WO2023131552A1 - A lighting device access and control system - Google Patents

A lighting device access and control system Download PDF

Info

Publication number
WO2023131552A1
WO2023131552A1 PCT/EP2022/087683 EP2022087683W WO2023131552A1 WO 2023131552 A1 WO2023131552 A1 WO 2023131552A1 EP 2022087683 W EP2022087683 W EP 2022087683W WO 2023131552 A1 WO2023131552 A1 WO 2023131552A1
Authority
WO
WIPO (PCT)
Prior art keywords
central communication
communication device
authentication
authentication token
remote control
Prior art date
Application number
PCT/EP2022/087683
Other languages
French (fr)
Inventor
Walter Jeroen Slegers
Etienne Marie BERTOU
Original Assignee
Signify Holding B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Signify Holding B.V. filed Critical Signify Holding B.V.
Publication of WO2023131552A1 publication Critical patent/WO2023131552A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05BELECTRIC HEATING; ELECTRIC LIGHT SOURCES NOT OTHERWISE PROVIDED FOR; CIRCUIT ARRANGEMENTS FOR ELECTRIC LIGHT SOURCES, IN GENERAL
    • H05B47/00Circuit arrangements for operating light sources in general, i.e. where the type of light source is not relevant
    • H05B47/10Controlling the light source
    • H05B47/175Controlling the light source by remote control
    • H05B47/19Controlling the light source by remote control via wireless transmission

