[go: up one dir, main page]

WO2021166105A1 - Refrigeration cycle device and refrigeration system - Google Patents

Refrigeration cycle device and refrigeration system Download PDF

Info

Publication number
WO2021166105A1
WO2021166105A1 PCT/JP2020/006451 JP2020006451W WO2021166105A1 WO 2021166105 A1 WO2021166105 A1 WO 2021166105A1 JP 2020006451 W JP2020006451 W JP 2020006451W WO 2021166105 A1 WO2021166105 A1 WO 2021166105A1
Authority
WO
WIPO (PCT)
Prior art keywords
refrigeration cycle
password
cycle device
operation terminal
authentication unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2020/006451
Other languages
French (fr)
Japanese (ja)
Inventor
和人 尾越
泰彦 野本
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Priority to JP2022501466A priority Critical patent/JP7300053B2/en
Priority to PCT/JP2020/006451 priority patent/WO2021166105A1/en
Publication of WO2021166105A1 publication Critical patent/WO2021166105A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F24HEATING; RANGES; VENTILATING
    • F24FAIR-CONDITIONING; AIR-HUMIDIFICATION; VENTILATION; USE OF AIR CURRENTS FOR SCREENING
    • F24F11/00Control or safety arrangements
    • F24F11/50Control or safety arrangements characterised by user interfaces or communication
    • F24F11/56Remote control
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F24HEATING; RANGES; VENTILATING
    • F24FAIR-CONDITIONING; AIR-HUMIDIFICATION; VENTILATION; USE OF AIR CURRENTS FOR SCREENING
    • F24F11/00Control or safety arrangements
    • F24F11/50Control or safety arrangements characterised by user interfaces or communication
    • F24F11/56Remote control
    • F24F11/58Remote control using Internet communication
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F25REFRIGERATION OR COOLING; COMBINED HEATING AND REFRIGERATION SYSTEMS; HEAT PUMP SYSTEMS; MANUFACTURE OR STORAGE OF ICE; LIQUEFACTION SOLIDIFICATION OF GASES
    • F25BREFRIGERATION MACHINES, PLANTS OR SYSTEMS; COMBINED HEATING AND REFRIGERATION SYSTEMS; HEAT PUMP SYSTEMS
    • F25B1/00Compression machines, plants or systems with non-reversible cycle
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F25REFRIGERATION OR COOLING; COMBINED HEATING AND REFRIGERATION SYSTEMS; HEAT PUMP SYSTEMS; MANUFACTURE OR STORAGE OF ICE; LIQUEFACTION SOLIDIFICATION OF GASES
    • F25BREFRIGERATION MACHINES, PLANTS OR SYSTEMS; COMBINED HEATING AND REFRIGERATION SYSTEMS; HEAT PUMP SYSTEMS
    • F25B13/00Compression machines, plants or systems, with reversible cycle

