JP3580226B2 - Equipment control system - Google Patents

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a remote control system.
[0002]
[Prior art]
(1) Most of the control parts of current home appliances and automobiles are equipped with a microcomputer. Since these products are controlled in accordance with a control program written in a ROM, advanced control is possible as compared with conventional products without a microcomputer. Even if the basic performance of the microcomputer hardware does not change, by improving the program, it is possible to improve the control accuracy of new products, and it is possible to control under various conditions .
[0003]
(2) For example, Nikkei Communication No. According to H.226 (July 1996), a system composed of a network computer (hereinafter abbreviated as NC) and a network has the following features.
[0004]
(A) It is not necessary to separately install an application program and upgrade the OS to each client device, and the management server connected to the network performs the update so that the latest version is always simultaneously sent to the devices constituting the system. It is possible to install.
[0005]
(B) Since the centralized management and operation management of software on the control management server can be easily realized, the operation management process can be reduced in preventing unauthorized copying and simultaneous switching of the system.
[0006]
As described above, in the NC, the management of each client device connected to the network can be centralized in the control management server, but the processing can be maintained in a distributed form.
[0007]
(3) OPEN DESIGN No. According to 8 E-mail System Complete Master CQ Publisher, some PC operating systems can handle multi-protocols in a PC network environment, and use network functions in an open environment consisting of multi-vendor devices. It facilitates the construction and management of a personal computer LAN.
[0009]
[Problems to be solved by the invention]
In the above method, the following problem occurs.
[0010]
The method (1) uses a small-sized and low-function microcomputer and a program-read only memory (ROM) that cannot be newly written due to the necessity of being built in the home electric appliance and the problem of cost. For this reason, generally, these products cannot improve the control performance by increasing the version of the control program after purchasing the product, and cannot customize the control method according to the user's request.
[0011]
In the method (1), since a low-function, low-clock microcomputer is used, there is a problem that it is difficult to perform precise control using sensor information of a product.
[0012]
In the present invention, these home appliances are connected by a local area network, and a control program required for the home appliances to control the home appliances is installed in a control device (hereinafter, referred to as a local control device) connected to the local area network. The above problem is solved by controlling a controlled device such as a home appliance from the device.
[0013]
Further, in the present invention, a manufacturer of a controlled device such as a home electric appliance provides a remote control device for upgrading a control program or performing remote maintenance and the like, and connects the local control device to the local control device via a wide area network. By doing so, the above problem is solved by installing a control program for controlling the controlled device by the local control device from the remote control device.
[0014]
In the method (1), as a product has a plurality of control methods and a user can select the control method, a man-machine interface for selecting a control becomes complicated accordingly. For this reason, there arises a problem that the user cannot sufficiently use many high-function controls added to the product.
[0015]
Further, the method (1) has a problem in that regular maintenance of the product cannot be performed, and the user notices the failure only when the product becomes abnormal or stopped.
[0016]
In the present invention, a remote control device or a device outside the system transmits a message to a local control device, and the local control device controls the controlled device according to the message, or a message transmitted from a controlled device such as a home appliance. The above problem is solved by the local control device analyzing the message content and transmitting the message to a predetermined remote control device or a device external to the system.
[0017]
Furthermore, by connecting controlled devices such as home appliances via a local area network, and installing control programs required for home appliances to control themselves on local control devices connected to the local area network, the following problems can be solved. Can be solved.
[0018]
For example, when the management server controls the client device according to the method (2), the server must always manage various types of OSs and applications in order for the management server to manage the installation of the OS and applications. Yes, the load on the management server becomes high, and the client device is started after installing the OS or application program at the time of startup (when the power is turned off). Although there is a problem that the load becomes high, in the method of the present invention, the controlled device owns a program for controlling itself in its own internal device in advance, and installs the control program in the remote control device when entering the system. Therefore, such a problem does not occur.
[0019]
In the methods of (2) and (3), when a message such as control information is exchanged between the management server and the client device, means for recognizing whether the device is a device having a right to transmit and receive the message is provided. Absent. In addition, when a certain device impersonates a legitimate device and sends and receives a message unjustly, there is no means to prevent it, and when a message is eavesdropped, there is no means to protect the secret of information.
[0020]
The present invention solves the above-mentioned problem by adding electronic authentication for authenticating a transmission source device when transmitting a message and a control program, and transmitting information that has been subjected to encryption processing.
[0021]
[Means for Solving the Problems]
The remote control method of the present invention
(A) a local controller connected to a local area network (hereinafter abbreviated as LAN) and a wide area network (hereinafter abbreviated as WAN);
(B) a controlled device connected to the LAN and controlled by the local control device;
(C) a remote controller connected to the WAN and communicating with the local controller;
(D) a mobile terminal device capable of performing communication in a remote environment,
Can be achieved by setting the following means. That is,
(1) A means in which a controlled device installs a control program required by the controlled device in a local control device.
