WO2024252454A1 - Air conditioning system and authentication method - Google Patents

Abstract

This air conditioning system comprises a plurality of devices (100A, 100B, 100C, 100D, 100E, 100F, 100G) each including an outdoor unit and an indoor unit. Each of the plurality of devices (100A, 100B, 100C, 100D, 100E, 100F, 100G) belongs to at least one network from among a plurality of networks (200A, 200B, 200C). Each of the plurality of networks (200A, 200B, 200C) is provided with an authentication device that authenticates other devices belonging to the network to which a host device belongs.

Description

Air conditioning system and authentication method

This disclosure relates to an air conditioning system and an authentication method.

In recent years, there have been cases where air conditioning systems equipped with outdoor and indoor units have become targets of cyber attacks. For this reason, security measures against cyber attacks are desired for air conditioning systems. One security measure is, for example, equipment authentication, which verifies that each device in the air conditioning system is a legitimate device.

Such technology for device authentication is described, for example, in Patent Document 1. Patent Document 1 describes an air conditioning system in which an outdoor unit of an air conditioner authenticates a system controller for operating the air conditioner.

International Publication No. 2021/166105

However, the technology described in Patent Document 1 is insufficient as a security measure because it does not authenticate any devices other than the system controller among the devices in the air conditioning system. Here, for example, if one device in the air conditioning system authenticates all other devices, the time required for device authentication becomes enormous. For this reason, there is a demand for technology that shortens the time required for authentication of devices in the air conditioning system.

This disclosure has been made in consideration of the above problems, and aims to provide an air conditioning system and authentication method that shortens the time required to authenticate devices included in the air conditioning system.

In order to achieve the above object, the air conditioning system according to the present disclosure comprises:
An air conditioning system having a plurality of devices including an outdoor unit and an indoor unit,
Each of the plurality of devices belongs to at least one of a plurality of networks;
Each of the plurality of networks includes an authentication device that authenticates other devices that belong to the network to which the own device belongs.

In the present disclosure, each of the multiple networks is equipped with an authentication device that authenticates other devices that belong to the network to which the device belongs. Therefore, according to the present disclosure, it is possible to reduce the time required to authenticate devices equipped in an air conditioning system.

A configuration diagram of an air conditioning system according to a first embodiment. Configuration diagram of device according to embodiment 1 Explanation of authentication procedure for each device FIG. 1 is an explanatory diagram of an authentication method in an air conditioning system according to a first embodiment. Illustration of authentication-related information FIG. 1 is a sequence diagram showing the flow of processing executed by each device according to the first embodiment. Configuration diagram of an air conditioning system according to embodiment 2 FIG. 13 is an explanatory diagram of an authentication method in an air conditioning system according to a second embodiment. FIG. 11 is a sequence diagram showing the flow of processing executed by each device according to the second embodiment. FIG. 13 is an explanatory diagram of an authentication method in an air conditioning system according to a third embodiment. FIG. 13 is an explanatory diagram of an authentication method in an air conditioning system according to a fourth embodiment. FIG. 13 is an explanatory diagram of an authentication method in an air conditioning system according to a fifth embodiment. FIG. 13 is an explanatory diagram of an authentication method in an air conditioning system according to a sixth embodiment. A sequence diagram showing the flow of processing executed by each device according to the sixth embodiment.

Below, the embodiments of the present disclosure will be described in detail with reference to the drawings. Note that the same or equivalent parts in the drawings are given the same reference numerals.

(Embodiment 1)
Fig. 1 is a diagram showing the configuration of an air conditioning system 1000 according to this embodiment. The air conditioning system 1000 is a system for conditioning the air inside a building, a condominium, an apartment, a factory, etc. The air conditioning system 1000 has a function of authenticating each device included in the air conditioning system 1000. Device authentication is to confirm whether a device is a legitimate device or an illegitimate device.

A legitimate device is, for example, a device that has not been disguised by spoofing and is a reliable device. An unauthorized device is, for example, a device that has been disguised by spoofing and is an unreliable device. The air conditioning system 1000 includes a cloud server 110, a system controller 120, an outdoor unit 131, an outdoor unit 132, an indoor unit 141, an indoor unit 142, an individual controller 143, an indoor unit 144, an indoor unit 145, an individual controller 146, an individual controller 151, and a communication adapter 152.

The cloud server 110 is a server that provides resources in cloud computing and provides services related to air conditioning processing. In this embodiment, the cloud server 110 remotely controls and monitors each device in the air conditioning system 1000 via the system controller 120.

The system controller 120 is a device that controls the overall operation of the air conditioning system 1000. The cloud server 110 and the system controller 120 are connected to each other via at least one of the communication lines 311 and 312. In other words, the cloud server 110 and the system controller 120 may be connected to each other via the communication line 311, or may be connected to each other via the communication lines 311 and 312 that are connected to each other by the broadband router 500.

The communication line 311 is the Internet, a telephone network, etc. This telephone network is compatible with LTE (Long Term Evolution), 4G (4th Generation), 5G (5th Generation), etc. The communication line 312 is, for example, a line for a LAN (Local Area Network) provided in a building, condominium, apartment, factory, etc. The cloud server 110, the system controller 120, the communication lines 311, and the communication lines 312 constitute the network 210. The network 210 is a network to which devices used for remote operation among the devices provided in the air conditioning system 1000 are connected. Hereinafter, the network 210 will be referred to as the remote operation system, and communication using the network 210 will be referred to as remote operation system communication, as appropriate.

Outdoor units 131 and 132 are equipment devices that condition indoor air and are installed outdoors. Conditioning indoor air means adjusting the temperature, humidity, air cleanliness, etc. of the indoor air. Indoor units 141, 142, 144, and 145 are equipment devices that are installed indoors and are installed outdoors. Indoor units 141, 142, 144, and 145 blow air into the room for heating, cooling, dehumidification, ventilation, etc. Outdoor unit 131 circulates refrigerant between indoor units 141 and 142 via refrigerant piping (not shown). Outdoor unit 132 circulates refrigerant between indoor units 144 and 145 via refrigerant piping (not shown).

