Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
PROCESS FOR GENERATING CODES FOR OPENING A TANK AND METHOD FOR OPENING A TANK
Document Type and Number:
WIPO Patent Application WO/2020/144531
Kind Code:
A1
Abstract:
A generation process (110, 120) of codes for opening a tank (2) is provided, comprising a cap (3) closing the tank (2) and comprising an identifier, a first clock (35), a first token generation unit (36), a control device (4) suitable to perform an exchange between the cap (3) and control device (4) and comprising a second clock (41), a cap database associating the cap (3) to the identifier and a second token generation unit (42); a first computation step (111, 121 ) wherein a unit (36, 42) determines a code base according to the code base and a time stamp of a clock (35, 41); an encryption step (112, 122) wherein a unit (36, 42) calculates an encrypted code by encrypting the identifier; a second computation step (113, 123) wherein the unit (36, 42) determines the intermediate code as a function of the encrypted code; an extraction step (114, 124) wherein a unit (36, 42) defines a token as a portion of the intermediate code.

Inventors:
GUARNIERI PAOLO (IT)
Application Number:
PCT/IB2019/061401
Publication Date:
July 16, 2020
Filing Date:
December 27, 2019
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
GUARNIERI PAOLO (IT)
International Classes:
H04L29/06; B60K15/04; G07C9/00; H04L9/32
Domestic Patent References:
WO2018215886A12018-11-29
WO2013012163A12013-01-24
Foreign References:
US20120229251A12012-09-13
US20060170533A12006-08-03
US9130753B12015-09-08
Attorney, Agent or Firm:
LUNATI & MAZZONI S.R.L. (IT)
Download PDF:
Claims:
CLAI M S

1. A generation process (1 10, 120) for generating opening codes for opening a tank (2) characterized in that it comprises

- at least one tank (2);

- a cap (3) closing said tank (2) and comprising

o an identifier,

o a first clock (35),

o a first token generation unit (36),

- a control device (4) comprising

o a second clock (41 ),

o a second token generation unit (42);

- a first computation step (1 1 1 , 121 ) wherein at least one of said units (36, 42) determines at least one code base according to said identifier and to a timestamp from at least one clock (35, 41 );

- an encryption step (1 12, 122) wherein said at least one of said units (36, 42) calculates an encrypted code by encrypting said at least one code base;

- a second computation step (1 13, 123) wherein said at least one of said units (36, 42) determines at least one intermediate code according to said at least one encrypted code;

- an extraction step (1 14, 124) wherein said at least one of said units (36, 42) defines said token as a portion of said at least one intermediate code.

2. A generation process (1 10, 120) according to claim 1 , wherein said cap (3) comprises a personal code representative of the condition of use of said cap (3) and an acquisition unit (37) of said personal code; and wherein in said first computation step (1 1 1 , 121 ) said at least one of said units (36, 42) determines at least one code base according to said identifier and said personal code of said cap (3).

3. A generation process (1 10, 120) according to claim 2, wherein said personal environmental code comprises the GPS position of said cap (3) and wherein said acquisition unit (37) comprises at least one geolocation sensor capable of acquiring said GPS position.

4. A generation process (1 10, 120) according to claim 2, wherein said cap (3) comprises a battery powering said cap (3); wherein said personal code comprises the supply voltage of said battery; and wherein said acquisition unit (37) comprises at least one acquisition voltmeter of said voltage.

5. wherein said identifier comprises a private identifier of said cap (3); and wherein in said first computation step (1 1 1 , 121 ) said at least one of said units (36, 42) determines at least one code base according to said private identifier of said cap (3).

6. The generation process (1 10, 120) according to at least one of the preceding claims, wherein in said first computation step (1 1 1 , 121 ) said at least one of the units (36, 42) determines a primary code base according to said identifier and a secondary code base according to said timestamp.

7. The generation process (1 10, 120) according to the preceding claim, wherein in said encryption step (1 12, 122) said at least one of said units (36, 42) determines a first encrypted code according to said primary code base and a second encrypted code according to said secondary code base.