[0022]
(2) A means by which the remote control device installs a control program required by the controlled device to the local control device.
[0023]
(3) Means for transmitting and receiving messages between the controlled device and the local control device, between the local control device and the remote control device, and between the local control device and the mobile terminal.
[0024]
(4) Means in which each device encrypts a message to be transmitted, adds an electronic signature to a message to authenticate itself, decrypts the encrypted message, and performs electronic authentication.
[0025]
BEST MODE FOR CARRYING OUT THE INVENTION
(Example 1)
FIG. 1 is a diagram illustrating an overall configuration of a system to which the present invention is applied according to a first embodiment.
[0026]
In FIG. 1, reference numeral 1 denotes a local network (hereinafter, referred to as a LAN), 11 denotes a local controller (hereinafter, referred to as an LC) which controls each device connected to the LAN 1, and stores a program in an internal memory thereof. It is possible to do this. The LAN 1 may be a local area network of any type using a transmission medium constituting an arbitrary network. Reference numerals 121, 122, and 123 are control targets (hereinafter abbreviated as EM) connected to the LAN 1 and controlled by the LC 11, and can store a program in a memory therein and execute the program. And communication with other EMs.
[0027]
Reference numeral 2 denotes a wide area network (hereinafter, referred to as a WAN), and the WAN 2 may be any type of wide area network using a transmission medium constituting an arbitrary network. Reference numerals 21 and 22 denote remote controllers (hereinafter abbreviated as RC) which are connected to the WAN 2 and perform communication and control with the LC 11 which is also connected to the WAN 2. RCa21 and RCb22 can store programs in their internal memories and execute them.
[0028]
FIG. 2 is an explanatory diagram of the local controller LC11 of FIG. Reference numeral 111 denotes a communication management module having a protocol for managing communication. There may be a plurality of this module according to the communication interface and protocol used by the LC 11. The communication management module 111 manages transmission and reception of communication messages, guarantees message delivery, and secures a transmission band as necessary. Reference numeral 112 denotes an encryption module that performs encryption, decryption, and electronic authentication of a communication message. In the cryptographic module 112, the received message is decrypted, and furthermore, the electronic signature described in the message is confirmed to confirm whether the source of the message is indeed a device constituting the system. The message thus decoded reads the identification code of the message header to determine whether the type of the message is a control program, or sensor information or control information. Reference numeral 113 denotes a program transfer agent (hereinafter, referred to as PTA), which transfers a program using a file transfer protocol. The PTA 113 manages transmission and reception of control programs (hereinafter, referred to as CPs), storage, registration, registration deletion, activation and deactivation of CPs. Reference numeral 114 denotes a message transfer agent (hereinafter, referred to as MTA), which manages sensor information and control information. The MTA 114 analyzes the message sent from the cryptographic module 112, extracts data from the message, temporarily stores it therein, and transfers it to the CP at a predetermined timing. The data received from the CP is temporarily stored therein, the data is incorporated into a message having a header portion to which information such as a transfer destination is added, and transmitted to the cryptographic module 112 at a predetermined timing. The CP 115 is one of the CPs activated by the PTA 113, and this CP controls an EM connected via a network. The sensor information of a certain EM sent from the MTA 114 is analyzed and calculated, and the obtained control information is transmitted to the EM. Alternatively, the sensor information is transferred to a remote RC, and the control information transmitted from the RC is transferred to the EM. In addition, the CP provides a user interface capable of displaying a state and receiving a control request from the user so that the user can detect the state of the EM. Alternatively, data can be exchanged with the user interface module 116 to indicate a control state to the user or to receive a control request from the user. Although the CP is prepared for each of the EMs to be controlled, the relationship between the CP and the EM does not always have to be one-to-one.
[0029]
The above device may be realized by any method of hardware and software, or may be realized by combining both.
[0030]
FIG. 3 is a diagram showing the internal configuration of the control target EMa121 in FIG. The EMa 121 is divided into a communication module unit 1211 and a main body unit 1212 to be controlled.
[0031]
Reference numeral 12111 denotes a communication management module having a protocol for managing communication. The communication management module 12111 manages transmission and reception of communication messages, guarantees message delivery, and secures a transmission band as necessary. An encryption module 12112 performs encryption, decryption, and electronic authentication of a communication message. The cryptographic module 12112 decrypts the received message, confirms the electronic signature described in the message, and confirms whether the transmission source is a device constituting the system. A PTA 12113 transfers a program using a file transfer protocol. The PTA 12113 has a function of transferring a CP that controls the own EM to the LC of the LAN 1 to which the own EM is connected. Reference numeral 12114 denotes an MTA that manages sensor information and control information. The MTA 12114 analyzes the message sent from the cryptographic module 12112, extracts data from the message, temporarily stores the data therein, and stores the data in the data interface 12116 and the data in the main body 1212 to be controlled at a predetermined timing. Communication of sensor information and control information is performed with the main body 12121 via the interface 12122.
