Patent Application
20250063039
The present application claims priority to India Provisional Application No. 202311054849, filed on Aug. 16, 2023, entitled “BATCH NETWORK CONFIGURATION OF BUILDING CONTROL DEVICES FOR A BUILDING CONTROL NETWORK”, which is incorporated herein by reference.
The present disclosure relates to methods and systems for configuring building control devices and more particularly to methods and systems for batch configuration of digital certificates for building control devices that are to operate on a secure building control network that uses Certificate Based Authentication (CBA).
Building control systems such as security systems, fire safety systems, lighting systems and HVAC (Heating, Ventilating and Air Conditioning) systems can include a large number of building control devices that need to be connected to a building control network in order for the building control system to function as intended. In many cases, each building control device must be individually configured by a technician to bring the building control device on-line on the building control network. This can include configuring appropriate digital certificates for each of the building control devices so that the building control devices can securely connect to a secure building control network that uses Certificate Based Authentication (CBA). This can be a time consuming and tedious process, especially when a large number of building control devices are involved. What would be desirable are methods and systems for batch network configuration of building control devices.
The present disclosure relates to methods and systems for configuring building control devices and more particularly to methods and systems for batch configuration of digital certificates for building control devices that are to operate on a secure building control network that uses Certificate Based Authentication (CBA). An example may be found in a method for performing a batch network configuring of a plurality of building control devices for a building control network. The illustrative method includes storing a plurality of digital certificate files, wherein each of the digital certificate files includes a digital certificate and has a file name that includes a pattern that can be matched to a unique identifier of a respective one of the plurality of building control devices. A matching one of the plurality of digital certificate files is automatically identified for each of the plurality of building control devices by matching the pattern in the file name of the matching digital certificate file with the unique identifier of the respective one of the plurality of building control devices. The matching ones of the plurality of digital certificate files are batch uploaded to the respective one of the plurality of building control devices for subsequent use by the respective one of the plurality of building control devices when communicating over the building control network. The building control network may be a secure building control network that uses Certificate Based Authentication (CBA). In some cases, the matching ones of the plurality of digital certificate files are encrypted (e.g. using a password), with the encrypted digital certificate files saved locally, and then batch uploaded to the respective one of the plurality of building control devices for subsequent use by the respective one of the plurality of building control devices when communicating over the building control network.
Another example may be found in a configuration tool for performing a batch network configuring of a plurality of building control devices for a building control network. The configuration tool includes an IP (Internet Protocol) port and a memory for storing a plurality of digital certificate files, wherein each of the digital certificate files includes a digital certificate and has a file name that includes a pattern that can be matched to a unique identifier of a respective one of the plurality of building control devices. A configuration tool controller is operatively coupled to the memory and the IP port. The configuration tool controller is configured to automatically identify a matching one of the plurality of digital certificate files for each of the plurality of building control devices by matching the pattern in the file name of the matching digital certificate file with the unique identifier of the respective one of the plurality of building control devices. The configuration tool controller is configured to upload the matching ones of the plurality of digital certificate files to the respective one of the plurality of building control devices via the IP port for subsequent use by the respective one of the plurality of building control devices when communicating over the building control network.
In some cases, the configuration tool may be operatively coupled to a Building Management System (BMS) Supervisor, and the BMS Supervisor is operatively coupled to the building control network. When so provided, the configuration tool works through and/or with the BMS Supervisor to store a plurality of digital certificate files, automatically identify a matching one of the plurality of digital certificate files for each of the plurality of building control devices by matching the pattern in the file name of the matching digital certificate file with the unique identifier of the respective one of the plurality of building control devices, encrypt the matching digital certificate files, save the encrypted digital certificate files locally, and upload the encrypted matching digital certificate files to the respective one of the plurality of building control devices for subsequent use by the respective one of the plurality of building control devices when communicating over the building control network.
