Device and method for detecting a mobile device in a short range
The device and method automate the conversion of unencrypted radio links to encrypted ones using stored key information, addressing inefficiencies in manual device connections for localization, ensuring secure and efficient mobile device detection in automation technology.
Patent Information
- Authority / Receiving Office
- DE · DE
- Patent Type
- Patents
- Current Assignee / Owner
- PILZ GMBH & CO KG
- Filing Date
- 2024-12-10
- Publication Date
- 2026-06-25
AI Technical Summary
Existing systems in automation technology require manual user interaction for establishing secure one-to-one connections between devices for localization services, which is inefficient and not feasible in networked environments where devices from different manufacturers are used.
A device and method that enables automatic conversion of an unencrypted radio link into an encrypted one using key information stored on the mobile device, allowing secure localization services without user interaction, utilizing Bluetooth Low Energy (BLE) and Ultra-Wideband (UWB) technologies.
Enables efficient, automated, and secure detection and localization of mobile devices in close proximity, minimizing manual intervention and ensuring seamless integration with existing industrial systems while adhering to privacy and security standards.
Smart Images

Figure 00000000_0000_ABST
Abstract
Description
The present invention relates to a device and a method for detecting and locating a mobile device in the immediate vicinity of the device, particularly in safety-critical or automated environments. In automation technology, methods and devices for the close-range detection of mobile devices are generally known. Particularly in safety-critical areas, such as human-robot collaboration or applications where people have to work in hazardous environments, for example during the commissioning or maintenance of technical systems, the precise localization of mobile devices and people is of crucial importance. Publication EP 3 910 231 A1, for example, describes a security system that uses radio tracking and identification sensors to record the position and identity of people or objects in order to minimize hazards in safety-critical areas. German patent application DE 10 2022 124 254 A1 describes a method for the secure operation of field devices using mobile devices. This method employs a combination of Bluetooth and ultra-wideband (UWB) technology to determine the distance between a mobile device and the field device. Depending on the distance, authentication is performed either through user input or automatically via UWB connections, thus increasing ease of use without compromising security. US 2023 / 319907 A1 describes a method and device for simplifying the pairing of a mobile device with two separate wireless communication devices, such as those used in vehicles for access systems and infotainment. After an initial secure pairing between the mobile device and a first communication device, the communication channel established is used to automatically perform an out-of-band pairing of a second communication device without any additional user effort. In short-range sensing, UWB technology is gaining increasing importance because it enables precise, real-time positioning. This capability is essential, particularly for operational safety and process optimization in industrial applications. Modern mobile devices such as smartphones and tablets already integrate UWB functionality to utilize this technology. However, manufacturers like Apple deliberately impose restrictions on the use of location services to prevent misuse through unauthorized tracking and thus protect privacy. One challenge in automation technology is that, due to such limitations, many existing systems require manual user interaction to establish a secure one-to-one connection between devices before localization services can be used. This process, typically based on Bluetooth Low Energy (BLE) connections, requires the exchange of cryptographic keys to ensure encrypted communication. However, for many industrial applications, this manual interaction is inefficient, creating a need for solutions that allow devices to access localization services automatically and without direct user interaction. Furthermore, it cannot be assumed that automation devices used for short-range detection are networked to exchange information. This is especially true if the devices are from the same manufacturer but sold to different end users. This means that the security and resulting trust relationship between one device and a mobile device cannot simply be transferred to another. Therefore, another device is not automatically considered trustworthy. Against this background, it is an object of the present invention to provide a device and a method for detecting and localizing a mobile device in the short range, which overcome the aforementioned problems and enable simpler and more efficient use of localization services in the industrial environment. According to one aspect, this task is solved by a device for detecting a mobile device in the vicinity of the device, wherein the device has a control unit which is configured to receive a data record containing key information from the mobile device via an unencrypted radio link, to store the key information in a memory area for data records of previously performed coupling operations for the