WO2008043546A2 - Method and devices for automatically connecting, via the radio, to a suitable access point of a self-organised network arrangement - Google Patents

Abstract

The invention relates to a network arrangement which comprises at least one terminal embodied for bidirectional data exchange and at least one access point embodied for bidirectional data exchange per radio with terminals and with a central administration unit. The invention also relates to a central administration unit which is connected to the access point for bidirectional data exchange. The terminal emits association request signals which are captured by access points in the radio transmission range. When said signal is captured, the access points emit association answer signals. Based on said captured answer signals, the respective terminal can automatically connect, via the radio, to a suitable access point for bidirectional data exchange.

Description

 Self-organizing network arrangement and method of organizing such a network

The present invention relates to a network arrangement which allows an automatic integration of further terminals into an already existing network. The invention further relates to a method of constructing such a network arrangement.

The object of the present invention is to provide a network arrangement which makes it possible to integrate new terminals for data exchange by radio with existing network components in a simple and flexible manner in an already existing network.

The object is solved by the independent claims, advantageous developments are the dependent claims removable. The present invention provides self-organization mechanisms for a network formed of terminals, access points and a central management unit. In such a network, the terminals are wirelessly connected via access points (which in turn may be integrated into terminals) with the central management unit (hereinafter also referred to as the center). The self-organization mechanisms according to the invention simplify the configuration and administration of the network arrangement. In particular, it becomes possible with the network arrangement according to the invention to monitor, configure or program the terminals from the control center.

Under a terminal is hereinafter a technical device (for example, a minibar, a radiator, ...) understood, which has a transmitting and receiving unit, which allow the device by

Radio via an access point (in particular wireless access point) with another device (in particular a central administrative unit) for data exchange in connection. The data exchanged here can be configuration data for the terminal to be transmitted from the central management unit to the terminal or also environment data to be transmitted from the terminal to the central management unit and recorded by a sensor integrated in the terminal. A variety of other data forms are possible for transmission.

In the text which follows, an access point is understood to mean a device (in particular a wireless access point) which, on the one hand, has a transmitting and receiving unit in order to be able to communicate with a terminal in radio constellation. but also has a second transmitting and receiving unit in order to forward the data received from the terminal to a further device (central management unit) and the information data received from the central management unit to a terminal forward. As will be described in more detail below, in this case the connection between access point and central administration unit is not necessarily designed as a radio connection, but may also be configured as a radio connection (in this case, the first and the second transmitting and receiving unit can also act as a common unit be realized).

As explained in more detail below, terminals can also be designed as access points for further terminals, if necessary, in that a further transmitting and receiving unit is integrated next to the radio link transmitting and receiving unit, which serves for data exchange with the central administrative unit.

The data exchange between the terminals and the control center is thus handled via the access points. However, separate access points can also be dispensed with if the terminals are designed such that they additionally integrate access point functionality for other terminals. Data originating from the terminals reach an access point by radio. This access point forwards the data to the central office. Such forwarding can also be done via radio, but it is also possible, for example, the forwarding via cable network. Also possible is the forwarding via a subnetwork (for example, an Internet Protocol-based company network). In the opposite case data arriving from the central management unit reaches an access point and the access point forwards the data to the corresponding terminals. An access point can be assigned several terminal rates.

The network arrangement according to the invention automates the integration of terminals in the existing network. In addition, possibilities are described how access points can be integrated into the network. Finally, mechanisms are also provided for the automatic detection of disturbances (disturbances are for example failures of terminals, of access points or of the central administrative unit). The invention also describes mechanisms for compensating for such disturbances.

Mechanisms for data transmission by radio and / or data transmission via Ethernet or the like are known in the art and are therefore assumed here and not described separately.

An essential aspect of the present invention is that a terminal can connect to the central management unit automatically (via association at the access point) via an access point by sending out an association request signal (hereinafter referred to as "Associate Request Broadcast Packet") Access points that are within the radio range of the terminal receive the association request signal and then send association response signals that allow them to connect to the terminal (or to allow the terminal to communicate with the central management unit through them or not). Based on the received association response signals of the access points, as will be described in more detail below, the terminal selects and associates with an access point: a bidirectional connection is established for data exchange by radio between the terminal and the selected access point.

In order to prevent unauthorized terminals from joining the network, a registration of the terminal at the central administration unit is carried out as described in more detail below by means of an association identification code (hereinafter also association ID). If the association ID transmitted by the terminal via the access point to the central administrative unit has been registered in advance at the central administrative unit, then the connection is permitted to the corresponding terminal. Otherwise, e.g. the data transmission is blocked or an alarm signal is triggered.

It is particularly advantageous, alternatively or cumulatively for registering the terminal with the aid of encrypted authentication codes, as will also be described in more detail below, to perform an authentication of a terminal at the central management unit. This makes it possible to prevent attempts to circumvent unauthorized end devices, which may be based, for example, on the fact that the association ID is not encrypted.

As described in more detail below, in advantageous embodiments of the present network arrangement according to the invention also Keep-alive messages (hereinafter alternatively also referred to as function messages) can be used. Such messages can be used for fault detection and can be used in particular for a network unit (eg terminal, access point or central administration unit) to be convinced of the accessibility of another network unit or of a communication partner.

