(19)
(11)EP 3 272 082 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
24.06.2020 Bulletin 2020/26

(21)Application number: 16767574.3

(22)Date of filing:  18.03.2016
(51)Int. Cl.: 
H04L 12/58  (2006.01)
(86)International application number:
PCT/CA2016/050306
(87)International publication number:
WO 2016/149807 (29.09.2016 Gazette  2016/39)

(54)

SYSTEM AND METHODS FOR MESSAGE REDUNDANCY

SYSTEM UND VERFAHREN FÜR NACHRICHTENREDUNDANZ

SYSTÈME ET PROCÉDÉS POUR UNE REDONDANCE DE MESSAGE


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)Priority: 20.03.2015 US 201562136164 P

(43)Date of publication of application:
24.01.2018 Bulletin 2018/04

(73)Proprietor: Royal Bank of Canada
Montreal, QC H3C 3A9 (CA)

(72)Inventor:
  • PITIO, Walter Michael
    Montreal, Québec H3C 3A9 (CA)

(74)Representative: Vossius & Partner Patentanwälte Rechtsanwälte mbB 
Siebertstrasse 3
81675 München
81675 München (DE)


(56)References cited: : 
WO-A1-2004/056043
US-A- 6 098 155
US-A1- 2014 215 280
US-B1- 8 489 670
GB-A- 2 515 501
US-A1- 2007 064 917
US-A1- 2015 012 494
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description

    CROSS-REFERENCE TO RELATED APPLICATIONS



    [0001] This application claims all benefit, including priority, of U.S. Provisional Patent Application No. 62/136,164, filed March 20, 2015, and entitled "SYSTEM AND METHODS FOR MESSAGE REDUNDANCY".

    FIELD



    [0002] The present disclosure relates generally to data redundancy and particularly to systems, methods, devices and computer-readable media for the redundancy in data to be communicated over communication links or networks.

    BACKGROUND



    [0003] In certain industries, systems may be required to transmit information to another device or location with a high degree of certainty. Backup systems and networks have been used to increase the chances of a loss-less recovery. US 8,489,670 B1 relates to methods and apparatuses for reducing TCP connection establishment time in an overlay network.

    SUMMARY



    [0004] In an aspect, there is provided a communication system. The communication system includes a first communication device configured to communicate with a backup device and a destination; and a first tapping device for monitoring messages sent over a first communication link between the first communication device and the backup device. The first communication device includes at least one processor configured to: before sending a first message destined for the destination, send a backup message corresponding to the first message over the communication link for backup at the backup device; and upon confirmation of a tap copy of the backup message from the first tapping device, send the first message to the destination.

    [0005] In another aspect, there is provided a communication device. The communication device includes at least one processor configured to: before sending a first message destined for a destination, send a backup message corresponding to the first message over a communication link for backup at a backup device; and upon confirmation of a tap copy of the backup message from a tapping device on the communication link, send the first message to the destination.

    [0006] In another aspect, there is provided a communication method. The method includes: before sending, from a communication device, a first message destined for a destination, sending a backup message corresponding to the first message from the communication device to a backup device over a communication link; and upon confirmation of a tap copy of the backup message from a tapping device on the communication link, send the first message to the destination.

    [0007] Many further features and combinations thereof concerning the present improvements will appear to those skilled in the art following a reading of the present disclosure.

    DESCRIPTION OF THE FIGURES



    [0008] Reference will now be made to the drawings, which show by way of example embodiments of the present disclosure.

    FIGS. 1, 2 and 3 show aspects of example systems and example communication flows in accordance with various aspects of the disclosure.

    FIG. 4 shows a schematic diagram showing example devices in accordance with various aspects of the disclosure.


    DESCRIPTION OF EXAMPLE EMBODIMENTS



    [0009] In a data-driven world, reliability can be an important aspect of data communication systems. In some embodiments, backup systems for storage or redundant communication can be used to ensure a high degree of certainty that a data message will be transmitted, stored, and/or processed and/or will otherwise persist in some form and/or location.

    [0010] FIG. 1 shows aspects of an example system 100 and flowchart illustrating a backup process. The system includes one or more communication device(s) and/or system(s) 10 for communicating messages to a destination.

    [0011] At 120, the communication device(s) 10 may optionally receive instructions and/or data for transmission to a destination. In some examples, the communication device(s) 10 may generate the instructions/data itself or may translate, re-package or otherwise manipulate received instructions/data for transmission.

    [0012] With a message including the received/generated instructions and/or data, the communication device(s) 10 can be configured to send 130 a backup copy of the message to a backup system/device 20.

