TREA

WIRELESS RESET MECHANISM FOR MACHINE-TO-MACHINE DEVICE

Follow

Information

  • Patent Application
  • 20200073452
  • Publication Number
    20200073452
  • Date Filed
    April 05, 2017
    7 years ago
  • Date Published
    March 05, 2020
    4 years ago
Information
Abstract
A wireless communications device (100) comprising a machine-to-machine radio device (110) including a radio transceiver (111) configured to communicate with a network (1), and a control unit (113) connected to control the transceiver; a boot system (120) for the machine-to-machine radio device; and a reset mechanism (130) including a reset signal transceiver (131), and a reset controller (132) connected to the reset signal transceiver and connected to the boot system to request reboot of the machine-to-machine radio device responsive to a received reset signal.
Description
TECHNICAL FIELD

This disclosure relates to low complexity wireless radio devices configured for machine-to-machine communication, e.g. in the context of Internet of things. In particular, solutions are provided for improved management of such radio devices, to be able to handle situations of interoperability of the radio device.


BACKGROUND

Wireless network service providers, also referred to as mobile network operators, have been enjoying extensive growth in network user population and subscriptions. The majority of user equipment (“UE”) operating on mobile networks are mobile devices such as mobile phones, tablets, portable computers and the like. Mobile network operators manage cellular networks for providing communication coverage to their subscribers or customers, such as under the Third Generation Partnership Project (“3GPP”) networks commonly referred to as e.g. 3G (such as UMTS) or 4G (such as LTE). In addition to cellular networks, also non-cellular local area networks are frequently operated, such as under the Wireless LAN standard IEEE 802.11 commonly referred to as wifi.


One area of implementation of radio communication relates to machine-to-machine communication (M2M), which typically differs from customary use of radio communication in that no user need to be in active control for setting up or carrying out the communication. A device strictly configured for M2M need as such not even incorporate a user interface, such as a display, keypad, microphone or speaker. M2M communication has, as such, been used extensively already since the introduction of GSM. Various players on the market have also implemented different proprietary systems with Low-Power Wide-Area Networks such as LoRa®, RPMA, and SIGFOX. Recently, however, dedicated technical standards have been developed which are suitable for the purpose of M2M communication. This includes e.g. MTC (Machine Type Communication), for which service requirements have been outlined in 3GPP technical specification 22.368, and is further described in various associated specifications. MTC provides e.g. extended Discontinuous Reception (DRX), with longer sleep cycles optimized for delay-tolerant, device-terminated applications.


Another commitment within 3GPP relates to Narrow-band Internet of Things (NB-IOT). In 2016 3GPP completed the standardization of NB-IoT, the new narrowband radio technology developed for the Internet-of-Things, by accepting a wide number of specification changes implementing the feature of NB-IoT Release 13 (LTE Advanced Pro).


The types of communication systems referred to above are different examples of M2M network solutions, which may be implemented for communication with wireless radio devices. It is believed that the number of wireless devices operating various forms of IoT communication in general, and NB-IoT in particular, will increase rapidly in the near future. Each wireless M2M device may be configured to consume very little power, and may use a built-in battery that may last for months or years without having to be charged or replaced. Such devices may e.g. be used for simple monitoring of sensors and reporting of measurement data from such sensors, such as for electricity gauges, photo sensors, thermometers etc.


A potential problem with operation of low-complexity M2M devices is related to its particular character, namely that it need not have a user interface, or may be provided in a place where it cannot be readily accessed for direct physical access and interaction.


SUMMARY

Solutions are provided herein related to configuration and implementation of wireless communications devices operating with M2M communication, and a method for managing such wireless devices. The invention providing these solution is defined by the claims.


According to an aspect, a wireless communications device comprising

    • a machine-to-machine radio device includes
      • a radio transceiver configured to communicate with a network, and
      • a control unit connected to control the transceiver;
    • a boot system for the machine-to-machine radio device; and
    • a reset mechanism including
      • a reset signal transceiver, and
      • a reset controller connected to the reset signal transceiver and connected to the boot system to request reboot of the machine-to-machine radio device responsive to a received reset signal.


