paper presentation hello-engineers.blogspot

8/3/2019 Paper Presentation Hello-Engineers.blogspot

1/16

http://hello-engineers.blogspot.com/

U S 2 0 0 4 0 2 4 9 9 2 2 A 1(19) United States(12) Patent App lication Publication (io) Pub. No.: US 2004/0249922 AlHackm an et al. (43) Pub . Date: D ec . 9,2004( 5 4) H O M E A U T O M A T I O N S Y S T E M S E C U R I T Y

(76) Inventors: Thom as J. Hack man, Florence, KY

(US); Chr istoph er A. Powell, Taylor

Mill, KY (US)

Correspondence Address:

TAFT, STETTINIUS & HOLLISTER LLP

SUITE 1800

425 WALNUT STREET

CINCINNATI, OH 45202-3957 (US)

(21) Appl . No.: 10/813,916(22) Filed: Mar . 31 , 2004

Related U.S. Application Data

(60) Provisional application No. 60/459,206, filed on Mar.

31, 2003.

Publication Classification

(51) Int. C I. 7 G06F 15/173; H04L 12/66;G06F 15/16; H04L 9/32

(52) U.S. CI 709/223; 709/229; 713/200(57) ABSTRACT

A computer network controlled/monitored automation sys

tem for a residence (such as a home, a business, an office,

etc.) in which a residential server controls and monitors

security and other computer controllable systems within the

residence. To provide maximum security, the residential

server is configured to deny any inbound connections. The

residential server initiates a secure connection to a central

system controller's server so that the residential server can

receive commands and other communications from thecentral system controller's server, some of which may have

been communicated to the central system controller's server

by an authorized remote user/occupant of the residence over

the Internet.

A user on the internet connects on thewebserver in the home using their webbrowser. This is a direct TCP/IP

connection on port 80

20

The server in the home responds witha login webpage for the user to

authenticate.

The user enters their usemame andpassword. Both are sent plain text overthe internet to the server in the home.

The server in the home responds with aweb page that allows the user to control

their home.28

H O M E AUT OMA TION SYSTEM SECURITY


2/16

Patent Application Publication Dec. 9,2004 Sheet 1 of 5 US 2004/0249922 Al

Home #1

Firewall

FIG. 1

Remote Control vialaptop while traveling

Laptop computer

Remote Control viaPC while at work

_ 'A'PC


3/16


A user on the internet connects on thewebserver in the home using their webbrowser. This is a direct TCP/IP

connection on port 80

20

The server in the home responds with

a login webpage for the user toauthenticate.

The user enters their username andpassword. Both are sent plain text overthe internet to the server in the home.

If server determines theusername and password to be,valid then continue. Else return to v

retry authentication.

The server in the home responds with aweb page that allows the user to control

their home.

28

FIG. 2


4/16


Webserver in

. the home Firewall

AES

SSL

Remote Control vialaptop while traveling

Laptop computer

FIG. 3

f Remote Control via \( PC while at work \

\

\/ y

',\ 1V PC

7

ft

J

HTC web farm

Server 3

/ /10

s>

po"shScS"po"s

oo

!Z5sr

wo

C

Ooooo


5/16


A users home initiates a connection to the web farm on a proprietary port. Asigned packet is sent for the server to process.

The home sends to the server a request that new key pair be generated.

Server generates a new PKI key pair and sends only the public part to the home.

Home generates it's own PKI key pair and sends its public portion to the server.

30

Connection terminated

Connection terminated

The home generates a random key for synchronous encryption. It then encypts it with thepublic key of the server and sends the encrypted packet to the server.

The server generates a random key for synchronous encryption. It then encrypts it with thepublic key of the home and sends the encrypted packet to the home.

Both the home and the server indepentantly assemble the two random keys to generate anew key (k3) for synchronous encryption.

Commands and responses from this point on are all encrypted using key k3 andsynchronous encryption.

42

44

46

48

50

52

54

FIG. 4


6/16


A user on the internet connects to our

web farm using their web browser. Thisis an SSL encrypted connection on port.443

56

A web server in the webfarm

responds with a login webpage for theuser to authenticate.

The user enters their username andpassword. Both are sent encryptedover the internet to the webfarm.

The server in the webfarm responds with awebpage that allows the user to control

their home. Commands are relayedthrough the webfarm to the home over the

secure link created in part 1.

64

FIG. 5


7/16

US 2004/0249922 Al Dec. 9, 2004

HOME AUTOMATION SYSTEM SECURITY

CROSS-REFERENCE TO RELATED

APPLICATION

[0001] This application claims the benefit of U.S. Provisional Application Serial No. 60/459,206 entitled "HOMEAUTOMATION SYSTEM SECURITY" filed on Mar. 31,2003.

BACKGROUND

[0002] 1. Field of the Invention

[0003] The present invention is related to home automation systems; and more particularly, a system and method forsolving many Internet security problems encountered byprior-art home automation systems.

[0004] 2. Background of the Invention

[0005] FIG. 1 illustrates a network overview of a currentindustry standard for Web control of a home automationsystem. Such prior-art home automation systems place aWeb server in each of the homes that remote users candirectly connect to outside of the home, such as, forexample, via a laptop while traveling or via a PC while atwork. To access the user's home automation system, theremote user simply 'surfs' directly to a Web server that islocated in the home. This Web server is usually directlyconnected to the Internet and very exposed to hackers. Forexample, the data connections shown in FIG. 1 are allestablished via plain text HTTP requests (unencrypted). A

primary disadvantage with this p rior-art system is that a Webserver directly connected to the Internet is often exposed tohackers. If proper precautions are taken, the risk to someonehacking into the home can be minimized but not eliminated.The home is an attractive target to hackers for many obviousreasons. The most common vulnerabilities to the systemsthat are sought after are flaws in the operating system, Webserver or ancillary services. Operating system manufacturersare constantly releasing patches to repair recently discoveredsecurity flaws or to stop newly invented hacking tools.Corporations usually have someone on their IT staff activelymonitoring their servers, installing all of the latest securitypatches, and reacting to stop intrusions. Homeowners, on theother hand, will unlikely have the technical background to

perform this task, and a system initially intended to maketheir life easier should not place this type of burden uponthem.

