This invention relates to a public network providing two-way- digital data transfer protected by algorithmic encryption and provided with electronic certificate for continuously supervised multipurpose telemechanical and communication connection among geographically scattered endpoints.

It is known that various public telecommunication networks, originally developed for another given purpose, are generally used for data transfer. The existing networks of the telecommunication services have been developed first of all e.g. for public telephone communication or broadcasting and have only been enabled by technical augmentations and modifications, parallel with general technical development, to complement the analogous method of data transfer with digital transfer. The networks formed this way are unable to ensure digital data transfer simultaneously and multifunctionally, i.e. in more than one number and/or for more than one different purposes at a continuously maintained relatively high value of speed. E.g. simultaneously with a telephone conversation even where augmented with e.g. ADSL, only the maintenance of connection to the internet is possible whereas further telemechanical functions e.g. telesupervison and/or telecontrol can not at all be fulfilled. In the case of systems designed for a given purpose, e.g. bank transactions via internet, the transfer of other personal or secret data, systems for the protection of life and property, traffic control systems, signaling and alarm systems, etc. usually there is data transfer encrypted with algorithms in one direction. Protected in both directions by encryption with various algorithms and provided with electronic certificate and thereby in both ways safe data transfer is an indispensable, essential element in case of communications between general computers temporarily, and where telemechanical functions i.e. of telesupervison and/or telecontrol are to be ensured, continuously. Systems designed for the known given purpose use either the telecommunication networks of public telecommunication services or their own, also special, network for data transfer.

A solution is presented relating to the telesupervision of life and property security alarm systems with data transfer through the network of public telecommunication services in the description No. WO 01/37589, and a solution relating to the telesupervision of paying parking lots of vehicles in the description No. WO 02/063570. A solution relating to closed circuit television systems serving a given purpose and provided with telesupervision is presented in description No. WO 02/056594. A procedure and arrangement relating to encrypted data transfer between codable radios is presented in the specification of the Hungarian Patent No. P 9600340.

The networks provided by the public telecommunication services do not ensure encryption with various algorithms and decryption for the data transfer, they are only able to transfer data sets previously encrypted by someone else. This also means that they do not guarantee the protection and safety of data transfer and data contents either, but leave the burden thereof on the subscribers' shoulders, who employ for the purpose expensive individual solutions. Beyond ensuring the route for data transfer they render no other service in connection with the actual telemechanical and/or data communication purposes of the data traffic and data contents, the operation and storage of the program control, configuration and data handling necessary for the tools and task target belonging to the given endpoint are entrusted to and are the burden of the subscribers.

The object of this invention is to eliminate this deficiency, i.e. it aims at the formation of a public telecommunication network service suitable for multipurpose telemechanical and communication data transfer connections which is, at the same time, capable of providing any kind of data transfer with communication and telemechanical purposes to a given endpoint or to more geographically scattered endpoints and/or among them, ensuring two-way digital data transfer protected by algorithmic encryption and provided with electronic certificate, without requiring individual solutions employed by its subscribers for the protection of data transfer and data contents. No solution relating to such a subject has been found at the present state of technics.

