WO2023031517A1 - Appareil et système à commande sécurisée - Google Patents

Appareil et système à commande sécurisée Download PDF

Info

Publication number
WO2023031517A1
WO2023031517A1 PCT/FI2022/050567 FI2022050567W WO2023031517A1 WO 2023031517 A1 WO2023031517 A1 WO 2023031517A1 FI 2022050567 W FI2022050567 W FI 2022050567W WO 2023031517 A1 WO2023031517 A1 WO 2023031517A1
Authority
WO
WIPO (PCT)
Prior art keywords
sensor
luminaire
network
components
lighting
Prior art date
Application number
PCT/FI2022/050567
Other languages
English (en)
Inventor
Leo Hatjasalo
Original Assignee
Leo Hatjasalo
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Leo Hatjasalo filed Critical Leo Hatjasalo
Publication of WO2023031517A1 publication Critical patent/WO2023031517A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05BELECTRIC HEATING; ELECTRIC LIGHT SOURCES NOT OTHERWISE PROVIDED FOR; CIRCUIT ARRANGEMENTS FOR ELECTRIC LIGHT SOURCES, IN GENERAL
    • H05B47/00Circuit arrangements for operating light sources in general, i.e. where the type of light source is not relevant
    • H05B47/10Controlling the light source
    • H05B47/105Controlling the light source in response to determined parameters
    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05BELECTRIC HEATING; ELECTRIC LIGHT SOURCES NOT OTHERWISE PROVIDED FOR; CIRCUIT ARRANGEMENTS FOR ELECTRIC LIGHT SOURCES, IN GENERAL
    • H05B47/00Circuit arrangements for operating light sources in general, i.e. where the type of light source is not relevant
    • H05B47/10Controlling the light source
    • H05B47/175Controlling the light source by remote control
    • H05B47/19Controlling the light source by remote control via wireless transmission
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02BCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
    • Y02B20/00Energy efficient lighting technologies, e.g. halogen lamps or gas discharge lamps
    • Y02B20/40Control techniques providing energy savings, e.g. smart controller or presence detection

