configured
to compare the received data to a range of acceptable values. The
electronic device may be configured to determine the alarm
condition to be in a state of alarm if the data received from a
first sensor lies outside the range of acceptable values and the
self-diagnosis shows the first sensor to be reliable. In some
implementations the alarm condition may include three or more
levels of alarm.
[0177] In a further innovative aspect, another monitoring system is
provided the monitoring system includes a plurality of
communication devices that are authorized to communicate in the
monitoring system. The system includes a plurality of sensors
authorized and configured to communicate in the monitoring system.
The monitoring system also includes an electronic device authorized
to communicate in the monitoring system. Electronic device is
further configured to receive data in a secure manner from the
sensors when a task authorization message is received and
authenticated as having been transmitted from a remote master
device authorized to communicate in the monitoring system. The task
authorization message includes information identifying at least the
sensor from which to receive the data. The electronic device is
configured to authenticate and encrypt the received data prior to
transmitting the received data to the remote master device.
[0178] In some implementations the electronic device may be
configured to activate from a sleep mode upon receiving the task
authorization message. In some implementations electronic device
may be configured to transmit the received data in a secure manner
to the remote master device. The sensors may be configured to
broadcast a sensor identification number. The task authorization
information identifying the sensor may include at least a portion
of the broadcast sensor identification number.
[0179] A further monitoring system is provided in yet another
innovative aspect. The system includes a plurality of communication
devices configured to communicate in a secure manner in the system.
The system includes a plurality of non-system sensors configured to
sense information. The non-system sensors are not authorized to
communicate securely in the monitoring system. The system further
includes an electronic device authorized to communicate in the
monitoring system. The electronic device is further configured to
receive data from the non-system sensors when a task authorization
message is received and authenticated as having been transmitted
from a remote master device authorized to communicate in the
monitoring system. The task authorization message includes
information identifying at least the non-system sensor from which
to receive the data. Electronic device is configured to
authenticate and encrypt the received data prior to transmitting
the received data to the remote master device.
[0180] In some implementations electronic device is further
configured to be activated from a sleep mode upon receiving the
task authorization message. The electronic device may be configured
to transmit the received data in a secure manner to the remote
master device. The non-system sensors may be configured to
broadcast a sensor identification number wherein the task
authorization information identifying the non-system sensor
includes at least a portion of the broadcast sensor identification
number. It may be desirable for the electronic device to be
configured to encode context information into a message containing
the received data. The electronic device may be configured to
transmit the received data message in a secure manner to the remote
master device wherein the context information includes data
identifying a time and a location from which the data was
received.
[0181] In a still further innovative aspect, a monitoring system is
provided the monitoring system includes a plurality of
communication devices authorized to communicate in the monitoring
system. The system further includes a plurality of sensors
configured to sense information. The sensors are authorized in
configured to communicate in the monitoring system. The sensors are
further configured to be in a sleep mode until activated by a task
authorization message received from a master device authorized to
communicate in the monitoring system. The system further includes
an electronic master device authorized to communicate in the
monitoring system and configured to transmit a task authorization
message to the sensors. The task authorization message includes
information identifying at least the sensor from which to receive
sensed information. The sensors are configured to encode a digital
signature and encrypt the sensed information prior to transmitting
the sensed information to the electronic master device.
[0182] In some implementations the electronic device is further
configured to be activated from a sleep mode upon relieving a
second task authorization message from a remote master device
authorized to communicate in the system. Electronic device may be
further configured to transmit the received information in a secure
manner to the remote master device. In some implementations the
sensors are configured to intermittently broadcast a sensor
identification number while in the sleep mode. In such
implementations, the task authorization information identifying the
sensor may include at least a portion of the broadcast sensor
identification number.
[0183] In yet another innovative aspect, a monitoring system
including a plurality of communication devices that are authorized
to communicate in the monitoring system is provided. The system
includes a plurality of sensors. The system further includes an
electronic device authorized to communicate in the monitoring
system. The electronic device is further configured to receive data
from the sensors when a task authorization message is received and
authenticated as having been transmitted from a remote master
device authorized to communicate in the system. The task
authorization message includes information identifying at least the
sensor from which to receive the data. Electronic device is
configured to authenticate and encrypt the received data prior to
transmitting the received data to the remote master device via a
first communication path. The electronic device is further
configured to confirm receipt of the transmitted data by the remote
master device.
[0184] In some implementations electronic device may transmit the
received data to remote master device via a second communication
pathway if the electronic device does not confirm receipt of the
data by the remote master device. The first comedic occasion
pathway may include a satellite network in the second communication
pathway may include a local wireless work. In some implementations
the first communication pathway may include a local wireless
network in the second communication pathway may include a satellite
network.
[0185] In a further innovative aspect, a monitoring system is
provided. The monitoring system includes an environmental sensor
configured to detect environmental information associated with an
object. The system includes an identification sensor configured to
identify the object. The system includes a timing device configured
to provide time information including a time of day and the date.
The system further includes a location sensor configured to receive
location information. The system also includes an electronic device
configured to receive data from the environmental sensor, the
identification sensor, the timing device, and the location sensor.