[0006] In such a traditional home automation scheme,each home has its own independent Web server as discussedabove. The hacker could work unnoticed against individualhome Web server and the intrusion would likely go unnoticed for the initial few homes. After a successful intrusionmethod has been developed, hackers could go after a largenumber of homes unobserved because the traditional schemelacks central monitoring. To halt intrusions, and to repair thebreach, every home server would have to be turned off andpatched with the latest security and protection codes. Fur

thermore, hacking usually requires quite a bit of researchand trial and error on the part of the hacker. When homeshave servers that are publicly accessible on the Internet, ahacker can unobtrusively gather data about the home server's vulnerabilities and how it operates. They then usuallytry many different approaches in search of one that might be

fruitful. Without central monitoring, this trial and errorhacking method could go unnoticed for long periods of time.

[0007] FIG. 2 provides a flow chart illustration indicatinga prior-art authentication process for user connecting to theirhome Web server. As shown in the first step 20, a user on theInternet connects to the Web server in the home using theirWeb browser. This is a direct TCP/IP connection on port 80.At this point, the user may be a valid user or a hacker.Everybody on the public Internet can connect to this computer. This exposes the home Web server to many exploitsif the latest security patches are not applied. The home Webserver is also directly exposed to many Internet worms andviruses. In the next step 22 shown in FIG. 2, the server inthe home responds with a log-in Web page for the user toauthenticate. As shown in the next step 24, the user enterstheir user name and password; both of which are sent inplain text over the Internet to the server in the home. At thispoint a hacker could capture the user name and passwordusing one of many different types of data capturing techniques. With this, they could later log-on as a "valid" user.As shown in the next step 26, if the home Web serverdetermines the user name and password to be valid then theprocess continues on to the final step 28. Otherwise, theprocess returns to the step 22 requesting the user to enter hisor her user name and password. In this recursive process, thehacker could use a brute force or dictionary attack to keepattempting passwords until they succeed. If the home locksout that IP, they can attack other homes in the meantime andcome back the next day to resume the attack. In the final step28 shown in FIG. 2, the Web server in the home respondswith the Web page that allows the user to control their home.At this point, the hacker could intercept the transmissionsand possibly impersonate transmissions from the user.

SUMMARY OF THE INVENTION

[0008] The present invention provides a computer network controlled/monitored automation system for a residence (such as a home, a business, an office, etc.) in whicha residential server (located in or associated with the residence) controls and monitors security and other computercontrollable systems within the residence. The residentialserver of the present invention is configured to deny anyinbound connections or requests over the Internet (or overwhatever alternative communication/data network that it is

coupled to). Further, the residential server is configured toinitiate a connection to a central system controller's server(or server farm) so that the residential server can receivecommands and other communications from the central system controller's server, some of which may have beencommunicated to the central system control ler's server by anauthorized remote user/occupant of the residence over theInternet.

[0009] Accordingly, it is a first aspect of the presentinvention to provide a computerized residential automationsystem that includes: (a) a central system controller serveroperatively coupled to a data network; and (b) a residentialautomation computer system, operatively coupled to the

data network, where the residential automation computersystem is associated with a residence and configured tohandle one or more residential automation functions. Theresidential automation computer system is configured todeny all inbound data connections from the data network,and the residential automation computer system is further


8/16


US 2004/0249922 Al Dec. 9, 2004

configured to initiate a connection with the central systemcontroller for communicating residential automation information between the central system controller and the resi

dential automation computer system. In a more detailedembodiment, the connection with the central system controller is a secure connection. In an even more detailedembodiment, the connection with the central system controller is a maintained secure connection. In an even moredetailed embodiment, the maintained secure connection isperiodically renegotiated.

[0010] In an alternate detailed embodiment of the firstaspect of the present invention, the secure connection utilizes encryption algorithms for communications between theresidential automation computer system and the centralsystem controller.

[0011] In another alternate detailed embodiment of the

first aspect of the present invention, the secure connectionutilizes public/private key pair techniques for communications between the residential automation computer systemand the central system controller.

[0012] In another alternate detailed embodiment of thefirst aspect of the present invention, the central systemcontroller includes a plurality of central system controlcomputers in a server farm.

[0013] In another alternate detailed embodiment of thefirst aspect of the present invention, the central systemcontroller includes a plurality of central system controlcomputers, each central system control computer beingassociated with a specific geographic region.

[0014] In another alternate detailed embodiment of thefirst aspect of the present invention, the central systemcontroller is configured to accept inbound connections froma remote computer operatively coupled to the data network.In a more detailed embodiment, the central system controllerincludes an authentication algorithm for controlling accessto the central system controller to an authorized user of theremote computer. In an even more detailed embodiment, thecentral system controller monitors for unauthorized accessfrom the remote computer.

[0015] In another alternate detailed embodiment of thefirst aspect of the present invention, the data network is a

global computer network. In a more detailed embodiment,the global computer network is the World-Wide-Web. In aneven more detailed embodiment, the central system controller provides an access Web site on the World-Wide-Web thatis configured to accept Web access from a remote computeroperatively coupled to the World-Wide-Web. In an evenmore detailed embodiment, the access Web site is passwordprotected for controlling access to the central system controller to authorized users. In another even more detailedembodiment, the access Web site is configured to allow anauthorized user of the remote computer to communicatewith the residential automation computer system, whereincommunications between the remote computer and the residential automation computer system are transferred over the

connection initiated with the central system controller by theresidential automation computer system. In yet a furtherdetailed embodiment, the communications between theremote computer and the residential automation computersystem are indirect communications that are processed bythe central system server.

[0016] In another alternate detailed embodiment of thefirst aspect of the present invention, the computerized residential automation system also includes a firewall opera

tively coupled between the data network and the residentialautomation computer system, where the firewall preventsinbound data connections to the residential automation computer system from the data network. In a more detailedembodiment, the firewall is a hardware component separatefrom the residential automation computer system.

