Internet enabled appliance command structure

BACKGROUND OF THE INVENTION

The present invention relates to home appliances such as refrigerators, dishwashers, and air conditioners. In particular, the present invention relates to a command structure that provides communication between network enabled appliances.

Appliances of the past were stand alone devices, operating on their own without cooperation between or communication among other devices. As a result (as one example) great expenditures of time and effort by repair personnel were required to diagnose problems in an appliance and to take corrective action. As another example, the current and proper operation of an appliance generally could not be determined without being physically present at the appliance. Thus, for example, whether or not the gas burner in a stove had been left on could not be determined without physical inspection.

A need has long existed in the industry for an Internet enabled appliance command structure that addresses the problems noted above and others previously experienced.

U.S. Pat. No. 5,909,183 (Borgstahl et al., filed Dec. 26, 1996, the “'183 Patent”) describes an interactive appliance remote controller, system and method.

FIG. 3

shows appliances such as a television, radio, CD player, copier, telephone and watch.

FIG. 6

shows that the appliances are addressed by an authorization process and that a connection with an appliance may begin by sending a need and capability messages that include code identifying various operations (FIGS.

7

and

8

), such as appliance personalization, hard copy, visual image, audio, financial transactions and lock/unlock. If the needs and capabilities match, connection to the appliance is made by a process shown in FIG.

10

. An appliance control program is uploaded to the appliance and control data is receive by a service receiving appliance over a service connection (Col. 10, lines 52-59). The appliance is then controlled.

FIG. 2

illustrates a controller for the appliance, and

FIGS. 20-25

describe setting of a remote controller for an appliance (Col. 16, lines 15-17).

FIG. 21

illustrates a sequence of data exchange messages between a controller and an appliance. The appliance sends a set of commands/actions it can perform at the behest of the controller (Col. 16, lines 45-50).

Although the '183 Patent describes control of an appliance based on a control program and data related to various operations identified by code, the Patent does not teach or suggest any data structure for accomplishing the stated goals. The preferred embodiment of the present invention overcomes this problem by including a command structure that facilitates appliance control via the Internet.

U.S. Pat. No. 6,229,433 B1 (Rye et al., filed Jul. 30, 1999) and U.S. Pat. No. 6,121,593 (Mansbery et al., filed Aug. 19, 1998) describe control of an appliance over an AC power line. U.S. Pat. No. 6,243,772 B1 (Ghori et al., filed Jan. 31, 1997) describes coupling of a personal computer with an appliance unit via a wireless communication link. U.S. Pat. No. 6,041,346 (Chen et al., filed Oct. 17, 1997) describes upgrading an internet appliance (FIG.

4

). An appliance security system is described in U.S. Pat. No. 5,898,831. However, none of these patents cure the deficiencies of the '183 Patent.

SUMMARY OF THE INVENTION

The preferred apparatus embodiment of the invention is useful for controlling an appliance. In such an environment, the preferred embodiment comprises a source of command fields for the appliance. The command fields include context subfields defining operating modes and command subfields defining operations to be performed within the context subfields. A network transmits the command fields between the source and the appliance. A controller processes the command fields so that an operation defined by one of the command subfields is performed.

The preferred method embodiment of the invention also is useful for controlling an appliance. In such an environment, the preferred embodiment comprises transmitting command fields for the appliance. The command fields include context subfields defining operating modes and command subfields defining operations to be performed within the context subfields. The command fields are processed so that an operation defined by one of the command subfields is performed.

By using the foregoing techniques, appliances may be controlled with a degree of sophistication, ease and economy previously unattainable.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1

illustrates an appliance communication network.

FIG. 2

shows a command frame for communicating over the appliance network.

FIG. 3

depicts a command frame with extended fields.

FIG. 4

illustrates a command frame with a subdivided CMD field for User Community, Field, and Command.

FIG. 5

shows a command structure for a refrigerator.

FIG. 6

shows Fields and Commands for a refrigerator command structure.

FIG. 7

shows a command structure for a dishwasher

FIG. 8

illustrates a command structure for a home laundry washer.

FIG. 9

illustrates a command structure for a home laundry dryer.

FIG. 10

depicts a command structure for an Advantium™ microwave oven.

FIG. 11

shows a command structure for an air conditioner.

FIG. 12

illustrates a command structure for a range.

FIG. 13

illustrates a command structure for a wall oven.

FIG. 14

depicts a command structure for a range counter unit.

FIG. 15

shows a command structure for a water softener.

FIG. 16

illustrates a command structure for a water filter.

FIG. 17

depicts a command structure for a water heater.

FIG. 18

shows an example of context switch authentication.

FIG. 19

shows an example of an appliance communication controller.

FIG. 20

illustrates a system for remote appliance monitoring, control, and diagnosis using an Embedded Cryptographic Device (ECD).

FIG. 21

illustrates a flow diagram of the cryptographic algorithm used to generate an authentication word.

FIG. 22

shows a flow diagram of modifying a secret keying variable K using a master secret keying variable, MK.

FIG. 23

illustrates a flow diagram of the authentication process.

DETAILED DESCRIPTION OF THE INVENTION

Turning to

FIG. 1

, that figure illustrates an appliance network

100

including a range or oven

102

, a microwave

104

, an air conditioner

106

, and a refrigerator

108

. As an example, the oven

102

connects through a serial bus

110

to an Appliance Communication Controller (ACC)

112

. The ACC

112

connects to and communicates over the power line

114

to the ACC

116

. The ACC

116

, in turn, connects to an Internet gateway

118

, such as that provided by a laptop or desktop computer (e.g., through a modem dial-up, T1 line, and the like). Gateway

118

connects through a network

119

, such as the Internet, to a central facility

2010

that is shown in more detail in FIG.

20

. Facility

2010

is located remotely from the appliances and includes a central processing unit (CPU)

2015

, a communication interface

2030

and a memory

2016

connected as shown. The applicant network

100

also includes a bar code scanner

120

that provides additional input flexibility. As will be described in more detail below, the appliance network

100

provides a command structure for secure bidirectional communication of appliance related data over a public access network. The command structure includes extendable addressing and commands, identifiers to ensure connection to the correct appliance, and support for context sensitive commands. The command structure may be stored in memory

2016

or the appliances. Alternatively, a portion of the command structure may be stored in the appliances and a portion of the command structure may be stored in memory

2016

.

The command structure may be used over any multidrop network including Ethernet over 10 base T, power line carrier, RS422, and the like. The preferred embodiment uses a power line carrier. Power line carrier communication modules are manufactured, for example, by Domosys.

Turning next to

FIG. 2

, that figure shows a command frame

200

divided into multiple fields.

FIG. 2

shows each field name, and the number of bits for each field. The fields are as follows:

STX—8 bits—Start of Transmission (the preferred pattern is 0×02).

RX ADD—16 bits—Receiver address. RX ADD is a 16 bit extendable field. 256 values of the 65536 possible values are reserved for broadcast and extension addresses. The address 00FF is reserved for broadcast messages. Other addresses ending in FF translate the address field to the extended field as explained below.

TX ADD—16 bits—Transmitter address. TX ADD is a 16 bit extendable field. 256 values of the 65536 possible values are reserved for extension addresses. Extension addresses end in FF and translate the address field to the extended field.

NUM BYTES—16 bits—Number of Bytes. NUM BYTES gives the number of bytes that follows in the command frame, excluding the ETX bits. Thus, messages sizes may be as large as 65536+ETX+TX ADD+RX ADD+STX bytes.

CMD—16 bits—CMD defines the command to be issued to the appliance. This is a 16 bit extendable field. 256 values of the 65536 possible values are reserved for extension addresses. Extension addresses end in FF and translate the address field to the extended field. As explained in more detail below, this field may contain a context switch command as well as control commands.

MFG—16 bits—MFG defines the manufacturer of the appliance. This is a 16 bit extendable field. 256 values of the 65536 possible values are reserved for extension addresses. Extension addresses end in FF and translate the address field to the extended field.

