WO2013077788A1 - Method of booting a control unit in an electronic article surveillance system and control unit forming part of such a system - Google Patents

Method of booting a control unit in an electronic article surveillance system and control unit forming part of such a system Download PDF

Info

Publication number
WO2013077788A1
WO2013077788A1 PCT/SE2011/051412 SE2011051412W WO2013077788A1 WO 2013077788 A1 WO2013077788 A1 WO 2013077788A1 SE 2011051412 W SE2011051412 W SE 2011051412W WO 2013077788 A1 WO2013077788 A1 WO 2013077788A1
Authority
WO
WIPO (PCT)
Prior art keywords
processing unit
unit
control program
method
memory unit
Prior art date
Application number
PCT/SE2011/051412
Other languages
French (fr)
Inventor
Per Claesson
Stefan Karlsson
Original Assignee
Gunnebo Gateway Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gunnebo Gateway Ab filed Critical Gunnebo Gateway Ab
Priority to PCT/SE2011/051412 priority Critical patent/WO2013077788A1/en
Publication of WO2013077788A1 publication Critical patent/WO2013077788A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B13/00Burglar, theft or intruder alarms
    • G08B13/22Electrical actuation
    • G08B13/24Electrical actuation by interference with electromagnetic field distribution
    • G08B13/2402Electronic Article Surveillance [EAS], i.e. systems using tags for detecting removal of a tagged item from a secure area, e.g. tags for detecting shoplifting
    • G08B13/2465Aspects related to the EAS system, e.g. system components other than tags
    • G08B13/2482EAS methods, e.g. description of flow chart of the detection procedure
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box

Abstract

The present disclosure provides a method of loading a program into a processing unit in an electronic article surveillance system. The method comprises the steps of booting the processing unit by providing a startup signal from a controller, providing at least a portion of a control program from a first memory unit to the processing unit in encrypted form, providing a decryption key to the processing unit from a second memory unit, and decrypting said portion of the control program.

Description

METHOD OF BOOTING A CONTROL UNIT IN AN ELECTRONIC ARTICLE

SURVEILLANCE SYSTEM AND CONTROL UNIT FORMING PART OF

SUCH A SYSTEM

Technical Field

The present disclosure relates to a method for booting a control unit in an Electronic Article Surveillance (EAS) system, and to a control unit for such a system.

Background

Various types of EAS systems are known and used to prevent theft, shoplifting or otherwise unauthorized removal of articles from shops, supermarkets, libraries, warehouses, etc. Referring to Fig. 1 , an EAS system usually comprises one or more antenna units 1 , which are controlled by a control unit 5 and which are arranged to provide an interrogation signal in a surveillance zone. A tag 9 may be provided on the goods which are to be prevented from leaving the shop. The EAS system is usually arranged to detect the presence of the tag 9 in the surveillance zone and to provide an alarm in response to such detection.

Just like most other theft prevention devices, EAS systems are subject to attempts at tampering. While many tampering approaches involve removing or disabling the tags 9, there is also a need for making tampering with the system, and in particular with the system control unit 5, more difficult.

Hence, there is a need for improving the control unit's ability to withstand attempts at tampering.

Summary

It is an object to improve the control unit's ability to withstand attempts at tampering. A particular object is to make it more difficult to copy, modify or tamper with the software run in the control unit. The invention is defined by the appended independent claims.

Embodiments are set forth in the dependent claims, in the following

description and in the attached drawings.

According to a first aspect, there is provided a method of loading a program into a processing unit of an electronic article surveillance system, comprising the steps of: booting the processing unit by providing a startup signal from a controller, providing at least a portion of a control program from a first memory unit to the processing unit in encrypted form, providing a decryption key to the processing unit from a second memory unit, and decrypting said portion of the control program.

Hence, the software of the system may be kept secret, such that it may be difficult to copy the program used by the processing unit. The processing unit may therefore be empty when the system is turned off.

The startup signal may typically comprise startup program code.