[0017] It is a second aspect of the present invention toprovide a computerized residential automation system thatincludes: (a) a central system controller server operativelycoupled to a data network; (b) a residential automationcomputer system associated with a residence and configuredto handle one or more residential automation functions; and(c) a firewall operatively coupling the residential automationcomputer system to the data network and being configuredto deny all inbound data connections from the data networkto the residential computer. In a more detailed embodiment,the residential automation computer system is further configured to initiate a connection with the central systemcontroller over the data network for communicating residential automation information between the central systemcontroller and the residential automation computer system.In an even more detailed embodiment, the connection is asecure connection utilizing encryption algorithms for communications between the residential automation computersystem and the central system controller.

[0018] In an alternate detailed embodiment of the secondaspect of the present invention, communication between the

residential automation computer system and the centralsystem controller occurs over a maintained secure connection on the data network. In a more detailed embodiment, themaintained secure connection on the data network is initiated by at least one of the residential automation computersystem and the firewall. In another more detailed embodiment, the maintained secure connection is periodically renegotiated. In yet another more detailed embodiment, themaintained secure connection utilizes encryption algorithmsfor communications between the residential automationcomputer system and the central system controller.

[0019] In another alternate detailed embodiment of thesecond aspect of the present invention, the central system

controller includes a plurality of central system controlcomputers in a server farm.

[0020] In another alternate detailed embodiment of thesecond aspect of the present invention, the central systemcontroller includes a plurality of central system controllercomputers, each central system controller computer beingassociated with a specific geographic region.

[0021] In another alternate detailed embodiment of thesecond aspect of the present invention, the central systemcontroller is configured to accept inbound connections froma remote computer operatively coupled to the data network.In a more detailed embodiment, the central system controllerincludes an authentication algorithm for controlling accessto the central system controller to authorized users of theremote computer. In an even more detailed embodiment, thecentral system controller monitors for unauthorized accessfrom the remote computer.

[0022] In another alternate detailed embodiment of thesecond aspect of the present invention, the data network is


9/16

US 2004/0249922 Al Dec. 9, 2004

a global computer network. In a more detailed embodiment,global computer network is the World-Wide-Web. In aneven more detailed embodiment, the central system control

ler provides an access Web site on the World-Wide-Web thatis configured to accept Web access from a remote computeroperatively coupled to the World-Wide-Web. In an evenmore detailed embodiment, the access Web site is passwordprotected for controlling access to the central system controller to authorized users. In another even more detailedembodiment, the access Web site is configured to allow anauthorized user of the remote computer to communicatewith the residential automation computer system, wherecommunications between the remote computer and the residential automation computer system are transferred over amaintained connection between the central system controllerand at least one of the residential automation computersystem and the firewall. In another even more detailed

embodiment, the access Web site is configured to allow anauthorized user of the remote computer to communicatewith the residential automation computer system, whereincommunications between the remote computer and the residential automation computer system are transferred over aconnection initiated with the central system controller by theresidential automation computer system and/or the firewall.In yet an even more detailed embodiment, the communications between the remote computer and the residentialautomation computer system are indirect communicationsthat are processed by the central system server.

[0023] It is a third aspect of the present invention toprovide a computerized residential automation system that

includes: (a) a central system controller server operativelycoupled to a data network; and (b) a residential automationcomputer system, operatively coupled to the data network,where the residential automation computer system is associated with a residence and configured to handle one or moreresidential automation functions. The residential automationcomputer system is configured to deny all inbound dataconnections from the data network, and the residentialautomation computer system is connected with the centralsystem controller over the data network by a maintainedsecure connection. In a more detailed embodiment, themaintained secure connection is initiated by the residentialautomation computer system.

[0024] In alternate detailed embodiment of the third aspect

of the present invention, the maintained secure connection isperiodically renegotiated.

[0025] In another alternate detailed embodiment of thethird aspect of the present invention, the central systemcontroller is configured to accept inbound connections froma remote computer operatively coupled to the data network.In a more detailed embodiment, the central system controllerincludes an authentication algorithm for controlling accessto the central system controller to authorized users of theremote computer. In an even more detailed embodiment, thecentral system controller monitors for unauthorized accessfrom the remote computer. In another even more detailedembodiment, the data network is a global computer network.

In yet an even more detailed embodiment, the global computer network is the World-Wide-Web. In yet an even moredetailed embodiment, the central system controller providesan access Web site on the World-Wide-Web that is configured to accept Web access from a remote computer operatively coupled to the World-Wide-Web. In yet an even more

detailed embodiment, the access Web site is passwordprotected for controlling access to the central system controller to authorized users. In an alternate further detailed

embodiment, the access Web site is configured to allow anauthorized user of the remote computer to communicatewith the residential automation computer system, wherecommunications between the remote computer and the residential automation computer system are transferred over themaintained secure connection. In yet an even more detailedembodiment, the communications between the remote computer and the residential automation computer system areindirect communications that are processed by the centralsystem server.

[0026] It is a fourth aspect of the present invention toprovide a computerized residential automation system thatincludes: (a) a central system controller server operatively

coupled to a data network; (b) a residential automationcomputer system, operatively coupled to the data network,where the residential automation computer system is associated with a residence and configured to handle one or moreresidential automation functions; (c) means for blocking allinbound connections or connection requests to the residential automation computer system over the data network; (d)means for initiating a secure connection by the residentialautomation computer system with the central system controller over the data network; (e) means for accessing thecentral system controller by an authorized user on a remotecomputer; and (f) means for facilitating communicationsbetween the authorized user on the remote computer and theresidential automation computer system via the central system controller and the secure connection.

[0027] It is a fifth aspect of the present invention toprovide a method for operating a residential automationsystem that includes a central system controller serveroperatively coupled to a data network and a residentialautomation computer system, operatively coupled to thedata network, where the residential automation computersystem being associated with a residence and configured tohandle one or more residential automation functions, themethod including the steps of: (a) blocking all inboundconnections to the residential automation computer systemover the data network; (b) initiating by the residentialautomation computer system a secure connection with thecentral system controller; and (c) communicating residential

automation system information between the central systemcontroller and the residential automation computer systemover the secure connection. In a more detailed embodiment,the step of initiating a secure connection with the centralsystem controller includes the step of initiating by theresidential automation computer system a maintained secureconnection. In an even more detailed embodiment, themethod also includes the step of periodically renegotiatingthe maintained secure connection.