    [0013] Upon receiving the backup copy, the backup system/device 20 can be configured to verify, store and/or otherwise process the backup copy and at 140, send an acknowledgement message back to the communication device(s) 10. In some embodiments, the acknowledgement message includes an identifier (e.g. a sequence number), a portion, or some indication of the backup message to which the acknowledgement relates.

    [0014] Upon receipt of the acknowledgement message, the communication device(s) 10 can, at 150, send the message to the destination. In this manner, before sending the message to the destination, the system ensures that a backup copy exists in the event there is a failure of the communication device(s) 10.

    [0015] In some embodiments, the system 100 above may cause a delay between the time data/instructions are received (120) or generated, and the time the message is sent 150 to the destination. In some examples, the delay may include latencies cause by creating the backup message, the transmission latency of sending 130 the backup message from the communication device(s) 10 to the backup system 20, the execution latency for the backup system 20 to process the backup message, the latency of sending 140 the acknowledgement message from the backup system 20 to the communication device(s) 10, and the execution latency for the communication device(s) 10 to process the acknowledgement. While, in some examples, the execution latencies may be small, the transmission latencies (e.g. 130, 140) may be significant depending on the physical distance between the communication device(s) 10 and the backup system 20.

    [0016] The total delay/latency required to create a backup may negatively impact the performance of the system 100. In some situations, such as those involving time-sensitive communications, these delays are undesirable and may be unacceptable.

    [0017] In some examples, the backup system 20 may be in a remote location to ensure that a regional catastrophe does not disable or cause a failure of both the primary communication device(s) 10 and the backup device(s) 20. However, the greater distances of remote locations may exasperate the transmission latencies.

    [0018] FIG. 2 shows aspects of another example system 200, and flowchart 201 illustrating an example communication process.

    [0019] The communication device 10 can be a device configured for data communication with a backup system/device 20 and a destination. In some embodiments, the communication device 10 can be a router, switch or other device configured to receive data and/or instructions from another device or system for communicating with the backup system/device 20 and the destination.

    [0020] FIG. 4 is a schematic diagram showing aspects of an example communication system/device 10, and/or backup system/device 20. While the example in FIG. 4 shows a single device, in some embodiments, the communication device 10, 20 can include or consist of multiple devices and in some examples, can be physically and/or logically grouped as a system or any other arrangement.

    [0021] Without limiting the foregoing, reference to a communication device or system 10 should not be interpreted as limited to a single device, but may include multiple devices and/or one or more systems having the same components and/or configured to perform the same functions as described with reference to a communication device 10. This applies similarly to references to a backup system or device.

    [0022] In some examples, the backup system/device(s) 20 may include the same or similar components to the primary communication device(s) 10. In some examples, the backup system/device(s) 20 can be configured to perform the same function(s) as a communication device 10, or may be another instance of a primary communication device 10 configured to generate and/or receive instructions from another device or system for communicating with one or more destination(s) and/or another backup system/device 20.

    [0023] In some example embodiments, communication devices 10 and/or backup device 20 may include one or more processor(s) 252 connected to one or more memory(ies) 254 or other temporary and/or persistent storage memory device(s). The processor(s) may be connected to one or more network interface(s) 258 configured to transmit and/or receive data messages over a wired (optical fiber, copper line, etc.), wireless (Wi-Fi, radio, microwave, etc.), and/or any other interface. The processor(s), network interface(s) and/or other aspects of the device(s) 10, 20 may include any suitable hardware structure for generating signals for wired or wireless transmission and/or processing received signals. The processor(s), network interface(s) and/or other aspects of the device(s) 10, 20 may include modules or may be otherwise configured to interpret, translate, encapsulate, cache, queue, re-order, encode/decode, encrypt/decrypt, or otherwise process or generate messages suitable for transmitting to the destination or between the communication device 10 and the backup device 20.

    [0024] The memory(ies) 254 may be accessible by the processor(s) to access, receive and/or store data. The memory(ies) 254 may include a main memory, such as a high speed Random Access Memory (RAM), an auxiliary storage unit, such as a hard disk, flash memory, registers and/or a magnetic tape drive. The memory(ies) 254 may include any other type of memory, such as a Read-Only Memory (ROM), Erasable Programmable Read-Only Memory (EPROM), electrically-erasable programmable read-only memory (EEPROM), Ferroelectric RAM (FRAM), or optical storage media such as a Bluray Disc™, videodisc and a compact disc. In an embodiment, the memory may be used to buffer data and/or instructions. The processor(s) may access the memory(ies) to retrieve data or instructions.