APPL TYPE—16 bits—APPL TYPE is the appliance type field and defines the type of appliance which participates in context switching. APPL TYPE is a 16 bit extendable field. 256 values of the 65536 possible values are reserved for extension addresses. Extension addresses end in FF and translate the address field to the extended field.

DATA—variable bits—The DATA field is typically used in conjunction with the CMD field. As examples, the DATA field may include encryption, display data, software updates, diagnostic commands, remote control access, and the like.

CRC—12 bits—The CRC field provides a 12 bit cyclic redundancy check computed over all bytes of the data packet except for the STX and ETX bytes, and the CRC field itself.

ETX—8 bits—ETX provides an End-of-Transmission character, preferably 0×03.

As noted above, several of the command frame fields are extendable. Field extension allows increasing a selected field in increments of 8 bits. Thus, for example, a 16 bit field may be extended to a 24 bit field. If it is determined that more than 24 bits are needed, then the 24 bit field may be extended to a 32 bit field, and so on.

FIG. 3

shows an example of a command frame

300

that extends the RX address field

302

to a 24 bit field. As shown, the RX address field holds the address 14FC12. The command frame also shows the TX address field

304

extended to 32 bits and holding the address 123EC254.

Note, however, that alternative command frames may be used, such as the CEBus™ command frame.

Each appliance may support one or more contexts. Contexts define a current mode of operation for the appliance, and thus may be used to accept or reject certain commands that are valid only in certain contexts. The contexts may include, as examples:

Service and Technology using local access, which includes commands directed by appliance field service technicians working within the home, and manufacturer engineering community developing products in their laboratories.

Service and Technology using remote access, which includes commands directed by appliance manufacturers product service organizations accessing remotely via the internet. Such access would be restricted from certain functionality, such as activating a burner on a cook-top

Manufacturing, which includes commands directed by the appliance manufacturer on the factory floor for diagnostic testing, calibration, writing configuration parameters, etc. This community could also be used by the manufacturer to download new firmware to the appliances after they are already installed in the field.

Sales & Marketing, which includes commands directed by dealers on the showroom floor to demonstrate features to potential customers without necessarily activating all the loads. For instance, all the features of a microwave could be activated without actually turning on the magnetron.

Customer & Consumer Local Access, which includes commands directed by the product owner, or anyone granted access by the product owner, when that person(s) has access to the product in his immediate vicinity (i.e. access directly through the power line).

Customer & Consumer Remote Access, which includes commands directed by the product owner, or anyone granted access by the product owner, when that person(s) does not have access to the product in his immediate vicinity (i.e. has to go over the internet). Such access would be restricted from certain functionality, such as activating a burner on a cook-top.

Other Appliances and Extensions, which includes commands directed by other appliances or products. Such as a dishwasher signaling a hot water heater that it is about to demand x gallons of water, or a clothes dryer signaling a TV that it has finished its cycle so the appropriate message can be displayed.

Security, which includes commands directed to changing the user community context.

Context selection, and the resulting additional control or access provided in a certain context, is controlled through encryption in the command frame

200

. For example, encrypted commands may be provided in the DATA field, as explained in the encryption section below.

In one implementation, context switching occurs as a result of a command that is not understood by the appliance or the ACC at the appliance or a command that is not allowed in the currently active context. When the appliance or the ACC receives a command that it does not understand or a command that is not allowed in the current context one of two responses preferably occur. In one embodiment the appliance or ACC will query the gateway or the server for a context switch. The gateway or server will determine if a context switch is allowed.

If the context switch request is valid then the server or gateway will determine if the context switch can be done locally (within the ACC) via a single command, within the LAN (from the gateway or server to the ACC) or across the internet. As an example, an Internet download may also be a fee based context switch. Such fee based context switches may be used for diagnostics, service, and other features for which a fee will be charged.

In general, each ACC will have a unique multi-bit address, including an 8-BIT extendable building identifier prefix, while an appliance will have a unique serial number and a model number. The ACC is cognizant of the appliances to which it is connected by communicating with the appliances, for example, to discover their serial number and model number. To switch contexts, an authorization string may be transmitted in the command frame

200

, e.g., API->Node Number “Request Community N” (INCL BLDG #). The appliance may then authenticate the message and reply “Authorized for community N” (INCL BLDG #) or “Authorization not recognized”. When authorization is available, the node may, for example, remain authorized for a predetermined time (e.g., 5 minutes).

Additional commands are provided for explicit Deauthorization, bus arbitration (e.g., where one node becomes bus master, another node is a slave, and all other nodes “hold off” the bus). A command may also be provided to turn Free hold off (i.e., release all nodes from the hold off state so that they can try to gain control of the bus via arbitration, where hold off is the term used to describe the condition of nodes which are inhibited from talking while the secure context switching transaction is completed), and for Authorization standby (i.e., the temporary mode used to describe the condition where request for authorization to switch to a new context has been submitted, but waiting back for the response from the authorizing entity).

Appliances receive command frames over the appliance network

100

and respond appropriately. To this end, the CMD field may be split into subfields as shown in FIG.

4

. Preferably, the CMD field includes a 4-bit User Community field, a 4-bit Field field, and an 8-bit Command field. The User Community specifies the highest level of the command structure, the Field field specifies a second level, and the Command field specifies the command within the User Community and Field to perform. Command structures may be stored in a memory in the appliance itself or the ACC connected to the appliance. Thus, for example, when an ACC receives a command from another device in the appliance network

100

, the command will be translated into an action for the appliance to perform.

FIG. 5

shows an exemplary command structure

500

for a refrigerator. The command structure

500

includes six User Communities (e.g., top level command hierarchies) generally designated

502

. The User Communities include Service & Technology, Manufacturing, Marketing & Sales, Customer & Consumer, Other Appliance Extensions, and Security & Home Marketing. Under each User Community

502

is a set of Fields or Commands

504

that may be included in each User Community. As an example, the Security & Home Monitoring User Community includes the Door Opening, Ice/Water Dispensing, and Door Open Too Long Fields/commands.

FIG. 6

illustrates a breakout

600

of exemplary Fields and commands under the Service & Technology User Community. Thus the refrigerator responds to commands that request information concerning Model & Serial Number; Date, Time, Last Service Date; Setup Conditions (a Field that includes Environmental condition commands to check the Water Supply pressure, hardness, cleanliness (turbidity), Ambient Temp & Humidity, Pollution, Rain/Flood, and Altitude); Pass-Fail Diagnostics including the Clock, Test of add-on modules (e.g., voice and barcode), User interface (e.g., Display and Input devices), Sensors, Controller (including RAM, ROM CRC, Output drivers (e.g., Relay checks), Heating elements (e.g., for defrost), Evaporation condenser, and crisper fans, Compressor, Evaporator, Door lock, Temperature calibration, Communication system, and the like.

Additional Fields and commands include the F-code status (i.e., the Fault condition), Abuse condition (e.g., line voltage, presence of unapproved parts), Remote control subsystem with feedback on action, including water dispenser on/off, ice dispenser on/off, scan keys, read keys, trip signature of safety devices, fresh food temp setting, freezer temp setting, sealed system test cycle (e.g., On for 10 minutes and watch for system response), add-on subsystem test (voice, barcode, and the like), Routine Maintenance of perishable hardware items including Status of cleanliness, Water filter status check (e.g., number of gallons & time since last change), Wiring information (e.g., Hot/Neutral reversed, open ground, and the like), Power outage information (e.g., via battery backed up real time clock), Usage profile (with time stamp) including Cycle counts, Cycle duration, Door open count & duration, Ice maker, water dispenser, Food load estimate, Profile of remote actuation by the User, Manufacturer, or Event driven, Food type estimate (e.g., via embedded bar code scanner or RF tag sensor), and Line voltage history.

The User Communities, Fields, and Commands are generally assigned binary identifiers that are subsequently used in the message frames. As an example, the CMD field may specify the Service and Technology User Community, the Remote Control Field, and the Command to turn on the water dispenser.

