GB2525880A - Alarm system communication - Google Patents

Alarm system communication Download PDF

Info

Publication number
GB2525880A
GB2525880A GB1408030.3A GB201408030A GB2525880A GB 2525880 A GB2525880 A GB 2525880A GB 201408030 A GB201408030 A GB 201408030A GB 2525880 A GB2525880 A GB 2525880A
Authority
GB
United Kingdom
Prior art keywords
alarm
encryption key
alarm system
receiving station
alarm receiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1408030.3A
Other versions
GB201408030D0 (en
Inventor
Andrew Kelly
Darragh Maxwell
John O'donnell
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vanderbilt International (SWE) AB
Original Assignee
Vanderbilt International (SWE) AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vanderbilt International (SWE) AB filed Critical Vanderbilt International (SWE) AB
Priority to GB1408030.3A priority Critical patent/GB2525880A/en
Publication of GB201408030D0 publication Critical patent/GB201408030D0/en
Priority to PCT/EP2015/058488 priority patent/WO2015169574A1/en
Publication of GB2525880A publication Critical patent/GB2525880A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B25/00Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems
    • G08B25/004Alarm propagated along alternative communication path or using alternative communication medium according to a hierarchy of available ways to communicate, e.g. if Wi-Fi not available use GSM
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B25/00Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems
    • G08B25/01Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems characterised by the transmission medium
    • G08B25/08Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems characterised by the transmission medium using communication transmission lines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Emergency Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Alarm Systems (AREA)

Abstract

Alarm system and alarm receiving centre are pre-loaded with default encryption keys 20,21. Preferably this is done automatically by plugging the alarm into the centre or by a human loading the key within the office housing the centre. The alarm is then installed on site 22. The alarm then makes an encrypted key update request 23 and a replacement key is generated and provided to both the alarm and the centre 25,26. Preferably this is encrypted with the pre-installed key. Operators may be required to enter passwords into the alarm and/or the centre as part of the key replacement process. The keys may have limited lifespans and be used to encrypt the new keys which will replace them at time of revocation 27.

