Note : Les descriptions sont présentées dans la langue officielle dans laquelle elles ont été soumises.
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
MOBILE IDENTITY PROVIDER WITH TWO FACTOR
AUTHENTICATION
1. Field of the Invention.
100011 This application relates to the field of building systems and,
more
particularly, to interfaces for modification of parameters used in a building
automation system.
2. Related Applications.
100021 This application is a continuation-in-part of =United States
Patent
Application 13/218,132, titled SYNERGISTIC INTERFACE SYSTEM FOR A
BUILDING NETWORK, by Chris Casilli, filed on August 25, 2011, and a
continuation-in-part of United States Patent Application 13/890,797, titled
INTERFACE FOR ADJUSTMENT OF PORTIONS OF A BUILDING
AUTOMATION SYSTEM by Chris Casilli, filed on May 9, 2013, all of which are
incorporated by reference in its entirety.
3. Background.
100031 Building automation systems encompass a wide variety of systems
that
aid in the monitoring and control of various aspects of building operation.
Building
automation systems (which may also be referred to herein as "building control
systems") include security systems, fire safety systems, lighting systems, and
heating,
ventilation, and air conditioning ("HVAC") systems. Lighting systems and HVAC
systems are sometimes referred to as "environm.ental control systems" because
these
systems control the environmental conditions within the building. A single
facility
may include multiple building automation systems (e.g., a security system, a
fire
system and an environmental control system). Multiple building automation
systems
may be arranged separately from one another or as a single system with a
plurality of
subsystems that are controlled by a common control station or server. The
common
control station or server may be contained within the building or remote from
the
building, depending upon the implementation.
100041 The elements of a building automation system may be widely
dispersed throughout a =facility or campus. For example, an HVAC system
includes
temperature sensors and ventilation damper controls as well as other elements
that are
located in virtually every area of a facility or campus. Similarly, a security
system
1
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
may have intrusion detection, motion sensors and alarm actuators dispersed
throughout an entire building or campus. Likewise, fire safety systems include
smoke
alarms and pull stations dispersed throughout the facility or campus. The
different
areas of a building automation system may have different environmental
settings
based upon the use and personal likes of people in those areas, such as
offices and
conference rooms.
100051 Building automation systems typically have one or more centralized
control stations in which data from the system may be monitored, and in which
various aspects of system operation may be controll.ed and/or monitored. The
control
station typically includes a computer or server having processing equipment,
data
storage equipment, and a user interface. To all.ow for monitoring and control
of the
dispersed control system elements, building automation systems often employ
multi-
level communication networks to communicate operational and/or alarm
information
between operating elem.ents, such as sensors and actuators, and the
centralized control
station.
100061 One example of a building automation system. control station is
the
Apogee Insight Workstation, available from Siemens Industry, Inc., Building
Technologies Division, of Buffalo Grove, II., ("Siemens"), which may be used
with
the Apogee building automation system, also available from Siemens. In this
system., severai control stations connected via an Ethernet or another type of
network
may be distributed throughout one or more building locations, each having the
ability
to monitor and controi system. operation.
100071 The typical building automation system (including those utilizing
the
Apogee Insight Workstation) has a plurality of field panels that are in
communication with the central control station. While the central control
station is
generally used to make modifications and/or changes to one or more of the
various
components of the building automation system, a field panel may also be
operative to
allow certain modifications and/or changes to one or more parameters of the
system.
This typi.call.y includes changes to parameters such as temperature and
lighting, and/or
similar parameters.
100081 The central control station and field panels are in communication
with
various field devices, otherwise known as "points". Field devices are
typically in
communication with field panels of building automation systems and are
operative to
measure, m.onitor, and/or control various building automation system
parameters.
2
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
Example field devices include lights, thermostats, damper actuators, alarms,
HVAC
devices, sprinkler systems, speakers, door locks, and numerous other field
devices as
will be recognized by those of skill in the art. These field devices receive
control
signals from the central control station and/or field panels. Accordingly,
building
automation systems are able to control various aspects of building operation
by
controlling the field devices. Large
commercial and industrial facilities have
numerous field devices that are used for environmental control purposes. These
field
devices may be referred to herein as "environmental control devices".
100091 As the
environmental settings of the environmental control devices
have traditionally been set using thermostats and switches, limited security
was
available to secure the devices. Known approaches have included covers with
locks
to prevent modification of a thermostat or lights. More recently, wired and
wireless
network approaches have been employed, where networked or smart switches and
thermostats have been accessed and controlled by people to adjust the
environment
they are currently in, such as an office or conference room, via a computer or
wireless
device that communicates with the building data networks.
100101 As user
gain the ability to set and/or modify the setting of a building
automation system, additional security is required. Such security measures in
the past
have included passwords or personal identification numbers. As often happens,
user
record their passwords or use passwords for multiple devices and accounts.
Such use
creates security risk for a building automation system and especially security
systems
which may be part of7a building automation system.
100111 While
existing building automation systems may allow for network
users to securely modify their environment using a data network, this creates
issues
for network security and determining authorized users. What is needed in the
art is an
approach that will address these issues and problems identified above.
SUMMARY
100121 In
accordance with one embodiment of the disclosure, there is
provided a secure approach for accessing building automation and other
systems.
Users set their desired environmental settings using an application executed
by a
processor in a mobile computing device. A user enters in data that is then
digitally
signed to prevent changes in the data. The digitally signed data is then
encrypted.
The encrypted data is then passed to a machine readable code generator. The
machine
3
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
readable code is generated and displayed. That code may then be presented to a
reader that is connected to the building automation system or other system.
The
reader reads the machine readable code and the building automation system
decodes
the machine readable code and accesses the data contained in the machine
readable
code. Additional authentication may also be done by the building automation
system
using the data, such as a pin contained in the machine readable code.
100131 Thus, the machine readable code may be a generated symbolic code,
such as a QR code with multiple layers of security. In addition to
identification
information, additional data may be encoded in to the machine readable code.
That
information may include passwords, public or private encryption keys,
biometric data,
in addition to the actually QR code data being encrypted prior to generation.
100141 The above described features and advantages, as well as others,
will
become more readily apparent to those of ordinary skill in the art by
reference to the
following detailed description and accompanying drawings. While it would be
desirable to provide an interface system for a building network that provides
one or
more of these or other advantageous features, the teachings disclosed herein
extend to
those embodiments which fall within the scope of the appended claims,
regardless of
whether they accomplish one or more of the above-mentioned advantages.
4
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
BRIEF DESCRIPTION OF THE DRAWINGS
100151 FIG. 1 is an exemplary topology diagram for a building automation
system having an environmental control access panel;
100161 FIG. 2 shows an exemplary block diagram of a building automation
system of the building network of FIG. 1;
100171 FIG. 3 shows an exemplary internal block diagram of a field panel
for
the building automation system of FIG. 2;
100181 FIG. 4 shows an exemplary process flow diagram of modification of
a
building automation system using parameters encoded by a mobile device and
read by
the building automation system independent of the network;
100191 FIG. 5 shows an exemplary front view of an environmental control
access panel with display for the building interface system of FIG. 1;
100201 FIG. 6 shows an exemplary internal block diagram of a mobile
computing device for the building interface system of FIG. 1;
100211 FIG. 7 illustrates a top level building synergistic interface
system
(BSIS) graphical user interface appearing on mobile computing device of FIG.