Individual controller 143 is a controller for controlling devices belonging to network 231 to which the device itself belongs. In other words, individual controller 143 is a controller for controlling outdoor unit 131, indoor unit 141, and indoor unit 142. Individual controller 146 is a controller for controlling devices belonging to network 232 to which the device itself belongs. In other words, individual controller 146 is a controller for controlling outdoor unit 132, indoor unit 144, and indoor unit 145.

The system controller 120 and the outdoor units 131 and 132 are connected to each other via a communication line 320. The communication line 320 is a line for connecting the system controller 120 to the air conditioning devices. In this embodiment, the air conditioning devices connected to the system controller 120 are two air conditioning devices, the outdoor units 131 and 132. The system controller 120, the outdoor units 131 and 132, and the communication line 320 constitute a network 220. The network 220 is a network to which the system controller 120 and the air conditioning devices are connected. Hereinafter, the network 220 will be referred to as the system controller system, and communication using the network 220 will be referred to as system controller system communication, as appropriate.

The outdoor unit 131, the indoor unit 141, the indoor unit 142, and the individual controller 143 are connected to each other via a communication line 331. The outdoor unit 132, the indoor unit 144, the indoor unit 145, and the individual controller 146 are connected to each other via a communication line 332. Each of the communication lines 331 and 332 is a line for connecting devices in the same refrigerant system.

Outdoor unit 131, indoor unit 141, indoor unit 142, individual controller 143, and communication line 331 constitute network 231. Outdoor unit 132, indoor unit 144, indoor unit 145, individual controller 146, and communication line 332 constitute network 232. Each of networks 231 and 232 is a network to which devices in the same refrigerant system are connected. Hereinafter, networks 231 and 232 will be referred to as the refrigerant system, and communication using network 231 or network 232 will be referred to as refrigerant system communication, as appropriate.

The individual controller 151 is a controller for controlling devices connected to itself. In other words, the individual controller 151 is a controller for controlling the indoor unit 141. The indoor unit 141 and the individual controller 151 are connected to each other via a communication line 341. The communication line 341 is a line for connecting the indoor unit 141 and the individual controller 151. The indoor unit 141, the individual controller 151, and the communication line 341 constitute a network 241. The network 241 is a network to which the indoor unit 141 and the individual controller 151 are connected. Hereinafter, the network 241 will be referred to as an individual controller system, and communication using the network 241 will be referred to as individual controller system communication, as appropriate.

The communication adapter 152 is a communication adapter for expanding the system to which the device connected to the communication adapter 152 belongs. In other words, the communication adapter 152 is a communication adapter for expanding the air conditioning system 1000 to which the indoor unit 145 belongs. The indoor unit 145 and the communication adapter 152 are connected to each other via a communication line 342. The communication line 342 is a line for connecting the indoor unit 145 and the communication adapter 152. The indoor unit 145, the communication adapter 152, and the communication line 342 constitute a network 242.

Network 242 is a network to which indoor unit 145 and communication adapter 152 are connected. Hereinafter, network 242 will be referred to as the system expansion system, and communication using network 242 will be referred to as system expansion system communication. Note that communication adapter 152 has a function of connecting network 232 with a network not shown. Therefore, communication adapter 152 is also connected to devices not shown that belong to a network not shown.

As explained above, the air conditioning system 1000 includes a plurality of devices 100 that belong to at least one of a plurality of networks included in the air conditioning system 1000. Device 100 is a collective term for outdoor unit 131, outdoor unit 132, indoor unit 141, indoor unit 142, individual controller 143, indoor unit 144, indoor unit 145, individual controller 146, individual controller 151, and communication adapter 152. As shown in FIG. 2, device 100 includes, for example, control unit 11, memory unit 12, display unit 13, operation reception unit 14, first communication unit 15, and second communication unit 16.

The control unit 11 includes a CPU (Central Processing Unit), ROM (Read Only Memory), RAM (Random Access Memory), RTC (Real Time Clock), etc. The CPU is also called a central processing unit, central processing unit, processor, microprocessor, microcomputer, DSP (Digital Signal Processor), etc., and functions as a central processing unit that executes processes and calculations related to the control of the device 100. In the control unit 11, the CPU reads out programs and data stored in the ROM and uses the RAM as a work area to control the device 100. The RTC is, for example, an integrated circuit with a timekeeping function. The CPU can determine the current date and time from the time information read from the RTC.

The memory unit 12 is equipped with non-volatile semiconductor memory such as flash memory, EPROM (Erasable Programmable ROM), and EEPROM (Electrically Erasable Programmable ROM), and serves as a so-called auxiliary storage device. The memory unit 12 stores programs and data used by the control unit 11 to execute various processes. The memory unit 12 also stores data generated or acquired by the control unit 11 as a result of executing various processes.

The display unit 13 displays various images according to the control of the control unit 11. For example, the display unit 13 displays a screen for accepting various operations from the user. The display unit 13 includes a touch screen, a liquid crystal display, etc. The operation acceptance unit 14 accepts various operations from the user and supplies information indicating the contents of the accepted operations to the control unit 11. The operation acceptance unit 14 includes a touch screen, a button, a lever, etc.

The first communication unit 15 communicates with the device 100 connected to a certain network in accordance with the control of the control unit 11. The second communication unit 16 communicates with the device 100 connected to another network in accordance with the control of the control unit 11. The first communication unit 15 and the second communication unit 16 communicate with the device 100 in accordance with various wired communication standards or various wireless communication standards. Wireless communication standards include Wi-Fi (registered trademark), Bluetooth (registered trademark), Zigbee (registered trademark), LTE (Long Term Evolution), 4G (4th Generation), 5G (5th Generation), etc. Wired communication standards include Ethernet (registered trademark), USB (Universal Serial Bus, registered trademark), Thunderbolt (registered trademark), etc. The first communication unit 15 and the second communication unit 16 are provided with communication interfaces that comply with various communication standards.

