Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
METHOD AND DEVICE FOR ESTABLISHING A CONNECTION
Document Type and Number:
WIPO Patent Application WO/2009/071751
Kind Code:
A1
Abstract:
The invention relates to a method and device for opening a connection- oriented protocol connection. The method comprises storing at least one item of sender identification information in the device; opening a passive connectionless message protocol application port in the device; receiving in the connectionless message protocol application port a message in which the content data comprises sender identification information; checking the sender identification information in the received message; and if the identification information included in the message corresponds with the sender identification information prestored in the device; storing the IP address of the sender of the message in the memory of the device; and opening a predetermined connection-oriented message protocol port.

Inventors:
HAKULINEN, Martti (Kauppalankatu 25, Kouvola, FI-45100, FI)
Application Number:
FI2008/050714
Publication Date:
June 11, 2009
Filing Date:
December 05, 2008
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
TELCONT OY (Kauppalankatu 25, Kouvola, FI-45100, FI)
HAKULINEN, Martti (Kauppalankatu 25, Kouvola, FI-45100, FI)
International Classes:
H04L29/12; G08B25/08; H04L29/06; H04L29/08
Domestic Patent References:
WO2007054612A1
WO2007082989A1
Foreign References:
EP1653660A1
US20040024879A1
Attorney, Agent or Firm:
PAPULA OY (P.O.Box 981, Mechelininkatu 1 a, Helsinki, FI-00101, FI)
Download PDF:
Claims:

CLAIMS

1. A method for opening a connection-oriented protocol connection, c h a r a c t e r i z e d in that the method comprises the steps of: storing at least one item of sender identification information in a device; opening a passive connectionless message protocol application port in the device; receiving in the connectionless message protocol application port a message in which the content data comprises sender identification information; checking the sender identification information in the received message; and if the identification infor- mation included in the message corresponds with the identification information prestored in the device; storing the IP address of the sender of the message in the memory of the device; and opening a predetermined connection-oriented mes- sage protocol port.

2. The method according to claim 1, further comprising: receiving a message in said opened connection- oriented message protocol port; checking the IP address of the sender of the message; responding to the message if the IP address corresponds with the IP address stored in the memory of the device in the storage step; or rejecting the message if the IP address does not correspond with the IP address stored in the memory of the device in the storage step.

3. The method according to claim 1 or 2, further comprising:

closing the connection-oriented message protocol port after a predetermined period of time from opening the port.

4. The method according to claim 3, further comprising: deleting the IP address of the sender included in the message of the connectionless message protocol from the memory of the device after said predetermined period of time. 5. The method according to any one of the previous claims 1 to 4, wherein the received message of the connectionless message protocol is encrypted and that the method further comprises: decrypting the message of the connectionless mes- sage protocol before the checking step.

6. A device for opening a connection-oriented protocol connection wherein the device (308) comprises : an interface (304) for connecting the device (308) to a public communications network (102); c h a r a c t e r i z e d in that the device (308) further comprises a first memory (302), configured to store at least one item of sender identification information; processing means (300), configured to open a passive connectionless message protocol application port, wherein the application port is configured to receive a message of the connectionless message protocol in which the content data comprises sender identification information; and wherein the processing means (300) are configured to check the sender identification information in the received message of the connectionless message protocol and to store the IP address of the sender of the message in the memory (302) if the identification information included in the message corresponds with the

sender identification information prestored in the device, and to open a predetermined connection-oriented message protocol port in response to a successful check. 7. The device according to claim 6, wherein: the opened connection-oriented message protocol port is configured to receive a message; and the processing means (300) are configured to check the IP address of the sender of the message of the connection-oriented message protocol and to respond to the message if the IP address corresponds with the IP address stored in the memory (302) of the device during the storage step, or to reject the message if the IP address does not correspond with the IP address stored in the memory (302) of the device during the storage step.