radio link in order to convert the unencrypted radio link into an encrypted radio link, to access a service of the mobile device based on another radio technology after the conversion of the radio link, and to detect the mobile device in the vicinity of the device by means of the service based on the other radio technology. According to another aspect, this problem is solved by a method for detecting a mobile device in the vicinity of a device, comprising: - receiving a data record containing key information from the mobile device via an unencrypted radio link; - storing key information in a memory area for data records of previously performed coupling operations for the radio link; - converting the unencrypted radio link into an encrypted radio link using the key information stored in the memory area; - accessing a service of the mobile device based on a different radio technology after converting the radio link; and - detecting the mobile device in the vicinity of the device using the service based on a different radio technology. The present invention thus aims to provide a more efficient and user-friendly solution for detecting and locating mobile devices in close proximity to the device. In particular, one-to-many bonding is sought to minimize the need for manual user interaction. The core of the invention lies in the automated establishment of a secure, i.e., encrypted, radio connection between a device and a mobile device, without requiring user interaction or the device needing to obtain information about the mobile device, for example, from a central server or another device. For this purpose, the mobile device sends key information to the device via an unencrypted connection after or during a detection and connection phase. The device uses this key information to convert the existing unencrypted connection into an encrypted one. To do this, the key information is stored in a memory area for previously completed pairing processes, so that both the device and the mobile device assume that a pairing has already taken place. After the connection is converted, the device can access and use the mobile device's location service to detect and locate the mobile device in close proximity, without requiring any user interaction. Based on this location, the device can trigger a control function, for example, by sending a signal that puts a technical system into a safe state. This solution enables mobile devices to be equipped with key information that they provide to the device, allowing the device to recreate the result of a pairing process between the mobile device and the device. In other words, mobile devices can transmit key information to the device, enabling the device to reproduce the result of a pairing process without a prior explicit pairing event between the devices. Instead, the mobile devices are equipped with the appropriate key information for the device, which they can transmit to it to simulate a pairing. For this purpose, an application (app) on the mobile device can be used, for example, to receive and store the key information and transmit it to the device when a connection is established. The present solution enables the device to locate mobile devices in close proximity using functions provided directly by the mobile devices themselves. This requires neither user interaction nor the acquisition of information from any source other than the mobile device. As a result, the localization services of numerous mobile devices can be used for automation technology in a simple and effective manner. In particular, this enables cost-effective and straightforward control of technical systems based on the localization of mobile devices in their environment, as existing infrastructure and communication tools are optimally utilized. The initial objective is thus fully achieved. In another version, the data set is encrypted with the key information. This design ensures the secure transmission of key information over the unencrypted radio link. It also prevents unauthorized individuals from reading the key information on the mobile device. This design thus contributes to the effective implementation of the automated secure connection. In a further embodiment, the control unit is designed to decrypt the data set using a key stored in the device. According to this design, a predefined key is stored in the device, which is used to decrypt the transmitted key information. This key can advantageously be stored on a large number of devices. All devices that possess the key can thus securely establish the automated connection. With this configuration, one-to-many bonding can be implemented particularly efficiently and securely. In another embodiment, the radio connection is a Bluetooth connection, in particular a Bluetooth Low Energy (BLE) connection. Bluetooth is a widely used and proven technology that is integrated as standard in many mobile devices. The use of a Bluetooth connection, especially a Bluetooth Low Energy (BLE) connection, is advantageous in this case because mobile device services often rely directly or indirectly on the authentication mechanisms of Bluetooth technology. Common Bluetooth implementations (also called the Bluetooth stack) offer a structured application programming interface (API) that allows easy programmatic access to the internal Bluetooth functions. This enables straightforward access to the relevant Bluetooth functions for controlling the described pairing