    [0025] The processor(s) 252 may include any device that can perform operations on data. Examples include a central processing unit (CPU), a front-end processor, a microprocessor, a field programmable gate array (FPGA), a reconfigurable processor, a digital signal processor, a network processor, an integrated circuit, or any other processing device and/or any combination thereof. Applications may be running on the processor and may be configured to perform various tasks including at least aspects of the methods described herein. The processor(s) may be configured to perform one or more aspects of the methods and processes described herein.

    [0026] The device(s) 10, 20 may include input/output devices and/or input/output interface(s) 256 for input/output devices such as built-in or peripheral devices such as displays, touchscreens, keyboards, sensors, input mechanisms, actuators, data storage devices and the like.

    [0027] Referring to FIG. 2, at 220, the communication device 10 may be optionally configured to receive, from a source, information to be communication to the destination. The information may include instructions and/or data. In some embodiments, the communication device 10 may be configured to interpret, translate, encapsulate, cache, queue, re-order, encode/decode, encrypt/decrypt, or otherwise process or generate messages suitable for transmitting to the destination or the backup device 20 based on and/or including the information received from the source.

    [0028] In some embodiments, the communication device 10 may be configured to generate messages for transmitting to the destination and backup device 20 its own information (e.g. data or instructions) or information accessed or generated in conjunction with another system or device.

    [0029] At 230, before sending the message to the destination, the communication device 10 can be configured to send a backup message to the backup device 20. In some examples, the backup message can include a copy of the message. For examples, the backup message can be identical copy of the message, or may additional headers or other information and/or metadata.

    [0030] In some examples, the backup message may not be a copy of the message, but may include data and/or instructions which may be used by the backup 20 or other device to recreate the message or may identify the instruction, intention and/or information in the original message such that a similar message suitable for sending to the destination.

    [0031] For example, when a message destined for a destination includes a trade request from client identifier A to purchase 100 shares of a stock B from venue C at price D, the backup message can be: an exact copy of the message, a message including all the details of the original message but perhaps not in the same format/encoding/etc., or a message including data which simply indicates that the original was a request from client identifier A to purchase 100 shares of stock B. In the last example, the backup message does not contain details regarding price or venue but includes enough information such that a new substitute message can be created which satisfies the intention of the original request to purchase 100 shares of stock B for a client associated with client identifier A.

    [0032] In some embodiments, the backup message may include or may consist of an identifier such as a sequence number associated with the message. In some such examples, the sequence number may not contain information for recreating the message but can identify dropped or unsuccessfully transmitted message(s) should an error or transmission problem occur when the message is transmitted to the destination.

    [0033] In some embodiments, the backup message can be sent to the backup device 20 over a communication link 31. In some examples, the communication link 31 may include a direct communication link such as a direct end-to-end optical fiber, copper or other physical connection to the backup system. In some examples, the communication link 31 may include a wireless communication link, a direct line of sight microwave and/or a laser communication link. In some embodiments, the communication link 31 can include any mechanism or medium for communicating data from a source device to a destination device.

    [0034] In some examples, the communication link is a single or otherwise undivided or unbroken communication link between the first communication device and the backup device. For example, an optical fiber connection with no intermediate connector or network device.

    [0035] In other embodiments, the communication link 31 may include one or more dedicated lines and/or networks. In some examples, the dedicated line or network may utilize or include one or more redundancy paths, devices and/or lossless failover mechanisms. The dedicated line and/or network may include a guaranteed level of service. In some embodiments, the communication link 31 may include any combination of private and/or public, wired or wireless networks.

    [0036] The system 200, 10 can include a tapping device 30 for monitoring messages sent over the communication link 31. In some embodiments, the tapping device 30 can be a network tap such as a fiber optic or copper tap.

    [0037] In some embodiments, the tapping device 30 may be a passive device connected to the communication link 31 which allows signals from the communication device 10 to the backup device 20 to pass through uninterrupted while monitoring the content of those signals. For example, a passive optical tap may redirect a small portion of the light signals travelling along an optical fiber connection from the communication device 10 to the backup device 20. In some examples, the tapping device 30 can include an optical tap, a copper tap or any other passive tapping device.

    [0038] In some examples, the tapping device 30 can include an amplifier or can be otherwise configured to amplify the signals tapped from the communication link 31.

    [0039] In some embodiments, the tapping device 30 may include a device that monitoring messages sent over the communication link by receiving signals from the communication device 10 and then generates identical signals for continuing their transmission to the backup device 20. In some examples, the tapping device 30 may be configured to allow the signals to pass through un-hindered in the event the power to the tapping device 30 is lost and/or any other failure occurs.

    [0040] In some embodiments, the tapping device 30 may be positioned on the communication link proximate or relatively close to the communication device 10. In some examples, by positioning the tapping device close to the communication device 10, the transmission time of a message from the communication device to the tapping device is shorter than if the tapping device was positioned further along the communication link. For example, the tapping device can be positioned at a location on the communication link that closer to the communication device 10 than to the backup device.