Command structures may be defined for many different appliances. For example,

FIG. 7

shows a command structure

700

for a dishwasher,

FIG. 8

illustrates a command structure

800

for a home laundry washer, and

FIG. 9

illustrates a command structure

900

for a home laundry dryer.

FIG. 10

depicts a command structure

1000

for an Advantium™ microwave oven,

FIG. 11

shows a command structure

1100

for a RAC (Room Air Conditioner, or a Zoneline™ unit (GE's tradename for Packaged Terminal Air Conditioners, the air conditioners typically used in motel and hotel rooms), and

FIG. 12

illustrates a command structure

1200

for a range.

FIG. 13

illustrates a command structure

1300

for a wall oven,

FIG. 14

depicts a command structure

1400

for a range counter unit.

FIG. 15

shows a command structure

1500

for a water softener,

FIG. 16

illustrates a command structure

1600

for a water filter, and

FIG. 17

depicts a command structure

1700

for a water heater.

Tables 1-24 below define exemplary Fields and functions for the User Communities defined for refrigerators, dishwashers, washers, dryers, microwave oven, RAC—Packaged Terminal Air Conditioner, range, wall oven, range, water softener, water filter, and water heater.

TABLE 1

User Community Service and Technology

Washer

Dryer

Dish-

(Laundry)

(Laundry)

washer

Refrigerator

Model & Serial

x

x

X

x

Number

Date, Time, Last

x

x

X

x

Service Date

Setup Conditions

x

x

X

x

Environmental

x

x

X

x

Conditions

Water Supply

x

X

x

pressure

x

X

x

hardness

x

X

x

cleanliness

x

X

x

(turbidity)

Ambient

x

x

X

x

Temperature and

Humidity

Pollution

X

x

Venting situation

x

Rain/Flood

X

x

Altitude

x

x

X

x

Pass Fail Diagnostics

x

x

X

x

Timer/Clock

x

x

X

x

Test of add-on

x

x

X

x

modules (voice and

barcode)

User Interface

x

x

X

x

Display

x

x

X

x

Input Devices

x

x

X

x

Sensors

x

x, moisture

x

x

Controller

x

x

x

x

RAM, ROM CRC

x

x

x

x

Output drivers (e.g.,

x

x

x

x

relay operation)

Heating Elements

x

x

x

Motors

x

x

x

Pump Motor &

x

Auxiliary Pump

Fill Valve

x

pump

x

water valves

x

detergent dispenser

x

Drain Solenoid

x

Detergent/rinse aid

x

dispense

Detergent Inject

x

Evaporation,

x

condenser, crisper fans

Compressor

x

Evaporator

x

Door Lock

x

x

x

x

Temperature

x

x

x

x

Calibration

Communication

x

x

x

x

System

F-Code Status

x

x

x

x

Abuse Condition

x

x

x

x

(voltage, unapproved

parts)

Remote Control

x

x

x

Subsystem with

feedback on action

motor speed and

x

x

direction

pump on/off

x

hot/cold water

x

valves

detergent dispenser

x

fill valve, pump (e.g.,

x

outlet pressure, float

switch)

drain valve (e.g.,

x

float switch)

heating element (e.g.,

x, on/off

x

temperature sensor)

trip signature of

x

safety devices

water dispenser on/

x

off

ice dispenser on/off

x

scan keys, read keys

x

x

x

x

trip signature of

x

x

x

safety devices

fresh food

x

temperature setting

freezer temperature

x

setting

fabric softener

x

dispenser

sealed system test

x

cycle (e.g., on 10

minutes)

add-on subsystem

x

x

x

x

test (e.g., voice,

barcode)

Routine Maintenance

x

of perishable hardware

items

status of cleanliness

x

water filter status

x

check (number of

gallons and time since

last change)

Wiring Information

x

x

Power outage

x

x

x

x

information

Operation records

x

x

(with time stamp)

Cycle Accountability

x

x

cycle duration

x

x

motor speed/

x

x

direction

door open count &

x

x

duration

fabric softener

x

dispense

hot/cold water

x

dispenser

pump on time

x

Average Drying Times

x

Software upgrades

x

x

Usage Profile (with

x

x

time stamp)

cycle counts

x

x

cycle duration

x

x

door open count and

x

x

duration

valve operation time

x

pump operation time

x

drain operation time

x

ice maker, water

x

dispenser

food load estimate

x

profile of remote

x

x

x

x

actuation

user

x

x

x

x

manufacturer

x

x

x

x

event driven

x

x

x

x

Average soil level

x

estimate

Food type estimate

x

Line Voltage History

x

x

x

x

TABLE 2

User Community Manufacturing

Washer

Dryer

Dish-

Refrig-

(Laundry)

(Laundry)

washer

erator

Subsystem

x

x

x

Diagnostics

compressor on/off

x

and RPM

fabric softener

x

dispenser on/off

fabric softener level

x

air temperature

x

sensor

moisture sensor

x

heating element on/

x

off

motor RPM,

x

x

direction, winding

temp

pump on/off current

x

water valves on/off

x

detergent dispenser

x

on/off

detergent level

x

water temperature

x

add-on option self

x

test

door interlock test

x

x

out-of-balance

x

detector

pump on/off and

x

RPM

heater element on/

x

off, measure

temperature, current

blower on/off

x

soil detectors

x

defrost heater on/off,

x

measure temperature,

current

fans(s) on/off and

x

RPMs

evaporator and

x

condenser temperature

refrigerant and air

x

flow rates

odor detectors

x

water valve functions

x

x

control relay

x

x

diagnostics

add-on options self

x

x

x

test

door interlock test

x

x

x

histories of

x

x

x

x

diagnostics for n days

Calibration -

x

x,

x,

x, FF and

temperature sensors,

moisture

humidity

FZ

motor torque

Use and Care

x

x

x

x

initialization

x

x

x

x

date of manufacturer

x

x

x

x

serial number,

x

x

x

x

model number, and

sku number

revision code

x

x

x

x

option codes/

x

x

x

x

upgrade dates

Agency test/repair

x

x

x

x

record

result of high pot,

x

x

x

and the like.

repair data

x

x

x

x

TABLE 3

User Community Sales and Marketing

Washer

Dryer

Refrig-

(Laundry)

(Laundry)

Dishwasher

erator

Showroom mode

x

x

x

x

full functionality

x,

x,

x, without

x, without

without

without

water

cooling

water

heat

motor operation

x

x

door solenoid

x

x

pump on/off

x

brake

x

pump on & off

x

(noise demo)

control cycle

x

settings

system/compressor

x

on/off

door open/close

x

quick chill drawer

x

lights/fan

temp settings (FF

x

and FZ)

demo communication

x

x

x

x

with other appliances

remote notification

x

x

x

x

via TV, PDA, cell

phone and the like

functionality of add-

x

x

x

x

on devices

barcode scanner

x

x,

x, food

detergent,

content

rinse aid

type

child lockout

x

x

x

x

function

remote lockout

x

x

x

x

remote read of

x

x

x

x

appliance status

automatic

x

x

x

x

registration

warranty

x

x

x

x

Sign-up for services

x

x

sign-up for automatic

x,

x, water,

appliance consumable

detergent

odor,

service:

freshness

filters

Post sales

x

x

consumer reminder

x

x

(e.g., for filters or

detergent)

Advertisements

x

x

new add-ons

x

x

new features

x

x

co-branding

x

x

Firmware upgrades

x

x

x

x

new feature

x

x

x

x

integration of

x

x

x

x

additional add-ons

security upgrade

x

x

x

x

support of additional

x

x

x

x

communication

mediums

additional event

x

x

x

x

integration

TABLE 4

User Community Customer and Consumer

Washer

Dryer

Dish-

(Laundry)