processes and the switching between unencrypted and encrypted connections. This design further contributes to a simple and efficient implementation. In a further embodiment, the additional radio technology is an ultra-wideband (UWB) technology, in particular a UWB-based distance and / or position determination. UWB enables the distance between two devices to be determined with an accuracy of a few centimeters, which is crucial in safety-critical environments such as automation technology or human-robot collaboration. Risks arising from inaccurate positioning can thus be minimized. UWB operates in real time and enables a fast and reliable response, which is essential for applications where precise time and distance calculations are critical. The combination of UWB and BLE offers further advantages, as the strengths of both technologies can be combined to ensure both efficient communication and authentication as well as precise localization. In particular, the proposed automatic pairing, i.e.,The fact that device connection and localization run in the background for the user can eliminate the need for user intervention, thus enabling the efficient use of UWB technology in automation technology. In a further embodiment, access to the service based on the additional radio technology is only possible if the device and the mobile device are connected via the encrypted radio connection. This design offers the advantage of leveraging existing implementations of Bluetooth Low Energy (BLE) and Ultra-Wideband (UWB), which are widely used in modern mobile devices. This significantly simplifies the integration of the described technology into existing industrial and safety-critical systems. Many mobile devices, such as smartphones and other end devices, come standard with BLE and UWB technology. Device manufacturers have intentionally designed these technologies to prevent misuse, such as unauthorized tracking or manipulation. Strict usage rules for radio connections and authentication mechanisms have been implemented to ensure privacy. The proposed automatic device pairing eliminates the need to circumvent these safeguards.Rather, their presence is optimally utilized to implement one-to-many bonding, enabling a secure and efficient connection with multiple devices. The described design thus allows for the use of existing technologies while simultaneously adhering to their safety standards, thereby ensuring seamless integration into industrial applications and safety-critical environments. In a further embodiment, the control unit is configured to generate the key information upon initial connection setup with the mobile device, to encrypt the generated key information, and to transmit the encrypted key information to the mobile device. Performing the initial connection setup as a conventional pairing process offers particular advantages for the future use of the generated key information. The initial connection setup can be based on established pairing mechanisms in which the mobile device and the device jointly generate the corresponding key material. Within the context of Bluetooth, this process is referred to as "pairing." In addition to the normal procedure, the device's key material is preferably transmitted to the mobile device in encrypted form, thus creating a basis for future interactions. The advantage of this approach is that the mobile device can use the received key material for all identical devices. This means that after the initial pairing process, no further manual interaction is required if the mobile device is to be connected to other identical devices in the future.The term "identical in construction" here refers to the software implementation that enables the device to receive key material and process it as described. This implementation must be present in both devices for them to be considered identical in construction. It is therefore possible to provide a simple setup for automatic coupling by using conventional coupling mechanisms, supplemented only by an additional key transfer of the generated key material from the device to the mobile device. In this way, a particularly easy-to-implement automatic coupling can be realized, as it is essentially based on known coupling mechanisms. In a further embodiment, the device has a first output for providing a first output signal when the unencrypted radio connection is converted into an encrypted radio connection. This design allows the device to perform a response depending on the type of radio connection. In other words, the device can trigger a response as soon as the radio connection switches from unencrypted to encrypted, or vice versa. In this case, the device outputs a corresponding signal, for example, a 24V signal commonly used in industrial environments. Alternatively, the output signal can be an OSSD signal, as used, for example, in non-disconnecting protective devices. Regardless of the specific design of the output signal, a downstream control device can decide, based on this signal, whether or not a particular operating mode is activated. For example, with an encrypted connection, the control device can switch to a mode that checks for the presence of mobile devices in the vicinity and reacts accordingly.This design therefore contributes to making close-range monitoring flexible and efficient. In a further embodiment, the device has a second output for providing a second output signal when the control unit detects the mobile