1;
100221 FIG. 8 illustrates a temperature control submenu graphical user
interface that appears on the mobile computing device of FIG. 1;
100231 FIG. 9 illustrates a fan control submenu graphical user interface
that
appears on the mobile computing device of FIG. 1;
100241 FIG. 10 illustrates a lighting control submenu graphical user
interface
that appears on the mobile computing device of FIG. 1;
100251 FIG. 11a illustrates a flow diagram of the process for the BSIS
mobile
application approach in accordance with an example implementation;
100261 FIG. llb continues to illustrate the flow diagram of the process
for the
BSIS mobile application approach in accordance with an example implementation;
100271 FIG. 12 shows an exemplary application of the mobile computing
device with BSIS mobile application displaying a Quick Response (QR) code that
is
read by the environmental access panel;
100281 FIG. 13 depicts a diagram of security layers of a machine readable
code (QR Code) in accordance with an example implementation of the invention.
100291 FIG. 14 depicts the data layer of FIG. 13 having data in
accordance
with and example implementation of the invention;
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
100301 FIG. 15 shows a diagram that depicts the digital signing of the
data of
FIG. 14 in accordance with an example implementation of the invention;
100311 FIG. 16 depicts a diagram of the encryption of the data of FIG. 14
and
digital signature of FIG. 15 in accordance with and example implementation of
the
invention;
100321 FIG. 17 depicts a diagram of encoding the encrypted data of FIG.
16
into a machine readable code is depicted in accordance with an example
implementation of the invention;
100331 FIG. 18 depicts a message flow of decoding the machine readable
code
(secure QR code) in accordance with an example implementation;
100341 FIG. 19 depicts a flow diagram of an approach for the generation
of a
secure machine readable code in accordance with an example implementation of
the
invention; and
100351 FIG. 20 depicts a flow diagram 2000 of an approach for the
decoding
of a secure machine readable code in accordance with an example implementation
of
the invention.
6
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
DESCRIPTION
100361 An example approach for modification of environmental settings is
presented. In the example, a user may modify the environmental settings of a
building automation system via generation of a machine readable code that is
read by
a reader device located in an environmental control access panel.
100371 With reference to FIG. 1, an exemplary topology diagram for a
building automation system approach is shown. 'fhe building wide area network
55
includes a plurality of systems and components in wired or wireless
communication.
The building wide area network 55 generally includes a plurality of building
automation systems 100 and may be accessed via a "building synergistic
interface
system" or "BSIS". The BSIS 200 may be changed by one or more mobile computing
devices 300 that are able to generate a graphical display readable by the BSIS
200 that
may be part of an environmental control access panel 250. The BSIS 200 further
may
include access to a data storage device comprising a building information
database
210 and a user database 220. Software for communicating environmental and
other
data to the BSIS 200 may be stored on both the mobile computing device 300
and/or
the building automation system 100. As will be explained herein, the BSIS 200
enables one or more of the environmental settings in a building automation
system to
be adjusted based on human actions without a network connection between the
mobile
computing device 300 and the BSIS 200.
100381 In the following pages, the general arrangement of an exemplary
building automation system. 100 configured for use with the BSIS 200 is
explained
first. Thereafter, the general arrangement of the environmental control access
panel
250 is explained followed by the general arrangement of the mobile computing
device
300. Overall operation of the BSIS 200 is discussed following the description
of the
building automation system (BAS), environmental access control panel 250, and
the
mobile computing device 300.
100391 Building Automation System
100401 In the example embodiment of FIG. 1, the building automation
system
100 includes a building information database 210, user database 220, closed
circuit
television system 130, a security system 140, a fire alarm system 150, and an
environmental control system 160. In Fig. 2, a system block diagram of an
exemplary
building automation system (BAS) 100 within a building 99 is depicted. The
building
automation system 100 is depicted as a distributed building system that
provides
7
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
control functions for any one of a plurality of building operations, such as
environmental control, security, life or fire safety, industrial control
and/or the like.
An example of a BAS is the Apogee building automation system available from
Siemens Industry, Inc., Building Technologies Division, of Buffalo Grove, IL.
The
Apogee building automation system allows the setting and/or changing of
various
controls of the system, generally as provided below. While a brief description
of an
exemplary BAS is provided in the paragraphs below, it should be appreciated
that the
building automation system 100 described herein is only an exemplary form or
configuration =for a building automation system.
100411 With particular reference to FIG. 2, the building automation
system
100 includes at least one supervisory control system or workstation 102,
client
workstations 103a-103c, report server 104, a plurality of field panels
represented by
field panels 106a and 106b, and a plurality of controllers represented by
controllers
108a-108e. :It will be appreciated, however, that wide varieties of BAS
architectures
may be employed.
100421 Each of the controllers 108a-108e represents one of plurality of
localized, standard building control subsystems, such as space temperature
control
subsystems, lighting control subsystems, or the like. Suitable controllers for
building
control subsystems include, for example, the model TEC (Terminal Equipment
Controller) available from Siemens Industry, Inc., Building Technologies
Division, of
Buffalo Grove, IL. To carry out control of its associated subsystem, each
controller
108a-108e connects to one or more field devices, such as sensors or actuators,
shown
by way of example in FIG. 2 as the sensor 109a is connected to the controller
108a
and the actuator 109b is connected to controller 108b.
100431 Typically, a controller such as the controller 108a affects
control of a
subsystem based on sensed conditions and desired set point conditions. The
controller controls the operation of one or more field devices to attempt to
bring the
sensed condition to the desired set point condition. By way of example,
consider a
temperature control subsystem that is controlled by the controller 108a, where
the
actuator 109b is connected to an air conditioning damper and the sensor 109a
is a
room temperature sensor. If the sensed temperature as provided by the sensor
109a is
not equal to a desired temperature set point, then the controller 108a may
further open
or close the air conditioning damper via actuator 109b to attempt to bring the
temperature closer to the desired set point. lit is noted that in the BAS 100,
sensor,
8
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
actuator and set point information may be shared between controllers 108a-
108e, the
field panels 106a and 106b, the work station 102 and any other elements on or
connected to the BAS 100.
100441 To facilitate the sharing of such information, groups of
subsystems
such as those connected to controllers 108a and 108b are typically organized
into
floor level networks or field level networks ("FLNs") and generally interface
to the
field panel 106a. The FLN data network 110a is a low-level data network that
may
suitably employ any suitable proprietary or open protocol. Subsystems 108c,
108d
and 108e along with the field panel 106b are similarly connected via another
low-
level FLN data network 110b. Again, it should be appreciated that wide
varieties of
FLN architectures may be employed.
100451 The field panels 106a and 106b are also connected via building
level
network ("BLN") 112 to the workstation 102 and the report server 104. The
field
panels 106a and 106b thereby coordinate the communication of data and control
signals between the subsystems 108a-108e and the supervisory computer 102 and
report server 104. In addition, one or more of the field panels 106a, 106b may
themselves be in direct communication with and control field devices, such as
ventilation damper controllers or the like. To this end, as shown in FIG. 2,
the field
panel 106a is operably connected to one or more field devices, shown for
example as
a sensor 109c and an actuator 109d.