[0032]
The above device may be realized by any method of hardware and software, or may be realized by combining both.
[0033]
FIG. 4 is an explanatory diagram of the remote controller RC21 of FIG. A communication management module 211 has a protocol for managing communication. There may be a plurality of this software according to the communication interface and the protocol used by the RC 21. The communication management module 211 manages transmission and reception of communication messages, and guarantees message delivery and secures a transmission band as necessary. Reference numeral 212 denotes an encryption module that performs encryption, decryption, and electronic authentication of a communication message. The encryption module 212 decrypts the received message, checks the electronic signature described in the message, and checks whether the transmission source is a device that constitutes the system. Whether the type of the message thus decoded is CP, or sensor information or control information is determined by reading the identification code in the message header. The PTA 213 is responsible for transmitting and receiving CPs, storing, registering, deleting registrations, starting and stopping programs, and the like. In addition, a new version, a changed CP, and the like are stored, and the CP is installed in a pre-registered LC. The MTA 214 analyzes the message sent from the cryptographic module 212, extracts data from the message, temporarily stores it therein, and transfers it to the CP 215 at a predetermined timing. In addition, the data received from the CP 215 is temporarily stored therein, the data is incorporated into a message having a header portion to which information such as a transfer destination is added, and transmitted to the encryption module 212 at a predetermined timing. The CP 215 is a CP activated by the PTA 213. The CP 215 receives a message transmitted from the local controller via the communication management module 211, the encryption module 212, and the MTA 214, performs predetermined processing, and performs the above-described processing. Data is sent to the local controller via the reverse route. In addition, the control state is displayed so that the user using the RC 21 can detect the control state, and a user interface capable of receiving a control request from the user is provided. Alternatively, data can be exchanged with the user interface module 216 to indicate a control state to the user or to receive a control request from the user. Although the CP is prepared for the EM of the LAN 1 to be controlled, the relationship between the CP and the EM need not always be one-to-one.
[0034]
The above device may be realized by any method of hardware and software, or may be realized by combining both.
[0035]
FIG. 5 is an overall configuration diagram of the system when a control target EMd 124 is newly added to the LAN 1. FIG. 6 shows a state in which, when a control target EMd 124 is newly added on the LAN 1 in the system of FIG. 5, the EMd 124 transfers the CP to the LC 11 and the LC 11 starts to execute the CP, and the LC 11 FIG. 13 is a sequence diagram illustrating a state in which information of a new control target is transferred and RCb22 transfers the latest CP.
[0036]
The EMd 124 newly entering the system in the process 411 transmits a message addressed to the own device to the LAN1, confirms the connection with the LAN1, and then transmits a broadcast message to the LAN1 to search for an LC. In this broadcast message, the public key of the public key encryption of EMd124 is mounted.
[0037]
In the process 412, the LC 11 that has received the broadcast message encrypts its own address and public key using the above-mentioned public key, and transmits it to the EMd 124. The EMd 124 issues a request to install the CP of the own EM to the LC 11 in a process 413, and the LC 11 gives the permission in a process 414. If a permission message is not returned or a non-permission message is returned, the process 413 is performed again after a predetermined time. If the permission message is not returned in step 414 even after performing this predetermined number of times, the EMd 124 detects an abnormal state and terminates the processing, and the EMd 124 fails to enter the system. The EMd 124 transmits the CP of its own EM using the file transfer program in a process 415, and transmits a transfer end message in a process 416. In step 417, the LC 11 transmits a transfer completion confirmation message to this message.
[0038]
After the process 417, the LC 11 stores the product number of the EMd 124, the address of the maker, and the version of the CP sent by the EMd 124 in a storage device inside the LC 11 in a process 421, and stores the information in the address of the maker. To send it to the manufacturer's remote control RCa22. In process 422, the RCa 22 receives the above information, checks its product number and program version, registers a new EM in its own RC, and transmits the product support number of the EMd 124 to the LC 11. However, if the RCa 22 refers to the registration information and other information of the EMd 124 and determines that support is not to be provided, the RCa 22 transmits a message indicating that support is not possible to the LC 11. In response to this message, the LC 11 determines whether to continue processing or delete the CP for the EMd 124.
