TECHNICAL FIELD

The present disclosure relates to a control device for wirelessly communicating with a luminaire, apparatus for use in a luminaire, methods of operation, and a server.

BACKGROUND

The following abbreviations may be used in the present specification and may be defined as follows:

CT current time

DK device key

FK fixed key

MAC media access control

NT notional time

SK session key

SN session nonce

SRN session random number

TS time slot

UID unique identifier

UTC coordinated universal time

Luminaires are increasingly "connected", that is, the luminaire can be controlled and/or maintained by a separate device, in addition to or instead of the traditional on/off switch, dimmer switch, photo detector switch, etc. It is often important to ensure that communication between the luminaire and the device is secure to avoid for example tampering or hacking by third parties, particularly in the case that the connection between the luminaire and the control device is a wireless connection. However, known techniques for secure communication are often not suitable for communicating with luminaires. In addition, it is often the case that luminaires may be installed or configured or maintained, etc. by third parties and it is important to control the access of the third parties to the luminaires. WO2012/168888 discloses a wireless network used for lighting control between a service center and lighting node through segment controller wherein the messages are authenticated between the service center and the lighting node. In addition, the transmission between the service center and the segment controller and between the segment controller and a lighting node are perform only after a local mutual authentication that provide a session key.

US 6,292,896 discloses the time derivation of a master key for creating session key. In this document the time is a public information shared by all devices connected to the network and the reliability of the time is warrant by its public use. Nevertheless and anti- replay mechanism is planned in such a way to prevent the reuse of key or of a password.

SUMMARY

According to a first aspect disclosed herein, there is provided a control device for communicating with a server and for wirelessly communicating with a luminaire, the control device comprising:

a processor arranged to identify a luminaire by receiving from the luminaire a unique identifier for the luminaire; and

data storage, the data storage storing a time-bound key previously received from the server for the identified luminaire, the time-bound key having been generated from a device key for the luminaire and a time slot for which the time-bound key may validly be used;

the processor being arranged to generate a predetermined message that is encrypted using the time-bound key and to wirelessly transmit the encrypted predetermined message to the luminaire.

In examples, this allows secure wireless communication between a luminaire and a control device to be achieved without requiring a reliable or accurate real time clock to be running on the luminaire and without requiring that for example the luminaire has a backup power source to cope with power loss or outages or that the luminaire can update the clock using say an internet connection (which may not (always) be available).

In an example, the control device is arranged to communicate with a server to receive from the server the time-bound key for the identified luminaire to be used in encrypting communications with the identified luminaire. In an example, the time-bound key comprises a session key and a session nonce. In an example, the session key received from the server is obtained from a hash function carried out on a device key for the luminaire and a time slot for which the session key may validly be used. Likewise, in an example, the session nonce received from the server is obtained from a hash function carried out on a device key for the luminaire and a time slot for which the session nonce may validly be used. The hash function will normally be carried out in the server, or some other remote apparatus, and not in the control device as the control device does not know and does not have access to DK.

In an example, the time-bound key that is used by the processor to encrypt the predetermined message is a function of the session key received from the server and a session random number received from the luminaire. Likewise, in an example, the session nonce that is used by the processor to encrypt the predetermined message is a function of a session nonce received from the server and a session random number received from the luminaire.

In an example, the processor is arranged to generate an authentication tag as a function of the predetermined message and the time-bound key and to encrypt the predetermined message and the authentication tag using the time-bound key.

In an example, the control device is arranged to wirelessly transmit a current time to the identified luminaire to enable the luminaire to update a previously stored current time with the current time transmitted by the control device.

According to a second aspect disclosed herein, there is provided a method of operating a control device for wirelessly communicating with a luminaire, the method comprising:

identifying a luminaire by receiving from the luminaire a unique identifier for the luminaire;

storing a time-bound key for the identified luminaire, the time-bound key having been previously generated by a server from a device key for the luminaire and a time slot for which the time-bound key may validly be used;

generating a predetermined message that is encrypted using the time-bound key; and

wirelessly transmitting the encrypted predetermined message to the luminaire.

According to a third aspect disclosed herein, there is provided apparatus for use in a luminaire, the apparatus comprising:

data storage, the data storage storing a device key for the luminaire;

a secure clock arranged to generate a time which is stored as a current time; a processor arranged to generate a time-bound key as a function of the device key and a time slot based on the stored current time; and a wireless communications interface for wirelessly communicating with a control device;

the apparatus being arranged to engage in a secure wireless communication with a control device via the wireless communications interface after having received from the control device a predetermined message that is encrypted using the time-bound key and that has been authenticated as having been validly created.

The "time slot based on the stored current time" may be for example the "current" time slot (e.g. today), or a previous time slot (e.g. yesterday) or a next time slot (e.g. tomorrow), etc.

In an example, the time-bound key comprises a session key and a session nonce. In an example, the session key is obtained from a hash function carried out on the device key for the luminaire and a time slot based on the stored current time. Likewise, in an example, the session nonce is obtained from a hash function carried out on the device key for the luminaire and a time slot based on the stored current time.

In an example, the processor is arranged to attempt to decrypt the predetermined message by using a session key that is a function of a session random number generated by the luminaire and a session key obtained from a hash function carried out on the device key for the luminaire and a time slot based on the stored current time. Likewise, in an example, the processor is arranged to attempt to decrypt the predetermined message by using a session nonce that is a function of a session random number generated by the luminaire and a session nonce obtained from a hash function carried out on the device key for the luminaire and a time slot based on the stored current time.

In an example, the processor is arranged to generate an authentication tag as a function of the predetermined message that has been decrypted by the processor and a time slot based on the stored current time, the authentication tag being used to authenticate the decrypted message. In an example, the processor is arranged to generate plural time-bound keys as a function of the device key and respective plural time slots based on the stored current time, to generate plural authentication tags as a function of the predetermined message that has been decrypted by the processor and the plural time slots respectively, and to authenticate the predetermined message if one of the plural authentication tags matches an authentication tag used by a control device to encrypt the predetermined message that was transmitted to the apparatus.

In an example, the secure clock of the apparatus is capable of receiving a current time from a control device and is arranged to update the stored current time with the current time received from a said control device only if the current time received from a said control device is more recent than the previously stored current time.

In an example, the apparatus is arranged to check whether the current time received from the control device is more recent than the last stored current time and, if so, update the stored current time with the current time received from the control device, else, if not, then the apparatus ceases communication with the control device.

There may also be provided a luminaire including apparatus as described above.