100461 The workstation (server in other implementations) 102 provides
overall
control and monitoring of the building automation system 100 and includes a
user
interface. The workstation 102 further operates as a BAS data server that
exchanges
data with various elements of the BAS 100. The BAS data server can also
exchange
data with the report server 104. The BAS data server 102 allows access to the
BAS
system data by various applications. Such applications may be executed on the
workstation 102 or other supervisory computers (not shown).
100471 With continued reference to FIG. 2, the workstation 102 is
operative to
accept modifications, changes, alterations and/or the like from the user. This
is
typically accomplished via a user interface of the workstation 102. The user
interface
may include a keyboard, touchscreen, mouse, or other interface components. The
workstation 102 is operable to, among other things, affect or change
operational data
of the field panels 106a, 106b as well as other components of the BAS 100. The
field
9
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
panels 106a and 106b utilize the data and/or instructions from the workstation
102 to
provide control of their respective controllers.
100481 The workstation 102 is also operative to poll or query the field
panels
106a and 106b for gathering data. The workstation 102 processes the data
received
from the field panels 106a and 106b, including trending data. Information
and/or data
is thus gathered from the field panels 106a and 106b in connection with the
polling,
query or otherwise, which the workstation 102 stores, logs and/or processes
for
various uses. To this end, the field panels 106a and 106b are operative to
accept
modifications, changes, alterations and/or the like from the user.
100491 The workstation 102 also preferably maintains a database
associated
with each field panel 106a and 106b. The database maintains operational and
configuration data for the associated field panel. The report server 104
stores
historical data, trending data, error data, system configuration data,
graphical data and
other BAS system information as appropriate. In at least one embodiment, the
building information database 210 and the user database 220 may be accessed by
the
BSIS 200 via the BAS data server 102. In other embodiments the building
information database 210 and the user database 220 may be stored elsewhere,
such as
field panel 106b.
100501 The management level network (MLN) 113 may connect to other
supervisory computers and/or servers, internet gateways, or other network
gateways
to other external devices, as well as to additional network managers (which in
turn
connect to more subsystems via additional low level data networks). The
workstation
102 may operate as a supervisory computer that uses the MLN 113 to communicate
BAS data to and from other elements on the MLN 113. The MLN 113 may suitably
comprise an Ethernet or similar wired network and may employ TCP/IP, BACnet,
and/or other protocols that support high speed data communications.
100511 FIG. 2 also shows that the BAS 100 may include a field panel 106b
that is shown in FIG. 2 as a housing that holds the building information
database 210,
the user database 220, and the environmental access panel 250 having BSIS 200.
The
mobile computing device 300 is configured for wireless communications with the
BAS 100 via the environmental access panel 250 provided on the field panel
106b.
While the foregoing BSIS members are shown in FIG. 2 as being associated with
one
of the field panels 106b, it will be recognized that in other embodiments
these and
other BSIS members may be differently positioned in or connected to the BAS
100.
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
For example, the building information database 210 and the user database 220
of the
BSIS could be provided on the workstation 102. Alternatively, the building
information database 210 and the user database 220 could be housed separately
from
those components shown in FIG. 2, such as in a separate computer device that
is
coupled to the building level network 112 or other BAS location. Such a
separate
computer device could also be used to store BSIS operational software.
Similarly, the
environmental access panel 250 with BSIS 200 may be housed within the
workstation
102 or within a separate computer device coupled to the building level network
112 of
the BAS.
100521 With reference now to FIG. 3, a block diagram of an exemplary
embodiment of the field panel 106b of FIG. 2 is shown. It should be
appreciated that
the embodiment of the field panel 106b is only an exemplary embodiment of a
field
panel in a BAS 100 coupled to the BSIS 200. As such, the exemplary embodiment
of
the field panel 106b of FIG. 3 is a generic representation of all manners or
configurations of field panels that are operative in the manner set forth
herein.
100531 The field panel 106b of FIG. 3 includes a housing, cabinet or the
like
114 that is configured in a typical manner for a building automation system
field
panel. The field panel 106b includes processing circuitry/logic 122, memory
124, a
power module 126, a user interface 128, an I/0 module 134, a BAS network
communications module 136, and the WiFi server 130.
100541 The processing circuitry/logic 122 is operative, configured and/or
adapted to operate the field panel 106b including the features, functionality,
characteristics and/or the like as described herein. To this end, the
processing
circuitry logic 122 is operably connected to all of the elements of the field
panel 106a
described below. The processing circuitry/logic 122 is typically under the
control of
program instructions or programming software or firmware contained in the
instructions 142 area of memory 124, explained in further detail below. In
addition to
storing the instructions 142, the memory also stores data 152 for use by the
BAS 100
and/or the BSIS 200.
100551 The field panel 106b also includes a power module 126 that is
operative, adapted and/or configured to supply appropriate electricity to the
field
panel 106b (i.e., the various components of the field panel). The power module
126
may operate on standard 120 volt AC electricity, but may alternatively operate
on
other AC voltages or include DC power supplied by a battery or batteries.
11
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
100561 An input/output (1/0) module 134 is also provided in the field
panel
106b. The I/0 module 134 incl.udes one or more input/output circuits that
communicate directly with terminal control system devices such as actuators
and
sensors. Thus, for example, the I/0 module 134 includes analog input circuitry
for
receiving analog sensor signals from the sensor 109a, and includes analog
output
circuitry for providing analog actuator signals to the actuator 109b. The I/0
module
134 typically includes several of such input and output circuits.
100571 The field panel 106b further includes a BAS network communication
m.odul.e 136. The network communication module 136 allows for communication to
the controllers 108c and 108e as well as other components on the FLN 110b, and
furthermore all.ows for communication with the workstation 102, other field
panels
(e.g., field panel 106a) and other components on the BLN 112. To this end, the
BAS
network communication module 136 includes a first port (which may suitably be
a
RS-485 standard port circuit) that is connected to the FLN 110b, and a second
port
(which may also be an RS-485 standard port circuit) that is connected to the
BLN
112.
100581 The field panel 106b may be accessed locally. To facilitate local
access, the field panel 106b includes an interactive user interface 128. Using
user
interface 128, the user may control the collection of data from devices such
as sensor
109a and actuator 109b. The user interface 128 of the field panel. 106b
includes
devices that display data and receive input data. Reception of input data may
include
a code reader device, such as a Quick Response (QR) code reader. These devices
may be devices that are permanently affixed to the field panel 106b or
portable and
moveable. The user interface 128 may also suitably include an LCD type screen
or
the like, and a keypad. The user interface 128 is operative, configured and/or
adapted
to both alter and show information regarding the field panel 106b, such as
status
information, and/or other data pertaining to the operation, function and/or
modifications or changes to the field panel 106b.
100591 As m.entioned above, the memory 124 includes various program.s
that
may be executed by the processing circuitry/logic 122. In particular, the
memory 124
of FIG. 3 includes a BA.S application 144 and a BSIS building application 146.