8. The generation process (1 10, 120) according to the preceding claim, wherein in said second computation step (1 13, 123) said at least one of said units (36, 42) determines a first intermediate code according to said first encrypted code and a second intermediate code according to said second encrypted code; and wherein in said extraction step (1 14, 124) said at least one of said units (36, 42) defines said token as a portion of said first intermediate code and a portion of said second intermediate code.

9. The generation process (1 10, 120) according to claim 4, wherein in said second computation step (1 13, 123) said at least one of said units (36, 42) determines an intermediate code according to said first encrypted code and said second encrypted code; and wherein in said extraction step (1 14, 124) said at least one of said units (36, 42) defines said token as a portion of said intermediate code.

10. The generation process (1 10, 120) according to claim 3, wherein in said encryption step (1 12, 122) said at least one of said units (36, 42) determines an encrypted code according to said primary code base and said secondary code base; wherein in said second computation step (1 13, 123) said at least one of said units (36, 42) determines an intermediate code according to said encrypted code; and wherein in said extraction step (1 14, 124) said at least one of said units (36, 42) defines said token as a portion of said intermediate code.

11. An opening method (1 ) for opening a tank (2) characterized in that it comprises

- at least one tank (2);

- a cap (3) closing said tank (2) and comprising

o a memory (31 );

o a casing (32) defining an internal volume for said memory, o a first token generation unit (36),

o data connection means (33) and

o locking means (34) defining a locking configuration in which they prevent the removal of said cap (3) from said tank (2) and a free opening configuration in which they allow the removal of said cap (3) from said tank (2);

- a public identifier for at least one out of said tank (2) and said cap (3),

- a private identifier for said cap (3) stored in said memory;

- a remote server (4a) comprising

o a first data connector (44),

o a caps database associating said private identifier with said public identifier for each cap (3) and

o a second token generation unit (42);

- a reader (4b) for reading said public identifier, comprising a second data connector (45) suitable to allow data exchange between said reader (4b) and said cap (3) and between said reader (4b) and said server (4a);

- a first generation process (110) in which said second unit (42) generates a command token according to said private identifier and associates said command token with said public identifier that is associated with said private identifier;

- a first sending process (130) in which said remote server (4a) sends to said reader (4b) said command token and said public identifier associated with said command token;

- a reading process (140) in which said reader (4b) acquires said public identifier;

- a second sending process (150) in which said reader (4b) sends to said cap (3) said command token associated with said public identifier acquired in said reading process (140);

- a second generation process (120) in which said first unit (36) generates a verification token according to said private identifier for said cap (3); and

- a verification process (160) in which, if said verification token is compatible with said command token, said locking means (34) move to said free opening configuration, allowing the removal of said cap (3) from said tank (2).

12. The opening method (1 ) according to the preceding claim, wherein said public identifier is associated with said cap (3).

13. The opening method (1 ) according to at least one of the claims 8-9, wherein said reader (4b) is suitable to acquire only said public identifier and therefore does not acquire said private identifier.

14. The opening method (1 ) according to the preceding claim, wherein in said second sending process (150) there is no passage of said private identifier from said cap (3) to said reader (4b) and wherein in said first sending process (130) there is no passage of said private identifier from said server (4a) to said reader (4b).

15. The opening method (1 ) according to at least one claim 8-12, comprising a plurality of said tanks (2) and said caps (3) each of which engaged to one of said tanks (2); wherein said reader (4b) comprises a token database associating for each of said caps (3) said command token to said public identifier; and wherein said second sending process (150) comprises a search step (151 ) in which said reader (4b) searches said token database for the command token associated with said public identifier acquired in said reading process (140) and a transmission step (152) in which said reader (4b) sends to said cap (3) said command token identified in said search step (151 ).

Description:
PROCESS FOR GENERATING CODES FOR OPENING A TANK AND METHOD FOR OPENING A TANK

The present invention relates to a generation process of opening codes of a tank and in particular an opening method of such tank of the type specified in the preamble of the independent claims.