According to a fourth aspect disclosed herein, there is provided a method of operating a luminaire, the method comprising:

data storage, the data storage storing a device key for the luminaire;

generating a time which is stored as a current time in data storage of the luminaire;

generating a time-bound key as a function of a device key DK stored in the data storage and a time slot based on the stored current time; and

engaging in a secure wireless communication with a control device after having received from the control device a predetermined message that is encrypted using the time-bound key and that has been authenticated as having been validly created by a control device.

According to a fifth aspect disclosed herein, there is provided a server storing a device key DK and a corresponding unique identifier UID for each of a plurality of luminaires, the server being arranged to generate a time-bound key for a luminaire, the time- bound key being generated from a device key DK for the luminaire and a time slot for which the time-bound key may validly be used, the server being arranged to provide the time-bound key for a luminaire to a control device that has been authenticated with the server and that has provided the unique identifier UID for the luminaire to the server.

There may also be provided computer programs for carrying out any of the methods described above.

BRIEF DESCRIPTION OF THE DRAWINGS

To assist understanding of the present disclosure and to show how embodiments may be put into effect, reference is made by way of example to the

accompanying drawings in which: Fig. 1 shows schematically an example of an overall system according to the present disclosure;

Fig. 2 shows schematically an example of generation of an authentication tag

T;

Fig. 3 shows schematically an example of encryption at a control device;

Fig. 4 shows schematically an example of decryption at a luminaire 1 ;

Fig. 5 shows schematically an example of a method of operating a luminaire; Fig. 6 shows schematically an example of a method of operating a control device.

DETAILED DESCRIPTION

A luminaire is a device or structure arranged to emit light suitable for illuminating an environment, providing or substantially contributing to the illumination on a scale adequate for that purpose. A luminaire comprises at least one light source or lamp, such as an LED-based lamp, gas-discharge lamp or filament bulb, etc., plus any associated support, casing or other such housing.

As mentioned briefly above, luminaires are increasingly "connected", that is, the luminaire can be controlled by a separate device, in addition to or instead of the traditional on/off switch, dimmer switch, photo detector switch, etc. A control device can be used when commissioning the luminaire and/or to update the luminaire (for example, especially in the case of street lighting, lighting in public or other large buildings, etc.). It is often important to ensure that communication between the luminaire and the control device is secure to avoid tampering or hacking by third parties, particularly in the case that the connection between the luminaire and the control device is a wireless connection. However, known techniques for secure communication are often not suitable for communicating with luminaires.

For example, it is in principle possible for each luminaire in a system to be allocated a unique PIN (personal identification number) which a user can enter into a control device in order to be able to communicate with the luminaire. However, this is not always practical or convenient, especially when there is a large number of luminaires in the system (as is often the case in street lighting, lighting in public or other large buildings, etc.).

An alternative is to encrypt the communications between the luminaire and the control device. However, this requires for example that the luminaire and the control device have a shared symmetric key for the encryption and decryption of the communications. This in turn means that the control device has to obtain the symmetric key for the particular luminaire somehow. The control device could for example obtain the shared key from some central database, which stores shared keys for all of the luminaires that are possibly to be controlled by the control device, once the control device has identified the particular luminaire to be controlled. However, this requires that the control device have access to the central database in order to obtain the shared encryption key, and this may not always be possible (for example, in remote or rural areas or in tunnels, etc., where there is no wireless (e.g. cellular or Wi-Fi) access between the control device and the central database). To avoid this, the shared encryption keys for plural luminaires may instead be pre-stored on the control device. However, this is risky as the control device itself may be hacked or stolen. An encryption key that can only be used for a specified period of time could be used. However, this in turn means that the luminaire must have an accurate real-time clock which is always powered. This is often not the case, especially in the case of street lighting or other outdoor lighting, where there may be no internal clock or the clock may be low quality and therefore inaccurate, and in any event power outages may occur meaning that the clock does not accurately show the current time. It is also often the case that street lighting or other outdoor lighting is not provided with any connection to a network (including a local or wide area network and the Internet) via which it could in principle obtain the current time accurately.

Referring first to Figure 1, there will now be described examples of embodiments of the present disclosure.

Figure 1 shows schematically an example of an overall system which includes a luminaire 1 and a control device 2. (It will be understood that in practice, there will often be plural luminaires 1, such as tens or hundreds or thousands of luminaires 1.) The luminaire 1 and the control device 2 can communicate with each other wirelessly via a wireless link 3. The control device 2 may be used for example to control and configure operational parameters of the luminaire 1 , including for example parameters such as dimming schedule, lumen output, etc. The control device 2 may additionally or alternatively be used for example to obtain diagnostic data such as burning hours, energy consumption, power consumption, surge count, etc. from the luminaire 1.

The luminaire 1 comprises at least one light source or lamp 11, such as an

LED-based lamp, gas-discharge lamp or filament bulb, etc., which is mounted on and supported by a support body 12. In the specific example shown, the luminaire 1 is a street light which has a lamp 11 supported on a light pole 12. The luminaire 1 has a wireless communications interface 13 for wirelessly communicating with the control device 2. The wireless communications interface 13 in this example includes the necessary circuitry 14 to provide for wireless communications and an antenna 15. The luminaire 1 further has a processor or processors, data storage and a clock. The data storage includes at least a persistent (non- volatile) storage, such as a hard disk, non- volatile semiconductor memory, etc. One or more of the wireless communications interface 13 and the processor(s), data storage and clock may be provided as a single connectivity module 16 that can be fitted into the luminaire 1. The processor or processors, data storage, clock and wireless

communications interface 13 are sometime referred to herein collectively as apparatus for the luminaire 1.

The wireless communication between the luminaire 1 and the control device 2 is convenient for users, installers, etc., as it means that a physical, wired connection to the luminaire 1 is not necessary. This is useful in many cases, such as when the luminaire 1 is a street light or is otherwise mounted in a relatively inaccessible place (such as in the ceiling of a tall building or tunnel roof, etc.). The wireless communication may use a protocol of any suitable type, including for example Bluetooth™, ZigBee™ or Wi-Fi™, with the luminaire 1 and the control device 2 having appropriate corresponding circuitry for the protocol that is used.