device in the immediate vicinity using the service based on the additional radio technology. The device can therefore have an additional output that sends a signal depending on the detection of a mobile device in the immediate vicinity. This allows the device to trigger a response as soon as a mobile device is detected nearby. Advantageously, the first and second outputs can be used in combination to enable effective control based on proximity detection. A security technology expert will be familiar with the corresponding applications. In a further embodiment, the control unit is configured to receive an additional data set containing further key information from at least one additional mobile device via another unencrypted radio link and to store this additional key information in the memory area for data sets concerning previously executed pairing processes for the additional radio link, in order to convert the additional unencrypted radio link into an encrypted one. In particular, the control unit can be configured, after the conversion of the additional radio link, to access a service of the additional mobile device based on the additional radio technology and to use this service to detect the additional mobile device in the immediate vicinity of the device. The device can therefore be configured to establish radio links to multiple devices and to perform localization in the immediate vicinity. The links to the individual devices can be established at least sequentially, but preferably also simultaneously. In a further embodiment, the data set containing the key information and the further data set containing the further key information are each encrypted data sets, wherein the control unit is configured to decrypt the data set and the further data set each with the same key stored in the device. By using the same key in the device for the different mobile devices, a 1:n binding can be easily achieved, since only one key needs to be stored in the device. In a further embodiment, the storage area for data records about previously performed coupling processes for the radio connection is a non-volatile memory. The storage area for information about previously performed pairing operations related to the wireless connection is preferably a storage area provided as part of a Bluetooth implementation, the so-called Bluetooth stack. Bluetooth stacks are generally provided by the manufacturers of the respective Bluetooth hardware. Examples include SoftDevice from Nordic Semiconductor or the BlueNRG stack from STMicroelectronics. Other providers of Bluetooth stacks include Texas Instruments, Silicon Labs, and Qualcomm, which also contributed to the development of the open-source Bluetooth stack BlueZ, which is integrated into the official Linux kernel. A Bluetooth stack is software that implements the Bluetooth protocol stack and, among other things, enables the storage of previously performed pairing operations for connections.The data is stored in non-volatile memory so that it is retained even after the device is restarted. It is understood that the features mentioned above and those to be explained below can be used not only in the combinations specified, but also in other combinations or on their own, without leaving the scope of the present invention. Exemplary embodiments of the invention are illustrated in the drawing and explained in more detail in the following description. Fig. 1 shows a schematic representation of a possible application scenario for a short-range detection device. Fig. 2 shows a schematic representation of an exemplary embodiment of the device. Fig. 3 shows a sequence diagram illustrating communication between the device and the mobile device. Fig. 4 shows a schematic representation of a possible setup of the device. Fig. 1 shows a schematic representation of a possible application scenario for a short-range detection device. In this embodiment, the device is designated by reference numeral 10. Here, the device is arranged in a housing 12 and placed on a base 14, and is configured to locate mobile devices 16A, 16B, 16C in the immediate vicinity of the device 10. The device includes a control unit 13 (see Fig. 2) that controls the device 10. The control unit 13 can be a dedicated microcontroller or, alternatively, implemented as a controller used for radio communication. The device 10 is configured to locate mobile devices 16A, 16B, 16C in the immediate vicinity and to determine whether the devices are within a defined monitoring area 18. If the device 10 detects a mobile device (here, mobile device 16A) within the defined monitoring area 18, the device 10 initiates a response to the detection. For example, the device 10 can be connected to a control unit of a technical system (not shown here) and send a signal to it, which causes the control unit to bring the technical system into a safe state. In another embodiment, the control unit can also enable the operation of a technical system only when the device 10 transmits a signal indicating that no mobile device is within the monitoring area 18.It is understood that these two embodiments are to be understood as exemplary and that a machine designer is aware of further automation tasks that are based on the detection of mobile devices in a defined monitoring area 18. The mobile devices 16A, 16B, and 16C can be detected using various radio technologies. Examples of suitable radio technologies include distance measurement