Definitions

  • the invention relates to a system for providing access to at least one lighting device such as to enable controlling the at least one lighting device, the system comprising a central communication device, a remote control device and an authentication service.
  • the Hue system is unique in that it can be controlled on a local network (i.e. without using Cloud services) as well as from services on the internet (e.g. voice assistants and out-of-home access) via Cloud services. Other similar systems tend to route all traffic though the Cloud, including traffic from apps on local phones.
  • the Hue system uses two different mechanisms: one for local and another one for remote access.
  • the local mechanism authorizes clients (in-home mobile apps) to access a specific bridge.
  • the remote access mechanism authorizes clients (out-of-home mobile apps, cloud services) to access bridges linked to a user’s account.
  • US 2020077476 Al discloses a system for controlling lighting devices which includes a processor in communi ca-ti on with a portable electronic device.
  • the processor is configured to receive geolo-cation data corresponding to an electronic device, and identify one or more light-enabled facilities that are within a distance range of the electronic device.
  • Each of the light-enabled facilities comprises a controller that is communicatively coupled to one or more lighting devices in a network of lighting devices.
  • the system is further configured to receive a light operation request comprising a selected one of the light-enabled facilities and a scene from the electronic device, and transmit the light oper-ation request to cause the controller to activate at least one lighting device at the se-lected light enabled facility according to the scene to the controller at the selected light-enabled facility.
  • WO 2016/048795 Al discloses a routing device capable of performing application layer data caching.
  • the techniques described can be used to perform analysis of the underlying application data in the network traffic transiting though a routing device in order to determine if the data is to be cached. Criteria can include the number of previous requests for the same data within a time interval, possibly collected from a group of routing devices.
  • the data may also be cached in a distributed way on several routing devices.
  • the routing device may also analyze data sent across secure connections. However, in this solution the routing device is always present in the communication, including in the communication between the client device and the application data host.
  • a system for providing access to at least one lighting device such as to enable controlling the at least one lighting device
  • the system comprising a central communication device, a remote control device and an authentication service
  • the remote control device is configured to request and receive an authentication token from the authentication service, and send the authentication token to the central communication device
  • the central communication device is configured to receive the authentication token from the remote control device, add an identification of the central communication device to the authentication token, and send the authentication token and added identification to the authentication service, with a request for verification of whether the authentication token has the central communication device linked to it and whether an application on the remote control device identified by the authentication token has received access rights from the user account
  • the authentication service is configured to receive the request for verification from the central communication device, verify, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it, verify whether an application on the remote control device identified by the authentication token has received access rights from the user account, if the request for verification is to
  • the central communication device verifies the authentication token received from the remote control device and to that end adds an identification to the authentication token, it is ensured that the communication flow between the central communication device, the remote control device and the authentication service is always direct between the two relevant entities.
  • a system for controlling at least one lighting device is provided with a simplified authentication for clients and with which only one authentication key is needed and with which the dependency on a separate local authorization key is thus removed.
  • such a system for controlling lighting devices is provided with an improved security for users with respect to newly authorized apps, and with which the ability for local only authentication is kept.
  • a system for controlling lighting devices allows for a central revocation, system wide or user account wide, for users.
  • the authentication token comprises information regarding a user account and an application.
  • the authentication token identifies a user and an application, such as an application run by the remote control device, in a particularly simple and secure manner.
  • the authentication token includes an application ID.
  • the authentication token identifies the application run by the remote control device in a particularly simple and secure manner.
  • the authentication token further includes a user ID. Thereby, the authentication token further identifies a user of the remote control device or of the application in a particularly simple and secure manner. In an embodiment, if the central communication device receives a reply from the authentication device confirming verification, the central communication device is configured to proceed to process a lighting device control request received from the remote control device.
  • the central communication device is configured to proceed to process the lighting device control request received from the remote control device by checking whether it has a local access token for an application identified in the application metadata, and, if required, create the local access token.
  • the central communication device is configured to proceed to process the lighting device control request received from the remote control device by directly using the application metadata.
  • the central communication device is configured to maintain a cache of authentication tokens used within a period of time preceding the receipt of the authentication token by the central communication device, for instance preceding the latest receipt of an authentication token by the central communication device.
  • the cache is updated by the authentication service when a new authentication token is sent to the remote control device.
  • the remote control device is configured to act as a proxy for routing the request for verification from the central communication device to the authentication service.
  • a system is provided which also is fully operational even in case the central communication device device has no connection to the internet for a short period of time (e.g. due to rebooting a modem providing the internet access) or for extended periods of time (e.g. due to the modem being turned off, for instance to save costs, or due to the internet provider being down), since the central communication device may then still be able to verify the bearer of the authentication token with the authentication device.
  • the remote control device serves as the proxy for the request of the central communication device either through universal links redirects or with a service callout and response to the request of the central communication device.
  • the remote control device is configured to act as a proxy in a particularly simple manner.
  • the authentication token is configured to be valid for a predetermined period of time.
  • the predetermined period of time may be a predetermined number of days or weeks.
  • the application metadata comprises one or more of an application identifier and a name.
  • the application metadata is configured for one or more of providing access to the at least one lighting device and enabling controlling the at least one lighting device in a particularly simple manner.
  • the remote control device is located locally.
  • the remote control device is located in the same environment or on the same wireless network as the at least one lighting device.
  • the remote control device is located remote from the environment in which the lighting device is located.
  • the remote control device has access to and is accessible via the internet.
  • the central communication device is located locally.