This invention is consequent upon the recognition that through the use of IP based gateways providable with augmented programs, the formation of a public multifunctional network service becomes possible for establishing contact with communication and telemechanical purposes among geographically scattered subscribers' endpoints by means of making connectible the mass of digital data produced in the geographically scattered endpoints themselves for individual address identification, tool identification, encryption and certification through a two-way digital data transmission channel to a computer center that generates the ciphering and certificate for safe data transfer and, beside the construction of the data transmission channel and the continuous supervision of data transfer, also performs automatic control of the services rendered to the individual endpoints and the storage of data belonging thereto. Consequently this invention is a public network providing two-way digital data transfer protected by algorithmic enciription and provided with electronic certificate for continuously supervised multipurpose telemechanical and communication connection among geographically scattered endpoints. The network consists of endpoint tools, data transfer connections and computer center. The computer center is fixed within a building. The individual endpoint tools are installed and fixed on structures located in geographically different directions and at different distances from the building of the computer center and are connected to the computer center through data transfer connections that enable two-way data traffic. To the structures whereon the endpoint tools are installed belong the functional apparatuses which join the connection interface of the endpoint tools through a local data channel. The endpoint tools consist of microwave antenna, IP based gateway provided with microwave transmitter-receiver and providable with augmented programs, and data transfer connection. In the endpoint IP based gateway the endpoint gateway controlling unit containing memories with individual address generator and identity application-software, certificate and key storage software, key generator software, configuration storage and running application-software, and routing software joins a standard informatics network connection interface and a radio frequency connection interface. The output connection interface of the endpoint tools is given by the informatics network connection interfaces of the endpoint IP based gateways, which at the same time constitute the endpoint connection interface of the network. The radio frequency connection interface also provided with individual address identifying software and serving as IP based digital signal source of the endpoint IP based gateway joins through the data transfer connection and the endpoint microwave transmitter-receiver the endpoint microwave antenna which at the same time constitutes the data transfer connection interface of the endpoint tool in the direction of the center. The computer center contains central microwave antenna, central microwave transmitter-receiver, IP based central gateway providable with augmented programs, data channel, central server system, central supervisor system, and central video display system. In the IP based central gateway the central gateway controlling unit containing memories with individual address generator and identity application-software, certificate and key storage software, key generation software, configuration storage and running application-software, routing and sub-network selector software joins a standard informatics network connection interface and a radio frequency connection interface. The central microwave antenna at the same time constitutes the connection interface of the data transfer connection from the computer center toward the endpoint tools. In the computer center the central microwave antenna joins through the central data channel to the central microwave transmitter-receiver which is also joined through the central data channel the radio frequency connection interface of the central IP based gateway. The standard informatics network connection interface of the central IP based gateway joins the central server system and the central supervisor system through the central data channel. The central supervisor system also joins the central video display system through the central data channel.

In a practical form of execution the computer center is also connected to the world wide web through the world wide web connection interface of the standard informatics connection interface of the central IP based gateway.

In a practical form of execution the central IP based gateway comprises more than one IP based gateway member, each of which joins the central data channel with its informatics network member connection interface as well as its radio frequency member connection interface.

Hereafter the invention is described in detail on the basis of figures.

Figure 1 shows the general block diagram of the network. Figure 2 shows the block diagram of the computer center. Figure 3 shows the block diagram of the central IP based gateway. Figure 4 shows the block diagram of the endpoint IP based gateway. Figure 5 shows the block diagram of the network providing molding machine switch, home security alarm system, computerized data communication, as well as highway supervision toll collection and control traffic technical system services. Figure 6 shows the block diagram of the central IP based gateway consisting of more than one member.

