US20180316652A1 - Mobile-based equipment service system using encrypted code offloading - Google Patents

Mobile-based equipment service system using encrypted code offloading Download PDF

Info

Publication number
US20180316652A1
US20180316652A1 US15/499,356 US201715499356A US2018316652A1 US 20180316652 A1 US20180316652 A1 US 20180316652A1 US 201715499356 A US201715499356 A US 201715499356A US 2018316652 A1 US2018316652 A1 US 2018316652A1
Authority
US
United States
Prior art keywords
controller
mobile device
user
site
mobile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US15/499,356
Other versions
US10116635B1 (en
Inventor
Devu Manikantan Shila
Arthur T. Grondine
Michael Garfinkel
Teems E. Lovett
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Otis Elevator Co
Original Assignee
Otis Elevator Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Otis Elevator Co filed Critical Otis Elevator Co
Assigned to OTIS ELEVATOR COMPANY reassignment OTIS ELEVATOR COMPANY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GARFINKEL, MICHAEL, GRONDINE, Arthur T., LOVETT, Teems E., SHILA, DEVU MANIKANTAN
Priority to US15/499,356 priority Critical patent/US10116635B1/en
Priority to RU2018115262A priority patent/RU2761779C2/en
Priority to JP2018084674A priority patent/JP7157549B2/en
Priority to CN201810389388.7A priority patent/CN108810084B/en
Priority to KR1020180048288A priority patent/KR102605502B1/en
Priority to EP18169842.4A priority patent/EP3396581B1/en
Publication of US10116635B1 publication Critical patent/US10116635B1/en
Application granted granted Critical
Publication of US20180316652A1 publication Critical patent/US20180316652A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B66HOISTING; LIFTING; HAULING
    • B66BELEVATORS; ESCALATORS OR MOVING WALKWAYS
    • B66B1/00Control systems of elevators in general
    • B66B1/24Control systems with regulation, i.e. with retroactive action, for influencing travelling speed, acceleration, or deceleration
    • B66B1/2408Control systems with regulation, i.e. with retroactive action, for influencing travelling speed, acceleration, or deceleration where the allocation of a call to an elevator car is of importance, i.e. by means of a supervisory or group controller
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B66HOISTING; LIFTING; HAULING
    • B66BELEVATORS; ESCALATORS OR MOVING WALKWAYS
    • B66B1/00Control systems of elevators in general
    • B66B1/34Details, e.g. call counting devices, data transmission from car to control system, devices giving information to the control system
    • B66B1/3415Control system configuration and the data transmission or communication within the control system
    • B66B1/3446Data transmission or communication within the control system
    • B66B1/3461Data transmission or communication within the control system between the elevator control system and remote or mobile stations
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B66HOISTING; LIFTING; HAULING
    • B66BELEVATORS; ESCALATORS OR MOVING WALKWAYS
    • B66B1/00Control systems of elevators in general
    • B66B1/34Details, e.g. call counting devices, data transmission from car to control system, devices giving information to the control system
    • B66B1/46Adaptations of switches or switchgear
    • B66B1/468Call registering systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/62Uninstallation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B66HOISTING; LIFTING; HAULING
    • B66BELEVATORS; ESCALATORS OR MOVING WALKWAYS
    • B66B2201/00Aspects of control systems of elevators
    • B66B2201/40Details of the change of control mode
    • B66B2201/46Switches or switchgear
    • B66B2201/4607Call registering systems
    • B66B2201/4676Call registering systems for checking authorization of the passengers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present disclosure relates to equipment service system, and more particularly, to mobile-based equipment service systems using encrypted code offloading.
  • a mobile-based equipment service system applied by a user includes a remote server, a mobile device including a user interface, the mobile device being configured to send a user authentication message initiated by the user via the user interface to the remote server, wherein the remote server is configured to verify the user via the user authentication message and once verified, send an encrypted blob to the mobile device in response to the user authentication message, and at least one equipment controller configured to receive and decrypt the encrypted blob from the mobile device.