In another example, the configuration tool may be operatively coupled to a Plant Controller, and the Plant Controller is operatively coupled to the building control network. When so provided, the configuration tool works through and/or with the Plant Controller to store a plurality of digital certificate files, automatically identify a matching one of the plurality of digital certificate files for each of the plurality of building control devices by matching the pattern in the file name of the matching digital certificate file with the unique identifier of the respective one of the plurality of building control devices, encrypting the matching digital certificate files, saving the encrypted digital certificate files locally, and uploading the encrypted matching digital certificate files to the respective one of the plurality of building control devices for subsequent use by the respective one of the plurality of building control devices when communicating over the building control network. These are just some examples.
Another example may be found in a method for batch configuration of digital certificates for building control devices that are to operate on a secure building control network that uses Certificate Based Authentication (CBA). The illustrative method includes securely storing a plurality of digital certificate files, wherein each of the digital certificate files includes a digital certificate and has a unique identifier that can be matched to a unique identifier of a respective one of the plurality of building control devices. A matching one of the plurality of digital certificate files is automatically identified for each of the plurality of building control devices by matching the unique identifier of the matching digital certificate file with the unique identifier of the respective one of the plurality of building control devices. The matching ones of the plurality of digital certificate files are uploaded to the respective one of the plurality of building control devices for subsequent use by the respective one of the plurality of building control devices when communicating over the building control network.
One or more additional network configuration parameters may be uploaded to one or more of the plurality of building control devices for subsequent use by the one or more of the plurality of building control devices when communicating over the building control network, wherein the one or more additional network configuration parameters include one or more of an SSID, a username, a password and a root certificate.
In some cases, the configuration tool may be configured to give the user an option to select a particular digital certificate from a plurality or pre-stored digital certificates, and upload the selected digital certificates to a selected one of the building control devices. This can be done separately from, or in addition to, the batch configuration discussed herein.
In some cases, the configuration tool is configured to give the user an option to read back the network configuration parameters from one or more of the building control devices and store them securely. This may allow a user to, for example, subsequently use a different network configuration tool and restore the previously stored network configuration parameters into the new configuration tool. This may also allow a user of the configuration tool to quickly reconfigure building control devices on a building control network, particularly when the configuration of the building control network has been corrupted and/or one or more components have been replaced. The network configuration parameters that are stored can include, for example, the network SSID, the network password, the digital certificates associated with each of the building control devices, and/or any other network configuration parameters associated with the building control network.
The preceding summary is provided to facilitate an understanding of some of the innovative features unique to the present disclosure and is not intended to be a full description. A full appreciation of the disclosure can be gained by taking the entire specification, claims, figures, and abstract as a whole.
The disclosure may be more completely understood in consideration of the following description of various examples in connection with the accompanying drawings, in which:
While the disclosure is amenable to various modifications and alternative forms, specifics thereof have been shown by way of example in the drawings and will be described in detail. It should be understood, however, that the intention is not to limit the disclosure to the particular examples described. On the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the disclosure.
The following description should be read with reference to the drawings, in which like elements in different drawings are numbered in like fashion. The drawings, which are not necessarily to scale, depict examples that are not intended to limit the scope of the disclosure. Although examples are illustrated for the various elements, those skilled in the art will recognize that many of the examples provided have suitable alternatives that may be utilized.
All numbers are herein assumed to be modified by the term “about”, unless the content clearly dictates otherwise. The recitation of numerical ranges by endpoints includes all numbers subsumed within that range (e.g., 1 to 5 includes 1, 1.5, 2, 2.75, 3, 3.80, 4, and 5).
As used in this specification and the appended claims, the singular forms “a”, “an”, and “the” include the plural referents unless the content clearly dictates otherwise. As used in this specification and the appended claims, the term “or” is generally employed in its sense including “and/or” unless the content clearly dictates otherwise.
It is noted that references in the specification to “an embodiment”, “some embodiments”, “other embodiments”, etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is contemplated that the feature, structure, or characteristic is described in connection with an embodiment, it is contemplated that the feature, structure, or characteristic may be applied to other embodiments whether or not explicitly described unless clearly stated to the contrary.