In one embodiment, the boot system comprises

    • a boot ROM connected to the control unit, and
    • a non-volatile memory storing one or more boot flags, connected to the boot ROM.


In one embodiment, the reset controller is configured to write one or more boot flags in the non-volatile memory dependent on a received reset signal.


In one embodiment, the reset mechanism includes

    • a storage device storing instructions that are executable by the reset controller to retrieve control data from a received reset signal, and
    • write one or more boot flags in the non-volatile memory dependent on the retrieved control data.


In one embodiment, the wireless communications device comprises a non-removable battery.


In one embodiment, the reset signal transceiver is configured to detect a reset signal from a wireless charging signal.


In one embodiment, the reset mechanism comprises

    • a reset key storage connected to the reset controller, configured to hold a reset key;
    • wherein the reset controller is configured to
    • execute validation of data included in a received reset signal using said reset key, and
    • request reboot of the control unit responsive to successful validation.


In one embodiment, the wireless communications device comprises a device key storage connected to the control unit configured to hold a device key which is shared between the wireless communications device and an authentication server;

    • wherein the reset key is a cryptographic key generated in dependence of the device key. As an alternative to a shared key, an embodiment may employ a private and public key pair, wherein the wireless communications device comprises a device key storage connected to the control unit configured to hold the public key of the authentication server's private key, so as to be able to validate a signed reset request.


In one embodiment, the reset signal transceiver is separate from the radio transceiver.


In one embodiment, the machine-to-machine radio device is configured to communicate with a cellular network.


In accordance with a second aspect, a system is provided for distribution of goods, comprising

    • a plurality of returnable carriers, wherein each carrier includes a wireless communications device according to any of the embodiments described above;
    • a monitoring system including a network device configured to receive data from the machine-to-machine radio device through the network; and
    • a return station including a control device comprising a user agent configured to communicate with the reset signal transceiver.


In one embodiment, the return station comprises a carrier washing station.


In accordance with a third aspect, a carrier for distribution of goods is provided,

    • which may be suitable for use in said system, comprising
    • a carrier member; and
    • a wireless communications device according to any of the embodiments described above, connected to the carrier member.


In one embodiment, the wireless communications device is molded into the carrier member.


In one embodiment, the wireless communications device is encapsulated in a waterproof casing,


In accordance with a fourth aspect, a method is provided for resetting a wireless communications device comprising a machine-to-machine radio device for communicating with a remote network and a boot system connected to the machine-to-machine radio device, the method comprising the steps of receiving a reset signal from a user agent in a reset signal transceiver; and executing reboot of the machine-to-machine radio device by means of a reset controller, responsive to the received reset signal.


In one embodiment, the step of executing reboot includes

    • writing one or more boot flags in the boot system in dependence of the reset signal by means of the reset controller;
    • providing a reboot request to a boot ROM of the boot system by means of the reset controller; and
    • rebooting the machine-to-machine radio device by means of the boot ROM in accordance with the boot flags.


In one embodiment, the step of writing one or more boot flags in the boot system comprises

    • retrieving control data from the received reset signal, and
    • writing one or more boot flags dependent on the retrieved control data.


In one embodiment, in response to receiving a reset signal, the method comprises the steps of

    • transmitting a request signature to the user agent by means of the reset controller, which request signature is created based on a stored reset key;
    • receiving
      • i) an acknowledgment indicating that the request signature is validated with an access token of the user agent, and
      • ii) a response signature created based on the request signature;
    • validating the response signature;
    • wherein the step of executing reboot of the machine-to-machine radio device is carried out responsive to successful validation of the response signature.


In one embodiment, the method comprises the steps of

    • accessing a device key from the machine-to-machine radio device, which device key is shared by an authentication server;
    • generating a reset key based on the device key and a reset key ID.