Description

ALARM SYSTEM COMMUNICATION
This invention relates to a method of enabling encrypted communication in an alarm system.
Alarm systems are typically installed at a site or location and monitored remotely. For example the alarm system may be installed on a building, or a series of buildings, or on one or more pieces of equipment at the site. Whether the alarm systems are monitored remotely, or at the site, they need to be aNe to communicate with an alarm receiving centre. For efficiency, the alarm receiving centre typically monitors many sites and so is usually at a location remote from the site at which the alarm system is installed.
As well as using alarms to indicate an intrusion into a site, an alarm may be used to provide data about operation of machinery or events, such as fire or flooding that require some action in response. The more data that is available to the alarm receiving centre about the cause of the alarm, the better the centre is able to determine what response is required. However, this data may contain sensitive information which the operator of the site wishes to keep confidential. Thus, it is desirable that communications between an alarm system and an alarm receiving centre are encrypted.
For strong encryption, symmetric key encryption is used, where the same encryption key is entered at both the alarm system and the alarm receiving centre before any direct communication between the two can take place. However, a 256-bit encryption key, which is usually written as 64 hexadecimal characters (0-9, A-F), is prone to errors in entering the key at each side, in particular, if one party has the key and is reading this out over the telephone to an operator on the other side. In some cases, the operators may not be authorised to access the alarm system. As a result of these problems, encryption is often avoided altogether because of the difficulties in providing the same information to two remote locations at the same time.
In accordance with a first aspect of the present invention, a method of enabling encrypted communication between an alarm receiving station and an alarm system comprises setting a single default encryption key for both the alarm system and the alarm receiving station; installing the klarm system at a location remote from the alarm receiving station; encrypting a communication request message using the default encryption key and sending the communication request message from the alarm system to the alarm receiving station; decrypting the message at the alarm receiving station; generating an updated encryption key; and providing the updated encryption key to the alarm system and alarm receiving station.
The updated encryption key may be generated at the alarm receiving station, but preferably, Preferably, the updated encryption key is a randomly generated encryption key generated at the alarm system.
In one embodiment, the method further comprises setting a password in the alarm system and requiring entry of the password before sending the communication request message from the alarm system to the alarm receiving station, In another embodiment, the method further comprises setting a password in the alarm receiving station and requiring entry of the password before decrypting the communication request message received at the alarm receiving station, Although the same default encryption key could be used for all alarm systems which communicate with the same alarm receiving station, preferably the single default encryption key is unique for a particular pairing of alarm system and alarm receiving station, Preferably, the alarm receiving centre is adapted to receive communication request messages from a plurality of alarm systems, Preferably, the communication request message is sent via one of a wireless or wired local area network, internet connection, cable or telephone network, Preferably, the encryption key is a symmetric encryption key, Preferably, the method further comprises monitoring messages sent between the alarm system and alarm receiving station, determining when a predetermined threshold has been exceeded; automatically generating an updated encryption key and providing the automatically updated encryption key to the alarm system and the alarm receiving station, Preferably, the predetermined threshold is one of number of messages received at the alarm receiving centre and time elapsed since the previous automatic encryption key update.
The present invention overcomes the problems of trying to enter the same information accurately at two remote locations by providing the encryption key at each side separately, using this to set up a connection and then automatically updating the encryption key to a randomly generated key and exchanging that between the two parties.
An example of an alarm system and method according to the present invention will now be described with reference to the accompany drawings in which: Figure 1 shows an example of an alarm system stmcture in which the method of the present invention may be used; and, Figure 2 is a flow diagram of the method of the present invention.
In any communications device of an alarm system at supervised premises, there is a need to be able to communicate securely with an alarm receiving station, for example an alarm receiving centre where operators monitor and respond to alarm signals e.g. from buildings, or an alarm base station for monitoring alarmed moveable equipment. In some cases the alarm receiving centre may receive and process alarm signals from an alarm base station which ads as a local alarm receiving centre for alarmed moveable equipment. The alarm system and alarm receiving centre form part of an alarm network.
1 5 An alarm network may comprise one or more alarm systems and an alarm receiving station. With building based intruder alarms, one of the alarm systems may be co-located with the alarm receiving centre, but generally all of the alarm systems are sited remote from the alarm receiving centre, Fig. I illustrates an example of such an alarm network I, in this case showing up to n alarm systems 2, 3, 4 connected to an alarm receiving centre 5 via a network 6, such as the internet, although other types of network connection, such as cable or telephone networks or local area networks may be used, depending on the distances and type of communication appropriate for the application.
As discussed above, conventionally, symmetric key encryption has required the key to be entered at both locations in order to set up communication between the alarm system and the alarm receiving centre and the practical complications of achieving this have often led to encryption being omitted altogether, One option to overcome this problem is to generate the encryption key from a password, but this requires special software at both sides to generate the key and the password still needs to be entered at both sites. If using a password a very strong password is required for good encryption.
If the personnel at the alarm receiving centre, or the alarm system, are not authorised to enter encryption keys or passwords, then a specialist operator may have to visit each site, which is costly and time consuming and may still lead to errors in the data input, In this example illustrated in Figs. I and 2, a default encryption key is generated and before the alarm system 2 is installed at its remote location, that default encryption key is loaded 21 into memory in the alarm system and in the alarm receiving centre 5. This step may be carried out by connecting the alarm system to a set-up server in the alarm receiving centre, so the default encryption key is not known to any operator. This is also less likely to result in errors in data entry. Alternatively, the set-up server may display the default encryption key to an operator for the operator to enter in the alarm system memory before the alarm system is dispatched for installation 22.
The alarm receiving centre associates the default encryption key with an identifier of the alarm system, so that when a connection request is received from that alarm system, the alarm receiving centre knows which default encryption key has been allocated and can set up the connection with that alarm system. The default operation of the alarm system uses the default encryption key to provide the initial encryption and that default encryption key is known by both the alarm system and by the alarm receiving centre software. For each alarm system 2, 3, 4 a different default encryption key may be generated.
At alarm system 1, a message, encrypted 23 using the default encryption key and including an alarm system identifier, is sent along links 7, 8, 9 to the alarm receiving centre 5 requesting a connection, The alarm receiving centre checks the identifier 24 and decrypts the request message using the default encryption key associated with that identifier, Once a valid connection has been negotiated between the alarm system 2 and the alarm receiving centre 5, an alarm panel, which is typically one at the alarm system, but may alternatively be one at the alarm receiving centre then automatically updates 25 the encryption keys for both the alarm system and the alarm receiving centre to a randomly generated encryption key and distributes 26 this updated encryption key to the alarm system I and alarm receiving centre 5. The randomly generated encryption key is generated at whichever of the alarm system or alarm receiving centre that initiates the automatic update, The message to update the encryption keys is sent by the alarm system to the alarm receiving centre, or vice versa accordingly. The decision on when to update the encryption keys is typically based on certain triggers, such as the encryption key being considered old based on a certain lifetime e.g. I week, or a certain number of uses, e.g. used for 50,000 messages, The message needs to be resilient to communication loses during the exchange of the updated encryption key, so that the encryption does not go out of synch. This can be achieved by means of polling and acknowledgment messages to confirm the safe update. However, the alarm receiving centre must store both the old and new encryption key and not delete the old encryption key until a valid message has been received with the new encryption key. If a message is received, still encrypted with the old encryption key, then the alarm receiving centre assumes that the update has failed and carries on using the old encryption key until a further attempt to update the encryption key is successfbl. If the received message has been encrypted with the new encryption key, although the alarm receiving centre has not had any confirmation that the change has been carried out, then the alarm receiving centre uses the new encryption key. For alarm system 3, the same process is followed with the connection request using links 10, 8, 9 and for alarm 4, the connection request uses links 11, 9.
After the updated encryption keys have been successfully exchanged, the alarm system 2, 3, 4 does not use the defauh encryption key again when communicating with the alarm receiving centre 5, nor will the alarm receiving centre allow communications from the alarm system again using the default encryption key. Any such attempt may result in a notification to the alarm receiving centre, indicating that there may be a security issue with that alarm system.
If there are concerns about the communications being very slightly vulnerable during initial commissioning, then additional security may be provided by requiring that a password is entered to secure the initial commissioning. This password needs to be entered at both the alarm system and the alarm receiving centre, but the complexity is not as great as the encryption key, so the operator is less likely to introduce errors during entry of the password. The password may be a default, secret password, not known to the operator who carries out the initial commissioning, or one specific to that alarm system/alarm receiving pair which an operator enters.
For thrther security, the encryption key is automatically updated periodically 27, for example after a fixed number of messages have been exchanged. or after a fixed time period has elapsed. The automatic update of the encryption key takes place without any person ever knowing the encryption key, which reduces the chances of encryption hacking considerably.
The present invention has the advantages that encryption keys can be set up without having to do complicated encryption key entry at two locations and may be done using factory defaults, so that neither the alarm system, nor the alarm receiving centre have to be enabled for entry of encryption keys. Once the updated encryption key has been swapped, it is known by the alarm system and to the alarm receiving centre, but is not known by any person, ifirther improving security. The method may be used with any communications device at the supervised premises, whether that be a building, or perimeter type intruder alarm, or one fitted to valuable equipment, such as cranes or diggers, which is triggered when they go out of range of a alarm base station, or into a different geographical area.
As is common with communications systems, it is desirable to have a back-up transmission mechanism in case of faults and this may be achieved by using primary and secondary communication paths as described in our co-pending patent application reference no. 2014P07388GB The formatting of alarm event messages from the alarm system to the alarm receiving centre may be adapted as described in our co-pending patent application reference no. 20 1 4P07390 GB to increase the amount of information which can be transmitted to the alanu receiving centre when an alarm occurs.
The configuration of the alarm system and alarm receiving centre may be carried out as described in our co-pending patent application reference no, 2014P07389 GB.