The electronic device is further configured to transmit the
received data such that the timing information, object
identification information, location information, and the
environmental information can be linked together. The linked data
may be transmitted to a remote device in a secure manner.
[0186] In some implementations the object is a person any
identification sensor is a biometric sensor configured to receive
biometric information of the person. The identification sensor may
be a camera configured to capture images of the object. The object
may be located in a room. The location sensor may include a GPS
sensor. The timing device may be configured to receive a system
time. The environmental sensor may be implemented as a chemical
detector, radiological detector, or the like.
[0187] In a further innovative aspect, a shipping container
monitoring system is provided. The system includes a plurality of
sensors configured to detect environmental information about an
area inside or outside the container. The system includes a timing
device configured to provide time information including a time of
day. The system includes a location sensor configured to receive
location information. The system further includes an electronic
device configured to receive data from the plurality of sensors,
the timing device, and the location sensor. The electronic device
is configured to transmit the received data such that the timing
information, the location information, and the environmental
information are synchronized. The synchronized data is encrypted
and transmitted to a remote device in a secure manner.
[0188] The plurality of sensors may include an image capture device
configured to capture images of the inside of the container. The
plurality of sensors may include an image capture device configured
to capture images of the container. The location sensor may include
a GPS sensor. The timing device may be configured to receive a
system time. In some implementations, the system may include a
plurality of antenna wherein the electronic device is further
configured to transmit the synchronize data via one of the antenna.
In some implementations, the plurality of sensors are configured to
be in a sleep state until a task authorization message is received
and authenticated as having been transmitted from the remote
device. The system may include a bus comprising a plurality of
connectors. The plurality of sensors may be configured to plug into
the connectors of the bus and to communicate with the electronic
device with a communications protocol.
[0189] A portable monitoring system is described in a further
innovative aspect. The system includes a tempest constructed
housing to provide shielding for enclosed devices. The housing
encloses an environmental sensor configured to detect environmental
information. The housing encloses a timing device configured to
provide time information including a time of day and a date. The
housing encloses a location sensor configured to receive location
information. The housing encloses a processor configured to receive
data from the environmental sensor, the timing device, and the
location sensor. The electronic device is configured to transmit
the received data such that the timing information, object
identification information, the location information, and the
environmental information are synchronized. The synchronize data is
transmitted to a remote device in a secure manner.
[0190] In some implementations at least one of the sensors includes
an image capture device configured to capture image data. At least
one of the sensors may include an audio capture device configured
to capture audio information. The location sensor may include a GPS
sensor. The timing device may be configured to receive a system
time. The system may include a plurality of antenna at least one of
which may be used by the electronic device to transmit the
synchronize data.
[0191] The system may include a plurality of additional sensors.
The system may also include a remote device configured to transmit
secure instructions. The system may further include an electronic
device configured to receive data from the sensors. The electronic
device may be configured to receive the secure instructions from
the remote device. The secure instructions may direct the
electronic device to receive data from one or more of the sensors.
In some implementations, the electronic device may be configured to
authenticate the received secure instructions.
[0192] In a further innovative aspect, another system is provided.
The system includes a plurality of sensors. The system includes a
remote device configured to transmit encrypted monitoring
instructions. The system further includes an electronic device
configured to receive data from the sensors. The electronic device
is further configured to receive and decrypt the monitoring
instructions from the remote device via a network. The monitoring
instructions include a monitoring schedule for one or more of the
plurality of sensors. The electronic device is configured to
receive data from the sensors in accordance with the received
monitoring schedule.
[0193] In some implementations the monitoring schedule defines the
frequency that at least one of the sensors will transmit data to
the electronic device. The monitoring schedule may define a
sampling frequency for at least one of the sensors. The monitoring
instructions and also define a plurality of alarm conditions. The
electronic device may be configured to authenticate the received
monitoring instructions.
[0194] And yet another innovative aspect, yet another system is
provided. The system includes a plurality of sensors. The system
includes a remote device configured to transmit encrypted
monitoring instructions. The encrypted monitoring instructions may
include a tolerance range for at least one of the sensors. The
system further includes an electronic device configured to receive
sensor data from the sensors. The electronic device is further
configured to receive, authenticate, and decrypt the encrypted
monitoring instructions from the remote device. The electronic
device is further configured to compare the sensor data to the
received tolerance range.
[0195] A further system is provided in yet another innovative
aspect. The system includes a plurality of sensors. The system
includes a remote device configured to transmit encrypted
monitoring instructions. Encrypted monitoring instructions identify
one or more of the plurality of sensors, sensing schedule, and one
or more alarm thresholds. The system also includes an electronic
device configured to receive sensor data from the sensors in
accordance with the sensing schedule. The electronic device is also
configured to receive and decrypt the monitoring instructions. The
electronic device is further configured to identify alarm
conditions based on the identified alarm thresholds and sent data
from the sensors.
[0196] While the above detailed description has shown, described,
and pointed out novel features of the invention as applied to
various embodiments, it will be understood that various omissions,
substitutions, and changes in the form and details of the device or
process illustrated may be made by those skilled in the art without
departing from the spirit of the invention. As will be recognized,
the present invention may be embodied within a form that does not
provide all of the features and benefits set forth herein, as some
features may be used or practiced separately from others.
* * * * *