  • the central communication device is located in the same environment or on the same wireless network as the at least one lighting device.
  • the authentication device is a cloud service. In an embodiment, the authentication device is comprised in a cloud service. In an embodiment, the authentication device is a central computer or a server. In an embodiment, the authentication device is located remote from the environment in which the central communication device and the lighting device is located.
  • the authentication device is run on a remote server or a cloud server.
  • the authentication device is accessible via the internet.
  • a method for providing access to a plurality of lighting devices such as to enable controlling at least one lighting device of the plurality of lighting devices, using a system comprising a central communication device, a remote control device and an authentication service
  • the method comprising the steps of by the remote control device requesting and receiving an authentication token from the authentication service, and sending the authentication token to the central communication device, by the central communication device receiving the authentication token from the remote control device, adding an identification of the central communication device to the authentication token, and sending the authentication token and the added identification to the authentication service, with a request for verification of whether the authentication token has the central communication device connected to it and whether the application has received access rights from the user account, and by the authentication service receiving the request for verification from the central communication device, verifying, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it, verifying whether an application on the remote control device identified by the authentication token has received access rights from the user account, if the request for verification is to
  • the central communication device if the central communication device receives a reply from the authentication device confirming verification, the central communication device proceeds to process a lighting device control request received from the remote control device.
  • the central communication device proceeds to process the lighting device control request received from the remote control device by checking whether it has a local access token for an application identified in the application metadata, and, if required, creating the local access token.
  • the central communication device proceeds to process the lighting device control request received from the remote control device by directly using the application metadata.
  • Fig. 1 schematically shows a system for controlling at least one lighting device.
  • Fig. 2 schematically shows the system according to Fig. 1 in more detail.
  • Fig. 3 shows a flow diagram illustrating the flow of communication between the components of the system according to Fig. 1 or 2.
  • FIG. 4 and 5 shows a flow diagram illustrating embodiments of the process
  • Like reference numerals refer to like elements throughout.
  • Fig. 1 schematically shows a system 100 for controlling a lighting device 1.
  • the system 100 comprises a remote control device 2, a central communication device 3 and an authentication service 4.
  • the system may comprise any feasible number of lighting devices 1, such as one lighting device 1, one or more lighting devices 1 or a plurality of lighting devices 1, say 3, 4, 6, 10 or 20 lighting devices 1.
  • the remote control device 2 may be any suitable remote control device such as a remote control, a computer, a tablet computer, a mobile telephone or an loT device.
  • the remote control device 2 may be located locally, and more specifically in the same environment as the lighting device 1.
  • the lighting device 1 and the central communication device 3 are typically connected via a Zigbee network, while the remote control device 2 and the central communication device 3 are typically connected via an IP network, such that the lighting device 1 and the remote control device 2 are on different networks even if they may well be physically next to each other in the same room.
  • the remote control device 2 may be located locally, and more specifically in on the same wireless network (e.g. a Zigbee network or an IP network) as the lighting device 1.
  • the remote control device 2 may be located remote from the environment in which the lighting device 1 is located.
  • the remote control device 2 has access to and is accessible via the internet.
  • the remote control device 2 may also be a cloud based device or a cloud based voice device, such as Amazon Alexa, or the like.
  • the remote control device 2 may be a portable device, which can be used remotely and locally by a user for controlling the lighting devices 1.
  • the central communication device 3 may be any suitable central communication device, such as a bridge.
  • the central communication device 3 is located locally, and more specifically in the same environment or on the same wireless network as the lighting device 1.
  • the central communication device 3 has access to and is accessible via the internet.
  • the authentication device 4 may be a cloud service. Alternatively, the authentication device 4 may be comprised in a cloud service. It is also feasible that the authentication device 4 may be a central computer such as a server. The authentication device 4 is in any event run on a remote server or a cloud server, i.e. remote from the environment in which the central communication device 3 and the lighting device 1 is located. The authentication device 4 is accessible via the internet.
  • the arrows 21-23 and 31-33 on Fig. 1 illustrate the communication flows in the system 100.
  • the remote control device 2 may transmit information to (arrow 21) and receive information from (arrow 22) the authentication device 4.
  • the central communication device 3 may receive information from (arrow 23) the remote control device 2 as well as transmit information to (arrow 31) and receive information from (arrow 32) the authentication device 4.
  • the central communication device 3 may also transmit information to (arrow 33) the at least one lighting device 1.
  • the authentication device 4 may transmit information to (arrow 22) and receive information from (arrow 21) the remote control device 2 as well as transmit information to (arrow 32) and receive information from (arrow 31) the central communication device 3.
  • Fig. 2 shows the system 100 according to Fig. 1 in more detail. Further reference is made to Fig. 3, which shows a flow diagram illustrating the flow of communication between the remote control device 2, the central communication device 3 and the authentication service 4 of the system 100 for controlling a lighting device 1.
  • the remote control device 2 is configured to request 201 an authentication token 6 from the authentication service 4, receive 202 the authentication token 6 from the authentication service 4, and send 203 the authentication token 6 to the central communication device.
  • the authentication token 6 comprises information 7 regarding a user account and/or information 8 regarding an application desiring access to the central communication device 3 such as to enable sending a request 14 for controlling the lighting device 1 to the central communication device 3, and via central communication device 3 to the lighting device 1.
  • the application is typically, although not limited to, an application on the remote control device 2.
  • the authentication token 6 may include an application ID.
  • the authentication token 6 may further include a user ID.
  • the authentication token 6 may be any suitable type of authentication token or access token, such as e.g. a standard so-called oAuth token.
  • the authentication token 6 may be configured to be either permanently valid or valid until it has been used for its intended purpose.
  • the authentication token 6 may also be configured to be valid for a predetermined period of time.
  • the predetermined period of time may be a predetermined number of days or weeks.
  • the central communication device 3 is configured to receive 301 the authentication token 6 from the remote control device 2, add 302 an identification 10 of the central communication device to the authentication token, and send 303 the authentication token 6 and added identification 10 to the authentication service 4 together with a request 11 for verification of whether the authentication token 6 has the central communication device 3 linked to it and whether the application has received access rights from the user account.