In particular, the present invention relates to a process and/or a method of providing credentials for opening a tank and thereby for monitoring the closing and opening of valves and loading manifolds of tanker systems, tanks or other storage systems for fluids (preferably liquids, in detail liquefied or non-liquefied gases, petroleum products and petrochemicals in general or other liquids such as oils and liquid foods). These storage systems are hereinafter simply referred to as tanks.

As is known, a tank has a container for the substances for which it is used and a valve, or filler, that can be closed by a cap easily accessible by a user.

The cap is generally a screw or bayonet cap.

As is known, the screw cap has a threaded support which can be screwed or unscrewed in rotation from the tank. Therefore, the cap preferably has external threads compatible with the filler. The opening of this cap requires the operator to hold the cap and impose a mechanical moment to rotate it with respect to the tank. Many caps also have a lock and therefore require the use of a key to open them. The prior art described has several significant drawbacks.

In particular, the opening method of a tank required to date is easily bypassed because the opening method is extremely simple and substantially devoid of safety measures able to prevent undesired opening.

In particular, the codes for opening the tank are at most identifiable in keys that are easy to copy. In addition, the above-mentioned caps and consequently the opening methods of the tanks, in addition to not guaranteeing a high level of security in terms of accessibility, do not allow the supplier to control the integrity of the closing means used on its tanks.

In this situation the technical purpose of the present invention is to devise an opening method of a tank able to substantially overcome at least some of the drawbacks mentioned.

Within the sphere of said technical purpose one important aim of the invention is to provide an opening method of a tank which is difficult to perform by non-authorised personnel.

The technical purpose and specified aims are achieved by an opening method of a tank as claimed in the appended Claim 1. Examples of preferred embodiments are described in the dependent claims.

The characteristics and advantages of the invention are clarified by the following detailed description of preferred embodiments thereof, with reference to the accompanying drawings, wherein:

Fig. 1 shows a token generation process and in particular an opening method of a tank;

Fig. 2a illustrates, in scale, an overview of the opening procedure;

Fig. 2b presents, in scale, a second view of the assembly in Fig. 2a; and Fig. 3 shows a schematic view of the method for opening a tank according to the invention.

In this document, where used, terms such as "first", "second", "upper", "lower", "main" and "secondary" do not necessarily refer to an order, a priority relationship or relative position, but may simply be used to more clearly distinguish different components from each other.

Unless otherwise indicated, as evidenced by the discussions below, it should be understood that terms such as "processing", "computer", "computing", "evaluation", or the like, refer to the action and/or processes of a computer or similar electronic calculation device, which handles and/or processes data represented as physical, such as electronic sizes of logs of a computer system and/or their memories, other data similarly represented as physical quantities inside computer systems, logs or other information storage, transmission or display devices.

The generation process according to the invention, as described below, is part of an opening method of a tank; with reference to the figures the method is denoted by the number 1.

The method for opening a tank 1 is suitable to monitor and, in particular, to allow only authorised personnel to open one or more tanks.

It comprises at least one tank 2 and at least one cap 3 closing the tank 2 and preferably several tanks 2 and one cap 3 per tank 2.

The tank 2 is designed to store a fluid (gas and/or liquid) such as fuel. It can be, for example, a car tank or a tank used to contain large quantities of fuel and may therefore be buried or above ground. Preferably, it is a fuel containment tank.

Each tank 2 comprises a container 21 defining a storage volume and an opening 22 for access to said volume.

The cap 3 is designed to engage to the tank 2 and in particular to the opening 22, preventing the introduction and/or extraction of product.

It comprises a memory 31 ; a casing 32 defining an internal volume for the memory 31 ; and data connection means 33 defining a data connection between the cap 3 (in particular the memory 31 ) and the control device described below. The means 33 can define a physical connection (e.g. a USB or LAN port) or preferably a wireless connection and in detail radio connection such as Bluetooth or WI-FI.