(Laundry)

washer

Refrigerator

Standard Operation

x

x

x

x

soil level select 1:

auto (soil level

x

detect)

saniwash

x

pots and pans

x

normal

x

light

x

china

x

rinse only

x

fresh food

x

temperature

freezer temperature

x

run manual (set

x

temp, speed)

run auto

x

cottons

x

perm press

x

delicates

x

softener/anti-static

x

dispense

defrost cycle

x

fill (hot, cold, warm)

x

dispense detergent

x

agitate, multi-speed

x

drain

x

spin, multi-speed

x

timer operation

x

x

lockout of function

x

x

x

Sabbath mode

x

perishable food

x

tracking (e.g., time

tracking of meat, milk,

eggs, and the like)

delayed start

x

start with door

x

interlock check-

Options

x

hi temp rinse

x

hi temp wash

x

heated dry

x

Extended Operation

x

x

re-calibration

x

x

self diagnosis and

x

x

status

use of upgraded

x

x

firmware

use of passive/

x

active event triggers

multilingual

x

Remote Operation

x

x

x

x

download new

x

x

x

x

firmware

trigger of events

x

x

x

x

signal message to

x

x

x

x

TV

activate display

x

x

x

x

upon entering room

notification of

x

x

x

x

power failure

remote status

x

x

x

x

request

remote shutdown

x

x

x

x

remote lockout

x

x

x

remote request for

x

x

x

x

service

remote alarm trigger

x

x

x

x

if armed

multilingual

x

x

x

x

Service

x

x

x

x

service request based

x

x

x

x

on status

replacement of

x

x

x

x

consumable items

link into remote

x

x

x

x

factory diagnostics

operations of add-ons

x

x

x

x

being enabled

barcode scanner

x

x

x

x

upgrade

link into kitchen

x

x

x

x

helper

display use and care

x

x

x

x

instructions

pay-by-use feature

x

x

x

x

reminders

x

x

x

x

recalibration

x

x

x

x

use optimization

x

x

x

x

adjustments due to

x

x

x

x

use profile

Customer (fleet

x

x

x

x

operator)

usage profiles

x

x

x

x

cycle profiles

x

x

x

x

wear patterns

x

x

abuse attempts and

x

x

x

x

notifications

remote shutdown

x

x

x

x

based on event

remote temperature

x

settings (FF and FZ)

performance monitor

x

peak energy

x

x

x

x

management

condenser cleanliness

x

monitor

low compressor run

x

watts (leakage)

high compressor run

x

watts (restriction)

Commercial

x

x

operation records

x

x

remote diagnostics

x

x

service

x

x

central fee collection

x

x

online price changes

x

x

by time of day,

promotion, and the

like

statistical data

x

x

collection

all smart card

x

x

operations

TABLE 5

User Community Appliances & Extensions

Washer

Dryer

Dish-

(Laundry)

(Laundry)

washer

Refrigerator

Events

x

x

remote notification

x

x

fault notification

x

x

end of cycle

x

end of quick chill

x

cycle

power sharing

x

x

notification

internal to appliance

x

x

to other appliances

x

x

from other

x

x

appliances

power line fault

x

x

notification

outage, under/over

x

x

voltage, frequency,

quality

remote setting

x

x

soil level

x

options

x

delayed start

x

FF temperature

x

FZ temperature

x

quick chill on/off

x

Add-ons (e.g.,

x

x

barcode scanner, scale,

magnetic strip smart

card reader for

additional recipes and

ability to link into

home helper,

microphone)

message passing

x

x

recognition of add-

x

x

on

pass information

x

x

to API

receive request for

x

x

information from API

scan

x

x

software revision

x

x

bar code firmware

x

x

upgrade

fault code alert

x

x

Save user configurable

x

x

setting when power is

interrupted

TABLE 6

User Community Security & Home Monitoring

Washer

Dryer

(Laundry)

(Laundry)

Dishwasher

Refrigerator

Door opening

x

x

Water on too long

x

without float switch

activation

Temperature not in

x

regulation

Ice/Water dispense

x

Door open too long

x

TABLE 7

User Community Service and Technology

Water

Water

Softener

Heater

Model & Serial

x

Number

Date, Time, last

service date

Control Software

version number

SR Code

x

Fault Codes

x

Daily water usage

x

database, including

hardness leakage

Unit settings,

x

incoming water

hardness, incoming

iron, days per

regeneration flag

I/O diagnostic routines

x

turbine input

x

clock motor on/off

x

keypad

x

display

x

salt level sensor

x

Link into remote

x

factory diagnostics

Display of use and

x

care info to help setup

Demand prediction of

x

water usage, for water

heater set-back

Set clock from other

x

appliance or Internet

Active Control of

x

current on anode rod

to extend life of water

heater

switching to one of

x

several resistor values

based on water

conductivity

auto switch to soft

x

water resistor setting if

softener is installed

Detection of end of

x

life of anode rod

Predictive water

x

heating data input

from water heater

hot water orders

x

placed by clothes

washer, dishwasher

(immediate and

delayed start), to

optimize heating cycle,

delay to power share

or push to off-peak

hour usage

Vacation mode setting

x

High usage boost heat

x

setting

Power sharing

x

Flood detection and

x

shut down

TABLE 8

User Community Manufacturing

Water

Softener

Subsystem

x

Diagnostics

clock motor

x

clock

x

display

x

power-off memory

x

annunciator

x

programming

x

keypad

x

turbine

x

salt level sensor

x

Calibration

x

salt level sensor

x

Use and Care

x

initialization

x

date of manufacturer

x

serial number,

x

model number, and

sku number

revision code

x

option codes/

x

upgrade dates

repair data

x

TABLE 9

User Community Sales and Marketing

Water

Water

Softener

Heater

Showroom mode

x

demo

x

communication to

other appliances

demo water circuit

x

breaker operation

demo programming

x

mode

demo display of

x

water usage, average

gallons/day, flow

rate, average salt

efficiency/rise water

efficiency.

Automatic registration

x

x

warranty

x

Sign-up for services

x

sign-up for automatic

x

appliance consumable

service (e.g., salt or

“Iron Out”)

Post Sales

x

Firmware upgrades

x

new features (e.g.,

x

salt efficiency

algorithms)

bug corrections

x

support for other

x

communication

mediums

Post sales

x

consumer reminder

x

(e.g., for salt or iron

out)

At end of life

Advertise

x

Repurchase

x

TABLE 10

User Community Customer and Consumer

Water

Softener

Status/Control panel

x

on unit

x

on TV

x

on wall-mounted

x

water products status/

control panel

Status/display

x

elements

display how much

x

salt is left in unit

salt low signal

x

auto order salt

x

flood detection signal

x

remote control of

x

water shut-off valve

self-diagnostics

x

multilingual

x

notification of power

x

out

TABLE 11

User Community Appliances & Extensions

Water

Water

Softener

Heater

Security system

x

x, water

interface - water flood

leak on

event

water

heater

water circuit breaker

x

Advertisements

x

new add-ons

x

new features

x

co-branding

x

Smart Water Control/

x

status panel interface

vacation mode

x

setting

TABLE 12

User Community Security & Home Monitoring

Water

Softener

Water flow in vacation

x

mode

Timed overflow level

x

(too much water for

too long)

Temperature out of

x

control

Water filtration products and water heaters have commands similar to those of the other water products (e.g., the water softener) except that the Customer & Consumer User Community includes recipe download commands that determine amounts of cold, hot, or tap water to dispense, as measured in tablespoon, cups, quarts and the like). In addition, the Sales & Marketing User Community instructions include automatically signing up for water filter deliveries and filter change reminders.