Definitions

  • the present disclosure relates to a refrigeration cycle device that authenticates an operation by an operation terminal by a password, and a refrigeration system including the operation terminal and the refrigeration cycle device.
  • Patent Document 1 discloses an air conditioner in which various settings are made based on a short-range wireless communication signal transmitted by a short-range wireless communication from a mobile communication terminal owned by a user. ing.
  • the air conditioner when the password entered in the password input unit is appropriate, processing based on the short-range wireless communication signal is executed. According to the air conditioner, deterioration of security and reliability is suppressed.
  • NFC Near Field Communication
  • a communication standard such as so-called NFC (Near Field Communication)
  • a predetermined frequency for example, 13.56 MHz.
  • a communication method that enables two-way communication over a short distance is envisioned. In the communication method, it is relatively unlikely that a third party will intervene. Therefore, in Patent Document 1, security measures against password eavesdropping during short-range wireless communication are not considered.
  • the present disclosure has been made to solve the above-mentioned problems, and an object thereof is to improve the security of a refrigeration cycle device that can be remotely controlled by an operation terminal.
  • the refrigeration cycle device can be remotely controlled from an operation terminal.
  • the refrigeration cycle device includes a control unit and a certification unit.
  • the control unit controls the refrigeration cycle device.
  • the authentication unit is connected to the operating terminal via an external network of the refrigeration cycle device.
  • the authentication unit issues the first password to the operation terminal.
  • the operation terminal transmits an operation command for the refrigeration cycle device together with the second password to the authentication unit.
  • the authentication unit permits the control unit to execute an operation command when the second password is received within the reference time from the issuance timing of the first password and when the second password matches the first password. ..
  • the refrigeration system includes at least one refrigeration cycle device, an authentication unit, and an operation terminal.
  • the certification unit is connected to at least one refrigeration cycle device via an external network of at least one refrigeration cycle device.
  • the operation terminal is connected to the authentication unit via the network.
  • the authentication unit issues the first password to the operation terminal.
  • the operation terminal transmits an operation command for at least one refrigeration cycle device together with the second password to the authentication unit.
  • the authentication unit executes at least one refrigeration cycle of the operation command. Allow the device.
  • the refrigeration system includes at least one refrigeration cycle device and an operation terminal.
  • the operating terminal is connected to at least one refrigeration cycle device via an external network of at least one refrigeration cycle device.
  • the operation terminal includes an authentication unit that issues a first password.
  • the operation terminal receives an operation command for at least one refrigeration cycle device from the user together with the second password.
  • the authentication unit executes at least one refrigeration cycle of the operation command. Send to device.
  • the refrigeration cycle apparatus and the refrigeration system when the second password is received within the reference time from the issuance timing of the first password and the second password matches the first password.
  • the operation terminal By executing the operation command from the operation terminal, it is possible to improve the security of the refrigeration cycle device that can be remotely controlled by the operation terminal.
  • FIG. It is a block diagram which shows the functional structure of the air-conditioning system which is an example of the refrigeration system which concerns on Embodiment 1.
  • FIG. It is a block diagram which shows the functional structure of the air conditioner of FIG.
  • FIG. It is a functional block diagram which shows the hardware configuration of the control device of FIG.
  • It is a flowchart which shows the flow of a password issuance process.
  • FIG. 1 It is a figure which shows the functional structure of the air conditioner which is an example of the refrigerating cycle apparatus provided in the refrigerating system which concerns on Embodiment 2.
  • FIG. 2 It is a figure which shows the functional structure of the air conditioner which is an example of the refrigerating cycle apparatus provided in the refrigerating system which concerns on Embodiment 3.
  • FIG. 2 It is a block diagram which shows the functional structure of the air-conditioning system which is an example of the refrigeration system which concerns on Embodiment 4.
  • FIG. It is a block diagram which shows the functional structure of the air-conditioning system which is an example of the refrigeration system which concerns on Embodiment 5.
  • FIG. 1 is a block diagram showing a functional configuration of an air conditioning system 1 which is an example of a refrigeration system according to the first embodiment.
  • the air conditioning system 1 includes a system controller 100 (operation terminal) and a plurality of air conditioners 200 (refrigeration cycle devices).
  • the system controller 100 is connected to each of the plurality of air conditioners 200 via an external network 900 of the air conditioner 200.
  • the network 900 includes, for example, the Internet and a WAN (Wide Area Network). Remote control of each of the plurality of air conditioners 200 is possible from the system controller 100.
  • the system controller 100 receives an operation command for the air conditioner 200 together with a password from the user.
  • a system not shown under the control of a third party is connected to the network 900.
  • the air conditioning system 1 is, for example, a commercial refrigeration system.
  • the refrigeration cycle device is not limited to the air conditioner, and may be, for example, a refrigerator, a dehumidifier, a water heater, a chiller, or a showcase.
  • FIG. 2 is a block diagram showing a functional configuration of the air conditioner 200 of FIG.
  • the air conditioner 200 includes an outdoor unit 210, a plurality of indoor units 300, and a plurality of remote controllers 400.
  • the outdoor unit 210 includes, for example, a compressor, a heat exchanger, and an expansion valve (all not shown).
  • Each of the plurality of indoor units 300 includes, for example, a heat exchanger and a blower (both not shown).
  • Refrigerant circulates between the outdoor unit 210 and the plurality of indoor units 300.
  • the plurality of remote controllers 400 are directly connected to each of the plurality of indoor units 300 without going through the network 900.
  • the remote controller 400 is arranged in or near the space air-conditioned by the corresponding indoor unit 300.
  • the user can operate the remote controller 400 to change, for example, a set temperature, an operation mode, an air volume, and an air direction.
  • the outdoor unit 210 includes a control device 220.
  • the control device 220 includes a control unit 221 and an authentication unit 230.
  • the control unit 221 controls each of the outdoor unit 210 and the plurality of indoor units 300.
  • the control unit 221 controls, for example, the drive frequency of the compressor and the opening degree of the expansion valve.
  • the control device 220 is connected to the network 900.
  • FIG. 3 is a functional block diagram showing the hardware configuration of the control device 220 of FIG.
  • the control device 220 includes a processing circuit 21, a memory 22, and an input / output unit 23.
  • the processing circuit 21 may be dedicated hardware or a CPU (Central Processing Unit) that executes a program stored in the memory 22.
  • the processing circuit 21 includes, for example, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC (Application Specific Integrated Circuit), an FPGA ( Field Programmable Gate Array) or a combination of these is applicable.
  • the processing circuit 21 is a CPU, the function of the control device 220 is realized by software, firmware, or a combination of software and firmware.
  • the software or firmware is described as a program and stored in the memory 22.
  • the processing circuit 21 reads and executes the program stored in the memory 22.
  • Each function of the control unit 221 and the authentication unit 230 is realized by the processing circuit 21 that executes the control program and the authentication program stored in the memory 22.
  • the CPU is also called a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, a processor, or a DSP (Digital Signal Processor).
  • the memory 22 includes a non-volatile or volatile semiconductor memory (for example, RAM (Random Access Memory), ROM (Read Only Memory), flash memory, EPROM (Erasable Programmable Read Only Memory), or EEPROM (Electrically Erasable Programmable Read Only Memory). )), And includes magnetic discs, flexible discs, optical discs, compact discs, mini discs, or DVDs (Digital Versatile Discs).
  • RAM Random Access Memory
  • ROM Read Only Memory
  • flash memory for example, EPROM (Erasable Programmable Read Only Memory), or EEPROM (Electrically Erasable Programmable Read Only Memory).
  • EPROM Erasable Programmable Read Only Memory
  • EEPROM Electrically Erasable Programmable Read Only Memory
  • the input / output unit 23 receives an operation from the user and outputs the processing result to the user.
  • the input / output unit 23 includes, for example, a mouse, a keyboard, a touch panel, a display, and a speaker.
  • FIG. 4 is a diagram showing the functional configuration of the authentication unit 230 and the flow of the terminal registration process, the password issuance process, and the authentication process performed between the authentication unit 230 and the system controller 100.
  • the step is simply referred to as S.
  • S11 to S23 in FIG. 4 correspond to S11 to S23 in the flowcharts of FIGS. 5 and 6, which will be described later in FIG. 4, respectively.
  • the authentication unit 230 includes a terminal registration unit 231, an authentication determination unit 232, a password generation unit 233, and a password verification unit 234.
  • the functions of the terminal registration unit 231, the authentication determination unit 232, the password generation unit 233, and the password verification unit 234 are realized by the processing circuit 21 that executes the authentication program.
  • the terminal registration process, password issuance process, and authentication process are performed in this order.
  • the terminal registration process is performed directly on the substrate of the control device 220 during construction or maintenance of the air conditioner 200.
  • the terminal information of the system controller 100 and the user level are associated and registered in the terminal registration unit 231.
  • the terminal information is identification information unique to the system controller 100, and includes, for example, the serial number of the system controller 100 or the IP (Internet Protocol) address.
  • the user level defines at least one specific operation command allowed on the system controller 100. The higher the user level, the wider the types and ranges of operations that the system controller 100 can perform.
  • the highest user level for example, software initialization and update commands that control the air conditioning system are allowed.
  • level 2 which is an intermediate user level, for example, temperature setting commands and operation switching commands are permitted.
  • level 3 for example, start and stop commands for air conditioning operation are allowed.
  • the user level does not have to be set in three stages, and may be set in two stages or four or more stages.
  • FIG. 5 is a flowchart showing the flow of the password issuance process.
  • FIG. 6 is a flowchart showing the flow of the authentication process.
  • the step is simply referred to as S.
  • the connection nodes N1 and N2 in FIGS. 5 and 6 are connection nodes for the processes shown in FIG. 5 and the processes shown in FIG.
  • the system controller 100 transmits an operation application command to the authentication determination unit 232 with reference to FIGS. 4 and 5.
  • the operation application command includes the terminal information of the system controller 100 and the user level.
  • the authentication determination unit 232 determines whether or not the terminal information of the system controller 100 is a registered operation terminal registered in the terminal registration unit 231. When the system controller 100 is not a registered operation terminal (NO in S12), the authentication determination unit 232 skips the password issuing process and the authentication process and ends the process.
  • the system controller 100 is a registered operation terminal (YES in S12)
  • the authentication determination unit 232 acquires a one-time password (first password) from the password generation unit 233 in S13, and proceeds to the process in S14.
  • the authentication determination unit 232 transmits a one-time password to the system controller 100 in S14.
  • the authentication determination unit 232 stores the one-time password, the issuance timing of the one-time password, and the terminal information of the system controller 100 in association with each other.
  • the system controller 100 displays the one-time password received from the authentication determination unit 232 on a display unit (for example, a display) (not shown).
  • FIG. 6 is a flowchart showing the flow of the authentication process.
  • S13 and S14 in FIG. 6 are the same as S13 and S14 in FIG. 5, respectively.
  • the system controller 100 transmits the one-time password (second password) input by the user and the operation command for the air conditioner 200 to the authentication determination unit 232.
  • the authentication determination unit 232 determines whether or not the reference time (for example, 30 minutes) has elapsed from the issuance timing of the one-time password issued to the system controller 100. If the reference time has elapsed from the issuance timing (YES in S16), the authentication determination unit 232 considers that the one-time password is invalid and returns the process to S13.
  • the reference time for example, 30 minutes
  • the password collation unit 234 is issued in S13 and the one-time password received from the system controller 100 in S17, assuming that the one-time password is valid. Match with the one-time password.
  • the authentication determination unit 232 assumes that the authentication of the system controller 100 has failed, increments the number of authentications in S18, and proceeds to the process in S19.
  • the authentication determination unit 232 determines in S19 whether or not the number of authentications is greater than the reference number of times (for example, 3 times). When the number of authentications is equal to or less than the reference number (NO in S19), the authentication determination unit 232 returns the process to S16. When the number of authentications is larger than the reference number (YES in S19), the authentication determination unit 232 performs an access blocking process in S20 on the assumption that there is a suspicious access, and then ends the process.
  • the access blocking process includes, for example, notifying a predetermined contact that a suspicious access has been made from the system controller 100, blocking access from the system controller 100 for a certain period of time (for example, one day), and blocking the access. This includes reissuing the one-time password after a certain period of time.
  • the access cutoff time in S20 may be changeable in the board setting of the control device 220.
  • the authentication determination unit 232 capable of operating commands sent from the system controller 100 together with the one-time password in S21 at the user level of the system controller 100? Judge whether or not. If the operation command is not permitted at the user level (NO in S21), the authentication determination unit 232 notifies the system controller 100 that the operation command is not permitted at the user level of the system controller 100 in S22. And the process proceeds to S24. When the operation command is permitted at the user level (YES in S21), the authentication determination unit 232 permits the execution of the operation command in S23 and proceeds to the process in S24. The authentication determination unit 232 clears the number of authentications to 0 in S24 and ends the authentication process.
  • the password required for remote operation of the air conditioner 200 via the network 900 is a one-time password that is valid only for a certain period of time
  • the one-time password becomes invalid after the certain period of time has elapsed. .. Therefore, the security against eavesdropping on the network 900 can be improved.
  • the information registered in the terminal registration unit 231 in association with the user level is not limited to the terminal information of the system controller 100.
  • information unique to the air conditioning system 1 or the air conditioner 200 such as a system ID (Identification) or a synonym, may be registered in advance in the terminal registration unit 231 by the system administrator in association with the user level.
  • the unique information may be set for each user who is allowed to operate the air conditioning system 1. In this case, if the unique information is notified to the user in advance, the user can receive the issuance of the one-time password by inputting the unique information from the operation terminal. However, in this case, by inputting unique information even at a high user level (a level higher than the reference level), authentication becomes possible and the security of the air conditioning system 1 may be lowered.
  • personal authentication may be separately provided to identify the user who operates the operation terminal.
  • the user registers the personal information known only to the user from the operation terminal.
  • Information that identifies an individual is read by the reading function of the operation terminal. Examples of the reading function of the operation terminal include a function of reading an employee ID card by NFC (Near Field Communication) and a function of reading user information by a barcode reader.
  • Embodiment 2 In the first embodiment, a case where a configuration having an authentication function using a one-time password is formed in the outdoor unit has been described.
  • the configuration may be formed in the indoor unit.
  • FIG. 7 is a diagram showing a functional configuration of an air conditioner 200B, which is an example of a refrigeration cycle device included in the refrigeration system according to the second embodiment.
  • the configuration of the air conditioner 200B is such that the control device 220 and the indoor unit 300 in FIG. 2 are replaced with the control device 220B and the indoor unit 300B, respectively.
  • the configuration of the control device 220B is such that the authentication unit 230 is removed from the control device 220 of FIG.
  • the configuration of the indoor unit 300B is such that the authentication unit 230B is added to the indoor unit 300 of FIG.
  • the authentication unit 230B has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.
  • Embodiment 3 In the first embodiment, the case where the configuration having the authentication function by the one-time password is formed in the outdoor unit has been described, and in the second embodiment, the case where the configuration is formed in the indoor unit has been described.
  • the configuration may be formed in the remote controller.
  • FIG. 8 is a diagram showing a functional configuration of an air conditioner 200C, which is an example of a refrigeration cycle device included in the refrigeration system according to the third embodiment.
  • the configuration of the air conditioner 200C is such that the control device 220 and the remote controller 400 in FIG. 2 are replaced with the control device 220C and the remote controller 400C, respectively.
  • the configuration of the control device 220C is such that the authentication unit 230 is removed from the control device 220 of FIG.
  • the configuration of the remote controller 400C is a configuration in which the authentication unit 230C is added to the remote controller 400 of FIG.
  • the authentication unit 230C has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.
  • the remote controller 400C Since it is assumed that the remote controller 400C frequently receives operations by a user in the space air-conditioned by the indoor unit 300, the remote controller 400C is often arranged inside or near the space. On the other hand, the outdoor unit 210 is often arranged away from the space.
  • the authentication unit 230C on the remote controller 400C, an operation terminal capable of remotely controlling the air conditioner 200D by a user in the space using the remote controller 400C closer to the user than the outdoor unit 210 is authenticated. It can be registered in 230C. Therefore, the convenience of the user of the air conditioner 200C can be improved.
  • Embodiment 4 In the first to third embodiments, a case where a configuration having an authentication function using a one-time password is formed in the refrigeration cycle apparatus has been described.
  • the configuration may be formed in the operation terminal.
  • FIG. 9 is a block diagram showing the functional configuration of the air conditioning system 4, which is an example of the refrigeration system according to the fourth embodiment.
  • the configuration of the air conditioning system 4 is such that the system controller 100 and the air conditioner 200 of FIG. 1 are replaced with the system controller 100D and the air conditioner 200D.
  • the configuration of the air conditioner 200D is such that the certification unit 230 is removed from the air conditioner 200 of FIG.
  • the system controller 100D has a configuration in which an authentication unit 230D is added to the system controller 100 shown in FIG.
  • the authentication unit 230D has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.
  • the system controller 100D and the air conditioner 200D are connected via the network 900, it is assumed that the system controller 100D is located remotely from the air conditioner 200D.
  • the authentication unit 230D on the system controller 100D, the user of the system controller 100D can remotely operate the air conditioner 200D by using the system controller 100D that is closer to the user than the air conditioner 200D. It can be registered in 230D. Therefore, the convenience of the user of the system controller 100D can be improved.
  • Embodiment 5 In the first to fourth embodiments, a case where a configuration having a one-time password authentication function is formed in the operation terminal or the air conditioner has been described.
  • the configuration may be formed in other devices, servers or systems connected to the network other than the operating terminal and the air conditioner.
  • FIG. 10 is a block diagram showing a functional configuration of an air conditioning system 5, which is an example of the refrigeration system according to the fifth embodiment.
  • the configuration of the air conditioning system 5 is such that the air conditioner 200 in FIG. 1 is replaced with 200E and a cloud server 500 is added.
  • the configuration of the air conditioner 200E is such that the certification unit 230 is removed from the air conditioner 200 of FIG.
  • the cloud server 500 is connected to the network 900.
  • An authentication unit 230E is formed on the cloud server 500.
  • the authentication unit 230E has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.
  • the authentication unit 230E is formed in the cloud server 500 outside the system controller 100 and the air conditioner 200E, it is possible to reduce the memory consumption of both by executing the authentication software. Further, the maintenance of the authentication unit 230E can be performed by updating the authentication software installed in the cloud server 500. Since the maintenance of the authentication unit 230E can be performed separately from the operations of the air conditioner 200E and the system controller 100, the maintenance cost can be reduced.
  • Embodiment 6 In the first to fifth embodiments, a refrigeration system including a plurality of refrigeration cycle devices has been described. In the sixth embodiment, a refrigeration system including one refrigeration cycle device will be described.
  • FIG. 11 is a block diagram showing a functional configuration of an air conditioning system 6 which is an example of the refrigeration system according to the sixth embodiment.
  • the configuration of the air conditioning system 6 is such that the plurality of air conditioners 200 in FIG. 1 are replaced with one air conditioner 200F, and the system controller 100 is replaced with a smartphone 100F (operation terminal).
  • the air conditioning system 6 is, for example, a home refrigeration system.
  • a certification unit 230F is formed on the air conditioner 200F.
  • the authentication unit 230F has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.
  • the smartphone 100F is connected to the network 900 according to a wireless communication method such as LTE (Long Term Evolution) or wireless LAN (Local Area Network).
  • the terminal information of the smartphone 100F includes the telephone number and the e-mail address of the smartphone 100F.
  • the one-time password from the authentication unit 230F may be notified to the smartphone 100F by SMS (Short Message Service) or e-mail.
  • SMS Short Message Service
  • e-mail e-mail
  • another mobile terminal such as a tablet terminal or a notebook computer may be used.
  • the authentication unit 230F may be formed on the smartphone 100F or may be formed on a cloud system connected to the network 900.
  • the administrator sets unique information for the air conditioning system such as ID or password preset in the terminal registration unit and the user level associated with it for each user.
  • unique information is acquired by an unauthorized user, a one-time password is issued and remote control is possible by the unauthorized user. Since problems can occur especially at the high user level, which is greatly affected by unauthorized operations, it is desirable to perform the following block processing in order to prevent the issuance of one-time passwords to unauthorized users.
  • the remote controller closest to the smartphone performs the block processing.
  • the remote controller displays the verification code on the display screen of the remote controller and prompts the user to enter the verification code on the input screen of the smartphone application. prompt. If the authentication code is not entered, the wireless connection is determined to be an unauthorized connection and blocked.
  • the wireless connection by the smartphone is made by Bluetooth (registered trademark), if the radio wave strength from the smartphone is weaker than the threshold value, it is judged as an unauthorized connection and blocked.
  • the wireless connection is Wi-Fi (registered trademark)
  • Wi-Fi registered trademark
  • 1,4,5,6 air conditioner system 21 processing circuit, 22 memory, 23 input / output unit, 100,100D system controller, 100F smartphone, 200,200B-200F air conditioner, 210 outdoor unit, 220,220B, 220C controller , 221 control unit, 230, 230B to 230F authentication unit, 231 terminal registration unit, 232 authentication judgment unit, 233 password generation unit, 234 password verification unit, 300, 300B indoor unit, 400, 400C remote controller, 500 cloud server, 900 network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Chemical & Material Sciences (AREA)
  • Combustion & Propulsion (AREA)
  • Physics & Mathematics (AREA)
  • Thermal Sciences (AREA)
  • Air Conditioning Control Device (AREA)
  • Compression-Type Refrigeration Machines With Reversible Cycles (AREA)
  • Telephonic Communication Services (AREA)
  • Selective Calling Equipment (AREA)