In figure 1 a public network service for data transfer is visible which is in a practical form of execution also connected to the world wide web. The network consists of endpoint tools 1, data transfer connection 3, computer center 2. To the informatics network connection interface 112 of the endpoint tools 1 of the network the functional apparatuses 4 join through local data channels 41. The individual endpoint tools 1, installed and fixed on structures, are located in different directions and at different distances from the computer center 2. The functional apparatuses 4 belong to the structures on which the endpoint tools 1 are installed. The endpoint tools 1 consist of endpoint microwave antenna 12, endpoint IP based gateway 11 providable with augmented programs and provided with endpoint microwave transmitter-receiver 13, and, in a practical form of execution, of cabled endpoint data transfer connection 14. The computer center 2 is fixed within a building. The endpoint tools 1 join the computer center 2 through data transfer connections 3 enabling two-way data traffic. The computer center 2 joins the word wide web through the word wide web connection interface 29. Figure 2 shows the block diagram of the computer center 2 of the network also joined to the world wide web. In the computer center 2 the central microwave antenna 21 joins through the central data channel 28 enabling two-way data traffic, in a practical form of execution by cable, the central microwave transmitter-receiver 22 which through the central data channel 28 joins the central IP based gateway 23. The central IP based gateway 23 joins the central server system 24 through the central data channel 28 and the central supervision system 25 through the central data channel 28. The central IP based gateway 23 contains the world wide web connection interface 29. The central supervision system 25 joins the central video wall system 26 through the central data channel 28. Figure 3 shows the block diagram of the central IP based gateway 23. In the central IP based gateway 23 the central gateway controlling unit 231 containing memory with address generator and identity application-software 235, memory with certificate and key storage software 236, memory with key generator software 237", memory with configuration storage and running application-software 238 and memory with routing and sub-network selector software 239 joins through the printed circuit 234 the standard informatics network connection interface 232 which also contains the world wide web connection interface 29 and to the radio frequency connection interface 233. Figure 4 shows the block diagram of the endpoint IP based gateway 11. In the endpoint IP based gateway 11 the endpoint gateway controlling unit 111 which contains memory with address generator and identity application-software 115, memory with certificate and key storage software 116, memory with key generator software 117, memory with configuration storage and running application-software 118 and memory with routing software 119 joins, through the printed circuit 114, the informatics network connection interface 112 and the radio frequency connection interface 113.

When the network is in operation the functional apparatuses 4 connected to the informatics network connection interface 112 of the endpoint IP based gateway 11 of the endpoint tool 1 send through the local data channel 41, preferably an indoor cable, the informations necessary for address generation and tool identification in the form of digital signals to the memory with address generator and identity application-software 115 located within the endpoint gateway controlling unit 111 where the memory with address generator and identity application-software 115 recognizes and identifies the functional apparatuses 4 connected to it then starts in the memory with key generator software 117 the key generating program necessary for encryption. The keys generated by the memory with key generator software 117 are stored by the memory with certificate and key storage software 116. The memory with certificate and key storage software 116 provides the public key with the certificate received earlier through the data transfer connection 3 from the central server system 24 of the computer center 2 and stored within itself. The memory with routing software 119 prepares and stores the routing table and sends it to the memory with configuration storage and running application-software 118. The endpoint gateway controlling unit 111 gets the digital signal shape necessary for the construction of the encrypted channel as well as the individual digital signal shapes containing the identifier and individual IP address of the functional apparatus 4 through the printed circuit 114 to the radio frequency- connection interface 113. The radio