  • the mobile-based equipment service system includes at least one site, wherein each site of the at least one site includes at least one respective equipment controller of the at least one equipment controller, wherein the encrypted blob is secured by the remote server via a unique private key associated with a respective site of the at least one site.
  • the user authentication message includes a selected site of the at least one site selected by the user.
  • the encrypted blob includes firmware and a header configured to be extracted by a respective equipment controller of the at least one equipment controller.
  • the header includes the unique private key, and a duration to authenticate.
  • the header includes a version that is verified by the respective equipment controller.
  • the at least one site is a plurality of buildings.
  • the at least one site is a plurality of geographic regions.
  • the at least one equipment controller is at least one elevator controller.
  • the at least one equipment controller does not have internet connectivity.
  • the at least one equipment controller is configured to reply to the mobile device requesting the user authentication message from the user.
  • the encrypted blob is asymmetric encrypted.
  • a method of operating a mobile-based equipment service system includes sending a selected site from a mobile device to a remote server, encrypting a blob by the remote server using a private key associated with the selected site and preprogrammed into the remote server, sending the encrypted blob to the mobile device, sending the encrypted blob from the mobile device to a controller associated with the selected site, and decrypting the encrypted blob by the controller utilizing the private key preprogrammed into the controller.
  • the selected site is selected by a user of the mobile device and is sent to the remote server as part of an authentication message that includes credentials of the user.
  • the method includes sending a credential request from the controller to the mobile device, entering of credentials by a user into the mobile device, and sending the credentials from the mobile device to the controller.
  • the method includes comparing the credentials sent from the mobile device to a hash of credentials sent as part of the encrypted blob by the controller.
  • the remote server is cloud-based.
  • the mobile device is a smartphone.
  • the selected site is a building and the controller is an elevator controller.
  • FIG. 1 is a schematic of a mobile-based equipment service system as one, non-limiting, exemplary embodiment of the present disclosure.
  • FIG. 2 is a flowchart illustrating a method of operating the mobile-based equipment service system.
  • an exemplary embodiment of an equipment service system 20 which may be mobile-based, generally employs code offloading architecture and asymmetric encryption.
  • the equipment service system 20 may include, or may use portions of, a mobile device 22 , a remote server 24 , and at least one equipment controller 26 .
  • the mobile device 22 may communicate with the remote server 24 and the equipment controller 26 over respective pathways 28 , 30 that may be wired or wireless. If wireless, the pathways 28 , 30 may be association with such communication protocols as Bluetooth®, Wi-Fi, Near Field Communications (NFC), and others.
  • the mobile device 22 may include a user interface 32 that facilitates system interaction with a user (e.g., equipment repairman).
  • Non-limiting examples of the mobile device 22 may include a smartphone, a tablet, and others.
  • the remote server 24 may be cloud-based (i.e., cloud 24 ).
  • the equipment service system 20 generally enables the execution of code at the cloud 24 and/or the equipment controller 26 .
  • the mobile 22 may not execute code, and instead, may simply be a carrier of the code.
  • the remote server 24 and the controller 26 may be owned and controlled by a common company.
  • the equipment service system 20 may further include at least one site (i.e., two illustrated as 34 , 36 in FIG. 1 ).
  • Each site 34 , 36 may include at last one equipment controller 26 (i.e., three illustrated for each site 34 , 36 ).
  • Non-limiting examples of sites 34 , 36 may be a building, a geographic region, and others.
  • a non-limiting example of an equipment controller 26 may be an elevator controller that may be serviced by the manufacturer of the elevator.
  • the mobile device 22 , the remote server 24 , and the equipment controller 26 may each include respective processors 38 , 40 , 42 (e.g., microprocessors), and storage mediums 44 , 46 , 48 that may be computer writeable and readable.
  • a method of operating the equipment service system 20 is illustrated.
  • a user selects a site 34 , 36 and enters the selected site into the mobile device 22 via the user interface 32 .