An essential aspect of the free assignability in the present invention is also that several terminals can communicate with an access point or access point and that such an access point does not have to be in the immediate vicinity of a terminal. In the case of multi-hop networking described in more detail below, it is even possible for separate access points to be outside the reach of individual terminals; These devices can then connect via other devices with the separate access points.

The main advantages of the present invention are as follows:

• In a simple way, terminals equipped with a radio unit can automatically connect to an already existing network (sub) arrangement to an extended network arrangement by radio.

• It is thus theoretically unlimited an automatic extension of an existing network to additional terminals in a simple manner possible.

• Unauthorized devices can be prevented in various ways from connecting to existing network components. With the network arrangement according to the invention, it is possible in a simple manner to monitor, configure or program any number of individual terminals which can be controlled by radio. Manual interventions for on-site configuration and manual administration on site are thus eliminated as far as possible.

The network arrangement according to the invention can be used in all areas in which wireless lotter devices are to be networked via access points with a central administrative unit.

Hereinafter, the present invention will be described in detail based on individual embodiments. The individual aspects described in the exemplary embodiments can also be combined by the person skilled in the art in a manner in which they directly reveal their specialist understanding, without this having been laid down in this form in one of the exemplary embodiments.

FIG. 1 shows an example of a possible basic configuration of a network arrangement according to the invention for explaining the association of a single terminal with the access point and the registration with the central administration unit.

FIG. 2 shows an activity diagram of the association, a subsequent registration and a subsequent authentication of a terminal at an access point and the registration of the cylinder with the central administration unit. FIG. 3 shows the use of timers and timer signals for fault detection and elimination (activity diagram).

FIG. 4 shows an application in which a plurality of terminals are connected to the central administration unit via separate access points not formed as terminals and an IP-based company network (subnetwork).

FIG. 5 shows a further example in which a corresponding connection is carried out via terminals which additionally integrate an access point functionality.

FIG. 6 shows the concrete application of a networked minibars system.

It is first described on the basis of the basic configuration of Figure 1 and Figure 2, as an association or connection according to the invention, a registration according to the invention and authentication according to the invention can be configured.

Figure 1 shows a terminal 3, which is designed for bidirectional data exchange by radio. Thus, the terminal 3 has a corresponding radio module. FIG. 1 furthermore shows two access point units or access points 2a and 2b arranged at different locations at a distance from the terminal 3. Each of the access points has a first connection unit (radio connection unit) with which bi-directionally data can be exchanged with terminal devices via radio (dashed line). The access point 2a and 2b In this case, it is connected to a central management unit 1 via a data line (cable or the like, solid line). However, it may alternatively also be a radio connection. For data exchange with the central management unit 1, the access points 2a and 2b each have a further (second) transmitting and receiving unit. The administrative unit may be located in one and the same building as the access points and the terminal. However, it is also possible that it is located in another building (eg neighboring building).

After the terminal, as described in detail below, has established a radio link to one of the access points 1 (association), data can then be exchanged bidirectionally between the central management unit 1 and terminal 3 via the access point selected by the terminal 3.

An example of an association, registration and authentication of the terminal 3 according to the invention in the central management unit 1 will now be described with reference to the activity diagram of FIG.

Before the terminal 3 according to the invention can be incorporated into the previous hull network 1, 2a, 2b, it must be registered locally for security reasons in advance at the headquarters. This is also referred to below as initialization. During this initialization, a unique identification number or association identification code (which also serves for the later association), a secret (also referred to below alternatively as a cryptographic key), which serves for the later authentication, and optionally authorization data (eg which access authorizations the user has access to the terminal or which events the terminal may initiate after data transmission in the central unit) are programmed locally in the central administration unit (eg in corresponding tables in the memory). These data stored locally in the central unit 1 are also referred to below as the second association identification code and the second cryptographic key. Similarly, a first association identification code and a first cryptographic key are locally stored in the terminal (permanently programmed). Optionally, authorization data (for example, how the terminal may be accessed) can also be stored in the terminal.

After completion of this initialization in the control panel 1, a timer is started in the control panel (size order in half-hourly range). This timer is stopped when the terminal, after being put into operation, reports to the control center 1 via one of the access points 2a, 2b (see below). If this message is missing, the software of the control panel 1 can be notified that the registration has failed (error message).

After completion of the local initialization (programming the necessary data in the center 1) locally (or a) new (it) terminal 3 is now locally activated. Upon activation, the terminal 3 sends an association request signal (Associate Request Broadcast Packet) containing the association identification code to all those access points 2 that are within radio range. Subsequently, it is assumed that this is the two in 2 and 2b (dashed lines: radio connection between terminal 3 and access point 2a and access point 2b are possible). All receiving access points respond with an association response broadcast signal (hereinafter also referred to as Associate Response Broadcast Packet) which contains information about the current utilization of the respective access point 2 (eg, in particular, the number of terminals already associated with an access point). For this communication between terminal 3 and access point 2 to be unique, the associate response broadcast packets also contain the association identification code (association ID) assigned during initialization (received by the access point via the associate request broadcast packet).

Due to the current utilization of the individual access points 2 and / or the connection quality, the terminal selects the radio connection that is possible between the terminal 3 and the respective access point 2

(for example, RSSI or Link Quality Indicator, see below) selects and associates with the most appropriate access point 2. To confirm a successful association, a three-way handshake is performed.