8. The device according to claim 6 or 7, wherein: the processing means (300) are configured to close the connection-oriented message protocol port after a predetermined period of time from opening the port.

9. The device according to claim 8, wherein: the processing means (300) are configured to delete the IP address of the sender of the message of the connectionless message protocol from the memory (302) of the device after said predetermined period of time .

10. The device according to any one of the previous claims 6 to 9, wherein if the received message of the connectionless message protocol is encrypted, the processing means (300) are configured to decrypt the message of the connectionless message protocol before checking the sender identification information.

Description:

METHOD AND DEVICE FOR ESTABLISHING A CONNECTION FIELD OF THE INVENTION

The present invention relates to telecommunications technology. In particular, the present inven- tion relates -to a method and a device for selectively opening a connection-oriented message protocol connection.

BACKGROUND OF THE INVENTION Different kinds of targets, for example properties, may be monitored in many ways for example in case of break-ins and fires. One way of monitoring is the so-called remote monitoring, in which the target, for example the property, comprises an automatic moni- toring system which, in the case of a break-in or a fire, transmits the alarm information forward.

Alarms are transmitted for example by specific alarm transmission systems (ATS, Finnish: ilmoi- tuksensiirtojarjestelma, ISJ), which have tradition- ally been based on the fixed network (subscriber cable) . Also other public data transfer networks, for example the Internet, may be used as the alarm transfer path.

The Internet comprises a worldwide data transfer and service network. It involves most different kinds of operations above the transport layer (Layer 4), such as for example the name service, electronic mail, network management protocols, VoIP (Voice over IP) and an innumerous amount of most different kinds of applications and protocols. In all the above- mentioned cases, the actual transfer network which routes and connects at layers Ll, L2 and L3 is neutral about the transported applications. The applications use the most diverse description languages and proto- cols for transmitting the information.

One problem of the Internet is data security. There are specific ways to access data that is transmitted at the application level. Generally, there are instances driven by many different intensions to ac- cess data managed or sent by other parties. One such instance is referred to as "hackers". Their main purpose is to cause damage and problems in the target of the data breach. One other instance includes for example industrial spies: they are trying to gain informa- tion they want from the network.

Another element of the data security problem involves the weaknesses of the applied operating systems and applications. The operating systems and operation of the applications may comprise vulnerabili- ties which allow outside instances to access information which was not originally intended for them.

To improve data security, there are protection methods applied to the transfer network, such as for example VPN connections (VPN, Virtual Private Net- work) , MPLS techniques (MPLS, Multiprotocol Label Switching) , intranet, tunneling, private access point techniques, and methods applied to the devices, such as for example firewall techniques, access lists, virus protection etc. Common to all of the above- mentioned methods is that the malignant activity concentrates mainly on layer L4 and above, in particular when the protocol of layer L4 (transport layer) is the connection-oriented TCP (Transmission Control Protocol) . The devices which for example monitor different targets and in the alarm situations transmit information to a control center or receive information are operationally relatively simple. However, the use of such devices should be absolutely secure. In other words, an outside unauthorized instance may not be allowed in any situation to access the control of the

device, for example via a communication network. Due to the above-mentioned security factor, most of the monitoring devices operate through a telephone network. In the telephone network, the sender and the re- ceiver have unique identifiers which are practically impossible to fabricate.

On the other hand, it is possible to build the monitoring device more complex and data-secure to connect them to a public data network (for example the Internet) . Such device typically comprises an operating system and a number of applications which allow a more data-secure way of sending information and receiving control information from the public data network. But, as stated above, the operating systems and applications almost invariably comprise data security associated problems. Furthermore, the operating systems and applications need to be practically continually updated so as to maintain the data security level sufficiently high. If the device uses the Internet to receive and send information, it has to open specific application ports towards the Internet. From the data security standpoint, it is problematic if an application port indicates its presence by responding to a message that has arrived from an unknown source. In the case of the connectionless UDP protocol (UDP, Unstructured Data Protocol) , it is easy to provide protection against unknown sources for example by making the UDP port passive. In other words, it would not respond to the received messages in any manner.