The device 100 does not have to include all of the control unit 11, the memory unit 12, the display unit 13, the operation reception unit 14, the first communication unit 15, and the second communication unit 16. For example, the device 100 does not have to include the display unit 13, does not have to include the operation reception unit 14, does not have to include the first communication unit 15, and does not have to include the second communication unit 16.

Next, the authentication procedure for each device 100 used in the air conditioning system 1000 will be described with reference to FIG. 3.

First, in this embodiment, each of the multiple devices 100 included in the air conditioning system 1000 belongs to at least one of the multiple networks 200 included in the air conditioning system 1000. Network 200 is a collective term for network 210, network 220, network 231, network 232, network 241, and network 242. Each of the multiple networks 200 includes an authentication device that authenticates other devices that belong to the network 200 to which the device itself belongs, and an authenticated device that is authenticated by the authentication device. In this embodiment, authentication of the device 100 across networks 200 is not performed, and authentication of the device 100 is completed within the network 200. In other words, in this embodiment, authentication of the device 100 is performed for each network 200.

In this embodiment, the multiple networks 200 provided in the air conditioning system 1000 include a first network, a second network, and a third network, and the multiple devices 100 provided in the air conditioning system 1000 include a first authentication device, a second authentication device, and a third authentication device. The first authentication device belongs to the first network and authenticates other devices that belong to the first network. The second authentication device belongs to the first network and the second network, is authenticated by the first authentication device, and authenticates other devices that belong to the second network. The third authentication device belongs to the second network and the third network, is authenticated by the second authentication device, and authenticates other devices that belong to the third network.

For example, as shown in FIG. 3, assume that in network 200A, devices 100A, 100B, and 100C are connected by communication line 300A, in network 200B, devices 100B, 100D, and 100E are connected by communication line 300B, and in network 200C, devices 100D, 100F, and 100G are connected by communication line 300C. Hereinafter, communication lines 300A, 300B, and 300C will be collectively referred to as communication line 300 as appropriate. In this case, in network 200A, device 100A authenticates devices 100B and 100C. Therefore, device 100A is the authenticating device, and devices 100B and 100C are authenticated devices.

In network 200B, device 100B authenticates devices 100D and 100E. Therefore, device 100B is an authenticating device, and devices 100D and 100E are authenticated devices. In network 200C, device 100D authenticates devices 100F and 100G. Therefore, device 100D is an authenticating device, and devices 100F and 100G are authenticated devices.

Network 200A is an example of a first network, network 200B is an example of a second network, and network 200C is an example of a third network. Device 100A is an example of a first authenticated device, device 100B is an example of a second authenticated device, and device 100D is an example of a third authenticated device. In this embodiment, in each network 200, one authenticated device authenticates all other devices 100 as authenticated devices, and authenticated devices other than the first authenticated device are authenticated by authenticated devices belonging to other networks 200.

In this embodiment, network 210 corresponds to network 200A, network 220 corresponds to network 200B, and networks 231 and 232 correspond to network 200C. In this embodiment, cloud server 110 corresponds to device 100A, system controller 120 corresponds to device 100B, and outdoor units 131 and 132 correspond to device 100C.

Below, the authentication method in the air conditioning system 1000 will be specifically described with reference to FIG. 4. As shown in FIG. 4, in this embodiment, the multiple devices 100 included in the air conditioning system 1000 are connected in a tree structure.

Cloud server 110 is the root node. System controller 120 is a child node with cloud server 110 as the parent node. Outdoor units 131 and 132 are child nodes with system controller 120 as the parent node. Indoor units 141, 142, and individual controller 143 are child nodes with outdoor unit 131 as the parent node. Indoor units 144, 145, and individual controller 146 are child nodes with outdoor unit 132 as the parent node. Individual controller 151 is a child node with indoor unit 141 as the parent node. Communication adapter 152 is a child node with indoor unit 145 as the parent node.

In this embodiment, a parent node authenticates a child node. That is, an authentication device provided in each of the multiple networks 200 authenticates a device 100 that corresponds to a child node from the perspective of the authentication device itself. Specifically, the cloud server 110, which is a first authentication device, authenticates the system controller 120 in the network 210, which is the first network. The system controller 120, which is a second authentication device, authenticates the outdoor units 131 and 132 in the network 220, which is the second network.

The outdoor unit 131, which is a third authentication device, authenticates the indoor units 141, 142, and individual controller 143 within network 231, which is the third network. The outdoor unit 132, which is a third authentication device, authenticates the indoor units 144, 145, and individual controller 146 within network 232, which is the third network. The indoor unit 141, which is a fourth authentication device, authenticates the individual controller 151 within network 241, which is the fourth network. The indoor unit 145, which is a fourth authentication device, authenticates the communication adapter 152 within network 242, which is the fourth network.

In this way, devices 100 belonging to both the upper network 200 and the lower network 200 are devices to be authenticated in the upper network 200, and are authenticating devices in the lower network 200. For example, the outdoor unit 131 is a device to be authenticated in the network 220, and is an authenticating device in the network 231. Also, for example, the indoor unit 141 is a device to be authenticated in the network 231, and is an authenticating device in the network 241.

In this embodiment, the authenticating device authenticates the authenticated device based on authentication-related information written to the memory unit 12 of the device 100 when the device 100 is shipped. FIG. 5 shows the authentication-related information. The authentication-related information includes a CA (Certificate Authority) certificate, a device certificate, a device private key, and a device public key. The CA certificate is a certificate common to all manufacturers and is used to verify the device certificate. The CA certificate is created by the manufacturer and written to the memory unit 12 of each device 100 when the device 100 is shipped from the factory. The CA certificate includes a CA public key. Information encrypted with the CA private key can be decrypted with the CA public key.

The device certificate is a certificate unique to the device 100, and includes a device public key signed with a CA private key. The device certificate is created by the manufacturer and written to the memory unit 12 of the device 100 when the device 100 is shipped from the factory. The device private key is a private key unique to the device 100. The device public key is a public key unique to the device 100. Information encrypted with the device public key can be decrypted with the device private key. The device private key and device public key are created by the device 100 itself, and written to the memory unit 12 of the device 100 when the device 100 is shipped from the factory.