frequency connection interface 113 sends signals through the endpoint data transfer connection 14, preferably embodied in an indoor cable, to the endpoint microwave transmitter-receiver 13 which forwards them as radio frequency signals through the endpoint data transfer connection 14, preferably a cable, to the endpoint microwave antenna 12 which gets them through the microwave data transfer connection 3 to the central microwave antenna 21. From the central microwave antenna 21 the radio frequency signal gets through the central data channel 28, preferably embodied in a cable, to the central microwave transmitter-receiver 22, which retransforms it. From the central microwave transmitter-receiver 22 the retransformed signal gets through the central data channel 28 to the radio frequency connection interface 233 of the central IP based gateway 23. In the central IP based gateway 23 the radio frequency connection interface 233 gets through the printed circuit 234 to the central gateway controlling unit 231 whose memory with routing and sub-network selector software 239 prepares from the data received from the endpoint gateway controlling unit 111 routing tables for the organization of the return route and the data flow within the computer center 2, stores and sends them to the memory with configuration storage and running application-software 238. The memory with configuration storage and running application-software 238 starts the program of the memory with key generator software 237 for the encryption procedure of the data transfer connection 3 directed towards the endpoint tool 1. It stores the keys generated by the memory with key generator software 237 in the memory with certificate and key storage software 236 and in the same place provides the public key with the individual certificate received earlier by the memory with certificate and key storage software 236 through the central data channel 28 from the central server system 24 located in the computer center 2. The memory with address generator and identity application- software 235 receives, through the printed circuit 234, the individual addresses and address ranges generated for the memory with routing and sub-network selector software 239 and the data signals carrying the information received by the informatics network connection interface 232 through the central data channel 28, encryption embodied in a cable, of the central IP based gateway 23 from all the central and endpoint network elements that are joined to the network and sends them through the printed circuit 234 and the informatics network connection interface 232 to the central supervisor system 25, which gets the data necessary for status display through the printed circuit 234, the informatics network connection interface 232 and the central data channel 28 to the central video wall system 26, which processes and makes them visible ensuring thereby for the supervisory operator staff the control for continuous operation as well as placing at their disposal the conditions of the configuration and intervention agreed upon for the given case. The network stores in the computer center 2 in the central server system 24 the informations, programs and applications in connection with all the outer tools and sources of information and/or data joining the network including those in connection with every functional apparatus 4 and its owner and sends them from here during operation for the given telemechanical or communication purpose to the other units of the computer center 2. The memory with key generator software 237 of the central gateway controlling unit 231 in the central IP based gateway 23 and the memory with key generator software 117 of the endpoint gateway controlling units 111 in the endpoint IP based gateways 11 produce pairs of the prime numbers necessary for encryption, based in a practical form of execution on data provided by a specialized outside prime number reference service. The outside service also sends its data via the world wide web VH. That is, in a practical form of execution, the computer center 2 joins a prime number service center, in a practical form of execution, through the world wide web VH. According to the practical form of execution presented, the data sent by an outside service in a practical form of execution through an optical cable get from the world wide web connection interface 29, in a practical form of execution suitable for optical cable and located in the informatics network connection interface 232 of the central IP based gateway 23, to the central gateway controlling unit 231. The world wide web connection interface 29 does not only ensure availability of the data provided by the prime number service but, in a practical form of execution, also enables parallel data connection with any world wide web address.

