WO2015169574A1 - Alarm system communication - Google Patents

Alarm system communication Download PDF

Info

Publication number
WO2015169574A1
WO2015169574A1 PCT/EP2015/058488 EP2015058488W WO2015169574A1 WO 2015169574 A1 WO2015169574 A1 WO 2015169574A1 EP 2015058488 W EP2015058488 W EP 2015058488W WO 2015169574 A1 WO2015169574 A1 WO 2015169574A1
Authority
WO
WIPO (PCT)
Prior art keywords
alarm
encryption key
receiving station
alarm system
alarm receiving
Prior art date
Application number
PCT/EP2015/058488
Other languages
French (fr)
Inventor
Andrew Kelly
Darragh MAXWELL
John Odonnell
Original Assignee
Siemens Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Ab filed Critical Siemens Ab
Publication of WO2015169574A1 publication Critical patent/WO2015169574A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B25/00Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems
    • G08B25/004Alarm propagated along alternative communication path or using alternative communication medium according to a hierarchy of available ways to communicate, e.g. if Wi-Fi not available use GSM
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B25/00Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems
    • G08B25/01Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems characterised by the transmission medium
    • G08B25/08Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems characterised by the transmission medium using communication transmission lines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks

Definitions

  • This invention relates to a method of enabling encrypted communication in an alarm system.
  • Alarm systems are typically installed at a site or location and monitored remotely.
  • the alarm system may be installed on a building, or a series of buildings, or on one or more pieces of equipment at the site. Whether the alarm systems are monitored remotely, or at the site, they need to be able to communicate with an alarm receiving centre.
  • the alarm receiving centre typically monitors many sites and so is usually at a location remote from the site at which the alarm system is installed.
  • an alarm may be used to provide data about operation of machinery or events, such as fire or flooding that require some action in response.
  • this data may contain sensitive information which the operator of the site wishes to keep confidential.
  • symmetric key encryption For strong encryption, symmetric key encryption is used, where the same encryption key is entered at both the alarm system and the alarm receiving centre before any direct communication between the two can take place.
  • a 256-bit encryption key which is usually written as 64 hexadecimal characters (0-9, A-F)
  • 64 hexadecimal characters (0-9, A-F)
  • the operators may not be authorised to access the alarm system.
  • encryption is often avoided altogether because of the difficulties in providing the same information to two remote locations at the same time.
  • a method of enabling encrypted communication between an alarm receiving station and an alarm system remotely monitored by the alarm receiving station, using symmetric key encryption comprises setting a single default encryption key for both the alarm system and the alarm receiving station before dispatching the alarm system for installation; installing the alarm system at a location remote from the alarm receiving station; encrypting a communication request message using the default encryption key and sending the communication request message from the alarm system to the alarm receiving station; decrypting the message at the alarm receiving station using the default encryption key; automatically generating an updated encryption key; and providing the updated encryption key to the alarm system and alarm receiving station.
  • the updated encryption key may be generated at the alarm receiving station, but preferably, the updated encryption key is a randomly generated encryption key generated at the alarm system.
  • the method further comprises setting a password in the alarm system and requiring entry of the password before sending the communication request message from the alarm system to the alarm receiving station.
  • the method further comprises setting a password in the alarm receiving station and requiring entry of the password before decrypting the communication request message received at the alarm receiving station.
  • the same default encryption key could be used for all alarm systems which communicate with the same alarm receiving station, preferably the single default encryption key is unique for a particular pairing of alarm system and alarm receiving station.
  • the alarm receiving centre is adapted to receive communication request messages from a plurality of alarm systems.
  • the communication request message is sent via one of a wireless or wired local area network, internet connection, cable or telephone network.
  • the default encryption key is embedded in firmware in a
  • the method further comprises monitoring messages sent between the alarm system and alarm receiving station, determining when a predetermined threshold has been exceeded; automatically generating an updated encryption key and providing the automatically updated encryption key to the alarm system and the alarm receiving station.
  • the predetermined threshold is one of number of messages received at the alarm receiving centre and time elapsed since the previous automatic encryption key update.
  • the present invention overcomes the problems of trying to enter the same information accurately at two remote locations by providing the encryption key at each side separately, using this to set up a connection and then automatically updating the encryption key to a randomly generated key and exchanging that between the two parties.
  • Figure 1 shows an example of an alarm system structure in which the method of the present invention may be used.
  • Figure 2 is a flow diagram of the method of the present invention.
  • a monitored communication system is one in which if an alarm system is being monitored by an alarm receiving station, the alarm receiving station raises a "Fail to Communicate" alarm event in the event that the monitored communication system fails to successfully communicate with the alarm receiving station within a pre-defined timeout. The timeout varies greatly depending on the application.
  • the alarm receiving station reacts to a "Fail to Communicate" event in a pre-determined way depending on the type of installation that the alarm receiving station is protecting, for example making a call to the homeowner for a domestic alarm, or a call to the police for a bank.
  • An alarm network may comprise one or more alarm systems and an alarm receiving station. With building based intruder alarms, one of the alarm systems may be co-located with the alarm receiving centre, but generally all of the alarm systems are sited remote from the alarm receiving centre.
  • Fig.1 illustrates an example of such an alarm network 1, in this case showing up to n alarm systems 2, 3, 4 connected to an alarm receiving centre 5 via a network 6, such as the internet, although other types of network connection, such as cable or telephone networks or local area networks may be used, depending on the distances and type of communication appropriate for the application. Over the network, the communication path is typically multi-path.