using Bluetooth Low Energy (BLE), distance measurement using Ultra-Wideband (UWB) technology, or distance measurement combined with angle determination based on UWB and / or BLE. As explained in more detail below, a combination of these technologies can be used to achieve efficient and effective detection and location tracking. In the scenario depicted in Fig. 1, distance measurement combined with angle determination based on UWB is used for localization. This technology enables not only the determination of the distance between the device 10 and the mobile devices 16A, 16B, 16C, but also the determination of an angle relative to the device 10. This allows the position of the mobile device to be precisely determined. Furthermore, virtually any shape can be defined for the monitoring area 18 in this way, completely independent of other objects in the room. Thus, depending on the application, even complex shapes can be implemented as the monitoring area 18. A machine control system based on the localization of mobile devices 16A, 16B, 16C can therefore be designed with exceptional flexibility. As will be explained in more detail below, the device 10 can be configured to distinguish between three different states. These states can relate to the type of radio connection between the device and the mobile device, as well as to the localization within the monitoring area 18. The three states are illustrated in Fig. 1 using the mobile devices 16 A to C as examples. The device 10 can continuously perform a process for detecting devices in its environment. This discovery phase is also referred to as discovery. During such a discovery phase, the device 10, as shown in Fig. 1, detected the mobile device 16C and established an unencrypted connection 20 with it. The unencrypted connection 20 (indicated here by a dash-dot line) serves for the mutual exchange of identification data, either to establish a new user-initiated connection between the two devices ("pairing") or to utilize an existing connection ("bonding"). As will be explained in more detail below, the unencrypted connection 20 can also be used to exchange key information in order to automatically establish a secure connection.As long as only the unencrypted connection 20 exists between the device 10 and the mobile device 16C, the device 10 cannot access services offered by the mobile device 16C to perform precise localization of the mobile device 16C. Consequently, the mobile device 16C cannot be detected when it enters the monitoring area 18. For this to happen, a secure connection between the device 10 and the mobile device would first be required. However, such a secure connection is already established between the device 10 and the mobile device 16B. This secure connection corresponds to an encrypted connection 22 between the device 16B and the mobile device 16B and is represented here by a solid line. The encrypted connection 22 between the device 10 and the mobile device 16B allows the device 10 to access a service provided by the mobile device 16B without requiring any further user interaction. This service may, in particular, be a localization service 24 that enables the device 10 to determine the position of the mobile device 16B in space, for example, by determining its distance and angle relative to the device 10. As indicated in Fig. 1, the mobile device 16B is located outside the defined monitoring area 18. Therefore, although the device 10 has detected the mobile device 16B in its vicinity and established a secure connection to it, the device 10 has not detected the mobile device 16B within the defined monitoring area 18, so the device 10 does not trigger the intended response. The situation is different with mobile device 16A. Device 10 has established an encrypted connection 22 to this device, as it did previously with mobile device 16B, enabling device 10 to access the localization service 24. Furthermore, device 10 has recognized, based on the position data (distance, angle, etc.), that mobile device 16A is within the defined monitoring area. Consequently, device 10 can output a signal indicating that mobile device 16A is within the defined monitoring area 18. This signal can be forwarded to a control device (not shown here), which then executes a specific action. Fig. 2 shows a schematic representation of an embodiment of the device, in particular possible interfaces that may be provided on the device 10. As already described in connection with Fig. 1, the device 10 has at least one radio interface via which it can establish a radio connection to a mobile device 16. The radio connection is preferably a BLE connection, in particular an encrypted connection, which can be established automatically and without user interaction using the claimed method. The encrypted radio connection serves to ensure that the mobile device 16 considers the device 10 a trusted entity and provides the device 10 with services that require a corresponding relationship of trust. Such a service can be, among other things, a localization service that enables the device 10 to determine at least a distance between the device 10 and the mobile device 16. The localization service can, in particular, be based on UWB radio technology.In preferred embodiments, the localization service can also determine an angle or another position-related parameter in addition to the distance. As already described with reference to Fig. 1, the device 10 can derive certain states