  • the identification 10 may be an identification of the central communication device 3.
  • the authentication service 4 is configured to receive 401 the authentication token 6 and added identification 10 together with the request 11 from the central communication device 3.
  • the authentication service 4 is configured to verify, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it, and to verify whether an application on the remote control device identified by the authentication token has received access rights from the user account.
  • the user account may be stored in a memory, for instance located at the authentication service 4, accessible by the authentication service 4.
  • the authentication service 4 then sends 403 a reply to the central communication device 3 declining verification.
  • the remote control device 2 is then denied access to the central communication device 3. In other words, the central communication device 3 declines carrying out any orders or requests from the remote control device 2.
  • the authentication service 4 then sends 402 a reply 12 to the central communication device 3 confirming verification, the reply comprising application metadata 13.
  • the application metadata 13 comprises data for at least one or more of providing access to the at least one lighting device 1 and enabling controlling the at least one lighting device 1.
  • the application metadata 13 may comprise at least one of an application identifier and a name.
  • the central communication device 3 may then proceed to process 304 lighting device control requests 14 received from the remote control device.
  • the lighting device control requests 14 comprises a request to control the lighting device(s) 1 of the system 100 in a desired manner.
  • the central communication device 3 may for instance proceed to process a lighting device control request 14 received from the remote control device 2 by checking 3041 whether it has a local access token for an application identified in the application metadata 13, and, if required, creating 3042 the local access token.
  • the central communication device 3 may for instance proceed to process a lighting device control request 14 received from the remote control device 2 by directly using 3043 the application metadata 13.
  • the central communication device 3 then sends the lighting device control request 14 to the lighting device 1 to be controlled.
  • the lighting device control request 14 may for instance comprise a request to dim the lighting device 1, to brighten the lighting device 1, to turn the lighting device 1 off, to turn the lighting device 1 on or to operate the lighting device 1 in a defined pattern.
  • the central communication device 3 may be configured to maintain a cache 5 of authentication tokens 6 used within a period of time preceding the receipt of the authentication token 6 by the central communication device 3.
  • the period of time preceding the receipt of the authentication token 6 by the central communication device 3 may for instance be chosen to be a number of hours, days or weeks.
  • the cache 5 may further be updated by the authentication service 4 when a new authentication token 6 is sent to the remote control device 2.
  • the remote control device 2 may still have such access. Then it is feasible that the remote control device 2 may be configured to act as a proxy for routing the authentication token 6 and added identification 10 together with a request 11 for verification of whether the authentication token 6 has the central communication device 3 linked to it and whether the application has received access rights from the user account when sent from the central communication device 3 to the authentication service 4.
  • a system 100 according to the invention may in principle be used for providing access and enabling both local and remote control of any type of controllable device.
  • a method according to the invention may in principle be used for providing access and enabling both local and remote control of any type of controllable device.
  • a non-limiting example of a controllable device would be an loT device or loT enabled device, such as but not limited to a thermostat, a curtain controller, a window controller, an audio system, a HIFI-system, a door lock, a kitchen utensil, domestic appliances, etc.
  • the system according to the invention may be a system for providing access to a controllable device, such as to enable controlling the at least one controllable device, the system comprising a central communication device (2), a remote control device (3) and an authentication service (4), where the remote control device 2 is configured to:
  • send the authentication token to the central communication device, where the central communication device 3 is configured to:
  • add an identification 10 to the authentication token, and ⁇ send the authentication token and added identification to the authentication service, with a request 11 for verification of whether the authentication token has the central communication device linked to it and whether an application on the remote control device identified by the authentication token has received access rights from the user account, and where the authentication service 4 is configured to:
  • if the request for verification is to be answered in the affirmative, sending a reply 12 to the central communication device confirming verification, the reply comprising application metadata 13 for one or more of providing access to the at least one controllable device and enabling controlling the at least one controllable device, and
  • the authentication token 6 may comprise information regarding a user account and the application.
  • the authentication token 6 may include an application ID.
  • the authentication token 6 may further include a user ID.
  • the central communication device 3 may be configured to proceed to process a controllable device control request 14 received from the remote control device.
  • the central communication device 3 may be configured to proceed to process the controllable device control request 14 received from the remote control device by checking whether it has a local access token for an application identified in the application metadata 13, and, if required, create the local access token, or to proceed to process the controllable device control request 14 received from the remote control device by directly using the application metadata 13.
  • the central communication device 3 may be configured to maintain a cache 5 of authentication tokens 6 used within a period of time preceding the receipt of the authentication token by the central communication device.
  • the cache 5 may be updated by the authentication service 4 when a new authentication token is sent to the remote control device.
  • the remote control device 2 may be configured to act as a proxy for routing the request for verification 10 from the central communication device to the authentication service.
  • the authentication token 6 may be configured to be valid for a predetermined period of time, wherein the predetermined period of time is a predetermined number of days or weeks.
  • the application metadata 13 comprises one or more of an application identifier and a name.
  • Such a system for providing access to a controllable device may further comprise any one or more of the further features described herein in relation to systems 100 for providing access to lighting devices 1.
  • the method according to the invention may be a method for providing access to a plurality of controllable devices such as to enable controlling at least one controllable device of the plurality of controllable devices, using a system comprising a central communication device 3, a remote control device 2 and an authentication service 4, the method comprising the steps of by the remote control device 2:
  • the method may comprise the further step of by the central communication device proceeding to process 304 a controllable device control request 14 received from the remote control device.
  • the central communication device 3 may proceed to process the controllable device control request 14 received from the remote control device by any one of checking whether it has a local access token for an application identified in the application metadata 13, and, if required, creating the local access token, and directly using the application metadata 13.
  • Such a method for providing access to a controllable device may further comprise any one or more of the further features described herein in relation to methods for providing access to lighting devices 1.