Since it is highly probable that several access points are within radio range of the terminal 3 (here the two points 2a and 2b), it can be assumed that several access points are the associate request

Broadcast Packet of the terminal 3 can receive. Any access point that is underutilized (i.e., with less than a maximum number of times specified in the central management unit software and communicated to each access point

End devices is associated) answers in the present Case with an Associate Response Broadcast Packet. This response packet contains the association ID of the terminal 3 and a value which describes the current utilization of the access point (for example in the form of the number of associated terminals). Since multiple access points have most likely received the Associate Request Broadcast Packet of the terminal 3, the terminal 3 in response also receives multiple Associate Response Broadcast Packets from different access points.

The terminal now determines the most suitable access point for the connection. The values Utilization, RSSI and Link Quality Indicator serve this purpose. These

Values can either be used individually in different ways (for example, choosing the access point that has the lowest utilization or the highest link quality indicator), but they can also be linked together to provide a measure of the goodness of the possible connection through a link Determine access point. RSSI stands for "Received Signal Strength Indication" and is a measure of the field strength of a received radio signal.The Link Quality Indicator is a measure of the bit error rate of the received data.These values are usually determined by the hardware of a radio system and can thus be linked or After determining the most suitable access point on the basis of the quality measure determined, the terminal 3 associates with this access point 2. Assume that the association of the terminal 3 with the access point 2a takes place the assignment of an address to the terminal 3 and the storage of the Address of point 2a in the terminal. After successful association, the access point 2a registers the terminal 3 at the center 1, so that a successful startup of the terminal can be detected and it can also be determined whether the terminal is an authorized terminal (see below on the association identification code number or better still based on encrypted secrets).

In other words, if the terminal 3 is authorized, it recognizes the center 1 on the basis of a comparison of stored in the local initialization in the central second association identification code with the via the access point 2a from the terminal 3 to the center 1 transmitted first association identification code. If the device 3 (if these codes match) is allowed, the central office stores the address of the terminal 3 together with the address of the assigned access point 2a in a routing table. Already the use of a non-encrypted association ID (or the comparison of two such codes) thus prevents in a simple manner the creeping in of foreign, unauthorized end devices into the network arrangement according to the invention. In order to meet a higher security standard, in addition, an authentication of the terminal is additionally made as described below.

After successful association between terminal 3 and access point 2a, the access point 2a of this terminal 3 thus registers at the center 1. For this purpose, as described above, the access point 2a sends the registration message to the center. This message contains the association ID of the terminal 3 and the address that the access point 2a has previously assigned to the terminal 3. To confirm a successful registration, a three-way handshake will be performed again.

After successful association and registration as described above, the path that the data must take through the network arrangement according to the invention is unambiguous in both directions: Central office 1 knows with which access point which terminals are associated (here terminal 3 with access point 2a). The center 1 can thus send the data destined for a particular terminal (for example, data to configure this locally) to the correct access point. The access point receives the data and forwards it to the terminal. • Each terminal knows the access point associated with it: The terminal can thus provide data destined for the central office to its best

Send access point. The access point receives this data and forwards it to the central office. Of course, it is also possible here that (for example in a local table) the terminal 3 notices several access points on the basis of the specific quality measure of the radio connection: data transmissions over several access points and / or changes from one access point to the other are then also alternately Failure of an access point possible.

In order to meet high security requirements with regard to the creeping in of non-authorized terminals, an authentication of the terminal 3 (via the access point 2a) in the center 1 is also carried out after the registration in the present case. A such authentication is done by means of a cryptographic key. In this case, a first cryptographic key is stored in the terminal (the cryptographic keys are also referred to as secrets below), is in the center

(at least) stored a second cryptographic key. Both the terminal and the center can generate an encrypted authentication code by encryption with their respective cryptographic key from an authentication code (this may be, in particular, a random number generated with a random number generator). It can then in a suitable manner an unencrypted authentication code (random number) and a result of a

Encryption thereof be exchanged between the two network units, so that even without the exchange of a cryptographic key itself authentication of the terminal 3 at the center 1 is possible. The terminal thus detects the knowledge of its programmed secret (first cryptographic key) without having to transmit the secret itself. The authentication procedure is initiated by the central office as follows: During the authentication, the terminal 3 acquires the knowledge of the secret (first cryptographic key) programmed during the initialization, by first determining a random number R (second authentication code number) from the center. rale 1 is generated and sent to the terminal 3. The terminal 3 encrypts this random number R with its cryptographic key (thus uses the received second authentication code as a first authentication code number), to be encrypted by means of the locally stored first cryptographic key Key to generate a first encrypted authentication ID). The result (the generated first encrypted authentication code) is then sent from the terminal back to the center 1 and received there. The control center also encrypts the random number R (thus generates a second encrypted authentication code with its locally stored second cryptographic key from the second authentication code R). Subsequently, the second encrypted authentication code number generated in the center is compared with the received first encrypted authentication code number. If the encryption result matches, the encryption of the random number R generates identical encrypted authentication code numbers on both sides, this means that the two communication partners central office 1 and terminal 3 have the same secret (ie, the first cryptographic key corresponds to the second cryptographic key). Thus, the terminal 3 is authenticated at the center 1.

Advantageously, the network arrangement is formed so that the above-described authentication of the terminal 3 in the center 1 can also be done in reverse form (authentication of the center 1 at the terminal 3, for example, after failure of the center). It is also possible, by storing a third cryptographic key in an access point, to appropriately authenticate an access point at the center 1 or vice versa.