    [0041] In some examples, the tapping device 30 may be positioned within the first 10%, 25% or 50% of the length/distance of the communication link as measured from the communication device 10 to the backup device.

    [0042] In some embodiments, the tapping device 30 may be positioned a location of the communication link which provides an acceptable latency for the system's performance requirements. In some examples, the position may be based on a determination of a maximum or range of distances derived from the speed of the communication link and a maximum or range of acceptable backup latencies.

    [0043] In some embodiments, the tapping device 30 may be positioned far enough from the communication device/system 10 such that a failure of a component of the communication device/system 10 is unlikely to prevent the backup message from reaching its destination.

    [0044] In another example, when a backup message is sent via a number of interconnections and/or networking devices, the tapping device may provide a higher degree of confidence if it is positioned after the last interconnection or networking device between the communication device 10 and the backup device/system.

    [0045] When a backup message is sent over the communication link 31, the tapping device can tap a tap copy of the backup message as it is being transmitted along the communication link 31.

    [0046] At 240, the communication device 10 can be configured to confirm a tap copy of the backup message from the tapping device. In some examples, this includes receiving a tap copy of the backup message. In some examples, the communication device 10 can be configured to verify the tap copy of the backup message. This can include verifying that the backup message has been sent over the communication link 31, verifying that the backup message has been sent without errors, and/or verifying that the backup message correctly includes a copy of the message or data/instructions for recreating a message to be sent to the destination.

    [0047] In some examples, verifying the tap copy may include generating a verifying an error correction code (ECC) and/or hash of the tap copy with an ECC and/or hash of the backup message.

    [0048] In some examples, the tapping device 30 or other device may be configured to verify the tap copy, and to send a confirmation signal to the communication device 10.

    [0049] At 250, upon confirmation of the tap copy of the backup message, the communication device 10 can be configured to send the message to the destination. In some scenarios, by confirming that the backup message has been sent or "launched" down a dedicated link or high reliability link/network, the communication device 10 can safely assume that the backup message will be arrive at the backup device. This assumption may, in some instances, be particularly reliable for an optical or other high speed link where signals travel close to the speed of light. In order for the message to be lost, the communication device 10 would have to fail after the backup message has been launched but before the message to the destination has been sent, and the communication link 31 would have to fail after the backup message has been launched but before the backup message, potentially travelling near the speed of light, arrives at the backup device 20. In other words, in some embodiments, the transmission over the communication link 31 may be at a great enough speed that it may be assumed that once a message has been sent, there is a very small window of time during which a failure or nefarious activity can prevent message from reaching its destination.

    [0050] In some embodiments, the backup device (or system) 20 may be configured to store the backup message for retrieval in the event of a failure of the communication device 10. In some embodiments, the backup device (or system) 20 may be a redundant communication device which can send the message (and/or recreate the message for sending) to the destination in the event the primary communication device 10 fails.

    [0051] In some embodiments, the communication device 10 at 260 may be optionally configured to send a confirmation message to the source that the message has been delivered. This confirmation may occur after the confirmation of the tap message and/or concurrently with or after the sending of the message to the destination 250.

    [0052] In some examples, the communication device 10, at 270, can be configured to receive an acknowledgement message from the backup device 20 indicating the backup message was received, stored and/or processed. In some examples, the communication device 10 may be configured to use the acknowledgement message as a confirmation of the status/health of the backup system 20 as it does not wait for the acknowledgement before sending the message to the destination.

    [0053] In some examples, the communication device 10 may be configured to send backup messages to a different backup system, if an acknowledgement message has not been received from a first backup system after a threshold time.

    [0054] In some instances, the systems 200 and methods 201 described herein may allow for reliable data transmission with a high degree of certainty that a message will be sent without the inherent latencies of the system described in FIG. 1.

    [0055] In some embodiments, the tapping device 30 may be positioned on the communication link 31 proximate to the communication device 10. The closer the tapping device 30, the lower the transmission latency for the backup message to travel from the communication device 10 to the tapping device 30, and the lower the transmission latency for the tap copy or other signal to travel from the tapping device 30 to the communication device 10.

    [0056] In an example application, the systems 200, devices, and methods 201 described herein may be used as part of a financial trading system. Trade request data may be received from a source or generated by a communication device 20 for transmission to a trade execution device (destination) at a stock exchange. Due to potentially large financial consequences if a trade request fails to be sent or is sent too late (allowing prices or liquidity to change), the system 200 may, in some examples, provide a suitable system for timely and reliable transmission of trade requests.