In this embodiment, the authenticating device authenticates the authenticated device by verifying the device certificate of the authenticated device obtained from the authenticated device with the CA certificate held by the authenticating device. The authentication process executed by the air conditioning system 1000 will be described below with reference to FIG. 6. Note that FIG. 6 shows sequences related to the cloud server 110, system controller 120, outdoor unit 131, indoor unit 141, and individual controller 151, and omits sequences related to other devices.

The cloud server 110, the system controller 120, the outdoor unit 131, the indoor unit 141, and the individual controller 151 each start device authentication in response to the occurrence of a device authentication trigger. The device authentication trigger is set for each device 100, for example, and it is possible for each device 100 in each network to proceed with device authentication completely in parallel. Therefore, the order in which device authentication is started is not limited to the example shown in FIG. 6. For example, in FIG. 6, device authentication of the outdoor unit 131 by the system controller 120 may be executed after device authentication of the individual controller 151 by the indoor unit 141. Possible device authentication triggers include a user operation on a user interface, a trigger based on plug and play, etc. Possible user operations include a user operation on an operation reception unit 14 equipped with a touch screen, dip switches, etc.

When the above trigger occurs, in step ST111, the cloud server 110 requests the system controller 120 for the system controller 120's device certificate. Meanwhile, in step ST122, the system controller 120 transmits the system controller 120's device certificate to the cloud server 110. In step ST113, the cloud server 110 verifies the device certificate received from the system controller 120 with the CA certificate held by the cloud server 110.

Specifically, the cloud server 110 decrypts the device public key, which is included in the device certificate and signed with the CA private key, using the CA public key included in the CA certificate. If the cloud server 110 is successful in decrypting the device public key using the CA public key, it determines that the device certificate is a legitimate certificate and that the system controller 120 is a legitimate device 100. If the cloud server 110 is unsuccessful in decrypting the device public key using the CA public key, it determines that the device certificate is an invalid certificate and that the system controller 120 is an invalid device 100.

When the above-mentioned trigger occurs, in step ST121, the system controller 120 requests the outdoor unit 131 for its device certificate from the outdoor unit 131. Meanwhile, in step ST132, the outdoor unit 131 transmits its device certificate to the system controller 120. In step ST123, the system controller 120 verifies the device certificate received from the outdoor unit 131 with the CA certificate held by the system controller 120.

The system controller 120, outdoor unit 131, indoor unit 141, etc. verify the device certificate with the CA certificate using a method similar to that used by the cloud server 110. Although not shown in the figure, the system controller 120 also requests a device certificate from the outdoor unit 132, and verifies the device certificate obtained from the outdoor unit 132 with the CA certificate.

When the above trigger occurs, in step ST131, the outdoor unit 131 requests the indoor unit 141's device certificate from the indoor unit 141. Meanwhile, in step ST142, the indoor unit 141 transmits the indoor unit 141's device certificate to the outdoor unit 131. In step ST133, the outdoor unit 131 verifies the device certificate received from the indoor unit 141 with the CA certificate held by the outdoor unit 131.

Although not shown in the figure, the outdoor unit 131 also requests device certificates from the indoor unit 142 and the individual controller 143, and verifies the device certificates obtained from the indoor unit 142 and the individual controller 143 with the CA certificate. Although not shown in the figure, the outdoor unit 132 also requests device certificates from the indoor unit 144, the indoor unit 145, and the individual controller 146, and verifies the device certificates obtained from the indoor unit 144, the indoor unit 145, and the individual controller 146 with the CA certificate.

When the above trigger occurs, in step ST141, the indoor unit 141 requests the individual controller 151 for its device certificate from the individual controller 151. Meanwhile, in step ST152, the individual controller 151 transmits its device certificate to the indoor unit 141. In step ST143, the indoor unit 141 verifies the device certificate received from the individual controller 151 with the CA certificate held by the indoor unit 141. Although not shown in the figure, the indoor unit 145 requests a device certificate from the communication adapter 152 and verifies the device certificate obtained from the communication adapter 152 with the CA certificate.

The authentication device transmits the authentication result from its own device and the authentication result acquired from the child node to the parent node. Specifically, in step ST144, the indoor unit 141 transmits the authentication result for the individual controller 151 to the outdoor unit 131. Also, although not shown, the indoor unit 145 transmits the authentication result for the communication adapter 152 to the outdoor unit 132. Also, in step ST134, the outdoor unit 131 transmits the authentication results for the indoor unit 141, indoor unit 142, individual controller 143, and individual controller 151 to the system controller 120.

Although not shown, the outdoor unit 132 transmits the authentication results for the indoor units 144, 145, the individual controller 146, and the communication adapter 152 to the system controller 120. In step ST124, the system controller 120 transmits the authentication results for the outdoor units 131, 132, the indoor units 141, 142, the individual controller 143, the indoor units 144, 145, the individual controller 146, the individual controller 151, and the communication adapter 152 to the cloud server 110. As a result, all authentication results are supplied to the cloud server 110, which is the root node.

Afterwards, encrypted communication is performed between the authenticated devices 100. Specifically, first, the authentication device generates a pair of a network public key and a network private key. The authentication device encrypts the network certificate signed with the authenticating device's device private key and the network private key with the device public key of the authenticated device, and sends it to the authenticated device. The authenticated device decrypts the encrypted network certificate and network private key with the authenticated device's device private key. Note that the network certificate contains the network public key. Afterwards, the authentication device and authenticated device perform encrypted communication based on the network certificate, for example, in accordance with the Datagram Transport Layer Security (DTLS) protocol.

In this embodiment, each of the multiple networks 200 included in the air conditioning system 1000 includes an authentication device that authenticates other devices that belong to the network 200 to which the local device belongs. In other words, in this embodiment, an authentication device is provided for each network 200, and device authentication is performed for each network 200. Therefore, in this embodiment, authentication sequences in the multiple networks 200 can be performed in parallel.