The
BAS application 144 includes conventional applications configured to control
the
field panel 106b of the BAS 100 in order to control and monitor various field
devices
1.09a-n of the BAS 100. Accordingly, execution of the BAS application 144 by
the
1.2
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
processing circuitry/logic 122 results in control signals being sent to the
field devices
109a-n via the I/0 module 134 of the field panel 106b. Execution of the BAS
application 144 also results in the processor 122 receiving status signals and
other
data signals from various field devices 109a-n, and storage of associated data
in the
memory 124. In one embodiment, the BAS application 144 may be provided by the
Apogee Insight BAS control software commercially available from Siemens
Industry, Inc. or another BAS control software.
100601 In addition to the instructions 142, the memory 124 may also
includes
data 152. The data 152 includes records 154, graphical views 156, a room
database
158, a user database 162, and an equipment database 164. The records 154
include
current and historical data stored by the field panel 106b in association with
control
and operation of the field devices 109a-n. For example, the records 154 may
include
current and historical temperature information in a particular room of the
building 99,
as provided by a thermistor or other temperature sensor within the room. The
records
154 in the memory may also includes various set points and control data for
the field
devices 109, which may be pre-installed in memory 124 or provided by the user
through the user interface 128. The records 154 may also include other
information
related to the control and operation of the 100 BAS and BSIS building
application
146, including statistical, logging, licensing, and historical information.
100611 The graphical views 156 provide various screen arrangements to be
displayed to the user via the user interface 128. Examples of such screens for
display
on the mobile computing device 300 are provided in FIGs. 8, 9 and 11,
discussed in
further detail below. The user interface 128 may be displayed at thermostats
with
displays or other user access points having displays, such as liquid crystal
displays,
light emitting diode displays, or other known types of visual displays
devices.
100621 The room database 158 may include data related to the layout of
the
building 99. This room database 158 includes a unique identifier for each room
or
area within the building (e.g., room "12345"). In addition to the unique
identifier
data, the room. database 158 may include other information about particular
rooms or
areas within the building 99. For example, the room database 158 may include
information about field devices located within the room or area, particular
equipment
(e.g., research equipment, manufacturing equipment, or HVAC equipment)
positioned
within the room or area.
13
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
100631 The user database 162 may include data related to human users who
frequent the building 99. A.ccordingly, the user database 162 may include a
unique
identifier for each human user (e.g., user "12345") and a user profile
associated with
that user. In other implementations, each room or area may have a profile that
has
one or more users associated with it. The user profile may include information
provided by the user or provided by third parties about the user. For example,
the
user profile may include a preferred temperature or lighting level for the
user, which
is provided to the user database 162 by the user. Also, the user profile may
include a
security clearance level, room access, or data access for the user, all
provided to the
database 162 by a third party, such as the human resources department or
security
department for the employer who owns the building 99.
100641 The equipment database 164 may include data related to various
pieces
of equipment within the building 99. The equipment may include field devices
associated with the BAS 100 or other equipment that is positioned within the
building
99. For example, the equipment database 164 may include information related to
manufacturing or research equipment located in a particular room of the
building.
The equipment database 164 maintains a unique identifier for each piece of
equipment
(e.g., equipment "12345") and data associated with that equipment. For
example, the
database 164 may associate particular schematics, operation manuals,
photographs, or
similar data with a given piece of equipment within the database 164.
100651 While the field panel 106b has been explained in the foregoing
embodiment as housing the BSIS building application 146 and various BSIS
databases, such as the room database 158, user database 162, and equipment
database
164, it will be recognized that these components may be retained in other
locations in
association with the BAS 100. For example, these components could all be
retained
within the central workstation 102 of the BAS 100 or a separately designated
BSIS
computing device in the BAS 100.
100661 Turning to FIG. 4, an exemplary process flow diagram 400 of
modification of a building automation system using parameters encoded by a
mobile
device and read by the building automation system independent of the network
is
depicted. A. user interacts with a mobile device, such as mobile device 300,
and sets
up various environmental parameters associated with the building automation
system
via a mobile application 404. The mobile application then uses the various
preferences and user information contained in the mobile device to encode the
data
14
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
into machine-readable code that is transmittable independent of the network
404. The
data that is encoded may also include information associated with the building
automation system, such as fan identifies or blind identifies. The term
"transmittable
independent of a network" means that the data is transferred without having to
physically insert a memory device into the system to be read. Examples of
independent transmission include a reader that reads codes, such as bar codes
or QR
codes, RFID tags, MOS codes, flashing lights, and magnetic card readers. The
various preferences and other data may then be generated into a machine-
readable
(machine-perceivable) code that is displayed on the mobile device 406. The
displayed code may be read off the mobile device or a printed code by the
building
automation system independent of network connections 408. The building
automation system decodes the various parameters from the code via a processor
410.
The various parameters are then sent to the systems, such as environment
systems that
make up the building automation system 412 in the current example.
100671 Environment Access Control Panel
100681 With reference now to FIG. 5, an exemplary environmental access
control panel device 250 is shown. The system environmental access control
panel
device 250 may be one of a number of different environmental access control
panel
devices that are mounted in various locations in the building 99. The
environmental
access control panel device 250 may be configured to present information to a
human
user, and in some embodiments, may be configured to receive information from.
the
human user. Accordingly, the environmental access control panel device 250
includes a display screen 255, such as a LED, LCD or plasma screen capable of
displaying visual data to a human user.
100691 The primary function of the environm.ental access control panel
device
250 is to have a reader that is able to read encoded symbols or characters
(user
preferences in a coded QR format). In the current example, the reader may be a
QR
code reader 260. The environmental access control panel device 250 may also
have
one or more displays for providing information to users. Examples of such
information include location 262, temperature 264, and/or energy consumption
266.
In the example of FIG. 4, a QR code 265 pattern that is indicative of
environmental
settings is presented to the reader 260. The reader may read the QR code 265
from
paper, wireless device, or other materials that support the reading of the QR
code 265.
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
It is understood that the reader for QR codes in the current example, may be a
reader
for bar codes, text codes, or other machine readable codes in other
impl.ementations.
It is noted that the reading of the encoded environmental data occurs without
a user
having to have access to the data network or the building automation network.
100701 The environmental access control panel device 250 with BSIS 200
capable of reading the QR code 265 may be mounted to the building 99 at a
location
that is within or in close proximity to a room or group of rooms for
convenience of
the users. In other implementations, a central location may be provided for
the
environmental access controi panel device 250, such as m.ounted on a wall in
the main
lobby of the building 99, next to the doorway or other threshold of a testing
lab in the
building 99. It is understood that the environmental access control panel
device 250
is not required to be associated with any specific area of the building 99.
The
association of the area within building 99 to a QR code is encoded within the
QR code
265.
100711 The environmental access control panel device 250 may be coupled
to
the BLN 112 or a FLN 110b of the B.AS 100. Accordingly, the environm.ental
access
control device 250 may be configured to transmit and receive information from
the
BAS 100. Received information from the BAS 100 may be displayed on the display
screen 255. This information may include the building information indicia 262,
264,
and 266 as well as other information that may be beneficial to a human user,
such as
building information, weather information, current news, time of day, or other
information. A.s noted above, the display screen 255 of the environmental
access
control panel device 250 of FIG. 5 is a dynamic display that is capable of
changing
over time.