Definitions

  • the invention relates to an apparatus and a system. Some embodiments of the invention relate to a luminaire and a lighting system, e.g. an infrastructure lighting system.
  • Lighting control systems are widely used on both indoor and outdoor lighting of commercial, industrial and residential spaces.
  • a typical lighting control system is a lighting control solution that incorporates communication between various system inputs and outputs related to lighting control with the use of one or more computing devices.
  • Lighting controls can be implemented for example as stand-alone control of the lighting within a space. This may include occupancy sensors, timeclocks, and photocells that are hard-wired to control fixed groups of lights independently. There are also lighting control systems which comprise a networked system of devices related to lighting control. These devices may include relays, occupancy sensors, photocells, light control switches, network switches, routers, control units or touchscreens, and signals from other building systems, such as fire alarm or HVAC. Adjustment of the system can be done at device locations or at central computer locations via software programs or other interface devices. Because of low bandwidth between the components in the prior art systems, the prior art systems are able to achieve only static lighting control which is not able react to changing conditions in a rapid manner. This way light produced by the luminaires cannot be optimally adjusted.
  • the prior art systems also require multiple devices, such as different control units, network units, routers and switches as described above. This causes latency in the system as a command sent to a luminaire has to be transferred via multiple control units or other components.
  • information security of the lighting systems is concerned the high number of separate components, usually also from many different vendors, causes problems because security of all separate devices has to be ensured.
  • the prior art systems are not secure enough for example for infrastructure lighting because they comprise so many components that it may be impossible to reach an acceptable security level with the existing systems as security of every component can’t be examined in enough detail. For these reasons there is a need for a securely controllable lighting system which is able to implement dynamic lighting control.
  • An apparatus according to the invention is characterized by what is stated in claim 1 .
  • the luminaire according to the invention is characterized by what is stated in claim 2.
  • the apparatus according to the invention is also characterized by what is stated in claims 2 - 7.
  • the system according to the invention is characterized by what is stated in claim 8.
  • the system according to the invention is also characterized by what is stated in claims 9 - 18 relating to the system.
  • the invention relates to an apparatus.
  • the apparatus comprises a data processing unit configured to control the apparatus, a network communications interface for communicating with an external device, such as a server, a service, a sensor, a luminaire and/or a controlling device, and a memory configured to store commands and/or sensor related data.
  • the apparatus is configured to encrypt data transmissions carried out via the communications interface, to perform authentication of the external device from which a command, a control signal and/or a sensor related data was received, and to respond to the authentication request from the external device in order to carry out two-way authentication, e.g. mutual authentication, with the external device.
  • the invention relates to a luminaire.
  • the luminaire comprises at least one light source, such as a LED-light source, a data processing unit configured to control the luminaire and light produced by the at least one light source of the luminaire, a network communications interface for communicating with an external device, such as a server, a service, a sensor, a luminaire and/or a controlling device and a memory configured to store commands and/or sensor related data.
  • the luminaire is configured to encrypt data transmissions carried out via the communications interface and the luminaire is configured to perform authentication of the external device from which a command, a control signal and/or a sensor related data was received, and to respond to the authentication request from the external device in order to carry out two-way authentication, e.g. mutual authentication, with the external device.
  • the luminaire is configured to adjust the light intensity, frequency and/or wavelength of the at least one light source based on the received command, received control signal and/or sensor related data, such as sensor observation.
  • the luminaire comprises a sensor or a sensor is arranged in connection with the luminaire.
  • the sensor can be for example one of: a radar sensor, a microwave sensor, a microphone, an occupancy sensor, a video sensor, a humidity sensor, a light sensor, an accelerometer, a gas sensor, a thermometer.
  • the components of the luminaire such as data processing unit, network communications interface and memory, are integrated in connection with the luminaire or to the structure of the luminaire.
  • the luminaire is configured for operation with a DC power source. This way no AC to DC conversion has to be done at the luminaire.
  • the invention relates to a system comprising components which comprise at least one apparatus and a controlling entity or device for controlling the at least one apparatus.
  • the components of the system are configured to communicate with each other via a communications network and data communication between the components of the system is encrypted, and components of the system are configured to authenticate each other.
  • the invention relates to a lighting system comprising lighting system components which comprise at least one luminaire and a controlling entity or device for controlling the luminaires.
  • the luminaire can be controlled directly by the controlling entity and/or via an application, a server or service, e.g. a cloud service.
  • the components of the lighting system are configured to communicate with each other via a communications network and data communication between the components of the lighting system is encrypted, and components of the lighting system are configured to authenticate each other.