If the association, registration or authentication as required by be led, fail, this is indicated on the terminal (eg by an acoustic signal). In particular, that network component which has to be authenticated may trigger an event in the form of an alarm signal if it fails. The software (for example the central office) responds to a failed authentication with a corresponding alarm message.

According to the invention, the following functions are also realized on the basis of the basic configuration shown in FIG. 1 (by suitable design of the software and / or hardware of the corresponding network units):

• Integration of an "orphaned" device:

A terminal may lose contact with its access point (hereinafter: AP), e.g. due to a reset or failure of the AP.

In this case, the terminal again passes through the activities in the partition "deployment area" shown in Fig. 2, i.e. the reintegration into the network originates from the terminal. The association ID programmed in at the original local initialization at the center is used further.

• Integration of new or newly started access points:

The integration of a new access point begins with the assignment of an IP address by the control center via DHCP. An access point automatically requests an IP address after activation. If the MAC address of the central office AP is known, is assigned an IP address (the MAC addresses of the APs are stored in a list of the central office). Before the IP address is assigned, the ARP request checks whether it already exists in the network. This is necessary, otherwise after one

Restart the control center under certain circumstances IP addresses could be duplicated.

Subsequently, a mutual authentication of AP and central office takes place, whereby the knowledge of a programmed secret (second and third cryptographic key) is proven. This procedure is initiated by the access point (the AP establishes a socket connection to the control center).

The control panel responds with an alarm message if the MAC address of the AP is unknown or if the authentication fails.

The control panel stores the IP address of the AP in the routing table.

When restarting an access point, existing associations with end devices are lost. The terminals register the restart as a failure and look for a new AP.

Remove devices:

Terminals can be disabled from the center, i. ordered to be removed from the network. For this purpose, a shutdown message is sent from the control center to the terminal.

Terminals can also be disabled locally. In In this case, the terminal sends a shutdown notify message to the control center.

Both messages are registered by the AP when forwarding to the central office. The AP is thus informed about the shutdown of the terminal and then stops monitoring the keep-alive messages (see below) of the terminal (and in particular sends no own message about a supposed terminal failure to the center) and deletes the assigned to the terminal Address .

• Remove APs:

Access points can be deactivated from the control center. In this case, the center instructs the AP to be deactivated with a shutdown message to stop the operation. The central office deletes the AP with all associated terminals from the routing table.

The access point informs the terminals associated with it about the shutdown, whereupon the terminals automatically search for a new AP, i. E. the activities in the partition "deployment area" are again traversed as shown in Fig. 2. The association ID programmed in at the original local registration at the central office is reused.

• Restart of the control panel:

After a reboot (reboot the PC or reboot the software), the head office has no

Knowledge of the state and topology of the network. Around In order to prevent unauthorized components (in particular terminals) from being introduced into the network during the failure, all authentication steps (see FIG. 2) must be run again.

If the control panel receives a keep-alive message from an access point for the first time after a restart, it is checked whether this message was sent by an AP with a known MAC address. The AP is assigned (for reasons of simplicity) a new IP address (alternatively the DHCP server can be told that the corresponding IP address has already been assigned). Subsequently, a mutual authentication of central office and AP takes place again as described above.

Afterwards, the control center informs the AP that all devices associated with it will be re-registered at the

Central register and authenticate. The AP sends to register messages (unicast) to all devices. In this case, the association ID programmed into the original local initialization at the central office is reused by the terminals.

If checking the MAC address of the AP or the mutual authentication fail, the control panel responds with an alarm message.

Moreover, in the network arrangement according to the invention in the present case, the interference detection mechanisms described below are integrated: Fig. 3 shows the running in the terminals, in the APs and in the central operations for fault detection, ie for detecting the failure of a component or network unit.

In order to be able to detect the failure of a terminal, the latter must communicate with its associated AP at least once within a specific time interval. If no payload transport is required within this interval, special keep-alive messages will be sent. The "terminal" partition in Fig. 3 shows this procedure: A timer is reset every time a normal message is sent, and only when this timer expires is the keep-alive message sent as an exception.

The same mechanism takes place between the access points and the center, i. The access points must also contact the head office on a regular basis. This is controlled by the timer 2 shown in the partition "AP" in FIG.

Each access point maintains for each associated terminal a timer, which is reset when a data packet is received by the terminal. When a timer expires, a corresponding fault message is sent to the control panel.

Likewise, the control panel maintains timers for all APs, which are reset on each incoming AP data packet and when they expire, a fault message is displayed.

The control center behaves as follows in case of faults: • Failure of an AP:

On the failure of an AP (= repeatedly missing keep-alive messages), the control panel reacts with an alarm message. The user can choose whether the AP should continue to be monitored or deleted.

If the user agrees, the AP entry along with the associated terminals is deleted from the routing table.

- Alternatively, this deletion can also be automated.

The IP address assigned to the AP is not deleted at this time. If the AP is restarted and a new IP address is requested for a known MAC address (which has already been assigned an IP address), the old address can be reassigned or a new one can be assigned and the old one can be deleted.

• Failure of a terminal:

The failure of a terminal is displayed in the control panel.