BRIEF DESCRIPTION OF THE DRAWINGS

Various embodiments of the invention will be described in detail below with reference made to the appended drawings, in which:



FIG. 1 schematically illustrates wireless devices in a radio communications network;



FIG. 2 schematically illustrates an embodiment of a wireless communications device according to an embodiment, suitable for operating in a system of FIG. 1;



FIG. 3 illustrates an embodiment of a flow chart of steps and operations carried out within and between entities system including a wireless communications device; and



FIG. 4 illustrates an example of an embodiment of a logistics system operating with wireless communications devices.





DESCRIPTION OF EMBODIMENTS

The invention and the embodiments described herein are related to M2M communication. In the following, the detailed description outlines example embodiments of the present invention in relation to broadband wireless wide area networks, but it may be noted that the invention is not limited thereto and can be applied to other types of wireless networks where similar advantages can be obtained. Such networks specifically include wireless local area networks (WLANs), wireless personal area networks and/or wireless metropolitan area networks. Furthermore, the description will at various places make reference to IoT, and an example of a radio system for operating embodiments of the invention may be NB-IoT. However, it shall be understood that the invention is as such not limited to such a system, and may e.g. alternatively make use of MTC under LTE, but the invention is applicable also to other types of radio systems where scheduling may be required to avoid collision of co-existing radio protocols, and may also include coming systems such as discussed under the concept of NR (New Radio).



FIG. 1 illustrates, on a schematic level, a radio communications system in which an embodiment of the invention may be realized. The radio communications system may include a core network 1, which in turn may be connected to other networks 20 including the Internet. For the purpose of providing wireless radio communication, the system may include radio base stations 10, 11, which may be connected to the core network 1. In one embodiment, the base station 10 may provide radio access within a dedicated area, within which radio devices 100, 200 configured to operate in the radio communications system may be connected to the base station 10. The radio communications system may be cellular, and is mainly referred to herein in the example of LTE or New Radio, and the base station 10 may be an eNB. Alternative embodiments may be or include non-cellular, though, such as WLAN, where the radio base station 10 may be an access point.


In various embodiments, devices 100, 200 may communicate with each other or with other devices 50, through or at least under the control of the radio base station 10. In a direct communication D2D, resources may be scheduled or otherwise controlled by the base station 10, whereas communication may be carried out directly between adjacent devices 100, 200 over radio. In another embodiment, communication between devices 100, 200 will, even when they are close enough to detect each other, normally be carried out through the base station 10.



FIG. 2 discloses a block diagram of certain elements forming part of a wireless communications device 100 comprising an M2M radio device 110, also referred to as radio device herein for short. The wireless communications device 100 may take several different forms and incorporate different functions. In accordance with the embodiments presented herein, the wireless communications terminal comprises, in addition to the radio device 110, also a boot system 120 for the radio device, and a reset mechanism 130 connected to the boot system for requesting reboot of the radio device, as will be described. It will be clear to the skilled reader that different functional elements described as related to the radio device 110, the boot system 120 and the reset mechanism 130 may share physical features, such as processor power, memory storage and power supply, unless otherwise specified. The elements of FIG. 2 shall therefore primarily be understood as functional. Both the boot system 120 and the reset mechanism 130 are preferably contained in a more reliable configuration than the radio device 110, in terms of software code protection.


The radio device 110 may comprise a control unit 113 including one or more processors 114. A data storage device 155 including a computer readable storage medium is further included, storing programming for execution by processors of the controller 113. Additional software programs or code may reside in other entities, accessible as cloud-based through the core network 1. The radio device 110 further comprises a radio transceiver 111, which in turn is connected to an antenna 112. A power supply 102 may supply power where required in the wireless communications device 100. Preferably, the power supply is provided in the shape of a non-removable battery 102.