  • An alarm system may include 1 to 10 alarm transmission paths.
  • a typical alarm transmission path may, for example use an Ethernet and GPRS path to a primary central monitoring station and another Ethernet and GPRS path to a backup central monitoring station. There are many settings available in the configuration of the alarm system and many alarm transmission paths.
  • symmetric key encryption has required the key to be entered at both locations in order to set up communication between the alarm system and the alarm receiving centre and the practical complications of achieving this have often led to encryption being omitted altogether.
  • One option to overcome this problem is to generate the encryption key from a password, but this requires special software at both sides to generate the key and the password still needs to be entered at both sites. If using a password a very strong password is required for good encryption. If the personnel at the alarm receiving centre, or the alarm system, are not authorised to enter encryption keys or passwords, then a specialist operator may have to visit each site, which is costly and time consuming and may still lead to errors in the data input.
  • a default encryption key is generated 20 and before the alarm system 2 is installed at its remote location, that default encryption key is loaded 21 into memory in the alarm system and in the alarm receiving centre 5.
  • This step may be carried out by connecting the alarm system to a set-up server in the alarm receiving centre, so the default encryption key is not known to any operator. This is also less likely to result in errors in data entry.
  • the setup server may display the default encryption key to an operator for the operator to enter in the alarm system memory before the alarm system is dispatched for installation 22.
  • the alarm receiving centre associates the default encryption key with an identifier of the alarm system, so that when a connection request is received from that alarm system, the alarm receiving centre knows which default encryption key has been allocated and can set up the connection with that alarm system.
  • the default operation of the alarm system uses the default encryption key to provide the initial encryption and that default encryption key is known by both the alarm system and by the alarm receiving centre software. For each alarm system 2, 3, 4 a different default encryption key may be generated.
  • the default encryption key is only used for the initial communication, then the encryption key at both sides is undated and any attempt to use the default fails.
  • the default encryption key may be embedded in firmware in a manufactured panel of the alarm receiving station, or installed as software in the alarm system. As the default key is obfuscated, it is more secure. As explained above, it may also be automatically entered from a set-up server, so the key does not have to be disclosed to an operator.
  • a message, encrypted 23 using the default encryption key and including an alarm system identifier, is sent along links 7, 8, 9 to the alarm receiving centre 5 requesting a connection.
  • the alarm receiving centre checks the identifier 24 and decrypts the request message using the default encryption key associated with that identifier.
  • an alarm panel which is typically one at the alarm system, but may alternatively be one at the alarm receiving centre then automatically updates 25 the encryption keys for both the alarm system and the alarm receiving centre to a randomly generated encryption key and distributes 26 this updated encryption key to the alarm system 1 and alarm receiving centre 5.
  • the randomly generated encryption key is generated at whichever of the alarm system or alarm receiving centre that initiates the automatic update.
  • the message to update the encryption keys is sent by the alarm system to the alarm receiving centre, or vice versa accordingly.
  • the decision on when to update the encryption keys is typically based on certain triggers, such as the encryption key being considered old based on a certain lifetime e.g. 1 week, or a certain number of uses, e.g. used for 50,000 messages.
  • the message needs to be resilient to communication loses during the exchange of the updated encryption key, so that the encryption does not go out of synch. This can be achieved by means of polling and acknowledgment messages to confirm the safe update.
  • the alarm receiving centre must store both the old and new encryption key and not delete the old encryption key until a valid message has been received with the new encryption key.
  • the alarm receiving centre If a message is received, still encrypted with the old encryption key, then the alarm receiving centre assumes that the update has failed and carries on using the old encryption key until a further attempt to update the encryption key is successful. If the received message has been encrypted with the new encryption key, although the alarm receiving centre has not had any confirmation that the change has been carried out, then the alarm receiving centre uses the new encryption key. For alarm system 3, the same process is followed with the connection request using links 10, 8, 9 and for alarm 4, the connection request uses links 11, 9.
  • the alarm system 2, 3, 4 does not use the default encryption key again when communicating with the alarm receiving centre 5, nor will the alarm receiving centre allow communications from the alarm system again using the default encryption key. Any such attempt may result in a notification to the alarm receiving centre, indicating that there may be a security issue with that alarm system.
  • the password may be a default, secret password, not known to the operator who carries out the initial commissioning, or one specific to that alarm system/alarm receiving pair which an operator enters.
  • the encryption key is automatically updated periodically 27, for example after a fixed number of messages have been exchanged, or after a fixed time period has elapsed.
  • the automatic update of the encryption key takes place without any person ever knowing the encryption key, which reduces the chances of encryption hacking considerably.
  • the present invention has the advantages that encryption keys can be set up without having to do complicated encryption key entry at two locations and may be done using factory defaults, so that neither the alarm system, nor the alarm receiving centre have to be enabled for entry of encryption keys.
  • the method may be used with any communications device at the supervised premises, whether that be a building, or perimeter type intruder alarm, or one fitted to valuable equipment, such as cranes or diggers, which is triggered when they go out of range of a alarm base station, or into a different geographical area.
  • the formatting of alarm event messages from the alarm system to the alarm receiving centre may be adapted as described in our co-pending patent application no. GB 1408036.0 to increase the amount of information which can be transmitted to the alarm receiving centre when an alarm occurs.