  • the user may also enter user credentials into the mobile device 22 for security reasons.
  • the mobile device 22 may include an application that may recognize the user credentials internally.
  • the user credentials and selected site are sent to the remote server 24 as a user authentication message (see arrow 50 ).
  • the remote server 24 encrypts a blob with a site-based private key associated with selected site provided by the user.
  • the remote server 24 may include an application that is preprogrammed with and stores a unique private key for each respective site 34 , 36 . That is, site 34 is assigned a private key that is different than a private key of the site 36 .
  • the encryption of the blob 52 may be an asymmetric encryption employed to protect proprietary information contained within the blob 52 .
  • the remote server 24 sends the encrypted blob (see arrow 52 ) to the mobile device 22 .
  • the blob 52 may include a header and firmware.
  • the header may include a version (i.e., a version of the blob), a duration, a hash of user credentials (e.g., user password), an equipment controller identification, and a region or building code that the equipment belongs to.
  • the version may generally be an index.
  • the duration may be an authentication duration intended to provide a validity time limit that a particular executable is valid.
  • the hash of user credentials is intended for use by the controller 26 .
  • the mobile device 22 may store the encrypted blob 52 .
  • the user of the mobile device 22 may not be, or need not be, aware of the encrypted blob 52 being received and/or stored by the mobile device 22 .
  • the mobile device 22 may send the encrypted blob 52 to the controller 26 selected by the user based on need and at the user selected site (i.e., site 34 , or site 36 . That is, when the user authenticates to the Cloud initially, the user may request access to a given site.
  • the Cloud may include a database internally to check whether the requesting user has permissions to access the associated site and/or controller, and may then generate the blob for that controller.
  • the controller 26 that receives the encrypted blob 52 may decrypt the blob using the private key of the site receiving the blob.
  • the controller 26 may then extract the header, verify the version and also note the duration that any proprietary information is valid.
  • the controller 26 may request confirmation of the user credentials by sending a credential request (see arrow 54 ) to the mobile device 22 .
  • the user may input the requested credentials (e.g., user password) via the user interface 32 .
  • the mobile device 22 may send a credential response (see arrow 56 ) to the requesting controller 26 .
  • the controller may confirm the user by comparing the credential response to the hash of user credentials extracted from the header.
  • the controller 26 may send an authentication audit report (see arrow 58 ) through the mobile device 22 , and to the remote server 24 .
  • the authentication audit report may include the site-based private key, thereby notifying the remote server 24 of the source of the audit report.
  • the user may now have access to commands via, for example, a menu.
  • Advantages and benefits of the present disclosure include the secure use of a mobile device between a company cloud and a controller.
  • Other advantages include proprietary information that is never exposed to undesired individuals, a system where an attacker cannot perform dynamic memory analysis, a code that cannot be tampered with or modified, a coding system with duration of time limits for added security, and the prevention of user spoofing with encoding user identity.
  • Computer readable program codes may include source codes, object codes, executable codes, and others.
  • Computer readable mediums may be any type of media capable of being accessed by a computer, and may include Read Only Memory (ROM), Random Access Memory (RAM), a hard disk drive, a compact disc (CD), a digital video disc (DVD), or other forms.
  • ROM Read Only Memory
  • RAM Random Access Memory
  • CD compact disc
  • DVD digital video disc
  • a component may be, but is not limited to, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. It is understood that an application running on a server and the server may be a component.
  • One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Automation & Control Theory (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)
  • Indicating And Signalling Devices For Elevators (AREA)
  • Elevator Control (AREA)
  • Maintenance And Inspection Apparatuses For Elevators (AREA)