As will be readily understood by the skilled reader, the radio device 110 may comprise a number of other features and functions, such as sensors or sensor interfaces 116, 117, 118. The radio device is an M2M device and may thereby be configured to communicate with a network 1 by radio, e.g. as an NB-IoT device, by means of the radio transceiver 111. The radio device 110 is preferably configured to communicate at low data rate and/or with long cycles of inactivity between transmissions. The actual characteristics of radio communication are not the within the scope of this disclosure, and are thus not discussed in any further detail. However, the character of wireless communications device 100 is preferably that of low complexity and cost, and small size, such that it may be suitably incorporated in various structures and provided in large volumes.


The boot system 120 of the wireless communications device 110 preferably comprises a boot ROM 121, which is communicatively connected to the control unit 113 of the radio device 110. A non-volatile memory 122 is further included, and accessible to the boot ROM 121. The non-volatile memory 122 is configured to store one or more boot flags, which are usable by the boot ROM 121 for rebooting the radio device 110. The boot system may be selectably operated to reboot the radio device when required. This may e.g. be initiated by means of Firmware upgrade Over The Air (FOTA), using radio transceiver 111 to receive re-boot instructions and or boot flags.


If the radio device 110 is non-operative due to some malfunction, the option of initiating reset over radio is not open. If there are no accessible user interface, the battery is non-removable, and the radio interfaces are dead, the problem is how to make the device 110 reset. For this purpose, the reset mechanism 130 includes a reset signal transceiver 131, and a reset controller 132 connected to the reset signal transceiver 131 and connected to the boot system 120 to request reboot of the radio device 110 responsive to a received reset signal. This way a reset mechanism 130 is provided that allows resetting a radio device 110 regardless of the device software state.


The basic idea is to include a reliable subsystem, including the reset mechanism 130 and the boot system 120, which is independent of the normal, and unreliable, device functions of the radio device 110. This subsystem can be triggered from the outside and takes care of resetting the system in the desired way.


In the reset mechanism 130, the controller 132 may include a processor and memory storage containing software code for execution by the processor. In operation, this may realize logic to accept an external signal 134 received by the reset signal transceiver 131, and to trigger a device reset procedure based on that signal 134. The external signal 134 is preferably sent over a wireless interface which preferably also is reliable, in the sense that it shall be separate and independent of the unreliable radio device 110, which is the target of the reset procedure. The reset signal transceiver 131 may thus include or be connected to a radio antenna.


In one embodiment, the wireless data link 134 may be part of a wireless charging subsystem, e.g. according to Qi or A4WP. In a variant, the reset signal transceiver may be configured to operate over a RFID interface. In one embodiment, the wireless link 134 may involve Near Field Communication (NFC) signals. In another embodiment, a Bluetooth Low Energy (BLE) interface may be employed for the wireless link 134.


In its simplest form, the reset signal transceiver 131 may be configured only as a receiver. In another embodiment, it may also operate as a transmitter, as will be outlined for various embodiments below. The reset signal transceiver 131 may nevertheless be configured to communicate with a user agent 30, comprising a signal transceiver and a control member for controlling communication with the reset signal transceiver 131 over the de wireless link 134 in question. The user agent is thereby configured to transfer a reset signal to the reset mechanism 130 of the wireless communications device 100.


The reset controller 132 is preferably configured to write one or more boot flags in the non-volatile memory 122 of the boot system 120 dependent on a received reset signal 134. Reset signals may be received with control data that may be written directly to the non-volatile memory 122. In one embodiment, the reset mechanism is configured to receive reset signals 134 that include control data that need to be decoded or even decrypted before being able to write boot flags to the non-volatile memory 122. In one such embodiment, the reset mechanism 130 may include a storage device 133 storing instructions that are executable by the reset controller to 132 retrieve control data from a received reset signal 134, and to write one or more boot flags in the non-volatile memory 122 dependent on the retrieved control data. This increases the protection against tampering.


The non-volatile memory 122 is configured to store one or more boot flags, which are usable by the boot ROM 121. This represents memory whose state survives power loss, e.g. at reboot.