The connection-oriented TCP operates in a slightly different manner. It comprises first opening the connection and only then beginning the actual data transfer. Furthermore, the TCP port continuously lis- tens on new connection establishment messages. In addition, the contacting device may identify itself only

after the connection has been established. Therefore, practically anyone can try to establish a TCP connection with the receiving device. After the connection has been established, the sender is provided informa- tion of the presence of the receiver' s IP number / TCP port and is able to interfere with the port for example by sending an innumerous number of connection establishment messages (the so-called SYN flooding) , thereby disturbing the operation of the device and oc- cupying the entire or at least a considerable amount of the connection capacity of the device.

Therefore, one problem of the known technology is how to make a device connected to a public telecommunications network secure and at the same time operationally simple. Another problem is how to open a connection-oriented message protocol connection only among identified parties.

OBJECTIVE OF THE INVENTION The objective of the invention is to eliminate or at least considerably alleviate the disadvantages referred to above. Specifically, the objective of the invention is to disclose a method and a device for opening a connection-oriented protocol connection (for example TCP) to a terminal device in such manner that during the starting stage of the connection opening process, the port used for the final opening of the connection is maintained closed.

SUMMARY OF THE INVENTION

According to one aspect of the invention, a method for opening a connection-oriented protocol connection is disclosed. The method comprises storing at least one item of sender identification information in a device and opening a passive connectionless message protocol application port in the device. The term

"passive" means that when open, the port does not respond in any way to the messages sent to that port and that any other unused port of different protocols does not respond in any way to the messages (packets) sent to that port. Typical applications include different protocol and port scanners which are based, in the normal situation when the port is not open, on reporting that to the sender (i.a. ICMP, Internet Control Message Protocol) . In the embodiment of the invention, all this has preferably been prevented, so that anything which is not previously known is not replied to in any manner.

The connectionless message protocol application port receives the message in which the content data comprises the sender identification information. The sender identification information in the received message is checked, and if the identification information included in the message of the connectionless message protocol corresponds with the sender identifi- cation information that has been prestored in the device, the IP address of the sender of the message will be stored in the memory of the device and a predetermined connection-oriented message protocol port will be opened in the device. The connectionless message protocol is preferably UDP and the connection-oriented one respectively TCP. However, a person skilled in the art appreciates that other protocols may be applied as well in the invention.

In one embodiment of the invention, said opened connection-oriented message protocol port receives the message, the IP address of the sender of the message is checked, and the message is given a reply if the IP address corresponds with the IP address stored in the memory of the device in the storage step. If the IP address does not correspond with the

IP address stored in the memory of the device in the storage step, the message will be rejected.

In one embodiment of the invention, the connection-oriented message protocol port is closed after a predetermined period of time from opening the port.

In one embodiment of the invention, the IP address of the sender included in the message is deleted from the memory of the device after said predetermined period of time. In one embodiment of the invention, the received message of the connectionless message protocol is encrypted and the message of the connectionless message protocol is decrypted before the checking step. According to one further aspect of the invention, a device for opening a connection-oriented protocol connection is disclosed. The device comprises an interface for connecting the device to a public telecommunications network. The device further comprises a first memory which is arranged to store at least one item of sender identification information, and processing means which are arranged to open a passive connectionless message protocol application port, wherein the application port is arranged to receive a message of the connectionless message protocol in which the content data comprises the sender identification information. The processing means are further arranged to check the sender identification information in the received message and to store the IP source address of the sender included in the message in a second memory if the identification information included in the message corresponds with the sender identification information that has been prestored in the device, and to open a predetermined connection-oriented message pro- tocol port in response to a successful check.