Abstract

This refrigeration cycle device can be controlled remotely from an operation terminal (100). The refrigeration cycle device comprises a control unit and an authentication unit (230). The control unit controls the refrigeration cycle device. The authentication unit (230) connects with the operation terminal (100) through a network that is external to the refrigeration cycle device. The authentication unit (230) issues a first password to the operation terminal (100). The operation terminal (100) sends a second password and an operation command for the refrigeration cycle device to the authentication unit (230). If the authentication unit (230) receives the second password within a standard period of time from the timing at which the first password was issued, and the second password matches the first password, the authentication unit (230) permits the control unit to execute the operation command.

Description

冷凍サイクル装置および冷凍システムRefrigeration cycle equipment and refrigeration system

 本開示は、操作端末による操作をパスワードによって認証する冷凍サイクル装置、および当該操作端末および当該冷凍サイクル装置を備える冷凍システムに関する。 The present disclosure relates to a refrigeration cycle device that authenticates an operation by an operation terminal by a password, and a refrigeration system including the operation terminal and the refrigeration cycle device.

 従来、操作端末による操作をパスワードによって認証する冷凍サイクル装置が知られている。たとえば、特開2018-44735号公報(特許文献1)には、利用者が有する携帯通信端末から近距離無線通信によって送信される近距離無線通信信号に基づき各種設定が行われる空調装置が開示されている。当該空調装置においては、パスワード入力部に入力されたパスワードが適切である場合に、近距離無線通信信号に基づく処理が実行される。当該空調装置によれば、セキュリティ性および信頼性の低下が抑制される。 Conventionally, a refrigeration cycle device that authenticates an operation by an operation terminal with a password is known. For example, Japanese Patent Application Laid-Open No. 2018-44735 (Patent Document 1) discloses an air conditioner in which various settings are made based on a short-range wireless communication signal transmitted by a short-range wireless communication from a mobile communication terminal owned by a user. ing. In the air conditioner, when the password entered in the password input unit is appropriate, processing based on the short-range wireless communication signal is executed. According to the air conditioner, deterioration of security and reliability is suppressed.

特開2018-44735号公報Japanese Unexamined Patent Publication No. 2018-44735

 近年、インターネット等の多数の中継地点を経由するネットワークが発達し、様々な分野の装置に対して、当該ネットワークを利用した遠隔操作が実現されている。冷凍サイクル装置に関しても、当該ネットワークを利用した遠隔操作が想定される。冷凍サイクル装置は、室内空間の空調、温水の供給、あるいは食品の保存温度の調節等に利用されることがあるため、ユーザの体調に直接的な影響を与え得る。したがって、第三者の介在が想定されるネットワークを利用した冷凍サイクル装置の遠隔操作においては、第三者による当該ネットワークからのパスワードの盗聴に対する高度のセキュリティが必要とされる。 In recent years, networks that pass through a large number of relay points such as the Internet have been developed, and remote control using the networks has been realized for devices in various fields. Remote control using the network is also assumed for the refrigeration cycle device. Since the refrigeration cycle device may be used for air conditioning of an indoor space, supply of hot water, adjustment of storage temperature of food, etc., it may directly affect the physical condition of the user. Therefore, in the remote control of the refrigeration cycle device using the network where the intervention of a third party is assumed, a high degree of security is required against the eavesdropping of the password from the network by the third party.

 一方、特許文献1における「近距離無線通信」は、いわゆるNFC(Near Field Communication)等の通信規格であり、予め定められた周波数(たとえば13.56MHz)を用いて数センチからおよそ1メートル程度の近距離における双方向通信を可能とする通信方式が想定されている。当該通信方式において、第三者が介在する可能性は比較的低い。そのため、特許文献1においては、近距離無線通信を行っている間におけるパスワードの盗聴に対するセキュリティ対策は考慮されていない。 On the other hand, "near field communication" in Patent Document 1 is a communication standard such as so-called NFC (Near Field Communication), and is about several centimeters to about 1 meter using a predetermined frequency (for example, 13.56 MHz). A communication method that enables two-way communication over a short distance is envisioned. In the communication method, it is relatively unlikely that a third party will intervene. Therefore, in Patent Document 1, security measures against password eavesdropping during short-range wireless communication are not considered.

 本開示は、上述のような課題を解決するためになされたものであり、その目的は、操作端末による遠隔操作が可能な冷凍サイクル装置のセキュリティを向上させることである。 The present disclosure has been made to solve the above-mentioned problems, and an object thereof is to improve the security of a refrigeration cycle device that can be remotely controlled by an operation terminal.

 本開示の一局面に係る冷凍サイクル装置は、操作端末からの遠隔操作が可能である。冷凍サイクル装置は、制御部と、認証部とを備える。制御部は、冷凍サイクル装置を制御する。認証部は、冷凍サイクル装置の外部のネットワークを介して操作端末に接続される。認証部は、第1パスワードを操作端末に発行する。操作端末は、第2パスワードとともに冷凍サイクル装置に対する操作コマンドを認証部に送信する。認証部は、第1パスワードの発行タイミングから基準時間以内に第2パスワードを受信する場合であって、かつ第2パスワードが第1パスワードと一致する場合に、操作コマンドの実行を制御部に許可する。 The refrigeration cycle device according to one aspect of the present disclosure can be remotely controlled from an operation terminal. The refrigeration cycle device includes a control unit and a certification unit. The control unit controls the refrigeration cycle device. The authentication unit is connected to the operating terminal via an external network of the refrigeration cycle device. The authentication unit issues the first password to the operation terminal. The operation terminal transmits an operation command for the refrigeration cycle device together with the second password to the authentication unit. The authentication unit permits the control unit to execute an operation command when the second password is received within the reference time from the issuance timing of the first password and when the second password matches the first password. ..

 本開示の他の局面に係る冷凍システムは、少なくとも1つの冷凍サイクル装置と、認証部と、操作端末とを備える。認証部は、少なくとも1つの冷凍サイクル装置の外部のネットワークを介して少なくとも1つの冷凍サイクル装置に接続されている。操作端末は、ネットワークを介して認証部に接続される。認証部は、第1パスワードを操作端末に発行する。操作端末は、第2パスワードとともに少なくとも1つの冷凍サイクル装置に対する操作コマンドを認証部に送信する。認証部は、第1パスワードの発行タイミングから基準時間以内に第2パスワードを受信する場合であって、かつ第2パスワードが第1パスワードと一致する場合に、操作コマンドの実行を少なくとも1つの冷凍サイクル装置に許可する。 The refrigeration system according to another aspect of the present disclosure includes at least one refrigeration cycle device, an authentication unit, and an operation terminal. The certification unit is connected to at least one refrigeration cycle device via an external network of at least one refrigeration cycle device. The operation terminal is connected to the authentication unit via the network. The authentication unit issues the first password to the operation terminal. The operation terminal transmits an operation command for at least one refrigeration cycle device together with the second password to the authentication unit. When the authentication unit receives the second password within the reference time from the issuance timing of the first password and the second password matches the first password, the authentication unit executes at least one refrigeration cycle of the operation command. Allow the device.

 本開示の他の局面に係る冷凍システムは、少なくとも1つの冷凍サイクル装置と、操作端末とを備える。操作端末は、少なくとも1つの冷凍サイクル装置の外部のネットワークを介して少なくとも1つの冷凍サイクル装置に接続される。操作端末は、第1パスワードを発行する認証部を含む。操作端末は、ユーザから第2パスワードとともに少なくとも1つの冷凍サイクル装置に対する操作コマンドを受ける。認証部は、第1パスワードの発行タイミングから基準時間以内に第2パスワードを受信する場合であって、かつ第2パスワードが第1パスワードと一致する場合に、操作コマンドの実行を少なくとも1つの冷凍サイクル装置に送信する。 The refrigeration system according to another aspect of the present disclosure includes at least one refrigeration cycle device and an operation terminal. The operating terminal is connected to at least one refrigeration cycle device via an external network of at least one refrigeration cycle device. The operation terminal includes an authentication unit that issues a first password. The operation terminal receives an operation command for at least one refrigeration cycle device from the user together with the second password. When the authentication unit receives the second password within the reference time from the issuance timing of the first password and the second password matches the first password, the authentication unit executes at least one refrigeration cycle of the operation command. Send to device.

 本開示に係る冷凍サイクル装置および冷凍システムによれば、第1パスワードの発行タイミングから基準時間以内に第2パスワードが受信される場合であって、かつ第2パスワードが第1パスワードと一致する場合に操作端末からの操作コマンドが実行されることにより、操作端末による遠隔操作が可能な冷凍サイクル装置のセキュリティを向上させることができる。 According to the refrigeration cycle apparatus and the refrigeration system according to the present disclosure, when the second password is received within the reference time from the issuance timing of the first password and the second password matches the first password. By executing the operation command from the operation terminal, it is possible to improve the security of the refrigeration cycle device that can be remotely controlled by the operation terminal.