The boot ROM 121 contains logic to shut down and restart the system of the radio device 110. The boot ROM is controlled by the state of the boot flags. Depending on the state of the boot flags, the boot ROM will reset various parts of the system state. Some different examples of reset state for the radio device 110 include:


Restart—erase a system volatile memory (RAM);


Hardware Reset—reset non-volatile hardware driver state;


Factory Reset—reset all non-volatile memory to factory defaults;


FOTA roll-back—reset all non-volatile memory to a state saved before the latest FOTA upgrade.


Components of the reset mechanism 130 and the boot system 120 may be configured by means of discrete electrical components, or as functions implemented on the same silicon die as the radio device 110.



FIG. 3 schematically illustrates various steps carried out in different embodiments, within or between the various elements as exemplified in FIGS. 1 and 2. The wireless communications device 100 is illustrated to the left, with its included main portions; the radio device 110, the boot system 120 and the reset mechanism 130. The drawing further implements the user agent 30, and an authentication server 40, involved in various embodiments as described below. In normal operation, the radio device 110 is operated to communicate with a remote control or monitoring device 50 (not shown in this drawing) by means of radio communication, preferably over a cellular system 1. As such, the radio device 110 may be an IoT device. Such communication is not the focus of this disclosure, though.


With reference to FIG. 3, a method is in one embodiment provided for resetting a wireless communications device 100, comprising a machine-to-machine radio device 110 configured for communicating with a remote network 1. The wireless communications device 100 further comprises a boot system 120 connected to the radio device 110. The method may be implemented by means of a reset mechanism operating by receiving a reset signal 310 from a user agent in a reset signal transceiver; and executing reboot 335, 340, 345 of the radio device by means of a reset controller, responsive to the received reset signal. The reset signal is received over a dedicated wireless interface 134 to the reset mechanism 130, and several types of reset are available as outlined. The signal 134 indicates which type is requested, directly or indirectly.


In a preferred embodiment, the step of executing reboot includes

    • writing 335 one or more boot flags in the boot system in dependence of the reset signal by means of the reset controller;
    • providing 340 a reboot request to a boot ROM of the boot system by means of the reset controller; and
    • rebooting 345 the radio device by means of the boot ROM in accordance with the boot flags. In this process, only the controlling of the reboot from the boot ROM involves the comparatively unreliable portion provided by the radio device 110, whereas all the control steps of the reset are handled in the reliable parts of the reset mechanism 130 and the boot system 120.


The step of writing one or more boot flags in the boot system may comprise the step of retrieving control data from the received reset signal, and writing one or more boot flags dependent on the retrieved control data. As mentioned, the control data from the reset signal 134 may require decoding, decrypting or at least mapping, using data stored in a memory storage 133 of the reset mechanism, so as to determine which boot flags to write.


In a preferred embodiment, when the reset mechanism sends a reboot request to the boot ROM which starts a reboot procedure 345, a first step of that reboot may be shutting down the radio device 110. At the start of the boot procedure, the boot ROM reads the boot flags and prepares for the requested boot type. The boot ROM thereby performs device boot, and subsequently hands over to a device Secondary Boot Loader SBL (not shown).


In one embodiment, extra security enablers are added so only authorized persons or software operating as user agent 30 can trigger the reset mechanism 130. As described, the possibility to reset the wireless communications device 100 are still an important function, for example to return the device to a well-known state, remove any data from the device or if the device is malfunctioning. However, reset is a sensitive function that preferably only should be allowed by authorized persons/software. In accordance with various embodiments, such reset function can be protected using cryptographic methods by extending the reset mechanism architecture proposed above.


Returning to FIGS. 1 and 4, this embodiment outlines how cryptographic keys can be derived for the reset mechanism and how the reset request can be validated by an authentication server. In addition to parts and features described above, a reliable key storage 133 is provided in the reset mechanism 130, where a reset key can be stored. The key storage is preferably tamper proof and it should be reliable if the radio device 110 portion of the wireless communications device 100 is malfunctioning. An authentication server 40, such as an Authorization, Authentication & Accounting Server (AAA), is communicatively connectable to the reset mechanism 130. This authentication server 40 may be connected to the communications network 1, so as to be accessible also by means of the radio transceiver 111, but that is not required for the purpose of acting as a validation tool upon resetting the radio device 100.