Abstract

A system (100) for providing access to at least one lighting device (1) such as to enable controlling the at least one lighting device (1), the system (100) comprising a central communication device (2), a remote control device (3) and an authentication service (4), the remote control device (2) being configured to request and receive an authentication token (6) from the authentication service (4), and send the authentication token (6) to the central communication device (3), the central communication device (3) being configured to receive the authentication token (6) from the remote control device (2), add an identification (10) to the authentication token (6), and send the authentication token (6) and identification (10) to the authentication service (4), with a request (11) for verification of whether the authentication token (6) has the central communication device (3) linked to it and whether an application identified by the authentication token (6) has received access rights from the user account, and the authentication service (4) being configured to receive the request for verification (11) from the central communication device (3), if the request for verification is to be answered in the affirmative, sending a reply (12) to the central communication device (3) confirming verification, the reply comprising application metadata (13) for one or more of providing access to the at least one lighting device (1) and enabling controlling the at least one lighting device (1), and if the request for verification is to be answered in the negative, sending a reply to the central communication device (3) declining verification.

Description

A lighting device access and control system
FIELD OF THE INVENTION
The invention relates to a system for providing access to at least one lighting device such as to enable controlling the at least one lighting device, the system comprising a central communication device, a remote control device and an authentication service.
BACKGROUND OF THE INVENTION
Such systems for controlling lighting devices are well known in the art. One example is Signify’ s Hue system. The Hue system is unique in that it can be controlled on a local network (i.e. without using Cloud services) as well as from services on the internet (e.g. voice assistants and out-of-home access) via Cloud services. Other similar systems tend to route all traffic though the Cloud, including traffic from apps on local phones. The Hue system uses two different mechanisms: one for local and another one for remote access. The local mechanism authorizes clients (in-home mobile apps) to access a specific bridge. The remote access mechanism authorizes clients (out-of-home mobile apps, cloud services) to access bridges linked to a user’s account.
US 2020077476 Al discloses a system for controlling lighting devices which includes a processor in communi ca-ti on with a portable electronic device. The processor is configured to receive geolo-cation data corresponding to an electronic device, and identify one or more light-enabled facilities that are within a distance range of the electronic device. Each of the light-enabled facilities comprises a controller that is communicatively coupled to one or more lighting devices in a network of lighting devices. The system is further configured to receive a light operation request comprising a selected one of the light-enabled facilities and a scene from the electronic device, and transmit the light oper-ation request to cause the controller to activate at least one lighting device at the se-lected light enabled facility according to the scene to the controller at the selected light-enabled facility.
WO 2016/048795 Al discloses a routing device capable of performing application layer data caching. The techniques described can be used to perform analysis of the underlying application data in the network traffic transiting though a routing device in order to determine if the data is to be cached. Criteria can include the number of previous requests for the same data within a time interval, possibly collected from a group of routing devices. The data may also be cached in a distributed way on several routing devices. The routing device may also analyze data sent across secure connections. However, in this solution the routing device is always present in the communication, including in the communication between the client device and the application data host.
It is desired to provide a system for controlling a plurality of lighting devices with a simplified authentication for clients and which removes the dependency on a separate local authorization key.
It is further desired to provide a system for controlling a plurality of lighting devices with an improved security for users with respect to newly authorized apps, and with which the ability for local only authentication is kept.
SUMMARY OF THE INVENTION
It is an object of the present invention to overcome this problem, and to provide a system for controlling a plurality of lighting devices of the type mentioned by way of introduction with a simplified authentication for clients and which removes the dependency on a separate local authorization key.
It is a further object of the present invention to provide a system for controlling a plurality of lighting devices with an improved security for users with respect to newly authorized apps, and with which the ability for local only authentication is kept.
According to a first aspect of the invention, this and other objects are achieved by means of a system for providing access to at least one lighting device such as to enable controlling the at least one lighting device, the system comprising a central communication device, a remote control device and an authentication service, where the remote control device is configured to request and receive an authentication token from the authentication service, and send the authentication token to the central communication device, where the central communication device is configured to receive the authentication token from the remote control device, add an identification of the central communication device to the authentication token, and send the authentication token and added identification to the authentication service, with a request for verification of whether the authentication token has the central communication device linked to it and whether an application on the remote control device identified by the authentication token has received access rights from the user account, and where the authentication service is configured to receive the request for verification from the central communication device, verify, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it, verify whether an application on the remote control device identified by the authentication token has received access rights from the user account, if the request for verification is to be answered in the affirmative, sending a reply to the central communication device confirming verification, the reply comprising application metadata for one or more of providing access to the at least one lighting device and enabling controlling the at least one lighting device, and if the request for verification is to be answered in the negative, sending a reply to the central communication device declining verification.
Thereby, and especially by providing that the central communication device verifies the authentication token received from the remote control device and to that end adds an identification to the authentication token, it is ensured that the communication flow between the central communication device, the remote control device and the authentication service is always direct between the two relevant entities. Thereby, a system for controlling at least one lighting device is provided with a simplified authentication for clients and with which only one authentication key is needed and with which the dependency on a separate local authorization key is thus removed.
Furthermore, such a system for controlling lighting devices is provided with an improved security for users with respect to newly authorized apps, and with which the ability for local only authentication is kept. Particularly, such a system for controlling lighting devices allows for a central revocation, system wide or user account wide, for users.
In this way the system becomes more attractive for developers, and less cumbersome to use for users.
In an embodiment, the authentication token comprises information regarding a user account and an application.
Thereby, the authentication token identifies a user and an application, such as an application run by the remote control device, in a particularly simple and secure manner. In an embodiment, the authentication token includes an application ID.
Thereby, the authentication token identifies the application run by the remote control device in a particularly simple and secure manner.
In an embodiment, the authentication token further includes a user ID. Thereby, the authentication token further identifies a user of the remote control device or of the application in a particularly simple and secure manner. In an embodiment, if the central communication device receives a reply from the authentication device confirming verification, the central communication device is configured to proceed to process a lighting device control request received from the remote control device.
Thereby a system is provided which obtains the above-mentioned advantages while also enables controlling the at least one lighting device in a particularly simple and straight forward manner.
In an embodiment, the central communication device is configured to proceed to process the lighting device control request received from the remote control device by checking whether it has a local access token for an application identified in the application metadata, and, if required, create the local access token.
Thereby a simplified implementation of the system according to the invention is provided for.
In an embodiment, the central communication device is configured to proceed to process the lighting device control request received from the remote control device by directly using the application metadata.
Thereby a further simplified implementation of the system according to the invention is provided for.
In an embodiment, the central communication device is configured to maintain a cache of authentication tokens used within a period of time preceding the receipt of the authentication token by the central communication device, for instance preceding the latest receipt of an authentication token by the central communication device.
Thereby, the higher latencies associated with checking authentication tokens from the central communication device to the authentication device may be minimized or altogether avoided.
In an embodiment, the cache is updated by the authentication service when a new authentication token is sent to the remote control device.
Thereby, the higher latencies associated with checking authentication tokens from the central communication device to the authentication device may be minimized or altogether avoided in a particularly simple manner.
In an embodiment, the remote control device is configured to act as a proxy for routing the request for verification from the central communication device to the authentication service. Thereby a system is provided which also is fully operational even in case the central communication device device has no connection to the internet for a short period of time (e.g. due to rebooting a modem providing the internet access) or for extended periods of time (e.g. due to the modem being turned off, for instance to save costs, or due to the internet provider being down), since the central communication device may then still be able to verify the bearer of the authentication token with the authentication device.