実施の形態1に係る冷凍システムの一例である空調システムの機能構成を示すブロック図である。It is a block diagram which shows the functional structure of the air-conditioning system which is an example of the refrigeration system which concerns on Embodiment 1. FIG. 図1の空調機の機能構成を示すブロック図である。It is a block diagram which shows the functional structure of the air conditioner of FIG. 図2の制御装置のハードウェア構成を示す機能ブロック図である。It is a functional block diagram which shows the hardware configuration of the control device of FIG. 認証部の機能構成、および認証部とシステムコントローラとの間で行われる端末登録処理、パスワード発行処理、および認証処理の流れを併せて示す図である。It is a figure which also shows the functional structure of an authentication part, and the flow of a terminal registration process, a password issuance process, and an authentication process performed between an authentication part and a system controller. パスワード発行処理の流れを示すフローチャートである。It is a flowchart which shows the flow of a password issuance process. 認証処理の流れを示すフローチャートである。It is a flowchart which shows the flow of an authentication process. 実施の形態2に係る冷凍システムが備える冷凍サイクル装置の一例である空調機の機能構成を示す図である。It is a figure which shows the functional structure of the air conditioner which is an example of the refrigerating cycle apparatus provided in the refrigerating system which concerns on Embodiment 2. FIG. 実施の形態3に係る冷凍システムが備える冷凍サイクル装置の一例である空調機の機能構成を示す図である。It is a figure which shows the functional structure of the air conditioner which is an example of the refrigerating cycle apparatus provided in the refrigerating system which concerns on Embodiment 3. FIG. 実施の形態4に係る冷凍システムの一例である空調システムの機能構成を示すブロック図である。It is a block diagram which shows the functional structure of the air-conditioning system which is an example of the refrigeration system which concerns on Embodiment 4. FIG. 実施の形態5に係る冷凍システムの一例である空調システムの機能構成を示すブロック図である。It is a block diagram which shows the functional structure of the air-conditioning system which is an example of the refrigeration system which concerns on Embodiment 5. 実施の形態6に係る冷凍システムの一例である空調システムの機能構成を示すブロック図である。It is a block diagram which shows the functional structure of the air-conditioning system which is an example of the refrigeration system which concerns on Embodiment 6.

 以下、本開示の実施の形態について、図面を参照しながら詳細に説明する。なお、図中同一または相当部分には同一符号を付してその説明は原則として繰り返さない。 Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings. In principle, the same or corresponding parts in the drawings are designated by the same reference numerals and the description is not repeated.

 実施の形態1.
 図1は、実施の形態1に係る冷凍システムの一例である空調システム1の機能構成を示すブロック図である。図1に示されるように、空調システム1は、システムコントローラ100(操作端末)と、複数の空調機200(冷凍サイクル装置)とを備える。システムコントローラ100は、空調機200の外部のネットワーク900を介して複数の空調機200の各々に接続されている。ネットワーク900は、たとえばインターネットおよびWAN(Wide Area Network)を含む。システムコントローラ100から複数の空調機200の各々の遠隔操作が可能である。システムコントローラ100は、ユーザからパスワードとともに空調機200に対する操作コマンドを受ける。ネットワーク900には、サードパーティの管理下にある不図示のシステム(たとえばクラウドサーバおよびメールサーバ)が接続されている。空調システム1は、たとえば業務用の冷凍システムである。なお、冷凍サイクル装置は空調機に限定されず、たとえば、冷凍機、除湿機、給湯器、チラー、またはショーケースであってもよい。 Embodiment 1.
FIG. 1 is a block diagram showing a functional configuration of an air conditioning system 1 which is an example of a refrigeration system according to the first embodiment. As shown in FIG. 1, the air conditioning system 1 includes a system controller 100 (operation terminal) and a plurality of air conditioners 200 (refrigeration cycle devices). The system controller 100 is connected to each of the plurality of air conditioners 200 via an external network 900 of the air conditioner 200. The network 900 includes, for example, the Internet and a WAN (Wide Area Network). Remote control of each of the plurality of air conditioners 200 is possible from the system controller 100. The system controller 100 receives an operation command for the air conditioner 200 together with a password from the user. A system (eg, cloud server and mail server) not shown under the control of a third party is connected to the network 900. The air conditioning system 1 is, for example, a commercial refrigeration system. The refrigeration cycle device is not limited to the air conditioner, and may be, for example, a refrigerator, a dehumidifier, a water heater, a chiller, or a showcase.

 図2は、図1の空調機200の機能構成を示すブロック図である。図2に示されるように、空調機200は、室外機210と、複数の室内機300と、複数のリモートコントローラ400とを含む。室外機210は、たとえば圧縮機、熱交換器、および膨張弁(いずれも不図示)を含む。複数の室内機300の各々は、たとえば熱交換器および送風装置(いずれも不図示)を含む。室外機210と複数の室内機300との間を冷媒が循環する。複数のリモートコントローラ400は、複数の室内機300の各々に、ネットワーク900を介さずに直接接続されている。リモートコントローラ400は、対応する室内機300が空調する空間内、または当該空間の近傍に配置されている。ユーザは、リモートコントローラ400を操作して、たとえば、設定温度、運転モード、風量、および風向を変更することができる。 FIG. 2 is a block diagram showing a functional configuration of the air conditioner 200 of FIG. As shown in FIG. 2, the air conditioner 200 includes an outdoor unit 210, a plurality of indoor units 300, and a plurality of remote controllers 400. The outdoor unit 210 includes, for example, a compressor, a heat exchanger, and an expansion valve (all not shown). Each of the plurality of indoor units 300 includes, for example, a heat exchanger and a blower (both not shown). Refrigerant circulates between the outdoor unit 210 and the plurality of indoor units 300. The plurality of remote controllers 400 are directly connected to each of the plurality of indoor units 300 without going through the network 900. The remote controller 400 is arranged in or near the space air-conditioned by the corresponding indoor unit 300. The user can operate the remote controller 400 to change, for example, a set temperature, an operation mode, an air volume, and an air direction.

 室外機210は、制御装置220を含む。制御装置220は、制御部221と、認証部230とを含む。制御部221は、室外機210および複数の室内機300の各々を制御する。制御部221は、たとえば、圧縮機の駆動周波数、および膨張弁の開度を制御する。制御装置220は、ネットワーク900に接続されている。 The outdoor unit 210 includes a control device 220. The control device 220 includes a control unit 221 and an authentication unit 230. The control unit 221 controls each of the outdoor unit 210 and the plurality of indoor units 300. The control unit 221 controls, for example, the drive frequency of the compressor and the opening degree of the expansion valve. The control device 220 is connected to the network 900.

 図3は、図2の制御装置220のハードウェア構成を示す機能ブロック図である。図2に示されるように、制御装置220は、処理回路21と、メモリ22と、入出力部23とを含む。処理回路21は、専用のハードウェアであってもよいし、メモリ22に格納されるプログラムを実行するCPU(Central Processing Unit)であってもよい。処理回路21が専用のハードウェアである場合、処理回路21には、たとえば、単一回路、複合回路、プログラム化されたプロセッサ、並列プログラム化されたプロセッサ、ASIC(Application Specific Integrated Circuit)、FPGA(Field Programmable Gate Array)、あるいはこれらを組み合わせたものが該当する。処理回路21がCPUの場合、制御装置220の機能は、ソフトウェア、ファームウェア、またはソフトウェアとファームウェアとの組み合わせにより実現される。ソフトウェアあるいはファームウェアは、プログラムとして記述され、メモリ22に格納される。処理回路21は、メモリ22に記憶されたプログラムを読み出して実行する。制御部221および認証部230の各々の機能は、メモリ22に格納された制御プログラムおよび認証プログラムを実行する処理回路21によって実現される。なお、CPUは、中央処理装置、処理装置、演算装置、マイクロプロセッサ、マイクロコンピュータ、プロセッサ、あるいはDSP(Digital Signal Processor)とも呼ばれる。 FIG. 3 is a functional block diagram showing the hardware configuration of the control device 220 of FIG. As shown in FIG. 2, the control device 220 includes a processing circuit 21, a memory 22, and an input / output unit 23. The processing circuit 21 may be dedicated hardware or a CPU (Central Processing Unit) that executes a program stored in the memory 22. When the processing circuit 21 is dedicated hardware, the processing circuit 21 includes, for example, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC (Application Specific Integrated Circuit), an FPGA ( Field Programmable Gate Array) or a combination of these is applicable. When the processing circuit 21 is a CPU, the function of the control device 220 is realized by software, firmware, or a combination of software and firmware. The software or firmware is described as a program and stored in the memory 22. The processing circuit 21 reads and executes the program stored in the memory 22. Each function of the control unit 221 and the authentication unit 230 is realized by the processing circuit 21 that executes the control program and the authentication program stored in the memory 22. The CPU is also called a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, a processor, or a DSP (Digital Signal Processor).

 メモリ22には、不揮発性または揮発性の半導体メモリ(たとえばRAM(Random Access Memory)、ROM(Read Only Memory)、フラッシュメモリ、EPROM(Erasable Programmable Read Only Memory)、あるいはEEPROM(Electrically Erasable Programmable Read Only Memory))、および磁気ディスク、フレキシブルディスク、光ディスク、コンパクトディスク、ミニディスク、あるいはDVD(Digital Versatile Disc)が含まれる。 The memory 22 includes a non-volatile or volatile semiconductor memory (for example, RAM (Random Access Memory), ROM (Read Only Memory), flash memory, EPROM (Erasable Programmable Read Only Memory), or EEPROM (Electrically Erasable Programmable Read Only Memory). )), And includes magnetic discs, flexible discs, optical discs, compact discs, mini discs, or DVDs (Digital Versatile Discs).

 入出力部23は、ユーザからの操作を受けるとともに、処理結果をユーザに出力する。入出力部23は、たとえば、マウス、キーボード、タッチパネル、ディスプレイ、およびスピーカを含む。 The input / output unit 23 receives an operation from the user and outputs the processing result to the user. The input / output unit 23 includes, for example, a mouse, a keyboard, a touch panel, a display, and a speaker.

 図4は、認証部230の機能構成、および認証部230とシステムコントローラ100との間で行われる端末登録処理、パスワード発行処理、および認証処理の流れを併せて示す図である。以下ではステップを単にSと記載する。図4におけるS11~S23は、図4の後に説明する図5および図6のフローチャートのS11~S23にそれぞれ対応する。 FIG. 4 is a diagram showing the functional configuration of the authentication unit 230 and the flow of the terminal registration process, the password issuance process, and the authentication process performed between the authentication unit 230 and the system controller 100. In the following, the step is simply referred to as S. S11 to S23 in FIG. 4 correspond to S11 to S23 in the flowcharts of FIGS. 5 and 6, which will be described later in FIG. 4, respectively.

 図4に示されるように、認証部230は、端末登録部231と、認証判定部232と、パスワード生成部233と、パスワード照合部234とを含む。なお、端末登録部231、認証判定部232、パスワード生成部233、およびパスワード照合部234の各機能は、認証プログラムを実行する処理回路21によって実現される。 As shown in FIG. 4, the authentication unit 230 includes a terminal registration unit 231, an authentication determination unit 232, a password generation unit 233, and a password verification unit 234. The functions of the terminal registration unit 231, the authentication determination unit 232, the password generation unit 233, and the password verification unit 234 are realized by the processing circuit 21 that executes the authentication program.