Claims (9)

  1. CLAIMS1. A method of enabling encrypted communication between an alarm receiving station and an alarm system, the method comprising setting a single default encryption key for both the alarm system and the alarm receiving station; instafling the alarm system at a location remote from the alarm receiving station; encrypting a communication request message using the default encryption key and sending the communication request message from the alarm system to the alarm receiving station; decrypting the message at the alarm receiving station; generating an updated encryption key; and providing the updated encryption key to the alarm system and alarm receiving station.
  2. 2. A method according to claim 1, wherein the updated encryption key is a 1 5 randomly generated encryption key generated at the alarm system.
  3. 3. A method according to daim 1 or claim 2, wherein the method further comprises setting a password in the alarm system and requiring entry of the password before sending the communication request message from the alarm system to the alarm receiving station.
  4. 4. A method according to claim or claim 2, wherein the method further comprises setting a password in the alarm receiving station and requiring entry of the password before decrypting the communication request message received at the alarm receiving station.
  5. 5. A method according to any preceding claim, wherein the single default encryption key is unique for a particular pairing of alarm system and alarm receiving station.
  6. 6. A method according to any preceding claim, wherein the alarm receiving centre is adapted to receive communication request messages from a plurality of alarm systems.
  7. 7. A method according to any preceding claim, wherein the communication request message is sent via one of a wireless or wired local area network, internet connection, cable or telephone network.
  8. 8. A method according to any preceding claim, wherein the encryption key is a symmetric encryption key.
  9. 9. A method according to any preceding claim, wherein the method further comprises monitoring messages sent between the alarm system and alarm receiving station, detennining when a predetermined threshold has been exceeded; automatically generating an updated encryption key and providing the automatically updated encryption key to the alarm system and the alarm receiving station.0. A method according to claim 9, wherein the predetermined threshold is one of number of messages received at the alarm receiving centre and time elapsed since the previous automatic encryption key update.
GB1408030.3A 2014-05-07 2014-05-07 Alarm system communication Withdrawn GB2525880A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1408030.3A GB2525880A (en) 2014-05-07 2014-05-07 Alarm system communication
PCT/EP2015/058488 WO2015169574A1 (en) 2014-05-07 2015-04-20 Alarm system communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1408030.3A GB2525880A (en) 2014-05-07 2014-05-07 Alarm system communication