100721 in addition to a display screen 255, the system enrollment/display
device may include additional components that allow the human to interface
with the
BAS 100. For example, in at least one embodiment, the display screen 255 is a
touch
screen that allows a user to input data via the display screen 255. The
environmental
access controi panel device 250 may also include addifionai components, such
as
speakers, microphones, cameras, various data communications ports, and other
interface components, including those that are commonly found on televisions
and
computer monitors. These additional interface components may be used to
provide
the human user with helpful features, such as providing audio instructions for
the
BSIS 200 to a human user. These additional interface components may also be
used
1.6
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
by security to provide surveillance cameras and intercoms at various locations
within
the building. Additionally, the interface components may be used by
maintenance
when operational issues arise with the environmental access control panel
device 250.
100731 While the environmental access control panel device 250 has been
explained above as displaying dynamic data and having multiple electronic
features,
in other embodiments the environmental access control panel device 250 may be
configured to display only static data and be free of electronic components.
In such
an arrangement, the environmental access control panel device 250 may be a
printed
sign posted outside of a room or a doorway that identifies the room and
displays the
building information. When a plurality of environmental access control panel
devices
are present in a building 99, a combination of static and dynamic devices may
be
used, including printed signs (with readers) as described in this paragraph in
combination with devices with screens and various electronic components, as
described above in association with FIG. 5.
100741 Mobile Computing Device
100751 In addition to the system environmental access control panel
device
250, the BSIS may also include a mobile computing device 300, FIG. 1. The
mobile
computing device 300 may be provided by any mobile device capable of being
carried
by a human, and generating a code (QR code 260 in the current example). With
reference now to FIG. 6, an internal block diagram of an exemplary mobile
computing device 300 is shown. The mobile computing device 300 includes a
scanner/camera module 350 that may be configured to read the building
information
QR codes 260 and a user interface 340 that includes a display screen.
Exemplary
mobile computing devices include personal digital assistants, smart phones,
and
handheld personal computers (e.g., Droid , iOS iPhonee, iPode, iPod Touch 0,
iPad , etc.).
100761 The mobile computing device 300 of FIG. 6 includes a housing, case
or the like 308 that is configured in a typical manner for a mobile computing
device.
The mobile computing device 300 includes processing circuitry/logic 310, a
memory
320, a power module 330, a user interface 340, and a camera/scanner module
350, all
positioned within the housing 308. It will be appreciated by one having
ordinary skill
in the art that the embodiment of the mobile computing device 300 is only an
exemplary embodiment of a mobile computing device configured for communication
17
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
with the BAS 100 over a wireless network and may include other components not
shown to avoid obscuring aspects of the present invention.
(00771 The processing circuitry/logic 310 is operative, configured and/or
adapted to operate the mobile computing device 300 including the features,
functionality, characteristics and/or the like as described herein. To this
end, the
processing circuitry/logic 310 is coupled to all of the elements of the mobile
computing device 300 described below. The processing circuitry/logic 310 is
typically under the control of program instructions or programming software or
firmware 322 contained in memory 320, explained in firther detail below. In
addition
to storing the instructions 322, the memory also stores data 324 for use by
the BAS
100 and/or the BSIS 200.
100781 The mobile computing device 300 also includes a power module 330
that is operative, adapted and/or configured to supply appropriate electricity
to the
mobile computing device 300 (i.e., the various components of the mobile
computing
device). The power module 330 is generally DC power supplied by a battery or
batteries.
100791 The mobile computing device 300 further includes a user interface
340. The user interface 340 allows the mobile computing device 300 to present
information to the user, and also allows the user to insert data into the
mobile
computing device 300. Accordingly, the user interface 340 may be configured to
drive a touchscreen, keypad, buttons, speaker, microphone, or any of various
other
standard user interface devices.
100801 A camera/scanner module 350 may also be provided in the mobile
computing device 300. The camera/scanner module 350 may be configured by
software or an application to read the QR codes 265 that have previously been
generated and associated with the BAS 100. Thus, for example, the
camera/scanner
module 350 may include a camera configured to focus on a QR CODE, such as QR
code 265 and produce an electronic data file of the image (e.g., a JPEG file).
100811 The electronic data file generated by the camera/scanner module
350
may be stored in memory 320. The processing circuitry/logic 310 is configured
to
process the electronic data file generated by the camera/scanner module 350
into
indicia data that is used by one or more applications. For example, the
processing
circuitry/logic 310 may be configured to generate a QR code number or other
unique
18
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
identifier associated with the building information indicia captured by the
mobile
computing device 300 and user entered data.
100821 The memory 320 includes various programs that may be executed by
the processing circuitry/logic 310 (which may include a processor). In
particular, the
memory 320 in the mobile communications device 300 of FIG. 6 includes a BSIS
mobile application 322. The BSIS mobile application 322 is configured to
facilitate
advanced interactions between a human user in possession of the mobile
communications device and the building automation system 100. To this end, the
BSIS mobile application 322 is configured to generate a machine readabl.e code
(QR
code in the current example) with at least environmental settings for use by
the BSIS
200. An example of pseudo code that may be used to generate a QR code is
presented:
/*
Point XX XXXXXXXX XXXXXXXX XX XX ^-
A A A
Object I l
Type#
Instance
Number
IPAddress
Mac
Network
(1) 0200000032C28AD827XXXXXXXXXX¨ [Temperature Monitor]
(2) 0200000032C28AD827.XXXXXXXXXX¨ [Temperature SetPoint]
(3) 0200000032C28AD827XXXXXXXXXX¨ [Hurnidity Monitor]
(4) 0200000032C28.AD827XXXXXXXXXX¨ [Humidity Setpoint]
(5) 0200000032C28AD827XXXXXXXXXX¨ [AirQuality Monitor]
1.9
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
(6) 0200000032C28A1)827XXXXXXXXXX¨ [AirQuality Setpoint]
(7) 0200000032C28AD827XXXXXXXXXX¨ [Fan Monitor]
(8) 0200000032C28AD827XXXXXXXXXX¨ [Fan Setpoint]
(9) 0200000032C28AD827XXXXXXXXXX¨ [Light Monitor]
(10) 0200000032C28AD827.XXXXXXXXXX¨ [Light Setpoint]
(11) 0200000032C28A1)827X)000LXXXXX¨ [Blind Monitor]