 端末登録処理、パスワード発行処理、および認証処理の順に行われる。端末登録処理は、空調機200の施工時またはメンテナンス時に、制御装置220の基板に対して直接行われる。端末登録処理においては、システムコントローラ100の端末情報およびユーザレベルが関連付けられて端末登録部231に登録される。 The terminal registration process, password issuance process, and authentication process are performed in this order. The terminal registration process is performed directly on the substrate of the control device 220 during construction or maintenance of the air conditioner 200. In the terminal registration process, the terminal information of the system controller 100 and the user level are associated and registered in the terminal registration unit 231.

 端末情報は、システムコントローラ100に固有の識別情報であり、たとえば、システムコントローラ100の製造番号、またはIP(Internet Protocol)アドレスを含む。ユーザレベルは、システムコントローラ100に許可される少なくとも1つの特定操作コマンドを定める。ユーザレベルが高いほどシステムコントローラ100が可能な操作の種類が広く、範囲が広い。最も高いユーザレベルであるレベル1においては、たとえば、空調システムを制御するソフトウェアの初期化コマンドおよび更新コマンドが許可される。中間的なユーザレベルであるレベル2においては、たとえば温度設定コマンドおよび運転切替コマンドが許可される。最も低いユーザレベルであるレベル3においては、たとえば空調運転の開始コマンドおよび停止コマンドが許可される。なお、ユーザレベルは、3段階に設定される必要はなく、2段階に設定されてもよいし、4段階以上に設定されてもよい。 The terminal information is identification information unique to the system controller 100, and includes, for example, the serial number of the system controller 100 or the IP (Internet Protocol) address. The user level defines at least one specific operation command allowed on the system controller 100. The higher the user level, the wider the types and ranges of operations that the system controller 100 can perform. At level 1, the highest user level, for example, software initialization and update commands that control the air conditioning system are allowed. At level 2, which is an intermediate user level, for example, temperature setting commands and operation switching commands are permitted. At the lowest user level, level 3, for example, start and stop commands for air conditioning operation are allowed. The user level does not have to be set in three stages, and may be set in two stages or four or more stages.

 図5は、パスワード発行処理の流れを示すフローチャートである。図6は、認証処理の流れを示すフローチャートである。以下ではステップを単にSと記載する。なお、図5および図6における接続ノードN1,N2は、図5に示される処理および図6に示される処理の接続ノードである。 FIG. 5 is a flowchart showing the flow of the password issuance process. FIG. 6 is a flowchart showing the flow of the authentication process. In the following, the step is simply referred to as S. The connection nodes N1 and N2 in FIGS. 5 and 6 are connection nodes for the processes shown in FIG. 5 and the processes shown in FIG.

 図4および図5を併せて参照しながら、S11において、システムコントローラ100は、認証判定部232へ操作申請コマンドを送信する。操作申請コマンドには、システムコントローラ100の端末情報およびユーザレベルが含まれる。S12において、認証判定部232は、システムコントローラ100の端末情報が端末登録部231に登録されている登録済み操作端末であるか否かを判定する。システムコントローラ100が登録済み操作端末ではない場合(S12においてNO)、認証判定部232は、パスワード発行処理および認証処理をスキップして処理を終了する。システムコントローラ100が登録済み操作端末である場合(S12においてYES)、認証判定部232は、S13においてパスワード生成部233からワンタイムパスワード(第1パスワード)を取得して、処理をS14に進める。認証判定部232は、S14において、システムコントローラ100にワンタイムパスワードを送信する。認証判定部232は、ワンタイムパスワード、当該ワンタイムパスワードの発行タイミング、およびシステムコントローラ100の端末情報を関連付けて保存する。システムコントローラ100は、認証判定部232から受けたワンタイムパスワードを不図示の表示部(たとえばディスプレイ)に表示する。 In S11, the system controller 100 transmits an operation application command to the authentication determination unit 232 with reference to FIGS. 4 and 5. The operation application command includes the terminal information of the system controller 100 and the user level. In S12, the authentication determination unit 232 determines whether or not the terminal information of the system controller 100 is a registered operation terminal registered in the terminal registration unit 231. When the system controller 100 is not a registered operation terminal (NO in S12), the authentication determination unit 232 skips the password issuing process and the authentication process and ends the process. When the system controller 100 is a registered operation terminal (YES in S12), the authentication determination unit 232 acquires a one-time password (first password) from the password generation unit 233 in S13, and proceeds to the process in S14. The authentication determination unit 232 transmits a one-time password to the system controller 100 in S14. The authentication determination unit 232 stores the one-time password, the issuance timing of the one-time password, and the terminal information of the system controller 100 in association with each other. The system controller 100 displays the one-time password received from the authentication determination unit 232 on a display unit (for example, a display) (not shown).

 図6は、認証処理の流れを示すフローチャートである。図6におけるS13,S14は、図5のS13,S14とそれぞれ同じである。図6に示されるように、S15においてシステムコントローラ100は、ユーザによって入力されたワンタイムパスワード(第2パスワード)および空調機200に対する操作コマンドを認証判定部232へ送信する。認証判定部232は、S16において、システムコントローラ100に発行されたワンタイムパスワードの発行タイミングから基準時間(たとえば30分)が経過しているか否かを判定する。当該発行タイミングから基準時間が経過している場合(S16においてYES)、当該ワンタイムパスワードは無効であるとして、認証判定部232は、処理はS13に戻す。当該発行タイミングから基準時間が経過していない場合(S16においてNO)、当該ワンタイムパスワードは有効であるとして、パスワード照合部234は、S17においてシステムコントローラ100から受信したワンタイムパスワードとS13において発行されたワンタイムパスワードとを照合する。 FIG. 6 is a flowchart showing the flow of the authentication process. S13 and S14 in FIG. 6 are the same as S13 and S14 in FIG. 5, respectively. As shown in FIG. 6, in S15, the system controller 100 transmits the one-time password (second password) input by the user and the operation command for the air conditioner 200 to the authentication determination unit 232. In S16, the authentication determination unit 232 determines whether or not the reference time (for example, 30 minutes) has elapsed from the issuance timing of the one-time password issued to the system controller 100. If the reference time has elapsed from the issuance timing (YES in S16), the authentication determination unit 232 considers that the one-time password is invalid and returns the process to S13. If the reference time has not elapsed from the issuance timing (NO in S16), the password collation unit 234 is issued in S13 and the one-time password received from the system controller 100 in S17, assuming that the one-time password is valid. Match with the one-time password.

 システムコントローラ100から受信したワンタイムパスワードが正しくない場合(S17においてNO)、認証判定部232は、システムコントローラ100の認証に失敗したとして、S18において認証回数をインクリメントして、処理をS19に進める。認証判定部232は、S19において認証回数が基準回数(たとえば3回)より大きいか否かを判定する。認証回数が基準回数以下である場合(S19においてNO)、認証判定部232は、処理をS16に戻す。認証回数が基準回数より大きい場合(S19においてYES)、認証判定部232は、不審なアクセスがあったとしてS20においてアクセス遮断処理を行った後、処理を終了する。アクセス遮断処理には、たとえばシステムコントローラ100から不審なアクセスがあった旨を予め定められた連絡先への通知すること、システムコントローラ100からのアクセスを一定時間(たとえば1日)遮断すること、および当該一定時間後のワンタイムパスワードの再発行が含まれる。S20におけるアクセスの遮断時間は、制御装置220の基板設定において変更可能であってもよい。 If the one-time password received from the system controller 100 is incorrect (NO in S17), the authentication determination unit 232 assumes that the authentication of the system controller 100 has failed, increments the number of authentications in S18, and proceeds to the process in S19. The authentication determination unit 232 determines in S19 whether or not the number of authentications is greater than the reference number of times (for example, 3 times). When the number of authentications is equal to or less than the reference number (NO in S19), the authentication determination unit 232 returns the process to S16. When the number of authentications is larger than the reference number (YES in S19), the authentication determination unit 232 performs an access blocking process in S20 on the assumption that there is a suspicious access, and then ends the process. The access blocking process includes, for example, notifying a predetermined contact that a suspicious access has been made from the system controller 100, blocking access from the system controller 100 for a certain period of time (for example, one day), and blocking the access. This includes reissuing the one-time password after a certain period of time. The access cutoff time in S20 may be changeable in the board setting of the control device 220.

 システムコントローラ100から受信したワンタイムパスワードが正しい場合(S17においてYES)、認証判定部232は、S21において、ワンタイムパスワードとともにシステムコントローラ100から送信された操作コマンドがシステムコントローラ100のユーザレベルにおいて可能か否かを判定する。当該操作コマンドが当該ユーザレベルにおいて許可されていない場合(S21においてNO)、認証判定部232は、S22において、システムコントローラ100のユーザレベルでは今回の操作コマンドが許可されないことをシステムコントローラ100に通知して処理をS24に進める。当該操作コマンドが当該ユーザレベルにおいて許可されている場合(S21においてYES)、認証判定部232は、S23において、操作コマンドの実行を許可して処理をS24に進める。認証判定部232は、S24おいて認証回数を0にクリアして認証処理を終了する。 If the one-time password received from the system controller 100 is correct (YES in S17), is the authentication determination unit 232 capable of operating commands sent from the system controller 100 together with the one-time password in S21 at the user level of the system controller 100? Judge whether or not. If the operation command is not permitted at the user level (NO in S21), the authentication determination unit 232 notifies the system controller 100 that the operation command is not permitted at the user level of the system controller 100 in S22. And the process proceeds to S24. When the operation command is permitted at the user level (YES in S21), the authentication determination unit 232 permits the execution of the operation command in S23 and proceeds to the process in S24. The authentication determination unit 232 clears the number of authentications to 0 in S24 and ends the authentication process.

 空調システム1によれば、ネットワーク900を介した空調機200の遠隔操作に必要なパスワードが一定期間のみ有効なワンタイムパスワードであることにより、当該一定期間経過後は当該ワンタイムパスワードが無効となる。そのため、ネットワーク900における盗聴に対するセキュリティを向上させることができる。 According to the air conditioning system 1, since the password required for remote operation of the air conditioner 200 via the network 900 is a one-time password that is valid only for a certain period of time, the one-time password becomes invalid after the certain period of time has elapsed. .. Therefore, the security against eavesdropping on the network 900 can be improved.