Publications (2)

Publication Number Publication Date
GB201408030D0 GB201408030D0 (en) 2014-06-18
GB2525880A true GB2525880A (en) 2015-11-11

Family

ID=50980708

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1408030.3A Withdrawn GB2525880A (en) 2014-05-07 2014-05-07 Alarm system communication

Country Status (2)

Country Link
GB (1) GB2525880A (en)
WO (1) WO2015169574A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002065696A1 (en) * 2001-02-14 2002-08-22 Gatespace Ab A security architecture
US20040083393A1 (en) * 2002-10-24 2004-04-29 Jordan Royce D. Dynamic password update for wireless encryption system
US20100082988A1 (en) * 2007-04-05 2010-04-01 Koninklijke Philips Electronics N.V. Wireless sensor network key distribution
US20130046981A1 (en) * 2011-08-17 2013-02-21 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003244122A (en) * 2002-02-14 2003-08-29 Sony Corp Information processing system, device, and method, recording medium, and program
EP1901255A1 (en) * 2006-09-15 2008-03-19 Siemens Schweiz AG Communication module card for a hazard unit

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002065696A1 (en) * 2001-02-14 2002-08-22 Gatespace Ab A security architecture
US20040083393A1 (en) * 2002-10-24 2004-04-29 Jordan Royce D. Dynamic password update for wireless encryption system
US20100082988A1 (en) * 2007-04-05 2010-04-01 Koninklijke Philips Electronics N.V. Wireless sensor network key distribution
US20130046981A1 (en) * 2011-08-17 2013-02-21 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof

Also Published As

Publication number Publication date
WO2015169574A1 (en) 2015-11-12
GB201408030D0 (en) 2014-06-18

Similar Documents

Publication Publication Date Title
US20070130294A1 (en) Methods and apparatus for communicating with autonomous devices via a wide area network
CN109005189A (en) A kind of access transmission platform suitable for double net isolation
EP3920503B1 (en) Resource request method, device and storage medium
US11178540B2 (en) Enabling secure beacon telemetry broadcasts based on battery power state of a beacon device
US8351602B2 (en) Dual-mode wireless sensor network system and key establishing method and event processing method thereof
US20140115335A1 (en) Secure machine-to-machine communication protocol
JP2012133690A (en) Wireless field instrument, instrument management system, and instrument management method
US9477824B2 (en) Cloud control system and method for LAN-based controlled apparatus
NO336942B1 (en) Arrangement of units to form a monitoring system.
KR20210102120A (en) Method and apparatus for updating password of electronic device, device and storage medium
US10747185B2 (en) System and method for performing encryption between alarm panel and monitoring station
CN106027467A (en) Identity card reading response system
KR102130950B1 (en) System and method for secure appliance operation
KR102125047B1 (en) Key Management and Operation Method for Improving Security of Distribution Intelligence System
JP4777693B2 (en) Authentication system, terminal device, authentication device, and authentication method
CN110120866B (en) User management method of field device
CN106027477A (en) Identity card reading response method
GB2525880A (en) Alarm system communication
WO2022045332A1 (en) Relay device, terminal, and relay method
CN105357670A (en) Router
KR20180025227A (en) Restore of headless electronic device
CN109996230B (en) Method for improving Bluetooth mesh network communication safety through MCU serial port communication confusion encryption
KR102110383B1 (en) Mobile Security System based on Block Chain
KR102053253B1 (en) Information management method based on block-chain in tactical environment
KR100521405B1 (en) A automated security service method for centralized remote control system using internet

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)