    [0057] In some instances, embodiments of the systems, devices, and methods described herein may be used in other environments requiring high reliability and/or time critical communications. Examples include but are not limited to military, government, bank, telecom, etc. In some examples, embodiments of the systems, devices, and methods described herein may be useful for service providers to provide various service level requirements.

    [0058] FIG. 3 shows aspects of another example system 200, and flowchart 201 illustrating another example communication process. In FIG. 3, the communication device 10 can be configured to send a backup message to both a first backup device 20 and a second backup device 20a before sending a message to the destination.

    [0059] In some embodiments, the first and second backup devices 20, 20a are at different locations, and/or are located in different directions from the communication system/device 10.

    [0060] In some embodiments, the communication link for sending 230 the backup message to the first backup system 20 is different from the communication link for sending 230a the backup message to the second backup system 20a. For example, the respective backup messages can be sent along different physical communication connections, sent from/via different network devices and/or in different directions. In some instances, the use of such different physical communication connections may reduce the change that both backup messages are lost.

    [0061] While, FIG. 3 shows an example system 200 which utilizes two backup systems 20, 20a, in other embodiments, three, four or any number of backup systems may be used, each with their own respective taps and communication links. In some embodiments, this may create additional redundancy and/or reliability.

    [0062] In some examples, the communication device 10 can be configured to send the message to the destination upon confirmation of a tap copy from at least one of the tapping devices 30, 30a. In some such examples, the system 200 and methods 201 may provide a further layer of redundancy without any additional backup delay.

    [0063] In some examples, for a potentially higher degree of reliability, the communication device 10 can be configured to only send the message to the destination upon confirmation of a tap copy from both of the tapping devices 30, 30a. In embodiments having three or more backup systems, the communication device 10 can be configured to only send the message to the destination upon confirmation of a tap copy from two or more of the backup systems.

    [0064] As described herein or otherwise, in some embodiments, the communication system 10 is configured to send backup messages to a subset of all available backup systems. The communication system 10 may be configured to send backup messages to additional backup system(s) when acknowledgement messages are not received within a defined threshold time.

    [0065] In some embodiments as described with respect to FIG. 2 or 3, the communication system 10 may concurrently act as backup system for another system/device such as the backup devices 20, 20a.

    [0066] The backup system(s) 20, 20a are configured to send an acknowledgment message to the communication system 10 upon receipt of a backup message. In some examples, these acknowledgement messages can be used by the communication system 10 as a health indicator or status check on the corresponding communication link 31 and/or backup system 20.

    [0067] In some embodiments, the backup system(s) are configured to send heartbeat messages to the communication system 10. The heartbeat message can be sent periodically (e.g. every 10 ms) to the communication system 10 to act as a health indicator or status check on the corresponding communication link 31 and/or backup system 20.

    [0068] In some embodiments, the heartbeat messages may only be sent when an acknowledgement message has not been sent recently or within the last heartbeat period. In other embodiments, the heartbeat messages are sent periodically irrespective of any acknowledgement messages. In some examples, the use of heartbeat messages can provide the communication system a relatively current indication of the health of the backup link(s) and/or system even if a backup message has not been sent to the backup system recently.

    [0069] In some embodiments, the heartbeat messages can include a sequence number or some identifier with which the communication system 10 can determine whether a particular heartbeat message was not successfully received.

    [0070] Alternatively or additionally, in some embodiments, the communication system 10 can be configured to send heartbeat messages to the backup system 20. This can cause the communication system 10 to receive tap copies of the heartbeat messages from the tap device 30, and acknowledgement heartbeat messages from the backup system 20. In some such embodiments, the heartbeat messages can provide an indication of the health/performance of the tap device 30, communication links and backup system 20.

    [0071] In some embodiments, when the communication system 10 does not receive an acknowledgement or heartbeat message (originating from the backup system or as an acknowledgement of an original heartbeat message received from the communication system) within a defined time threshold (e.g. within 500 microseconds of sending a backup or original heartbeat message, or within 350 microseconds of an expected heartbeat message), a secondary or failure mode may be triggered. For example, in a secondary mode, the communication system 10 may be configured to stop sending backup messages to a primary backup system from which acknowledgement or heartbeat messages have not been received within the defined threshold, and may send all subsequent backup messages to a different backup system.

    [0072] In other embodiments, when a secondary or failure mode is triggered, the communication system 10 can be configured to utilize a different backup mechanism. In some examples, the communication system can use a traditional backup mechanism which may have a longer latency and/or slower throughput than the tap mechanism described herein. For example, the communication system operating in a secondary mode may store a backup message locally or otherwise within the communication system 10.