[0039]
If the RCa 22 determines in the process 421 that the version of the CP included in the message received from the LC 11 is not the latest version, the RCa 22 determines in a process 423 a request message for installing the latest CP to the LC 11. Send When the installation permission message is returned from the LC 11 in the process 424, the RCa 22 starts installing the latest version of the CP in the process 425. In process 426, an installation end message is sent to LC11, and in process 427, LC11 sends an end confirmation message to end the process, and starts control with the new CP.
[0040]
In the present embodiment, a case is described in which a newly-entry EM has entered the system. However, when a version of a CP stored in the remote controller RCa22 is upgraded without being limited to a new control target, By performing the processing after step 423 with the local controller registered with the RCa 22 each time, the control object is always installed with the latest control program and controlled by the program.
[0041]
Also, in order not to automatically install these latest CPs, a user may set a CP to be controlled and display a message on a display to confirm whether or not a new CP can be installed to the user. It is possible.
[0042]
Further, when a program interface of a CP for controlling a control target is disclosed, a user can independently develop a CP and control the control target. Alternatively, it is possible to control the user's preference by using a CP whose parameter can be adjusted.
[0043]
Note that the procedure in FIG. 6 may be realized in any of the connection-type and connectionless-type communication modes, or may be realized by combining both. In addition, the guarantee of the delivery of the communication message and the securing of the transmission band are performed by the respective communication management modules EMd124, LC11, and RCa22, and the processing is omitted in the sequence diagram of FIG. Further, the message between the devices is subjected to encryption processing at the message level in the subsequent communication by sending each other's public key to the message in the initial stage of communication.
[0044]
(Example 2)
FIG. 7 shows a system configuration diagram in a state where a failure has occurred in EMa121.
[0045]
Note that the communication means and the control method in the present embodiment conform to the method of the first embodiment.
[0046]
FIG. 8 is a sequence diagram illustrating a procedure for detecting a failure while the LC 11 is controlling the EMa 121. Processes 431, 432, 433, and 434 show a process in which the LC 11 transmits and receives sensor information and control information via the LAN 1, and the EMa 121 performs control. In the process 435, the EMa121 CP being executed by the LC 11 verifies the information handled in the processes 431, 432, 433, and 434, and detects an abnormal state. The CP for the EMa121 of the LC 11 that has detected the abnormal state in the process 435 transmits a failure detection request message to the EMa121 to the process 436. The EMa 121 performs a failure detection search inside the own EM in a process 437, and notifies the LC 11 of the presence or absence of an abnormality in a process 438.
[0047]
FIG. 9 shows that, after notifying the LC 11 of the presence or absence of an abnormality in the process 438 of FIG. 8 or when the EMa 121 autonomously detects a failure and an unexpected stop in the control main unit 1212 of FIG. FIG. 8 is a sequence diagram showing a procedure for reporting to a CP for EMa121 and showing fault information to a user. The EMa 121 that has detected the failure in the process 441 transmits a failure occurrence to the LC 11 in the process 442. The CP for the EMa121 of the LC11 that has received this message makes an inquiry about the failure information to the EMa121 in the process 443. The EMa121 that has received this message notifies the failure number to the CP for the EMa121 of the LC 11 in process 444. Thereafter, in step 445, the LC 11 searches the CP data for fault information using the sent fault number as a search key, and in step 446 informs the user of this using the user interface of the LC 11 and displays a countermeasure. The method of notifying the user may be any means such as an image and a sound.
[0048]
FIG. 10 is a sequence diagram showing a procedure for directly diagnosing a fault that cannot be dealt with by the LC 11 from the local controller RCa21 connected to the WAN.
[0049]
The EMa 121 that has found the failure in the process 451 transmits a failure notification message to the LC 11 in the process 452. The CP for the EMa121 of the LC 11 that has received this message transmits a message inquiring about the failure status in step 453. The EMa121 for which the cause of the failure could not be determined transmits a message of unknown cause of the failure to the CP for the EMa121 of the LC 11 in step 454. The CP for the EMa121 of the LC11 searches for the product number of the EMa121 and the manufacturer's address already registered in the program, and transmits a message requesting a remote test to the RCa21 using the address in process 455. The product support number of EMd124 is added to the message. Upon receiving this message, the CP for the EMa121 of the RCa21 checks the product support number, prepares for the remote test, and after the preparation is completed, sends a remote test response message to the LC11 in process 456. Next, the CP for the EMa121 of the LC11 transmits a remote test request message to the EMa121 in the process 457. After the EMa 121 is ready to receive the remote test, the EMa 121 sends a remote test response message to the CP for the EMa 121 of the LC 11 in operation 458. In step 460, the CP for the EMa121 of the LC11 transmits a remote test start message to the CP for the EMa121 of the RCa21, and the CP for the EMa121 of the RCa21 that has received the message transmits the remote test message in a step 461 to the CP for the EMa121 of the LC11. The message is sent to the CP, and the CP for the EMa 121 of the LC 11 transfers the message to the EMa 121. In step 462, the EMa121 sends a response message to the remote test message to the CP for the EMa121 of the LC11, and the CP for the EMa121 of the LC11 transfers the message to the CP for the EMa121 of the RCa21. Similar processing is performed in processing 463 and processing 464, and the CP for EMa121 of RCa21 that has completed the test sends a message notifying that processing has been completed in processing 465 to the CP for EMa121 of LC11 and ends the processing. In addition, the CP for the EMa121 of the LC 11 also ends the process after transmitting a test end message to the EMa121 in the process 467, and similarly, the EMa121 also ends the process. At this stage, the cause of the failure of the EMa121 is determined, and the manufacturer of the EMa121 makes an arrangement such as dispatching a maintenance person, or displays the details of the cause of the failure on the user interface of the LC 11 and gives the user a method of repair. Inform.