  • the system is configured to implement Zero Trust approach of operation between the components of the lighting system.
  • the authentication between the components is a two-way authentication, e.g. mutual authentication, and/or the authentication comprises checking that received message was from an authentic party and the received request was valid.
  • authentication comprises two-way authentication, e.g. mutual authentication, between every component in a control path between the controlling entity and the controlled luminaire.
  • the communication network comprises at least one of the following: a mobile network, such as a 4G-network, 5G-network, a wireless network, such as a Wi-Fi-network, a mesh-network, such as a Zigbee- or Bluetooth Mesh-network.
  • a mobile network such as a 4G-network, 5G-network
  • a wireless network such as a Wi-Fi-network
  • a mesh-network such as a Zigbee- or Bluetooth Mesh-network.
  • the system is arranged to control the luminaires to implement human centric lighting by adjusting the light intensity, frequency and/or wavelength of the light produced by at least one luminaire.
  • the system is arranged to control the luminaires to implement positioning of people and/or devices, e.g. indoor positioning.
  • the system is arranged to control the luminaires to enhance image recognition with the sensors of the system and/or to support mesopic vision applications.
  • the system is configured to adjust the luminaires based on sensor observation data, e.g. from the sensor of the luminaire, a sensor of another luminaire, sensor of the system and/or an individual sensor.
  • the system is connected to an external system, for controlling lighting according to other systems, such as an emergency lighting system, an emergency guidance system and/or a building automation system.
  • the system is configured to adjust the light produced by the luminaires based on an input from an external system
  • the solution of the invention it’s possible to provide a safe and reliably controllable lighting system with which risk of unauthorized use and cyber-attacks against the system, e.g. an infrastructure lighting system, can be avoided or at least minimized.
  • many features, and operational units of the system are integrated to apparatus, such as a luminaire. Therefore, the number of components in the system can be kept low and that way it is easier also to ensure the safety of the system against unauthorized use of cyber-attacks as there are less components in the system. Because less separate components are needed, the components of the system can be designed and/or analyzed in a thorough way to ensure that risk for cyber-attacks or unauthorized use can be kept low.
  • the high level of integration also provides other benefits such as high energy efficiency and high operational efficiency.
  • the luminaires of the invention are able to communicate with modern networks, such as 4G- or 5G- networks, the transfer speeds can be kept high and latency low in the communication between the control system and the luminaires. This way lighting control can be implemented dynamically and/or in real time. This opens up many possibilities and use cases which have not been possible to implement with the prior art systems in which the data communication speeds between the backend of control unit of the system and the luminaire have been low and latency has been high.
  • the secure and fast reacting lighting system of the invention comprising sensors for observing the surrounding conditions.
  • These example use cases can comprise for example implementing human centric lighting by adjusting the light intensity, frequency and/or wavelength of the light produced by the luminaire, e.g. based on sensor observations, controlling the luminaires to implement positioning of people and/or devices, e.g. indoor positioning, controlling the luminaires to enhance image recognition and/or to support mesopic vision applications.
  • the lighting and related light parameters can be parameterized and/or adjusted securely and fast on a case-by-case basis based of the dynamic environmental changes, an optimal starting position for observation and vision can be achieved, significantly improving personal safety in both public and private spaces.
  • a plurality of refers herein to any positive integer starting from two, e.g. to two, three, or four.
  • the terms “first”, “second” and “third” do not denote any order, quantity, or importance, but rather are used to distinguish one element from another.
  • Fig. 1 presents a diagrammatic and simplified arrangement of one example embodiment of the lighting system and the control path between the luminaire and the controlling entity
  • Fig. 2 presents a diagrammatic and simplified arrangement of one example embodiment of the lighting system and the control path between the luminaire and the controlling entity
  • Fig. 3 presents a diagrammatic and simplified structure of one example embodiment of the luminaire and power path options provided for the luminaire
  • Fig. 4 presents in a simplified manner one example embodiment related to using the lighting system for public awareness broadcasting
  • Fig. 5 presents in a simplified manner one example embodiment related to using the lighting system for guiding people and/or vehicles.
  • Fig. 1 presents in a diagrammatic and simplified way of one example embodiment of the lighting system and the control path between the luminaire 100, i.e. the control target, and the controlling entity 102, i.e. the control source.
  • the control entity can send instructions and commands to luminaires through a network, such as a mobile network.
  • the luminaires 101 can send information the to the controlling entity, such as status of the luminaire and/or sensor related information, gathered from surroundings of the sensor and/or the luminaire.
  • data can be communicated synchronously and/or with high transfer speed and low latency.
  • the luminaire can be controlled directly by the controlling entity and/or via an application, a server or service, e.g. a cloud service.
  • the controlling entity can be an external device, such as a server, service, application, a sensor or a group of sensors, a user device and/or a luminaire, e.g. another luminaire.