The startup program may instruct the signal processing unit to retrieve the program from the memory unit.

The startup signal may be provided by a microcontroller, which may be integrated with the second memory unit.

The method may further comprise decrypting said portion of the control program prior to providing a subsequent portion of the control program to the processing unit. Hence, the code may be provided "chunk by chunk", with each chunk being decrypted prior to receipt of the next, subsequent chunk.

One portion of the control program may be decrypted using a first key, and the subsequent portion of the control program may be decrypted using a second key. The first and second keys may differ. Hence, the processing unit may receive a number of keys, e.g. one key per chunk of the control program or one key for each predetermined number of chunks.

The method may also comprise determining whether the portion of the control program received by the processing unit is encrypted or non- encrypted. Hence, the processing unit may be adapted to receive encrypted or non-encrypted control programs. Moreover, some portions of the control program may be encrypted while other are not encrypted. The method may thus comprise providing the decryption key to the processing unit only when the portion of the control program received by the processing unit is determined as being encrypted.

According to a second aspect, there is provided an electronic article surveillance system comprising an antenna, and a control unit configured to control the antenna to provide an interrogation signal and/or to receive a response signal from an identification unit that is in a vicinity of the antenna. The control unit comprises a processing unit, a first memory unit configured to store a control program for the processing unit in encrypted form, and a second memory unit configured to store a decryption key for decrypting the control program. The processing unit may be configured to receive the control program from the first memory unit, to receive the decryption key from the second memory unit and to decrypt the control program.

The processing unit may be arranged on a first board and the first and second memory units may be arranged on a second board, which is removably connected to the first board.

Thereby, the board unit, including the controller and the memory unit(s), may be replaceable. When the control program for the surveillance system needs to be replaced or upgraded, the board unit may be replaced, providing a new memory unit with a new program.

The processing unit may be a Digital Signal Processor (DSP). The controller may be a microcontroller, such as a PIC processor. The circuit board and the removable board unit may each comprise an interface adapted for mutual connection to each other, such that the circuit board and the board unit may be communicatively connected.

The first memory unit may comprise a programmable memory unit, such as a PROM, EPROM, EEPROM, E2PROM, etc.

The second memory unit may form part of a microcontroller. Brief Description of the Drawings

Fig. 1 is a schematic illustration of an EAS system.

Fig. 2 is a schematic illustration of the EAS system wherein a tag is present in the surveillance zone. Fig. 3 is a schematic illustration of a control unit for the EAS system. Fig. 4 is a schematic diagram of a method of booting the control unit.

Description of embodiments

Fig. 1 illustrates schematically components of an Electronic Article

Surveillance (EAS) system. The system comprises at least one antenna unit 1 , which in most cases is placed in the vicinity of the exit of a shop. The antenna unit 1 can be arranged on a stand 3 and contains a resonance circuit which is used to emit an electromagnetic field, for instance at the frequency 58 kHz. The antenna unit 1 is also used to receive a response signal from an alarm label, as will be described below. The antenna unit 1 monitors a surveillance zone. The antenna unit 1 is connected to a control unit 5 by a cable 7. The control unit 5 supplies power to the antenna unit 1 when transmitting and receives signals from the same during reception. A control unit 5 can be used together with a plurality of antenna units 1 and can therefore be used to monitor a plurality of exits or other locations in a shop. If the control unit 5 detects a condition when an alarm is justified, i.e. when a protected article is located within the surveillance zone of the antenna unit, an alarm is initiated, for instance so that an alarm buzzer (not shown) starts to sound. The alarm buzzer can be integrated, for instance, in the antenna unit 1 .

Fig. 2a illustrates schematically, seen from above, an EAS system in a transmission mode. In transmission, the antenna unit 1 emits an

electromagnetic field, during a transmission interval, which transmits energy to an alarm label 9 which can also be referred to as a transponder. The alarm label 9 contains a resonant element, which is tuned with the frequency of the electromagnetic field emitted by the antenna unit 1 .