[0050]
Note that the above procedure may be realized in any of the connection-type and connectionless-type communication modes, or may be realized by combining both. In addition, the guarantee of the delivery of the communication message and the securing of the transmission band are performed by the respective communication management modules EMd121, LC11 and RCa21, and are omitted in the sequence diagrams of FIGS. 8, 9 and 10. Further, the message between the devices is subjected to encryption processing at the message level in the subsequent communication by sending each other's public key to the message in the initial stage of communication.
[0051]
(Example 3)
FIG. 11 is a sequence diagram showing a state in which EMd 124 in FIG. 5 is controlled by remote controller RCa21. EMd124 is directly controlled by the remote controller RCa21, and LC11 relays messages between RCa21 and EMd124.
[0052]
The EMd 124 newly entering the system in the process 471 transmits a message to the LAN 1 as a destination and confirms connection with the LAN 1, and then transmits a broadcast message to the LAN 1 to search for a local controller.
[0053]
In this broadcast message, the public key of the public key encryption of EMd124 is mounted. In the process 472, the LC 11 that has received the broadcast message transmits its own address and public key to the EMd 124 using the above-mentioned public key. The EMd 124 issues a request to install the CP of its own EM to the LC 11 in a process 473, and the LC 11 gives the permission in a process 474. If the message of permission is not returned or the message of non-permission is returned, the process 473 is performed again after a predetermined time. If the permission message is not returned in step 474 even after performing this predetermined number of times, the EMd 124 detects an abnormal state and terminates the processing. The EMd 124 transmits a CP using a file transfer program in a process 475, and transmits a transmission end message in a process 476. The LC 11 transmits a transmission completion confirmation message in response to this message.
[0054]
After the process 477, the CP for the EMd 124 of the LC 11 stores the product number and the address of the manufacturer of the EMd 124 and the version of the CP sent by the EMd 124 in the storage medium of the LC 11 in a process 478, and then stores the information. Using the address of the maker, it transmits to the CP for EMd124 of the remote control RCa21 of the maker. In process 479, the RCa21 CP for EMd124 receives the above information, checks its product number and program version, registers the product, and thereafter transmits the product support number of EMd124 to the CP for EMd124 of LC11. However, when the CP for the EMd 124 of the RCa 21 determines that the support is not performed based on the registration information and other information of the EMd 124, the support-unreliable message is transmitted. In response to this message, the CP for the EMd 124 of the LC 11 determines whether to continue processing or delete the CP.
[0055]
Next, the EMd124 CP of the LC 11 performs a process of mediating communication between the EMd124 and the RCa21 so that the control target EMd124 can be directly subjected to the control process from the EMd124 CP of the remote controller RCa21. First, the EMd124 CP of the LC11 has already searched for the product number of the EMd124 registered in the CP and the manufacturer's address, and in step 480, requests remote control to the RCa21 EMd124 CP using the address. Send a message to The product support number of EMd124 is added to the message. Upon receiving this message, the RCa21 CP for EMd124 prepares for remote control, and after the preparation is completed, sends a remote control response to the EMd124 CP of LC11 in process 481. Next, in step 482, the CP for the EMd 124 of the LC 11 transmits a remote control request message to the EMd 124. After the preparation for performing the remote control is completed, the EMd124 transmits a remote control response message to the CP for the EMd124 of the LC 11 in a process 483. The CP for the EMd124 of the LC11 transmits the remote control start message to the CP for the EMd124 of the RCa21 in the process 484, and the CP for the EMd124 of the RCa21 which has received the message transmits the remote control message in the process 485 for the EMd124 of the LC11. The message is sent to the CP, and the CP for the EMd 124 of the LC 11 transfers the message to the EMa 121. In step 486, the EMd 124 sends the sensor information message for the remote control message to the CP for the EMd 124 of the LC11, and the CP for the EMd 124 of the LC 11 transfers the message to the CP for the EMd 124 of the RCa21. Similar processing is performed in processing 487 and processing 488, and thereafter, remote control is continued.