 なお、端末登録部231にユーザレベルと関連付けられて登録される情報は、システムコントローラ100の端末情報に限定されない。たとえば、システム管理者によって予め端末登録部231に、システムID(Identification)または合言葉など空調システム1または空調機200にユニークな情報がユーザレベルと関連付けられて登録されてもよい。当該ユニークな情報は、空調システム1に対する操作が許容されるユーザごとに設定されてもよい。この場合、予め当該ユニークな情報をユーザに通知しておけば、当該ユーザは操作端末からユニークな情報を入力することにより、ワンタイムパスワードの発行を受けることができる。ただし、この場合、高いユーザレベル(基準レベルより高いレベル)においてもユニークな情報を入れることにより、認証が可能になり、空調システム1のセキュリティが低下し得る。そこで、ユーザレベルが基準レベルより高い場合、ユニークな情報が合致する場合でも、当該操作端末を操作するユーザを特定するための個人認証が別途設けられてもよい。当該個人認証に必要な情報は、たとえば、最初のワンタイムパスワードの発行を受けた際に、ユーザが操作端末から当該ユーザしか知らない個人情報を登録する。操作端末の有する読み取り機能により個人を特定する情報が読み取られる。操作端末の有する読み取り機能としては、たとえば、NFC(Near Field Communication)による従業員証の読み取り機能、または、バーコードリーダによるユーザ情報の読み取り機能を挙げることができる。 The information registered in the terminal registration unit 231 in association with the user level is not limited to the terminal information of the system controller 100. For example, information unique to the air conditioning system 1 or the air conditioner 200, such as a system ID (Identification) or a synonym, may be registered in advance in the terminal registration unit 231 by the system administrator in association with the user level. The unique information may be set for each user who is allowed to operate the air conditioning system 1. In this case, if the unique information is notified to the user in advance, the user can receive the issuance of the one-time password by inputting the unique information from the operation terminal. However, in this case, by inputting unique information even at a high user level (a level higher than the reference level), authentication becomes possible and the security of the air conditioning system 1 may be lowered. Therefore, when the user level is higher than the reference level, even if the unique information matches, personal authentication may be separately provided to identify the user who operates the operation terminal. For the information required for the personal authentication, for example, when the first one-time password is issued, the user registers the personal information known only to the user from the operation terminal. Information that identifies an individual is read by the reading function of the operation terminal. Examples of the reading function of the operation terminal include a function of reading an employee ID card by NFC (Near Field Communication) and a function of reading user information by a barcode reader.

 以上、実施の形態1に係る冷凍システムによれば、操作端末による遠隔操作が可能な冷凍サイクル装置のセキュリティを向上させることができる。 As described above, according to the refrigeration system according to the first embodiment, it is possible to improve the security of the refrigeration cycle device that can be remotely controlled by the operation terminal.

 実施の形態2.
 実施の形態1においては、ワンタイムパスワードによる認証機能を有する構成が、室外機に形成されている場合について説明した。当該構成は、室内機に形成されてもよい。 Embodiment 2.
In the first embodiment, a case where a configuration having an authentication function using a one-time password is formed in the outdoor unit has been described. The configuration may be formed in the indoor unit.

 図7は、実施の形態2に係る冷凍システムが備える冷凍サイクル装置の一例である空調機200Bの機能構成を示す図である。空調機200Bの構成は、図2の制御装置220および室内機300が制御装置220Bおよび室内機300Bにそれぞれ置き換えられた構成である。制御装置220Bの構成は、図2の制御装置220から認証部230が除かれた構成である。室内機300Bの構成は、図2の室内機300に認証部230Bが追加された構成である。認証部230Bは、図2の認証部230と同様の機能を有する。これら以外は同様であるため、説明を繰り返さない。 FIG. 7 is a diagram showing a functional configuration of an air conditioner 200B, which is an example of a refrigeration cycle device included in the refrigeration system according to the second embodiment. The configuration of the air conditioner 200B is such that the control device 220 and the indoor unit 300 in FIG. 2 are replaced with the control device 220B and the indoor unit 300B, respectively. The configuration of the control device 220B is such that the authentication unit 230 is removed from the control device 220 of FIG. The configuration of the indoor unit 300B is such that the authentication unit 230B is added to the indoor unit 300 of FIG. The authentication unit 230B has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.

 以上、実施の形態2に係る冷凍システムによれば、操作端末による遠隔操作が可能な冷凍サイクル装置のセキュリティを向上させることができる。 As described above, according to the refrigeration system according to the second embodiment, it is possible to improve the security of the refrigeration cycle device that can be remotely controlled by the operation terminal.

 実施の形態3.
 実施の形態1ではワンタイムパスワードによる認証機能を有する構成が室外機に形成されている場合について説明し、実施の形態2においては当該構成が室内機に形成されている場合について説明した。当該構成は、リモートコントローラに形成されてもよい。 Embodiment 3.
In the first embodiment, the case where the configuration having the authentication function by the one-time password is formed in the outdoor unit has been described, and in the second embodiment, the case where the configuration is formed in the indoor unit has been described. The configuration may be formed in the remote controller.

 図8は、実施の形態3に係る冷凍システムが備える冷凍サイクル装置の一例である空調機200Cの機能構成を示す図である。空調機200Cの構成は、図2の制御装置220およびリモートコントローラ400が制御装置220Cおよびリモートコントローラ400Cにそれぞれ置き換えられた構成である。制御装置220Cの構成は、図2の制御装置220から認証部230が除かれた構成である。リモートコントローラ400Cの構成は、図2のリモートコントローラ400に認証部230Cが追加された構成である。認証部230Cは、図2の認証部230と同様の機能を有する。これら以外は同様であるため、説明を繰り返さない。 FIG. 8 is a diagram showing a functional configuration of an air conditioner 200C, which is an example of a refrigeration cycle device included in the refrigeration system according to the third embodiment. The configuration of the air conditioner 200C is such that the control device 220 and the remote controller 400 in FIG. 2 are replaced with the control device 220C and the remote controller 400C, respectively. The configuration of the control device 220C is such that the authentication unit 230 is removed from the control device 220 of FIG. The configuration of the remote controller 400C is a configuration in which the authentication unit 230C is added to the remote controller 400 of FIG. The authentication unit 230C has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.

 リモートコントローラ400Cは、室内機300によって空調される空間内にいるユーザによる操作を頻繁に受け付けることが想定されるため、当該空間の内部または当該空間の近傍に配置されることが多い。一方、室外機210は、当該空間から離れて配置されることが多い。リモートコントローラ400Cに認証部230Cが形成されていることにより、当該空間内にいるユーザが室外機210より当該ユーザに近いリモートコントローラ400Cを用いて、空調機200Dを遠隔操作可能な操作端末を認証部230Cに登録することができる。そのため、空調機200Cのユーザの利便性を向上させることができる。 Since it is assumed that the remote controller 400C frequently receives operations by a user in the space air-conditioned by the indoor unit 300, the remote controller 400C is often arranged inside or near the space. On the other hand, the outdoor unit 210 is often arranged away from the space. By forming the authentication unit 230C on the remote controller 400C, an operation terminal capable of remotely controlling the air conditioner 200D by a user in the space using the remote controller 400C closer to the user than the outdoor unit 210 is authenticated. It can be registered in 230C. Therefore, the convenience of the user of the air conditioner 200C can be improved.

 以上、実施の形態3に係る冷凍システムによれば、操作端末による遠隔操作が可能な冷凍サイクル装置のセキュリティを向上させることができる。 As described above, according to the refrigeration system according to the third embodiment, it is possible to improve the security of the refrigeration cycle device that can be remotely controlled by the operation terminal.

 実施の形態4.
 実施の形態1~3においては、ワンタイムパスワードによる認証機能を有する構成が冷凍サイクル装置に形成されている場合について説明した。当該構成は、操作端末に形成されていてもよい。 Embodiment 4.
In the first to third embodiments, a case where a configuration having an authentication function using a one-time password is formed in the refrigeration cycle apparatus has been described. The configuration may be formed in the operation terminal.

 図9は、実施の形態4に係る冷凍システムの一例である空調システム4の機能構成を示すブロック図である。空調システム4の構成は、図1のシステムコントローラ100および空調機200が、システムコントローラ100Dおよび空調機200Dに置き換えられた構成である。空調機200Dの構成は、図1の空調機200から認証部230が除かれた構成である。システムコントローラ100Dは、図1のシステムコントローラ100に認証部230Dが加えられた構成である。認証部230Dは、図2の認証部230と同様の機能を有する。これら以外は同様であるため、説明を繰り返さない。 FIG. 9 is a block diagram showing the functional configuration of the air conditioning system 4, which is an example of the refrigeration system according to the fourth embodiment. The configuration of the air conditioning system 4 is such that the system controller 100 and the air conditioner 200 of FIG. 1 are replaced with the system controller 100D and the air conditioner 200D. The configuration of the air conditioner 200D is such that the certification unit 230 is removed from the air conditioner 200 of FIG. The system controller 100D has a configuration in which an authentication unit 230D is added to the system controller 100 shown in FIG. The authentication unit 230D has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.

 システムコントローラ100Dと空調機200Dとは、ネットワーク900を介して接続されているため、システムコントローラ100Dは空調機200Dから遠隔に配置されていることが想定される。システムコントローラ100Dに認証部230Dが形成されていることにより、システムコントローラ100Dのユーザが空調機200Dよりも当該ユーザに近いシステムコントローラ100Dを用いて、空調機200Dを遠隔操作可能な操作端末を認証部230Dに登録することができる。そのため、システムコントローラ100Dのユーザの利便性を向上させることができる。 Since the system controller 100D and the air conditioner 200D are connected via the network 900, it is assumed that the system controller 100D is located remotely from the air conditioner 200D. By forming the authentication unit 230D on the system controller 100D, the user of the system controller 100D can remotely operate the air conditioner 200D by using the system controller 100D that is closer to the user than the air conditioner 200D. It can be registered in 230D. Therefore, the convenience of the user of the system controller 100D can be improved.

 以上、実施の形態4に係る冷凍システムによれば、操作端末による遠隔操作が可能な冷凍サイクル装置のセキュリティを向上させることができる。 As described above, according to the refrigeration system according to the fourth embodiment, it is possible to improve the security of the refrigeration cycle device that can be remotely controlled by the operation terminal.

 実施の形態5.
 実施の形態1~4においては、ワンタイムパスワードによる認証機能を有する構成が操作端末または空調機に形成されている場合について説明した。当該構成は、操作端末および空調機以外の、ネットワークに接続されている他の装置、サーバまたはシステムに形成されてもよい。 Embodiment 5.
In the first to fourth embodiments, a case where a configuration having a one-time password authentication function is formed in the operation terminal or the air conditioner has been described. The configuration may be formed in other devices, servers or systems connected to the network other than the operating terminal and the air conditioner.

 図10は、実施の形態5に係る冷凍システムの一例である空調システム5の機能構成を示すブロック図である。空調システム5の構成は、図1の空調機200が200Eに置き換えられているとともに、クラウドサーバ500が追加された構成である。空調機200Eの構成は、図1の空調機200から認証部230が除かれた構成である。クラウドサーバ500は、ネットワーク900に接続されている。クラウドサーバ500には、認証部230Eが形成されている。認証部230Eは、図2の認証部230と同様の機能を有する。これら以外は同様であるため、説明を繰り返さない。 FIG. 10 is a block diagram showing a functional configuration of an air conditioning system 5, which is an example of the refrigeration system according to the fifth embodiment. The configuration of the air conditioning system 5 is such that the air conditioner 200 in FIG. 1 is replaced with 200E and a cloud server 500 is added. The configuration of the air conditioner 200E is such that the certification unit 230 is removed from the air conditioner 200 of FIG. The cloud server 500 is connected to the network 900. An authentication unit 230E is formed on the cloud server 500. The authentication unit 230E has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.