The control device 2 may be a portable device having a processor and data storage (shown schematically by the reference numeral 21), in addition to the wireless circuity for communicating with the luminaire 1. The data storage includes at least a persistent (non- volatile) storage, such as a hard disk, non- volatile semiconductor memory, etc. The control device 2 preferably has a screen 22. In addition to the wireless circuity for communicating with the luminaire 1 , the control device 2 in some examples has cellular communications circuity for enabling the control device 2 to communicate via cellular networks (such as for example a GSM (Group Special Mobile or 2G (second generation) network, a 3G network, or a 4G or LTE (Long Term Evolution) network). The control device 2 may be for example a smartphone, a laptop computer, a tablet computer, a personal digital assistant (PDA) or some other mobile computing device. The control device 2 may be part of or incorporated into a "drone", i.e. a self-propelled flying vehicle which is typically unmanned.

The luminaire 1 is provided with a device key DK, which is stored in the data storage of the luminaire 1. The device key DK is preferably unique to the particular luminaire (or at least is unique amongst luminaires in the geographical region of the luminaire 1 in question). The device key DK may be for example a number. The device key DK may be for example at least 128 bits. As is well known, the larger the number of bits for a key of this type, the greater the security.

In addition, the luminaire 1 is provided with an identifier, which is preferably unique to the particular luminaire (or at least is unique amongst luminaires in the

geographical region of the luminaire 1 in question). This will be referred to herein as a unique identifier UID. A suitable and convenient unique identifier UID is the MAC (media access control) address of the wireless communications interface 13, or at least the UID may be derived from the MAC address of the wireless communications interface 13. The UID may be for example a 64 bit number. The UID is stored in the data storage of the luminaire 1.

The device key DK and the unique identifier UID may each be assigned to the luminaire 1 during manufacture of the relevant components at the factory or factories 4 that manufacture the relevant components, as shown schematically at 5 in Figure 1. In addition, the device key DK and the unique identifier UID are also stored in a database which is accessible by the control device 2. This is shown schematically by the factory or factories 4 providing the device key DK and the unique identifier UID to a remote database 6 stored in some server operating under control of a service 7 in the "cloud" via a wired and/or wireless connection 8. It will be understood that the server for storing the database 6 and the computer(s) providing the service 7 may be physically located at the factory 4 or at some other physical location. The accessibility of the database 6 to the control device 2 is indicated schematically by the reference numeral 9. The control device 2 can access the database 6 in any suitable way. Preferably, the control device 2 can access the database 6 via a wireless connection 9. In the case that the control device 2 has cellular communications circuity, the connection 9 between the control device 2 and the database 6 may be via a cellular network and, typically, also the Internet.

The clock of the luminaire 1 acts as a notional time counter NT. The notional time counter NT may be incremented by for example software running on the processor of the connectivity module 16 of the luminaire 1 using ticks from a clock crystal which may be provided internally or externally of the connectivity module 16. The counting is calibrated such that the counter is incremented as accurately as possible relatively quickly, say once per second or so. The notional time counter NT is stored at regular intervals (for example every 2 hours say) to the persistent storage in the connectivity module 16. The stored value may be used to initialize the counter after a power cycle of the connectivity module 16, such as following a loss of power to the luminaire 1 or if the connectivity module 16 is rebooted for some reason. It may be noted that the "time" that is generated by the clock typically includes or corresponds to the date (e.g. 1 January 2017) and time of day (such as 3pm, etc.).

In use, a user of the control device 2, who may for example be installing or maintaining or updating the luminaire 1 , sets up login credentials to obtain access to the database 6 by following a registration process. This may be accessible via for example a Web-based portal. The user can then download and install a configuration "app" (software application) using an appropriate distribution method (for example, directly from the factory 4 or via for example Google Play or the like). The functionality of the configuration app only becomes exposed and available to the user after providing valid login credentials.

The user then causes the configuration app on the control device 2 to perform a wireless scan to identify luminaires 1 that are within range. In the case that for example the luminaires 1 use Bluetooth to advertise their presence, the control device 2 carries out a Bluetooth scan. The scan enables the control device 2 to obtain the unique identifiers UID of the luminaires 1 within range. In the example described above, the unique identifier UID is the MAC address of the wireless communications interface 13 of the luminaires 1. In an example, the configuration app on the control device 2 provides that only white listed devices (i.e. the known wireless communications interfaces 13 of the luminaires 1 in the database in the example described above) are displayed on the screen 22 of the control device 2 by the configuration app.

The user then selects from the list of displayed devices the particular luminaire

1 to which the user requires access. In one example, the configuration app on the control device 2 then communicates with the database 6 using the unique identifier UID of the selected luminaire 1 and retrieves a time-bound session key SK and, in this example, a session nonce SN for the selected luminaire 1. Alternatively, the user 1 may have previously downloaded or otherwise obtained session keys SK and session nonces SN for a set of luminaires 1 maintained by the user onto the control device 2. In such a case, the session SK and session nonce SN for the selected luminaire 1 is looked up from the previously downloaded list. As is known in cryptography per se, a nonce is typically an arbitrary number which is (typically) used only once in a cryptographic communication (or a series of related communications) to improve security. A nonce may be for example a random or

pseudorandom number.

In the present example, the cloud service 7 associated with the database 6 (or at least some software having access to the details stored in the database 6) generates a session key SK and a session nonce SN for a specific luminaire 1 (identified by its unique identifier UID, which as mentioned may be the MAC address of the wireless communications interface 13 of the luminaire 1). In one example, the session key SK is time-bound, i.e. is in effect only valid for a predetermined period of time. A time-bound session key SK may be generated by for example combining the corresponding device key DK of the luminaire 1 and a time slot T access. The time slot T access ensures that the session key SK is time-bound as its value is related to the time slot T access. The time slot T access in an example identifies the instant in time when the session key SK was generated by the software associated with the database 6. The time resolution of the time slot can be chosen based on for example the resolution of the time for which the session key SK is to be bound (e.g. one hour or a few hours, a day or a few days, a week of a few weeks, etc.). In practical terms, this determines for how long the session key SK is useable by the control device 1. A shorter time is more secure, but a longer time is more convenient for the user wanting to access the luminaire 1.

A possible way to generate the time slot T access is to use the Unix time UT at the moment of generating session credentials expressed in day resolution, e.g.

(UT+0.5)/86400. Additional adjustments may be applied when calculating the time slot

T access to take into account the GMT (Greenwich Meant Time) offset and daylight savings offset based on the location information of the user. (As is known per se, Unix time is a system for describing instants in time defined as the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC), Thursday, 1 January 1970, not counting leap seconds.)

It should be noted that the control device 2 retrieves only the time-bound session key SK and the session nonce SN for the luminaires 1 from the database 6 and does not obtain and is not provided with the device key DK for the luminaires 1. As mentioned, in this example the retrieved session key SK is valid only for a stipulated duration, e.g., for 1 hour or 3 or 6 hours, 1 day, 3 days, etc., etc.). This ensures that a stolen or otherwise compromised control device 2 with locally stored sets of session keys SK and session nonces SN is unusable after this time is passed.