In this embodiment, the time required for device authentication of the entire air conditioning system 1000 is shorter than in a configuration in which a single device 100, such as the cloud server 110 or the system controller 120, authenticates all of the other devices 100. In other words, according to this embodiment, the time required for authentication of the devices 100 included in the air conditioning system 1000 can be shortened. Note that each authentication device does not need to have high processing power because it does not need to authenticate devices 100 that belong to a network 200 to which the device does not belong.

In addition, in this embodiment, a second authentication device that belongs to both the first network and the second network and authenticates other devices that belong to the second network is authenticated by the first authentication device that belongs to the first network. In addition, in this embodiment, a third authentication device that belongs to both the second network and the third network and authenticates other devices that belong to the third network is authenticated by the second authentication device that belongs to the second network. In other words, in this embodiment, authentication devices other than the first authentication device are authenticated by the other authentication devices. Therefore, according to this embodiment, it is possible to authenticate all devices 100 other than the first authentication device, which is the base point of authentication.

Furthermore, in this embodiment, the first authenticated device is the cloud server 110, and the second authenticated device is the system controller 120. The cloud server 110 is a device 100 that is less likely to be spoofed and is more reliable than the system controller 120. For this reason, it is believed that no particular problem will arise if the cloud server 110 is not authenticated by other devices. Furthermore, the system controller 120 is authenticated by the cloud server 110. Therefore, according to this embodiment, improved security can be expected.

In addition, in this embodiment, the multiple devices 100 in the air conditioning system 1000 are connected in a tree structure, and the authentication devices in each of the multiple networks 200 authenticate the devices 100 that correspond to child nodes from the perspective of the device itself. In this embodiment, a chain of device authentication is established in which the parent node authenticates the child node with the root node as the base point. Therefore, according to this embodiment, all devices 100 other than the root node are properly authenticated.

In addition, in this embodiment, the authentication sequence in each network 200 is independent, and it is possible to employ an authentication sequence that is not dependent on the device configuration, network configuration, etc. For example, in this embodiment, the first authentication device, which is the base point of device authentication, authenticates other devices that belong to the first network to which the first authentication device belongs. If the first authentication device belongs to multiple first networks, the first authentication device authenticates other devices that belong to each first network. If the authenticated device that has been authenticated by the first authentication device also belongs to a second network to which the first authentication device does not belong, it authenticates other devices that belong to the second network as the second authentication device.

If the authenticated device that has been authenticated by the second authentication device also belongs to a third network to which the second authentication device does not belong, it authenticates other devices that belong to the third network as a third authentication device. After that, using a similar procedure, the authenticated device that has been authenticated by the authentication device authenticates the other devices as an authenticating device if there are other devices that it should authenticate. With this configuration, all devices 100 other than the first authentication device, which is the base point for device authentication, are authenticated.

(Embodiment 2)
In the first embodiment, an example in which device authentication is performed based on the cloud server 110, which is difficult to spoof and highly reliable, has been described. In the present embodiment, an example in which device authentication is performed based on the refrigerant system device 100, which is difficult to spoof and highly reliable, in a case in which such a cloud server 110 does not exist, will be described. Note that descriptions of configurations and functions similar to those in the first embodiment will be omitted or simplified as appropriate.

FIG. 7 is a diagram showing the configuration of an air conditioning system 1200 according to this embodiment. The air conditioning system 1200 includes a system controller 120, an outdoor unit 131, an outdoor unit 132, an indoor unit 141, an indoor unit 142, an individual controller 143, an indoor unit 144, an indoor unit 145, an individual controller 146, an individual controller 151, and a communication adapter 152. The air conditioning system 1200 does not include a cloud server 110 that is difficult to spoof and highly reliable. Therefore, in this embodiment, equipment authentication is performed based on the refrigerant system equipment 100 that is difficult to spoof and considered to be highly reliable among the equipment 100 included in the air conditioning system 1200.

The refrigerant system equipment 100 includes outdoor unit 131, outdoor unit 132, indoor unit 141, indoor unit 142, indoor unit 144, indoor unit 145, etc. Here, generally, when considering the size of the outdoor unit and the indoor unit, it is considered that the outdoor unit is more difficult to replace with a fake and is less likely to be counterfeited. In other words, the outdoor unit is considered to be more reliable than the indoor unit. Also, generally, the outdoor unit often has a higher processing capacity than the indoor unit. Therefore, in this embodiment, the outdoor unit is adopted as the base point for equipment authentication. Specifically, in this embodiment, the outdoor unit 131 and the outdoor unit 132 are adopted as the base points for equipment authentication.

As shown in FIG. 8, in this embodiment, the multiple devices 100 included in the air conditioning system 1200 are connected in a tree structure, and the root node is the system controller 120.

In this embodiment, the outdoor unit 131, which is the first authentication device, authenticates the system controller 120 in network 220, which is the first network. The outdoor unit 131 authenticates the indoor units 141, 142, and the individual controller 143 in network 231, which is the first network. The outdoor unit 132, which is the first authentication device, authenticates the system controller 120 in network 220, which is the first network. The outdoor unit 132 authenticates the indoor units 144, 145, and the individual controller 146 in network 232, which is the first network. The indoor unit 141, which is the second authentication device, authenticates the individual controller 151 in network 241, which is the second network. The indoor unit 145, which is the second authentication device, authenticates the communication adapter 152 in network 242, which is the second network.

In this embodiment as well, the authenticating device authenticates the authenticated device by verifying the device certificate of the authenticated device obtained from the authenticated device with the CA certificate held by the authenticating device. The authentication process executed by the air conditioning system 1200 will be described below with reference to FIG. 9. Note that FIG. 9 shows the sequence relating to the system controller 120, outdoor unit 131, indoor unit 141, and individual controller 151, and omits the sequences relating to other devices.

First, the outdoor unit 131, which is the first authenticated device and the starting point of device authentication, starts device authentication in response to the occurrence of a device authentication trigger. When the above-mentioned trigger occurs, the outdoor unit 131 requests the system controller 120 for its device certificate in step ST231A. Meanwhile, the system controller 120 transmits the system controller 120's device certificate to the outdoor unit 131 in step ST222. In step ST233A, the outdoor unit 131 verifies the device certificate received from the system controller 120 with the CA certificate held by the outdoor unit 131.