TABLE 13

User Community Service and Technology

Speedcook,

Wall

SI/DI, Free

Advantium ™

Counter

Oven

standing

Microwave

unit

Model & Serial

x

x

x

x

Number

Date, Time, Last

x

x

x

x

Service Date

Control software

x

version number

Setup Conditions

x

x

x

environmental

x

x

x

x

conditions

balance/levelness

x

x

x

humidity

x

x

x, current,

x

min, max

power (voltage,

x

x

x, line

x

current)

voltage

downstream

from fuse,

line current

AC line connection

x

(L1, N, Gnd)

ambient temperature

x

x

x, current,

x

min, max

altitude

x

x

x

x

Machine status

x

interlock upper

x

(closed/open)

interlock lower

x

(closed/open)

door status (open/

x

closed)

turntable status (on/

x

off)

model I.D. (keytail)

x

F-code status (last,

x

history)

Pass Fail Diagnostics

x

x

x

x

clock

x

x

detect failed light

x

x

x

x, and

bulb

radiant

elements

(e.g.,

LEDs)

relay driver

x

lamps - optical

x

cooling fans (current

x

or TC)

stirrer motor (RF)

x

HVT secondary

x

(current)

oven temperature

x

calibration (RTD)

test of add-on

x

x

modules (e.g., voice,

bar code)

user interface

x

x

x

display

x

x

x

input devices

x

x

x

controller

x

x

x

x

RAM, ROM CRC

x

x

x

x

output drivers

x

x

x, e.g., relay

x

driver

heating elements

x

x

x

lamps - optical

x

x, radiant

elements

cooling fans (current

x

or TC)

oven temperature

x

calibration (RTD)

detect faulty light

x

bulb

stirrer motor (RF)

x

HVT secondary

x

(current)

convection fan

x

x

door lock

x

x

temperature

x

x

x

calibration

communication

x

x

x

system

F-code status

x

x

x

Abuse Condition

x

x

x

(voltage, unapproved

parts)

Wiring Information

x

x (e.g.,

x

polarity)

Remote control

x

x

commands

report environment

x

report display/beep

x

remote program

x

feature

report humidity

x

sensor

report thermal sensor

x

report keys

x

report power

x

local beep signal

x

add-on subsystem

x

(e.g., voice, barcode,

and the like)

report internal

x

command

local message (e.g.,

x

“Please Wait”)

Power Outage

x

x

x

Information

Remote control

x

x

x

subsystem with

feedback on action

turn heater on/off,

x

x

x

read temperature

turn fan on/off, read

x

x

x

temperature

scan keys, read keys

x

x

x

trip signature of

x

x

x

safety devices

pre-heat

x

gas ignition system

x

x

check

pan size, type,

x

x

x

presence

circuit check

x

buzzer test

x

x

x

add-on subsystem

x

x

x

test (e.g., voice

barcode)

Routine Maintenance

x

x

x

of hardware perishable

items

charcoal filter

x

status of cleanliness

x

x

self clean filter status

x

x

check

Usage Profile (with

x

x

x

time stamp)

cycle accountability

x

x

x

cycle duration

x

x

x

burner usage count

x

door open count

x

x

food load estimate

x

x

x

profile of remote

x

x

x

actuation

user

x

x

x

manufacturer

x

x

x

event driven

x

x

x

Food type estimate

x

x

x

Feature “play” meter

x

Power level “play”

x

meter

Magnetron

x

accumulated on-time

Power Cycle count

x

HVT

x

Convection heater

x

Halogen lamps

x

Door open/close

x

count

TABLE 14

User Community Manufacturing

Speedcook,

Wall

SI/DI, free

Advantium ™

Counter

Oven

standing

Microwave

unit

Subsystem diagnostics

x

x

x

x

heater on/off,

x

x

x

measure temperature,

current, and gas flow

halogen lamp on/off

x

fan on/off

x

x

x

magnetron check

x

x, temp,

current

clock, control, relay

x

x

x

x

diagnostics

add-on options self

x

x

x

x

test

door interlock test

x

x

x

Calibration

x

x

x

x

sensors (e.g.,

x

x

x, light,

x

temperature, bake,

humidity

broil elements)

features, including

x

x

x

pan size detect

Use & Care

x

x

x

x

initialization

x

x

x

x

date of manufacturer

x

x

x

x

serial number, model

x

x

x

x

number, sku number

revision code

x

x

x

x

option codes,

x

x

x

x

upgrade dates

Agency test/repair

x

x

x

x

record

results of high pot

x

x

x

x

repair data

x

x

x

x

TABLE 15

User Community Sales and Marketing

Speed-

cook,

SI/DI,

free-

Advantium ™

Counter

Wall Oven

standing

Microwave

unit

Showroom mode

x

x

x

x

full functionality

x, without

x

x, without

x, without

element

thermal/RF

element

activation

activation

bake on/off

x

x

broil on/off

x

x

time delay

x

x

x

temperature set

x

x

x

recipe download

x

x

x

x

demo communication

x

x

x

x

with other appliances

remote notification

x

x

x

x

through TV, palm

pilot, cell phone,

beeper of cooking

completion

set clock from other

x

x

x

x

appliance

functionality of add-

x

x

x

x

on devices

barcode scanner,

x

x

x

x

recipe

child lockout

x

x

x

function

remote lockout

x

x

x

x

remote read of

x

x

x

x

appliance status

automatic

x

x

x

x

registration

warranty

x

x

x

x

Sign-up for services

x

x

x

x

monthly recipe

x

x

x

sign-up for automatic

x

x

x

x

appliance consumable

service

Post Sales

x

x

x

x

consumer reminder,

x

x

x

x

for example, for filters

Advertisements

x

x

x

x

new add-ons

x

x

x

x

new features

x

x

x

x

co-branding

x

x

x

x

Firmware Upgrades

x

x

x

x

new recipe

x

x

x

x

new feature

x

x

x

x

integration of

x

x

x

x

additional add-ons

bug correction

x

x

x

x

security upgrade

x

x

x

x

support of other

x

x

x

x

communication

mediums

additional event

x

x

x

x

integration

TABLE 16

User Community Customer and Consumer

Speedcook,

Wall

SI/DI, free

Advantium ™

Counter

Oven

standing

Microwave

unit

Standard Operation

x

x

x

bake

x

x

broil

x

x

speedbake,

x

speedbroil

selfclean

x

x

proofing

x

x

dehydration

x

x

cook and hold, may

x,

also specify minimum

temperature, e.g.,

170° F.

self-clean and timed

x

self-clean

Delay start, cook and

x

hold (minimum

temperature)

timed and non-timed

x

x

x

operation

set clock, kitchen

x

x

x

timer

favorite recipe

x

x

x

lockout of function

x

x

x

24 hour override

x

x

x

Sabbath mode

x

x

x

surface unit

x

x

power regulation

x

x

boil detect, boil dry

x

x

detect, pan presence

detect

pansize detect

x

x, and pan

presence

Extended operation

x

x

x

x

re-calibration

x

x

x

x

self diagnostics and

x

x

x

x

status

use of upgraded

x

x

x

x

firmware

use of downloaded

x

x

x

x

recipes

use of passive or

x

x

x

x

active event triggers

multilingual

x

x

x

x

instructions

Remote operation

x

x

x

x

download

x

x

x

x

new recipe

x

x

x

x

new firmware

x

x

x

x

trigger of events

x

x

x

x

signal message to

x

x

x

x

TV or other device

that preheat is done

activate display

x

x

x

x

upon person entering

room

receive latest clock

x

x

x

x

information

notification of

x

x

x

x

power failure

remote status request

x

x

x

x

remote shutdown

x

x

x

x

remote lockout

x

x

x

remote request for

x

x

x

x

service

remote alarm trigger

x

x

x

x

if armed

multilingual

x

x

x

x

Service

x

x

x

x

service request based

x

x

x

x

on status

replacement of

x

x

x

x

consumable items

link into remote

x

x

x

x

factory diagnostics

operations of add-ons

x

x

x

x

being enabled

barcode scanner

x

x

x

x

upgrade

link into kitchen

x

x

x

x

helper

display use and care

x

x

x

x

pay-by-use feature

x

x

x

x

reminders

x

x

x

x

Self Clean

x

x

x

Recalibration

x

x

x

Use Optimization

x

x

x

Adjustments for

x

x

x

altitude

Adjustments due to

x

x

x

use profile

Save setting when

x

x

power fails

Customer (fleet

x

x

x

operator)

usage profiles

x

x

x

cycle profiles

x

x

x

wear patterns

x

x

x

abuse attempts and

x

x

x

notification

remote shutdown

x

x

x

based on events

remote enable

x

x

x

time of day/special

x

x

x

pricing

coin box

x

accountability

TABLE 17

User Community Appliances & Extensions

Speedcook,

Wall

SI/DI, Free

Advantium ™

Counter

Oven

standing

Microwave

Unit

Events

x

x

x

x

remote notification

x

x

x

x

fault notification

x

x

x

x

end of cycle

x

x

x

x

power sharing

x

x

x

x

notification

internal to appliance

x

x

x

x

to other appliances

x

x

x

x

from other

x

x

x

x

appliances

power line fault

x

x

x

x

notifications

outage, under, over,

x

x

x

x

frequency, quality

gas pressure

x

x

x

remote setting

x

x

x

x

clock

x

x

x

x

Add-ons (e.g., barcode

x

x

x

x

scanner, scale,

magnetic strip smart

card reader for

additional recipes and

ability to link into

“home helper”.