[0028] In an alternate detailed embodiment of the fifthaspect of the present invention, the communicating stepincludes the step of utilizing encryption algorithms.

[0029] In another alternate detailed embodiment of the

fifth aspect of the present invention, the communicating stepincludes the step of utilizing public/private key pair techniques.

[0030] In another alternate detailed embodiment of thefifth aspect of the present invention, the method also


10/16

US 2004/0249922 Al Dec. 9, 2004

includes the step of accessing the central system controllerby a remote computer over the data network, where thecommunicating step includes the step of communicating

residential automation system information between theremote computer and the residential automation computersystem via the central system controller. In a more detailedembodiment, the accessing step includes the step of authenticating a user of the remote computer as having authorizedaccess to the residential automation system information. Inan even more detailed embodiment, the method alsoincludes the step of monitoring for unauthorized access tothe central system controller. In another more detailedembodiment, the data network is the World-Wide-Web, theaccessing step includes the steps of providing an accessingWeb site by the central system controller and logging ontothe accessing Web site by the remote computer, and thecommunication step includes the step of communicating

residential automation system information between theremote computer and the residential automation computersystem via the accessing Web site.

[0031] It is a sixth aspect of the present invention toprovide a method for operating a residential automationsystem that includes a central system controller serveroperatively coupled to a data network and a residentialautomation computer system, operatively coupled to thedata network, where the residential automation computersystem is associated with a residence and configured tohandle one or more residential automation functions. Themethod includes the steps of: (a) blocking all inboundconnections to the residential automation computer systemover the data network; (b) maintaining a secure connectionbetween the residential automation system and the centralsystem controller on the data network; and (c) communicating residential automation system information betweenthe central system controller and the residential automationcomputer system over the maintained secure connection. Ina more detailed embodiment, the method also includes thestep of periodically renegotiating the maintained secureconnection.

[0032] In an alternate detailed embodiment of the sixthaspect of the present invention, the communicating stepincludes the step of utilizing encryption algorithms. In amore detailed embodiment, the communicating stepincludes the step of utilizing public/private key pair tech

niques.

[0033] In another alternate detailed embodiment of thesixth aspect of the present invention, the method alsoincludes the step of accessing the central system controllerby a remote computer over the data network, where thecommunicating step includes the step of communicatingresidential automation system information between theremote computer and the residential automation computersystem via the central system controller. In a more detailedembodiment, the accessing step includes the step of authenticating a user of the remote computer as having authorizedaccess to the residential automation system information. Inan even more detailed embodiment, the method also

includes the step of monitoring for unauthorized access tothe central system controller. In another more detailedembodiment, the data network is the World-Wide-Web, theaccessing step includes the steps of providing an accessingWeb site by the central system controller and logging ontothe accessing Web site by the remote computer, and the

communication step includes the step of communicatingresidential automation system information between theremote computer and the residential automation computer

system via the accessing Web site.

[0034] It is a seventh aspect of the present invention toprovide a method for communicating with a residentialautomation computer system with a remote computer over adata network, comprising the steps of: (a) accessing a centralsystem controller by the remote computer over the datanetwork; (b) communicating residential automation systeminformation between the remote computer and the centralsystem controller; (c) initiating by the residential automationcomputer system a secure connection on the data networkbetween the residential automation computer system and thecentral system controller; and (d) communicating residentialautomation system information between the central systemcontroller and the residential automation computer systemover the secure connection between the central systemcontroller and the residential automation computer system.In a more detailed embodiment, the method also includes thestep of blocking all inbound connections to the residentialautomation computer system over the data network.

[0035] It is an eighth aspect of the present invention toprovide a method for communicating with a residentialautomation computer system with a remote computer over adata network, comprising the steps of: (a) accessing a centralsystem controller by the remote computer over the datanetwork; (b) communicating residential automation systeminformation between the remote computer and the centralsystem controller; (c) maintaining a secure connection on

the data network between the residential automation controller and the central system controller; and (d) communicating residential automation system information betweenthe central system controller and the residential automationcomputer system over the secure connection between thecentral system controller and the residential automationcomputer system. In a more detailed embodiment, themethod also includes the step of blocking all inboundconnections to the residential automation computer systemover the data network. In an even more detailed embodiment, the method also includes the step of periodicallyrenegotiating the maintained secure connection.

BRIEF DESCRIPTION OF THE DRAWINGS

[0036] FIG. 1 illustrates a network overview of a currentindustry standard for Web control of a home automation

system;

[0037] FIG. 2 provides a flow chart illustration indicatinga prior-art authentication process for user connecting to theirhome Web server;

[0038] FIG. 3 illustrates a network overview of an exemplary embodiment of the present invention for providingWeb control of a home or other type of residential automation system;

[0039] FIG. 4 provides a flow chart illustrating an exemplary authentication process that a residential server goesthrough when connecting to the central system controller'sserver farm; and

[0040] FIG. 5 illustrates a flow chart illustrating an exemplary authentication process that a remote user goes throughwhen connecting with the central system controller's serverfarm.


11/16

US 2004/0249922 Al Dec. 9, 2004

DETAILED DESCRIPTION

[0041] The present invention provides a computer network controlled/monitored automation system for a resi

dence (such as a home, a business, an office, etc.) in whicha residential server (located in or associated with the residence) controls and monitors security and other computercontrollable systems within the residence. The residentialserver of the present invention is configured to deny anyinbound connections or requests over the Internet (or overwhatever alternative communication/data network that it iscoupled to). Further, the residential server is configured toinitiate a connection to a central system controller's server(or server farm) so that the residential server can receivecommands and other communications from the central system controller's server, some of which may have beencommunicated to the central system control ler's server by anauthorized remote user/occupant of the residence over the

Internet.

[0042] The "central system controller server" may be anytype of computer or system of computers residing on thedata network. As used with the exemplary embodiments ofthis invention, the central system controller server is capableof communicating data and commands over a connectionwith a residential automation computer system on the datanetwork, and the central system controller server is capableof being accessed over the data network by a remotecomputer.

[0043] The "data network" referenced herein may be alocal area network, a wide area network, a global network,the Internet, the World Wide Web, a wireless network, a

cellular network, a satellite network, or any other communication system that enables two or more computers, computer systems and/or network devices to share and communicate information thereover.