As mentioned, the luminaires 1 are arranged to advertise their presence, using for example Bluetooth or some other wireless protocol. In an example, each luminaire 1 (or, more precisely, the connectivity module 16 of the luminaire 1 in the present example) advertises a random number SRN as part of the payload of the advertisement messages (or offers a characteristic from which the random number SRN can be read in a "challenge- response" authentication). The random number SRN is refreshed by the connectivity module 16 as soon as a new (unsecured) connection is established with control device 2 to avoid the same random number SRN being given out repeatedly and therefore to improve security. The random number SRN should be a large number to improve security and may be for example a 16-byte number.

The configuration app on the control device 2 initially reads out the random number SRN from the advertisement message or from the read-only characteristic as the case may be. The configuration app on the control device 2 also sends the current time CT (for example, the UTC expressed as Unix time as discussed above) to the connectivity module 16 of the selected luminaire 1. For added security, the current date and time CT as sent by the configuration app on the control device 2 may be encrypted, using for example a pre-shared fixed key FK that is shared by all of the connectivity modules 16 of the luminaires 1 and the control device(s) 2 that are intended to communicate with the connectivity modules 16 of the luminaires 1.

In an example, the connectivity module 16 of the selected luminaire 1 authenticates the incoming current time CT by checking if it is larger than (i.e. more recent than) the current time CT that is currently internally stored in the data storage of the connectivity module 16 (which, as noted above, may be regarded as only being a notional time NT given inaccuracies in the clock of the luminaire 1 and the possibility of power to the luminaire 1 having been lost). If the authentication fails (i.e. the incoming current time CT is not later than the current time CT that is already stored in the data storage of the connectivity module 16 of the luminaire 1), then the connection with the control device 2 is severed by connectivity module 16 of the selected luminaire 1. If the authentication succeeds then the incoming current time CT is stored in the data storage of the connectivity module 16 to replace the previously stored current time CT so as to update the stored current time CT.

In the case that the connection between the control device 2 and the selected luminaire 1 is not severed, the configuration app on the control device 2 combines the session key SK and the session nonce SN for the selected luminaire 1 (which have already been retrieved from the database 6 or pre-loaded onto the control device 2 as discussed above) and the random number SRN (obtained from the advertisement message from the selected luminaire 1 as discussed above) to encrypt a pre-defined bootstrap message (i.e. a session "hello" message). The encrypted bootstrap message is then sent by the control device 2 to the connectivity module 16 of the luminaire 1. Here, it may be noted that the control device 2 could just use the session key SK and the session nonce SN as received from the cloud service 7 directly. However, using these in combination with the random number SRN obtained from the advertisement message from the selected luminaire 1 provides additional security.

The connectivity module 16 of the luminaire 1 uses the stored current time CT (which may be the originally stored current time CT or the updated current time CT) to generate a time slot T access. Mirroring what took place in the cloud service 7, the connectivity module 16 then generates at least a session key SK using a time slot T access based on the current time CT. As mentioned, the time resolution of the time slot can be chosen based on for example the resolution of the time for which the session key SK is to be bound (e.g. one hour or a few hours, a day or a few days, a week of a few weeks, etc.) The session key SK and corresponding session nonce SN are generated using the same process or algorithm that is used by the software associated with the database 6 when generating the time-bound session key SK and session nonce SN for a specific luminaire 1 and that are provided to the control device 2 as discussed above.

Then, using the session key SK and corresponding session nonce SN, in this example in combination with the random number SRN sent out by the luminaire 1 in the relevant advertisement message, the connectivity module 16 of the luminaire 1 attempts to decrypt the bootstrap message received from the control device 2. If decryption succeeds then the session key SK and corresponding session nonce SN are used for encrypting further communications with the control device 2. Additionally, the notional time NT may be initialized with the current time CT. This allows for the fact that the clock in the luminaire 1 may still be inaccurate and for example losing time. If decryption fails then the connection with the control device 2 is severed by the connectivity module 16 of the luminaire 1.

In the above, it was described that the session key SK is time-bound (in an example, being formed as a function of the device key DK and a time slot relating to the stored current time CT). In such a the luminaire 1 and the database 6 are typically not in communication, the luminaire 1 and the database 6 may not have a shared, accurate "current time". Accordingly, in such a case, the database 6 may generate plural time-bound session keys SKs, each time-bound to a different, optionally successive, time slot covering a time period when the control device 2 may wish to communicate with the luminaire 1. The various time slots may for example start one minute apart. The plural time-bound session keys SKs are provided to the control device 2, which can then use the plural time-bound session keys SKs in turn to attempt to communicate with the luminaire 1.

For added security, in some examples the session nonce SN may also be time- bound, in addition to the session key SK being time-bound. In an example, a time-bound session nonce SN may be formed as a function of the device key DK and a time slot relating to the stored current time CT. This may be similar to the generation of a time-bound session key SK discussed above.

In addition, as an option and similar to the description given above for the session key SK, the database 6 may generate plural time-bound session nonces SNs, each time-bound to a different, optionally successive, time slot covering a time period when the control device 2 may wish to communicate with the luminaire 1. The various time slots may for example start one minute apart but in any event are preferably the same as the time slots used for generating plural time-bound session keys SKs. The plural time-bound session nonces SNs are provided to the control device 2, which can then use the plural time-bound session keys SKs and the plural time-bound session nonces SNs in turn to attempt to communicate with the luminaire 1.

In the above it is stated for example that something is "generated as a function of or similar language. For example, it is stated that a session key SK is generated as a function of the device key DK and a time slot for which the session key SK may validly be used, or a session nonce SN is generated as a function of the device key DK (and in some examples also as a function of a time slot for which the session nonce SN may validly be used). In such cases, a number of techniques for generating the key or the like are possible. Particularly suitable examples include the use of hashing functions, which are well known per se, including as a particular example SHA (Secure Hash Algorithm) 256.