Abstract

A mobile-based equipment service system includes a remote server, a mobile device, and at least one equipment controller. The mobile device includes a user interface, and is configured to send a user authentication message, initiated by a user via the user interface, to the remote server. The remote server is configured to verify the user via the user authentication message and once verified, send an encrypted blob to the mobile device in response to the user authentication message. At least one equipment controller is configured to receive and decrypt the encrypted blob from the mobile device.

Description

    BACKGROUND
  • The present disclosure relates to equipment service system, and more particularly, to mobile-based equipment service systems using encrypted code offloading.
  • Current service tools used for accessing equipment controllers (e.g., elevator controllers) may rely on using a separate hardware tool that may securely authenticate to the controllers while preventing reverse engineering of proprietary codes and tampering attacks. Unfortunately, such hardware based capabilities may not be cost effective. Alternatively, use of mobile devices as a service tool may be feasible, but such mobile devices are not in control of the company providing the equipment services. It may further be difficult to enforce security requirements to facilitate tamper-proof hardware and an execution environment.
    • BRIEF DESCRIPTION
  • A mobile-based equipment service system applied by a user, the mobile-based equipment service system according to one, non-limiting, embodiment of the present disclosure includes a remote server, a mobile device including a user interface, the mobile device being configured to send a user authentication message initiated by the user via the user interface to the remote server, wherein the remote server is configured to verify the user via the user authentication message and once verified, send an encrypted blob to the mobile device in response to the user authentication message, and at least one equipment controller configured to receive and decrypt the encrypted blob from the mobile device.
  • Additionally to the foregoing embodiment, the mobile-based equipment service system includes at least one site, wherein each site of the at least one site includes at least one respective equipment controller of the at least one equipment controller, wherein the encrypted blob is secured by the remote server via a unique private key associated with a respective site of the at least one site.
  • In the alternative or additionally thereto, in the foregoing embodiment, the user authentication message includes a selected site of the at least one site selected by the user.
  • In the alternative or additionally thereto, in the foregoing embodiment, the encrypted blob includes firmware and a header configured to be extracted by a respective equipment controller of the at least one equipment controller.
  • In the alternative or additionally thereto, in the foregoing embodiment, the header includes the unique private key, and a duration to authenticate.
  • In the alternative or additionally thereto, in the foregoing embodiment, the header includes a version that is verified by the respective equipment controller.
  • In the alternative or additionally thereto, in the foregoing embodiment, the at least one site is a plurality of buildings.
  • In the alternative or additionally thereto, in the foregoing embodiment, the at least one site is a plurality of geographic regions.
  • In the alternative or additionally thereto, in the foregoing embodiment, the at least one equipment controller is at least one elevator controller.
  • In the alternative or additionally thereto, in the foregoing embodiment, the at least one equipment controller does not have internet connectivity.
  • In the alternative or additionally thereto, in the foregoing embodiment, the at least one equipment controller is configured to reply to the mobile device requesting the user authentication message from the user.
  • In the alternative or additionally thereto, in the foregoing embodiment, the encrypted blob is asymmetric encrypted.
  • A method of operating a mobile-based equipment service system according to another, non-limiting, embodiment includes sending a selected site from a mobile device to a remote server, encrypting a blob by the remote server using a private key associated with the selected site and preprogrammed into the remote server, sending the encrypted blob to the mobile device, sending the encrypted blob from the mobile device to a controller associated with the selected site, and decrypting the encrypted blob by the controller utilizing the private key preprogrammed into the controller.
  • Additionally to the foregoing embodiment, the selected site is selected by a user of the mobile device and is sent to the remote server as part of an authentication message that includes credentials of the user.
  • In the alternative or additionally thereto, in the foregoing embodiment, the method includes sending a credential request from the controller to the mobile device, entering of credentials by a user into the mobile device, and sending the credentials from the mobile device to the controller.
  • In the alternative or additionally thereto, in the foregoing embodiment, the method includes comparing the credentials sent from the mobile device to a hash of credentials sent as part of the encrypted blob by the controller.
  • In the alternative or additionally thereto, in the foregoing embodiment, the remote server is cloud-based.
  • In the alternative or additionally thereto, in the foregoing embodiment, the mobile device is a smartphone.
  • In the alternative or additionally thereto, in the foregoing embodiment, the selected site is a building and the controller is an elevator controller.
  • The foregoing features and elements may be combined in various combinations without exclusivity, unless expressly indicated otherwise. These features and elements as well as the operation thereof will become more apparent in light of the following description and the accompanying drawings. However, it should be understood that the following description and drawings are intended to be exemplary in nature and non-limiting.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Various features will become apparent to those skilled in the art from the following detailed description of the disclosed non-limiting embodiments. The drawings that accompany the detailed description can be briefly described as follows:
  • FIG. 1 is a schematic of a mobile-based equipment service system as one, non-limiting, exemplary embodiment of the present disclosure; and
  • FIG. 2 is a flowchart illustrating a method of operating the mobile-based equipment service system.
    •  DETAILED DESCRIPTION