Abstract

A method of enabling encrypted communication between an alarm receiving station and an alarm system remotely monitored by the alarm receiving station, using symmetric key encryption, comprises setting a single default encryption key for both the alarm system and the alarm receiving station before dispatching the alarm system for installation; and installing the alarm system at a location remote from the alarm receiving station. A communication request message is encrypted using the default encryption key and the communication request message is sent from the alarm system to the alarm receiving station. The message is decrypted at the alarm receiving station using the default encryption key and an updated encryption key is automatically generated and provided to the alarm system and alarm receiving station.

Description

ALARM SYSTEM COMMUNICATION
This invention relates to a method of enabling encrypted communication in an alarm system.
Alarm systems are typically installed at a site or location and monitored remotely. For example the alarm system may be installed on a building, or a series of buildings, or on one or more pieces of equipment at the site. Whether the alarm systems are monitored remotely, or at the site, they need to be able to communicate with an alarm receiving centre. For efficiency, the alarm receiving centre typically monitors many sites and so is usually at a location remote from the site at which the alarm system is installed.
As well as using alarms to indicate an intrusion into a site, an alarm may be used to provide data about operation of machinery or events, such as fire or flooding that require some action in response. The more data that is available to the alarm receiving centre about the cause of the alarm, the better the centre is able to determine what response is required. However, this data may contain sensitive information which the operator of the site wishes to keep confidential. Thus, it is desirable that communications between an alarm system and an alarm receiving centre are encrypted.
For strong encryption, symmetric key encryption is used, where the same encryption key is entered at both the alarm system and the alarm receiving centre before any direct communication between the two can take place. However, a 256-bit encryption key, which is usually written as 64 hexadecimal characters (0-9, A-F), is prone to errors in entering the key at each side, in particular, if one party has the key and is reading this out over the telephone to an operator on the other side. In some cases, the operators may not be authorised to access the alarm system. As a result of these problems, encryption is often avoided altogether because of the difficulties in providing the same information to two remote locations at the same time.
In accordance with a first aspect of the present invention, a method of enabling encrypted communication between an alarm receiving station and an alarm system remotely monitored by the alarm receiving station, using symmetric key encryption, comprises setting a single default encryption key for both the alarm system and the alarm receiving station before dispatching the alarm system for installation; installing the alarm system at a location remote from the alarm receiving station; encrypting a communication request message using the default encryption key and sending the communication request message from the alarm system to the alarm receiving station; decrypting the message at the alarm receiving station using the default encryption key; automatically generating an updated encryption key; and providing the updated encryption key to the alarm system and alarm receiving station.
The updated encryption key may be generated at the alarm receiving station, but preferably, the updated encryption key is a randomly generated encryption key generated at the alarm system.
In one embodiment, the method further comprises setting a password in the alarm system and requiring entry of the password before sending the communication request message from the alarm system to the alarm receiving station.
In another embodiment, the method further comprises setting a password in the alarm receiving station and requiring entry of the password before decrypting the communication request message received at the alarm receiving station.
Although the same default encryption key could be used for all alarm systems which communicate with the same alarm receiving station, preferably the single default encryption key is unique for a particular pairing of alarm system and alarm receiving station.
Preferably, the alarm receiving centre is adapted to receive communication request messages from a plurality of alarm systems.
Preferably, the communication request message is sent via one of a wireless or wired local area network, internet connection, cable or telephone network.
Preferably, the default encryption key is embedded in firmware in a
manufactured panel of the alarm receiving station, or installed as software in the alarm system.
Preferably, the method further comprises monitoring messages sent between the alarm system and alarm receiving station, determining when a predetermined threshold has been exceeded; automatically generating an updated encryption key and providing the automatically updated encryption key to the alarm system and the alarm receiving station.