Depending on what the building control system 10 is, the building control devices 12 may each represent any of a variety of different components such as actuators, controllers, sensor, etc. In this example, each of the building control devices 12 is operatively coupled with a building control network 16. The building control network 16 may represent a wired network. In some instances, the building control network 16 or portions thereof may represent a wireless network, communicating over any of a variety of different wireless communication protocols. In some instances, a configuration tool 18 may also be operatively coupled to the building control network 16. The configuration tool 18 may be used in performing batch network configuration of the building control devices 12.
A configuration tool controller 26 is operatively coupled to the memory 22 and to the IP port 20. The configuration tool controller 26 is configured to automatically identify a matching one of the plurality of digital certificate files 24 for each of the plurality of building control devices 12 by matching the pattern in the file name of the matching digital certificate file with the unique identifier (ID 14) of the respective one of the plurality of building control devices 12. The configuration tool controller 26 is configured to upload the matching ones of the plurality of digital certificate files 24 to the respective one of the plurality of building control devices via the IP port 20 for subsequent use by the respective one of the plurality of building control devices 12 when communicating over the building control network 16. In some cases, the configuration tool controller 26 encrypts the matching ones of the plurality of digital certificate files 24, stores the encrypted digital certificate files locally, such as in a local computer or a plant controller, before uploading the encrypted matching ones of the plurality of digital certificate files 24 to the respective one of the plurality of building control devices.
In some instances, the configuration tool 18 may further include a user interface 28. The configuration tool controller 26 may be configured to display on the user interface 28 an association (e.g. mapping) between each of the plurality of building control devices 12 and the corresponding matching digital certificate file 24. In some cases, the associating may be displayed in the form of a table or the like. In some instances, the configuration tool controller 26 may be configured to receive a selection via the user interface 28 of the plurality of building control devices 12 (perhaps less than all of the available building control devices 12) before automatically identifying a matching one of the plurality of digital certificate files 24 for each of the plurality of building control devices 12.
In some cases, the configuration tool 18 may be configured to give the user an option to select a particular digital certificate from a plurality or pre-stored digital certificates, and upload the selected digital certificates to a selected one of the building control devices. This can be done separately from, or in addition to, the batch configuration discussed herein.
In some instances, the configuration tool 18 may be used to select custom or predefined parameters for matching the digital certificate files with the unique identifier (ID 14) of the respective one of the plurality of building control devices 12. In some cases, the digital certificates stored by the digital certificate files 24 include either a user certificate or a private key for the respective one of the plurality of building control devices 12. In some cases, each of the plurality of building control devices 12 has two or more digital certificate files 24, with one securely storing a corresponding user certificate and one securely storing a corresponding private key. This is just an example.
The configuration tool 18 may obtain and/or update the digital certificates and digital certificate files for each of the building control devices 12 before the configuration tool 18 communicates with the plurality of building control devices 12. That is, in some cases, the digital certificates and digital certificate files for each of the building control devices 12 may pre-obtained and pre-stored before connecting with the building control devices 12.
In some instances, the user may open a window via the user interface 28 of the configuration tool 18 in which all of the building control devices 12 are displayed (sometimes in a single view), and the user may then configure other common network parameters for the building control devices (all or selected ones). The other common network parameters include, for example, security type (e.g. WPA2 Enterprise), WiFi SSID name, EAP Type (e.g. TTL), Username, Password, and a root certificate file location. The user may also select a folder where the certificate files are located. After the user selects the proper folder, the digital certificate files may be accessed and the digital certificates (e.g. user certificates and private keys) stored in the digital certificate files may be automatically assigned to a respective building control device based on the unique IDs 14 of the building control devices and the matching pattern in the file names of the digital certificate files.
In some cases, the user will be able to see the mapping between the building control devices and the matching digital certificate files before the configuration tool 18 writes the digital certificate files to the respective building control devices. If the mapping is approved by the user, the configuration tool 18 may write the digital certificate files to the respective building control devices for use when communicating on the building control network 16. The configuration tool 18 may also write one or more of the other common network parameters to the building control devices (e.g. security type (e.g. WPA2 Enterprise), WiFi SSID name, EAP Type (e.g. TTL), Username, Password, and a root certificate file location).