The description of the operation of the network is continued below referring to a network serving here as an example on basis of Figure 5.

Figure 5 shows the block diagram of a multipurpose network, serving here as an example, providing telemechanical and communication connections namely molding machine switch, home security alarm system, computerized data communication as well as highway supervisory toll collection and control traffic technical system services and also connected to' the world wide web.

In figure 5 the computer center 2 of the network joins, through the constructed and maintained microwave data transfer connection 3A, the endpoint tool IA, which is installed in the molding works building and to which the molding machine controlling unit 4A is joined as functional apparatus through the endpoint data transfer connection 14A embodied in a cable. The personal computer A of the operator in the world wide web is periodically connected to the world wide web connection interface 29 of the computer center 2. When the personal computer A sends switch-on instruction to the computer center 2 in accordance with the program stored in the server system of the latter the computer center 2 sends the digital signal shape containing the switch-on control instruction to the molding machine controlling unit 4A through the data transfer connection 3A which enables two-way digital data traffic via the channel encrypted by the IP packets provided with the pair of keys and the certificate formed jointly with the endpoint tool IA, continuously supervises the existence of the channel and has the central video wall system display the status for the information of the operator staff in the computer center 2. Furthermore the computer center 2 joins, through the constructed and maintained microwave data transfer connection 3Bl to the endpoint tool IBl installed in the branch office of a bank and to which the computer informatics network connection interface 4Bl is also joined through the endpoint data transfer connection 14Bl embodied in a cable within the building of the said branch office as functional apparatus; it also joins, through the constructed and maintained microwave data transfer connection 3B2 to the endpoint tool 1B2 installed in another branch office of the bank and to which another computer informatics network connection interface 4B2 is also joined to through the endpoint data transfer connection 14B2 embodied in a cable within the building of the said branch office as functional apparatus. For the computerized communication connection between the computer informatics network connection interface 4Bl and the computer informatics network connection interface 4B2 the computer center 2 provides, in compliance with the program stored in its central server system through the data transfer connections 3Bl and 3B2 separately enabling two-way digital data traffic, the channels encrypted by the IP packets provided with the pair of keys and certificate formed separately together with the endpoint tools IBl and 1B2 which suitably belong to the data transfer connections 3Bl and 3B2 and, in case of the example given, saves the giro stock data traffic as archived file in the central server system. The computer center 2 continuously supervises the existence of the channels and has the central video wall system 26 display the characteristics of their status for the information of the operator staff in the computer center 2. Furthermore the data center Cm of a mobile phone service joins, through the world wide web, the world wide web connection interface 29 of the computer center 2. The data center Cm sends SMS data, encrypted by itself, to the computer center 2, which the computer center 2 stores in its central server system. The computer center 2 joins, through the constructed and maintained microwave data transfer connection 3Cl, the endpoint tool ICl installed beside the track of a highway and to which, through the endpoint data transfer connection 14Cl embodied in microwave along the highway, the role specific moving hand computer 4Cl functional apparatus is joined by its standard radio frequency network connection interface, so the data concerning tolls and stored in the central server system of the computer center 2 are available for it. To the world wide web connection interface 29 of the computer center 2 also joins, through the world wide web, the computer C of the headquarters of the highway company for which the data concerning tolls and stored in the central server system of the computer center 2 are available. The computer center 2 joins, through constructed and maintained microwave data transfer connection 3C2, an endpoint tool 1C2 installed beside the track of a highway and to which a digital traffic control information display 4C2 is joined through the endpoint data transfer connection 14C2 embodied in microwave along the highway by its standard radio frequency interface. The computer center 2 joins, through constructed and maintained microwave data transfer connection 3C3, an endpoint tool 1C3 installed beside the track of a highway and to which a digital camera 4C3 installed with a view of the highway is joined through the endpoint data transfer connection 14C3 embodied in microwave along the highway by its standard radio frequency interface. The computer C of the headquarters of the highway company is able through the world wide web connection 29 of the computer center 2 to control in compliance with the program stored in the central server system the digital traffic control information display 4C2 functional apparatus and to reach the pictures taken by the digital camera 4C3 display functional apparatus of the actual traffic situation. In the case according to this example the computer center 2 provides for the communication connection among the role specific moving hand computer 4Cl, the digital camera 4C3 functional apparatus and the digital traffic control information display 4C2 in compliance with the program stored in its server system through the data transfer connections 3Cl, 3C2 and 3C3 which enable separate two-way digital data traffic, the channels encrypted by the IP packets provided with pairs of key and certificate formed separately together with the endpoint tools ICl, 1C2 and 1C3 belonging to the data transfer connections 3Cl, 3C2 and 3C3 as well the save of the pictures taken by the digital camera 4C3. The computer center 2 continuously supervises the existence of the channels and has the central video wall system 26 display the characteristics of their status for the information of the operator staff in the computer center 2. Furthermore the computer center 2 joins, through the constructed and maintained microwave data transfer connection 3D the endpoint tool ID installed in a given property and to which the alarm system controlling unit 4D is joined as functional apparatus through the endpoint data transfer connection 14D embodied in a cable within the property. To the world wide web connection interface 29 of the computer center 2 the personal computer D of the person managing his property in the word wide web is periodically connected. Having switched on by the personal computer D through our network or by the person entitled to do so on the spot within the property when leaving it, the 4alarm system controlling unit 4D becomes activated and sends a signal thereof to the 2 computer center 2 in compliance with the program stored in the computer center 2. Through the data transfer connection 3D enabling two-way digital data traffic and the channel encrypted by IP packets provided with the pair of keys and certificate formed together with the endpoint tool ID, the computer center 2 sends the digital signal shape containing the instruction controlling and supervising continuous operation to the alarm system controlling unit 4D which returns it to the computer center 2 for the applications stored in the central server system. It continuously supervises the existence of the channel and has the central video wall system 26 display the characteristics of the status for the information of the operator staff in the computer center 2. When the given events of alarm occur the central server system archives the digital pictures of the digital camera joined to the alarm system controlling unit and the operator staff take the necessary measures.