message passing

x

x

x

x

recognition of add-

x

x

x

x

on

pass information to

x

x

x

API

receive request for

x

x

x

x

information from API

scan

x

x

x

x

software revision

x

x

x

x

bar code firmware

x

x

x

x

upgrade

fault code alert

x

x

x

x

save user

x

x

x

configurable setting

when power is

interrupted

TABLE 18

User Community Security & Home Monitoring

Speedcook,

Wall

SI/DI, Free

Advantium ™

Counter

Oven

standing

Microwave

Unit

Temperature too high -

x

x

x

door or surface

Door opening

x

x

x

Cooking elements left

x

x

x, magnetron

x

on

or lights

Flame/smoke detect

x

TABLE 19

User Community Service and Technology

RAC/

Zoneline/

Built in

Model & Serial

x

Number

Date, Time, Last

x

Service Date

Control software

x

version number

Setup Conditions

x

environmental

x

conditions

temperatures

x

indoor coil

x

(refrigerant)

outdoor coil

x

(refrigerant)

indoor air

x

outdoor air

x

setpoint

x

pressures

x

indoor coil

x

(refrigerant)

outdoor coil

x

(refrigerant)

compressor suction

x

(refrigerant)

compressor

x

discharge (refrigerant)

humidity

x

indoor humidity

x

outdoor humidity

x

altitude

x

incoming line

x

voltage

incoming line current

x

AC line connection

x

(L1, N, Gnd)

Power outage history

x

Machine Status

x

compressor data

x

run hours

x

number of starts

x

current

x

voltage

x

indoor fan data

x

run hours

x

current

x

voltage

x

motor temperature

x

outdoor fan data

x

run hours

x

current

x

voltage

x

motor temperature

x

fault code status (last/

x

history)

outdoor air intake

x

status

heater element status

x

temperature

x

current

x

voltage

x

heater safety status

x

(open/closed)

dip switch status (up/

x

down)

remote mode status

x

Pass fail diagnostics

x

controller self test

x

RAM test/ROM

x

checksum

relay driver

x

heating elements

x

(current)

evaporator fans

x

(current or TC)

condenser fans

x

(current or TC)

compressor (voltage/

x

current)

Remote control

x

commands

report environment

x

report equipment

x

status

report humidity

x

sensors

report thermal

x

sensors

report remote

x

COMM connection

report power

x

report internal

x

command

local message (e.g.,

x

“Please wait”)

local beep signal

x

add-on subsystem

x

(e.g., voice, barcode)

Routine Maintenance

x

of serviceable items

air filter status

x

refrigerant filter

x

status

refrigerant status

x

Comm protocol

x

compatibility

TABLE 20

User Community Manufacturing

RAC/

Zoneline/

Subsystem diagnostics

Built in

sealed system

x

(compressor), measure

temperature

heating elements

x

motors, fans/

x

blowers

communication

x

system

Calibration

x

temperature sensors

x

(indoor, outdoor, coil)

humidity sensors

x

(indoor, outdoor)

altitude sensor

x

Use and Care

x

initialization

x

date of manufacture

x

serial number, model

x

number, sku number

revision code

x

option codes/

x

upgrade dates

Agency test/repair

x

record

results of high pot

x

repair data

x

TABLE 21

User Community Sales and Marketing

RAC/Zoneline/

Built in

Showroom mode

x

full functionality

x, without

thermal/RF

activation

demo communication

x

with other appliances

remote notification

x

through TV, palm

pilot, cell phone,

beeper of cooking

completion

functionality of add-

x

on devices

remote lockout

x

remote read of

x

appliance status

automatic

x

registration

warranty

x

Sign-up for services

x

warranty

x

service contract

x

sign-up for automatic

x

appliance consumable

service

Post Sales

x

consumer reminder,

x

for example, for filters

warranty

x

service contract

x

Advertisements

x

new add-ons

x

new features

x

co-branding

x

Firmware Upgrades

x

new feature

x

integration of

x

additional add-ons

bug correction

x

security upgrade

x

support of other

x

communication

mediums

additional event

x

integration

TABLE 22

User Community Customer and Consumer

RAC/

Zoneline/

Built in

Extended operation

x

re-calibration

x

self diagnostics and

x

status

use of upgraded

x

firmware

use of downloaded

x

recipes

use of passive or

x

active event triggers

multilingual

x

instructions

Remote operation

x

download

x

new recipe

x

new firmware

x

trigger of events

x

signal message to

x

TV or other device

that preheat is done

activate display

x

upon person entering

room

receive latest clock

x

information

notification of

x

power failure

remote status request

x

remote shutdown

x

remote lockout

x

remote request for

x

service

remote alarm trigger

x

if armed

multilingual

x

Service

x

service request based

x

on status

replacement of

x

consumable items

link into remote

x

factory diagnostics

operations of add-ons

x

being enabled

barcode scanner

s

upgrade

link into kitchen

x

helper

display use and care

x

pay-by-use feature

x

reminders

x

TABLE 23

User Community Appliances & Extensions

RAC/

Zoneline/

Built ins

Events

x

remote notification

x

fault notification

x

power sharing

x

notification

internal to appliance

x

to other appliance/

x

equipment/BAS

controls

from other

x

appliances/equipment/

BAS Controls

power line fault

x

notifications

outage, under, over,

x

frequency

remote setting

x

clock

x

energy management

x

cycle (heating/

x

cooling)

setpoint temperature

x

Add ons, e.g., barcode

x

scanner, scale,

magnetic strip smart

card reader for EMS

programming and

ability to link into

“home helper”

message passing

x

recognition of add-

x

on

pass information to

x

API

receive request for

x

information from API

scan

x

software revision

x

bar code firmware

x

upgrade

fault code alert

x

TABLE 24

User Community Security & Home Monitoring

RAC/

Zoneline/

Built ins

Temperature out of

x

range

Motion Sensor

x

The User Community contexts may be the subject of context switches, as explained above. Thus, turning to

FIG. 18

, for example, an example of a service individual requesting Service and Technology access is presented. An appliance network

1802

is assumed, with the ACCs

1804

,

1806

,

1808

connected to the appliances

1810

and

1812

, and external network

1814

through the API

1816

(i.e., an Application Programming Interface) as shown. Initially, the API

1816

presents a Authentication message

1818

with 1024 byte encryption (as an example) for Local Service for the appliance

1810

. The ACC

1806

responds with the Services Authenticated message

1820

. Subsequently, the service individual, through the ACC

1804

, issues Service commands

1822

and

1824

(and others, as desired) to the appliance

1810

. Subsequently, when the service individual is finished, the ACC

1804

sends a Release Authentication message

1826

to the ACC

1806

. The ACC

1806

responds with a Authentication Released message

1828

.

As another example, assume that an oven is currently operating in a default user setting of Bake

375

. A request broadcast from a web source to a gateway may arrive with a request to upgrade firmware in the oven. The API on the gateway stores a list of applicable appliances in the local appliance network. The API proceeds to buffer the new firmware, validates the content, and acknowledges receipt. The API then requests a context switch on the oven for Sales and Marketing context (for firmware upgrades). In response, the oven confirms the context switch to the API (e.g., as explained above using encrypted command frames).