In some cases, the configuration tool 18 is configured to give the user an option to read back the network configuration parameters from one or more of the building control devices and securely store them locally. This may allow a user to, for example, subsequently use a different network configuration tool and restore the previously stored network configuration parameters into the new configuration tool. This may also allow a user of the configuration tool to quickly reconfigure building control devices on a building control network, particularly when the configuration of the building control network has been corrupted and/or one or more components have been replaced. The network configuration parameters that are stored can include, for example, the network SSID, the network password, the digital certificates associated with each of the building control devices, and/or any other network configuration parameters associated with the building control network. These are just examples.
A matching one of the plurality of digital certificate files is automatically identified for each of the plurality of building control devices by matching the pattern in the file name of the matching digital certificate file with the unique identifier of the respective one of the plurality of building control devices, as indicated at block 34. In some instances, the matching pattern in the file name of the matching digital certificate file includes one or more of a device name, a device serial number, a device instance and a device MAC address. The file name of the matching digital certificate file may include additional characters that are in addition to the matching pattern, wherein the additional characters identify a type of digital certificate that is included in the matching digital certificate file (e.g. “user_cert.pem” for identifying a user certificate and/or “ppk.pem” for identifying a private key). In some instances, a custom pattern matching expression may be received from a user, such as in a REGEX format. The custom pattern matching expression may then be used when automatically identifying the matching one of the plurality of digital certificate files for each of the plurality of building control devices.
In some cases, the user interface 28 may display an association between each of the plurality of building control devices 12 and the corresponding matching digital certificate file(s), but this is not required. In some cases, the association may be displayed in a tabular format.
With matching complete, the matching ones of the plurality of digital certificate files are batch uploaded to the respective one of the plurality of building control devices for subsequent use by the respective one of the plurality of building control devices when communicating over the building control network 16, as indicated at block 36. In some instances, batch uploading the matching one of the plurality of digital certificate files to the respective one of the plurality of building control devices may occur when the respective one of the plurality of building control devices has an on-line status on the building control network 16.
Continuing on
In some instances, the method 30 may include performing a factory reset of one of the plurality of building control devices, as indicated at block 46. Once the building control device is again up and running, reusing the matching one of the plurality of digital certificate files when communicating over the building control network, as indicated at block 48.
The illustrative method 50 includes automatically identifying matching first and second ones of the plurality of digital certificate files for each of the plurality of building control devices by matching the pattern in the file name of the matching first and second ones of the plurality of digital certificate files with the unique identifier of the respective one of the plurality of building control devices, as indicated at block 52. The matching first and second ones of the plurality of digital certificate files are batch uploaded to the respective one of the plurality of building control devices for subsequent use by the respective one of the plurality of building control devices when communicating over the building control network, as indicated at block 54. In some instances, the first of the plurality of digital certificate files include a digital certificate that includes a user certificate for the respective building control device, and the second of the plurality of digital certificate files include a digital certificate that includes a private key for the respective building control device.
One or more additional network configuration parameters may also be uploaded to one or more of the plurality of building control devices for subsequent use by the one or more of the plurality of building control devices when communicating over the building control network. In some cases, the one or more additional network configuration parameters may include one or more of security type (e.g. WPA2 Enterprise), WiFi SSID name, EAP Type (e.g. TTL), Username, Password, and a root certificate file location, as indicated at block 66.
Having thus described several illustrative embodiments of the present disclosure, those of skill in the art will readily appreciate that yet other embodiments may be made and used within the scope of the claims hereto attached. It will be understood, however, that this disclosure is, in many respects, only illustrative. Changes may be made in details, particularly in matters of shape, size, arrangement of parts, and exclusion and order of steps, without exceeding the scope of the disclosure. The disclosure's scope is, of course, defined in the language in which the appended claims are expressed.
| Number | Date | Country | Kind |
|---|---|---|---|
| 202311054849 | Aug 2023 | IN | national |