In one embodiment of the invention, the opened connection-oriented message protocol port is arranged to receive the message, and the processing means are arranged to check the IP address of the sender included in the message and to respond to the message if the IP address corresponds with the IP address that has been stored in the memory of the device in the storage step, and to reject the message if the IP address does not correspond with the IP address that has been stored in the memory of the device in the storage step.

In one embodiment of the invention, the processing means are arranged to close the connection- oriented message protocol port after a predetermined period of time from opening the port.

In one embodiment of the invention, the processing means are arranged to delete the IP address of the sender included in the message from the memory of the device after said predetermined period of time. In one embodiment of the invention, the received message of the connectionless message protocol is encrypted, and the processing means are arranged to decrypt the message of the connectionless message protocol before checking the sender identification infor- mation.

The device disclosed by the invention has a global static address in a public telecommunications network, for example the Internet. Thanks to the present invention, the terminal device can be made struc- turally and functionally very simple and affordable. Further, the terminal device automatically rejects messages received from unknown parties and does not contain elements which would automatically communicate towards the network. In other words, the terminal de- vice can be connected to a public telecommunications

network (Internet) without the risk of being vulnerable to attacks directed against it.

In summary of the invention, it should be further noted that when a TCP connection is being opened, the TCP application port of the device is maintained closed. The terminal device that requests the opening of the TCP connection first identifies itself with the UDP protocol. Only after this the device of the invention opens the TCP port and checks the sender of the message which is arriving to the TCP port .

The procedure disclosed by the invention allows establishing a connection-oriented message protocol (for example TCP) connection, even if the device would not, in the initial situation, comprise any open connection-oriented message protocol ports. In this manner, it is possible to prevent the port from being visible to wrong parties in a public telecommunications network.

LIST OF FIGURES

In the following section, the invention will be described in detail with the aid of exemplifying embodiments, in which: Fig. 1 presents one embodiment of the arrangement according to the invention;

Fig. 2a presents one embodiment of the method according to the invention;

Fig. 2b presents one embodiment of the method according to the invention; and

Fig. 3 presents one embodiment of the terminal device according to the invention.

DETAILED DESCRIPTION OF THE INVENTION Fig. 1 presents one embodiment of the arrangement according to the invention.

Fig. 1 comprises three connecting terminal devices 104, 110 and 112 and one terminal device 100 to which the connection is being established. The device 100 is connected to a public telecommunications network 102 through which the terminal device 100 can be reached. The telecommunications network 102 is preferably the Internet. In the case of the Internet, the terminal device 100 has been determined a static IP address (IP, Internet Protocol) . The terminal devices 104, 110 and 112 shown in Fig. 1 represent different examples of terminal devices and situations where a connection is being established to the terminal device 100. Equally to the terminal device 100, the terminal device 104 has been determined a global static IP address. In other words, the terminal device 100 perceives in this case the real IP address (197.56.1.208) as the source address of the sender. The terminal device 110 is behind a mobile communication network 106. In this situation, the terminal device 110 has been allocated a dynamic global IP address (62.11.144.65) by the mobile communication network 106. In other words, the IP address that has been allocated to the terminal device 110 is temporary but at the same time global in the telecom- munications network 102. When the terminal device 110 sends a message to the terminal device 100, the real (dynamic) IP address of the terminal device 110 is shown as the source address. The terminal device 112, on the other hand, is connected to a corporate network 108. Inside the corporate network, the terminal device

112 has been allocated a non-global IP address

(192.168.1.28). When the terminal device 112 sends a message to the terminal device 100, for example the IP address of the corporate network firewall (212.16.22.112) is shown as the source address and not the IP address that has been allocated for the termi-