(12) 0200000032C28A1)827XXXXXXXXXX¨ [Blind SetPoint]
(13) 0200000032C28AD827XXXXXXXXXX¨ [OecMode Point]
(14) 0200000032C28AD827XXXXXXXXXX¨ [Green Leaf Point]
(15) 0200000032C28AD827XXXXXXXX)CX¨ [Emergency Point]
(1) 00750 [Preset #1 Temperature]
(2) XXXXX [Preset # 1 Humidity]
(3) XXXXX [Preset #1 AirQuality]
(4) XXXXX [Preset #1 Fan]
(5) XXXXX [Preset #1 Light]
(6) XXXXX [Preset #1. Blind]
(7) XXXXX¨ [Preset #1 OccMode]
*/
NSMutableString * ternpMString = [NSMutableString stringWithCapacity:0];
[terripMString appendString:rib"0200000051C28A.D827XXXXXXXXXXXXXX¨"];
// Temperature
[ternpMString appendString:(cW0200000056C28AD827XXXXXXXXXXXXXX¨"];
/1 Temperature sTrpT
[ternpMString appendString:(4_.r 0200000057C28AD827XXXXXXXXXXXXXX¨"];
// Humidity
[tempMString appendString:@"0200000058C28AD827XXXXXXXXXXXXXX--"];
// HumiditySTPT
[tempMString appendString:@"02000000611.C28AD827XXXXXXXXXXXXXX¨"];
// AirQuality
[temp.MString appendString:@"0200000062C28AD827XXXXXXXXXXXXXX-1;
// AirQualitySTPT
[tempMString appendString:@"020000005DC28AD827XXXXXXXXXXXXXX¨Th
// Fan
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
[tempMString appendString:@"020000005EC28AD827XXXXXXXXXXXXXX-1;
// FanSTPT
[tempMString appendString:@"0200000059C28AD827XXXXXXXXXXXXXX-1;
// Light
[tempMString appendString:@"020000005.AC28AD827XXXXXXXXXXXXXX¨"];
// LightSIPT
[tempMString appendString:@"020000005BC28AD827XXXXXXXXXXXXXX¨"];
// Blind
[tempMString appendString:@"020000005CC28AD827XXXXXXXXXXXXXX-1;
11 BlindSTPT
[tempMString appendString:@"050000001DC28AD827XXXXXXXXXXXXXX-1;
// OccMode
[tempMString appendString:@"0200000060C28AD827XXXXX X¨"];
H GreenLeaf
[tempMString
appendString:@"050000001EC28AD827XXXXXXXXXXXXXX-1// Emergency
[tempMString appendString:@"007001; H Presetl Temperature
[tempMString appendString:@"00500"]; // Presetlfiumidity
[tempMString appendString:@"200001; // PresetlAirQuality
[tempMString appendString:@,"000001; I PresetlFan
[tempMString appendString:@"000001; H Preset1Light
[tempMString appendString:@"000001; // Presetl Blind
[tempMString appendString:@"000001; // PresetlOccMode
[tempMString appendString:@"¨"]; // Preset1ClosingMark
[tempMString appendString:@"007451; // Preset2Temperature
[tempMString appendString:@"004501; H Preset2Humidity
[tempMString appendString:@"080001; /I :Preset2AirQuality
[tempMString appendString:@"006001; // Preset2Fan
[tempMString appendString:@,"003001; // Preset2Light
[tempMString appendString:@"080001; /I Preset2Blind
[tempMString appendString:@"000101; // Preset2OccMode
[tempMString appendString:@"¨"]; // Preset2ClosingMark
[tempMString appendString:@"007801; // Preset3Temperature
[tempMString appendString:@"006001; // Preset3Humidity
21
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
[tempMString appendString:@"100001; // Preset3AirQuality
[tempMString appendString:@"004001; // Preset3Fan
[tempMString appendString:@"005001; // Preset3Light
[tempMString appendString:@"010001; // Preset3Blind
[tempMString appendString:@"000101; /I :Preset3OccMode
[tempMString appendString:@"¨"]; // Preset3ClosingMark
[tempMString appendString:@"007201; // Preset4Temperature
[tempMString appendString:@"003001; / Preset4Humidity
[tempMString appendString:@"080001; /./ Preset4AirQuality
[tempMString appendString:@"005001; // Preset4Fan
[tempMString appendString:@"005001; // Preset4Light
[tempMString appendString:@"005001; /I Preset4Blind
[tempMString appendString:@"000101; / Preset4OccMode
[tempMString appendString:@"¨"]; // :Preset4ClosingMark
[tempMString appendStiing:@"007251; // Preset5Temperature
[tempMString appendString:@"004501; // Preset5Humidity
[tempMString appendString:@"080001; / Preset5AirQuality
[tempMString appendString:@"008001; /./ Preset5Fan
[tempMString appendString:@"001001; // Preset5Light
[tempMString appendString:@"000001; /./ Preset5Blind
[tempMString appendString:@"000101; // Preset5OccMode
// self.qrCodeString = [NSString stringWithString:tempMStfing];
The BSIS mobile application 322 may be further configured to encode additional
data, such as user identification data unique to the computing device that
generated
the QR. code to the BAS 100. Operation of the BSIS mobile application 322 will
be
explained in further detail below.
100831 In addition to the instructions 322, the memory 320 of the mobile
computing device 300 also includes data. The data may include records 324 of
current and historical data related to operation of the mobile computing
device 300.
For example, the records 324 may include user identification information that
identifies the mobile computing device 300. The records 324 may also include
current and historical QR codes generated by the mobile computing device 300.
22
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
100841 BSIS Mobile Application Operation
100851 With reference now to FIG. 7, a diagram of a graphical user
interface
702 of the BSIS mobile application 700 that is generated by the execution of
an
application by the mobile device 300. The graphical user interface 702 may
present a
user with a plurality of environmental options 704, 706, 708, 710, 712 and QR
code
generator 714. In other implementations, additional or fewer options may be
presented to a user. In yet other implementations, additional information may
be
provided for inclusion in the code (QR code in the current example) in
addition to
environmentai options, such as clock-in, clock-out, security system.
activation,
security system deactivation, location verification.
100861 If environmental option 704, for changing the temperature, is
selected
in the graphical user interface 702, a temperature graphical user interface
800, FIG. 8
is presented to the user. The desired temperature may be presented in
numerical form
802. A. graphical input may also be presented 804. The graphical input 804 is
a slide
bar in the shape of a thermometer. As the slide bar is moved, the desired
temperature
in numerical form 802 may also change in the current example. .An additional
conservation icon 806 may also be present. When the temperature is at an
environmentally friendly level (60-68 degrees), the conservation icon 806 may
appear
green in color. As the temperature is raised, the green color of the
conservation icon
806 gradual.ly changes to red. The bottom. of the graphicai user interface 800
m.ay
provide a plurality of buttons 808 that correspond to the selections in the
graphical
user interface 702 display. The graphicai user interface 800 may also have a
temperature button 812 in the plurality of buttons 808 that visually indicates
that it is
the current selection. In the present example, the temperature button 812 is
highlighted.
100871 If fan control 710 or 810 is selected, a user is presented with a
fan
graphical user interface 900, FIG. 9. The desired speed of the fan is
presented as a
numerical value 902. A user is also presented with a virtual knob in the shape
of a fan
904 that may be rotated in one direction to increase fan speed and in the
other to
reduce fan speed. The corresponding fan speed may be changed and displayed as
a
numerical. value 902. The fan graphicai user interface 900 may also have a
conservation icon 906 that functions in a similar manner as 806, but with
respect to
fan speed. The graphical user interface 900 may also have a fan button 912 in
the
23
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
plurality of buttons 908 that visually indicates that it is the current
selection. In the
present example, the fan button 912 is highlighted.