[0056]
Note that the above procedure may be realized in any of the connection-type and connectionless-type communication modes, or may be realized by combining both. Further, the assurance of the delivery of the communication message and the securing of the transmission band are performed by the respective communication management modules EMd124, LC11, and RCa21, and the processing is omitted in the sequence diagram of FIG. In addition, messages between the devices are sent to each other at the initial stage of communication, so that encryption processing at the message level is performed in subsequent communication.
[0057]
(Example 4)
FIG. 12 illustrates a system in which a mobile computer (hereinafter, referred to as MC) 31 which is an external device of the system accesses a CP for EMc123 of a local controller LC11 in a user's home and controls the EMc123. FIG.
[0058]
The MC 31 is a portable mobile computer having an encryption module capable of encrypting and decrypting an electronic text, and having installed therein e-mail software capable of transmitting and receiving e-mail, and is connected via a public telephone line and other networks. It is possible to send an e-mail to the local controller LC11 in the user's home. The local controller LC11 in the user's house has an infrared communication board having an infrared light emitting and receiving body, and can communicate with the EMC cooler EMC123 equipped with an infrared communication board also having an infrared light emitting and receiving body using infrared light.
[0059]
In the present embodiment, a procedure in which a user performs reservation control of a home cooler at a user's home using the mobile computer MC31 will be described.
[0060]
The user creates an e-mail as shown in FIG. 13 by using e-mail software of the mobile computer. Reference numeral 501 denotes a mail address of the air conditioner CP of the LC 11, and this mail is delivered to the air conditioner CP of the LC 11 through the WAN 2. Reference numeral 502 denotes a command for issuing a command to the air conditioner CP, and instructs the air conditioner CP to send a form for controlling the air conditioner EMC 123 to the air conditioner CP. Reference numeral 503 denotes an electronic signature of the user creating the electronic mail. This signature is obtained by encrypting the content of 502 with the secret key of the user using the e-mail.
[0061]
FIG. 14 shows the contents 502 and 503 in FIG. 13 encrypted with the public key of the air conditioner CP of the LC 11. The user sends the encrypted e-mail to the air conditioner CP of the LC 11 using e-mail software of a mobile computer. Next, the air conditioner CP of the LC 11 that has received the mail decrypts the contents of the mail to the one shown in FIG. 13 with the secret key of the air conditioner CP. Next, the user address added to the From line of the e-mail is read, and the corresponding user name is searched from the user registration database of the LC 11. If the search for the user name is successful, the user further decrypts the content 503 in FIG. 13 by using the public key registered in the LC 11 in advance.
[0062]
Only when the decrypted content matches the content of 502 in FIG. 13, the CP executes the instruction written in 502. Here, a command for transmitting a form for controlling the air conditioner EMc123 to the user by e-mail is described. When the air conditioner CP sends an e-mail to the user, encryption is performed in exactly the same procedure as described above. That is, the air conditioner CP first adds a template for performing reservation control, and further adds an electronic signature encrypted using the secret key of the air conditioner CP to the back of the form. Further, the form and the electronic signature are searched for the public key of the user of the mobile computer with reference to the user registration database of the LC 11, encrypted using the key, and transmitted to the user of the mobile computer. FIG. 15 shows a form transmitted by the CP. In this form, items of information (date and time, set temperature, set humidity, set maintenance time, presence / absence of end report) necessary for controlling the air conditioner EMC123 are described. Further, FIG. 16 shows the contents of the mail after the user has described necessary items in the form.
[0063]
The user sends this mail to the air conditioner CP of the LC 11, the CP interprets the contents of the mail, and sets the EMC 123 from the CP via the LAN 1. If the setting is successful, an e-mail of a successful setting report as shown in FIG. 17 is transferred to the user. If unsuccessful, an email will be sent to the user with a report of the cause. Note that the above-described encryption / decryption processing is performed in all of the electronic mail exchanges in the present embodiment.
[0064]
Since the secret key of the air conditioner CP is incorporated in the program, it cannot be taken out by the user. Also, since this program creates a private key and a public key when launched, the key will be different for each machine running the same program.
[0065]
In the present embodiment, a method of remotely controlling a control target using e-mail is shown. However, in order for a service company to perform such control target control service, the following method is used. It can be easily realized.
[0066]
First, the user of the LC 11 enters into a service contract with a remote service company, and then registers the address and the public key of the service company. The service company obtains the public key of the CP of the LC 11 and obtains the public key of the LC 11 from the service company. It is possible to receive a remote control service. The user informs the service company of the outline of the control requested by the user by telephone, fax or e-mail, and the service company can remotely control the equipment in the user's home. In this embodiment, the user does not need to operate the complicated interface of the air conditioner.