  • Referring to FIG. 1, an exemplary embodiment of an equipment service system 20, which may be mobile-based, generally employs code offloading architecture and asymmetric encryption. The equipment service system 20 may include, or may use portions of, a mobile device 22, a remote server 24, and at least one equipment controller 26. The mobile device 22 may communicate with the remote server 24 and the equipment controller 26 over respective pathways 28, 30 that may be wired or wireless. If wireless, the pathways 28, 30 may be association with such communication protocols as Bluetooth®, Wi-Fi, Near Field Communications (NFC), and others. The mobile device 22 may include a user interface 32 that facilitates system interaction with a user (e.g., equipment repairman). Non-limiting examples of the mobile device 22 may include a smartphone, a tablet, and others. The remote server 24 may be cloud-based (i.e., cloud 24). The equipment service system 20 generally enables the execution of code at the cloud 24 and/or the equipment controller 26. The mobile 22 may not execute code, and instead, may simply be a carrier of the code. In one embodiment, the remote server 24 and the controller 26 may be owned and controlled by a common company.
  • The equipment service system 20 may further include at least one site (i.e., two illustrated as 34, 36 in FIG. 1). Each site 34, 36 may include at last one equipment controller 26 (i.e., three illustrated for each site 34, 36). Non-limiting examples of sites 34, 36 may be a building, a geographic region, and others. A non-limiting example of an equipment controller 26 may be an elevator controller that may be serviced by the manufacturer of the elevator. The mobile device 22, the remote server 24, and the equipment controller 26 may each include respective processors 38, 40, 42 (e.g., microprocessors), and storage mediums 44, 46, 48 that may be computer writeable and readable.
  • Referring to FIG. 2, a method of operating the equipment service system 20 is illustrated. At block 100, a user selects a site 34, 36 and enters the selected site into the mobile device 22 via the user interface 32. In one embodiment, the user may also enter user credentials into the mobile device 22 for security reasons. Alternatively, the mobile device 22 may include an application that may recognize the user credentials internally. At block 102, the user credentials and selected site are sent to the remote server 24 as a user authentication message (see arrow 50).
  • At block 104, the remote server 24 encrypts a blob with a site-based private key associated with selected site provided by the user. The remote server 24 may include an application that is preprogrammed with and stores a unique private key for each respective site 34, 36. That is, site 34 is assigned a private key that is different than a private key of the site 36. The encryption of the blob 52 may be an asymmetric encryption employed to protect proprietary information contained within the blob 52. At block 106, the remote server 24 sends the encrypted blob (see arrow 52) to the mobile device 22.
  • The blob 52 may include a header and firmware. The header may include a version (i.e., a version of the blob), a duration, a hash of user credentials (e.g., user password), an equipment controller identification, and a region or building code that the equipment belongs to. The version may generally be an index. The duration may be an authentication duration intended to provide a validity time limit that a particular executable is valid. The hash of user credentials is intended for use by the controller 26.
  • At block 108, the mobile device 22 may store the encrypted blob 52. The user of the mobile device 22 may not be, or need not be, aware of the encrypted blob 52 being received and/or stored by the mobile device 22. At block 110, the mobile device 22 may send the encrypted blob 52 to the controller 26 selected by the user based on need and at the user selected site (i.e., site 34, or site 36. That is, when the user authenticates to the Cloud initially, the user may request access to a given site. The Cloud may include a database internally to check whether the requesting user has permissions to access the associated site and/or controller, and may then generate the blob for that controller. At block 112, the controller 26 that receives the encrypted blob 52 may decrypt the blob using the private key of the site receiving the blob. At block 114, the controller 26 may then extract the header, verify the version and also note the duration that any proprietary information is valid. At block 116, the controller 26 may request confirmation of the user credentials by sending a credential request (see arrow 54) to the mobile device 22. At block 118, the user may input the requested credentials (e.g., user password) via the user interface 32. At block 120, the mobile device 22 may send a credential response (see arrow 56) to the requesting controller 26. At block 122, the controller may confirm the user by comparing the credential response to the hash of user credentials extracted from the header.
  • At block 124, the controller 26 may send an authentication audit report (see arrow 58) through the mobile device 22, and to the remote server 24. The authentication audit report may include the site-based private key, thereby notifying the remote server 24 of the source of the audit report. At this point, the user may now have access to commands via, for example, a menu.
  • Advantages and benefits of the present disclosure include the secure use of a mobile device between a company cloud and a controller. Other advantages include proprietary information that is never exposed to undesired individuals, a system where an attacker cannot perform dynamic memory analysis, a code that cannot be tampered with or modified, a coding system with duration of time limits for added security, and the prevention of user spoofing with encoding user identity.
  • The various functions described above may be implemented or supported by a computer program that is formed from computer readable program codes and that is embodied in a computer readable medium. Computer readable program codes may include source codes, object codes, executable codes, and others. Computer readable mediums may be any type of media capable of being accessed by a computer, and may include Read Only Memory (ROM), Random Access Memory (RAM), a hard disk drive, a compact disc (CD), a digital video disc (DVD), or other forms.
  • Terms used herein such as component, module, system, and the like are intended to refer to a computer-related entity, either hardware, a combination of hardware and software, or software execution. By way of example, a component may be, but is not limited to, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. It is understood that an application running on a server and the server may be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers.
  • While the present disclosure is described with reference to exemplary embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the spirit and scope of the present disclosure. In addition, various modifications may be applied to adapt the teachings of the present disclosure to particular situations, applications, and/or materials, without departing from the essential scope thereof. The present disclosure is thus not limited to the particular examples disclosed herein, but includes all embodiments falling within the scope of the appended claims.