• Recovery of APs:

Resuming an AP is equivalent to returning keep-alive messages after repeated timeouts. In order to prevent the entry of unauthorized APs, the MAC and IP addresses of the AP are first checked (known MAC

Address and IP address assigned to this MAC address). Subsequently, a mutual authentication of AP and central office (as described above). The control panel responds to a failure of these over-checks with an alarm message. After that, the control center informs the AP that all devices associated with it must register again with the central office and authenticate. The AP sends to register messages (unicast) to all devices. In the process, the association ID programmed in at the headquarters during the original local initialization is reused by the terminals.

• Resumption of terminals:

Resumed devices are displayed like new devices in the software of the center.

The access points behave in the following way:

• loss of a terminal:

The failure of a terminal is reported to the center with a lost message containing the association ID of the terminal.

• Failure and restart of the control panel:

If the communication with the central unit fails, the AP buffers all messages to the central unit for a certain time. After a priority-dependent timeout, the messages are discarded. Register messages from terminals to the central office and messages about terminal failures have the highest priority. Other inquiries to the headquarters have the lowest priority.

The accessibility of the center is tested by regular attempts to send keep-alive messages. The further procedure is described in the previous section "Restarting the Control Center". • Resumption of terminals:

The procedures for recording orphaned terminals are described in section "Integration of an Orphaned Terminal".

The devices behave as follows in case of faults:

• Loss of associated AP and reclassification: A terminal automatically searches for a new AP, cf. Section "Embedding an Orphan

Terminal ".

• Failure of the central office:

The terminals are not directly affected by a failure of the center. You can continue to address data to the center. If the central office fails, this is registered by the associated AP and the messages are buffered for a priority-dependent time, cf. Section above (Behavior of APs in case of faults).

• Restart of the control panel:

When the central office is restarted, the terminals must register again with it, cf. Section "Restart of the control panel" above.

FIG. 4 shows a further example of a network arrangement according to the invention. As described above, the terminal 3a and the terminal 3b have both associated with the access point 2a and connected. Of the

Access point 2a is connected to the central unit 1 via an Internet Protocol-based company network (subnetwork). The IP-based corporate network may be a conventional Ethernet connection; however, a radio network is alternatively conceivable. From the central office 1 (here: personal computer) data, in particular also configuration data for the terminals via the subnetwork 5 and the access point 2a, can be transmitted to the respective terminal 3a or 3b. Conversely, the terminal 3a or 3b, for example, transmitted by a sensor data transmitted via the access point 2a and the subnetwork 5 to the center 1. The self-organization of the network arrangement according to the invention takes place (by corresponding data exchange) thus both in the terminals 3 and the access points 2, as well as in the central administration 1 (by suitable SW and / or HW measures).

Via the subnetwork 5, another access point 2b is connected to the center 1. In an alternative embodiment, the two access points 2a and 2b can also be networked with each other (not shown here).

The terminals 3c, 3d and 3e now show a further possibility of how terminal devices according to the invention can be connected to a central administration 1 via an access point 2b. In this case, the two terminals 3c and 3d are each already associated with the access point 2b. However, the terminal 3e is outside the radio range of the access point 2b and the access point 2a. In such a case, however, it is still possible to establish a radio link of the terminal 3e with the access point 2b if the terminals 3c and 3d are designed as switching terminals. In this case, an association request signal sent from the lock cylinder 3e is received by the two radio-reach terminals 3c and 3d. The two terminals 3c and 3d forward the association request signal to the already connected access point 2b (which is within its radio range). The access point 2 b sends out a corresponding association response signal if it still has free capacity, which is received by the terminals 3 c and 3 d and is in each case forwarded to the terminal 3 e within its radio range. Depending on which radio link (terminal 3e, terminal 3d, access point 2b or terminal 3e, terminal 3c, access point 2b) is more favorable, the terminal 3e to be connected selects one of the two possible radio links for association with the access point 2b. Here, it is assumed that the radio link 3e-3d-2b is cheaper, so that the data to be routed to the terminal 3e or the data received from it are routed to the central unit 1 via the terminal 3d, the access point 2b and the subnetwork 5 to be received by this. In the present case, the two terminals 3c and 3d act as pure switching terminals, unlike the case described below (see FIG. 5), therefore, they do not have the ability to decide themselves about the possibility of association (this is done solely by the access point 2b). Thus, unlike the case shown in FIG. 5, the end rates 3c and 3d do not integrate complete access point functionalities).

Figure 5 shows another embodiment of the present invention. In this case, some of the terminals have access point functionality, so that separate access points can be dispensed with. This concerns the terminals 3e, 3f and 3g. Thus, the terminal 3g is connected directly to the central unit 1 via its integrated access point functional unit. In the present case, this takes place Connection also via a radio link. The terminal 3f, which likewise has an access point unit, has connected to this terminal via a radio link. The terminals 3a and 3b have associated with this access point terminal 3f. The same applies to the terminal 3e (which is connected via a radio link to the access point terminal 3g, ie has associated with it) with which the two terminals 3c and 3d are associated. In the present case, the communication between the individual terminals and the locking system management is thus carried out via adjacent terminals, wherein due to the fact that the individual terminals additionally have access point functionality or are simultaneously configured as access points, separate access points can be dispensed with. In contrast to the case shown in FIG. 4, the access point terminals (for example the terminal 3e) have complete access point functionality: This means that in the present case such a terminal itself decides (for example due to the utilization of its access point unit ) How many more devices it still allows for multihop communication.