In a preferred embodiment, the authentication server 40 is used for the purpose of authenticating and authorizing a user agent 30 that is invoking a reset function. Before a user agent can issue a reset request, the user agent 30 must preferably be registered and authorized to issue reset requests by an administrator of the authentication server 40. In such a circumstance, the user agent 30 is preferably in possession of an Access token that has been issued by the authentication server 40. The access token may be provided after a successful authentication and authorization procedure, for example using OAuth or other industry standard.


A device key storage 119 may be connected to the control unit 113 of the radio device, configured to hold a device key which is shared between the wireless communications device 100 and the authentication server 40. However, the device key may not be accessible if the radio device 110 is not operative. In order for reset to be possible if the radio device 110 is malfunctioning, there must be some cryptographic key available in some reliable component. The reset mechanism 130 thus preferably comprises a reset key storage 133, connected to the reset controller 132, configured to hold a reset key.


In a preferred embodiment, the reset key is a cryptographic key generated in dependence of the device key. The reset key should be derived in such manner that the authentication server may derive the key material. For example the reset key could be generated in the following way:





Reset Key Id=Random Number()





Reset Key=Hash (Reset Key Id+Device Key);


This may e.g. be carried out the first time a wireless communications device 100 is started, i.e. at cold start, whereby a reset cryptographic key is generated and stored in the reliable key storage 133. In an embodiment where the Device Key is shared between the authentication server 40 and the radio device 110, the reset key can calculated by the authentication server 40 by providing the reset key Id. The shared device key may be reliably stored in a memory storage 41 connected to the authentication server 40.


Now referring to FIG. 3, various method steps related to the embodiments incorporating authentication will be outlined. When a reset signal is received 310, which signal represents a reset request from the user agent 30 to the wireless communications device 100, the reset controller 130 is preferably configured to respond by transmitting 315 a request signature to the user agent 30. This request signature may be created based on a stored reset key, e.g. retrieved from memory storage 133 by the reset controller 132. In one embodiment, the request signature may be generated by providing a Number used Once (Nonce) and potentially also a freshness timestamp, if correct time is available. This data may then be used to calculate the signature. One way of calculating signature, where HMAC is Hashed Message Authentication Code, is:





Request Signature=HMAC(Reset Key, Reset Key Id+Nonce1+Timestamp1).


The Request Signature is sent 315 by the reset signal transceiver 131, potentially together with Reset Key Id, Nonce1, Timestamp1, to the user agent 30. The user agent 30 preferably forwards 320 all these parameters, and the Access Token stored in a memory 31 connected to the user agent 30, to the authentication server 40.


The authentication server 40 then validates the token, signature, Nonce and Timestamp. If those are valid the authentication server 40 responds 325 with an acknowledgment to the user agent 30, together with a new signature that can be cryptographic validated by the reset mechanism 130. For example:





Response Signature=HMAC(Reset Key, Request Signature+Nonce2+Timestamp2);


The user agent 30 preferably forwards the Response Signature to the reset mechanism 130, which is thereby configured to receive 330 both an acknowledgment indicating that the request signature is validated with an access token of the user agent, and a response signature created based on the request signature. Once the reset mechanism 130 receives the response signature with the Nonce2 and Timestamp2, the reset may be started if the signature validated, as described above. Thus, the step of executing reboot 345 of the machine-to-machine radio device is carried out responsive to successful validation of the response signature. In an alternative embodiment, corresponding mechanisms may be implemented using public cryptography. The length of cryptographic keys and hash calculations should be long enough to fulfill the security requirements.