 空調システム5においては、認証部230Eがシステムコントローラ100および空調機200Eの外部のクラウドサーバ500に形成されているため、認証ソフトウェアの実行による両者のメモリの消費量を削減することができる。また、認証部230Eのメンテナンスを、クラウドサーバ500にインストールされている認証ソフトウェアの更新によって行うことができる。認証部230Eのメンテナンスを空調機200Eおよびシステムコントローラ100の動作とは切り離して行うことができるため、当該メンテナンスコストを低減することができる。 In the air conditioner system 5, since the authentication unit 230E is formed in the cloud server 500 outside the system controller 100 and the air conditioner 200E, it is possible to reduce the memory consumption of both by executing the authentication software. Further, the maintenance of the authentication unit 230E can be performed by updating the authentication software installed in the cloud server 500. Since the maintenance of the authentication unit 230E can be performed separately from the operations of the air conditioner 200E and the system controller 100, the maintenance cost can be reduced.

 以上、実施の形態5に係る冷凍システムによれば、操作端末による遠隔操作が可能な冷凍サイクル装置のセキュリティを向上させることができる。 As described above, according to the refrigeration system according to the fifth embodiment, it is possible to improve the security of the refrigeration cycle device that can be remotely controlled by the operation terminal.

 実施の形態6.
 実施の形態1~5においては、複数の冷凍サイクル装置を備える冷凍システムについて説明した。実施の形態6においては、1つの冷凍サイクル装置を備える冷凍システムについて説明する。 Embodiment 6.
In the first to fifth embodiments, a refrigeration system including a plurality of refrigeration cycle devices has been described. In the sixth embodiment, a refrigeration system including one refrigeration cycle device will be described.

 図11は、実施の形態6に係る冷凍システムの一例である空調システム6の機能構成を示すブロック図である。空調システム6の構成は、図1の複数の空調機200が1つの空調機200Fに置き換えられているとともに、システムコントローラ100がスマートフォン100F(操作端末)に置き換えられた構成である。空調システム6は、たとえば家庭用の冷凍システムである。空調機200Fには、認証部230Fが形成されている。認証部230Fは、図2の認証部230と同様の機能を有する。これら以外は同様であるため、説明を繰り返さない。 FIG. 11 is a block diagram showing a functional configuration of an air conditioning system 6 which is an example of the refrigeration system according to the sixth embodiment. The configuration of the air conditioning system 6 is such that the plurality of air conditioners 200 in FIG. 1 are replaced with one air conditioner 200F, and the system controller 100 is replaced with a smartphone 100F (operation terminal). The air conditioning system 6 is, for example, a home refrigeration system. A certification unit 230F is formed on the air conditioner 200F. The authentication unit 230F has the same function as the authentication unit 230 of FIG. Other than these, the description is the same, so the description will not be repeated.

 スマートフォン100Fは、たとえばLTE(Long Term Evolution)または無線LAN(Local Area Network)のような無線通信方式に従ってネットワーク900に接続される。スマートフォン100Fの端末情報には、スマートフォン100Fの電話番号およびメールアドレスが含まれる。認証部230Fからのワンタイムパスワードは、SMS(Short Message Service)または電子メールによってスマートフォン100Fに通知されてもよい。なお、スマートフォン100Fに替えて、スタブレット端末またはノートパソコンのような他の携帯端末が用いられてもよい。また、認証部230Fは、スマートフォン100Fに形成されていてもよいし、ネットワーク900に接続されたクラウドシステムに形成されていてもよい。 The smartphone 100F is connected to the network 900 according to a wireless communication method such as LTE (Long Term Evolution) or wireless LAN (Local Area Network). The terminal information of the smartphone 100F includes the telephone number and the e-mail address of the smartphone 100F. The one-time password from the authentication unit 230F may be notified to the smartphone 100F by SMS (Short Message Service) or e-mail. Instead of the smartphone 100F, another mobile terminal such as a tablet terminal or a notebook computer may be used. Further, the authentication unit 230F may be formed on the smartphone 100F or may be formed on a cloud system connected to the network 900.

 操作端末がスマートフォンである場合、管理者が端末登録部に予め設定したIDまたは合言葉などの空調システムにユニークな情報とそれに関連付けられたユーザレベルをユーザごとに設定することになる。不正なユーザに当該ユニークな情報が取得されると、ワンタイムパスワードが発行されて、当該不正なユーザによって遠隔操作が可能となる。不正な操作による影響が大きい高いユーザレベルでは特に問題が生じ得るので、不正なユーザへのワンタイムパスワードの発行を防止するために、次のようなブロック処理が行われることが望ましい。スマートフォンによる無線接続が行われる場合、当該スマートフォンに最も近いリモートコントローラが当該ブロック処理を行う。高いユーザレベルによる操作に関してユニークな情報の入力があった場合、リモートコントローラは、リモートコントローラの表示画面に認証コードを表示し、スマートフォンのアプリケーションの入力画面に当該認証コードを入力するように当該ユーザに促す。当該認証コードの入力がない場合、当該無線接続は、不正接続と判断されてブロックされる。スマートフォンによる無線接続がブルートゥース(登録商標)によって行われる場合、スマートフォンからの電波強度が閾値以下の弱さでは不正接続と判断されてブロックされる。当該無線接続がWi-Fi(登録商標)の場合、スマートフォンの電波の中継ルートがあらかじめ定められたルート以外のときは不正接続と判断されてブロックされる。ただし、当該認証処理の結果、ユーザレベルが最高レベルのユーザ(たとえば正規のシステム管理者)でもワンタイムパスワードが発行されず、遠隔操作が不可能になる可能性がある。そこで、ユーザレベルが最高レベルである場合には、スマートフォンのアプリケーション上での特定操作を要する認証処理により本人が特定されることを条件に、上記ブロック処理が解除されて、遠隔操作が可能になることが望ましい。 When the operation terminal is a smartphone, the administrator sets unique information for the air conditioning system such as ID or password preset in the terminal registration unit and the user level associated with it for each user. When the unique information is acquired by an unauthorized user, a one-time password is issued and remote control is possible by the unauthorized user. Since problems can occur especially at the high user level, which is greatly affected by unauthorized operations, it is desirable to perform the following block processing in order to prevent the issuance of one-time passwords to unauthorized users. When a wireless connection is made by a smartphone, the remote controller closest to the smartphone performs the block processing. When unique information is entered regarding operations at a high user level, the remote controller displays the verification code on the display screen of the remote controller and prompts the user to enter the verification code on the input screen of the smartphone application. prompt. If the authentication code is not entered, the wireless connection is determined to be an unauthorized connection and blocked. When the wireless connection by the smartphone is made by Bluetooth (registered trademark), if the radio wave strength from the smartphone is weaker than the threshold value, it is judged as an unauthorized connection and blocked. When the wireless connection is Wi-Fi (registered trademark), if the relay route of the radio wave of the smartphone is other than the predetermined route, it is determined to be an unauthorized connection and blocked. However, as a result of the authentication process, even a user with the highest user level (for example, a legitimate system administrator) may not be issued a one-time password, and remote control may become impossible. Therefore, when the user level is the highest level, the block processing is canceled and remote control becomes possible on the condition that the person is identified by the authentication process that requires a specific operation on the smartphone application. Is desirable.

 以上、実施の形態6に係る冷凍システムによれば、操作端末による遠隔操作が可能な冷凍サイクル装置のセキュリティを向上させることができる。 As described above, according to the refrigeration system according to the sixth embodiment, it is possible to improve the security of the refrigeration cycle device that can be remotely controlled by the operation terminal.

 今回開示された各実施の形態は、矛盾しない範囲で適宜組み合わせて実施することも予定されている。今回開示された実施の形態はすべての点で例示であって制限的なものではないと考えられるべきである。本開示の範囲は上記した説明ではなくて請求の範囲によって示され、請求の範囲と均等の意味および範囲内でのすべての変更が含まれることが意図される。 It is also planned that the embodiments disclosed this time will be appropriately combined and implemented within a consistent range. It should be considered that the embodiments disclosed this time are exemplary in all respects and not restrictive. The scope of the present disclosure is indicated by the scope of claims rather than the above description, and is intended to include all modifications within the meaning and scope of the claims.

 1,4,5,6 空調システム、21 処理回路、22 メモリ、23 入出力部、100,100D システムコントローラ、100F スマートフォン、200,200B~200F 空調機、210 室外機、220,220B,220C 制御装置、221 制御部、230,230B~230F 認証部、231 端末登録部、232 認証判定部、233 パスワード生成部、234 パスワード照合部、300,300B 室内機、400,400C リモートコントローラ、500 クラウドサーバ、900 ネットワーク。 1,4,5,6 air conditioner system, 21 processing circuit, 22 memory, 23 input / output unit, 100,100D system controller, 100F smartphone, 200,200B-200F air conditioner, 210 outdoor unit, 220,220B, 220C controller , 221 control unit, 230, 230B to 230F authentication unit, 231 terminal registration unit, 232 authentication judgment unit, 233 password generation unit, 234 password verification unit, 300, 300B indoor unit, 400, 400C remote controller, 500 cloud server, 900 network.

Claims (13)