Furthermore, in step ST231B, the outdoor unit 131 requests the indoor unit 141's device certificate from the indoor unit 141. Meanwhile, in step ST242, the indoor unit 141 transmits the indoor unit 141's device certificate to the outdoor unit 131. In step ST233B, the outdoor unit 131 verifies the device certificate received from the indoor unit 141 with the CA certificate held by the outdoor unit 131. Although not shown in the figure, the outdoor unit 131 also requests device certificates from the indoor unit 142 and the individual controller 143, and verifies the device certificates obtained from the indoor unit 142 and the individual controller 143 with the CA certificate. Furthermore, the outdoor unit 131 may authenticate the outdoor unit 132.

When the above-mentioned trigger occurs, in step ST241, the indoor unit 141 requests the individual controller 151 for its device certificate from the individual controller 151. Meanwhile, in step ST252, the individual controller 151 transmits its device certificate to the indoor unit 141. In step ST243, the indoor unit 141 verifies the device certificate received from the individual controller 151 with the CA certificate held by the indoor unit 141.

The authentication result is supplied to, for example, the outdoor unit 131, which is the device 100 that is the base point of the device authentication. That is, in step ST244, the indoor unit 141 transmits the authentication result for the individual controller 151 to the outdoor unit 131. This allows the outdoor unit 131 to obtain all authentication results of the device authentication based on the outdoor unit 131. Although not shown, the method of device authentication based on the outdoor unit 132 is the same as the method of device authentication based on the outdoor unit 131. After device authentication based on the outdoor unit 131 and device authentication based on the outdoor unit 132 are completed, encrypted communication is performed between the authenticated devices 100.

In this embodiment, the refrigerant-system equipment 100, which is difficult to spoof and highly reliable, is the base point of equipment authentication. Therefore, according to this embodiment, the refrigerant-system equipment 100, which is difficult to spoof and highly reliable, is prevented from being subjected to improper operation by equipment 100, which is easy to spoof and less reliable. Note that, in this embodiment, of the refrigerant-system equipment 100, which is difficult to spoof and highly reliable, the outdoor units 131 and 132 are the first authenticated equipment, which is the base point of equipment authentication. According to this embodiment, spoofing of the indoor units 141, 142, 144, and 145 can be detected.

In addition, in this embodiment, the first authentication device, which is the refrigerant system device 100 that is difficult to spoof and highly reliable, or the second authentication device authenticated by the first authentication device, authenticates the system controller 120 that is easy to spoof and has low reliability. Therefore, according to this embodiment, the refrigerant system device 100 is prevented from being subjected to improper operations by the system controller 120.

(Embodiment 3)
In the second embodiment, an example was described in which equipment authentication is performed based on a plurality of refrigerant system equipment 100. In the present embodiment, an example will be described in which equipment authentication is performed based on a single refrigerant system equipment 100. Note that descriptions of configurations and functions similar to those in the first and second embodiments will be omitted or simplified as appropriate.

As shown in FIG. 10, in the air conditioning system 1300 according to this embodiment, equipment authentication is performed with the outdoor unit 131 as the base point of equipment authentication. Specifically, the outdoor unit 131, which is the first authentication device, authenticates the system controller 120 and the outdoor unit 132 in the network 220, which is the first network. The outdoor unit 131 authenticates the indoor units 141, 142, and the individual controller 143 in the network 231, which is the first network. The outdoor unit 132, which is the second authentication device, authenticates the indoor units 144, 145, and the individual controller 146 in the network 232, which is the second network. The indoor unit 141, which is the second authentication device, authenticates the individual controller 151 in the network 241, which is the second network. The indoor unit 145, which is the third authentication device, authenticates the communication adapter 152 in the network 242, which is the third network.

In this embodiment, of the refrigerant system devices 100 that are difficult to counterfeit and highly reliable, the outdoor unit 131 is the first authenticated device that is the base point for device authentication. According to this embodiment, counterfeiting of the outdoor unit 132, indoor unit 141, indoor unit 142, indoor unit 144, and indoor unit 145 can be detected.

(Embodiment 4)
In the second embodiment, an example in which device authentication is performed based on outdoor units 131 and 132 has been described. In the present embodiment, an example in which device authentication is performed based on indoor units 141 and 144 will be described. Note that descriptions of configurations and functions similar to those in the first to third embodiments will be omitted or simplified as appropriate.

As shown in FIG. 11, in the air conditioning system 1400 according to this embodiment, equipment authentication is performed with the indoor units 141 and 144 as the base points of equipment authentication. Specifically, the indoor unit 141, which is the first authenticated device, authenticates the outdoor unit 131, the indoor unit 142, and the individual controller 143 within the network 231, which is the first network. The indoor unit 141, which is the first authenticated device, authenticates the individual controller 151 within the network 241, which is the first network. The outdoor unit 131, which is the second authenticated device, authenticates the system controller 120 within the network 220, which is the second network.

The indoor unit 144, which is the first authentication device, authenticates the outdoor unit 132, the indoor unit 145, and the individual controller 146 within the first network, network 232. The outdoor unit 132, which is the second authentication device, authenticates the system controller 120 within the second network, network 220. The indoor unit 145, which is the second authentication device, authenticates the communication adapter 152 within the second network, network 242.

In this embodiment, of the refrigerant system equipment 100 that is difficult to counterfeit and highly reliable, the indoor unit 141 and the indoor unit 144 are the first authenticated equipment that is the base point of equipment authentication. According to this embodiment, counterfeiting of the outdoor unit 131, the outdoor unit 132, the indoor unit 142, and the indoor unit 145 can be detected.

(Embodiment 5)
In the fourth embodiment, an example in which device authentication is performed based on the indoor units 141 and 144 has been described. In the present embodiment, an example in which device authentication is performed based on the indoor unit 141 will be described. Note that descriptions of configurations and functions similar to those in the first to fourth embodiments will be omitted or simplified as appropriate.