100881 If light control, such as 708 or 910, is selected, a user is
presented with
a light setting graphical user interface 1000, FIG. 10. The desired light
setting is
presented as a numerical value 1002. A user is also presented with an image of
light
bulb 1004 that a user moves a finger up or down on to change the light
setting. The
corresponding light setting may be changed and the updated value displayed as
a
numerical value 1002. The light setting graphical user interface 1000 may also
have a
conservation icon 1006 that functions in a similar manner as 806 and 906, but
with
respect to lighting. The graphical user interface 1000 may also have a fan
button 1012
in the plurality of buttons 1008 that visually indicates that it is the
current selection.
In the present example, the light setting button 1012 is highlighted.
100891 The humidity button 706 of FIG. 7 and blinds button 712 may
operate
in similar manners as the graphical user interfaces for temperature 800, fan
speed 900,
and light 1000.
100901 BSIS Mobile App Process Flow
100911 Referring now to FIGs. 1 la and 1 lb, an exemplary flow diagram
1100
of the BSIS mobile application 700 performed by the mobile device 300 is
shown.
The process begins with step 1102, where the user activates BSIS mobile
application
702 that has been previously downloaded or otherwise installed on mobile
device 300.
In step 1104, the top level of the graphical user interface 702 of the BSIS
mobile
application 700 is displayed. The user is then able to select an environmental
control
submenu (704-714) from the top level of the graphical user interface 702 in
step 1106.
If no selection is made, the top level graphical user interface 702 continues
to be
displayed until it is exited in step 1110. If the application is exited in
1110, then it is
closed and no longer displayed in step 1112.
100921 If an environmental control submenu is selected in step 1106, then
a
check occurs in step 1114 for selection of the temperature graphical user
interface
704. If the temperature graphical user interface has been selected in step
1114, the
temperature graphical user interface submenu 800 is generated and displayed on
mobile device 300 in step 1116. The user may then modify the temperature in
step
1118. The user then may use the plurality of buttons 808 to select a different
submenu or the mobile device's exit button to close the application.
24
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
100931 If the humidity graphical user interface is selected in step 1106,
then in
step 1120 the humidity graphical user interface submenu is generated and
displayed
on mobile device 300 in step 1122. The user may then modify the humidity in
step
1124. The user then may use the plurality of buttons 808 to select a different
submenu or the mobile device's exit button to close the application.
100941 If the light graphical user interface is selected in step 1106,
then in step
1128 the light graphical user interface submenu 1000 is generated and
displayed on
mobile device 300 in step 1130. The user may then modify the light brightness
in
step 1132. The user then may use the plurality of buttons 1008 to select a
different
submenu or the mobile device's exit button to close the application.
100951 If the fan graphical user interface is selected in step 1106, then
in step
1134 the fan graphical user interface submenu 900 is generated and displayed
on
mobile device 300 in step 1136. The user may then modify the fan speed in step
1138. The user then may use the plurality of buttons 1008 to select a
different
submenu or the mobile device's exit button to close the application.
100961 lf the blinds graphical user interface is selected in step 1106,
then in
step 1140 the blinds graphical user interface submenu is generated and
displayed on
mobile device 300 in step 1142. The user may then change the blinds setting in
step
1144. The user then may use the plurality of button to select a different
submenu or
the mobile device's exit button to close the application.
100971 If the generate code graphical user interface is selected in step
1106,
then in step 1148 the user is presented with a submenu graphical interface
where he
may confirm that the code (QR code in the current example) should be generated
and
generates the QR code in step 1150. The generated QR code may then be
displayed
in step 1152. The displayed QR code is displayed in step 1152, such that it
may be
read by a code reader that is in communication with the BAS 100. The user may
also
be given the option to save the QR code in step 1154. The QR code may be saved
as
a graphic or picture in the current implementation in step 1156. In other
implementations, if text codes are employed, the text may be saved. When the
user is
finished generating the QR code, he or she may, in step 1158, exit the
application or
retu.m to the top level BISI mobile application graphical user interface.
100981 Exemplary BSIS Scenario
100991 With reference now to FIG. 12, exemplary interactions between the
BSIS mobile application 322 and the BAS 100 are illustrated when a user scans
a QR
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
code with a mobile computing device 300. In this illustration, the user begins
by
using the mobile computing device 300 as described herein to set the desired
environment using the BSIS mobile application graphical user interface 340.
The
user then generates a code (QR code in the current example) that is displayed
upon
the mobile computing device 300. The mobile computing device 300 is held up to
BSIS 200 of the environmental access control panel 250. The BSIS 200 may be
located in conference room "A." Then the QR code is read by the BSIS 200 in
conference room "A", the BAS sets the environmental controls for conference
room
"A" to the settings encoded in the QR code. It is noted that there is no
network
connection between the mobile computing device and the BAS. The data is only
passed via the BAS reading the QR code.
1001001 The BSIS mobile application may provide checks to verify that
acceptable ranges for the environmental controls are being used, such as
preventing
the temperature from being set too low or too high. In other implementations,
the
checks may occur within the BAS.
1001011 in the current example, the reader's location was identified
because the
BAS knew where it was located. In other implementations, a user may use the
BSIS
graphical user interface and may set the location to be adjusted. The location
to be
adjusted may be entered as text in some implementations, or in other
implementations, it may be set via pull down menus that have been preloaded.
1001021 The multiple codes may be individually saved in memory and
recalled
as needed. For example, a code for an office may be stored as "office," a code
for
conference room "A" may be stored as "Conf A," and so on. The code may also be
printed out and affixed to a back of a badge, enabling the user to use the QR
code
without a mobile computing device.
1001031 Secure Machine Readable Code
1001041 As user data may be encoded in a machine readable code, such as a
QR
code, the encoded data may just as easily be decoded and accessed. In order to
prevent such decoding, multiple layers of security may be added to the QR
code.
Turning to FIG. 13, a diagram 1300 of security layers of a machine readable
code
(QR Code) is depicted in accordance with an example implementation of the
invention. The lowest layer is the data layer 1302 that is to be encoded into
the
machine readable code. The data may be presented as text or numerical data in
the
current example. The data layer 1302 may be digitally signed in a digital
signature
26
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
layer 1304. The digital signature assures the data has not been changed or
modified.
The data layer 1302and digital signature layer 1304 may also be encrypted via
the
encrypted data layer 1306. The resulting encrypted signed data may then be
used to
generate a machine readable code, i.e. QR code layer 1308.
1001051 Turning to FIG. 14, an example of the data layer 3102 of FIG. 13
having data 1400 is depicted in accordance with and example implementation of
the
invention. Text data such as a users name 1402, user identification 1404,
personal
identification number (PIN) 1406, biometric data 1408, or other data 1410 may
be
placed in the data layer 1302. In some implementations, a temple may be used
to
create the data layer. In other implementations a combination of text and
other data
may be used (such as color or graphical data) may make up the data layer 1302.