Claims (18)

1. A mobile-based equipment service system applied by a user, the mobile-based equipment service system comprising:
a remote server including a computer processor, a non-transitory storage medium, an application executed by the computer processor and stored in the non-transitory storage medium, a user authentication database stored in the non-transitory storage medium and applied by the application;
a mobile device including a user interface, the mobile device being configured to send a user authentication message initiated by the user via the user interface to the remote server, wherein the application is configured to verify the user by comparing the user authentication message to the user authentication database, and once verified, develop and effect the sending of an encrypted blob to the mobile device in response to the user authentication message;
at least one equipment controller including a computer processor, a non-transitory storage medium, executable code, executed by the computer processor and stored in the non-transitory storage medium;
at least one site, wherein each site of the at least one site includes at least one respective equipment controller of the at least one equipment controller, and the encrypted blob is secured by the remote server via a site specific private key associated with a respective site of the at least one site, the authentication message including user credentials and a selected site of the at least one site selected by the user, wherein the computer processor of the equipment controller is configured to receive the encrypted blob and the executable code is configured to decrypt the encrypted blob received from the mobile device and utilizing the site specific private key.
2-3. (canceled)
4. The mobile-based equipment service system set forth in claim 1, wherein the encrypted blob includes firmware and a header configured to be extracted by the executable code.
5. The mobile-based equipment service system set forth in claim 4, wherein the header includes the site specific private key, and a duration to authenticate.
6. The mobile-based equipment service system set forth in claim 5, wherein the header includes a version that is verified by the executable code.
7. The mobile-based equipment service system set forth in claim 1, wherein the at least one site is a plurality of buildings.
8. The mobile-based equipment service system set forth in claim 1, wherein the at least one site is a plurality of geographic regions.
9. The mobile-based equipment service system set forth in claim 1, wherein the at least one equipment controller is at least one elevator controller.
10. The mobile-based equipment service system set forth in claim 1, wherein the at least one equipment controller does not have internet connectivity.
11. The mobile-based equipment service system set forth in claim 1, wherein the at least one equipment controller is configured to reply to the mobile device by requesting the user authentication message from the user.
12. The mobile-based equipment service system set forth in claim 1, wherein the encrypted blob is asymmetric encrypted.
13. A method of operating a mobile-based equipment service system comprising:
sending a selected site from a mobile device to a remote server;
encrypting a blob by an application executed by a processor of the remote server using a private key associated with the selected site and preprogrammed into the remote server as part of a database stored in a non-transitory storage medium of the remote server;
sending the encrypted blob to the mobile device;
sending the encrypted blob from the mobile device to a controller associated with the selected site; and
decrypting the encrypted blob by an executable code executed by a processor of the controller utilizing the private key preprogrammed into the controller.
14. The method set forth in claim 13, wherein the selected site is selected by a user of the mobile device and is sent to the remote server as part of an authentication message that includes credentials of the user.
15. The method set forth in claim 13 further comprising:
sending a credential request from the controller to the mobile device;
entering of credentials by a user into the mobile device; and
sending the credentials from the mobile device to the controller.
16. The method set forth in claim 15 further comprising:
comparing the credentials sent from the mobile device to a hash of credentials sent as part of the encrypted blob by the controller.
17. The method set forth in claim 13, wherein the remote server is cloud-based.
18. The method set forth in claim 13, wherein the mobile device is a smartphone.
19. The method set forth in claim 13, wherein the selected site is a building and the controller is an elevator controller.
US15/499,356 2017-04-27 2017-04-27 Mobile-based equipment service system using encrypted code offloading Active US10116635B1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US15/499,356 US10116635B1 (en) 2017-04-27 2017-04-27 Mobile-based equipment service system using encrypted code offloading
RU2018115262A RU2761779C2 (en) 2017-04-27 2018-04-24 Mobile equipment maintenance system using encrypted code unloading
KR1020180048288A KR102605502B1 (en) 2017-04-27 2018-04-26 Mobile-based equipment service system using encrypted code offloading
CN201810389388.7A CN108810084B (en) 2017-04-27 2018-04-26 Mobile-based device service system using encrypted code offload
JP2018084674A JP7157549B2 (en) 2017-04-27 2018-04-26 Mobile-based facility service system and method of operation
EP18169842.4A EP3396581B1 (en) 2017-04-27 2018-04-27 Mobile-based equipment service system using encrypted code offloading