[0044] The "residential automation computer system" referenced herein may be any type of computer or computersystem or apparatus, which may or may not include peripheral devices or systems (such as an internal or externalfirewall), that is used to control various residential automation functions, as defined herein.

[0045] As used herein, a "residence" may be a home, anoffice, a business, a boat, or any other type of structure,system, or area monitored and/or controlled by an automation system.

[0046] The term "residential automation functions" usedherein includes, but is not limited to, lighting, heating andcooling, home security, fire and smoke alarms, electrical,plumbing, kitchen appliances, television, multimedia, doorsand windows, any other residential appliances, computersystems, manufacturing systems, or any other business systems, when controlled or monitored by a computer orcomputer system.

[0047] "Inbound data connection" refers to any connection over the data network in which data may be transmittedto or from a local computer or computer system, when theconnection originates from an external computer or com

puter system on the data network; this term may also referto a connection request from such an external computer orcomputer system to the local computer or computer system.

[0048] A "maintained secure connection" refers to a maintained connection on the data network between two com

puters or computer systems; it is not necessary that theconnection is indefinitely maintained, only that it is maintained for two or more communications between the two

computers; and, further, that the communications are protected by any available protection or encryption scheme oralgorithm.

[0049] The term "server farm," as used herein, refers toany collection of computers or computer systems, whereeach computer or computer system is capable of performingthe same functions and incoming requests for a connectionto a server are routed to a computer with available processing capacity.

[0050] "remote computer," as discussed herein, may beany computer, computer system or network device that is ormay be coupled to the data network to communicate with thecentral system controller's server.

[0051] An "authentication algorithm," as discussed herein,may be any procedure or algorithm (or set of the same) bywhich a local computer or computer system verifies theidentity of another computer or computer system that isattempting to establish a connection with the local computer.

[0052] A "firewall" is any device and/or software (or acollection of the same) that protects a computer or computersystem coupled to a data network from unauthorized accessto the computer or computer system over the data network.The firewall may reside within the computer or may beexternal to the computer or computer system.

[0053] FIG. 3 illustrates a network overview of an exem

plary embodiment of the present invention for providingWeb control of a home or other type of residential automation system. As shown in FIG. 3, a residential automationcomputer system, such as residential server (HTC 7000server) 6, includes a hardware firewall 7 that denies allcommunications requests from a data network such as theInternet 8. To access their residential servers, users onremote computers (via laptop 9 while traveling, or PC 10while at work, for example) first connect to the centralsystem controller' s Web server 11 (in the HTC Web farm 14)over a secure Internet connection 12. The remote user willthen communicate his or her commands, data or requests forhis or her respective residential server 6 to the central systemcontroller server 11 over this connection 12. Thereafter, the

central system controller 11 will communicate such commands/data/requests to the respective residential server 6over a secure connection 13 on the Internet 8 that has beenor will be initiated by the residential server 6. In an exemplary embodiment, the secure connection 13 initiated by theresidential server 6 utilizes AES encryption algorithms,where this secure connection 13 is maintained between theresidential server 6 and the central system controller's Webserver 11, allowing for periodic renegotiation if desired.Alternate embodiments have utilized 3DES-SHA1 encryption algorithms. Of course it is within the scope of inventionto utilize any other suitable encryption or security algorithms available or known to those of ordinary skill in theart.

[0054] The central system controller's server farm 14 isprotected with professional grade security hardware andsoftware 15. The central system controller's server farm 14is constantly monitored for intrusion attempts and preventssuch hacks into the system from occurring. Larger systems


12/16

US 2004/0249922 Al Dec. 9, 2004

may utilize multiple server farms distributed across thecountry to prevent denial of service attacks and increasefault tolerance. The communications between the residential

server 6 and the central system controller's Web farm 14utilize an encrypted protocol with the same level of protection as VPN but with modifications. Such modificationsinclude the need to terminate the link at the applicationserver and limit the data it can carry to only commands anddata from the home automation system.

[0055] The present exemplary embodiment is extremelysecure because it provides a single point ofentrythroughthe central system controller's server farm 14to the residential servers 6. Therefore, for hackers to access entry ofthe residential server, they must first hack through the centralsystem controller's server farm 14. In the event of such anintrusion, the system can be immediately shut down. This

will immediately protect all of the residences that the systemis installed. With this approach, there is only one point ofentry vulnerably to hack attempts. Therefore, rather thanexpecting homeowners to keep apprised of Internet security,the corporate security professionals watch over and maintainthe system. In the event of a successful hack attempt,shutting down the server farm immediately protects allhomes and gives the security teams time to effect repairs. Ifa hacker attempts to use trial and error techniques to gainaccess to the central system control ler's server farm 14, suchtrial and error activities can be spotted immediately andhalted. Large scale denial of service attacks can be limitedby creating server farms regionally and allowing homes toconnect to servers in other regions if the regional farm isunavailable.

[0056] As discussed above, in the exemplary embodiment,the residential servers 6 maintain a secure connection 13with the central system controller's server 11 or server farm14. The advantage with this aspect is that it has been foundthat the overhead for creating new secure links is greaterthan the overhead of maintaining a large number of idle linkswhen the number of users to the system exceeds a predetermined point.

[0057] In the exemplary embodiment, communicationsbetween the residential servers 6 and the central systemcontroller's server farm 14 utilize public/private key pairtechniques (PKI). PKI is an acronym that stands for Public

Key Infrastructure. It can describe a complete securityphilosophy and a discreet set of security processes. Theexemplary embodiment of the present system uses PKItechniques to accomplish authentication. In PKI, the person/system that wants to receive secure data generates a public/private key pair. They can then distribute the public key tothe world. Anyone can encrypt data with the public key butonly the person who originally generated the key pair canread the message. Two parties can exchange public keyswithout the security risk that exchanging passwords poses.They can also authenticate the identity of the party since animposter can send messages but would not be able todecipher the response. A simple hand shaking processensures that both parties are listening and that they are who

they say they are.