Subsequently, the API sends an initialization packet followed by a packetized data stream for the firmware. The ACC connected to the appliance acknowledges the packets and sends retransmission requests as required (e.g., due to lost or corrupted packets). The ACC may also compute an overall CRC and request API authentication. Upon receiving a responsive authentication from the API, the ACC may then request a context switch back to Consumer mode.

As shown above in

FIG. 1

, for example, ACCs provide the communication interface to the appliances

102

-

108

. Turning now to

FIG. 19

, that figure illustrates an exemplary implementation of an ACC

1900

. The ACC

1900

includes a communication controller CPU

1902

, modulator

1904

, and physical layer transceiver

1906

. In addition, the ACC

1900

includes several types of memory including a boot ROM

1902

, flash memories

1908

and

1910

, and pointer memory (e.g., RAM)

1912

and

1913

, and a boot ROM

1914

. A standard command interpreter

1916

and an extended command interpreter

1918

are provided to handle standard function calls (e.g., on, off, normal wash, and the like), while the extended command interpreter

1918

handles additional functions for customized operations (e.g., extended wash, double rinse, and the like). Encryption authentication is provided through the encryption hardware and or software

1920

. The modulator

1904

provides an interface for power line carrier, infra red, Ethernet, or other forms of communication interfaces.

Note that additional CPUs may be provided to specifically handle certain functions. Thus, an upgrade CPU

1922

may be later installed for faster or expanded functionality, a carrier CPU

1924

may be provided for optimized physical layer implementation of a power line or wireless network, and a communication CPU

1926

may be provided for performing the necessary data link and application layer functions of the chosen communication network. In particular, the communication CPU

1926

may interact with the communication control circuitry

1928

(which provides, for example, a serial interface (e.g., RS 232, GEA communication bus, and the like) to an appliance). In addition, Main Control Function circuitry

1930

is provided for performing the bridging between the external communication network (power line, wireless, etc.) and the internal GEA bus, as well as any additional feature content being provided by the ACC, such as downloadable, reprogrammable firmware capability, real time clock implementation, additional sensors (i.e. ambient temperature, humidity, etc.), or other I/O which may be desirable for a connected appliance but which is not normally present in the unconnected appliance.

FIG. 20

illustrates an exemplary system

2000

for remote appliance monitoring, control, and diagnosis using an Embedded Cryptographic Device (ECD) for message authentication. The system

2000

includes a central facility

2010

, a communication network

2035

, and home appliances such as a refrigerator

2050

, a dishwasher

2040

, and an oven

2045

, for example.

The central facility

2010

preferably includes a CPU

2015

, a counter

2025

, an Embedded Cryptographic Device (ECD)

2020

, and a communication interface

2030

. The counter

2025

provides, as an example, register or other memory space in which the CPU

2015

may maintain counters as explained below. The counter

2025

need not be a separate memory. Rather, the counter

2025

may be included in the ECD

2020

, for example. The ECD

2020

preferably stores an algorithm used to authenticate data it receives from an appliance such as the refrigerator

2050

. To that end, the ECD

2020

may include program and data memory from which the CPU

2015

executes the cryptographic algorithm, or may include a dedicated CPU, program memory, and data memory with which to process the cryptographic algorithm and share results with the CPU

2015

. The CPU

2020

is preferably linked to a communication interface

2030

that connects the central facility

2010

to a communication network

2035

using, for example, a network interface card, cable modem, dial up connection, or the like. The communication network

2035

may be, for example, the Internet, and the communication interface

2030

preferably communicates with the communication network

2035

using the TCP/IP protocol.

As mentioned above, the system

2000

also includes home appliances such as a refrigerator

2050

, a dishwasher

2040

, and an oven

2045

, as examples. The refrigerator

2050

preferably includes a CPU

2055

, a counter

2065

, an ECD

2060

, and a communication interface

2070

. As noted above, the counter

2065

may be part of the ECD

2060

, and the ECD

2060

may provide program and data memory to the CPU

2055

, or may implement a CPU, program memory and data memory dedicated to cryptographic processing. The CPU

2055

is linked to a communication interface

2070

that connects the refrigerator

2050

to the communication network

2035

, using for example, an ACC coupled to a gateway to the communication network

2035

. Other home appliances, such as the dishwasher

2040

and the oven

2045

are also be connected to the communication network

2035

and include the message authentication cryptographic hardware explained above.

In operation, the central facility

2010

preferably sends messages forming a reduced message set protocol (RMSP) over the communication network

2035

to the home appliances

2040

,

2045

,

2050

. The reduced message set protocol (RMSP) is a relatively small library of messages that provide query, command, and information messages between the central facility

2010

and the home appliances. The home appliances such as the refrigerator

2050

then authenticate the message, if required, received from the central facility

2010

. If the message received by the refrigerator

2050

from the central facility

2010

is authentic, the refrigerator

2050

may then act on a command included in the message. Furthermore, the refrigerator

2050

may transmit responsive messages back to the central facility

2010

. The central facility

2010

may then authenticate the message from the refrigerator

2050

, if required, and take an appropriate action.

In general, query messages do not require authentication by the home appliances

2040

,

2045

,

2050

that receive them. Examples of query messages include, “what is your counter setting?”, “what is the next counter setting you expect the central facility

2010

to use?”, “do you have a message to send?”, “repeat the last message you sent”, or “repeat the last message you accepted.” Command messages, however, generally require authentication because they request the appliance to take a specific action. Examples of command messages include “perform the commanded action”, for example “shut off”, “turn on”, “change your secret keying variable”, or “raise/lower your temperature.” Another example of a command message is “continue”. The Continue message indicates that the central facility

2010

has received an authenticated message from the appliance, and that the appliance should now increment its counter.

The home appliances

2040

,

2045

, and

2050

, may send query response messages or information messages. The query response messages preferably do not require authentication by the central facility

2010

that receives them. Examples of query response messages include “my counter setting is x”, where x is the counter setting in the appliance, “the next counter setting I expect the central facility

2010

to use is y”, “I have a message to send”, “I do not have a message to send”, or “the last message I sent was z”. Information messages are preferably authenticated. Examples of information messages include “I am reporting the following information Q.” Q may be diagnostic information requested by the central facility

2010

or a reportable condition detected by sensors communicating locally to the home appliance such as the refrigerator

2050

, for example.

FIG. 21

illustrates a flow diagram

2100

of the authentication algorithm used to produce an authentication word, W. At step

2102

, the CPU

2015

at a central facility

2010

receives an M-byte message, MSG, with bits MSG=(m

8(M−1)+7

, . . . ,m

8(M−1)

, . . . ,m

15

, . . . ,m

8

,m

7

, . . . ,m

0

) that are grouped into M bytes (MSG

M−1

, . . . ,MSG

1

,MSG

0

). At step

2150

, the CPU

2015

also reads or obtains a 3-byte counter, C, with bits C=(c

23

, . . . c

16

,c

15

, . . . ,c

8

,c

7

, . . . ,c

0

) that are grouped into 3 bytes (C

2

,C

1

,C

0

) from the counter

2025

. The counter

2025

is initially set to all zeros. Additionally, at step

2120

, the CPU reads or obtains an X-byte secret keying variable, K, with bits K=(k

8X−1

, . . . ,k

8X−8

, . . . ,k

15

, . . . ,k

8

,k

7

, . . . ,k

0

), that are grouped into X bytes (K

X−1

,K

X−2

, . . . ,K

2

,K

1

,K

0

). In the preferred embodiment, X=6.

The authentication word, W, is a function of the M-byte message, the 3-byte counter, and the X-byte secret keying variable. That is, W=ƒ(M,C,K). The complexity of the function, ƒ, is generally appropriate for the class of CPUs that may be present in home appliances. Next, at step

2125

, a 4-byte working register, R, is constructed with bits R=(r

31

, . . . ,r

24

,r

23

, . . . , r

16

, r

15

, . . . ,r

8

,r

7

, . . . ,r

0

) that are grouped into four bytes (R

3

,R

2

,R

1

,R

0

). Then, at step

2130

, R

3

is initialized as a directional code. That is, R

3

=(r

31

, . . . ,r

24

) where (0, . . . ,0) represents a transmission from a remote terminal

2050

to a central facility

2010

, and (1, . . . ,1) represents a transmission from a central facility

2010

to a remote terminal

2050

. At step

2135

, R

2

, R

1

, and R

0

are initialized as equal to the 3-byte counter C. That is, (R

2

,R

1

,R

0

)=(r

23

, . . . ,r

16

,r

15

, . . . ,r

8

,r

7

, . . . ,r

0

)=(c

23

, . . .c

16

,c

15

, . . . ,c

8

,c

7

, . . . ,c

0

).