Fig. 2b illustrates schematically, seen from above, an EAS system in a reception mode during a monitoring interval. In the reception mode, the previously shown control unit 5 has switched off the transmission of the antenna unit 1 . Instead, a response signal in the form of electromagnetic energy is received from the alarm label 9, i.e. the energy previously emitted by the antenna unit 1 . Thus the alarm label 9 can be completely passive and does not require any power supply of its own.

Various configurations of antenna units 1 are conceivable. In some cases, use is made of an antenna unit, at an exit or some other location in a shop, both for transmission and reception. This means that one antenna unit is sufficient to monitor a surveillance zone. In other cases, use is made of two antenna units, which are used both for transmission and reception, which results in a larger surveillance zone. In still other cases, two antenna units are used, one for transmission and the other for reception, which may be particularly convenient when protected articles are stored close to the antenna units.

Fig. 3 illustrates schematically the control unit 5 comprising a transmitter unit 1 1 and a receiver unit 13. The transmitter unit 1 1 is adapted to provide a signal to the antenna unit 1 such that the resonance circuit in the antenna unit 1 transmits the electromagnetic field in the surveillance zone. The signal from the transmitter unit 1 1 is sent through the cable 7. The transmitter unit 1 1 comprises an amplifier 15.

The receiver unit 13 is adapted to receive the response signal from the alarm label 9 in the surveillance zone, detected by the antenna unit 1 . The response signal is provided to the control unit 5 and the receiver unit 13 via the cable 7. The receiver unit 13 comprises an amplifier 17.

The control unit further comprises a signal processing unit 19. The signal processing unit 19 may be a Digital Signal Processor (DSP) or the like. The signal processing unit 19 is arranged on a circuit board in the control unit 5. The control unit 5 further comprises a supplementary board 21 . On the supplementary board 21 , a memory unit 25 and a microcontroller 27 may be arranged. The supplementary board 21 is removably attached to the circuit board, e.g. using a conventional bus connector. An additional fastener, such as a nut and bolt connector may be provided to secure the supplementary board 21 . The microcontroller 27 and the memory unit 25 are each

communicatively connected to the signal processing unit 19. The

supplementary board 21 and the circuit board have an interface 23 for communication between the components on the circuit board and the components on the supplementary board 21 . The interface 23 may be physical contacts adapted for connection between the circuit board and a removable supplementary board 21 . Since the supplementary board 21 is removable, the program in and function of the memory unit 25 and the microcontroller 27 may easily be replaced by replacing the supplementary board 21 .

The program stored in the memory unit 25 is encrypted. When the signal processing unit 19 receives the program after startup, it will not be able to read the program and execute it. During startup of the system, the signal processing unit 19 is provided with a startup program from the microcontroller 27 causing the signal processing unit 19 to retrieve the encrypted program from the memory unit 25. After the signal processing unit 19 has received the encrypted program from the memory unit 25, it will be provided with an encryption key from the microcontroller 27.

Referring to Fig. 4, as a first step 101 , the startup program is received by the processing unit. In step 102, the processing unit receives the control program, or a first part of it, from the memory unit 1 10.

In step 103, the processing unit determines whether the control program, or the received part of it, is encrypted. If it is not encrypted, the processing unit, in step 104 determines whether a sufficient part of the control program has been received for it to be executed. If so, the processing unit proceeds to step 105, executing the control program. If not, steps 102-104 are repeated.

If, in step 103, the processing unit determines that the control program, or the received part thereof, is encrypted, the processing unit proceeds to step 106, wherein a decryption key is received from the memory unit 1 1 1 , which may be a part of the microcontroller referred to above. The processing unit, in step 107 proceeds to decrypt the control program or part thereof.

Once decrypted, the processing unit returns to step 104.

The control program may include instructions for all or parts of the control unit's functionality. For example, the control program may comprise algorithms for controlling transmitted signals as well as algorithms for evaluating received signals, for deciding how to react and what reaction to take.