FIG. 6 shows a concrete application of a network arrangement according to the invention. In that case, the individual terminals 3 are minibars in different rooms of a hotel building, which can be automatically networked as described above, for example.

The individual mini bar 3 here has a sensor unit 7 and a memory unit 8. With the sensor unit 7, environmental status data or status data of the minibar (for example service data, Data on the temperature and / or the current content (the latter via eg built-in pressure sensor elements in the ground or via RFIDs) in the minibar or outside of the same, ...) detect. The corresponding status data can then be transmitted to the central station 1 via the access point associated with the respective minibar (here, for example, 2a for the bar 3a) and a corresponding subnetwork 5.

For example, if the central unit 1 determines that the temperature within the minibar 3a is too high, configuration commands may be transferred to the memory 8 via the access point 2a which cause the temperature control of the minibar 3a to be adjusted accordingly (greater cooling capacity) ).

Shown is further a control unit 4, which communicates with the center 1 via a data line in combination. With this unit 4 can be through the

Central 1 in response to data transmitted from one of the minibars 3 to the center 1 data trigger events. Here it is e.g. possible that a corresponding command via the control unit 4 is transmitted to the associated with this blinds of the corresponding hotel room, so that they are closed and the cooling capacity of the minibar 3 a can thus be used more efficiently.

Here, the various data between minibar 3 and 1 central office can be exchanged.

The above figure 6 describes only one of many possible concrete embodiments in which a network arrangement according to the invention can be used. So are the following in particular Possible applications:

• The heating devices arranged in individual rooms of a building as terminals 3. These can then be e.g. centrally in unit 1 for their respective consumption. Also, an individual control of the temperature of the individual radiator 3 by appropriate data transmission is possible. Likewise, individual fans 3, for example, depending on a detected by a sensor 8 temperature and / or humidity signal individually regulate.

• Also a multitude of others, especially for an individual facility

Individually manage, control, program and configure management-deployable terminals 3 by means of a network arrangement according to the present invention: Examples include only ventilators, motors for window opening, blinds, blinds,

Air conditioners, lamps or counters for gas, water and electricity. Here you can measure a wide variety of status data (consumption values, temperature, solar radiation, humidity, brightness, etc.) and the corresponding

Programming and configuring terminals 3 accordingly.

• Just such individual networking, configuration and programming is for individual smokers, motion detectors, glass-breakage sensors as

Terminal etc. conceivable. Here, for example, depending on the position of the sensor different alarm signals in the center or different events can be triggered locally on the terminal. • In the outdoor area, the corresponding devices can be individually networked: thermo, baro, hygrometer, moisture meter for measuring in the soil (for example, in arable land for growing cereals), irrigation equipment for irrigation of individual plants or plant populations, ...

• It is also conceivable to use vibration sensors as terminals 3 to be networked. These can be used both indoors (building security) and outdoors (detection of rockfall, avalanches or the like).

• It is also conceivable to network individual microphones at different locations, for example in a concert hall for locally recording the sound quality and transmitting corresponding audio signals to the central administrative unit 1 (with subsequent individual microphone configuration). • Individual networking of individual joysticks or gamepads is also conceivable.

Other applications include:

• Networking of sensors, actuators and control units in automobiles

• Networking of sensors and actuators in the medical field

• networking of sensors, actuators and control units in the area of production and automation, e.g. for production data acquisition, process control, conversion of production (flexible production)

• Networking of subsystems, actuators and sensors in and on robots (networking of individual robot parts) • Connection of robots to fixed infrastructures

(Control units, computing units, sensors, actuators)

• networking of sensors to monitor the condition of wheels, tires or similar. • networking of sensors to detect plant growth (stem diameter, fruit size)

• Networking of displays and speakers with a data source.

The above-mentioned applications can be realized as follows:

• Automotive: integration / networking of sensors, actuators, control units and (consumer) terminals. Use cases are e.g. the wireless integration of sensors and actuators to the respective control unit or the on-board computer (for example for driver assistance systems, distance radar, control of mirrors, parking aids). It is also possible to use consumer devices, such as Mobile phones, MP3 players or navigation aids to wirelessly connect with the automobile.

• Medical area: Integration / networking of wireless sensors / actuators directly on the body without stationary connection, such as for the transmission of blood pressure, nerve activity, oxygen content, sugar levels for monitoring, recording and mobile monitoring. Another area of application is the determination of patient data during operations or during inpatient stay in the hospital, nursing home or at home via wireless sensors and the activation of

Actuators (eg for insulin delivery) or machines. • Robots: Networking of robot components (subsystems) with modular robots or minimizing the cabling effort. For example, data from sensors or for actuators of the robot itself, such as setting angles, maintenance conditions, temperature, distance measurements, data from the machining process (eg mass of the workpiece, wear of the tools, machining state) and the distribution of tasks between are transmitted Robotic subsystems and central computer (eg division of the environmental analysis or calculation of control information).

• Robots and fixed infrastructures: as above, however, the robot's environmental data are determined by the robot itself or its environment (eg distance measurement, video evaluation, localization). In addition, the task distribution does not take place between individual robot subsystems, but also between robots and external computers.

• Tire: information is transmitted, e.g. Pressure, temperature or wear. However, actuators can also be controlled (e.g., automatic air pressure adjustment or foam filling if needed).

• Planting: additional control of the soil and, if necessary, controlling the addition of water, light or fertilizer.

• Displays / Speakers: Transfer of wireless multimedia data (such as audio / video information) or control information.