For added security, the random number SRN which the luminaire 1 has made available to the control device 2 may also be used in the encryption and decryption of subsequent messages between the luminaire 1 and the control device 2, i.e. messages sent and received after the initial, successful bootstrap or "hello" message. In one example of this variation, in both the luminaire 1 and the control device 2, the session key SK and session nonce SN that are initially generated in the luminaire 2 and that are initially provided to the control device 2 from the database 6 respectively are XOR'd with the random number SRN in order to generate the session key SK' and session nonce SN' that are actually used as part of the encryption and/or decryption of subsequent messages between the luminaire 1 and the control device 2. In another example of this variation, in both the luminaire 1 and the control device 2, the session key SK' and session nonce SN' that are actually used as part of the encryption and/or decryption of subsequent messages between the luminaire 1 and the control device 2 are respectively generated as a hash of the initial session key SK and session nonce SN with the random number SRN. That is, for example SK' = hash(SK || SRN) and SN' = hash(SN || SRN).

In some examples, for the initial validation of the incoming "hello" message, the connectivity module 16 of the luminaire 1 may generate a set of session keys SK*, with each session key being a function of the device key DK and a respective time slot of a succession of time slots TS, TS-1, TS-2, TS+1,. TS+2, etc. Likewise, if the session nonce SN is also time-bound as discussed above, then the connectivity module 16 may generate a set of corresponding session nonces SN*, with each session nonce being a function of the device key DK and a respective time slot of the succession of time slots TS, TS-1, TS-2, TS+1,. TS+2, etc. In either case, this allows for the fact that the clock in the luminaire 1 may still be inaccurate and for example losing time, as well as allowing for changes in the time owing to daylight saving, local time zones, etc. The session keys SK* and session nonces SN* are again generated using the same process or algorithm that is used by the software associated with the database 6 when generating the time-bound session key SK and session nonce SN for a specific luminaire 1 and that are provided to the control device 2 as discussed above. In this example, the number of time slots as well as the resolution of the time slots used by the connectivity module 16 of the luminaire 1 for generating the set of session keys SK* and corresponding session nonces SN* determines the time-bound upper limit during which the respective session keys SK and session nonces SN can be used. That is, in practice, this use of a succession of time slots for T access enables secure communication between the control device 2 and the luminaire 1 for periods of time that are judged to be close enough to the time stored by the luminaire 1.

Then, using the session keys SK and corresponding session nonces SN from the set of session keys SK* and corresponding session nonces SN* in turn, in combination with the random number SRN sent out by the luminaire 1 in the relevant advertisement message, the connectivity module 16 of the luminaire 1 attempts to decrypt the bootstrap message received from the control device 2. If decryption succeeds for one of the

combinations of session key SK and session nonce SN, then the corresponding SK and SN is used for encrypting further communications with the control device 2. Additionally, notional time NT may be initialized with CT, again to allow for the fact that the clock in the luminaire 1 may still be inaccurate and for example losing time. If decryption fails for all combinations session keys SK and session nonces SN then the connection with the control device 2 is severed by the connectivity module 16 of the luminaire 1. Accordingly, in some examples, secure wireless communication between a luminaire 1 and a control device 2 can be achieved without requiring a reliable or accurate real time clock to be running on the luminaire 1 and without requiring that for example the luminaire 1 has a back-up power source to cope with power loss or outages. A time-bound encryption key (for example, the session key SK) that can be retrieved "on-the-fly" or obtained previously "offline" from a remote database 6 is used to encrypt communications between the luminaire 1 and the control device 2. As the session key SK is time-bound, this minimizes the risk of the luminaire 1 being hacked in the case that the control device 2 is lost or stolen or hacked after having obtained the session key SK. The current time CT that is stored by the luminaire 1 can be updated if necessary, for example in the case that the clock of the luminaire 1 has drifted or lost power. A session nonce SN may also be used. The session nonce SN may also be time-bound for yet further security. A random number (for example, the session random number SRN) may be used only once in the series of related communications between the control device 2 and the luminaire 1; this avoids or at least minimizes the risk of hacking using so-called replay attacks in which a hacker can otherwise capture the previously transmitted session key SK and session nonce SN for use in encrypting communications in subsequent attacks on the luminaire 1.

In the above, the session nonce SN is time-bound as it is generated as a function of the time slot for which the session nonce SN may be used. However, this is not always necessary. Instead, a "simple" nonce being just a random number, generated at both the luminaire 1 and obtained by the control device 2 from the database 6, may be used, without being time-bound. Nevertheless, a time-bound session nonce SN is preferred for added security.

A detailed example will now be described, with particular reference to Figures 2 to 4. A. Set Up:

1. During the manufacturing of the luminaire 1 in the factory, a unique device key DK gets programmed or stored into the luminaire 1 (i.e. in an example, in the data storage of the connectivity module 16 of the luminaire 1). The device key DK is also recorded in the database 6 operated by the cloud service 7 together with a unique identifier UID (for example, a serial number, such as the MAC address of the wireless communications interface 13) of the luminaire 1 2. A given luminaire 1 in the street knows a) its unique identifier UID, b) its own unique device key DK, and c) the current notional time (which, as mentioned, can diverge from the real time).

3. The installer or maintenance person has a mobile control device 2 which contains software (an "app") for adjusting for example the luminaire's light levels, driver configuration, wattage, etc. The installer is not trusted, not least because the control device 2 may be lost or stolen for example. Accordingly, it is desired to establish a trusted and secure communication between the installer's control device 2 and the luminaire 1 without ever disclosing the device key DK, not even to the control device 2. That is, preferably, the device key DK shall stay in the central database 6 and in the luminaire 1 only. Moreover, the installer is only granted access to the luminaire 1 only for a defined amount of time, for example 4 hours or 1 day say.

B. Installer Prepares for Maintenance Field Trip:

1. The installer uses the mobile app on the control device 2 to select a single luminaire 1 he/she wants to do maintenance on. It may be noted that only a single luminaire 1 is discussed here for simplicity. In practice, the installer would likely select a larger number of luminaires 1, e.g. of an entire street or village, etc.

2. The control device 2 communicates with the remote database 6 to download security credentials which are necessary for a secure connection to the selected luminaire 1

3. At this point, the time-bound credentials for the selected luminaire 1 for a given period of time are generated at the service 7 in the "cloud":

1. Inputs from the control device 2 to the cloud service 7 are the luminaire's unique identifier UID and a time-range (e.g. "tomorrow"). The time period for which the credentials are valid are referred to as T access.