nal device 112 (192.168.1.28) inside the corporate network, 108. The corporate network 108 performs "nat- ting" or translation of the address of the terminal device 112 (NAT, Network Address Translation) . The operation of the invention will now be described in more detail with reference to Fig. 2a which shows one example of the method according to the invention. The reference numbers of Fig. 1 are applied to the description of Fig. 2a. One or more items of identification information of a sender terminal device have been prestored in the terminal device 100 according to the invention. Prestoring refers for example to storing in the terminal device 100 during the configuration stage informa- tion about the parties (other devices) which are authorized to communicate with the terminal device 100. In another embodiment of the invention, the identification information of the sending terminal devices can be stored in the device after the actual initial con- figuration. The identification information is preferably some other identification information than the IP address of the sender, for example a number sequence, alphabetic sequence or a combination thereof. The purpose of the identification information is to identify the real sender of the message including the identification information, irrespective of the IP address from which the message is actually coming. Further, one or more application ports for a connectionless application protocol have been opened in the terminal device 100. In this example, the connectionless application protocol is UDP, but a person skilled in the art appreciates that any present or future connectionless protocol may be used. The opened application port is preferably predetermined so that the sending terminal device (for example the terminal device 112)

knows to which port of the terminal device 100 the information should be sent.

In step 200, the device 100 receives the UDP message. In this example, it is assumed that the UDP message is sent from the terminal device 112 of Fig. 1. The UDP packet contains identification information of the sending party. As stated above, the identification information does not refer to the IP address of the source included in the packet, but to a separate identification information in the content data of the packet. In step 202, the device 100 checks said sender identification information in the content data of the UDP packet. If the identification information is not found in the memory of the device 100, the received UDP message is automatically rejected (steps 204 and 210) . Absence of the identification information in the memory of the device 100 means that the sender of the UDP packet including such identifier is not authorized to send data to the device 100. If, in step 204, the sender identification information included in the UDP packet is found in the memory of the device 100, the source address of the UDP message (the IP address of the sender included in the protocol frame) is stored in the memory of the device (step 206) . In this exam- pie, the device 100 would store in its memory the IP address 212.16.22.112. It should be noted that the device 100 stores in its memory the source address of the UDP message (in this case the IP address of the firewall) and not the real IP address of the terminal device 112. In fact, the device 100 cannot even know which IP address has been defined for the terminal device 112, because the IP address of the terminal device 112 is not global but instead a locally defined address . Finally, in step 208, a predetermined connection-oriented message protocol application port is

opened. The connection-oriented message protocol is preferably TCP, but a person skilled in the art appreciates that any present or future connection-oriented protocol can be used. In one embodiment, the TCP port opened in the manner presented in Fig. 2a is kept open only for a predetermined period of time. If the terminal device that previously sent a message to the UDP port does not send a message to the TCP port during said prede- termined period of time, the port will be closed.

In the embodiment of the invention presented in Fig. 2a, the TCP port is only opened if the device receives a UDP message including the identification information of the sending terminal device and if the same identification information has been prestored in the receiving device.

In one embodiment of Fig. 2a, the UDP packet received by the device 100 from the terminal device 112 has been encrypted with a predetermined encryption method, for example time-based encryption. The devices 100 and 112 may have been previously synchronized to a common time base, and the applied encryption (encryption key) is based on the fact that the devices substantially operate in the same time base. In other words, in one embodiment of the invention, the UDP message received by the device 100 is time-dependent, i.e. the UDP message is "valid" only for a predetermined period of time. In using a time-limited encryption procedure, practically no other device can send an acceptable UDP message. And, even if the UDP message could be copied, a copied message would be useless due to the time limit, and the device 100 would reject such message. The receiving terminal device forms a decryption key utilizing a counter value of the terminal device at the time of reception of the

message and performs the decryption with a decryption key formed by the counter value.

In one embodiment, the terminal device must first be synchronized to a same time with the time reference terminal device. The time reference terminal device operates by a time reference which is increased at even intervals. The time reference may be maintained for example by a UCT clock, a DCF77 receiver, a GPS receiver (GPS, Global Positioning System) or any other arrangement which is suitable for the purpose. The counting interval is for example 0.1s or any other suitable time interval. The absolute time value is not significant in this case.