  • a luminaire used in the system of the invention can comprise a data processing unit, a network communications interface and a memory. These components are integrated in connection with the luminaire or to the structure of the luminaire. As the luminaires comprise integrated communication interface for communicating through a network, the structure of the system can be kept simple which further enables energy efficiency, high communication throughput and low latency. And as described above, also data security can be enhanced this way as there are less vulnerable components in the system.
  • the reliability, security and fast communication channel between the luminaire, sensors of the system and control entity enable many use cases.
  • the system an/or luminaire can be arranged to control the luminaires by adjusting the light intensity, frequency and/or wavelength of the light produced by at least one luminaire and/or to adjust of luminous energy, luminous flux, luminous power, luminous intensity and/or luminance of the light produced by the light source.
  • the system and or luminaire can adjust the light beam, e.g. direction of the light beam, of the light produced by the luminaire.
  • the adjustment of the luminaire can be an electrical adjustment and control for light sources of the luminaire and/or mechanical adjustment of e.g. optical components of the luminaire.
  • the system is arranged to control the luminaires to implement human centric lighting by adjusting the light produced by the luminaires.
  • human centric lighting applications light produced by the luminaires is controlled and parameterized in different contexts so that it influences human behavior in the desired way.
  • data from sensor(s) about the surrounding conditions is required.
  • simultaneous and continuous detections and immediate dynamic control of many parameters are needed to achieve optimal lighting conditions.
  • This kind of dynamic and human centric lighting control can be implemented in an efficient and safe manner with the solution of the invention enabling wide bandwidth communication from the sensors to other components of the system so that light properties can be optimally parameterized and/or adjusted according to current environment.
  • the system is arranged to control the luminaires to support mesopic vision applications.
  • mesopic vision applications the spectrum and amount of light, e.g. light intensity on a case-by-case basis, is adjusted according to the sensitivity curve of the eye under different vision conditions. As the light level decreases, the eye becomes more sensitive to the shortest wavelengths of light.
  • the design of a system supporting mesopic vision applications, for example in outdoor lighting in dim or dark conditions, is very demanding because the selected light quality parameters (visual optimized radiation spectrum and light color) required for lighting design should be simultaneously adjusted to changing surrounding visual conditions, such as humidity, temperature and lighting level. For this reason, the system needs sensors to produce sensor observations for observing the conditions of the surrounding area.
  • this kind of dynamic lighting control can be implemented in an efficient and safe manner with the solution of the invention enabling wide bandwidth communication from the sensors to other components of the system so that light properties can be optimally parameterized and/or adjusted according to current environment.
  • the system is arranged to control the luminaires to implement positioning of people and/or devices, e.g. indoor positioning.
  • indoor positioning can be implemented for example via visible light communication so that every luminaire sends its own signal, identification, and/or location and a user device is able to determine the area or location based on this received information.
  • the system is arranged to control the luminaires to enhance image recognition with the sensors of the system.
  • Al image recognition can be enhanced for example by adjusting the light produced by the luminaire so that a sensor, such as an image sensor or a camera 103, is able to recognize and determine shapes and other features of the objects in its monitored area as well as possible.
  • Figure 2 highlights in more detail the simplified structure of one example embodiment of the lighting system and the control path between the luminaire 201 and the controlling entity 202.
  • the lighting system of the invention can comprise at least one luminaire.
  • the system can further comprise an application, a server or service, e.g. cloud service, and a controlling entity or device for controlling the luminaires via the application, server or service.
  • the controlling the luminaires can be carried out directly from the controlling entity, e.g. an end-user device and/or another luminaire.
  • lighting control is carried out via the server and or a service, such as a cloud service.
  • lighting control can be implemented by combining the previously mentioned embodiments, e.g. both direct control from a device and/or luminaire and control via a server or service can be supported.
  • the components of the lighting system are configured to communicate with each other via a communications network.
  • data communication between the components of the lighting system is encrypted.
  • the components of the lighting system are configured to authenticate each other.
  • encrypting data and/or authenticating parties are optional features and don’t have to be carried out or implemented.
  • the system can be provided with an API through which the commands and sensor observations can be communicated to correct parties.
  • the solution and system of the invention can implement Zero Trust approach of operation between the components of the lighting system.
  • the Zero Trust approach can for example require that all components all mutually authenticated to ensure secure operation of the system.
  • the Zero Trust approach can advocate mutual authentication (i.e. two-way authentication), for example including checking the identity and integrity of devices without respect to location, and/or providing access to applications and services based on the confidence of device identity and device health in combination with user authentication.
  • the authentication between the components is carried out as a two-way authentication, i.e. as mutual authentication where both components authenticate each other.
  • the authentication comprises checking that the received message was from an authentic party and the received request was valid.