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15/499,356 US10116635B1 (en) 2017-04-27 2017-04-27 Mobile-based equipment service system using encrypted code offloading

Publications (2)

Publication Number Publication Date
US10116635B1 US10116635B1 (en) 2018-10-30
US20180316652A1 true US20180316652A1 (en) 2018-11-01

Family

ID=62091708

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/499,356 Active US10116635B1 (en) 2017-04-27 2017-04-27 Mobile-based equipment service system using encrypted code offloading

Country Status (6)

Country Link
US (1) US10116635B1 (en)
EP (1) EP3396581B1 (en)
JP (1) JP7157549B2 (en)
KR (1) KR102605502B1 (en)
CN (1) CN108810084B (en)
RU (1) RU2761779C2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170270725A1 (en) * 2014-12-02 2017-09-21 Inventio Ag Access control system with feedback to portable electronic device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2019344067B2 (en) 2018-09-21 2023-01-05 Schlage Lock Company Llc Wireless access credential system

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7690026B2 (en) * 2005-08-22 2010-03-30 Microsoft Corporation Distributed single sign-on service
EP2144421A1 (en) * 2008-07-08 2010-01-13 Gemplus Method for managing an access from a remote device to data accessible from a local device and corresponding system
CN102510833B (en) * 2009-09-16 2014-06-04 奥的斯电梯公司 System and method of remote access of an elevator control system with multiple subsystems
CN102452589A (en) 2010-10-28 2012-05-16 日立电梯(中国)有限公司 Remote elevator authorization management system and method
US8863227B2 (en) * 2011-01-05 2014-10-14 Futurewei Technologies, Inc. Method and apparatus to create and manage a differentiated security framework for content oriented networks
TW201236432A (en) * 2011-02-24 2012-09-01 Chunghwa Telecom Co Ltd Automatically-triggered one time password authentication system with remote authentication dial-in user service
CN202267861U (en) 2011-09-20 2012-06-06 朗德华信(北京)自控技术有限公司 Elevator equipment management control system based on cloud computation
CN103975332B (en) * 2011-12-08 2018-08-14 英特尔公司 For using hardware based root of trust to carry out the shared method and apparatus of the content based on strategy with Peer
JP5852265B2 (en) 2011-12-27 2016-02-03 インテル コーポレイション COMPUTER DEVICE, COMPUTER PROGRAM, AND ACCESS Permission Judgment Method
US10305699B2 (en) * 2012-04-18 2019-05-28 Tekpea, Inc. Device management system
IN2014DN09110A (en) * 2012-06-22 2015-05-22 Otis Elevator Co
EP2885904B1 (en) * 2012-08-03 2018-04-25 Vasco Data Security International GmbH User-convenient authentication method and apparatus using a mobile authentication application
CN102862882B (en) 2012-09-20 2015-04-22 惠州Tcl移动通信有限公司 Elevator dispatching system and mobile terminal
US9015694B2 (en) * 2012-10-31 2015-04-21 Aruba Networks, Inc Cloud-based firmware distribution service
CN104144247B (en) * 2013-05-09 2017-08-22 杭州古北电子科技有限公司 A kind of method that mobile phone is configured and managed to Wireless Internet access module
WO2014200464A1 (en) 2013-06-11 2014-12-18 Otis Elevator Company Cloud server based control
US20160134686A1 (en) 2013-06-13 2016-05-12 Otis Elevator Company Cloud management
CA2917279A1 (en) 2013-08-09 2015-02-12 Inventio Ag Communication method for an elevator system
CN103449267B (en) 2013-09-06 2015-07-22 苏州汇川技术有限公司 Elevator maintenance system and method and smartphone
KR102199872B1 (en) 2013-12-06 2021-01-08 오티스엘리베이터캄파니 Service request using wireless programmable device
US9437063B2 (en) * 2014-01-04 2016-09-06 Latchable, Inc. Methods and systems for multi-unit real estate management
WO2015119620A1 (en) 2014-02-07 2015-08-13 Otis Elevator Company Smart watch for elevator use
US9686077B2 (en) * 2014-03-06 2017-06-20 Microsoft Technology Licensing, Llc Secure hardware for cross-device trusted applications
CH709804B1 (en) * 2014-06-23 2018-12-28 Legic Identsystems Ag Electronic access control device and access control method.
DK3579581T3 (en) * 2014-11-20 2021-06-21 Widex As GRANTING ACCESS RIGHTS TO A SUBSET OF THE DATA SET IN A USER ACCOUNT
CN104627752B (en) 2014-12-22 2017-12-22 上海斐讯数据通信技术有限公司 A kind of building elevator intelligence control system based on mobile phone
CN104555627B (en) 2015-02-10 2016-08-31 德州通懋机电设备有限公司 Elevator Internet of Things operation Control management system and operation management method thereof
US9087246B1 (en) * 2015-02-16 2015-07-21 Polaris Tech Global Limited RFID-to-bluetooth selective adapter
WO2016207477A1 (en) 2015-06-26 2016-12-29 Kone Corporation Elevator media
US20170010099A1 (en) 2015-07-10 2017-01-12 Otis Elevator Company Passenger conveyance way finding beacon system
CN105645202B (en) 2016-03-04 2018-03-02 上海新时达电气股份有限公司 A kind of password authority control method, system and remote server and electric life controller
CN205709263U (en) 2016-06-15 2016-11-23 钱宝春 A kind of apparatus for controlling elevator