Preferably, the predetermined threshold is one of number of messages received at the alarm receiving centre and time elapsed since the previous automatic encryption key update. The present invention overcomes the problems of trying to enter the same information accurately at two remote locations by providing the encryption key at each side separately, using this to set up a connection and then automatically updating the encryption key to a randomly generated key and exchanging that between the two parties.
An example of an alarm system and method according to the present invention will now be described with reference to the accompany drawings in which:
Figure 1 shows an example of an alarm system structure in which the method of the present invention may be used; and,
Figure 2 is a flow diagram of the method of the present invention.
In any communications device of an alarm system at supervised premises, there is a need to be able to communicate securely with an alarm receiving station, for example an alarm receiving centre where operators monitor and respond to alarm signals e.g. from buildings, or an alarm base station for monitoring alarmed moveable equipment. In some cases the alarm receiving centre may receive and process alarm signals from an alarm base station which acts as a local alarm receiving centre for alarmed moveable equipment. A monitored communication system is one in which if an alarm system is being monitored by an alarm receiving station, the alarm receiving station raises a "Fail to Communicate" alarm event in the event that the monitored communication system fails to successfully communicate with the alarm receiving station within a pre-defined timeout. The timeout varies greatly depending on the application. The alarm receiving station reacts to a "Fail to Communicate" event in a pre-determined way depending on the type of installation that the alarm receiving station is protecting, for example making a call to the homeowner for a domestic alarm, or a call to the police for a bank.
The alarm system and alarm receiving centre form part of an alarm network. An alarm network may comprise one or more alarm systems and an alarm receiving station. With building based intruder alarms, one of the alarm systems may be co-located with the alarm receiving centre, but generally all of the alarm systems are sited remote from the alarm receiving centre. Fig.1 illustrates an example of such an alarm network 1, in this case showing up to n alarm systems 2, 3, 4 connected to an alarm receiving centre 5 via a network 6, such as the internet, although other types of network connection, such as cable or telephone networks or local area networks may be used, depending on the distances and type of communication appropriate for the application. Over the network, the communication path is typically multi-path. An alarm system may include 1 to 10 alarm transmission paths. A typical alarm transmission path may, for example use an Ethernet and GPRS path to a primary central monitoring station and another Ethernet and GPRS path to a backup central monitoring station. There are many settings available in the configuration of the alarm system and many alarm transmission paths.
As discussed above, conventionally, symmetric key encryption has required the key to be entered at both locations in order to set up communication between the alarm system and the alarm receiving centre and the practical complications of achieving this have often led to encryption being omitted altogether. One option to overcome this problem is to generate the encryption key from a password, but this requires special software at both sides to generate the key and the password still needs to be entered at both sites. If using a password a very strong password is required for good encryption. If the personnel at the alarm receiving centre, or the alarm system, are not authorised to enter encryption keys or passwords, then a specialist operator may have to visit each site, which is costly and time consuming and may still lead to errors in the data input.
In this example illustrated in Figs. l and 2, a default encryption key is generated 20 and before the alarm system 2 is installed at its remote location, that default encryption key is loaded 21 into memory in the alarm system and in the alarm receiving centre 5. This step may be carried out by connecting the alarm system to a set-up server in the alarm receiving centre, so the default encryption key is not known to any operator. This is also less likely to result in errors in data entry. Alternatively, the setup server may display the default encryption key to an operator for the operator to enter in the alarm system memory before the alarm system is dispatched for installation 22. The alarm receiving centre associates the default encryption key with an identifier of the alarm system, so that when a connection request is received from that alarm system, the alarm receiving centre knows which default encryption key has been allocated and can set up the connection with that alarm system. The default operation of the alarm system uses the default encryption key to provide the initial encryption and that default encryption key is known by both the alarm system and by the alarm receiving centre software. For each alarm system 2, 3, 4 a different default encryption key may be generated. The default encryption key is only used for the initial communication, then the encryption key at both sides is undated and any attempt to use the default fails. The default encryption key may be embedded in firmware in a manufactured panel of the alarm receiving station, or installed as software in the alarm system. As the default key is obfuscated, it is more secure. As explained above, it may also be automatically entered from a set-up server, so the key does not have to be disclosed to an operator.