[0067]
Note that the above procedure may be realized in any of the connection-type and connectionless-type communication modes, or may be realized by combining both. The communication management module of each of the EMC 123, the LC 11 and the MC 31 performs the guarantee of the delivery of the communication message and the securing of the transmission band. Further, the message between the devices is subjected to encryption processing at the message level in the subsequent communication by sending each other's public key to the message in the initial stage of communication.
[0068]
(Example 5)
FIG. 18 is an explanatory diagram of a system in a case where the local controller LC11 transmits a control result of the EMb 122 to a mobile computer MC31 and a telephone TEL41 which are devices outside the system.
[0069]
The EMb 122 is a device for detecting a moving object by an ultrasonic sensor, and can detect when an object moves around the device, so that there is no illegal intruder into the premises or the house. In this case, it is possible to detect this.
[0070]
The MC 31 is a portable mobile computer capable of transmitting and receiving e-mail having an encryption module capable of encrypting and decrypting electronic text, and is a personal computer at the user's home via a public telephone line and other networks. An e-mail can be received from the local controller LC11. The local controller LC11 in the premises or in the house has a communication LAN board and is installed in the premises or in the house, and communicates with the mobile object sensing device EMc122, which is also equipped with the communication LAN board, using a 10BASE-T communication medium. Is possible.
[0071]
In the present embodiment, a procedure for transferring an alarm generated by the moving object sensing device to the MC 31 and the TEL 41 will be described.
[0072]
The mobile object sensing device EMb122 transmits a message in which the detection information is added to the mobile object sensing device CP of the LC 11 immediately after detecting the mobile object. The CP for the mobile object sensing device of the LC 11 that has received this information transmits the detection information to an address or a telephone number that is directly set on the LC 11 by the user of the LC 11 or remotely set by using an e-mail.
[0073]
FIG. 19 shows the contents of the detection information sent by e-mail. 521 is the address of the CP for the mobile sensing device, and 522 is the address of the destination user. Reference numeral 523 describes the contents of the message and the name of the owner who made the request for the message. 524 indicates that an abnormal object was recognized at the time indicated by 525. At 526, other actions performed by the CP are shown. Here, it is indicated that an emergency call with a voice message is issued to a predetermined telephone number and an e-mail is sent to the security company.
[0074]
For the message with voice, a voice message recorded by the user in advance is stored in a storage medium as an analog device or an electronic file, and the CP issues a call to a predetermined telephone number registered by the user in advance. Send this voice message.
[0075]
Note that the above procedure may be realized in any of the connection-type and connectionless-type communication modes, or may be realized by combining both. The communication management modules of the EMb 122, the LC11, and the MC31 ensure the delivery of the communication message and the securing of the transmission band. Further, the message between the devices is subjected to encryption processing at the message level in the subsequent communication by sending each other's public key to the message in the initial stage of communication.
[0076]
【The invention's effect】
In the present invention, the controlled device owns a program for controlling itself in its own internal device in advance, and installs the control program on the remote control device at the time of entering the system, so that the local control device can control all the controlled devices. It is not necessary to have the control program in advance, and the management load on the remote control device is reduced. Since the control program needs to be installed only once when the controlled device enters the system, it is possible to avoid the problem that the network traffic becomes high and the problem that the transmission band cannot be secured. Thus, the control program of the controlled device is automatically installed on the remote control device when the controlled device is connected to the network, and thereafter, the controlled device can be operated by the control program. .
[0077]
Further, according to the present invention, when the manufacturer of the controlled device or the like upgrades the control program, the remote control device of the manufacturer controls the local control device controlling the controlled device via the WAN. Is installed, the controlled device can always change the control method to the latest one. Alternatively, by notifying the user of the information of the new control program via the user interface of the local controller, the user can select the control program, and the user can control the controlled device according to his / her preference. It becomes possible.
[0078]
Further, in the present invention, since each device of the present invention uses the encryption method, it is guaranteed that the contents of various messages and control programs are not changed, and the device from which information is transmitted is clarified. This prevents erroneous transmission of messages or programs from devices unrelated to the system, or prevents malicious third parties from illegally accessing the system.
[0079]
In the present invention, the local control device or the remote control device receives information such as sensor information directly from the controlled device, inputs the received information to a control program, obtains control information, and obtains the obtained information. The control information is transmitted to the controlled device. As a result, a high-precision control of the controlled device can be performed by a local control device or a remote control device having control processing capability.