  • the authentication can comprise two-way authentication between every component in a control path between the controlling entity and the controlled luminaire.
  • the controlling entity (Auth #1 ) sends a control command through a first network element (Auth #2) and a second network element (Auth #3) to the luminaire (Auth #4).
  • mutual authentication i.e.
  • the controlling entity (Auth #1 ) mutually authenticates with the first network element (Auth #2), the first network element (Auth #2) mutually authenticates with the second network element (Auth #3) and the second network (Auth #3) element mutually authenticates with the luminaire (Auth #4).
  • the luminaire can carry out required actions based on the received command, received control signal and/or sensor related data, such as sensor observation.
  • the action can be for example adjusting the light intensity, frequency and/or wavelength of the at least one light source.
  • the communication network through which a command, feedback from the luminaire, or sensor related data is transferred can comprise at least one of the following or a combination of following: fixed network, a mobile network, such as a 4G-network, 5G-network, a wireless network, such as a Wi-Fi-network, a meshnetwork, such as a Zigbee- or Bluetooth Mesh-network.
  • Figure 3 presents a diagrammatic and simplified structure of one example embodiment of the luminaire 301 and also how the power supply for the luminaire can be implemented.
  • the controlled luminaire of the system can comprise at least one light source, such as a LED-light source, a data processing unit configured to control the luminaire and light produced by the at least one light source of the luminaire, a network communications interface for communicating with an external device, such as a server, a service, a luminaire and/or a controlling device, and a memory configured to store commands and/or sensor related data.
  • the luminaire is configured to encrypt data transmissions carried out via the communications interface. Encryption can be implemented e.g. by AES-encryption standard or other encryption standards or techniques.
  • the luminaire is configured to perform authentication of the external device from which a command, a control signal and/or a sensor related data was received, and/or to respond to the authentication request from the external device e.g. in order to carry out two-way authentication with the external device.
  • data encryption or authenticating parties are optional features.
  • the system comprises at least one sensor.
  • the sensor is arranged in connection with the luminaire or to the structure of the luminaire.
  • the sensor is a separate sensor and/or it provides sensor observation related data to luminaire(s).
  • the sensor can be e.g. one of: a radar sensor, a microwave sensor, a microphone, an occupancy sensor, a video sensor, a humidity sensor, a light sensor, an accelerometer, a gas sensor, a thermometer.
  • the sensors of the system don’t have to be expensive and very precise sensors because control precision can be achieved by using multiple sensor detections of e.g. nearby luminaires.
  • a sensor or a group of sensors are configured to control at least one luminaire and/or a group of luminaires.
  • the system is able to provide optimal lighting according to the surrounding conditions, to provide human centric lighting and/or to support mesopic vision applications as described above.
  • One example of such operation in one embodiment of the invention are foggy conditions to which the lighting can be adjusted.
  • the light produced by the luminaire can be adjusted based on the sensed amount of fog or humidity and other lighting conditions so that the light produced by the luminaire is optimal for the conditions so that the people are able to see in these conditions as well as possible.
  • the system is configured to adjust the luminaires based on sensor observation data, e.g. from sensor of the system, the sensor of the luminaire or a sensor of another luminaire.
  • the luminaire can control itself based on the sensor related data it receives.
  • the luminaire or the system controlling the luminaire can control the light produced by the luminaire based on the historical circumstances based on the collected earlier sensor data.
  • the luminaire if the luminaire doesn’t receive any new sensor data or have a network connectivity, it can control itself autonomously based on earlier sensor data. Sensor fusion can be utilized when using sensor observations in adjusting the luminaires.
  • Sensor fusion is a process of combining sensory data or data derived from disparate sources such that the resulting information has less uncertainty than would be possible when these sources were used individually.
  • Sensor fusion can be implemented as a centralized fusion in which the sensors forward all of the data to a central location, e.g. a server or service and/or as a decentralized fusion in which, the sensors and/or luminaires take full responsibility for fusing the data from the sensors, e.g. nearby sensors, or as a combination of centralized and decentralized sensor fusion.
  • Power to the luminaire can be provided in various ways, e.g. from the electricity grid or from a local power source, such as solar cell or battery.
  • Figure 3 presents an AC- DC adapter with a driver but also a direct DC power source can be used which can be more energy efficient than the traditional AD-DC adapter with a LED driver.
  • the luminaire is configured for operation with a DC power source as presented in Figure 3.
  • the network functionality and network interface of the luminaire can provide e.g. mobile data network connectivity to the luminaire.
  • the luminaire can comprise e.g. transceiver configured to communicate with a mobile and/or or wireless network.
  • the luminaire can also comprise an identity module of the mobile network such as a SIM or eSIM.
  • SIM or eSIM-module may be arranged in connection with or to the LED-driver.
  • one luminaire or a group of luminaires can operate autonomously based on sensor observations. In this case the operation doesn’t have to be controlled from a centralized location, such as a server or service.
  • the group of luminaires which operate autonomously can be for example a group of luminaires that are located close to each other and/or within a certain area.
  • the luminaires can be usually operated and controlled via a server or service but if network connection is not operational, the luminaires can operate autonomously as described above.