At alarm system 1 , a message, encrypted 23 using the default encryption key and including an alarm system identifier, is sent along links 7, 8, 9 to the alarm receiving centre 5 requesting a connection. The alarm receiving centre checks the identifier 24 and decrypts the request message using the default encryption key associated with that identifier. Once a valid connection has been negotiated between the alarm system 2 and the alarm receiving centre 5, an alarm panel, which is typically one at the alarm system, but may alternatively be one at the alarm receiving centre then automatically updates 25 the encryption keys for both the alarm system and the alarm receiving centre to a randomly generated encryption key and distributes 26 this updated encryption key to the alarm system 1 and alarm receiving centre 5. The randomly generated encryption key is generated at whichever of the alarm system or alarm receiving centre that initiates the automatic update. The message to update the encryption keys is sent by the alarm system to the alarm receiving centre, or vice versa accordingly. The decision on when to update the encryption keys is typically based on certain triggers, such as the encryption key being considered old based on a certain lifetime e.g. 1 week, or a certain number of uses, e.g. used for 50,000 messages. The message needs to be resilient to communication loses during the exchange of the updated encryption key, so that the encryption does not go out of synch. This can be achieved by means of polling and acknowledgment messages to confirm the safe update. However, the alarm receiving centre must store both the old and new encryption key and not delete the old encryption key until a valid message has been received with the new encryption key. If a message is received, still encrypted with the old encryption key, then the alarm receiving centre assumes that the update has failed and carries on using the old encryption key until a further attempt to update the encryption key is successful. If the received message has been encrypted with the new encryption key, although the alarm receiving centre has not had any confirmation that the change has been carried out, then the alarm receiving centre uses the new encryption key. For alarm system 3, the same process is followed with the connection request using links 10, 8, 9 and for alarm 4, the connection request uses links 11, 9.
After the updated encryption keys have been successfully exchanged, the alarm system 2, 3, 4 does not use the default encryption key again when communicating with the alarm receiving centre 5, nor will the alarm receiving centre allow communications from the alarm system again using the default encryption key. Any such attempt may result in a notification to the alarm receiving centre, indicating that there may be a security issue with that alarm system.
If there are concerns about the communications being very slightly vulnerable during initial commissioning, then additional security may be provided by requiring that a password is entered to secure the initial commissioning. This password needs to be entered at both the alarm system and the alarm receiving centre, but the complexity is not as great as the encryption key, so the operator is less likely to introduce errors during entry of the password. The password may be a default, secret password, not known to the operator who carries out the initial commissioning, or one specific to that alarm system/alarm receiving pair which an operator enters.
For further security, the encryption key is automatically updated periodically 27, for example after a fixed number of messages have been exchanged, or after a fixed time period has elapsed. The automatic update of the encryption key takes place without any person ever knowing the encryption key, which reduces the chances of encryption hacking considerably.
The present invention has the advantages that encryption keys can be set up without having to do complicated encryption key entry at two locations and may be done using factory defaults, so that neither the alarm system, nor the alarm receiving centre have to be enabled for entry of encryption keys. Once the updated encryption key has been swapped, it is known by the alarm system and to the alarm receiving centre, but is not known by any person, further improving security. The method may be used with any communications device at the supervised premises, whether that be a building, or perimeter type intruder alarm, or one fitted to valuable equipment, such as cranes or diggers, which is triggered when they go out of range of a alarm base station, or into a different geographical area.
As is common with communications systems, it is desirable to have a back-up transmission mechanism in case of faults and this may be achieved by using primary and secondary communication paths as described in our co-pending patent application no. GB 1408033.7
The formatting of alarm event messages from the alarm system to the alarm receiving centre may be adapted as described in our co-pending patent application no. GB 1408036.0 to increase the amount of information which can be transmitted to the alarm receiving centre when an alarm occurs.
The configuration of the alarm system and alarm receiving centre may be carried out as described in our co-pending patent application no. GB 1408034.5