    [0073] In some embodiments, when a secondary or failure mode is triggered, the communication system/device 10 may continue to send messages to the destination despite the loss or unreliability of a backup system. In some examples, the communication system/device 10 may generate an alert or electronic message providing an indication that the system 200 is operating in a mode that cannot guarantee a recovery should a failure occur.

    [0074] In some examples, the communication system(s)/devices(s) 10 can use heartbeat messages and any associated tap copies and acknowledgement heartbeat messages to monitor latencies between the transmission of a backup copy and the receipt of a tap copy or an acknowledgement message. In some embodiments, the monitoring of latencies can include using timestamps in heartbeat and/or acknowledgement messages, or by monitoring clock times of transmission or receipt of messages. In some examples, then the communication system 10 detects a monitored latency which indicates a change from a historical or expected latency, the communication system 10 can be configured to generate an alert. Such a change in latency may, in some instances, be indicative of a hardware or software problem, a change in topology, a backlog at the backup system, etc. The alert may allow for more comprehensive testing or investigation to be performed before a catastrophic problem occurs.

    [0075] While the disclosure has been provided and illustrated in connection with specific, presently-preferred embodiments, many variations and modifications may be made without departing from the scope of the invention(s) disclosed herein. The disclosure and invention(s) are therefore not to be limited to the exact components or details of methodology or construction set forth above. Except to the extent necessary or inherent in the processes themselves, no particular order to steps or stages of methods or processes described in this disclosure, including the Figures, is intended or implied. In many cases the order of process steps may be varied without changing the purpose, effect, or import of the methods described. The scope of the claims is to be defined solely by the appended claims.


    Claims

    1. A communication method comprising the steps of:

    before sending, from a communication device (10), a first message destined for a destination, sending a backup message including a backup of the first message from the communication device (10) to a backup device (20) over a communication link, the communication link coupled to a tapping device (30) at a point on the communication link between the communication device (10) and the backup device (20), the tapping device (30) configured to transmit a tap copy to the communication device (10) verifying that the backup message is being transmitted across the communication link; and

    upon confirmation, by the communication device (10), of the tap copy of the backup message from the tapping device (30) on the communication link, sending the first message to the destination.


     
    2. The method of claim 1 comprising verifying the tap copy before sending the first message to the destination.
     
    3. The method of claim 1, wherein the backup message includes a copy of the first message.
     
    4. The method of claim 1, wherein the backup message includes information that can be used to recreate the first message or create a substitute message.
     
    5. The method of claim 1 wherein the communication link between the communication device (10) and the backup device (20) is an undivided physical communication link.
     
    6. The method of claim 1 wherein the tapping device (30) is positioned on the communication link proximate to the communication device (10).
     
    7. The method of claim 1 comprising verifying a status of the backup device (20) based on an acknowledgement message received from the backup device (20), the acknowledgement message indicating that the backup message was received.
     
    8. The method of claim 1 comprising:

    before sending the first message destined for the destination, sending the backup message over a second communication link; and

    upon confirmation of a tap copy from at least one of the tapping device (30) on the communication link or a second tapping device (30a) on the second communication link, send the first message to the destination.


     
    9. The method of claim 1, comprising receiving heartbeat messages from the backup device (20).
     
    10. The method claim 1, comprising: sending heartbeat messages over the first communication link to the backup device (20); and receiving corresponding tap messages from the tapping device (30) and acknowledgement heartbeat messages from the backup device (20).
     
    11. The method of claim 1, comprising: triggering a secondary backup mode when an acknowledgement message or heartbeat message is not received within a defined time threshold.
     
    12. The method of claim 11 wherein triggering the secondary backup mode, comprises sending the backup message to a second backup device (20a).
     
    13. The method of any one of claims 1 to 12, wherein the tapping device (30) is a passive device which allows signals from the communication device (10) to the backup device (20) to pass through uninterrupted while monitoring the content of those signals.
     
    14. A communication device (10) comprising: at least one processor configured to perform all steps of the method of any one of claims 1-13 when being executed by a computer.
     
    15. A communication system (100, 200, 201), the system (100, 200, 201) comprising:

    the communication device (10) of claim 14 configured to communicate with a backup device (20) and a destination; and

    a tapping device (30) for monitoring messages sent over a first communication link between the communication device (10) and the backup device (20).