2. The cloud service 7 reads the secret device key DK from the database 6 for the specific luminaire 1.

3. The cloud service 7 computes a time-bound credential, that is, some credential that is a function of both the device key DK and the time period T access for which the credentials are valid. In one detailed example, the time-bound credential may be formed as a hash function of a concatenation of the device key DK and the time period T access. As a particular example, a 32-byte number is formed, in which the first 16 bytes are the device DK and the second 16 bytes are the time period T access (with additional zeros as necessary). A hash function is then applied to the 32-byte number. The hash function may in principle be any hash function, including for example SHA-256. The output is a 32- bytes hash number. The first 16 bytes of this are used as the initial session key SK' and 13 out of the second 16 bytes are used as the initial session nonce SN' : X := hash(DK II T_access)

Here, it may be noted that || signifies a concatenation of the device key DK and the time period T access, i.e. both data items get pasted into a single sequence of binary values. As known per se, a hash operation obfuscates this concatenated input data in a way that a third party cannot revert the operation, not even if the observer could guess T access. The result of the hash operation is assigned (:=) to the variable X.

4. It may be noted that in this detailed example, the time-bound credential X is just a sequence of bits which can be interpreted in an arbitrary way. In one example, this bit sequence is split into two parts. A first part is used as a session key SK and the second part is used as a session nonce SN:

(SK II SN) := X

As they are derived from X, which is time-bound, both the session key SK and the session nonce SN are each also time-bound in this example:

5. The cloud service 7 sends the session key SK and the session nonce SN to the app on the control device 2.

6. It may be noted that the control device 2 may for example obtain the session key SK and the session nonce SN as described above in advance, i.e. before setting out on a field trip to the location of the luminaire 1 or may for example obtain these contemporaneously whilst at the location of the luminaire 1.

4. The app on the control device 2 stores the session key SK and the session nonce SN for this particular luminaire 1 (as identified by its unique identifier UID) and the requested time T access.

C. Installer at the Luminaire 1 :

5. The luminaire 1 publicly advertises (e.g. via Bluetooth) its own identifier UID and a random number SRN. SRN gets updated by the luminaire 1 from time to time, e.g. after each successful or unsuccessful connection attempt, so that each new communication operates using a different random number SRN.

6. The installer uses app on the control device 2 to read the advertisement which is broadcast by the luminaire 1. The app shows that it has the time-bound credentials for this particular luminaire 1 available, because the luminaire's identifier UID is stored in the app together with the corresponding session SK and session SN.

7. In an example, the app sends the current time CT to the luminaire 1.

8. In this example, the luminaire 1 receives the current time CT and compares it to its current notional time NT stored in the data striated of the luminaire 1. If CT > NT then the luminaire 1 takes the current time CT received from the control device 2 and stores it as the stored current time CT in the data storage of the luminaire 1. It may be noted that other ways of validation for the current time CT received from the control device 2 are possible. For example, the current time CT received from the control device 2 may be judged to be valid if for example it is not too far ahead in time of the notional current time currently stored in the luminaire 1. As another example, the communication of the current time CT from the control device 2 can be encrypted with a fixed pre-shared key FK that is available to the factory, the app on the control device 2 and the luminaire 1.

9. The app on the control device 2 then starts the encrypted communication with the luminaire 1. For this purpose, the app on the control device 2 has four data items available: the session key SK, the session nonce SN, the random number SRN publicly advertised by the luminaire 1 and a predetermined message M to be sent. The message M may be for example an adjustment command for the luminaire 1 or part of some

communication protocol, such as a "hello" message to initiate the session.

1. In order to encrypt and "sign" the message M to be sent to the luminaire 1, a number of techniques are possible. In the present detailed example, AES

(Advanced Encryption Standard) is used. Further, in this detailed example, two different AES encryption "modes" are used for different stages. One mode is the cipher block chaining mode (CBC) and the other is the counter mode (CTR). As is known per se, the encryption algorithm AES is the same in each mode. The different modes define the way in which the algorithm it uses inputs and outputs. Both CBC and CTR modes split the input message M into several blocks (MO, Ml, M2, ...), in for example blocks of 16 bytes, and encrypt each block independently, where the mode defines how to combine message blocks, keys, and outputs. 2. As a key for the encryption the app on the control device 2 could use the session key SK and the session nonce SN directly. However, for additional security, in an example, the session key SK and the session nonce SN are modified by the app on the control device 2 using the advertised random number SRN, to provide a modified session key SK' and modified session nonce SN'. In one example, an XOR function is used:

SK' := (SK XOR SRN) and SN' := (SN XOR SRN)

The advantage of this approach is that the XOR changes both the session key SK and the session nonce SN and is easy to perform on both the sender's and the receiver's side. As an alternative a hash function may be used:

SK' := hash(SK||SRN) and SN' := hash(SN||SRN) 3. First, the AES CBC mode is used to compute a validation token or authentication tag T. The authentication tag T may be interpreted as a digital signature. In an example, the authentication tag T is arbitrarily defined to be 4 bytes in length (32 bits), with the rest of the encryption result being discarded. The process to compute the authentication tag T in this example is shown schematically in Figure 2, with the message M being split into two blocks MO and Ml in this example. Again, it is noted that the input for AES in CBC mode here are the (modified) session key SK', the (modified) session nonce SN' and the message M.

4. Second, a concatenation M' of the message M and the authentication tag T, that is M' := (M||T), is encrypted, this time using AES in CTR mode. This is shown schematically in Figure 3, with this example using a 2-byte counter e in addition to a 1-byte loop counter. Again, the input for the AES are the (modified) session key SK', the (modified) session nonce SN' and the message M plus the authentication tag T obtained above. The output is a cipher C. The receiving luminaire 1 is later able to revert that computation and validate T, as discussed below. The cipher blocks CO', CI ' ... are respectively concatenated with the 2-byte counter e to form the cipher messages that are sent to the luminaire 1 by the control device 2.

10. The control device 2 sends the cipher messages to the luminaire 1. It may be noted that the control device 2 does not send the authentication tag T to the luminaire 1 because the luminaire 1 has to repeat the computation of the authentication tag T itself, as discussed further below.

11. The luminaire 1 receives the cipher messages. For decryption, the luminaire 1 has three data items available: the current time CT, the secret device key DK and the publicly advertised random number SR it had previously broadcast. Moreover the luminaire 1 has the cipher messages C.

1. The luminaire 1 computes the "time period" of CT. For example, the current time can be rounded to the start of the day (e.g. midnight or 00:00).

2. Knowing CT and its own secret device key DK, the luminaire 1 can perform the same operations that the cloud service has carried out, as described above. That is, in this example, the luminaire 1 can compute X := hash(DK||CT) and interpret X as (SK||SN). Now, the luminaire 1 possesses the same information as the app on the control device 2 and can use SK, SN, SRN to decrypt and validate the encrypted message C.