1001061 In FIG. 15, a diagram 1500 that depicts the digital signing of the
data
1400 of FIG. 14 is shown in accordance with an example implementation of the
invention. A digital signature algorithm 1504 may be executed via a processor
on a
processor controlled device, such as the building automation system's security
access
control system 140. A valid digital signature provides an assurance of the
integrity of
the data, i.e. the data has not been modified. A separate key for digital
signing of a
docum.ent is depicted in FIG. 15, with a public portion (digital signature
password
1502) and data 1400 processed by the digital signature algorithm 1504. The
digital
signature algorithm 1504 may be implemented as a series of logical functions
that
combine the data with the digital signature 1502 and a private key to generate
a hash
tag or other unique identifier that is associated with the original data 1400.
The
generated value may be referred to as a digital signature 1506. If the data
changes,
then a reprocessing of the data will return a different value signaling the
underlying
data has changed.
1001071 In FIG. 16, a diagram of the encryption of the data 1400 of FIG.
14 and
digital signature 1506 of FIG. 15 is depicted in accordance with and example
implementation of the invention. The data 1400 and digital signature 1506
along with
an encryption key (another public key 1602) is passed to an encryption
algorithm
1604 that may have a private key. The encryption algorithm 1604 may be
executed
via a processor in the building automation system. In other implementations,
the
public key 1602 may be the same as the digital signature password 1502. The
encryption algorithm 1604 encrypts the data 1400 and digital signature 1506
resulting
in encrypted data 1606.
27
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
1001081 Turning to FIG. 17, a diagram 1700 of encoding the encrypted data
1606 of FIG. 16 into a machine readable code is depicted in accordance with an
example implementation of the invention. The encrypted data 1606 is passed to
a QR
code generator 1702 that generates a QR code of the encrypted data. The
resulting
QR code is a secure QR code 1704 with multiple layers of security. in other
implementations, other machine readable codes may be used, such as bar codes,
provided the resulting machine readable code can accommodate the encrypted
data.
1001091 In FIG. 18, a message flow 1800 of decoding the machine readable
code (secure QR code 1704) is depicted in accordance with an example
implementation. The secure QR code is scanned by a human machine interface
device, such as the environmental control access panel 250 of FIG. 5 via code
reader
260. The secure QR code 1704 is scanned or read by the code reader 260 and
transmitted 1802 to the security access control system 140. At the security
access
control system 140, a processor may decode the scanned secure QR code into
secure
data 1804. If the secure QR code is decodable by the security access control
system
140, then a personal identification number (PIN) request may be displayed at
the
environmental control access panel 250. A PIN may be entered at the
environmental
control access panel 250 by a user and transmitted 1808 to the security access
control
system 140 where it is used as the public keys decrypt the secure data into
digitally
signed data 1810.
1001101 The digital signature of the digitally signed data may then be
verified
to assure the data has not been tampered with or changed 1812. If the
integrity of the
data is verified, then the user has been identified and a menu for the
building
automation system 100 may be displayed 1814 on the environmental control
access
panel 250. In the current example, the same pin was used as the public keys
for
digitally signing the document and encryption. In other implementations,
different
keys may be employed and additional prompts may be displayed to gather
additional
user inputs. Similarly, once the data has been accessed, a password request
may be
displayed at the environmental control access panel. This password may reside
in the
building automations system 100. In other implementations, the password may
reside
in the data that is decoded from the secure QR code.
1001111 Turning to FIG. 19, a flow diagram 1900 of an approach for the
generation of a secure machine readable code is depicted in accordance with an
example implementation of the invention. Data is 1400 may be entered in a
template
28
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
or flat file 1902 is received or accessed via a processor. The data 1400 and
digital
signature password 1502 or public key is employed to generate a digital
signature for
the data 1904. The digital signature and data may then be encrypted using a
public
encryption key 1906. The encrypted data may then be encoded into a machine
readable code, such as a QR code 1908. The resulting QR code is a secure QR
code
that may be printed or stored by a user.
1001121 in FIG. 20, a flow diagram 2000 of an approach for the decoding of
a
secure machine readable code is depicted in accordance with an example
implementation of the invention. A. machine readable code, such as a bar code
or
secure QR code is read or scanned with the image or scan being processed or
received
from the scanner or similar input device and stored in memory by a processor
or
controller 2002. The memory that the secure QR code is stored in may be a
temporary memory, such as ram or a buffer memory. Using the secure QR code in
the current example, the secure QR code is decoded via the processor into
encrypted
data 2004. A user may provide a public encryption key 2006 in response to a
request
generated via the processor to decrypt the encrypted data into digitally
signed data. In
other implementations, the encryption may be via a single encryption algorithm
that
does not require a public key. Further, in other implementations the encrypted
data
may be data that is not digitally signed.
1001131 The digitally signed data may then be verified via the process to
assure
data integrity 2008. Once the data integrity has been checked, the data may be
used to
further authenticate the user or allow access the system. In other
implementations, the
data may also be used to update databases or records associated with the data
contained in the secure QR code.
1001141 in the current implementations, the mobile computing device
executes
the BSIS mobile application. In other implementations, a desktop computer may
be
used to execute an application. The application may implement the process of
FIG.
11 a and FIG. 1 lb and be executed by a computer's processor that is running
an
operating system, such as Windows or Linux. In yet other implementations, the
application may implement the process of FIG. 1 1 a and 1lb in a "browser"
such as
Internet Explorer, Chrome, Safari, and Firefox by a processor on a
computerized
device.
1001151 While the BSIS application is described as being implemented as
software executed by a device with a processor (i.e., as a combination of
hardware
29
CA 02911641 2015-11-06
WO 2014/182621
PCT/US2014/036811
and software), the embodiments presented may be implemented in hardware alone
such as in an application-specific integrated circuit ("ASIC") device.
1001161 The flow diagrams of FIG. 19 and 20 may be implemented in
hardware, software, or a combination of hardware and software. The software is
a
plurality of non-transitory machine readable instructions that may be loaded
into a
memory, such as RAM, ROM, SDRAM, DIMMS, or there types of digital memory
and execute via a processor or controller. The software may be accessed from
punch
cards, magnetic tape, magnetic disks, compact discs (CDs), digital video discs
(DVDs), or other non-transitory storage devices and loaded into memory or
executed
from the non-transitory storage.
1001171 The secure machine readable code, such as the secure QR code has
been described with respect to a building automation system and security
system.
Other uses for the secure machine readable code, include and are not limited
to
transfer of secure data, access control of systems, validation of users, or a
combination of the transfer of secure data, access control of systems,
validation of
users in any type of system that is controlled by or has access to a processor
or
controller. Industries and other applications that could make use of a secure
machine
readable code include and is limited to manufacturing, communication, medical,
governmental, and education applications.
1001181 The foregoing detailed description of one or more embodiments of
the
secure machine readable code has been presented herein by way of example only
and
not limitation. It will be recognized that there are advantages to certain
individual
features and functions described herein that may be obtained without
incorporating
other features and functions described herein. Moreover, it will be recognized
that
various alternatives, modifications, variations, or improvements of the above-
disclosed embodiments and other features and functions, or alternatives
thereof, may
be desirably combined into many other different embodiments, systems or
applications. Presently unforeseen or unanticipated alternatives,
modifications,
variations, or improvem.ents therein may be subsequently made by those skilled
in the
art which are also intended to be encompassed by the appended claims.
Therefore,
the spirit and scope of any appended claims should not be limited to the
description of
the embodiments contained herein.