During the terminal device start-up and self- initialization, it sends a UDP message to the time reference terminal device. The net data of the message contains a time request and a reference (sender identifier) to the IP address table of the receiver. The reference is defined because the time reference termi- nal device only responds to terminal devices which are defined in the table. If the time reference terminal device receives an unidentified message, the message can be automatically rejected. Correspondingly, if someone "fakes" the sender, the message that was sent will not be provided a reply.

In response to the reception of the time reference request, the time reference terminal device sends the present time reference value to the terminal device that requested the time reference. If the transmission of the message to the terminal device takes for example 20ms, the clock of the terminal device will lag 20ms behind the clock of the time reference terminal device. Such a minute time difference is not essential for the operation of the method. When the terminal device receives a time reference message from the time reference terminal de-

vice, it sets its counter to comply with the time reference of the message. The time reference message may further contain a sender identifier which can be used by the terminal device to completely ensure that the time reference message was actually sent by the time reference terminal device. If, for some reason, the terminal device receives a time reference message when it has not requested any time reference, the received message can be automatically rejected. Messages relat- ing to reception of the time reference may be encrypted, but encryption is not necessary.

A predetermined sequence of terminal devices to which a time reference request may be sent may have been stored in the memory of the terminal device. If a time reference request that was sent to a terminal device which is higher in the priority order does not give any response, the time reference may be requested from a terminal device that is next in the priority- order. It is obvious to a person skilled in the art that any technique or algorithm based for example on symmetric or asymmetric encryption can be used.

Fig. 2b presents one embodiment of the invention, continuing the operation of Fig. 2a.

When an acceptable sender has sent a UDP mes- sage to the device 100 according to Fig. 2a and the UDP message has been accepted, the sender (for example the terminal device 112) begins the process of opening a TCP connection to the device 100. According to step 250, the device 100 receives a message from the termi- nal device 112 to the previously opened TCP port. The message is preferably a TCP connection establishment message (a SYN request) . Then the device 110 checks the IP address of the sender of the message (step 252) . The IP address is checked in the sender field of the TCP message structure (protocol frame) . In this case, the IP address 212.16.22.112 (the IP address of

the firewall of the corporate network 108) is shown as the TCP message sender address. Since the terminal device 112 is in a corporate network and has a unique IP address only inside the corporate network (192.168.1.28), the real IP address of the terminal device 112 changes, when sent out from the corporate network 108, for example to the IP address of the firewall (in this case 212.16.22.112) .

In step 252, the device 100 checks if the de- vice 100 has previously stored this particular IP address in its memory (step 206 of Fig. 2a) . If the IP address is not found, the TCP connection establishment message will be rejected (steps 254 and 258) . If the IP address is found in the memory of the device 100, the device 100 responds to the TCP connection establishment message (steps 254 and 256), and a TCP connection is thereby established between the devices 100 and 112. The firewall of the corporate network 108 may form in the terminal device 112 a so-called reflexive port for which the device 100 forms a so-called socket (socket = IP address + port) . In this manner, the TCP connection may be used in both directions. However, it should be noted that in this example, only the terminal device 112 may open a TCP connection, because it does not have in this example a global IP address. The functionality relating to the actual sockets (their generation, maintenance etc.) is not described in more detail in this context, because a person skilled in the art is familiar with that functionality. After establishing the TCP connection, the device 100 may control the existence of the connection to the terminal device 112 at specific times by sending a test packet through the connection. In this manner, the operation of both the formed socket and the formed reflexive port can be tested. It is possible that the TCP connection between the devices is broken

for some reason. For example, the firewall may com ¬ prise connection timeout control which cancels the connection if there is not any traffic over the connection for a specific period of time. In this case, upon detecting that the connection between the devices has been broken, the terminal device 112 restarts establishing the connection to the device 100 in the manner presented in Fig. 2a.

Fig. 3 presents one example of the device 308 according to the invention. The device 308 may be practically any device which operates with the premise that only other predetermined terminal devices may establish a connection to it.