from the localization data received from the localization service and trigger reactions accordingly. In various embodiments, the device 10 has outputs at which output signals are sent depending on the current state. For example, the device 10 can have a first output at which a 24V potential is switched as the first output signal when the device 10 has established an encrypted connection to the mobile device 16. In particular, the device 10 can provide the first output signal when an unencrypted radio connection to the mobile device 16 has been automatically converted into an encrypted radio connection.The first output signal can be used to signal to a downstream control unit that a mobile device 16 is nearby, which can be precisely located via a localization service of the mobile device. The device 10 can further have a second output 28, to which a 24V potential is applied as a second output signal when the device 10 detects the mobile device 16 within a defined monitoring area. As previously described with reference to Fig. 1, the defined monitoring area can be a virtual area defined by relative position specifications with respect to the device 10. Based on the second output signal, a downstream control device can initiate a response, for example, by putting a technical system into a safe state in which no danger can arise for a person carrying the mobile device 16.In addition to the first output 26 and the second output 28, the device 10 can have a data interface 30 through which further data can be exchanged with a control unit. In contrast to the first and second output signals, which are preferably configured as switching potentials, a data signal can be provided at the data interface 30 that contains more detailed information about the current states of the device 10, in particular the radio connections and the acquired location information. Data can also be received from another device via the data interface 30. The data interface 30 can, for example, be an RS485 interface, which enables data communication that is standardized in industrial environments. It is understood that establishing the secure connection described above does not depend on the data interface 30.This allows the secure connection to be established without a data connection to any device other than the mobile device. Finally, the device 10 can have a power supply connection 32 through which the energy required for operation is drawn. The power supply connection 32 can be a standard electrical connection to which, for example, a standard industrial operating voltage of 24V can be applied. For the automated connection setup between the device 10 and the mobile device 16 described below with reference to Fig. 3, an application (app) on the mobile device 16 may be required. Such an application is indicated here in Fig. 2 by reference numeral 34. The application 34 may, for example, be configured to store key information on the mobile device 16 and transmit it to the device 10 when a connection is established. Fig. 3 shows a sequence diagram of the communication between the device and the mobile device. The sequence diagram depicts various processes, labeled here with the Roman numerals I-IV. Each process is a self-contained operation that can be performed alone or in combination with the others. Processes I and II are standard operations in WPAN (Wireless Personal Area Network) networks such as Bluetooth. Process I describes a so-called "pairing" operation, i.e., an initial connection establishment between the mobile device 16 and the device 10. Process II describes a so-called "bonding" operation, in which, after an initial connection establishment, the mobile device 16 and the device 10 are configured so that they can re-establish a connection without needing to be re-paired. The pairing process (Process I) typically begins with a discovery phase, in which the mobile device (or device) actively searches for other nearby devices and detects their presence. Once the desired device is found, a connect phase begins, in which an unencrypted connection is established to enable basic communication (S100). This is followed by the handshake, in which both devices confirm their identity and establish the basis for further exchange. This usually requires user interaction to prevent misuse and ensure that the connection is established only between the intended devices. Finally, keys are exchanged to establish trust and encrypt the connection so that future data can be transmitted securely (S101). The bonding process (Process II) serves to establish a long-term, trusted connection between two devices. It begins similarly to pairing, with the devices detecting and connecting. However, bonding also involves encrypted authentication processes in which the devices exchange and store keys. This can be achieved through a secure key exchange, where both devices generate a unique, secret key that is used for future connections. The bonding process then permanently stores these keys (S102, S103), so that the devices are automatically authenticated during future connections, enabling encrypted communication without re-pairing, and especially without further user interaction. This allows for more convenient and secure use, as the devices connect automatically upon reconnection without requiring any further user intervention. In common implementations, bonding is performed individually for each communication partner. In other words, bonding