The cap 3 comprises locking means 34 suitable for connecting the cap 3 to the tank 2.

The locking means 34 define a locked configuration (Fig. 2b) in which they prevent the removal of the cap 3 from the tank 2 and a free opening configuration (Fig. 2a) in which they allow the removal of the cap 3 from the tank 2.

To this end, they comprise a first portion 34a integral with the casing 32; a second portion 34b engaging with the tank 2 and mobile with respect to the first portion; and a connection block 34c defining an active position in which it connects the portions 34a and 34b to each other defining said free opening configuration and an inactive position in which it allows reciprocal movement between said portions defining said locked configuration.

Appropriately the locking means 34 are in said internal volume.

The cap 3 comprises a first clock 35 suitable to measure the passage of time.

The cap 3 comprises a first token generation unit 36.

Said unit 36 is in data connection with the various components of the cap 3 so as to control its operation and receive data from them.

Lastly, the cap 3 comprises a power supply for the cap 3.

The power supply comprises a battery suitably housed in the internal volume.

An example of a cap is described in Figs. 1 -8 and from page 3 line 22 to page 19 line 16 of Italian patent 102017000056266 (said pages and figures are included for reference).

The opening method 1 comprises an identifier of at least one out of the tank 2 and/or the cap 3. Preferably it provides a private identifier of the cap 3 and appropriately at least one public identifier of at least one out of the tank 2 and/or cap 3. More preferably the opening method 1 comprises a private identifier and a public identifier of the cap 3 and optionally an additional public tank identifier 2.

In this document the term "private" identifies a code that cannot be acquired and therefore cannot be transferred to a second device or acquired/read by an operator. Conversely, the term "public" identifies a code that can be easily acquired and therefore can be transferred (for example via a data connection) to a second device or acquired/read by an operator.

The public identifier may be associated with the cap 3.

It can be external to the casing 32 and therefore readable/acquired from outside. It can be a code (alphanumeric, barcode, QR etc.) written on the casing 32 or a plate attached thereto. Alternatively, the public identifier is stored in the memory 31 .

In some cases, the public identifier may be associated with the tank 2 and for example printed on a plate.

The additional public identifier can be printed on a plate attached to the outer surface of the tank 2.

The private identifier can be stored in the memory 31 .

The data connection means 33 are suitable to allow a data transfer (e.g. public identifier) between the cap 3 and a control device external to the cap. They do not transmit the private identifier.

The cap 3 may comprise a personal code and appropriately an acquisition unit 37 of at least one personal code of the cap 3 and preferably only one personal code of the cap 3.

The personal code is a code specific to the cap 3 additional to the private identifier and, if present, the public identifier.

It may be acquired by the acquisition unit 37 when the cap 3 is first associated/engaged to the tank 2 and/or when the cap 3 is opened (i.e. when the token is generated as described below).

The personal code identifies a code representative of the condition of use of the cap 3, i.e. the site where the cap 3 is placed and/or the operating status of the cap It can therefore be an environmental personal code, i.e. specific to the environment/site where the cap 3 is placed when in use and thus the acquisition unit 37 may comprise at least one environmental personal code acquisition sensor. In detail the personal environmental code can be at least one between a geolocation position (and the acquisition unit 37 can comprise at least one geolocation sensor); temperature (and the acquisition unit 37 can comprise at least one thermal sensor), pressure (and the acquisition unit 37 can comprise at least one pressure sensor), luminance of the external environment (and the acquisition unit 37 can comprise at least one optical luminance measurement sensor).

Preferably the environmental personal code comprises the geolocation position (latitude, longitude and appropriate altitude) and the acquisition unit 37 may comprise at least one geolocation sensor capable of acquiring the geolocation position of the cap 3.