The device 308 comprises processing means 300 which are connected to a memory 302 and to an interface 304. The terminal 308 may be built very simple if desired, and the most common complex operating systems are not necessarily required at all. In one embodiment, it suffices that the device has UDP and TCP pro- tocol stacks. The processing means 300 control the operation of the device 308 and are controlled by one or more applications which are stored in the memory 302. In addition, one or more items of identification information have been stored in the memory 302, refer- ring to the other terminal devices which may send admissible messages. The memory 302 per se may refer to one or more separate memories. In addition, some of the memories may also comprise internal memory of the processing means 300. Any suitable volatile or non- volatile memory type may be used.

The device 308 receives UDP and TCP messages from a communication network through the message interface 304. The interface 304 may refer merely to a physical hardware interface towards the communication network or to a combination of physical and software interfaces. Other terminal devices may connect to the

device 308 through UDP and TCP ports via the message interface 304. As explained above, the UDP port or the TCP port which has been opened in the device 308 towards the network is passive and does not send any re- sponses to the received messages. Further, as presented above, in a preferred embodiment, in the normal state not any of the TCP ports are open towards the network in the device, but instead the TCP port is opened by the procedure presented above in Fig. 2a. Fig. 3 also shows that the device 308 may include a second interface 306 for example to the monitored target (if the device 308 is used as a monitoring device) . In this case, the signals received through the monitoring interface 306 can be transmit- ted forward through the established TCP connection. However, a person skilled in the art appreciates that the device can be used in any other application environment. In one embodiment of the invention, the device 100 may operate as a monitoring device and in one further embodiment of the invention as a device that receives the monitoring information. In one further embodiment, the device does not contain any specific monitoring interface at all.

Furthermore, a person skilled in the art ap- predates that the device presented in the invention is not limited merely to applications where the terminal device operates as a monitoring device or as a device which receives monitoring information. Instead, the device according to the invention may be applied in any environment where it is desirable to establish a TCP connection between two parties which identify each other. The embodiments of the invention may comprise for example servers, workstations, portable computers, PDA devices (PDA, Personal Digital Assistant), mobile devices, mobile phones, wireless devices and the like, which are able to execute the exemplifying

embodiments of the invention. The devices, applications and systems used in the embodiments of the invention may communicate with each other by any suitable protocol. One or more interface mechanisms may be used in the embodiments of the invention, including for example the Internet, communications in any form using any suitable communication network. The applied communication networks or links may include one or more wireless networks, 3G mobile communication networks, telephone networks (PSTN, Public Switched Telephone Network) , packet data networks, the Internet, intranets or a combination of some of them.

A person skilled in the art appreciates that the presented embodiments of the invention are merely exemplifying, and one or more components of an exemplifying embodiment may be implemented by one or more items of hardware and/or software. The exemplifying embodiments may store information relating to differ- ent processes for example in one or more memories, such as a hard disk, optical disk or other equivalent memories .

All or part of the exemplifying embodiments may be implemented by one or more general-purpose processors, microprocessors, microcontrollers or the like, which have been programmed to carry out the embodiments of the invention. Furthermore, the exemplifying embodiments of the invention may be implemented for example by ASIC circuits (ASIC, Application Spe- cific Integrated Circuit) . The exemplifying embodiments of the invention are thus not limited to only one specific hardware and/or software combination.

Stored on one or more data storing media, the exemplifying embodiments of the invention may include software for controlling the components of the exemplifying embodiments. Such software may contain for

example hardware drivers, firmware applications, operating systems and the like.

As stated above, the components of the exemplifying embodiments may include a medium readable by a computer or other devices or memories to store the commands programmed according to the present invention. The readable medium or memory may be any known storing medium.

The invention is not limited merely to the exemplifying embodiments referred to above; instead, many variations are possible within the scope of the inventive idea defined by the claims.