is usually limited to a one-to-one relationship. To enable one-to-many bonding (one-to-many bonding), the mobile device 16 and the device 10 are configured to perform processes III and IV. Process III describes the setup of the one-to-many bond, and process IV describes the automated establishment of a connection by a mobile device that has previously completed process III. In process III, the device 10 sends key material to the mobile device 16. The key material may, in particular, be a secret key generated by the device 10 during a bonding process (process II). In other words, the device 10 may be configured to transmit a secret key intended for the device 10 to the mobile device 16 (S104). For example, if the device 10 generated a public key and a secret key during bonding and transmitted the public key to the mobile device 16, the device 10 may additionally transmit the secret key as said key material to the mobile device 16. This transmission, however, is not part of the respective communication protocol but takes place outside of it, for example, by an application installed on the mobile device 16 that receives and stores the key material (S105). Furthermore, the device 10 can preferably encrypt the key material so that the key material can be securely transmitted and stored in the mobile device 16 even over an unsecured connection. The key used for this purpose can be stored in the device 10 as well as in other identical devices 10. With the key material stored in this way, the mobile device 16 can then automatically establish a secure connection to the device 10 or other identical devices 10. As will be explained in more detail below, this connection establishment also works if the mobile device 16 is used with a different device 10 than the one with which it performed the initial binding. Finally, Process IV demonstrates the automated establishment of a secure connection to any device 10. In other words, during Process IV, the mobile device 16 can establish a secure connection to a device 10 that is not the same device 10 with which the mobile device 16 performed the initial bonding. First, the initial connection phases Discovery and Connect, known from the pairing process, are performed for the automated connection establishment (S106). Once an unencrypted connection is established between the mobile device 16 and the device 10, the mobile device 16 sends the previously stored key material to the device 10 in a second step (S107). Device 10 receives the key material and performs decryption if the key material is encrypted. A key previously stored in Device 10 can be used for decryption. This key is preferably stored in all identical Device 10 units. Device 10 then stores the key material in a memory area for records of previously performed bonding operations, also known as a bonding cache (S108). The design of the bonding cache depends on the software implementation of the radio interface. Typically, the bonding cache can be accessed via an API of the respective implementation. Once the key material is stored in the bonding cache, the device 10 and the mobile device 16 can establish an encrypted connection or convert an existing unencrypted connection into an encrypted one. This process is the same as with normal bonding. As soon as the corresponding key material is present in the bonding cache, the device 10 and the mobile device 16 can automatically switch to secure operation and use the standard procedures. After switching to a secure connection between the device 10 and the mobile device 16, the mobile device 16 grants the device 10 access to services of the mobile device 16. In particular, the mobile device 10 allows the use of a location service, which enables the device 10 to locate the mobile device 16 in close proximity to the device. This automated connection establishment capability is available to all mobile devices 16 that have stored the key material. Using the key material, the mobile devices 16 can automatically establish a secure connection to any device 10 capable of receiving and, if necessary, decrypting the key material. This allows secure connections to be established between a mobile device and various devices 10 efficiently and without additional user interaction (1:n bonding). Finally, Fig. 4 shows a schematic representation of the possible structure of a device 10. In this embodiment, the device 10 is designed to combine various technological components to enable precise localization and communication. The central component is the BLE control unit 36, also referred to as the BLE host controller. This unit is responsible for controlling Bluetooth Low Energy (BLE) communication and is configured to establish a stable and energy-efficient connection to mobile devices. The associated BLE antenna 38 supports the host controller by transmitting and receiving BLE signals, thus forming the basis for short-range communication. In addition to BLE communication, the device features a UWB module 40, which belongs to the Ultra-Wideband technology and is used for precise distance measurement and angle determination. The UWB module 40 is supported by a 3D UWB antenna 42, which can receive and transmit UWB signals in different spatial directions, thus enabling 3D positioning. A control unit 44 establishes the external connection and can include the outputs and data interfaces of the device 10. A power supply 46, connected to an external power supply, ensures a reliable