Figure 6 shows the block diagram of the IP based gateway consisting of more than one member. A it is visible in the figure the central IP based gateway 23 consists according to requirements of a series consisting of an optional n number of separate IP based gateway members 23a and an IP based gateway member 23n, each of which joins through the informatics network member connection interfaces 232a and 232n respectively belonging thereto as well as through the radio frequency connection interfaces 233a and 233n respectively the central data channel 28. In case of a network containing a large number of endpoint tools it is such a preferable form of execution which ensures the possibility of employing standard IP based gateways each of which separately enables the joining of a given maximum number of endpoint tools. The proper connection among the gateway members is ensured by the central data channel 28.

Consequently the network according to this invention is able to guarantee the protection of data transfer and data contents for its geographically scattered endpoints. It becomes suitable thereby for any data transfer connection of telemechanical and communication purposes without requiring any solution to be provided by the subscribers at the endpoints for the protection of data transfer and data contents. The safe and continuously supervised running of the programs relating to the given applications stored in the network enables multipurpose applications without requiring out-of-network solutions for the operation and storage of the program control, configuration and data handling necessary for the task target and tools belonging to the given endpoint. Thereby the network according to this invention is capable of general purpose services. The two-way digital data transfer protected by on-line algorithmic encryption and provided with electronic certificate can be, in a practical form of execution, employed e.g. for the supply of authentic data to other public services with the simultaneous telesupervision of meters e.g. water meters, gas meters, electric meters for intactness and manipulation by the automatic electronic telemetering of the authentic position of the meters and the transmission of the data. As to communication applications of traditional purposes e.g. telephoning, they become safer and better protected with the network according to this invention in comparison with what has been offered by the public services up to now. List of Symbols

I endpoint tool IA endpoint tool IBl endpoint tool 1B2 endpoint tool ICl endpoint tool 1C2 endpoint tool 1C3 endpoint tool ID endpoint tool II endpoint IP based gateway III endpoint gateway controlling unit 112 informatics network connection interface 113 radio frequency connection interface 114 printed circuit 115 memory with address generator and identity application- software 116 memory with certificate and key storage software 117 memory with key generator software 118 memory with configuration storage and running application- software 119 memory with routing software 12 endpoint microwave antenna 13 endpoint microwave transmitter-receiver 14 endpoint data transfer connection 14A endpoint data transfer connection 14Bl endpoint data transfer connection 14B2 endpoint data transfer connection 14Cl endpoint data transfer connection 14C2 endpoint data transfer connection 14C3 endpoint data transfer connection 14D endpoint data transfer connection computer center 1 central microwave antenna 2 central microwave transmitter-receiver 3 central IP based gateway 3a IP based gateway member 3n IP based gateway member 31 central gateway controlling unit 32 informatics network connection interface 32a informatics network member connection interface 32n informatics network member connection interface 33 radio frequency connection interface 33a radio frequency member connection interface 33n radio frequency member connection interface 34 printed circuit 35 memory with address generator and identity application software 36 memory with certificate and key storage software 37 memory with key generator software 38 memory with configuration storage and running application- software 39 memory with routing and sub-network selector software 4 central server system 5 central supervisor system 6 central video wall system

8 central data channel 9 world wide web connection interface

data transfer connection A data transfer connection Bl data transfer connection B2 data transfer connection Cl data transfer connection C2 data transfer connection 3C3 data transfer connection 3D data transfer connection

4 functional apparatus 4A molding machine controlling unit 4Bl computer informatics network connection interface 4B2 computer informatics network connection interface 4Cl role specific, moving hand computer 4C2 digital traffic control information display 4C3 digital camera 4D alarm system controlling unit 41 local data channel

VH world wide web A personal computer C computer Cm data center D personal computer