In an embodiment, the remote control device serves as the proxy for the request of the central communication device either through universal links redirects or with a service callout and response to the request of the central communication device.
Thereby, the remote control device is configured to act as a proxy in a particularly simple manner.
In an embodiment, the authentication token is configured to be valid for a predetermined period of time. The predetermined period of time may be a predetermined number of days or weeks.
Thereby, it is ensured that authentication tokens no longer being used cease to be valid. This in turn both enhances the security of the system and ensures proper updating of the cache maintained by the authentication service such that the memory space taken up by the cache may be optimized in a simple and straight forward manner.
In an embodiment, the application metadata comprises one or more of an application identifier and a name.
Thereby, the application metadata is configured for one or more of providing access to the at least one lighting device and enabling controlling the at least one lighting device in a particularly simple manner.
In an embodiment, the remote control device is located locally.
In an embodiment, the remote control device is located in the same environment or on the same wireless network as the at least one lighting device.
In an embodiment, the remote control device is located remote from the environment in which the lighting device is located.
In an embodiment, the remote control device has access to and is accessible via the internet.
In an embodiment, the central communication device is located locally.
In an embodiment, the central communication device is located in the same environment or on the same wireless network as the at least one lighting device.
In an embodiment, the authentication device is a cloud service. In an embodiment, the authentication device is comprised in a cloud service. In an embodiment, the authentication device is a central computer or a server. In an embodiment, the authentication device is located remote from the environment in which the central communication device and the lighting device is located.
In an embodiment, the authentication device is run on a remote server or a cloud server.
In an embodiment, the authentication device is accessible via the internet.
In a second aspect of the invention, the above and other advantages are achieved by a method for providing access to a plurality of lighting devices such as to enable controlling at least one lighting device of the plurality of lighting devices, using a system comprising a central communication device, a remote control device and an authentication service, the method comprising the steps of by the remote control device requesting and receiving an authentication token from the authentication service, and sending the authentication token to the central communication device, by the central communication device receiving the authentication token from the remote control device, adding an identification of the central communication device to the authentication token, and sending the authentication token and the added identification to the authentication service, with a request for verification of whether the authentication token has the central communication device connected to it and whether the application has received access rights from the user account, and by the authentication service receiving the request for verification from the central communication device, verifying, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it, verifying whether an application on the remote control device identified by the authentication token has received access rights from the user account, if the request for verification is to be answered in the affirmative, sending a reply to the central communication device confirming verification, the reply comprising application metadata for one or more of providing access to the at least one lighting device and enabling controlling the at least one lighting device, and if the request for verification is to be answered in the negative, sending a reply to the central communication device declining verification.
In an embodiment, if the central communication device receives a reply from the authentication device confirming verification, the central communication device proceeds to process a lighting device control request received from the remote control device.
In an embodiment, the central communication device proceeds to process the lighting device control request received from the remote control device by checking whether it has a local access token for an application identified in the application metadata, and, if required, creating the local access token.
In an embodiment, the central communication device proceeds to process the lighting device control request received from the remote control device by directly using the application metadata.
It is noted that the invention relates to all possible combinations of features recited in the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
This and other aspects of the present invention will now be described in more detail, with reference to the appended drawings showing embodiment(s) of the invention.
Fig. 1 schematically shows a system for controlling at least one lighting device.
Fig. 2 schematically shows the system according to Fig. 1 in more detail.
Fig. 3 shows a flow diagram illustrating the flow of communication between the components of the system according to Fig. 1 or 2.
Figs. 4 and 5 shows a flow diagram illustrating embodiments of the process Like reference numerals refer to like elements throughout.
DETAILED DESCRIPTION
The present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which currently preferred embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided for thoroughness and completeness, and fully convey the scope of the invention to the skilled person.
Fig. 1 schematically shows a system 100 for controlling a lighting device 1. The system 100 comprises a remote control device 2, a central communication device 3 and an authentication service 4.
The system may comprise any feasible number of lighting devices 1, such as one lighting device 1, one or more lighting devices 1 or a plurality of lighting devices 1, say 3, 4, 6, 10 or 20 lighting devices 1.
The remote control device 2 may be any suitable remote control device such as a remote control, a computer, a tablet computer, a mobile telephone or an loT device. The remote control device 2 may be located locally, and more specifically in the same environment as the lighting device 1. For instance, the lighting device 1 and the central communication device 3 are typically connected via a Zigbee network, while the remote control device 2 and the central communication device 3 are typically connected via an IP network, such that the lighting device 1 and the remote control device 2 are on different networks even if they may well be physically next to each other in the same room. Alternatively, the remote control device 2 may be located locally, and more specifically in on the same wireless network (e.g. a Zigbee network or an IP network) as the lighting device 1. In yet another alternative, the remote control device 2 may be located remote from the environment in which the lighting device 1 is located. The remote control device 2 has access to and is accessible via the internet. The remote control device 2 may also be a cloud based device or a cloud based voice device, such as Amazon Alexa, or the like.
The remote control device 2 may be a portable device, which can be used remotely and locally by a user for controlling the lighting devices 1.
The central communication device 3 may be any suitable central communication device, such as a bridge. The central communication device 3 is located locally, and more specifically in the same environment or on the same wireless network as the lighting device 1. The central communication device 3 has access to and is accessible via the internet.
The authentication device 4 may be a cloud service. Alternatively, the authentication device 4 may be comprised in a cloud service. It is also feasible that the authentication device 4 may be a central computer such as a server. The authentication device 4 is in any event run on a remote server or a cloud server, i.e. remote from the environment in which the central communication device 3 and the lighting device 1 is located. The authentication device 4 is accessible via the internet.
The arrows 21-23 and 31-33 on Fig. 1 illustrate the communication flows in the system 100. Generally, the remote control device 2 may transmit information to (arrow 21) and receive information from (arrow 22) the authentication device 4. Generally, the central communication device 3 may receive information from (arrow 23) the remote control device 2 as well as transmit information to (arrow 31) and receive information from (arrow 32) the authentication device 4. The central communication device 3 may also transmit information to (arrow 33) the at least one lighting device 1. The authentication device 4 may transmit information to (arrow 22) and receive information from (arrow 21) the remote control device 2 as well as transmit information to (arrow 32) and receive information from (arrow 31) the central communication device 3. The details of the information flow will now be described in more detail with reference also to Figs. 2 and 3.
Fig. 2 shows the system 100 according to Fig. 1 in more detail. Further reference is made to Fig. 3, which shows a flow diagram illustrating the flow of communication between the remote control device 2, the central communication device 3 and the authentication service 4 of the system 100 for controlling a lighting device 1.
Generally, and irrespective of the embodiment, the remote control device 2 is configured to request 201 an authentication token 6 from the authentication service 4, receive 202 the authentication token 6 from the authentication service 4, and send 203 the authentication token 6 to the central communication device.
Generally, the authentication token 6 comprises information 7 regarding a user account and/or information 8 regarding an application desiring access to the central communication device 3 such as to enable sending a request 14 for controlling the lighting device 1 to the central communication device 3, and via central communication device 3 to the lighting device 1. The application is typically, although not limited to, an application on the remote control device 2. The authentication token 6 may include an application ID. The authentication token 6 may further include a user ID. The authentication token 6 may be any suitable type of authentication token or access token, such as e.g. a standard so-called oAuth token. The authentication token 6 may be configured to be either permanently valid or valid until it has been used for its intended purpose. The authentication token 6 may also be configured to be valid for a predetermined period of time. The predetermined period of time may be a predetermined number of days or weeks.
Generally, and irrespective of the embodiment, the central communication device 3 is configured to receive 301 the authentication token 6 from the remote control device 2, add 302 an identification 10 of the central communication device to the authentication token, and send 303 the authentication token 6 and added identification 10 to the authentication service 4 together with a request 11 for verification of whether the authentication token 6 has the central communication device 3 linked to it and whether the application has received access rights from the user account. The identification 10 may be an identification of the central communication device 3.