Next, at step

2140

, an index is determined. The index is a variable calculated by index=max(3,M−1). That is, the greater of the two values 3 or M−1 is the value of the variable index. Next at step

2145

, the simple Boolean dot product P of R

2

and R

0

(bit-by-bit Boolean AND) is formed as: p

0

=r

16

r

0

, p

1

=r

17

r

1

, p

2

=r

18

r

2

, p

3

=r

19

r

3

, p

4

=r

20

r

4

, p

5

=r

21

r

5

, p

6

=r

22

r

6

, and p

7

=r

23

r

7

where P=(p

7

,p

6

,p

5

,p

4

,p

3

,p

2

,p

1

,p

0

). Then at step

2150

, Q is formed by Bit-by-bit exclusive-or (p

7

,p

6

,p

5

,p

4

,p

3

,p

2

,p

1

,p

0

) with (0,1,0,1,0,1,0,1) to form (q

7

,q

6

,q

5

,q

4

,q

3

,q

2

,q

1

,q

0

) where Q=(q

7

,q

6

,q

5

,q

4

,q

3

,q

2

,q

1

,q

0

). Next, at step

2155

, S is formed where S=(s

7

,s

6

,s

5

,s

4

,s

3

,s

2

,s

1

,s

0

) by adding Q to K using binary addition. That is, the byte (q

7

,q

6

,q

5

,q

4

,q

3

,q

2

,q

1

,q

0

) is added to the i-th key byte, K

i

, i.e., (k

8i+7

,k

8i+6

,k

8i+5

,k

8i+4

,k

8i+3

,k

8i+2

, k

8i+1

,k

8i

) using binary addition. Then the left-most carry bit is discarded, followed by an end-around rotate of the byte S to form the new S=(s

6

,s

5

,s

4

,s

3

,s

2

,s

1

,s

0

,s

7

). Then, at step

2160

, bit-by-bit exclusive-or S with the byte R

3

to form byte T. Next, at step

2165

, F is formed by bit-by-bit exclusive-or byte T with byte MSG

j modulo(index+1)

. Next at step

2170

, the following replacements occur: byte R

3

with byte R

2

, byte R

2

with byte R

1

, byte R

1

with byte R

0

, and byte R

0

with byte F. Then at step

2175

, steps

2145

through

2170

are repeated the number of times indicated by the index variable. Then at step

2180

, steps

2140

through

2170

are repeated for the number of bytes in the secret key variable, K. Next, at step

2185

, the CPU performs an end around shift of the R register by one bit, that is, it replaces (r

31

,r

30

, . . . ,r

1

,r

0

) by (r

30

,r

29

, . . . ,r

0

,r

31

).

At step

2190

, steps

2140

through

2185

are iterated, preferably between 4 and 128 times. After step

2190

, the authentication word W is formed by setting W=R, that is, w

31

=r

31

, w

30

=r

30

, . . . , w

0

=r

0

. Finally, at step

2195

, the authentication word W is transmitted with the message. Note that the message itself is not scrambled or encrypted. Rather, the authentication word W is provided that allows a receiver to determine whether a message is genuine.

Because a secret keying variable may sometimes be compromised, the present authentication techniques provide a mechanism for generating one or more replacement secret keys using a single additional master keying variable.

FIG. 22

illustrates a flow chart

2200

of an algorithm that allows the secret keying variable, K, to be changed in an appliance without having physical access to the appliance. To this end, a “master” secret keying variable, MK may be installed in the embedded cryptographic devices

2020

,

2060

. The secret keying variable K is changed to a new secret keying variable K′ one byte at a time. First, at step

2210

, the central facility

2010

sends a command message to the home appliance to change its keying variable K. Next, at step

2220

, the authentication algorithm as described in

FIG. 21

is run using the master keying variable MK instead of the original K. The original secret variable K is treated (processed) as an X-byte message. The result is a four-byte authentication word W. Next, at step

2230

, the first byte of the authentication word, W, for example, bits w

0

,w

1

, . . . ,w

7

are selected as the first eight bits of the new secret keying variable, K′.

Subsequently, at step

2240

, the algorithm is repeated again using the master keying variable MK and processing the message comprised of the concatenation of K and W to produce the authentication word W′. Then, at step

2250

, the first byte of W′ then constitutes the second byte of the new secret keying variable, K′. Next, at step

2260

, the algorithm is repeated again using the master keying variable MK and processing the message consisting of the concatenation of K and W′ to produce the authentication word W″. Then at step

2270

, the first byte of W″ then constitutes the third byte of the new secret keying variable, K′. At step

2280

, steps

2260

-

2270

are repeated until the new secret keying variable, K′, has been completely generated. Finally, at step

2290

, K is replaced with K′. The command to change the secret keying variable may also specify a change in the length of the secret keying variable.

FIG. 23

illustrates a flow chart of the authentication process

2300

. First, at step

2310

, a receiver (e.g., the refrigerator

2050

), receives an authentication word W, and a message M, from the central facility

2010

. Next, at step

2320

, the refrigerator

2050

retrieves its counter value, C, and its keying variable K. Then at step

2330

, the refrigerator

2050

generates a local authentication word W to compare with the authentication word sent from the central facility

2010

. Next, at step

2340

, the local authentication word is compared to the received authentication word. If the two authentication words match exactly, then at step

2350

, the message M, from the central facility

2010

is accepted by the refrigerator

2050

and acted on. If the two authentication words do not match exactly, then at step

2360

, the message M is rejected.

Generally, the counters referenced above are preferably non-resettable, non-volatile, and incremented after each message sent or received. In general, an ECD increments its counter when it receives an answer from the central facility

2010

in response to a message sent to the central facility

2010

. The central facility

2010

may store counters and keying variable for numerous home appliances distributed across numerous buildings, campuses, geographic regions, and the like. Thus, a single central facility

2010

may provide message authentication for a large number of home appliances by accessing the particular counter and keying variable for each appliance as messages are sent to and received from that appliance. The central facility

2010

may check the connection between the central facility

2010

and a receiver using a command that requires no action, except authentication and counter incrementation. A connection check may occur at predetermined elapsed times without communication from the receiver (e.g., 8 hours, 1 day, and the like).

After sending a message requiring authentication to an ECD, the central facility

2010

may query the ECD for the next counter setting that the ECD expected the central facility

2010

to use. If the counter had not been incremented, then the central facility

2010

may ask for a copy of the last message that the ECD had accepted.

It is also noted that the algorithm as presented above is not restricted to the particular implementation set forth above. Thus, the secret keying variable length, counter length, number of iterations, and the like may be changed depending on the specific implementation desired and computational capacity available.

While the invention has been described with reference to a preferred embodiment, those skilled in the art will understand that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular step, structure, or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.

Number	Name	Date	Kind
5898831	Hall et al.	Apr 1999	A
5909183	Borgstahl et al.	Jun 1999	A
6041346	Chen et al.	Mar 2000	A
6121593	Mansbery et al.	Sep 2000	A
6229433	Rye et al.	May 2001	B1
6243772	Ghori et al.	Jun 2001	B1
6665384	Daum et al.	Dec 2003	B2
6690979	Smith	Feb 2004	B1
6693999	Ito et al.	Feb 2004	B2
20030001721	Daum et al.	Jan 2003	A1

Internet enabled appliance command structure

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

US Classifications

Field of Search

US

International Classifications

Term Extension

Abstract

Description

Claims

CROSS REFERENCE TO RELATED APPLICATION

US Referenced Citations (10)

Provisional Applications (1)