     


    Ansprüche

    1. Kommunikationsverfahren, das die Schritte aufweist:

    vor dem Senden einer ersten Nachricht, die für ein Ziel bestimmt ist, von einer Kommunikationsvorrichtung (10), Senden einer Sicherungsnachricht, die eine Sicherungskopie der ersten Nachricht aufweist, von der Kommunikationsvorrichtung (10) an eine Sicherungsvorrichtung (20) über eine Kommunikationsverbindung, wobei die Kommunikationsverbindung an einem Punkt in der Kommunikationsverbindung zwischen der Kommunikationsvorrichtung (10) und der Sicherungsvorrichtung (20) mit einer Abgriffsvorrichtung (30) gekoppelt ist, wobei die Abgriffsvorrichtung (30) konfiguriert ist, eine Abgriffskopie an die Kommunikationsvorrichtung (10) zu übertragen, die verifiziert, dass die Sicherungsnachricht über die Kommunikationsverbindung übertragen wird; und

    bei einer Bestätigung durch die Kommunikationsvorrichtung (10) der Abgriffskopie der Sicherungsnachricht von der Abgriffsvorrichtung (30) in der Kommunikationsverbindung, Senden der ersten Nachricht an das Ziel.


     
    2. Verfahren nach Anspruch 1, das ein Verifizieren der Abgriffskopie vor dem Senden der ersten Nachricht an das Ziel aufweist.
     
    3. Verfahren nach Anspruch 1, wobei die Sicherungsnachricht eine Kopie der ersten Nachricht enthält.
     
    4. Verfahren nach Anspruch 1, wobei die Sicherungsnachricht Informationen enthält, die verwendet werden können, um die erste Nachricht erneut zu erzeugen oder eine Ersatznachricht zu erzeugen.
     
    5. Verfahren nach Anspruch 1, wobei die Kommunikationsverbindung zwischen der Kommunikationsvorrichtung (10) und der Sicherungsvorrichtung (20) eine ungeteilte physikalische Kommunikationsverbindung ist.
     
    6. Verfahren nach Anspruch 1, wobei die Abgriffsvorrichtung (30) in der Kommunikationsverbindung nahe der Kommunikationsvorrichtung (10) angeordnet ist.
     
    7. Verfahren nach Anspruch 1, das das Verifizieren eines Zustands der Sicherungsvorrichtung (20) beruhend auf einer von der Sicherungsvorrichtung (20) empfangenen Bestätigungsnachricht aufweist, wobei die Bestätigungsnachricht anzeigt, dass die Sicherungsnachricht empfangen wurde.
     
    8. Verfahren nach Anspruch 1, das aufweist:

    vor dem Senden der ersten Nachricht, die für das Ziel bestimmt ist, Senden der Sicherungsnachricht über eine zweite Kommunikationsverbindung; und

    bei einer Bestätigung einer Abgriffskopie von der Abgriffsvorrichtung (30) in der Kommunikationsverbindung und/oder einer zweiten Abgriffsvorrichtung (30a) in der zweite Kommunikationsverbindung, Senden der ersten Nachricht an das Ziel.


     
    9. Verfahren nach Anspruch 1, das ein Empfangen von Heartbeat-Nachrichten von der Sicherungsvorrichtung (20) aufweist.
     
    10. Verfahren nach Anspruch 1, das aufweist: Senden von Heartbeat-Nachrichten über die erste Kommunikationsverbindung an die Sicherungsvorrichtung (20); und Empfangen entsprechender Abgriffsnachrichten von der Abgriffsvorrichtung (30) und Bestätigungs-Heartbeat-Nachrichten von der Sicherungsvorrichtung (20).
     
    11. Verfahren nach Anspruch 1, das aufweist: Auslösen eines sekundären Sicherungsmodus, wenn keine Bestätigungsnachricht oder Heartbeat-Nachricht innerhalb eines definierten Zeitschwellenwerts empfangen wird.
     
    12. Verfahren nach Anspruch 11, wobei das Auslösen eines sekundären Sicherungsmodus das Senden der Sicherungsnachricht an eine zweite Sicherungsvorrichtung (20a) aufweist.
     
    13. Verfahren nach einem der Ansprüche 1 bis 12, wobei die Abgriffsvorrichtung (30) eine passive Vorrichtung ist, die es ermöglicht, dass Signale von der Kommunikationsvorrichtung (10) an die Sicherungsvorrichtung (20) ununterbrochen hindurchgehen, während sie den Inhalt dieser Signale überwacht.
     
    14. Kommunikationsvorrichtung (10) die aufweist: mindestens einen Prozessor, der konfiguriert ist, alle Schritte des Verfahrens nach einem der Ansprüche 1 bis 13 auszuführen, wenn es durch einen Computer ausgeführt wird
     
    15. Kommunikationssystem (100, 200, 201), wobei das System (100, 200, 201) aufweist:

    die Kommunikationsvorrichtung (10) nach Anspruch 14, die konfiguriert ist, mit einer Sicherungsvorrichtung (20) und einem Ziel zu kommunizieren; und

    eine Abgriffsvorrichtung (30) zum Überwachen von Nachrichten, die über eine erste Kommunikationsverbindung zwischen der Kommunikationsvorrichtung (10) und der Sicherungsvorrichtung (20) gesendet werden.