[0080]
According to the present invention, the remote control device or the mobile terminal controls the controlled device via the WAN and the local control device, so that the service company or the user can remotely control the controlled device. Become.
[0081]
Further, in the present invention, the controlled device autonomously and periodically transmits the maintenance management information to the local control device or the remote control device, or the local control device or the remote control device periodically transmits the maintenance management information to the controlled device. Is transmitted, and the controlled device transmits the maintenance management information thereto. As a result, the local control device or the remote control device can constantly monitor the status of the managed device and notify the user of the status if necessary. Thus, it is possible to avoid the problem of noticing a failure for the first time.
[0082]
Further, in the present invention, the local control device transmits information sent from the controlled information to an address predetermined by the user. This allows a remote service company or user to constantly check the status of the controlled device.
[Brief description of the drawings]
FIG. 1 is an explanatory diagram of a system to which the present invention is applied in a first embodiment.
FIG. 2 is an explanatory diagram of the local controller of FIG. 1 in the first embodiment.
FIG. 3 is an explanatory diagram of a control target of FIG. 1 in the first embodiment.
FIG. 4 is a configuration diagram of the remote controller of FIG. 1 in the first embodiment.
FIG. 5 is an overall configuration diagram of a system when a new control target enters according to the first embodiment.
FIG. 6 is a sequence diagram showing a state in which the latest control program is transferred in the first embodiment.
FIG. 7 is a system configuration diagram illustrating a state where a failure has occurred in a control target according to a second embodiment.
FIG. 8 is a sequence diagram of a procedure for detecting a failure of a control target according to the second embodiment.
FIG. 9 is a sequence diagram illustrating a procedure for indicating failure information to a user according to the second embodiment.
FIG. 10 is a sequence diagram illustrating a procedure for performing a fault diagnosis according to the second embodiment;
FIG. 11 is a sequence diagram illustrating a remote control procedure according to the third embodiment.
FIG. 12 is a configuration diagram of an entire system according to a fourth embodiment.
FIG. 13 is an explanatory diagram of an electronic mail according to the fourth embodiment.
FIG. 14 is an explanatory diagram of an encrypted electronic mail according to the fourth embodiment.
FIG. 15 is an explanatory diagram of an e-mail describing a control form according to the fourth embodiment.
FIG. 16 is an explanatory diagram of an electronic mail entered by a user in a control form according to the fourth embodiment.
FIG. 17 is an explanatory diagram of an e-mail in which a report of a control result is written in the fourth embodiment.
FIG. 18 is an explanatory diagram of a system illustrating a state in which a control target transmits a control result according to the fifth embodiment.
FIG. 19 is an explanatory diagram of an e-mail indicating the content of detection information of a control target in the fifth embodiment.
[Explanation of symbols]
LAN: Local area network,
WAN: Wide area network,
LC: Local controller,
EM: Control target,
RC ... remote controller,
PTA… Program transfer agent,
MTA: Message transfer agent,
CP ... control program,
MC: Mobile computer,
TEL: Telephone.

Claims (6)

In a device control system , comprising a control device , a controlled device, and a remote control device , which are connectable to each other via a network , wherein the control device controls the controlled device.
The controlled device includes means installed in the control device, the control device storing a control program for controlling the device,
The remote control device includes means installed in the control device, the control device storing another control program for controlling the controlled device,
The control device includes means for selecting one of the control program or the other control program as an installed control program for controlling the controlled device,
It said control device, device control system and controls the controlled device using the selected control program. The apparatus control system according to claim 1, wherein the selecting unit of the control device selects the control program based on versions of the control program and the other control program. In a device control system, comprising a control device, a controlled device, and a remote control device, which are connectable to each other via a network, wherein the control device controls the controlled device.
The controlled device includes means installed in the control device, the control device storing a control program for controlling the device,
The remote control device includes means for transmitting a message to the control program,
The control device includes means for receiving the message from the remote control device,
An apparatus control system for controlling the controlled apparatus according to the control program installed in the control apparatus and the received message. A control device in a device control system comprising a control device, a controlled device, and a remote control device, the control device being connectable to each other via a network,
Either a control program stored in the controlled device for the control device to control the controlled device, or another control program stored in the remote control device for the control device to control the controlled device. Has a means for selecting as an installed control program for controlling the controlled device,
A control device, wherein the controlled device is controlled using the selected control program. The control device according to claim 4, wherein the selecting unit of the control device selects the control program based on versions of the control program and the other control program. A control device in a device control system comprising a control device, a controlled device, and a remote control device, the control device being connectable to each other via a network,
The control device includes means for receiving a message from the remote control device,
The control device stored in the controlled device has a control program for controlling the controlled device installed from the controlled device, and the controlled device is controlled according to the control program installed in the control device and the received message. A control device for controlling the device.

Images