[0058] The residential server 6 of the present inventionwill use a public encryption key to encode a connectionmessage out to the central system controller's server farm14. The central system controller's server farm 14 will use

its stored private key to decode the message. It would not bepossible for a hacker to impersonate the central systemcontroll er's server farm and gain access to the home because

they will not have the private key needed to complete theconnection. The home will be able to authenticate theidentity of the central system controller's server farm whenit connects to the central system controller's server farm andthe residential server will negotiate a pair of encryptionkeys. If the transmissions are intercepted or hijacked afterthe connection is complete, the hacker will not be able todecode any of the communications. Remote users (9,10) willlog onto the home automation Web site provided by thecentral system controller web server 11 using HTTPs, whichemploys standard SSL encryption support by nearly allbrowsers. The system will then utilize commercial gradecounter-measures to notify the IT staff of the central systemcontroller's server 11 of intrusion attempts so that such

attempts can be halted before they become a problem.[0059] FIG . 4 provides a flow chart illustrating theauthentication process that a residential server 6 goesthrough when connecting to the central system controller'sserver 11 or server farm 14. As shown in the first step 30, aresidential server 6 will first initiate a connection 13 to thecentral system controller's server or server farm on a proprietary port. A signed packet is sent for the central systemcontroller's server to process. In the next step 32, the centralsystem controller's server farm analyzes the packet andverifies the signature. If the signature is not verified theconnection is terminated in step 34. At step 32, networkoperations staff monitors and maintains the central systemcontroll er's server farm to prevent attacks against the servers

themselves. The signature ensures that we are talking with avalid residential server. Upon verifying the signature, themethod advances to the next step 36 in which the centralsystem controller's server sends a signed validation packetback to the residential server. This step ensures that the homeis talking to the central system controller's servers and notan imposter or a hacker. In the next step 38, the residentialserver analyzes the packet and verifies the signature. If thesignature is not verified, the connection is terminated in step40. Otherwise, the method advances to the next step 42 inwhich the residential server sends to the central systemcontroller's Web farm a request that a new key pair begenerated. Advancing to the next step 44, upon receivingthis request, the central system controller's Web farm gen

erates a new PKI key pair and sends only the public key tothe residential server. In the next step 46, the residentialserver generates its own PKI key pair and sends its publickey back to the central system controller's Web farm. In thenext step 48, the residential server generates a random keyfor synchronous encryption. It then encrypts it with thepublic key of the central system controller's Web farm andsends the encrypted packet back to the central systemcontroll er's Web farm. In the next step 50 , the central systemcontroller's Web farm generates a random key for synchronous encryption. It then encrypts the random key with thepublic key of the residential server and sends the encryptedpacket back to the residential server. In the next step 52 , boththe residential server and the central system controller's

server independently assemble the two random keys togenerate a new key (K3) for synchronous encryption.

[0060] The above steps illustrate a strong key exchangealgorithm that generates two public/private key pairs that arethen used to encrypt a new session key. This type of process


13/16


US 2004/0249922 Al Dec. 9, 2004

guarantees that the key K3 is securely exchanged. In the laststep 54, commands and responses between the residentialserver and the central system controller's Web farm are all

encrypted using the K3 key in synchronous encryption. Alldata from the residential server is encrypted at this point.Every time the residential server reconnects, a new sessionkey K3 will be generated. Currently, this encryption algorithm has not been hacked. It is highly unlikely that a hackercould capture the necessary data, to crack the encryption atall. In the event that a hacker could, the key would be uselessbecause in the time it took to crack the encryption, thesession would have renegotiated several times and severalnew K3s would have been generated.

[0061] FIG . 5 illustrates a flow chart indicating theauthentication process that a remote user (9, 10) goesthrough when connecting with the central system controller's server farm 14. In the first step 56, the remote user (9,

10) on the Internet connects to the central system controller' s server farm over the Internet 8 using their Web browser.This is an SSL encrypted connection on port 443. At thispoint, the user may be a valid user or a hacker. Everybodyon the public Internet can connect to the computer. Thisexposes the central system controller's server to manyexploits. However, this is not a problem since the centralsystem controller's server farm is maintained daily bynetwork operations staff. All of the latest security patches areapplied. Unusual traffic is investigated and potential hackersblocked at the investigation stage. In the next step 58, a Webserver 11 in the central system controller's server farm 14responds with a log-in Web page for the user to authenticate.In the next step 60, the user enters a user name and

password. Both are sent encrypted over the Internet to thecentral system controller's server farm. The SSL encryptionprevents hackers from capturing a user name and password.The SSL encryption is not available to typical home automation systems that are hosting Websites out of the user'shome. In the next step 62, if the central system controller'sserver farm 14 determines the user name and password to bevalid, then it continues on to the last step 64. Otherwise, thesystem returns to retry authentication in step 58. At thispoint, the hacker could use a brute force or dictionary attack.However, the central system controller's server farmactively monitors for these types of attacks and blocks theusers after a few failed log-in attempts. In other words,dictionary and brute force attacks will be stopped. In the last

step 64, a server 11 in the central system controller's serverfarm 14 responds with a Web page that allows the user tocontrol and/or monitor their home. Commands are relayedfrom the central system controller's server farm 14 to theresidential server 6 over the secure link 13 created in theprocess illustrated in FIG. 4. SSL encryption preventshackers from intercepting useful data and prevents data frombeing rerouted or forged.

[0062] Thus, following from the above description andinvention summaries, it should be apparent to those ofordinary skill in the art that, while the apparatuses andprocesses herein described constitute exemplary embodiments of the present invention, it is to be understood that the

invention is not limited to these precise apparatuses andprocesses and that changes may be made therein withoutdeparting from the scope of the invention as defined by theclaims. Additionally, it is to be understood that the inventionis defined by the claims and it is not intended that anylimitations or elements describing the exemplary embodi

ments set forth herein are to be incorporated into themeaning of the claims unless such limitations or elementsare explicitly listed in the claims. Likewise, it is to be

understood that it is not necessary to meet any or all of theidentified advantages or objects of the invention disclosedherein in order to fall within the scope of any claims, sincethe invention is defined by the claims and since inherentand/or unforeseen advantages of the present invention mayexist even though they may not have been explicitly discussed herein.