As shown in FIG. 12, in the air conditioning system 1500 according to this embodiment, equipment authentication is performed with the indoor unit 141 as the base point of equipment authentication. Specifically, the indoor unit 141, which is the first authentication device, authenticates the outdoor unit 131, the indoor unit 142, and the individual controller 143 within network 231, which is the first network. The indoor unit 141, which is the first authentication device, authenticates the individual controller 151 within network 241, which is the first network. The outdoor unit 131, which is the second authentication device, authenticates the system controller 120 and the outdoor unit 132 within network 220, which is the second network.

The outdoor unit 132, which is a third authenticated device, authenticates the indoor units 144, 145, and the individual controller 146 within the network 232, which is the third network. The indoor unit 145, which is a fourth authenticated device, authenticates the communication adapter 152 within the network 242, which is the fourth network.

In this embodiment, of the refrigerant system equipment 100 that is difficult to counterfeit and highly reliable, the indoor unit 141 is the base point for equipment authentication. According to this embodiment, counterfeiting of the outdoor unit 131, the outdoor unit 132, the indoor unit 142, the indoor unit 144, and the indoor unit 145 can be detected.

(Embodiment 6)
In the first embodiment, an example in which one-way authentication is performed in device authentication has been described. In the present embodiment, an example in which mutual authentication, which is two-way authentication, is performed in device authentication will be described. Note that the description of the same configurations and functions as those in the first to fifth embodiments will be omitted or simplified as appropriate.

As shown in FIG. 13, in this embodiment, the multiple devices 100 included in the air conditioning system 1600 are connected in a tree structure with the system controller 120 as the root node.

In this embodiment, the parent node authenticates the child node, and the child node authenticates the parent node. That is, the system controller 120 authenticates the outdoor units 131 and 132 within the network 220. Also, the outdoor units 131 and 132 authenticate the system controller 120 within the network 220.

The outdoor unit 131 authenticates the indoor units 141, 142, and individual controller 143 within the network 231. The indoor units 141, 142, and individual controller 143 authenticate the outdoor unit 131 within the network 231. The outdoor unit 132 authenticates the indoor units 144, 145, and individual controller 146 within the network 232. The indoor units 144, 145, and individual controller 146 authenticate the outdoor unit 132 within the network 232.

The indoor unit 141 authenticates the individual controller 151 within the network 241. The individual controller 151 authenticates the indoor unit 141 within the network 241. The indoor unit 145 authenticates the communication adapter 152 within the network 242. The communication adapter 152 authenticates the indoor unit 145 within the network 242.

Below, the authentication process executed by the air conditioning system 1600 will be described with reference to FIG. 14. Note that FIG. 14 shows sequences relating to the system controller 120, outdoor unit 131, indoor unit 141, and individual controller 151, and omits sequences relating to other devices.

First, in step ST321, the system controller 120 requests the outdoor unit 131 for its device certificate from the outdoor unit 131. Meanwhile, in step ST332A, the outdoor unit 131 transmits its device certificate to the system controller 120. In step ST323, the system controller 120 verifies the device certificate received from the outdoor unit 131 with the CA certificate held by the system controller 120.

Furthermore, in step ST331B, the outdoor unit 131 requests the system controller 120 for its device certificate from the system controller 120. Meanwhile, in step ST322B, the system controller 120 transmits the system controller 120's device certificate to the outdoor unit 131. In step ST333B, the outdoor unit 131 verifies the device certificate received from the system controller 120 with the CA certificate held by the outdoor unit 131. Although not shown in the figure, the system controller 120 and the outdoor unit 132 authenticate each other.

In addition, in step ST331A, the outdoor unit 131 requests the indoor unit 141's device certificate from the indoor unit 141. Meanwhile, in step ST342A, the indoor unit 141 transmits the indoor unit 141's device certificate to the outdoor unit 131. In step ST333A, the outdoor unit 131 verifies the device certificate received from the indoor unit 141 with the CA certificate held by the outdoor unit 131.

Furthermore, in step ST341B, the indoor unit 141 requests the outdoor unit 131 for its device certificate from the outdoor unit 131. Meanwhile, in step ST332B, the outdoor unit 131 transmits its device certificate to the indoor unit 141. In step ST343B, the indoor unit 141 verifies the device certificate received from the outdoor unit 131 with the CA certificate held by the indoor unit 141. Although not shown, mutual authentication is also performed between the outdoor unit 131 and the indoor unit 142, between the outdoor unit 131 and the individual controller 143, between the outdoor unit 132 and the indoor unit 144, between the outdoor unit 132 and the indoor unit 145, and between the outdoor unit 132 and the individual controller 146.

In addition, in step ST341A, the indoor unit 141 requests the individual controller 151 for its device certificate from the individual controller 151. Meanwhile, in step ST352, the individual controller 151 transmits its device certificate to the indoor unit 141. In step ST343A, the indoor unit 141 verifies the device certificate received from the individual controller 151 with the CA certificate held by the indoor unit 141.

Furthermore, in step ST351, the individual controller 151 requests the indoor unit 141's device certificate from the indoor unit 141. Meanwhile, in step ST342B, the indoor unit 141 transmits the indoor unit 141's device certificate to the individual controller 151. In step ST353, the individual controller 151 verifies the device certificate received from the indoor unit 141 with the CA certificate held by the individual controller 151. Although not shown in the figure, the indoor unit 145 and the communication adapter 152 authenticate each other.

The authentication result is supplied to the system controller 120, which is the root node, for example. Specifically, in step ST354, the individual controller 151 transmits the authentication result for the indoor unit 141 to the indoor unit 141. Although not shown in the figure, the communication adapter 152 transmits the authentication result for the indoor unit 145 to the indoor unit 145. Furthermore, in step ST344, the indoor unit 141 transmits the authentication result for the indoor unit 141 and the individual controller 151 to the outdoor unit 131. Although not shown in the figure, the indoor unit 145 transmits the authentication result for the indoor unit 145 and the communication adapter 152 to the outdoor unit 132.