Generally, the authentication service 4 is configured to receive 401 the authentication token 6 and added identification 10 together with the request 11 from the central communication device 3. The authentication service 4 is configured to verify, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it, and to verify whether an application on the remote control device identified by the authentication token has received access rights from the user account. The user account may be stored in a memory, for instance located at the authentication service 4, accessible by the authentication service 4.
If the request for verification is to be answered in the negative, the authentication service 4 then sends 403 a reply to the central communication device 3 declining verification. The remote control device 2 is then denied access to the central communication device 3. In other words, the central communication device 3 declines carrying out any orders or requests from the remote control device 2.
If the request for verification is to be answered in the affirmative, the authentication service 4 then sends 402 a reply 12 to the central communication device 3 confirming verification, the reply comprising application metadata 13. The application metadata 13 comprises data for at least one or more of providing access to the at least one lighting device 1 and enabling controlling the at least one lighting device 1. The application metadata 13 may comprise at least one of an application identifier and a name.
The central communication device 3 may then proceed to process 304 lighting device control requests 14 received from the remote control device. The lighting device control requests 14 comprises a request to control the lighting device(s) 1 of the system 100 in a desired manner.
As illustrated in Fig. 4, the central communication device 3 may for instance proceed to process a lighting device control request 14 received from the remote control device 2 by checking 3041 whether it has a local access token for an application identified in the application metadata 13, and, if required, creating 3042 the local access token.
Alternatively, or additionally, and as illustrated in Fig. 5, the central communication device 3 may for instance proceed to process a lighting device control request 14 received from the remote control device 2 by directly using 3043 the application metadata 13.
The central communication device 3 then sends the lighting device control request 14 to the lighting device 1 to be controlled. The lighting device control request 14 may for instance comprise a request to dim the lighting device 1, to brighten the lighting device 1, to turn the lighting device 1 off, to turn the lighting device 1 on or to operate the lighting device 1 in a defined pattern.
Referring to Fig. 2, the central communication device 3 may be configured to maintain a cache 5 of authentication tokens 6 used within a period of time preceding the receipt of the authentication token 6 by the central communication device 3. The period of time preceding the receipt of the authentication token 6 by the central communication device 3 may for instance be chosen to be a number of hours, days or weeks. The cache 5 may further be updated by the authentication service 4 when a new authentication token 6 is sent to the remote control device 2.
In cases where the central communication device 3 does not have access to the internet, the remote control device 2 may still have such access. Then it is feasible that the remote control device 2 may be configured to act as a proxy for routing the authentication token 6 and added identification 10 together with a request 11 for verification of whether the authentication token 6 has the central communication device 3 linked to it and whether the application has received access rights from the user account when sent from the central communication device 3 to the authentication service 4.
Although the present description is limited to systems 100 for providing access to lighting devices 1 specifically, a system 100 according to the invention may in principle be used for providing access and enabling both local and remote control of any type of controllable device. Likewise, although the present description is limited to methods for providing access to lighting devices 1 specifically, a method according to the invention may in principle be used for providing access and enabling both local and remote control of any type of controllable device. In this context, a non-limiting example of a controllable device would be an loT device or loT enabled device, such as but not limited to a thermostat, a curtain controller, a window controller, an audio system, a HIFI-system, a door lock, a kitchen utensil, domestic appliances, etc.
Thus, the system according to the invention may be a system for providing access to a controllable device, such as to enable controlling the at least one controllable device, the system comprising a central communication device (2), a remote control device (3) and an authentication service (4), where the remote control device 2 is configured to:
■ request and receive an authentication token 6 from the authentication service, and
■ send the authentication token to the central communication device, where the central communication device 3 is configured to:
■ receive the authentication token 6 from the remote control device,
■ add an identification 10 to the authentication token, and ■ send the authentication token and added identification to the authentication service, with a request 11 for verification of whether the authentication token has the central communication device linked to it and whether an application on the remote control device identified by the authentication token has received access rights from the user account, and where the authentication service 4 is configured to:
■ receive the request for verification 11 from the central communication device,
■ if the request for verification is to be answered in the affirmative, sending a reply 12 to the central communication device confirming verification, the reply comprising application metadata 13 for one or more of providing access to the at least one controllable device and enabling controlling the at least one controllable device, and
■ if the request for verification is to be answered in the negative, sending a reply to the central communication device declining verification.
The authentication token 6 may comprise information regarding a user account and the application. The authentication token 6 may include an application ID. The authentication token 6 may further include a user ID.
If the central communication device 3 receives a reply from the authentication device confirming verification, the central communication device 3 may be configured to proceed to process a controllable device control request 14 received from the remote control device.
The central communication device 3 may be configured to proceed to process the controllable device control request 14 received from the remote control device by checking whether it has a local access token for an application identified in the application metadata 13, and, if required, create the local access token, or to proceed to process the controllable device control request 14 received from the remote control device by directly using the application metadata 13.
The central communication device 3 may be configured to maintain a cache 5 of authentication tokens 6 used within a period of time preceding the receipt of the authentication token by the central communication device. The cache 5 may be updated by the authentication service 4 when a new authentication token is sent to the remote control device. The remote control device 2 may be configured to act as a proxy for routing the request for verification 10 from the central communication device to the authentication service. The authentication token 6 may be configured to be valid for a predetermined period of time, wherein the predetermined period of time is a predetermined number of days or weeks. The application metadata 13 comprises one or more of an application identifier and a name.
Such a system for providing access to a controllable device may further comprise any one or more of the further features described herein in relation to systems 100 for providing access to lighting devices 1.
Likewise, the method according to the invention may be a method for providing access to a plurality of controllable devices such as to enable controlling at least one controllable device of the plurality of controllable devices, using a system comprising a central communication device 3, a remote control device 2 and an authentication service 4, the method comprising the steps of by the remote control device 2:
■ requesting 210 and receiving 220 an authentication token from the authentication service, and
■ sending 230 the authentication token to the central communication device, by the central communication device 3 :
■ receiving 301 the authentication token from the remote control device,
■ adding 302 an identification to the authentication token, and
■ sending 303 the authentication token and the added identification to the authentication service, with a request for verification of whether the authentication token has the central communication device connected to it and whether the application has received access rights from the user account, and by the authentication service 4:
■ receiving 401 the request for verification from the central communication device,
■ verifying, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it, ■ verifying whether an application on the remote control device identified by the authentication token has received access rights from the user account,
■ if the request for verification is to be answered in the affirmative, sending 402 a reply to the central communication device confirming verification, the reply comprising application metadata for one or more of providing access to the at least one controllable device and enabling controlling the at least one controllable device, and
■ if the request for verification is to be answered in the negative, sending 403 a reply to the central communication device declining verification.
If the central communication device 3 receives a reply 12 from the authentication device confirming verification, the method may comprise the further step of by the central communication device proceeding to process 304 a controllable device control request 14 received from the remote control device.
The central communication device 3 may proceed to process the controllable device control request 14 received from the remote control device by any one of checking whether it has a local access token for an application identified in the application metadata 13, and, if required, creating the local access token, and directly using the application metadata 13.
Such a method for providing access to a controllable device may further comprise any one or more of the further features described herein in relation to methods for providing access to lighting devices 1.
The person skilled in the art realizes that the present invention by no means is limited to the preferred embodiments described above. On the contrary, many modifications and variations are possible within the scope of the appended claims.
Additionally, variations to the disclosed embodiments can be understood and effected by the skilled person in practicing the claimed invention, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the indefinite article "a" or "an" does not exclude a plurality. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measured cannot be used to advantage.