Alternatively or additionally, the personal code can be a functional personal code, i.e. identifying a parameter/functional characteristic of the cap 3 (i.e. intrinsic function of the cap 3) such as operating temperature, number of activations, current intensity or supply voltage, i.e. of the power supply unit and, in detail, of the battery. In this case the acquisition unit 37 may comprise at least one functional acquisition sensor of said functional code. Preferably the functional personal code is the supply voltage (of the power supply and, in detail, of the battery) and the acquisition unit 37 may comprise at least one acquisition voltmeter of said voltage. Alternatively, the functional personal code is the measured voltage of other components or voltage measured by voltage references.

It should be noted that in some cases the cap 3 may have several environmental and/or functional personal codes.

The personal code is preferably alphanumeric.

The opening method 1 comprises a control device 4 suitable to control the cap 3 and in particular a change in the configuration of the cap 3.

The control device 4 comprises at least one data connector suitable for data exchange between the cap 3 and the control device 4.

The data connector may define a physical connection (for example a USB or LAN port). Preferably it identifies a wireless connection such as a radio connection such as Bluetooth.

The control device 4 comprises a second clock 41 suitable to measure the passage of time.

The control device 4 comprises a caps database associating said at least one identifier with a cap 3.

The caps database associates the private identifier of each cap 3 to at least one public identifier of at least one out of the tank 2 and/or the cap 3. In detail it associates the private identifier of each cap 3 to the public identifier of the cap 3 and optionally to the additional public identifier of the tank 2.

It should be noted that this association of the private identifier to at least one public identifier is executable upstream of the process/method. It can thus be performed before the installation of the cap 3 and/or via a software allowing, exceptionally and exclusively, the reader 4b to acquire the private identifier at the first data connection between the cap 3 and reader 4b.

Additionally, the caps database may associate each cap 3, i.e. the private identifier, with at least one personal code (environmental and/or functional).

The control device 4 comprises a second token generation unit 42.

The control device 4 comprises acquisition means 43 of said public identifier.

The acquisition means 43 may comprise a camera or other equipment suitable to acquire the public identifier on the cap 3 for reading a barcode or other similar code. Alternatively or additionally, they may acquire the public identifier by operator input, e.g. via keyboard, and/or by data connection with the cap 3.

The control device 4, a remote server 4a and appropriately a reader 4b of said public identifier.

The remote server 4a comprises said caps database.

The remote server 4a comprises said second unit 42.

The remote server 4a comprises said second clock 41 .

The reader 4b comprises said acquisition means 43.

The reader 4b may comprise a token database including one or more tokens preferably command tokens each associated with a public identifier.

Said command tokens are described in detail below.

The remote server 4a comprises a first data connector 44 and the reader 4b comprises a second data connector 45 suitable to allow the cap 3 to place itself in data connection with the cap 3 and the remote server 4b. Preferably there is a passage of data between server 4a and cap 3 exclusively through the reader 4b. Said connectors 44 and 45 are suitable for making a wireless connection. The connectors 44 and 45 allow a passage of data between the reader 4b and the remote server 4a without prejudice to the private identifier. In addition, the acquisition means 43 do not allow the acquisition of the secret identifier.

The opening method 1 comprises at least one generation process of opening codes of the tank 2.

The generation process comprises said at least one tank 2, said at least one cap 3 and said at least one device 4. The tank 2, the cap 3 and the device 4 are described above.

The generation process is designed to generate a token commanding a change in the configuration of the cap 3 and in particular the change into the free opening configuration of the cap 3.

The generation process is suitable to be implemented by the cap 3 and/or by the server 4a.

The generation process comprises a first computation step in which at least one unit 36 and 42 determines at least one code base according to the identifier, preferably private, and a time stamp of at least one clock 35 and 41 .

Preferably said at least one unit 36 and 42 determines a primary code base according to the identifier preferably private (and optionally of the personal code) and a secondary code base according to the time stamp of a clock 35 or 41 . Said transformation functions may be different or the same as each other.

Alternatively, said at least one unit 36 and 42 determines a single code base according to the preferably private identifier, the time stamp and in some cases the personal code.

The time stamp is identifiable in a day, i.e. a date indicating day, month and year. Alternatively, it can be identified in a time, i.e. a date indicating the time, day, month and year.