During the transmission interval illustrated in fig. 2a, the antenna unit 1 provides an electromagnetic field in the surveillance zone. After the transmission interval, the EAS system listens for response signals from alarm labels 9 in the surveillance zone during the monitoring interval. The response signal from an alarm label 9 in the surveillance zone is only detectable for the EAS system during a short period of time after the transmission interval has ended.

Claims

1 . A method of loading a program into a processing unit, which is arranged to control an electronic article surveillance system, comprising the steps of:
booting the processing unit by providing a startup signal from a controller,
providing at least a portion of a control program from a first memory unit to the processing unit in encrypted form,
providing a decryption key to the processing unit from a second memory unit, and
decrypting said portion of the control program.
2. The method as claimed in claim 1 , wherein the startup signal comprises startup program code.
3. The method as claimed in claim 1 or 2, wherein the startup signal is provided by a microcontroller.
4. The method as claimed in any one of the preceding claims, wherein the second memory unit is integrated with the controller.
5. The method as claimed in any one of the preceding claims, further comprising decrypting said portion of the control program prior to providing a subsequent portion of the control program to the processing unit.
6. The method as claimed in claim 5, wherein the portion of the control program is decrypted using a first key, and wherein the subsequent portion of the control program is decrypted using a second key.
7. The method as claimed in any one of the preceding claims, further comprising determining whether the portion of the control program received by the processing unit is encrypted or non-encrypted.
8. The method as claimed in claim 7, further comprising providing the decryption key to the processing unit only when the portion of the control program received by the processing unit is determined as being encrypted.
9. An electronic article surveillance system comprising,
an antenna, and
a control unit configured to control the antenna to provide an interrogation signal and/or to receive a response signal from an identification unit that is in a vicinity of the antenna,
wherein the control unit comprises:
a processing unit,
a first memory unit configured to store a control program for the processing unit in encrypted form, and
a second memory unit configured to store a decryption key for decrypting the control program,
wherein the processing unit is configured to receive at least part of the control program from the first memory unit, to receive the decryption key from the second memory unit and to decrypt the received control program.
10. The electronic article surveillance system as claimed in claim 9, wherein the processing unit is arranged on a first board and the first and second memory units are arranged on a second board, which is removably connected to the first board.
1 1 . The electronic article surveillance system as claimed in claim 9 or 10, wherein the first memory unit comprises a programmable memory unit, such as a PROM, EPROM, EEPROM, E2PROM, etc.
12. The electronic article surveillance system as claimed in any one of claims 9-1 1 , wherein the second memory unit forms part of a
microcontroller.
PCT/SE2011/051412 2011-11-23 2011-11-23 Method of booting a control unit in an electronic article surveillance system and control unit forming part of such a system WO2013077788A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2011/051412 WO2013077788A1 (en) 2011-11-23 2011-11-23 Method of booting a control unit in an electronic article surveillance system and control unit forming part of such a system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2011/051412 WO2013077788A1 (en) 2011-11-23 2011-11-23 Method of booting a control unit in an electronic article surveillance system and control unit forming part of such a system

Publications (1)

Publication Number Publication Date
WO2013077788A1 true WO2013077788A1 (en) 2013-05-30

Family

ID=48470129

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2011/051412 WO2013077788A1 (en) 2011-11-23 2011-11-23 Method of booting a control unit in an electronic article surveillance system and control unit forming part of such a system

Country Status (1)