What is claimed is:1. A computerized residential automation system com

prising:

a central system controller server operatively coupled toa data network; and

a residential automation computer system, operativelycoupled to the data network, the residential automationcomputer system being associated with a residence andconfigured to handle one or more residential automation functions;

the residential automation computer system being configured to deny all inbound data connections from the datanetwork; and

the residential automation computer system being furtherconfigured to initiate a connection with the centralsystem controller for communicating residential automation information between the central system controller and the residential automation computer system.

2. The computerized residential automation system ofclaim 1, wherein the connection with the central systemcontroller is a secure connection.

3. The computerized residential automation system ofclaim 2, wherein the connection with the central systemcontroller is a maintained secure connection.

4. The computerized residential automation system ofclaim 3, wherein the maintained secure connection is periodically renegotiated.

5. The computerized residential automation system ofclaim 2, wherein the secure connection utilizes encryptionalgorithms for communications between the residentialautomation computer system and the central system controller.

6. The computerized residential automation system ofclaim 2, wherein the secure connection utilizes public/private key pair techniques for communications between theresidential automation computer system and the centralsystem controller.

7. The computerized residential automation system ofclaim 1, wherein the central system controller includes aplurality of central system control computers in a serverfarm.

8. The computerized residential automation system ofclaim 1, wherein the central system controller includes aplurality of central system controller computers, each centralsystem controller computer being associated with a specificgeographic region.

9. The computerized residential automation system ofclaim 1, wherein the central system controller is configuredto accept inbound connections from a remote computeroperatively coupled to the data network.

10. The computerized residential automation system ofclaim 9, wherein the central system controller includes an


14/16

US 2004/0249922 Al Dec. 9, 2004

authentication algorithm for controlling access to the centralsystem controller to an authorized user of the remote computer.

11. The computerized residential automation system ofclaim 10, wherein the central system controller monitors forunauthorized access from the remote computer.

12. The computerized residential automation system ofclaim 1, wherein the data network is a global computernetwork.

13. The computerized residential automation system ofclaim 12, wherein the global computer network is theWorld-Wide-Web.

14. The computerized residential automation system ofclaim 13, wherein the central system controller provides anaccess Web site on the World-Wide-Web that is configuredto accept Web access from a remote computer operatively

coupled to the World-Wide-Web.15. The computerized residential automation system ofclaim 14, wherein the access Web site is password protectedfor controlling access to the central system controller toauthorized users.

16. The computerized residential automation system ofclaim 14, wherein the access Web site is configured to allowan authorized user of the remote computer to communicatewith the residential automation computer system, whereincommunications between the remote computer and the residential automation computer system are transferred over theconnection initiated with the central system controller by theresidential automation computer system.

17. The computerized residential automation system of

claim 16, wherein the communications between the remotecomputer and the residential automation computer systemare indirect communications that are processed by the central system server.

18. The computerized residential automation system ofclaim 1, further comprising a firewall operatively coupledbetween the data network and the residential automationcomputer system, the firewall preventing inbound data connections to the residential automation computer system fromthe data network.

19. The computerized residential automation system ofclaim 18, wherein the firewall is a hardware componentseparate from the residential automation computer system.

20. A computerized residential automation system comprising:

a central system controller server operatively coupled toa data network;

a residential automation computer system associated witha residence and configured to handle one or moreresidential automation functions; and

a firewall operatively coupling the residential automationcomputer system to the data network and being configured to deny all inbound data connections from thedata network to the residential computer.


claim 20, wherein the residential automation computer system is further configured to initiate a connection with thecentral system controller over the data network for communicating residential automation information between thecentral system controller and the residential automationcomputer system.

22. The computerized residential automation system ofclaim 21, wherein the connection is a secure connectionutilizing encryption algorithms for communications between

the residential automation computer system and the centralsystem controller.23. The computerized residential automation system of

claim 20, wherein communication between the residentialautomation computer system and the central system controller occurs over a maintained secure connection on thedata network.

24. The computerized residential automation system ofclaim 23, wherein the maintained secure connection on thedata network is initiated by at least one of the residentialautomation computer system and the firewall.

25. The computerized residential automation system ofclaim 23, wherein the maintained secure connection isperiodically renegotiated.


claim 23, wherein the maintained secure connection utilizesencryption algorithms for communications between the residential automation computer system and the central systemcontroller.

27. The computerized residential automation system ofclaim 20, wherein the central system controller includes aplurality of central system control computers in a serverfarm.

28. The computerized residential automation system ofclaim 20, wherein the central system controller includes aplurality of central system control computers, each centralsystem control computer being associated with a specificgeographic region.


claim 20, wherein the central system controller is configuredto accept inbound connections from a remote computeroperatively coupled to the data network.

30. The computerized residential automation system ofclaim 29, wherein the central system controller includes anauthentication algorithm for controlling access to the centralsystem controller to authorized users of the remote computer.




34. The computerized residential automation system ofclaim 33, wherein the central system controller provides anaccess Web site on the World-Wide-Web that is configuredto accept Web access from a remote computer operativelycoupled to the World-Wide-Web.

35. The computerized residential automation system ofclaim 34, wherein the access Web site is password protectedfor controlling access to the central system controller toauthorized users.

36. The computerized residential automation system ofclaim 34, wherein the access Web site is configured to allowan authorized user of the remote computer to communicate

with the residential automation computer system, whereincommunications between the remote computer and the residential automation computer system are transferred over aconnection initiated with the central system controller by atleast one of the residential automation computer system andthe firewall.


15/16

US 2004/0249922 Al Dec. 9, 2004

37. The computerized residential automation system ofclaim 36, wherein the communications between the remotecomputer and the residential automation computer system

are indirect communications that are processed by the central system server.38. The computerized residential automation system of

claim 34, wherein the access Web site is configured to allowan authorized user of the remote computer to communicatewith the residential automation computer system, whereincommunications between the remote computer and the residential automation computer system are transferred over amaintained connection between the central system controllerand at least one of the residential automation computersystem and the firewall.

39. A computerized residential automation system comprising:

a central system controller server operatively coupled to

a data network; anda residential automation computer system, operatively

coupled to the data network, the residential automationcomputer system being associated with a residence andconfigured to handle one or more residential automation functions;

the residential automation computer system being configured to deny all inbound data connections from the datanetwork; and

the residential automation computer system being connected with the central system controller over the datanetwork by a maintained secure connection.


claim 39, wherein the maintained secure connection isinitiated by the residential automation computer system.