3. As a key for the decryption the luminaire 1 always uses SK and SN, which as described above in an example were modified at the sender side by SRN before using it, e.g. SK' := (SK XOR SRN) and SN' := (SN XOR SRN).

4. As shown schematically in Figure 4, the luminaire 1 decrypts the encrypted message C using AES in CTR mode, with SK' and SN' as keys. The result is interpreted as a concatenation of the message M and the authentication tag T, namely (M||T). The luminaire 1 knows that T is 4 bytes in length in this example and can thus split (M||T) into M and T respectively.

5. Now, the luminaire 1 knows the message, yet needs to validate if the operation was correct. Here it should be recalled that the current time CT was part of the computation and the luminaire 1 cannot or does not want to rely on its own real-time clock as that may be inaccurate. Moreover, the radio transmission may have been corrupted or the sender used an incorrect session nonce SN and/or session key SK. So, in order to validate M, the luminaire 1 computes T in the same way as the app on the control device 2 did in step C. 9.3 above. The luminaire 1 assumes M is correct and uses SK' and SN' in CBC mode. The last 4 bytes of the result are taken as T*.

6. Next, the luminaire 1 can validate if T* = T, where T was part of the decrypted message and T* the result of the computation carried out in the luminaire 1.

1. If validation was successful the app on the control device 2 and the luminaire 1 have established a secure communication channel with SK' and SN' as the session key and session nonce respectively. The control device 2 and the luminaire 1 can now exchange messages in both directions using the same method as above.

2. If validation fails, the luminaire 1 may retry steps C. 11.1 to

11.5 above using different times for the "current" time CT. For example, the luminaire 1 may use one or more adjacent time periods CT+1 (e.g. the next day) or CT-1 (e.g. the previous day). If such retries do not yield T=T*, the luminaire 1 will disconnect and advertise a new random number SRN.

7. After the communication with this mobile app ends, the luminaire 1 advertises a fresh SRN and waits for the next connection.

An example of a method of operating a luminaire according to the present disclosure will be described with reference to Figure 5. At 500, the luminaire 1 stores a device key for the luminaire 1. At 502, the luminaire 1 generates a time which is stored as a current time in data storage of the luminaire. At 504, the luminaire 1 generates a time-bound key as a function of a device key DK stored in the data storage and a time slot based on the stored current time. At 506, the luminaire 1 engages in a secure wireless communication with a control device after having received from the control device a predetermined message that is encrypted using the time-bound key and that has been authenticated as having been validly created by a control device.

An example of a method of operating a control device according to the present disclosure will be described with reference to Figure 6. At 600, the control device 2 identifies a luminaire 1 by receiving from the luminaire 1 a unique identifier UID for the luminaire 1. At 602, the control device 2 stores a time-bound key for the identified luminaire, the time- bound key having been generated from a device key for the luminaire and a time slot for which the time-bound key may validly be used. At 604, the control device 2 generates a predetermined message that is encrypted using the time-bound key. At 606, the control device 2 wirelessly transmits the encrypted predetermined message to the luminaire.

In addition to the aspects described above, there may also be provided in another aspect apparatus for use in a luminaire, the apparatus comprising:

data storage, the data storage storing a device key DK for the luminaire;

a clock arranged to generate a time which is stored as a current time;

a processor arranged to generate a session key SK as a function of the device key DK and a time slot for which the session key SK may validly be used; and

a wireless communications interface for wirelessly communicating with a control device; the apparatus being arranged to engage in a secure wireless communication with a control device via the wireless communications interface after having received from the control device a predetermined message that is encrypted as a function of the session key SK;

wherein the apparatus is capable of receiving a current time from a control device and is arranged to update the stored current time with the current time received from a said control device in the case that the current time received from a said control device is more recent than the previously stored current time.

In examples, this allows secure wireless communication between a luminaire and a control device to be achieved without requiring a reliable or accurate real time clock to be running on the luminaire and without requiring that for example the luminaire has a backup power source to cope with power loss or outages or that the luminaire can update the clock using say an internet connection (which may not (always) be available). In an example, the apparatus is arranged to check whether the current time received from the control device is more recent than the last stored current time and, if so, update the stored current time with the current time received from the control device, else, if not, then the apparatus ceases communication with the control device.

In an example, the processor is arranged to generate a session nonce SN as a function of the device key DK, the apparatus being arranged to engage in a secure wireless communication with a control device via the wireless communications interface after having received from the control device a predetermined message that is encrypted as a function of the session key SK and the session nonce SN. As is known in cryptography per se, a nonce is used to increase security. A nonce may be for example an arbitrary number which is

(typically) used only once in a cryptographic communication (or a series of related communications)

In an example, the processor is arranged to generate the session nonce SN as a function of the device key DK and a time slot for which the session key SK may validly be used. Such a nonce is in effect time-bound.

In an example, the processor is arranged to generate plural session keys SK as a function of the device key DK and respective plural time slots, the processor being arranged to attempt to decrypt the predetermined message received from the control device using the session keys SK in turn and, in the case that the processor is able to decrypt the

predetermined message using a particular session key SK, then the wireless communications interface being arranged to engage in a secure wireless communication with the control device using the particular session key SK.

If a session nonce is also used, then the processor may be arranged to generate plural session keys SK and plural corresponding session nonces SN as a function of the device key DK and respective plural time slots, the processor being arranged to attempt to decrypt the predetermined message received from the control device using the session keys SK and corresponding session nonces SN in turn and, in the case that the processor is able to decrypt the predetermined message using a particular session key SK and corresponding session nonce SN, then the wireless communications interface being arranged to engage in a secure wireless communication with the control device using the particular session key SK and corresponding session nonce SN.

In an example, the data storage is arranged to store a unique identifier UID for the luminaire and the apparatus is arranged to wirelessly broadcast the unique identifier to enable a control device to identify the luminaire.

In an example, the processor is arranged to generate a random number SRN which may be received by a control device to enable the control device to generate the predetermined message which is encrypted as a function of the session key SK and the random number SRN. A new random number SRN may be generated when/if a new

(unsecured) connection is established with a control device. If a session nonce is also used, then the control device may generate the predetermined message which is encrypted as a function of the session key SK, the session nonce SN and the random number SRN. In an example, the processor is arranged to decrypt subsequent messages that are received from and that have been encrypted by a control device as a function of the session key SK and the random number SRN (and also the session nonce in the case that a session nonce is used).

There may also be provided a luminaire including apparatus as described above.