Country Link
WO (1) WO2013077788A1 (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5483649A (en) * 1994-07-01 1996-01-09 Ybm Technologies, Inc. Personal computer security system
US20020199094A1 (en) * 2000-10-06 2002-12-26 Protasis Corporation Fluid separate conduit cartridge with encryption capability
US20030136837A1 (en) * 2000-06-28 2003-07-24 Amon Maurice A. Use of communication equipment and method for authenticating an item, unit and system for authenticating items, and authenticating device
US20040093505A1 (en) * 2002-07-09 2004-05-13 Fujitsu Limited Open generic tamper resistant CPU and application system thereof
US20040113791A1 (en) * 2002-03-18 2004-06-17 Psc Scanning, Inc. Operation monitoring and enhanced host communications in systems employing electronic article surveillance and RFID tags
WO2008002965A2 (en) * 2006-06-28 2008-01-03 Symbol Technologies, Inc. Read locking of an rfid tag
US20100174919A1 (en) * 2009-01-08 2010-07-08 Takayuki Ito Program execution apparatus, control method, control program, and integrated circuit
US20110074582A1 (en) * 2009-09-25 2011-03-31 Sensormatic Electronics Corporation Eas alarming tag with rfid features
EP2339554A1 (en) * 2009-12-23 2011-06-29 Tag Company (UK) Limited A system apparatus and method for electronic article surveillance

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5483649A (en) * 1994-07-01 1996-01-09 Ybm Technologies, Inc. Personal computer security system
US20030136837A1 (en) * 2000-06-28 2003-07-24 Amon Maurice A. Use of communication equipment and method for authenticating an item, unit and system for authenticating items, and authenticating device
US20020199094A1 (en) * 2000-10-06 2002-12-26 Protasis Corporation Fluid separate conduit cartridge with encryption capability
US20040113791A1 (en) * 2002-03-18 2004-06-17 Psc Scanning, Inc. Operation monitoring and enhanced host communications in systems employing electronic article surveillance and RFID tags
US20040093505A1 (en) * 2002-07-09 2004-05-13 Fujitsu Limited Open generic tamper resistant CPU and application system thereof
WO2008002965A2 (en) * 2006-06-28 2008-01-03 Symbol Technologies, Inc. Read locking of an rfid tag
US20100174919A1 (en) * 2009-01-08 2010-07-08 Takayuki Ito Program execution apparatus, control method, control program, and integrated circuit
US20110074582A1 (en) * 2009-09-25 2011-03-31 Sensormatic Electronics Corporation Eas alarming tag with rfid features
EP2339554A1 (en) * 2009-12-23 2011-06-29 Tag Company (UK) Limited A system apparatus and method for electronic article surveillance

Similar Documents

Publication Publication Date Title
CA2645990C (en) Contact-less tag with signature, and applications thereof
ES2364582T3 (en) Security system and method for protecting goods.
AU2005226060B2 (en) Wireless monitoring device
US4990890A (en) Vehicle security system
EP1614077B1 (en) Systems, methods and computer program products for monitoring transport containers
AU766945B2 (en) Combined article surveillance and product identification system
US5959530A (en) Remote computer security system for computers, printers and multifunction devices
EP1127342B1 (en) Wireless transmitter key for eas tag detacher unit
US20070131005A1 (en) Systems and methods for providing universal security for items
US6025780A (en) RFID tags which are virtually activated and/or deactivated and apparatus and methods of using same in an electronic security system
US20110068921A1 (en) configurable monitoring device
US7042359B2 (en) Method and apparatus to detect a plurality of security tags
US7405663B2 (en) System for detecting radio-frequency identification tags
US8322608B2 (en) Using promiscuous and non-promiscuous data to verify card and reader identity
JP6336277B2 (en) System and method for monitoring and controlling medical storage unit
US8514078B2 (en) Anti-theft security device and perimeter detection system
CA2706848C (en) Active tag-based dispensing
EP1493135A4 (en) System and method for managing assets using a portable combined electronic article surveillance system and barcode scanner
US20050237194A1 (en) Self-monitored active rack
US7304574B2 (en) Alarm investigation using RFID
EP0522095A4 (en) Intelligent security system
AU2010202019B2 (en) Object management system
US20050237185A1 (en) Wireless computer monitoring device with automatic arming and disarming
ES2675871T3 (en) Security system and method for protecting goods
US7372364B2 (en) Algorithm for RFID security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11876372

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct app. not ent. europ. phase

Ref document number: 11876372

Country of ref document: EP

Kind code of ref document: A1