Claims

CLAIMS:
1. A system (100) for providing access to at least one lighting device (1) such as to enable controlling the at least one lighting device, the system comprising: a central communication device (3), a remote control device (2) and an authentication service (4), wherein the remote control device (2) is configured to:
■ request and receive an authentication token (6) from the authentication service, and
■ send the authentication token to the central communication device, wherein the central communication device (3) is configured to:
■ receive the authentication token (6) from the remote control device,
■ add an identification (10) of the central communication device (3) to the authentication token, and
■ send the authentication token and the added identification to the authentication service, with a request (11) for verification of whether the authentication token has the central communication device linked to it and whether an application on the remote control device identified by the authentication token has received access rights from a user account, and wherein the authentication service (4) is configured to:
■ receive the request for verification (11) from the central communication device,
■ verify, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it,
■ verify whether an application on the remote control device identified by the authentication token has received access rights from the user account, ■ if the request for verification is to be answered in the affirmative, sending a reply (12) to the central communication device confirming verification, the reply comprising application metadata (13) for one or more of providing access to the at least one lighting device and enabling controlling the at least one lighting device, and
■ if the request for verification is to be answered in the negative, sending a reply to the central communication device declining verification.
2. A system according to claim 1, wherein the authentication token (6) comprises information regarding a user account and the application.
3. A system according to any one of the above claims, wherein the authentication token (6) includes an application ID.
4. A system according to any one of the above claims, wherein the authentication token (6) further includes a user ID.
5. A system according to any one of the above claims, wherein, if the central communication device (3) receives a reply from the authentication device confirming verification, the central communication device (3) is configured to proceed to process a lighting device control request (14) received from the remote control device.
6. A system according to claim 5, wherein the central communication device (3) is configured to proceed to process the lighting device control request (14) received from the remote control device by checking whether it has a local access token for an application identified in the application metadata (13), and, if required, create the local access token.
7. A system according to claim 5, wherein the central communication device (3) is configured to proceed to process the lighting device control request (14) received from the remote control device by directly using the application metadata (13).
8. A system according to any one of the above claims, wherein the central communication device (3) is configured to maintain a cache (5) of authentication tokens (6) 17 used within a period of time preceding the receipt of the authentication token by the central communication device.
9. A system according to claim 8, wherein the cache (5) is updated by the authentication service (4) when a new authentication token is sent to the remote control device.
10. A system according to any one of the above claims, wherein the remote control device (2) is configured to act as a proxy for routing the request for verification (10) from the central communication device to the authentication service.
11. A system according to any one of the above claims, wherein the authentication token (6) is configured to be valid for a predetermined period of time, wherein the predetermined period of time is a predetermined number of days or weeks.
12. A system according to any one of the above claims, wherein the application metadata (13) comprises one or more of an application identifier and a name.
13. A method for providing access to a plurality of lighting devices (1) such as to enable controlling at least one lighting device of the plurality of lighting devices, using a system comprising a central communication device (3), a remote control device (2) and an authentication service (4), the method comprising the steps of: by the remote control device (2):
■ requesting (210) and receiving (220) an authentication token from the authentication service, and
■ sending (230) the authentication token to the central communication device, by the central communication device (3):
■ receiving (301) the authentication token from the remote control device,
■ adding (302) an identification of the central communication device (3) to the authentication token, and
■ sending (303) the authentication token and the added identification to the authentication service, with a request for verification of whether 18 the authentication token has the central communication device connected to it and whether the application has received access rights from a user account, and by the authentication service (4):
■ receiving (401) the request for verification from the central communication device,
■ verifying, based on the identification of the central communication device, whether the authentication token has the central communication device linked to it,
■ verifying whether an application on the remote control device identified by the authentication token has received access rights from the user account,
■ if the request for verification is to be answered in the affirmative, sending (402) a reply to the central communication device confirming verification, the reply comprising application metadata for one or more of providing access to the at least one lighting device and enabling controlling the at least one lighting device, and
■ if the request for verification is to be answered in the negative, sending (403) a reply to the central communication device declining verification.
14. A method according to claim 13, wherein, if the central communication device (3) receives a reply (12) from the authentication device confirming verification, by the central communication device proceeding to process (304) a lighting device control request (14) received from the remote control device.
15. A method according to claim 14, wherein the central communication device (3) proceeds to process the lighting device control request (14) received from the remote control device by any one of: checking whether it has a local access token for an application identified in the application metadata (13), and, if required, creating the local access token, and directly using the application metadata (13).
PCT/EP2022/087683 2022-01-10 2022-12-23 A lighting device access and control system WO2023131552A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP22150633.0 2022-01-10
EP22150633 2022-01-10

Publications (1)

Publication Number Publication Date
WO2023131552A1 true WO2023131552A1 (en) 2023-07-13

Family

ID=80113265

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2022/087683 WO2023131552A1 (en) 2022-01-10 2022-12-23 A lighting device access and control system

Country Status (1)

Country Link
WO (1) WO2023131552A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016048795A1 (en) 2014-09-22 2016-03-31 Belkin International, Inc. Routing device data caching
US20160338170A1 (en) * 2015-05-11 2016-11-17 Lumenetix, Inc. Secure mobile lighting control system
US20200077476A1 (en) 2017-10-17 2020-03-05 Eaton Intelligent Power Limited Method and system for controlling functionality of lighting devices from a portable electronic device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016048795A1 (en) 2014-09-22 2016-03-31 Belkin International, Inc. Routing device data caching
US20160338170A1 (en) * 2015-05-11 2016-11-17 Lumenetix, Inc. Secure mobile lighting control system
US20200077476A1 (en) 2017-10-17 2020-03-05 Eaton Intelligent Power Limited Method and system for controlling functionality of lighting devices from a portable electronic device

Similar Documents

Publication Publication Date Title
US10673985B2 (en) Router-host logging
US9608814B2 (en) System and method for centralized key distribution
JP6198477B2 (en) Authority transfer system, authorization server system, control method, and program
US20130006400A1 (en) Communicating Through a Server Between Appliances and Applications
JP5702900B1 (en) System and method for access assessment evaluation of building automation and control systems
US20160255123A1 (en) Method and apparatus for providing a data feed for internet of things
US20060259762A1 (en) E-mail server device and certificate management method of the e-mail server device
JP2005536801A (en) Remote storage and joint use of peer-to-peer data
CN104054321A (en) Security management for cloud services
CN111742531B (en) Profile information sharing
CN111177695A (en) Intelligent household equipment access control method based on block chain
KR20140074570A (en) Method and Apparatus for Management Accessibility in Home Network System
US10922629B2 (en) Methods for managing remote access to a physical location and systems thereof
US11627171B2 (en) Voice calling with a connected device
Kim et al. Trustworthy gateway system providing IoT trust domain of smart home
JP2020177537A (en) Authentication/authorization server, client, service providing system, access management method, and program
US11405398B2 (en) Information processing apparatus, information processing system, and information processing method
JP2006227802A (en) Application service providing system, service management device, home gateway, and access control method
JP2016148919A (en) User attribute information management system and user attribute information management method
WO2023131552A1 (en) A lighting device access and control system
KR20070009490A (en) System and method for authenticating a user based on the internet protocol address
US20030018703A1 (en) Smart appliance network system and communication protocol
JP2022070222A (en) Computer-implemented methods, device provisioning systems and computer programs (internet-of-things device provisioning)
JP2009187321A (en) Service providing system, service providing method, and service providing program
US11263711B2 (en) Revocable certificates for guestroom access and guestroom controls by mobile devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22838886

Country of ref document: EP

Kind code of ref document: A1