Claims

1. A method of enabling encrypted communication between an alarm receiving station and an alarm system remotely monitored by the alarm receiving station, using symmetric key encryption, the method comprising setting a single default encryption key for both the alarm system and the alarm receiving station before dispatching the alarm system for installation; installing the alarm system at a location remote from the alarm receiving station; encrypting a communication request message using the default encryption key and sending the communication request message from the alarm system to the alarm receiving station; decrypting the message at the alarm receiving station using the default encryption key; automatically generating an updated encryption key; and providing the updated encryption key to the alarm system and alarm receiving station.
2. A method according to claim 1, wherein the updated encryption key is a randomly generated encryption key generated at the alarm system.
3. A method according to claim 1 or claim 2, wherein the method further comprises setting a password in the alarm system and requiring entry of the password before sending the communication request message from the alarm system to the alarm receiving station.
4. A method according to claim 1 or claim 2, wherein the method further comprises setting a password in the alarm receiving station and requiring entry of the password before decrypting the communication request message received at the alarm receiving station.
5. A method according to any preceding claim, wherein the single default encryption key is unique for a particular pairing of alarm system and alarm receiving station.
6. A method according to any preceding claim, wherein the alarm receiving centre is adapted to receive communication request messages from a plurality of alarm systems.
7. A method according to any preceding claim, wherein the communication request message is sent via one of a wireless or wired local area network, internet connection, cable or telephone network.
8. A method according to any preceding claim, wherein the default encryption key is embedded in firmware in a manufactured panel of the alarm receiving station, or installed as software in the alarm system.
9. A method according to any preceding claim, wherein the method further comprises monitoring messages sent between the alarm system and alarm receiving station, determining when a predetermined threshold has been exceeded; automatically generating an updated encryption key and providing the automatically updated encryption key to the alarm system and the alarm receiving station.
10. A method according to claim 9, wherein the predetermined threshold is one of number of messages received at the alarm receiving centre and time elapsed since the previous automatic encryption key update.
PCT/EP2015/058488 2014-05-07 2015-04-20 Alarm system communication WO2015169574A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1408030.3 2014-05-07
GB1408030.3A GB2525880A (en) 2014-05-07 2014-05-07 Alarm system communication