 操作端末からの遠隔操作が可能な冷凍サイクル装置であって、
 前記冷凍サイクル装置を制御する制御部と、
 前記冷凍サイクル装置の外部のネットワークを介して前記操作端末に接続される認証部とを備え、
 前記認証部は、第1パスワードを前記操作端末に発行し、
 前記操作端末は、第2パスワードとともに前記冷凍サイクル装置に対する操作コマンドを前記認証部に送信し、
 前記認証部は、前記第1パスワードの発行タイミングから基準時間以内に前記第2パスワードを受信する場合であって、かつ前記第2パスワードが前記第1パスワードと一致する場合に、前記操作コマンドの実行を前記制御部に許可する、冷凍サイクル装置。 It is a refrigeration cycle device that can be operated remotely from an operation terminal.
A control unit that controls the refrigeration cycle device and
It is provided with an authentication unit connected to the operation terminal via an external network of the refrigeration cycle device.
The authentication unit issues a first password to the operation terminal.
The operation terminal transmits an operation command for the refrigeration cycle device together with the second password to the authentication unit.
The authentication unit executes the operation command when the second password is received within the reference time from the issuance timing of the first password and when the second password matches the first password. A refrigeration cycle device that permits the control unit.  前記認証部は、前記認証部に予め登録された少なくとも1つの登録済み操作端末の識別情報に前記操作端末の識別情報が含まれていない場合、前記第1パスワードを前記操作端末に発行しない、請求項1に記載の冷凍サイクル装置。 The authentication unit does not issue the first password to the operation terminal when the identification information of at least one registered operation terminal registered in the authentication unit does not include the identification information of the operation terminal. Item 2. The refrigeration cycle apparatus according to item 1.  前記認証部は、前記識別情報と、前記操作端末に許可される少なくとも1つの特定操作コマンドを定めるユーザレベルとを関連付けて登録し、前記操作コマンドが前記少なくとも1つの特定操作コマンドに含まれない場合、前記操作コマンドを実行しない、請求項2に記載の冷凍サイクル装置。 The authentication unit registers the identification information in association with a user level that defines at least one specific operation command permitted to the operation terminal, and the operation command is not included in the at least one specific operation command. The refrigeration cycle apparatus according to claim 2, wherein the operation command is not executed.  前記冷凍サイクル装置は、
 室外機と、
 少なくとも1つの室内機と、
 前記少なくとも1つの室内機に前記ネットワークを介さずにそれぞれ接続された少なくとも1つのリモートコントローラとをさらに備え、
 前記認証部は、前記室外機、前記少なくとも1つの室内機、および前記少なくとも1つのリモートコントローラのいずれかに形成されている、請求項3に記載の冷凍サイクル装置。 The refrigeration cycle device is
Outdoor unit and
With at least one indoor unit
The at least one indoor unit is further provided with at least one remote controller connected to each of the indoor units without going through the network.
The refrigeration cycle device according to claim 3, wherein the authentication unit is formed in any one of the outdoor unit, the at least one indoor unit, and the at least one remote controller.  前記ネットワークは、インターネットを含む、請求項4に記載の冷凍サイクル装置。 The refrigeration cycle device according to claim 4, wherein the network includes the Internet.  前記操作端末は、スマートフォンを含む、請求項5に記載の冷凍サイクル装置。 The refrigeration cycle device according to claim 5, wherein the operation terminal includes a smartphone.  前記認証部は、前記ユーザレベルと、前記冷凍サイクル装置にユニークな情報とを関連付けて登録し、前記操作端末から前記ユニークな情報を受けた場合、前記第1パスワードを前記操作端末に発行する、請求項6に記載の冷凍サイクル装置。 The authentication unit registers the user level and unique information in the refrigeration cycle device in association with each other, and when the unique information is received from the operation terminal, issues the first password to the operation terminal. The refrigeration cycle apparatus according to claim 6.  前記ユーザレベルが基準レベルより高い場合、前記認証部は、当該操作端末を操作するユーザを特定するための個人認証を行う、請求項7に記載の冷凍サイクル装置。 The refrigeration cycle device according to claim 7, wherein when the user level is higher than the reference level, the authentication unit performs personal authentication for identifying the user who operates the operation terminal.  前記ユーザレベルが前記基準レベルより高く、かつ、前記操作端末から前記ユニークな情報を受けた場合、前記認証部は、前記操作端末に最も近い前記リモートコントローラに認証コードを表示し、前記操作端末から前記認証コードが入力されないとき、前記操作端末からの接続をブロックする、請求項8に記載の冷凍サイクル装置。 When the user level is higher than the reference level and the unique information is received from the operation terminal, the authentication unit displays an authentication code on the remote controller closest to the operation terminal, and the operation terminal displays the authentication code. The refrigeration cycle device according to claim 8, wherein when the authentication code is not input, the connection from the operation terminal is blocked.  前記ユーザレベルが最高レベルであり、かつ、前記操作端末から前記ユニークな情報を受けた場合、前記認証部は、前記操作端末から特定操作を受けることにより、前記操作端末からの接続を許可する、請求項9に記載の冷凍サイクル装置。 When the user level is the highest level and the unique information is received from the operation terminal, the authentication unit permits the connection from the operation terminal by receiving a specific operation from the operation terminal. The refrigeration cycle apparatus according to claim 9.  前記操作端末と、
 請求項1~10のいずれか1項に記載の少なくとも1つの冷凍サイクル装置とを備える、冷凍システム。 With the operation terminal
A refrigeration system comprising at least one refrigeration cycle device according to any one of claims 1 to 10.  少なくとも1つの冷凍サイクル装置と、
 前記少なくとも1つの冷凍サイクル装置の外部のネットワークを介して前記少なくとも1つの冷凍サイクル装置に接続された認証部と、
 前記ネットワークを介して前記認証部に接続される操作端末とを備え、
 前記認証部は、第1パスワードを前記操作端末に発行し、
 前記操作端末は、第2パスワードとともに前記少なくとも1つの冷凍サイクル装置に対する操作コマンドを前記認証部に送信し、
 前記認証部は、前記第1パスワードの発行タイミングから基準時間以内に前記第2パスワードを受信する場合であって、かつ前記第2パスワードが前記第1パスワードと一致する場合に、前記操作コマンドの実行を前記少なくとも1つの冷凍サイクル装置に許可する、冷凍システム。 With at least one refrigeration cycle device,
An authentication unit connected to the at least one refrigeration cycle device via an external network of the at least one refrigeration cycle device.
It is provided with an operation terminal connected to the authentication unit via the network.
The authentication unit issues a first password to the operation terminal.
The operation terminal transmits an operation command to the at least one refrigeration cycle device together with the second password to the authentication unit.
The authentication unit executes the operation command when the second password is received within the reference time from the issuance timing of the first password and when the second password matches the first password. A refrigeration system that allows the at least one refrigeration cycle device.  少なくとも1つの冷凍サイクル装置と、
 前記少なくとも1つの冷凍サイクル装置の外部のネットワークを介して前記少なくとも1つの冷凍サイクル装置に接続される操作端末とを備え、
 前記操作端末は、第1パスワードを発行する認証部を含み、ユーザから第2パスワードとともに前記少なくとも1つの冷凍サイクル装置に対する操作コマンドを受け、
 前記認証部は、前記第1パスワードの発行タイミングから基準時間以内に前記第2パスワードを受信する場合であって、かつ前記第2パスワードが前記第1パスワードと一致する場合に、前記操作コマンドの実行を前記少なくとも1つの冷凍サイクル装置に許可する、冷凍システム。 With at least one refrigeration cycle device,
It comprises an operating terminal connected to the at least one refrigeration cycle device via an external network of the at least one refrigeration cycle device.
The operation terminal includes an authentication unit that issues a first password, and receives an operation command for at least one refrigeration cycle device from the user together with the second password.
The authentication unit executes the operation command when the second password is received within the reference time from the issuance timing of the first password and when the second password matches the first password. A refrigeration system that allows the at least one refrigeration cycle device.
PCT/JP2020/006451 2020-02-19 2020-02-19 Refrigeration cycle device and refrigeration system Ceased WO2021166105A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2022501466A JP7300053B2 (en) 2020-02-19 2020-02-19 Refrigeration cycle equipment and refrigeration system
PCT/JP2020/006451 WO2021166105A1 (en) 2020-02-19 2020-02-19 Refrigeration cycle device and refrigeration system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/006451 WO2021166105A1 (en) 2020-02-19 2020-02-19 Refrigeration cycle device and refrigeration system

Publications (1)

Publication Number Publication Date
WO2021166105A1 true WO2021166105A1 (en) 2021-08-26

Family

ID=77390760

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/006451 Ceased WO2021166105A1 (en) 2020-02-19 2020-02-19 Refrigeration cycle device and refrigeration system

Country Status (2)

Country Link
JP (1) JP7300053B2 (en)
WO (1) WO2021166105A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024252454A1 (en) * 2023-06-05 2024-12-12 三菱電機株式会社 Air conditioning system and authentication method
WO2025074609A1 (en) * 2023-10-06 2025-04-10 三菱電機株式会社 Air conditioning system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006244164A (en) * 2005-03-03 2006-09-14 Daikin Ind Ltd Software update device, software update system, software update method, and device management device
JP2008171329A (en) * 2007-01-15 2008-07-24 Bank Of Tokyo-Mitsubishi Ufj Ltd Authentication apparatus and program
JP2008215637A (en) * 2007-02-28 2008-09-18 Daikin Ind Ltd Remote control system for air conditioner and initial setting device for air conditioner
JP2010165331A (en) * 2008-12-16 2010-07-29 Daikin Ind Ltd Centralized control system
JP2014211833A (en) * 2013-04-22 2014-11-13 日立アプライアンス株式会社 Refrigeration cycle device remote control system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4082028B2 (en) 2001-12-28 2008-04-30 ソニー株式会社 Information processing apparatus, information processing method, and program
JP2014021733A (en) 2012-07-18 2014-02-03 Sharp Corp Authentication method, authentication system, authentication server device, and authentication program
JP6650755B2 (en) 2015-12-25 2020-02-19 株式会社アイ・オー・データ機器 Remote destruction system and remote destruction method for storage device
JP2018044735A (en) 2016-09-15 2018-03-22 ダイキン工業株式会社 Air conditioner or refrigeration device
JP6846962B2 (en) 2017-03-15 2021-03-24 大阪瓦斯株式会社 Authentication system
WO2019216942A1 (en) 2018-05-11 2019-11-14 Johnson Controls Technology Company Systems and methods of zone-based control via heterogeneous building automation systems

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006244164A (en) * 2005-03-03 2006-09-14 Daikin Ind Ltd Software update device, software update system, software update method, and device management device
JP2008171329A (en) * 2007-01-15 2008-07-24 Bank Of Tokyo-Mitsubishi Ufj Ltd Authentication apparatus and program
JP2008215637A (en) * 2007-02-28 2008-09-18 Daikin Ind Ltd Remote control system for air conditioner and initial setting device for air conditioner
JP2010165331A (en) * 2008-12-16 2010-07-29 Daikin Ind Ltd Centralized control system
JP2014211833A (en) * 2013-04-22 2014-11-13 日立アプライアンス株式会社 Refrigeration cycle device remote control system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024252454A1 (en) * 2023-06-05 2024-12-12 三菱電機株式会社 Air conditioning system and authentication method
JPWO2024252454A1 (en) * 2023-06-05 2024-12-12
JP7778274B2 (en) 2023-06-05 2025-12-01 三菱電機株式会社 Air conditioning system and authentication method
WO2025074609A1 (en) * 2023-10-06 2025-04-10 三菱電機株式会社 Air conditioning system

Also Published As

Publication number Publication date
JP7300053B2 (en) 2023-06-28
JPWO2021166105A1 (en) 2021-08-26

Similar Documents

Publication Publication Date Title
US20230349578A1 (en) Method of Associating an HVAC Controller with an External Web Service
US7340909B2 (en) Central control system for multi-type air conditioners and operating method thereof
CA2353012C (en) Internet enabled appliance command structure
CN101377330B (en) Air conditioner system
US20190354220A1 (en) Transparent display control device
US20230272930A1 (en) Systems and methods for controlling a heating and air-conditioning (hvac) system
US20180163984A1 (en) Thermostat with master control features
EP3139299B1 (en) Control program delivery system and method therefor
JP7300053B2 (en) Refrigeration cycle equipment and refrigeration system
EP3961994B1 (en) Provisioning and servicing mesh networks
KR20150022256A (en) Air conditioner and method
KR20150022254A (en) Air conditioner and method
KR20150039472A (en) Air Conditioner AND Controlling Method
JP6150516B2 (en) Facility management system, portable terminal, facility management apparatus, and facility management method
US12323417B2 (en) Temporary two factor heating, ventilating, and air conditioning (HVAC) appliance authentication
JP2009133550A (en) Air conditioner controller
CN111380148A (en) Multi-split debugging method
JP7785250B2 (en) Air conditioning system, system controller, air conditioner, server, and remote control activation method
WO2016181486A1 (en) Household apparatus, communication adapter, control method, and program
US20240119134A1 (en) System and Method for Securing IoT Communications
JP7674982B2 (en) Home appliance systems and programs
JP7596730B2 (en) Air Conditioning System
WO2025094298A1 (en) Air conditioning system, system controller, air conditioner, server, and remote control activation method
US20240340642A1 (en) Encryption Key for Inter-Network Communications
CN120702050A (en) Multi-split air conditioner

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20920244

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022501466

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20920244

Country of ref document: EP

Kind code of ref document: A1