At least one code base may be alphanumeric.

The generation process comprises an encryption step wherein at least one unit 36 and 42 calculates an encrypted code, encrypting said at least one code base.

Preferably the unit 36 or 42 determines a first encrypted code according to the primary code base and a second encrypted code according to the secondary code base. The encryption functions of the encrypted codes may be the same or different. Alternatively, the unit 36 or 42 determines an encrypted code according to the primary code base and the secondary code base.

Said at least one encrypted code may be alphanumeric.

The generation process comprises a second calculation step in which at least one unit 36 and 42 determines at least one intermediate code according to the at least one encrypted code.

In the second calculation step, the unit 36 or 42 determines a first intermediate code according to the first encrypted code and a second intermediate code according to the second encrypted code. Alternatively, the unit 36 or 42 determines a single intermediate code according to the first encrypted code and the second encrypted code.

The generation process comprises an extraction step in which at least one unit 36 and 42 defines the token as a portion/part of the at least one intermediate code.

In particular, in the extraction step at least one unit 36 and 42 defines the token as a portion of the single intermediate code.

Alternatively, the token is given by a first portion extracted from the first intermediate code and a second portion extracted from the second intermediate code.

The extracted portion may comprise any number of alphanumeric characters such as, for example, 4, 6 and 8.

It can also be identified as the beginning, middle or end of the intermediate code. Preferably, the opening method 1 comprises at least a first generation process 110 in which the control device 4 and, in particular, the remote server 4a and more specifically the second unit 42 generate a command token according to the identifier, suitably deprived of the time stamp and optionally of the personal code; and one or more second generation processes 120 in which the cap 3 and, in particular, the first unit 36 generate a verification token of the identifier of the cap 3, suitably deprived of the time stamp and optionally of the personal code of said cap 3.

The first generation process 1 10 comprises a first primary calculation step111 ; a first encryption step112; a first secondary calculation step 113; and a first extraction step114.

The first steps 1 1 1 , 1 12, 1 13 and 1 14 are described above with reference to the generation process.

Optionally, the first generation process may comprise an update step 115 of the caps database.

In the update step 1 15 the control device 4 and, in particular the remote server 4a, updates the caps database associating the command token with the public identifier connected to the private identifier used to calculate said token.

The second generation process 120 comprises a second, primary calculation step121 , a second, primary encryption step122, a second, secondary calculation step 123, and a second extraction step124.

The second steps 121 , 122, 123 and 124 are described above with reference to the generation process. The opening method 1 comprises a first sending process 130 in which the remote server 4a sends the command token and the public identifier associated with said token in the caps database to the reader 4b.

Preferably, in the first sending process 130 several command tokens are sent to the reader 4b and, for each of them, the corresponding public identifier.

Said one or more command tokens and, if present, said public identifiers are stored in the token database of the reader 4b.

The opening method 1 comprises a reading process 140 in which the control device 4 and, specifically, the reader 4b acquires at least one public identifier of at least one out of the tank 2 and/or cap 3. In detail it acquires the public identifier of the cap 3.

The opening method 1 comprises a second sending process 150 in which the control device 4 and, specifically, the reader 4b sends to the cap 3 the command token associated with the public identifier acquired in the reading process 140.

In particular, the second sending process 150 comprises a search step 151 in which the reader 4b searches the token database for the command token associated with the public identifier acquired in the process 140; and a transmission step 152 in which the reader 4b sends the identified token to the cap 3.

The opening method 1 comprises a verification process 160, appropriately subsequent to the second generation process 120, in which if the verification token is compatible with the command token the locking means 34 go into a free opening configuration allowing the removal of the cap 3. Otherwise, if the verification token is not compatible with the command token the locking means 34 do not go into the free opening configuration preventing the opening of the tank 2.

When switching to the free opening configuration, the opening method 1 comprises an opening process 170 of the tank 2.

In such process 170 the operator removes the cap 3.