• Camera: as well as the transmission of multimedia data and control information

• Localization: capture of specific sensor data for localization, such as multimedia data for image / sound analysis, information from the building infrastructure (eg door opening), pressure data from the floor, field strength from transmitters to persons, position information from transmitters to persons.

Claims

claims 1. Network arrangement comprising at least one terminal (3) designed for bidirectional data exchange by radio, at least one access point designed for bidirectional data exchange by radio with terminals and for bidirectional data exchange with a central administrative unit, and a central management unit (1), which is connected to the access point for bidirectional data exchange, wherein an association request signal can be transmitted by the terminal, association response signals can be transmitted from access points (2) after receipt of the association request signal and an access point can be connected by radio to the terminal for bidirectional data exchange based on received association response signals (association of the access point terminal) , 2. Network arrangement according to the preceding claim, characterized in that a terminal connected for bidirectional data exchange is designed as an access point for at least one further terminal. 3. Network arrangement according to one of the preceding claims, marked by multiple access points, wherein the central management unit is connected to each of the access points for bidirectional data exchange. 4. Network arrangement according to one of the preceding claims, characterized in that in the terminal a first association identification code uniquely identifying the terminal is stored, wherein after a connection of the terminal to an access point, the first association Identification code of the terminal from this access point to the central management unit is transferable (registration of the terminal at the central management unit). 5. Network arrangement according to the preceding claim, characterized in that at least one second association identification code is stored in the central administrative unit, that the central administrative unit receives the received first association Identification code with the second asso- zierungs identification code is comparable and that, depending on the comparison, at least one event can be triggered by the central administration unit. 6. Network arrangement according to one of the preceding claims, characterized in that a first cryptographic key is stored in the terminal and that a second cryptographic key is stored in the central management unit, wherein a first encrypted authentication code can be generated by the terminal by encryption with the first cryptographic key from a first authentication code, and a second encrypted authentication code by the central management unit by encryption with the second cryptographic key from a second authentication code Reference number can be generated. 7. Network arrangement according to the preceding claim, characterized in that after a connection of the terminal with an access point, a second authentication code can be transmitted from the central administration unit to the terminal, that the received second authentication code is usable by the terminal as the first authentication code for generating the first encrypted authentication code, that the generated first encrypted authentication code is transferable from the terminal to the central management unit, a second encrypted authentication code number can be generated by the central administration unit from the second authentication code number and is comparable with the received first encrypted authentication code number, and in that, depending on the comparison, at least one event can be triggered by the central administrative unit (authentication of the terminal at the central administrative unit). 8. Network arrangement according to claim 6, characterized in that after a connection of the terminal with an access point, the first authentication code is transferable from the terminal to the central management unit, that the received first authentication Code is usable by the central management unit as the second authentication code for generating the second encrypted authentication code; that the generated second encrypted authentication code is transferable from the central management unit to the terminal, in that the first authentication key is used by the terminal to encrypt a first encrypted password Authentication code is generated and is comparable with the received second encrypted authentication code and in that as a function of the comparison at least one event can be triggered by the terminal (Authentication of the central administrative unit at the terminal). 9. Network arrangement according to one of the preceding claims, characterized in that in the access point, a third cryptographic key is stored and that a second cryptographic key is stored in the central management unit, wherein a third encrypted authentication code can be generated by the access point by encryption with the third cryptographic key from a third authentication code, and a second encrypted authentication code is encrypted by the central management unit by encryption with the second cryptographic key from a second authentication code Reference number can be generated. 10. Network arrangement according to the preceding claim, characterized in that a third authentication code is transferable from the access point to the central management unit, the received third authentication code can be used by the central management unit as the second authentication code for the generation of the second encrypted authentication code number, that the generated second encrypted authentication code is transferable from the central management unit to the access point, a third encrypted authentication code number can be generated by the access point from the third authentication code number and is comparable to the received second encrypted authentication code number, and that, depending on the comparison, at least one event can be triggered by the access point (authentication of the central administration unit at the access point). 11. Network arrangement according to claim 9, characterized in that a second authentication code is transferable from the central management unit to the access point, that the received second authentication code is usable by the access point as the third authentication code for generating the third encrypted authentication code, that the generated third encrypted authentication code is transferable from the access point to the central management unit, a second encrypted authentication code number can be generated by the central management unit from the second authentication code number and is comparable to the received third encrypted authentication code number, and in that, depending on the comparison, at least one event can be triggered by the central administrative unit (authentication of the access point with the central administrative unit). 12. Network arrangement according to one of the six preceding claims, characterized in that at least one of the authentication codes is a random number that can be generated by means of a random number generator arranged in the central administration unit, in the access point and / or in the terminal. 13. Network arrangement according to claim 5 or 7, marked by the storage of an address assigned to the terminal after connection to an access point and the address of the access point in the central management unit as an event in case of matching the first and the second association identification code or the match of the first and the second encrypted authentication Reference number. 14. Network arrangement according to claim 11, marked by the storage of an address assigned to the access point in the central management unit as an event in the case of the correspondence of the third and the second encrypted authentication identification number. 