41. The computerized residential automation system ofclaim 39, wherein the maintained secure connection isperiodically renegotiated.

42. The computerized residential automation system ofclaim 39, wherein the central system controller is configuredto accept inbound connections from a remote computeroperatively coupled to the data network.

43. The computerized residential automation system ofclaim 42, wherein the central system controller includes anauthentication algorithm for controlling access to the centralsystem controller to authorized users of the remote computer.




47. The computerized residential automation system ofclaim 46, wherein the central system controller provides anaccess Web site on the World-Wide-Web that is configuredto accept Web access from a remote computer operativelycoupled to the World-Wide-Web.


claim 47, wherein the access Web site is password protectedfor controlling access to the central system controller toauthorized users.

49. The computerized residential automation system ofclaim 47, wherein the access Web site is configured to allowan authorized user of the remote computer to communicate

with the residential automation computer system, whereincommunications between the remote computer and the residential automation computer system are transferred over the

maintained secure connection.50. The computerized residential automation system ofclaim 49, wherein the communications between the remotecomputer and the residential automation computer systemare indirect communications that are processed by the central system server.

51 . A computerized residential automation system comprising:

a central system controller server operatively coupled toa data network;

a residential automation computer system, operativelycoupled to the data network, the residential automationcomputer system being associated with a residence andconfigured to handle one or more residential automation functions;

means for blocking all inbound connections or connectionrequests to the residential automation computer systemover the data network;

means for initiating a secure connection by the residentialautomation computer system with the central systemcontroller over the data network;

means for accessing the central system controller by anauthorized user on a remote computer; and

means for facilitating communications between the authorized user on the remote computer and the residential

automation computer system via the central systemcontroller and the secure connection.

52. A method for operating a residential automationsystem that includes a central system controller serveroperatively coupled to a data network and a residentialautomation computer system, operatively coupled to thedata network, where the residential automation computersystem being associated with a residence and configured tohandle one or more residential automation functions, themethod including the steps of:

blocking all inbound connections to the residential automation computer system over the data network;

initiating by the residential automation computer systema secure connection with the central system controller;

communicating residential automation system information between the central system controller and theresidential automation computer system over the secureconnection.

53. The method of claim 52, wherein the step of initiatinga secure connection with the central system controllerincludes the step of initiating by the residential automationcomputer system a maintained secure connection.

54. The method of claim 53, further comprising the stepof periodically renegotiating the maintained secure connection.

55. The method of claim 52, wherein the communicatingstep includes the step of utilizing encryption algorithms.

56. The method of claim 52, wherein the communicatingstep includes the step of utilizing public/private key pairtechniques.

57. The method of claim 52, further comprising the stepof accessing the central system controller by a remotecomputer over the data network, wherein the communicat-


16/16

US 2004/0249922 Al

10

Dec. 9, 2004

ing step includes the step of communicating residentialautomation system information between the remote computer and the residential automation computer system via the

central system controller.58. The method of claim 57, wherein the accessing stepincludes the step of authenticating a user of the remotecomputer as having authorized access to the residentialautomation system information.

59. The method of claim 58, further comprising the stepof monitoring for unauthorized access to the central systemcontroller.

60. The method of claim 57, wherein:

the data network is the World-Wide-Web;

the accessing step includes the steps of providing anaccessing Web site by the central system controller andlogging onto the accessing Web site by the remotecomputer; and

the communication step includes the step of communicating residential automation system informationbetween the remote computer and the residential automation computer system via the accessing Web site.

61. A method for operating a residential automationsystem that includes a central system controller serveroperatively coupled to a data network and a residentialautomation computer system, operatively coupled to thedata network, where the residential automation computersystem being associated with a residence and configured tohandle one or more residential automation functions, themethod including the steps of:

blocking all inbound connections to the residential auto

mation computer system over the data network;

maintaining a secure connection between the residentialautomation system and the central system controller onthe data network;

communicating residential automation system information between the central system controller and theresidential automation computer system over the maintained secure connection.


63. The method of claim 61, wherein the communicatingstep includes the step of utilizing encryption algorithms.

64. The method of claim 63, wherein the communicatingstep includes the step of utilizing public/private key pairtechniques.

65. The method of claim 61, further comprising the stepof accessing the central system controller by a remotecomputer over the data network, wherein the communicating step includes the step of communicating residentialautomation system information between the remote computer and the residential automation computer system via thecentral system controller.

66. The method of claim 65, wherein the accessing stepincludes the step of authenticating a user of the remotecomputer as having authorized access to the residentialautomation system information.

67. The method of claim 66, further comprising the step

of monitoring for unauthorized access to the central systemcontroller.

68. The method of claim 65, wherein:

the data network is the World-Wide-Web;

the accessing step includes the steps of providing anaccessing Web site by the central system controller andlogging onto the accessing Web site by the remotecomputer; and

the communication step includes the step of communicating residential automation system informationbetween the remote computer and the residential automation computer system via the accessing Web site.

69. A method for communicating with a residential automation computer system with a remote computer over a datanetwork, comprising the steps of:

accessing a central system controller by the remote computer over the data network;

communicating residential automation system information between the remote computer and the centralsystem controller;

initiating by the residential automation computer systema secure connection on the data network between theresidential automation computer system and the centralsystem controller; and

communicating residential automation system information between the central system controller and theresidential automation computer system over the secureconnection between the central system controller andthe residential automation computer system.

70. The method of claim 69, further comprising the stepof blocking all inbound connections to the residential automation computer system over the data network.

71. A method for communicating with a residential automation computer system with a remote computer over a datanetwork, comprising the steps of:

accessing a central system controller by the remote computer over the data network;

communicating residential automation system information between the remote computer and the centralsystem controller;

maintaining a secure connection on the data network

between the residential automation controller and thecentral system controller; and

communicating residential automation system information between the central system controller and theresidential automation computer system over the secureconnection between the central system controller andthe residential automation computer system.

72. The method of claim 71, further comprising the stepof blocking all inbound connections to the residential automation computer system over the data network.


paper presentation hello-engineers.blogspot

Documents