An example of a system incorporating the wireless communications device in accordance with any of the embodiments outlined above will now be described with reference to FIG. 4. In this drawing, a system for distribution of goods is provided, which makes use of returnable product carriers 150. In this context, it is the carrier 150 as such that is returnable, and which may be used to carry or transport any type of products. An example of such a system may be Svenska Retursystem, which operates in Sweden. This system develops and operates a return system with the purpose to simplify and improve its customers' logistics and distribution of goods. The return system makes use of returnable product carriers 150 in the form of returnable pallets and returnable crates of different size pallets, and has become a standard in the grocery industry. Crates and pallets can be used hundreds of times, and once they are worn they may be ground down and recycled.


The embodiment of FIG. 4 will be described for a system comparable to Svenska Retursystem, which shall be understood as one example of the context of the system. The drawing shows a multitude of product carriers 150, or which one is enlarged to show various features of one embodiment of the product carrier 150. Each product carrier 150 forming part of the system may include a carrier member 151, such as a support plane of a pallet, or floor and walls forming the compartment of a crate or tray, configured to support goods of either a general character or of a specific type. Furthermore, each carrier 150 includes a wireless communications device 100 as described, though it may be noted that the system may also include further product carriers which do not include a wireless communications device 100. The product carriers 150 are preferably fabricated in a plastic material, and the wireless communications device 100 is preferably provided in a casing or encapsulation 101 which is resistant to wear, water and humidity. In one embodiment, the wireless communications device 100 is attached to the carrier member 151 by screws, bolts, rivets or an adhesive. In another embodiment, the wireless communications device 100 is molded into the carrier member 151, such as in a floor part or wall part of a product carrier member, as exemplified in the enlarged product carrier 150 in FIG. 4.


On a general level, the system may comprise a multitude of product carriers 150, some of which may be in storage 401. A product supplier 402, such as a factory, a packing company or a farm, may receive or retrieve a plurality of product carriers 150, and fill them with products 403 for distribution. By means of any suitable means for transportation, the filled product carriers 150 are provided to other entities, such as retailers 404, storage or restaurants, where the products are taken out of the product carriers 150. The empty product carriers are subsequently provided to a return station 405 for cleaning, after which they may be either used again, or be scrapped or even recycled to make new product carriers 150 or other products at a recycling station 408.


In the embodiments described herein, the system may operate a monitoring system 50 including a network device 10 configured to receive and possible transmit data from a machine-to-machine radio device 101 of the wireless communications devices 100 through the network 1 (see FIG. 1). As mentioned, the network 1 may e.g. include a cellular radio network such as LTE, and the wireless communications devices 100 may be IoT devices configured for M2M communication. The operation of this monitoring system 50 makes it possible to control e.g. the balance of product carriers 150 at various locations of the system.


The return station 405 preferably includes a carrier washing station 406, and a control device 407 comprising a user agent 30 configured to communicate with the reset signal transceiver 131 of the wireless communications device 100 incorporated in the product carriers 150 passing the control device 407. In case the product carriers 150 are not reachable by radio communication from the monitoring system 50 when distributed in the system, it may e.g. be difficult maintain an overview of where all the product carriers are located in the system. Even if they are primarily intended for the distribution of goods, they may end up in storages at the place 404 where the goods are delivered, which may result in shortage of product carriers 150 for distribution to product suppliers 403. In accordance with the system as shown and described with reference to the example of FIG. 4, the opportunity to reset the radio device 101 of the wireless communications device 100 in the product carriers 150 is provided by means of a control device 407 at the washing station 406. However, further or alternative locations for this device 407 other than at the washing station may be conceivable in various embodiments. The reset may be configured and carried out as exemplified with reference to FIGS. 1-3 above.


Embodiments of the invention have been discussed in the foregoing on a general level, and with respect to certain embodiments. The skilled person will realize that where not contradictory, the disclosed embodiments above may be combined in various combinations.