Furthermore, in step ST334, the outdoor unit 131 transmits the authentication results for the outdoor unit 131, the indoor unit 141, the indoor unit 142, the individual controller 143, and the individual controller 151 to the system controller 120. Although not shown, the outdoor unit 132 transmits the authentication results for the outdoor unit 132, the indoor unit 144, the indoor unit 145, the individual controller 146, and the communication adapter 152 to the system controller 120. As a result, all authentication results are supplied to the system controller 120, which is the root node. Thereafter, encrypted communication is performed between the authenticated devices 100.

In this embodiment, mutual authentication is performed between authenticating devices and authenticated devices in each of the multiple networks 200. According to this embodiment, even if there is no cloud server 110 that is difficult to spoof and highly reliable, it is possible to authenticate all devices 100, including the system controller 120 and refrigerant system devices 100.

(Modification)
Although the embodiments of the present disclosure have been described above, various modifications and applications are possible when implementing the present disclosure. It is optional which parts of the configurations, functions, and operations described in the above embodiments are adopted in the present disclosure. In addition to the above-mentioned configurations, functions, and operations, further configurations, functions, and operations may be adopted in the present disclosure. The configurations, functions, and operations described in the above embodiments can be freely combined.

The trigger with which the authenticating device of each network 200 starts authenticating the authenticated device can be adjusted as appropriate. For example, the authenticating device of each network 200 may start authenticating the authenticated device in response to a request from a specific device 100 among the multiple devices 100 included in the air conditioning system 1000. Alternatively, the authenticating device of each network 200 may start authenticating the authenticated device spontaneously. In this way, the direction of device authentication and the order in which device authentication is performed do not have to match.

The configuration of the air conditioning system is not limited to that shown in embodiments 1-6. For example, in embodiment 1, the indoor unit 141 may be connected to the system controller 120 instead of the outdoor unit 131 in the network 220, and the indoor unit 141 and the outdoor unit 131 may be connected in the network 231. In this case, it is preferable that in the network 220, the indoor unit 141 is authenticated by the system controller 120, and in the network 231, the outdoor unit 131 is authenticated by the indoor unit 141.

The first authentication device that serves as the base point for device authentication is not limited to the device 100 shown in embodiment 1-6. For example, the outdoor unit 132 or the indoor unit 144 may be set alone as the first authentication device, or at least one device 100 among the system controller 120, the indoor unit 142, the individual controller 143, the indoor unit 145, the individual controller 146, the individual controller 151, and the communication adapter 152 may be set as the first authentication device.

Although multiple authentication devices may be provided in each network 200, it is preferable that one authentication device is provided in each network 200. The method of determining one authentication device in each network 200 can be adjusted as appropriate. It is preferable that the authentication device is a device 100 that always exists and is uniquely determined in each network 200. For example, in each network 200, the device 100 with the smallest network address, the device 100 supplying power to other devices in the network 200, etc. may be determined to be the authentication device.

This disclosure allows for various embodiments and modifications without departing from the broad spirit and scope of the disclosure. Furthermore, the above-described embodiments are intended to explain this disclosure and do not limit the scope of the disclosure. In other words, the scope of the disclosure is indicated by the claims, not the embodiments. Various modifications made within the scope of the claims and within the scope of the disclosure equivalent thereto are considered to be within the scope of this disclosure.

This disclosure is applicable to air conditioning systems equipped with multiple devices, including outdoor units and indoor units.

11 control unit, 12 memory unit, 13 display unit, 14 operation reception unit, 15 first communication unit, 16 second communication unit, 100, 100A, 100B, 100C, 100D, 100E, 100F, 100G equipment, 110 cloud server, 120 system controller, 131, 132 outdoor unit, 141, 142, 144, 145 indoor unit, 143, 146, 151 individual controller 152 Communication adapter, 200, 200A, 200B, 200C, 210, 220, 231, 232, 241, 242 Network, 300, 300A, 300B, 300C, 311, 312, 320, 331, 332, 341, 342 Communication line, 500 Broadband router, 1000, 1200, 1300, 1400, 1500, 1600 Air conditioning system

Claims (9)

An air conditioning system having a plurality of devices including an outdoor unit and an indoor unit,
Each of the plurality of devices belongs to at least one of a plurality of networks;
Each of the plurality of networks includes an authentication device that authenticates other devices that belong to the network to which the own device belongs.
Air conditioning system. the plurality of networks includes a first network and a second network;
the plurality of devices include a first authentication device that belongs to the first network and authenticates other devices that belong to the first network, and a second authentication device that belongs to both the first network and the second network, is authenticated by the first authentication device, and authenticates other devices that belong to the second network;
The air conditioning system of claim 1 . the plurality of networks includes the first network, the second network, and a third network;
the plurality of devices include the first authentication device, the second authentication device, and a third authentication device that belongs to the second network and the third network, is authenticated by the second authentication device, and authenticates other devices that belong to the third network;
3. The air conditioning system according to claim 2. the plurality of devices include a system controller that controls the outdoor unit and the indoor unit, and a cloud server connected to the system controller;
the first authentication device is the cloud server;
the second authentication device is the system controller;
4. An air conditioning system according to claim 2 or 3. The first authenticated device is one of the outdoor unit and the indoor unit.
4. An air conditioning system according to claim 2 or 3. The plurality of devices includes a system controller that controls the outdoor unit and the indoor unit,
The first authentication device or the second authentication device authenticates the system controller.
6. The air conditioning system according to claim 5. the plurality of devices are connected in a tree structure,
The authentication device included in each of the plurality of networks authenticates a device corresponding to a child node from the viewpoint of the authentication device itself.
An air conditioning system according to any one of claims 1 to 4. In each of the plurality of networks, mutual authentication is performed between the authentication device and the other device authenticated by the authentication device.
An air conditioning system according to any one of claims 1 to 7. An authentication method executed by an air conditioning system having a plurality of devices including an outdoor unit and an indoor unit,
Each of the plurality of devices belongs to at least one of a plurality of networks;
an authentication device provided in each of the plurality of networks authenticates other devices that belong to the network to which the authentication device belongs;
Authentication method.

Images