  • the luminaire can by itself (or in case a group of luminaires, by themselves) control light produced by the luminaire for example based on its sensors or nearby sensors with which the luminaire can communicate.
  • a battery or a second power source can be arranged in connection with the luminaires to offer backup power if the primary power source is not operational.
  • the lighting system is connected to an external system for controlling lighting according to other systems, such as an emergency lighting system, an emergency guidance system and/or a building automation system. In this case the system can adjust the light produced by the luminaires based on an input from an external system.
  • Figure 4 presents in a simplified manner one example embodiment related to using the lighting system for public awareness broadcasting.
  • certain external situations or conditions such as exceptional conditions or emergency situations can be communicated via the visible light produced by the luminaires 401 .
  • the luminaire implements public awareness broadcasting autonomously which is advantageous for example if network infrastructure is not operational.
  • public awareness broadcasting the authorities and public are able to know different situations or conditions in the area where the system is operating.
  • Public awareness broadcasting can be used for example in stadiums, airports or other locations where monitoring and controlling by the authorities is carried out and this way the authorities are for example able to know the operating conditions.
  • Public awareness broadcasting can be implemented e.g. by certain visible signal, for example periodic pulsing of the light and/or changing color and/or wavelength of the light produced by the luminaire.
  • the system and/or luminaire of the system can be able to measure different signals and to use data from sensors in order to enable public awareness broadcasting mode of operation.
  • public awareness broadcasting can be used to indicate if certain measured values from the sensors are within the specified threshold limits.
  • CO2-level or UV-radiation level is over the specified limit and thus an alarm, e.g. a toxic alarm, can be indicated.
  • This can be implemented by providing a pulse of light with certain color, e.g. red color periodically, e.g. so that the light produced by the luminaire changes from the normal light to the pulse periodically.
  • public awareness broadcasting can be used to indicate if certain signal, e.g. GNSS, GPS, or mobile network signal is missing.
  • This can be implemented by providing pulses of during normal operation of the luminaire so that the pulses are added periodically to the normal light produced by the luminaire.
  • two short pulses during the normal light produced by the luminaire can indicate that GNSS-signal is missing, and one short pulse can indicate that the mobile network is not operational.
  • the system can also guide people by using the light produced by the luminaires.
  • Supporting information for the lighting system and/or individual luminaires can be received from external systems such as building automation system and/or fire alarm systems, and/or emergency guidance systems and/or sensors.
  • the luminaires produce light with first color temperature. If some guidance is needed the color and/or wavelength of the light produced by the luminaire can be changed. In the example, if evacuation in the south exits is needed, color of the light can be changed from the first color to the second color. In the example, if evacuation in the north exits is needed, color of the light can be changed from the first color to the third color.
  • Figure 5 presents in a simplified manner one example embodiment related to using the lighting system for guiding people and/or vehicles in a city environment.
  • the light produced by the infrastructure lighting can be used to guide people or vehicles.
  • people can be guided away from the hazardous area.
  • the direction where people are wanted to be guided can be indicated for example by different color of light produced by the luminaires 501 , 502, e.g. first color, for example green, indicating direction where people are wanted to be guided (produced by luminaires 501 in the desired area or direction) and second color, for example red, indicating direction where people or vehicles should not go (produced by luminaires 502 in the no-go area or direction).
  • first color for example green
  • second color for example red
  • the lighting control server or service, controlling device, or a control unit of the system may be a separate processing unit, or it may be a functionality added to some existing components, such as lighting control unit or luminaire.
  • a lighting system component or controller with which the solution of the invention can be used may comprise at least one processor connected to at least one memory.
  • the at least one memory may comprise at least one computer program which, when executed by the processor or processors, causes the component or controller to perform the programmed functionality.
  • the at least one memory may be an internal memory of the at least one processor.
  • the controller may also comprise an input/output interface. Via the input/output interface, the control apparatus may be connected to the required devices or units.
  • the controller may be a control entity configured to implement only the above disclosed operating features, or it may be part of a larger control entity.
  • the system is able to control other components as lighting components or luminaires in a secure manner in the way described above.
  • the system of the invention can comprise at least one component, such as an apparatus, and a controlling entity or device for controlling the components.
  • the component such as an apparatus, can be controlled directly by the controlling entity and/or via an application, a server or service, e.g. a cloud service.
  • the components, such as apparatuses, of the system are configured to communicate with each other via a communications network. Data communication between the components of the system can be encrypted.
  • components of the system are configured to authenticate each other, e.g. as described in connection with the lighting system.