     


    Revendications

    1. Procédé de communication, comprenant les étapes suivantes :

    avant l'émission par un dispositif de communication (10) d'un premier message destiné à une destination, l'émission d'un message de sauvegarde incluant une sauvegarde du premier message du dispositif de communication (10) dans un dispositif de sauvegarde (20) via une liaison de communication, ladite liaison de communication étant établie avec un dispositif d'écoute téléphonique (30) sur un point de la liaison de communication entre le dispositif de communication (10) et le dispositif de sauvegarde (20), ledit dispositif d'écoute téléphonique (30) étant prévu pour transmettre une copie d'écoute téléphonique au dispositif de communication (10) vérifiant que le message de sauvegarde est en cours de transmission sur la liaison de communication ; et,

    après confirmation, par le dispositif de communication (10), de la copie d'écoute téléphonique du message de sauvegarde en provenance du dispositif d'écoute téléphonique (30) sur la liaison de communication, l'émission du premier message vers la destination.


     
    2. Procédé selon la revendication 1, comprenant la vérification de la copie d'écoute téléphonique avant l'émission du premier message vers la destination.
     
    3. Procédé selon la revendication 1, où le message de sauvegarde comprend une copie du premier message.
     
    4. Procédé selon la revendication 1, où le message de sauvegarde comprend des informations pouvant être utilisées pour recréer le premier message ou créer un message de substitution.
     
    5. Procédé selon la revendication 1, où la liaison de communication entre le dispositif de communication (10) et le dispositif de sauvegarde (20) est une liaison de communication physique non divisée.
     
    6. Procédé selon la revendication 1, où le dispositif d'écoute téléphonique (30) est placé sur la liaison de communication à proximité du dispositif de communication (10).
     
    7. Procédé selon la revendication 1, comprenant la vérification de l'état du dispositif de sauvegarde (20) sur la base d'un message d'accusé de réception reçu du dispositif de sauvegarde (20), ledit message d'accusé de réception indiquant que le message de sauvegarde a été reçu.
     
    8. Procédé selon la revendication 1, comprenant :

    avant l'émission du premier message destiné à la destination, l'émission du message de sauvegarde via une deuxième liaison de communication ; et,

    après confirmation d'une copie d'écoute téléphonique en provenance du dispositif d'écoute téléphonique (30) sur la liaison de communication et/ou d'un deuxième dispositif d'écoute téléphonique (30a) sur la deuxième liaison de communication, l'émission du premier message vers la destination.


     
    9. Procédé selon la revendication 1, comprenant la réception de messages de pulsation du dispositif de sauvegarde (20).
     
    10. Procédé selon la revendication 1, comprenant : l'émission de messages de pulsation via la première liaison de communication vers le dispositif de sauvegarde (20) ; et la réception de messages d'écoute téléphonique correspondants en provenance du dispositif d'écoute téléphonique (30) et de messages d'accusé de réception de pulsation en provenance du dispositif de sauvegarde (20).
     
    11. Procédé selon la revendication 1, comprenant : le déclenchement d'un mode de sauvegarde secondaire si un message d'accusé de réception ou un message de pulsation n'est pas reçu pendant un laps de temps défini.
     
    12. Procédé selon la revendication 11, où le déclenchement du mode de sauvegarde secondaire comprend la transmission du message de sauvegarde à un deuxième dispositif de sauvegarde (20a).
     
    13. Procédé selon l'une des revendications 1 à 12, où le dispositif d'écoute téléphonique (30) est un dispositif passif permettant le passage ininterrompu de signaux émis par le dispositif de communication (10) vers le dispositif de sauvegarde (20) en surveillant le contenu desdits signaux.
     
    14. Dispositif de communication (10), comprenant : au moins un processeur prévu pour exécuter toutes les étapes du procédé selon l'une des revendications 1 à 13 lorsque celui-ci est exécuté par un ordinateur.
     
    15. Système de communication (100, 200, 201), ledit système (100, 200, 201) comprenant :

    le dispositif de communication (10) selon la revendication 14 prévu pour communiquer avec un dispositif de sauvegarde (20) et une destination ; et

    un dispositif d'écoute téléphonique (30) pour la surveillance de messages transmis via une première liaison de communication entre le dispositif de communication (10) et le dispositif de sauvegarde (20).


     




    Drawing















    REFERENCES CITED IN THE DESCRIPTION



    This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

    Patent documents cited in the description