According to another aspect disclosed herein, there is provided a method of operating a luminaire, the method comprising:

generating a time which is stored as a current time;

generating a session key SK as a function of a device key DK which is stored in the luminaire and a time slot for which the session key SK may validly be used; and

engaging in a secure wireless communication with a control device after having received from the control device a predetermined message that is encrypted as a function of the session key SK; wherein the luminaire is capable of receiving a current time from a control device and updates the stored current time with the current time received from the control device in the case that the current time received from a said control device is more recent than the previously stored current time.

In an example, the method comprises, prior to engaging in a secure wireless communication with the control device:

receiving a current time from the control device;

checking whether the current time received from the control device is more recent than the last stored current time and,

if the current time received from the control device is more recent than the last stored current time, updating the stored current time with the current time received from the control device,

else, if the current time received from the control device is not more recent than the last stored current time, then ceasing communication with the control device.

In an example, the method comprises:

generating a session nonce SN as a function of the device key DK; and engaging in the secure wireless communication with the control device after having received from the control device a predetermined message that is encrypted as a function of the session key SK and the session nonce SN. The session nonce SN may be generated as a function of the device key DK and a time slot for which the session key SK may validly be used.

In an example, the method comprises:

generating plural session keys SK as a function of the device key DK and respective plural time slots;

attempting to decrypt the predetermined message received from the control device using the session keys SK in turn; and,

in the case that the predetermined message can be decrypted using a particular session key SK, engaging in a secure wireless communication with the control device using the particular session key SK.

Again, if a session nonce is also used, then the method may comprise:

generating plural session keys SK and plural corresponding session nonces SN as a function of the device key DK and respective plural time slots;

attempting to decrypt the predetermined message received from the control device using the session keys SK and corresponding session nonces SN in turn; and, in the case that the predetermined message can be decrypted using a particular session key SK and corresponding session nonce SN, engaging in a secure wireless communication with the control device using the particular session key SK and

corresponding session nonce SN.

In an example, the method comprises:

generating a random number SRN and wirelessly transmitting the random number SRN for receipt by a control device.

According to another aspect disclosed herein, there is provided a control device for wirelessly communicating with a luminaire, the control device comprising:

a processor arranged to identify a luminaire by receiving from the luminaire a unique identifier UID for the luminaire;

data storage, the data storage storing a session key SK for the identified luminaire;

the processor being arranged to generate a predetermined message that is encrypted as a function of the session key SK and to wirelessly transmit the predetermined message to the luminaire;

the control device being arranged to wirelessly transmit a current time to the identified luminaire to enable the luminaire to update a previously stored current time with the current time transmitted by the control device.

In an example, the data storage stores a session nonce SN for the identified luminaire; the processor being arranged such that the generated predetermined message is encrypted as a function of the session key SK and the session nonce SN.

In an example, the control device is arranged to communicate with a server to receive from the server the session key SK for the identified luminaire to be used in encrypting communication with the identified luminaire. In the examples where a session nonce SN is also used, the control device is arranged to communicate with a server to receive from the server the session nonce SN for the identified luminaire to be used in encrypting communication with the identified luminaire.

The session key SK and, if used, the session nonce SN for the identified luminaire may for example be obtained "on-the-fly", for example from some non-local server, once the luminaire has been identified by the control device. Alternatively, the control device may have already had session keys SK and, if used, session nonces SN for a number of luminaires already pre-stored. In that case, the control device uses the specific session key SK and, if used, the specific session nonce SN for the particular luminaire once the luminaire has been identified. The session key SK and, if used, the session nonce SN for the identified luminaire may be time-bound, that is, valid only for a specific time slot.

In an example, the control device is arranged to receive a random number SRN from the identified luminaire, and the control device being arranged such that the predetermined message that is generated is encrypted as a function of the session key SK and the random number SRN.

If a session nonce is also used, then the predetermined message that is generated is encrypted as a function of the session key SK, the session nonce SN and the random number SRN.

According to another aspect disclosed herein, there is provided a method of operating a control device to wirelessly communicate with a luminaire, the method comprising:

identifying a luminaire by receiving from the luminaire a unique identifier UID for the luminaire;

wirelessly transmitting a current time to the identified luminaire to enable the luminaire to update a previously stored current time with the current time transmitted by the control device;

storing a session key SK for the identified luminaire; and

generating a predetermined message that is encrypted as a function of the session key SK and wirelessly transmitting the predetermined message to the luminaire.

The steps mentioned above are not necessarily carried out in the order set out above. For example, the session key SK and, if used, the session nonce SN for the identified luminaire may be obtained on-the-fly once the luminaire has been identified by the control device. Alternatively, the control device may have already had session keys SK and, if used, session nonces SN for a number of luminaires already pre-stored. In that case, the control device uses the specific session key SK and, if used, session nonce SN for the particular luminaire once the luminaire has been identified.

In an example, the method comprises:

receiving a random number SRN from the identified luminaire; wherein the generating a predetermined message comprises generating a predetermined message that is encrypted as a function of the session key SK, the session nonce SN (if used) and the random number SRN.

According to another aspect disclosed herein, there is provided a server storing a device key DK and a corresponding unique identifier UID for each of a plurality of luminaires, the server being arranged to generate a time-bound session key SK for a luminaire as a function of the device key DK for the luminaire, the server being arranged to provide the time-bound session key SK for a luminaire to a control device that has been authenticated with the server and that has provided the unique identifier UID for the luminaire to the server.

If a session nonce is also used, then the server may be arranged to generate a time-bound session nonce SN for a luminaire as a function of the device key DK for the luminaire.

It will be understood that the processor or processing system or circuitry referred to herein may in practice be provided by a single chip or integrated circuit or plural chips or integrated circuits, optionally provided as a chipset, an application-specific integrated circuit (ASIC), field-programmable gate array (FPGA), digital signal processor (DSP), graphics processing units (GPUs), etc. The chip or chips may comprise circuitry (as well as possibly firmware) for embodying at least one or more of a data processor or processors, a digital signal processor or processors, baseband circuitry and radio frequency circuitry, which are configurable so as to operate in accordance with the exemplary embodiments. In this regard, the exemplary embodiments may be implemented at least in part by computer software stored in (non-transitory) memory and executable by the processor, or by hardware, or by a combination of tangibly stored software and hardware (and tangibly stored firmware).

Reference is made herein to data storage for storing data. This may be provided by a single device or by plural devices. Suitable devices include for example a hard disk or, more preferably in the present context, non- volatile semiconductor memory.

Other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the indefinite article "a" or "an" does not exclude a plurality. A single processor or other unit may fulfil the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. A computer program may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems. Any reference signs in the claims should not be construed as limiting the scope.