Claims
  • 1. A wireless communications device comprising: a machine-to-machine radio device including a radio transceiver configured to communicate with a network, anda control unit connected to control the transceiver;a boot system for the machine-to-machine radio device, including a boot ROM connected to the control unit, anda non-volatile memory storing one or more boot flags, connected to the boot ROM; anda reset mechanism including a reset signal transceiver,a reset controller connected to the reset signal transceiver and connected to the boot system to request reboot of the machine-to-machine radio device responsive to a received reset signal, anda storage device storing instructions that are executable by the reset controller to retrieve control data from a received reset signal, andwrite one or more boot flags in the non-volatile memory dependent on the retrieved control data.
  • 2. (canceled)
  • 3. The wireless communications device of claim 1, wherein the reset controller is configured to write one or more boot flags in the non-volatile memory dependent on a received reset signal.
  • 4. (canceled)
  • 5. The wireless communications device of claim 1, comprising a non-removable battery.
  • 6. The wireless communications device of claim 1, wherein the reset signal transceiver is configured to detect a reset signal from a wireless charging signal.
  • 7. The wireless communications device of claim 1, wherein the reset mechanism comprises a reset key storage connected to the reset controller, configured to hold a reset key;wherein the reset controller is configured to execute validation of data included in a received reset signal using said reset key, andrequest reboot of the control unit responsive to successful validation.
  • 8. The wireless communications device of claim 7, comprising a device key storage connected to the control unit configured to hold a device key which is shared between the wireless communications device and an authentication server;wherein the reset key is a cryptographic key generated in dependence of the device key.
  • 9. The wireless communications device of claim 1, wherein the reset signal transceiver is separate from the radio transceiver.
  • 10. The wireless communications device of claim 1, wherein the machine-to-machine radio device is configured to communicate with a cellular network.
  • 11. A system for distribution of goods, comprising a plurality of returnable carriers, wherein each carrier includes a wireless communications device comprising a machine-to-machine radio device including a radio transceiver configured to communicate with a network, anda control unit connected to control the transceiver;a boot system for the machine-to-machine radio device; anda reset mechanism including a reset signal transceiver, anda reset controller connected to the reset signal transceiver and connected to the boot system to request reboot of the machine-to-machine radio device responsive to a received reset signal;a monitoring system including a network device configured to receive data from the machine-to-machine radio device through the network; anda return station including a control device comprising a user agent configured to communicate with the reset signal transceiver.
  • 12. The system of claim 11, wherein the return station comprises a carrier washing station.
  • 13. The wireless communications device of claim 1, wherein the wireless communications device is connected to a carrier member of a carrier for distribution of goods.
  • 14. The wireless communications device of claim 13, wherein the wireless communications device is encapsulated in a waterproof casing.
  • 15. The wireless communications device of claim 13, wherein the wireless communications device is molded into the carrier member.
  • 16. A method for resetting a wireless communications device comprising a machine-to-machine radio device for communicating with a remote network and a boot system connected to the machine-to-machine radio device, the method comprising the steps of receiving a reset signal from a user agent in a reset signal transceiver; andexecuting reboot of the machine-to-machine radio device by means of a reset controller, responsive to the received reset signal.
  • 17. The method of claim 16, wherein the step of executing reboot includes writing one or more boot flags in the boot system in dependence of the reset signal by means of the reset controller;providing a reboot request to a boot ROM of the boot system by means of the reset controller; andrebooting the machine-to-machine radio device by means of the boot ROM in accordance with the boot flags.
  • 18. The method of claim 17, wherein the step of writing one or more boot flags in the boot system comprises retrieving control data from the received reset signal, andwriting one or more boot flags dependent on the retrieved control data.
  • 19. The method of claim 16, in response to receiving a reset signal, comprising the steps of transmitting a request signature to the user agent by means of the reset controller, which request signature is created based on a stored reset key;receiving i) an acknowledgment indicating that the request signature is validated with an access token of the user agent, andii) a response signature created based on the request signature;validating the response signature;wherein the step of executing reboot of the machine-to-machine radio device is carried out responsive to successful validation of the response signature.
  • 20. The method of claim 16, comprising the step of accessing a device key from the machine-to-machine radio device, which device key is shared by an authentication server;generating a reset key based on the device key and a reset key ID.
PCT Information
Filing Document Filing Date Country Kind
PCT/EP2017/058136 4/5/2017 WO 00