Publications (1)

Publication Number Publication Date
WO2015169574A1 true WO2015169574A1 (en) 2015-11-12

Family

ID=50980708

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/058488 WO2015169574A1 (en) 2014-05-07 2015-04-20 Alarm system communication

Country Status (2)

Country Link
GB (1) GB2525880A (en)
WO (1) WO2015169574A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040030891A1 (en) * 2002-02-14 2004-02-12 Kuniaki Kurihara Information processing system, information processing apparatus and method, recording medium, and program
EP1901255A1 (en) * 2006-09-15 2008-03-19 Siemens Schweiz AG Communication module card for a hazard unit

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE0100474D0 (en) * 2001-02-14 2001-02-14 Ericsson Telefon Ab L M A security architecture
US8369525B2 (en) * 2002-10-24 2013-02-05 At&T Mobility Ii Llc Dynamic password update for wireless encryption system
US8705744B2 (en) * 2007-04-05 2014-04-22 Koninklijke Philips N.V. Wireless sensor network key distribution
US9203617B2 (en) * 2011-08-17 2015-12-01 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040030891A1 (en) * 2002-02-14 2004-02-12 Kuniaki Kurihara Information processing system, information processing apparatus and method, recording medium, and program
EP1901255A1 (en) * 2006-09-15 2008-03-19 Siemens Schweiz AG Communication module card for a hazard unit

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Handbook of Applied Cryptography; [CRC PRESS SERIES ON DISCRETE MATHEMATICS AND ITS APPLICATIONS]", 1 January 1997, CRC PRESS, article ALFRED MENEZES ET AL: "Chapter 12 Key Establishment Protocols", pages: 489 - 541, XP055054985 *

Also Published As

Publication number Publication date
GB2525880A (en) 2015-11-11
GB201408030D0 (en) 2014-06-18

Similar Documents

Publication Publication Date Title
US7925249B2 (en) Secure control of a wireless sensor network via the internet
US20070130294A1 (en) Methods and apparatus for communicating with autonomous devices via a wide area network
CN109005189A (en) A kind of access transmission platform suitable for double net isolation
CN105593911A (en) Access control using portable electronic devices
US8351602B2 (en) Dual-mode wireless sensor network system and key establishing method and event processing method thereof
CN101283539A (en) Network security appliance
NO336942B1 (en) Arrangement of units to form a monitoring system.
CN103168458A (en) Method for managing keys in a manipulation-proof manner
US20140298436A1 (en) Cloud control system and method for lan-based controlled apparatus
CN106027467A (en) Identity card reading response system
KR102130950B1 (en) System and method for secure appliance operation
US10747185B2 (en) System and method for performing encryption between alarm panel and monitoring station
GB2443021A (en) Monitoring System using Multi-Hop Mesh Networks
KR102125047B1 (en) Key Management and Operation Method for Improving Security of Distribution Intelligence System
US20020019948A1 (en) Method and apparatus for preventing unauthorized intrusions into transmission apparatus maintenance system
WO2015169574A1 (en) Alarm system communication
JP2006345150A (en) Terminal device and authentication device
CN110768953B (en) Rapid Internet of things data encryption transmission method
JP4818731B2 (en) Disaster prevention system
KR20180025227A (en) Restore of headless electronic device
CN105357670A (en) Router
WO2015169573A1 (en) Alarm system communication
Swaminathan et al. The Secure Field Bus (SecFB) protocol-network communication security for secure industrial process control
JP4030548B2 (en) Security system for transmission equipment
JP2009004987A (en) Monitoring/controlling system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15723137

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15723137

Country of ref document: EP

Kind code of ref document: A1