15. Network arrangement according to one of the preceding claims, marked by the triggering of an alarm signal by the central management unit, an access point and / or by the terminal as an event in the case of non-compliance of the first with the second association identification code, in the case of non-compliance of the first and the second or the third and the second encrypted authentication index and / or in case of association failure. 16. Network arrangement according to one of the preceding claims, marked by several terminals. 17. Network arrangement according to the preceding claim, marked by at least one switching terminal and a further terminal, the further terminal being connectable by radio to the switching terminal and via this with an access point connected to the switching terminal for bidirectional data exchange. 18. Network arrangement according to the preceding claim, characterized in that from the further terminal an association request signal can be sent out from Terminals within radio range after receipt of the association request signal, association response signals of the access points connected to them can be transmitted and based on access points and / or switching Terminal receiving association response signals an access point directly or via the associated switching terminal via radio to the other terminal for bidirectional data exchange is connectable (association of the other terminal at the access point). 19. Network arrangement according to one of the preceding claims characterized in that in the case of several access points located within the radio range of the terminal, the access point to be connected on the basis of the instantaneous states of these multiple access points, in particular the utilization, or an achievable connection quality between the terminal and the respective access point, in particular the RSSI and / or a link quality indicator (Link Quality Indicators) ), is selectable. 20. Network arrangement according to one of the preceding claims, characterized in that the association, registration and / or authentication by means of a three-way handshake between the terminal, the central management unit and / or an access point is confirmed. 21. Network arrangement according to one of the preceding claims, characterized in that an association, registration and / or authentication is feasible in Interruption of a connection between a terminal and an access point, Interruption of a connection between an access point and the central administrative unit, or - Failure or restart of an access point or the central administrative unit. 22. Network arrangement according to one of the preceding claims, marked by at least one timer unit arranged in one of the network units, with which functional messages (keep-alive messages) can be transmitted at regular intervals to network units connected to this network unit. 23. Network arrangement according to the preceding claim, characterized in that the network unit in which the timer unit is arranged is the central management unit, one of the access points and / or the terminal. 24. Network arrangement according to one of the preceding claims, characterized in that at least one of the terminals with exactly one access point for data exchange is connectable and / or that at least one of the terminals with multiple access points for data exchange is connectable. 25. Network arrangement according to one of the preceding claims, characterized in that the central management unit is connected to the access point by radio or via a subnetwork (5) for bidirectional data exchange. 26. Network arrangement according to the preceding claim, characterized in that the subnetwork is an Internet Protocol-based network and / or a wireless network and / or that the data exchange between the access point and the central administrative unit is based on local communication technology, in particular Wireless LAN, Ethernet or HomePNA. 27. Network arrangement according to one of the preceding claims, characterized in that the central administrative unit is a personal computer. 28. Network arrangement according to one of the preceding claims, characterized in that the terminal and / or used for data exchange components thereof are temporarily deactivated to reduce energy consumption. 29. Network arrangement according to one of the preceding claims, characterized in that the terminal has a memory unit, wherein after connecting the terminal to the access point from the central management unit configuration data for the configuration of Terminal can be transferred via the access point to the storage unit and stored in it. 30. Network arrangement according to one of the preceding claims, characterized in that the terminal has a sensor unit, by means of which data, physical state variables and / or chemical state variables from the environment of the terminal can be detected or to state variables of the terminal itself, in particular Service data, can be queried and transmitted by radio via the access point to the central administration unit. 31. Network arrangement according to the preceding claim, characterized in that the sensor unit is a temperature, humidity or a radiation sensor. 32. Network arrangement according to one of the two preceding claims marked by an associated with the central administrative unit or in this integrated control unit (4) for controlling a process state and / or triggering an event depending on the transmitted data or state variables. 33. Network arrangement according to the preceding claim, characterized in that the terminal is arranged within a building or in the outer area of the same and that with the control unit, the technology of the building is adjustable, computer systems or telephone systems are activated or alarm events can be triggered. 34. Network arrangement according to one of the preceding claims, characterized in that at least one of the terminals a minibar, a heater, a fan, a ventilation unit, a blind, a shutter unit, an air conditioner, a lamp, a counter for gas, water or electricity, a joystick, a game pad, a smoke detector, a motion detector, a Glass breakage sensor, a thermo-, baro- or hygrometer, a moisture meter, an irrigation unit, a microphone, a sensor, actuator or control unit in the automotive or medical technology field, a robot, a tire, a display device (display), a loudspeaker, a Camera, a locating device or a vibration sensor is. 35. Use of a network arrangement according to the preceding claim for networking mini bars, heating devices, ventilators, ventilation units, blinds, roller shutter units, air conditioning systems, lamps, counters for gas, water or electricity, joysticks, gamepads, smoke detectors, motion detectors, Glass-breakage sensors, thermo-, baro- or hygrometers, moisture meters, irrigation units, microphones, sensors, actuators or control units in automotive or medical technology. See range, robots, tires, displays, speakers, cameras, locators or vibration sensors. 36. Method for integrating at least one terminal in a network, wherein at least one device designed for bidirectional data exchange by radio is arranged, wherein at least one access point arranged for bidirectional data exchange by radio with terminals and for bidirectional data exchange with a central administrative unit is arranged, wherein a central management unit is connected to the access point for bidirectional data exchange, and wherein an association request signal is transmitted from the terminal, association response signals are sent from access points in radio range after the association request signal is received, and an access point is connected to the terminal for bidirectional data exchange based on received association response signals (association of the access point terminal). 37. Method according to the preceding claim, characterized in that A network arrangement according to one of the preceding claims is established.