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170270725A1 (en) * 2014-12-02 2017-09-21 Inventio Ag Access control system with feedback to portable electronic device
US10984622B2 (en) * 2014-12-02 2021-04-20 Inventio Ag Access control system with feedback to portable electronic device

Also Published As

Publication number Publication date
CN108810084B (en) 2022-05-10
JP2018191282A (en) 2018-11-29
KR102605502B1 (en) 2023-11-23
JP7157549B2 (en) 2022-10-20
EP3396581A1 (en) 2018-10-31
RU2018115262A3 (en) 2021-06-25
CN108810084A (en) 2018-11-13
RU2018115262A (en) 2019-10-24
RU2761779C2 (en) 2021-12-13
US10116635B1 (en) 2018-10-30
EP3396581B1 (en) 2021-11-03
KR20180120605A (en) 2018-11-06

Similar Documents

Publication Publication Date Title
US11258781B2 (en) Context and device state driven authorization for devices
US8997187B2 (en) Delegating authorization to applications on a client device in a networked environment
US20160337347A1 (en) Secondary device as key for authorizing access to resources
US20150271679A1 (en) System and method of verifying integrity of software
AU2016238935A1 (en) Secondary device as key for authorizing access to resources
KR20190099066A (en) Digital certificate management method and device
US9730061B2 (en) Network authentication
CN103685267A (en) Data access method and device
US10615974B2 (en) Security authentication system for generating secure key by combining multi-user authentication elements and security authentication method therefor
CN103812651A (en) Password authentication method, device and system
CN105191208A (en) Methods for activation of an application on a user device
EP3396581B1 (en) Mobile-based equipment service system using encrypted code offloading
KR101001197B1 (en) System and method for log-in control
WO2016035466A1 (en) Communication system, program for server device, recording medium recording this program, program for communication device, recording medium recording this program, program for terminal device, and recording medium recording this program
KR20200025950A (en) A secure element for processing a digital key and operation metho thereof
US10615975B2 (en) Security authentication method for generating secure key by combining authentication elements of multi-users
CN105376242A (en) Cloud terminal data access authentication method, cloud terminal data access authentication system and cloud terminal management system
CN104252591A (en) Authorization and information encrypted communication method based on USBKey
US10491590B2 (en) System and method for verifying and redirecting mobile applications
KR102377045B1 (en) SYSTEMS AND METHODS FOR AUTHENTICATING IoT DEVICE THROUGH CLOUD USING HARDWARE SECURITY MODULE
KR102355708B1 (en) Method for processing request based on user authentication using blockchain key and system applying same
KR102131871B1 (en) Authentication system including apparatus for recoding image and control server and method thereof
KR101534792B1 (en) Method and server for enhancing security when authentication key is transferred, and computer-readable recording media using the same
US11575507B1 (en) Sharing access to data
JP2023177313A (en) Information processing device, information processing method and program

Legal Events

Date Code Title Description
AS Assignment

Owner name: OTIS ELEVATOR COMPANY, CONNECTICUT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SHILA, DEVU MANIKANTAN;GRONDINE, ARTHUR T.;GARFINKEL, MICHAEL;AND OTHERS;SIGNING DATES FROM 20170424 TO 20170426;REEL/FRAME:042167/0798

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4