  • One embodiment of the invention relates to an apparatus comprising a data processing unit configured to control the apparatus, a network communications interface for communicating with an external device, such as a server, a service, a sensor, a luminaire and/or a controlling device, and a memory configured to store commands and/or sensor related data.
  • the apparatus is configured to encrypt data transmissions carried out via the communications interface, to perform authentication of the external device from which a command, a control signal and/or a sensor related data was received, and to respond to the authentication request from the external device in order to carry out two-way authentication with the external device.
  • the apparatus is a luminaire comprising at least one light source, such as a LED-light source, a data processing unit configured to control the luminaire and light produced by the at least one light source of the luminaire, a network communications interface for communicating with an external device, such as a server, a service, a sensor, a luminaire and/or a controlling device, and a memory configured to store commands and/or sensor related data.
  • the luminaire is configured to encrypt data transmissions carried out via the communications interface, to perform authentication of the external device from which a command, a control signal and/or a sensor related data was received, and to respond to the authentication request from the external device in order to carry out two-way authentication with the external device.
  • the luminaire is configured to adjust the light intensity, frequency and/or wavelength of the at least one light source based on the received command, received control signal and/or sensor related data, such as sensor observation.
  • the apparatus such as a luminaire, comprises a sensor or a sensor is arranged in connection with the apparatus.
  • the senor is one of: a radar sensor, a microwave sensor, a microphone, an occupancy sensor, a video sensor, a humidity sensor, a light sensor, an accelerometer, a gas sensor, a thermometer.
  • the components of the apparatus e.g. luminaire, such as data processing unit, network communications interface and memory, are integrated in connection with the apparatus or to the structure of the apparatus.
  • the apparatus such as a luminaire, is configured for operation with a DC power source.
  • One embodiment of the invention relates to a system comprising components which comprise at least one apparatus and a controlling entity or device for controlling the at least one apparatus.
  • the components of the system are configured to communicate with each other via a communications network, and data communication between the components of the system is encrypted, and components of the system are configured to authenticate each other.
  • the system is a lighting system or is connected to a lighting system comprising lighting system components which comprise at least one apparatus, which is a luminaire and a controlling entity or device for controlling the luminaires.
  • the components of the lighting system are configured to communicate with each other via a communications network, and wherein data communication between the components of the lighting system is encrypted, and components of the lighting system are configured to authenticate each other.
  • the system is configured to implement Zero Trust approach of operation between the components of the system.
  • the authentication between the components is a two-way authentication and/or the authentication comprises checking that received message was from an authentic party and the received request was valid.
  • authentication comprises two-way authentication between every component in a control path between the controlling entity and the controlled apparatus, such as a controlled luminaire.
  • the communication network comprises at least one of the following: a mobile network, such as a 4G-network, 5G-network, a wireless network, such as a WiFi-network, a mesh-network, such as a Zigbeenetwork or a Bluetooth Mesh-network.
  • a mobile network such as a 4G-network, 5G-network
  • a wireless network such as a WiFi-network
  • a mesh-network such as a Zigbeenetwork or a Bluetooth Mesh-network.
  • the apparatuses are luminaires, and the system is arranged to control the luminaires to implement human centric lighting by adjusting the light intensity, frequency and/or wavelength of the light produced by at least one luminaire.
  • the system is arranged to control the apparatuses, such as luminaires, to implement positioning of people and/or devices, e.g. indoor positioning.
  • the system is arranged to control the apparatuses, such as luminaires, to enhance image recognition with the sensors of the system and/or to support mesopic vision applications.
  • the system is configured to adjust the apparatus, such as a luminaire, based on sensor observation data, e.g. from the sensor of the apparatus, a sensor of another apparatus, sensor of the system, an individual sensor, from the sensor of the luminaire and/or a sensor of another luminaire.
  • sensor observation data e.g. from the sensor of the apparatus, a sensor of another apparatus, sensor of the system, an individual sensor, from the sensor of the luminaire and/or a sensor of another luminaire.
  • the system is connected to an external system, for controlling lighting according to other systems, such as an emergency lighting system, an emergency guidance system and/or a building automation system, and/or the system is configured to adjust the light produced by the luminaires based on an input from an external system.
  • the components or other parts of the exemplary embodiments can include computer readable medium or memories for holding instructions programmed according to the teachings of the present embodiments and for holding data structures, tables, records, and/or other data described herein.
  • Computer readable medium can include any suitable medium that participates in providing instructions to a processor for execution.
  • Computer-readable media can include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, any other suitable magnetic medium, a CD-ROM, CD ⁇ R, CD ⁇ RW, DVD, DVD- RAM, DVD1 RW, DVD ⁇ R, HD DVD, HD DVD-R, HD DVD-RW, HD DVD- RAM, Blu- ray Disc, any other suitable optical medium, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other suitable memory chip or cartridge or any other suitable medium from which a computer can read.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Circuit Arrangement For Electric Light Sources In General (AREA)