In some cases, the opening method may comprise a pre-reading process 180 prior to the first generation process 1 10.

In the pre-reading process 180, thanks to the connection between the cap 3 and the control device 4 it acquires at least the public identifier and at least one personal code (environmental and/or functional). In particular, the reader 4b acquires at least the public identifier and at least one personal code and transmits them to the remote server 4a allowing the update of the caps database and/or the first generation process 1 10.

Preferably at least one personal code acquired by the control device is encrypted by the first unit 36. Appropriately in the first, primary calculation step 1 1 1 the second unit 42 performs the opposite encryption so as to have (and then optionally store in the cap database) at least one unencrypted personal code to use in the primary calculation step 1 1 1 .

An application of the generation process and the opening method 1 described above is given below.

Once the tanks 2 to be opened (e.g. for refuelling) have been identified, the opening method 1 provides for a first generation process 1 10 for each tank 2. In detail, the remote server 4a searches the caps database for the private identifier associated with each of the caps 3 or tanks 2 selected.

According to the first generation process 1 10, the remote server 4a determines a command token for each private identifier and stores it in the caps database associating it with at least one public identifier.

Once the first process 1 10 has been completed, the opening method 1 provides for the first sending process 130 in which the server 4a, placed in data connection with the reader 4b by the data connectors 44 and 45, sends the reader 4b one or more command tokens and the public identifier associated with each of said command tokens.

When the reader 4b is near the tank 2, the opening method 1 provides for the reading process 140 in which the reader 4b acquires the public identifier of the cap 3 to be removed: and the second sending process 150 in which the reader 4b, having identified the command token associated with such public identifier, sends such command token to the cap 3 using the data connection between the second connector 45 and connection means 33.

Now the opening method 1 comprises the second generation process 120 in which the cap 3 generates the verification token; and the verification process 160 in which the cap 3 goes into the free opening configuration if and only if the verification token is compatible with the command token, otherwise it remains in the locked configuration.

The opening method 1 according to the invention achieves some important advantages.

In fact, the opening method 1 , using the particular token generation described above, allows the opening of the tank only by authorized personnel.

Another important advantage is that the reader 4b never acquires the secret identifier making it impossible for a third party to generate tokens.

This token generation difficulty is also defined by the particular process of generating opening codes that makes it impossible for a third party to reconstruct the token and/or the steps that led to its generation and thus identify the starting data of the token generation. Another fundamental advantage is the presence of the personal code which adds an important variant to the calculation of the token making a fraudulent calculation of the token and therefore an unwanted opening of the tank 2 extremely complicated.

In fact, it should be noted that, for example, in the case of a personal environmental code such as the geolocation position, even a possible measurement of the position made by a third party device would not give the same exact measurement acquired by the acquisition unit 37 due, for example, to intrinsic errors typical of measuring instruments (such as those of the unit 37).

It is to be noted that the personal code, either functional or environmental, is unique to the cap 3.

Moreover, in the case of a functional personal code, it is impossible to acquire it externally and, above all, it is strictly linked to the peculiar functioning of the single cap 3 and therefore different from cap to cap.

It should be noted how this difficulty, for example in the case of a functional personal code identified for example in said voltage, is accentuated by the fact that the functional personal code may also depend on temperature or other environmental parameters.

It should be pointed out that this level of security is increased by the fact that in the pre-reading process 180 the reader 4b acquires an encrypted personal code.

Variations may be made to the invention described herein without departing from the scope of the inventive concept defined in the claims.

For example, the process may comprise, before the first generation process 1 10, the reading process 140.

In this case in the reading process 140 the reader 4b acquires the public identifier of the cap 3 and sends it to the remote server 4b which, in accordance with the first generation process 110, determines the command token and, in accordance with the first sending process 130, sends it to the reader 4b.

In some cases, in addition or as an alternative to the above, the caps database could, in a technically equivalent manner, associate at least one identifier to the tank 2.

In this context all the details may be replaced with equivalent elements and the materials, shapes and dimensions may be as desired.