power supply, providing the various modules and antennas with the necessary energy and guaranteeing stable operation. Finally, indicator elements (LEDs) 48 are integrated into the device 10 for visual feedback. These LEDs display status information and provide the user with information about the operating state of the device, for example, whether a connection exists or whether the device is operating in detection mode. It is understood that the foregoing embodiments are merely exemplary and that further variations of individual components are possible to realize embodiments of the following claims. The scope of protection of the present invention is determined by the following patent claims and is not limited by the features explained in the description or illustrated in the figures. Reference symbol list 10 Device 12 Housing 14 Base 16 Mobile device (16A; 16B; 16C) 18 Defined monitoring area 20 Unencrypted connection 22 Encrypted connection 24 Localization service 26 First output 28 Second output 30 Data interface 32 Power supply connection 34 Application 36 BLE Host Controller 38 BLE antenna 40 UWB module 42 3D UWB antenna 44 Control unit 46 Power supply 48 Indicators (LEDs)
Claims
Device (10) for detecting a mobile device (16) in the vicinity of the device, wherein the device has a control unit (13) which is configured to receive a data record containing key information from the mobile device via an unencrypted radio link, to store the key information in a memory area for data records of previously performed coupling operations for the radio link, to convert the unencrypted radio link (20) into an encrypted radio link (22), to access a service of the mobile device based on another radio technology after the conversion of the radio link, and to detect the mobile device (16) in the vicinity of the device by means of the service based on the other radio technology. Device according to claim 1, wherein the data set is encrypted with the key information. Device according to claim 2, wherein the control unit (13) is configured to decrypt the data set using a key stored in the device. Device according to one of claims 1 to 3, wherein the radio connection is a Bluetooth connection, in particular a Bluetooth Low Energy (BLE) connection. Device according to one of claims 1 to 4, wherein the further radio technology is an ultra-wideband (UWB) technology, in particular a UWB-based distance and / or position determination. Device according to one of claims 1 to 5, wherein access to the service based on the further radio technology is only possible if the device (10) and the mobile device (16) are connected via the encrypted radio link (22). Device according to one of claims 1 to 6, wherein the control unit (13) is configured to generate the key information upon initial connection establishment with the mobile device (16), to encrypt the generated key information and to transmit the encrypted key information to the mobile device (16). Device according to one of claims 1 to 7, wherein the device has a first output (26) for providing a first output signal when the unencrypted radio link (20) is converted into an encrypted radio link (22). Device according to any one of claims 1 to 8, wherein the device has a second output (28) for providing a second output signal when the device detects the mobile device (16) in the short range by means of the service based on the further radio technology. Device according to one of claims 1 to 9, wherein the control unit (13) is configured to receive a further data record with further key information from at least one further mobile device via a further unencrypted radio link and to store the further key information in the memory area for data records about already carried out coupling processes for the further radio link in order to convert the further unencrypted radio link into an encrypted further radio link. Device according to claim 10, wherein the control unit (13) is configured to access a service of the further mobile device based on the further radio technology after converting the further radio connection, and to perform a detection of the further mobile device in the vicinity of the device by means of the service based on the further radio technology. Device according to one of claims 10 or 11, wherein the data set containing the key information and the further data set containing the further key information are each encrypted data sets, and wherein the control unit (13) is configured to decrypt the data set and the further data set each with the same key stored in the device. Device according to one of claims 1 to 12, wherein the storage area for data records about previously performed coupling processes for the radio connection is a non-volatile memory. A method for detecting a mobile device (16) in the vicinity of a device (10), comprising: - receiving a data record containing key information from the mobile device (16) via an unencrypted radio link (20); - storing key information in a memory area for data records concerning previously performed coupling operations for the radio link; - converting the unencrypted radio link (20) into an encrypted radio link (22) using the key information stored in the memory area; - accessing a service of the mobile device (16) based on a different radio technology after conversion of the radio link; and - detecting the mobile device (16) in the vicinity of the device using the service based on a different radio technology.