Abstract

L'invention concerne un appareil, tel qu'un luminaire (101) pour un système d'éclairage, comprenant une unité de traitement de données (102) configurée pour commander l'appareil, une interface de communication de réseau pour communiquer avec un dispositif externe, tel qu'un serveur, un service, un capteur, un luminaire et/ou un dispositif de commande, et une mémoire configurée pour stocker des commandes et/ou des données associées au capteur. L'appareil est configuré pour chiffrer des transmissions de données effectuées par l'intermédiaire de l'interface de communication, et l'appareil est configuré pour effectuer une authentification du dispositif externe en provenance duquel une commande, un signal de commande et/ou des données associées à un capteur ont été reçus, et pour répondre à la demande d'authentification provenant du dispositif externe afin d'effectuer une authentification réciproque avec le dispositif externe.
PCT/FI2022/050567 2021-08-31 2022-08-31 Appareil et système à commande sécurisée WO2023031517A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20215908 2021-08-31
FI20215908 2021-08-31

Publications (1)

Publication Number Publication Date
WO2023031517A1 true WO2023031517A1 (fr) 2023-03-09

Family

ID=85410890

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2022/050567 WO2023031517A1 (fr) 2021-08-31 2022-08-31 Appareil et système à commande sécurisée

Country Status (1)

Country Link
WO (1) WO2023031517A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190230773A1 (en) * 2016-08-12 2019-07-25 Signify Holding B.V. Controlled device and method for setting up same
KR20210031149A (ko) * 2019-09-11 2021-03-19 주식회사 아프로스 보안 IoT 스마트 센서 디바이스
WO2021058608A1 (fr) * 2019-09-27 2021-04-01 Valeo Vision Dispositif et procede de commande de sources lumineuses matricielles
CN113132087A (zh) * 2019-12-30 2021-07-16 国民技术股份有限公司 物联网、身份认证及保密通信方法、芯片、设备及介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190230773A1 (en) * 2016-08-12 2019-07-25 Signify Holding B.V. Controlled device and method for setting up same
KR20210031149A (ko) * 2019-09-11 2021-03-19 주식회사 아프로스 보안 IoT 스마트 센서 디바이스
WO2021058608A1 (fr) * 2019-09-27 2021-04-01 Valeo Vision Dispositif et procede de commande de sources lumineuses matricielles
CN113132087A (zh) * 2019-12-30 2021-07-16 国民技术股份有限公司 物联网、身份认证及保密通信方法、芯片、设备及介质

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Zero Trust Cybersecurity for the Internet of Things", MICROSOFT AZURE, 30 April 2021 (2021-04-30), XP093043332, Retrieved from the Internet <URL:https://azure.microsoft.com/mediahandler/files/resourcefiles/zero-trust-cybersecurity-for-the-internet-of-things/Zero%20Trust%20Security%20Whitepaper_4.30_3pm.pdf> [retrieved on 20230502] *

Similar Documents

Publication Publication Date Title
US9578033B2 (en) Security profile management in a machine-to-machine messaging system
US20180034913A1 (en) System and method for controlling internet of things devices using namespaces
US10117308B2 (en) Associating information with an asset or a physical space
US10868689B2 (en) Management device of internet-of-thing devices, communication system and communication method
US11869321B2 (en) Blending inputs and multiple communication channels
CN107079266B (zh) 用于控制设备的方法和系统
KR20140068809A (ko) 위치 결정 시스템 및 방법과, 계산 장치 어플리케이션들의 위치 기반 수정
US20200066126A1 (en) System, Apparatus And Method For Low Latency Detection And Reporting Of An Emergency Event
CN109716866B (zh) 无线灯具配置
WO2014022856A1 (fr) Plate-forme et dispositifs de médias sociaux mobiles
US11219112B2 (en) Connected controls infrastructure
AU2017278675A1 (en) Associating information with an asset or a physical space
ES2785124T3 (es) Sistema y procedimiento para controlar parámetros de red para una serie de paneles de control de seguridad doméstica/sistemas domésticos
US20180310176A1 (en) Methods and Systems For Authenticating a Device to a Wireless Network
KR101946616B1 (ko) 지능형 화재인식 관리 시스템 및 방법
WO2023031517A1 (fr) Appareil et système à commande sécurisée
JP5929890B2 (ja) 無線中継装置、無線通信システム、及び情報設定方法
US10356885B2 (en) Installing and commissioning transceivers coupled to loads
EP3217768B1 (fr) Mise en service sécurisée de dispositifs d&#39;éclairage sans fil
US20230354062A1 (en) Autonomous provisioning of a decentralized network
US10798572B2 (en) System and method for secure appliance operation
KR102307726B1 (ko) 근접 통신을 이용한 건물 자동화 시스템
EP4073958B1 (fr) Dispositif informatique
EP4301097A1 (fr) Système et procédé de mise en service d&#39;éléments d&#39;un système d&#39;éclairage
US11632847B2 (en) Lighting device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22863705

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE