WO2018011754A1 - Safety switch assembly for an alarm system - Google Patents
Safety switch assembly for an alarm system Download PDFInfo
- Publication number
- WO2018011754A1 WO2018011754A1 PCT/IB2017/054251 IB2017054251W WO2018011754A1 WO 2018011754 A1 WO2018011754 A1 WO 2018011754A1 IB 2017054251 W IB2017054251 W IB 2017054251W WO 2018011754 A1 WO2018011754 A1 WO 2018011754A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- safety switch
- switch assembly
- cod
- key
- code
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/02—Mechanical actuation
- G08B13/08—Mechanical actuation by opening, e.g. of door, of window, of drawer, of shutter, of curtain, of blind
Definitions
- the present invention relates to a safety switch assembly for an alarm system.
- the present invention finds advantageous, but not exclusive, application in alarm systems for doors or windows, to which the following description will make explicit reference without thereby losing generality.
- Most alarm systems for doors /windows comprise, for each door/window, a respective mechanical magnetic switch device consisting of a proper magnetic switch and a permanent magnet that enables the switch device when it is close to the magnetic switch.
- the mechanical magnetic switch device generates an alarm signal in case the two parts move away from each other.
- the magnetic switch can be fixed to the frame of a door/window and the permanent magnet can be fixed to the door or shutter of the door/window.
- the magnetic switch fixed to the frame comprises a magnetized body movable between an open circuit position and a closed circuit position, and an attractive element, which tends to attract towards itself the magnetized body to bring it in the open circuit position.
- the permanent magnet attracts the magnetized body keeping it in the closed circuit position.
- the permanent magnet moves away from the frame and therefore the attractive element moves the magnetized body into the open circuit position, at which an alarm signal is generated.
- the magnetic switch devices of the type described above proved to be easily eludable by using external magnetic elements or magnetic elements introduced between the door and the frame so as to keep the alarm systems inactive.
- magnetic switch devices have been designed, which comprise complex mechanical systems of the type described in, for example, U.S. patent no. US 6,506,987 Bl .
- these solutions do not prevent the introduction of a magnetic element in place of the originally coupled one or the generation of strong transverse magnetic fields from easily eluding this type of switch device.
- the switch device comprises electromechanical contacts that are easily oxidizable and subject to malfunctions in critical environmental conditions .
- the object of the present invention is to provide a safety switch which is free from the drawbacks of the magnetic switch devices described above and, at the same time, easy and inexpensive to manufacture.
- a safety switch assembly is provided as defined in the appended claims .
- FIG. 1 illustrates the main parts of the safety switch assembly implemented according to the teachings of the present invention
- FIG. 2 schematically illustrates an internal electronic board of a first part of the safety switch assembly of Figure 1;
- FIG. 3 schematically illustrates the elements of a second part of the safety switch assembly of Figure 1; and - Figures 4 to 6 illustrate the safety switch assembly of Figure 1 in three different operating situations.
- reference numeral 1 generally designates, as a whole, an alarm system for the signalling of an undesired opening of a door/window, the alarm system comprising a control unit 2, which is provided with a sound signalling device 3, typically consisting of a siren, and/or a light signalling device 4, typically consisting of a flashing light, and a plurality of safety switch assemblies, only one of which is shown in Figure 1 and indicated with number 5, and each of which is mounted on a respective door/window (not shown) .
- a control unit 2 which is provided with a sound signalling device 3, typically consisting of a siren, and/or a light signalling device 4, typically consisting of a flashing light
- a plurality of safety switch assemblies typically consisting of which is shown in Figure 1 and indicated with number 5, and each of which is mounted on a respective door/window (not shown) .
- the safety switch assembly 5 comprises a passive and substantially known NFC tag 6 and a respective reader device 7, which is able to communicate with the tag 6 according to the known NFC (Near Field Communication) wireless technology and is connected to the control unit 2 via a multiwire cable 8.
- the reader device 7 comprises an outer casing 9 made of plastic material, preferably having at least two through holes 10 for its mounting on the door/window by means of screws.
- the casing 9 is hermetically sealed.
- the tag 6 and the reader device 7 are designed to be fixed to two different mutually movable parts of the door/window.
- the reader device 7, through its casing 9, is mounted on the fixed frame of the door/window, and the tag 6 is fixed to the movable part (door/window shutter) of the door/window, for example through known adhesive means (not shown) , so as to be positioned facing the reader device 7 within the radio communication range between the tag 6 and said reader device 7, when the movable part of the door/window is closed against the fixed frame.
- the casing 9 has an elongated shape with a substantially rectangular plan, and a thickness somewhat smaller with respect to the longitudinal dimension.
- the reader device 7 comprises a printed-circuit electronic board 11 enclosed within the casing 9 (not shown in Figure 2) and having a plan of the same shape as the casing 9.
- the electronic board 11 comprises, at a first end, a substantially known planar multi-ring antenna 12 printed on the support 13 of said board 11 and, at the opposite end, terminals for connecting the cable 8 consisting of a pair of terminals 14a for an electrical power supply line 8a of the cable 8 and a pair of terminals 14b for a communication line 8b of the cable 8 for communication with the control unit 2.
- the electronic board 11 Arranged between the antenna 12 and the terminals 14a and 14b, the electronic board 11 comprises a plurality of electronic components, among which an NFC transceiver 15 coupled to the antenna 12 and a microcontroller 16, which is provided with an internal memory 16a and is interfaced with the NFC transceiver 15 and the pair of terminals 14b.
- the plurality of electronic components comprises a solid-state relay 17 which provides the interface between the microcontroller 16 and the pair of terminals 14b.
- the output of the relay 17 is connected to the pair of terminals 14b.
- the plurality of electronic components of the board 11 comprises a LED 18 which is controlled by the microcontroller 16 to serve as a status indicator and that can be seen, when turned on, by transparency through the casing 9, since the latter is made of a material that is not completely opaque to light.
- the plurality of electronic components of the board 11 comprises a three-axis accelerometer 20 connected to the microcontroller 16 to acquire acceleration values along the three Cartesian axes.
- the plurality of electronic components of the board 11 also comprises a magnetic sensor 21 consisting of, for example, a Hall sensor adapted to detect the presence of a magnet (not shown) close to and on the outside of the reader device 7 in order to provide a corresponding programming start signal used by the microcontroller 16 for programming the safety switch assembly 5, as will be better explained hereinafter.
- the casing 9 has a small recess 19 in the area of the magnetic sensor 21 acting as an indicator of the position of the magnetic sensor 21 itself.
- the support 13 of the electronic board 11 comprises two through holes 22, each of which is coaxial with a respective hole 10 of the casing 9.
- the tag 6 comprises a casing 23, which preferably, but not necessarily, is thin and flexible, enclosing a respective multi-ring antenna 24, which preferably, but not necessarily, has a shape and size similar to those of the antenna 12 of the reader device 7, and an NFC transceiver 25 coupled to the antenna 24 and self- powered by the electrical signal supplied by the antenna 24, and provided with a non-volatile and writeable memory 26.
- the casing 23 is provided with a rigid support (not shown) , for example made of plastic material, to allow a more resistant mechanical fixing to the movable part of the door/window.
- the memories 16a and 26 are pre-programmed so as to contain pre-programming data identical between the two memories, such data comprising, for example, one or more serial numbers that identify the common supplier of the tag 6 and of the reader device 7, and, in a unique way, the tag 6.
- the safety switch assembly 5 When used for the first time, the safety switch assembly 5 must be programmed to uniquely associate the tag 6 with the reader device 7 and enable the two devices 6 and 7 to communicate with each other.
- the programming is started by bringing said magnet close to the recess 19 of the casing 9 of the reader device 7.
- the magnetic sensor 21 when it detects the presence of the magnet, generates the programming start signal, upon receipt of which the microcontroller 16 switches to a programming status.
- the tag 6 During programming, the tag 6 must be positioned close to the reader device 7, i.e. within the radio communication range between the tag 6 and the reader device 7, preferably in front of that portion 9a of the casing 9 of the reader device 7 which encloses the antenna 12, as shown in Figure 4.
- the radio communication range corresponds to a certain maximum distance Dmax between the tag 6 and the reader device 7 which substantially depends on the electrical and electronic features of the components of the devices 6 and 7.
- Dmax Typically, it is possible to obtain a distance Dmax of as little as a few centimetres, for example 2.5 cm.
- the microcontroller 16 is configured to perform the following operations when it is in the programming status: controlling the NFC transceiver 15 so as to read the pre ⁇ programming data from the memory 26 of the tag 6; checking whether the read programming data are correct by comparing them with those stored in the memory 16a; generating at least one 16-bit encryption key, hereinafter referred to as Kl, and a code COD, consisting of a random number, if the checking of the programming data is successful; writing the key Kl and the code COD in its memory 16a; and controlling the NFC transceiver 15 so as to write the key Kl and the code COD in the memory 26 of the tag 6.
- the microcontroller 16 disables the magnetic sensor 21, in order to avoid subsequent reprogramming of the safety switch assembly 5, and switches to an operational state .
- the key Kl is therefore shared between the reader device 7 and the tag 6 so as to be used for a symmetric-key encrypted communication, preferably based on a 128-bit AES encryption algorithm, between the reader device 7 and the tag 6 during normal use of the safety switch assembly 5.
- the microcontroller 16 is configured to perform the following operations when it is in the operational state: controlling the NFC transceiver 15 so as to periodically interrogate the tag 6 by means of a symmetric-key encrypted communication in order to receive an expected reply from said tag 6; and generating an alarm signal in the absence of said expected reply.
- the periodic interrogation of the tag 6 consists in: periodically establishing the encrypted communication; reading the code COD from the memory 26 through the encrypted communication; checking whether the read code COD is correct by comparing it with the code COD stored in the memory 16a; and generating an internal alarm signal AI if no positive result is achieved from the check of the read code (COD) within a given number of consecutive attempts, hereinafter referred to as NE and preferably equal to at least two.
- the periodicity of the interrogation of the tag 6 is preferably equal to 300 ms .
- the periodic interrogation begins by checking the serial number that uniquely identifies the tag 6. This is a preventative check to check for the presence of the tag 6 within the radio coverage of the reader 7 and authorize the subsequent steps of the interrogation.
- the step of establishing the encrypted communication comprises authenticating such encrypted communication by checking whether the key Kl is shared by the tag 6 and the reader 7 and generating a temporary key Kls, different from the key Kl and only valid for the encrypted communication of the current interrogation.
- Checking for the sharing of the key Kl and generating the temporary key Kls are carried out by known techniques.
- the temporary key Kls is generated starting from two sequences of random numbers, a first sequence being generated by the reader 7 and the second sequence being generated by the tag 6.
- the reading of the code COD consists in reading a random subset of the code COD through an encrypted communication via the key Kls.
- Checking the correctness of the code COD consists in comparing the subset of the read code COD with the corresponding subset of the code COD stored in the memory 16a.
- the reader device 7 is configured to periodically interrogate the tag 6 to obtain from the latter, as an expected reply, a code COD, and in particular a random subset of the code COD, which corresponds to the code COD, and in particular to the corresponding subset of the code COD, stored in the memory 16a of said reader device 7.
- a code COD and in particular a random subset of the code COD, which corresponds to the code COD, and in particular to the corresponding subset of the code COD, stored in the memory 16a of said reader device 7.
- the reader device 7 In the absence of a correct code COD, the reader device 7 generates the alarm signal AI . Communication errors between the reader device 7 and the tag 6 which lead to failure to determine a correct code COD are essentially due to:
- the reading of the code COD is not possible if the step of authentication of the encrypted communication, resulting in the generation of the temporary key Kls, fails, thus preventing anyone from knowing the code COD.
- the key Kl is never exchanged and is only used to encrypt very few data at a time, for example during the step of checking for the sharing of the key Kl, and especially random subsets of data, thus reducing the risk of cloning of the safety switch assembly 5.
- Communications containing subsets of code COD are encrypted each time with a different temporary key Kls, making it impossible for a third party to replicate the signal with information relating to the code COD.
- the internal alarm signal AI is generated when a number NE of consecutive communication errors occur, in order to prevent false alarms.
- the microcontroller 16 is configured to control the relay 17 as a function of the alarm signal AI, so as to switch the output of the relay 17 to an alarm state.
- the relay 17 is switchable between a short- circuit state in which the output of the relay 17 is substantially short-circuited, and an open-circuit state in which the output of the relay 17 is substantially an open circuit.
- One of the two states of the output of the relay 17 corresponds to an alarm state of the reader device 7.
- the control unit 2 is configured to read the output of the relay 17 and to activate the sound signalling device 3 and/or the light signalling device 4 when the output of the relay 17 is in the alarm state.
- the open-circuit state corresponds to the alarm state of the reader device 7.
- Figures 4 to 6 illustrate three respective situations during normal use of the safety switch assembly 5.
- Figure 4 illustrates the situation of "contact” between the tag 6 and the reader device 7, wherein the tag 6 is located in front of the portion of the casing 9 which encloses the antenna 12, and on average at a distance less than the distance Dmax .
- the reader device 7 is able to detect the tag 7, authenticate the encrypted communication using the shared key Kl and read the code COD to check whether it is correct.
- Figures 5 and 6 show two situations of "separation" of the tag 6 from the reader device, wherein the tag 6 moves away from the antenna 12 to an average distance greater than Dmax in a direction Dl substantially perpendicular to the plane of the antenna 12 ( Figure 5), as for example in hinged doors /windows , and in a direction D2 substantially parallel to the plane of the antenna 12 ( Figure 6), as for example in hinged doors /windows .
- the reader device 7 is not able to detect the tag 7, nor to authenticate the encrypted communication using the shared key Kl, nor to correctly read the code COD.
- the encrypted communication between the tag 6 and the reader device 7 also allows for detecting any attempts to tamper with this communication, such as for example the use of external devices for transmitting signals which fraudulently reproduce the code COD stored in the tag 6.
- the fraudulent transmissions of the code COD by taking place without the knowledge of the key Kl, make the authentication or the correct reading of the code COD fail, and hence cause the generation of the alarm signal AI .
- the microcontroller 16 is further configured to process the acceleration values acquired by the accelerometer 20 so as to obtain a mean value of acceleration and generate the alarm signal AI when the mean value of acceleration exceeds a predetermined threshold value of acceleration ATH for a predetermined period of time TTH.
- the acceleration threshold ATH and the period of time TTH are values that characterize a collision. This allows the control unit 2 to activate the sound signalling device 3 and/or the light signalling device 4 when the door/window is subjected to a collision or impact produced by a break-in attempt.
- the microcontroller 16 is configured to perform the following additional operations while in the programming status: generating a second 16-bit encryption key K2, writing it in the memories 16a and 26 similarly to the key Kl, and using it together with the key Kl for communication between the reader device 7 and the tag 6, so as to provide a dual symmetric-key encrypted communication, preferably based on a 128-bit AES encryption algorithm.
- This further embodiment allows for increasing the immunity to tampering with the communication between the tag 6 and the reader device 7.
- the microcontroller 16 is configured to perform the following additional operations while in the programming status: generating a third encryption key K3, writing it in its own memory 16a and using it to encrypt the code COD before writing the latter in its own memory 16a and in the memory 26 of the tag 6.
- the microcontroller 16 is configured to decrypt the read code COD before its correctness is checked in the operational state. Encryption and decryption of the code COD are preferably based on a 128-bit AES encryption algorithm. This additional embodiment allows for further increasing the immunity to tampering with the communication between the tag 6 and the reader device 7.
- the reader device 7 comprises, instead of the relay 17, a serial data interface, for example of the RS485 type, which is connectable to the control unit 2 so as to enable the microcontroller 16 to communicate with the control unit 2 through an encrypted communication, and in particular to transmit the alarm signal AI directly to the control unit 2 through an encrypted communication.
- a serial data interface for example of the RS485 type
- the control unit 2 to easily detect any tampering with the cable 8, for example the cutting or a short circuit of the communication line 8b.
- the outer casing 9 is devoid of the through holes 10 and is adapted to be glued to the door/window, and consequently the electronic board 11 is also devoid of respective through holes 22.
- the main advantage of the safety switch assembly 5 described above is a higher level of security than the known magnetic switch devices used for the same purpose.
- the fully electronic design allows the size of the safety switch assembly 5 to be greatly reduced, which makes it more adaptable to the cramped spaces of the typical applications intended for it.
- the fully electronic design and the use of a magnetic sensor 21 for the initial programming of the safety switch assembly 5 allow the use of a fully hermetic casing 9 to be employed in a submerged environment.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Alarm Systems (AREA)
- Burglar Alarm Systems (AREA)
Abstract
A safety switch assembly for an alarm system capable of signalling a mutual separation between two bodies, the safety switch assembly (5) comprising a passive NFC tag (6), which can be applied to a first one of the two bodies, and a reader device (7), which comprises a casing (9) mountable on the second one of the two bodies and housing, on the inside, an NFC transceiver (15) and an electronic control unit (16) configured to control the NFC transceiver (15) so as to periodically interrogate the NFC tag (6) by means of a symmetric-key encrypted communication in order to receive an expected reply from the NFC tag (6) and generate an alarm signal (AI) in the lack of said expected reply.
Description
"SAFETY SWITCH ASSEMBLY FOR AN ALARM SYSTEM"
FIELD OF THE INVENTION
The present invention relates to a safety switch assembly for an alarm system.
In particular, the present invention finds advantageous, but not exclusive, application in alarm systems for doors or windows, to which the following description will make explicit reference without thereby losing generality.
BACKGROUND
Most alarm systems for doors /windows comprise, for each door/window, a respective mechanical magnetic switch device consisting of a proper magnetic switch and a permanent magnet that enables the switch device when it is close to the magnetic switch. The mechanical magnetic switch device generates an alarm signal in case the two parts move away from each other.
In more detail, the magnetic switch can be fixed to the frame of a door/window and the permanent magnet can be fixed to the door or shutter of the door/window. The magnetic switch fixed to the frame comprises a magnetized body movable between an open circuit position and a closed circuit position, and an attractive element, which tends to attract towards itself the magnetized body to bring it in the open circuit position. When the door is closed, the permanent magnet attracts the magnetized body keeping it in the closed circuit position. Instead, when the door is opened, the permanent magnet moves away from the frame and therefore the attractive element moves the magnetized body into the open circuit position, at which an alarm signal is generated.
However, the magnetic switch devices of the type described above proved to be easily eludable by using external magnetic elements or magnetic elements introduced between the door and the frame so as to keep the alarm systems inactive.
To solve the above problem, magnetic switch devices have been designed, which comprise complex mechanical systems of the type described in, for example, U.S. patent no. US 6,506,987 Bl . However, these solutions do not prevent the introduction of a magnetic element in place of the originally coupled one or the generation of strong transverse magnetic fields from easily eluding this type of switch
device. Furthermore, the switch device comprises electromechanical contacts that are easily oxidizable and subject to malfunctions in critical environmental conditions .
Systems to detect the forcing of a barrier which use the RIFD technology are also known, such as that described in U.S. patent application no. US 2011/0057788 Al . The system described in this patent application comprises an RFID tag to be applied to the barrier to be monitored, and an RFID reader to be applied to a fixed frame around the barrier. The RFID tag includes a unique identification code and the system generates an alarm event if the RFID reader no longer reads the identification code from the RFID tag. The disadvantage of this system is that it can easily be cloned.
OBJECT OF THE INVENTION
The object of the present invention is to provide a safety switch which is free from the drawbacks of the magnetic switch devices described above and, at the same time, easy and inexpensive to manufacture.
In accordance with the present invention, a safety switch assembly is provided as defined in the appended claims .
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will now be described with reference to the accompanying drawings, which illustrate a
non-limiting embodiment thereof, in which:
- Figure 1 illustrates the main parts of the safety switch assembly implemented according to the teachings of the present invention;
- Figure 2 schematically illustrates an internal electronic board of a first part of the safety switch assembly of Figure 1;
- Figure 3 schematically illustrates the elements of a second part of the safety switch assembly of Figure 1; and - Figures 4 to 6 illustrate the safety switch assembly of Figure 1 in three different operating situations.
PREFFERED EMBODIMENT OF THE INVENTION
In Figure 1, reference numeral 1 generally designates, as a whole, an alarm system for the signalling of an undesired opening of a door/window, the alarm system comprising a control unit 2, which is provided with a sound signalling device 3, typically consisting of a siren, and/or a light signalling device 4, typically consisting of a flashing light, and a plurality of safety switch assemblies, only one of which is shown in Figure 1 and indicated with number 5, and each of which is mounted on a respective door/window (not shown) .
According to the present invention, the safety switch assembly 5 comprises a passive and substantially known NFC tag 6 and a respective reader device 7, which is able to
communicate with the tag 6 according to the known NFC (Near Field Communication) wireless technology and is connected to the control unit 2 via a multiwire cable 8. The reader device 7 comprises an outer casing 9 made of plastic material, preferably having at least two through holes 10 for its mounting on the door/window by means of screws. Advantageously, the casing 9 is hermetically sealed.
The tag 6 and the reader device 7 are designed to be fixed to two different mutually movable parts of the door/window. Preferably, the reader device 7, through its casing 9, is mounted on the fixed frame of the door/window, and the tag 6 is fixed to the movable part (door/window shutter) of the door/window, for example through known adhesive means (not shown) , so as to be positioned facing the reader device 7 within the radio communication range between the tag 6 and said reader device 7, when the movable part of the door/window is closed against the fixed frame. For this reason, the casing 9 has an elongated shape with a substantially rectangular plan, and a thickness somewhat smaller with respect to the longitudinal dimension.
With reference to Figure 2, the reader device 7 comprises a printed-circuit electronic board 11 enclosed within the casing 9 (not shown in Figure 2) and having a plan of the same shape as the casing 9. The electronic board 11 comprises, at a first end, a substantially known planar
multi-ring antenna 12 printed on the support 13 of said board 11 and, at the opposite end, terminals for connecting the cable 8 consisting of a pair of terminals 14a for an electrical power supply line 8a of the cable 8 and a pair of terminals 14b for a communication line 8b of the cable 8 for communication with the control unit 2.
Arranged between the antenna 12 and the terminals 14a and 14b, the electronic board 11 comprises a plurality of electronic components, among which an NFC transceiver 15 coupled to the antenna 12 and a microcontroller 16, which is provided with an internal memory 16a and is interfaced with the NFC transceiver 15 and the pair of terminals 14b. In particular, the plurality of electronic components comprises a solid-state relay 17 which provides the interface between the microcontroller 16 and the pair of terminals 14b. In particular, the output of the relay 17 is connected to the pair of terminals 14b.
The plurality of electronic components of the board 11 comprises a LED 18 which is controlled by the microcontroller 16 to serve as a status indicator and that can be seen, when turned on, by transparency through the casing 9, since the latter is made of a material that is not completely opaque to light.
The plurality of electronic components of the board 11 comprises a three-axis accelerometer 20 connected to the
microcontroller 16 to acquire acceleration values along the three Cartesian axes.
The plurality of electronic components of the board 11 also comprises a magnetic sensor 21 consisting of, for example, a Hall sensor adapted to detect the presence of a magnet (not shown) close to and on the outside of the reader device 7 in order to provide a corresponding programming start signal used by the microcontroller 16 for programming the safety switch assembly 5, as will be better explained hereinafter. The casing 9 has a small recess 19 in the area of the magnetic sensor 21 acting as an indicator of the position of the magnetic sensor 21 itself.
The support 13 of the electronic board 11 comprises two through holes 22, each of which is coaxial with a respective hole 10 of the casing 9.
With reference to Figure 3, the tag 6 comprises a casing 23, which preferably, but not necessarily, is thin and flexible, enclosing a respective multi-ring antenna 24, which preferably, but not necessarily, has a shape and size similar to those of the antenna 12 of the reader device 7, and an NFC transceiver 25 coupled to the antenna 24 and self- powered by the electrical signal supplied by the antenna 24, and provided with a non-volatile and writeable memory 26.
Preferably, but not necessarily, the casing 23 is provided with a rigid support (not shown) , for example made
of plastic material, to allow a more resistant mechanical fixing to the movable part of the door/window.
The memories 16a and 26 are pre-programmed so as to contain pre-programming data identical between the two memories, such data comprising, for example, one or more serial numbers that identify the common supplier of the tag 6 and of the reader device 7, and, in a unique way, the tag 6.
When used for the first time, the safety switch assembly 5 must be programmed to uniquely associate the tag 6 with the reader device 7 and enable the two devices 6 and 7 to communicate with each other. The programming is started by bringing said magnet close to the recess 19 of the casing 9 of the reader device 7. The magnetic sensor 21, when it detects the presence of the magnet, generates the programming start signal, upon receipt of which the microcontroller 16 switches to a programming status.
During programming, the tag 6 must be positioned close to the reader device 7, i.e. within the radio communication range between the tag 6 and the reader device 7, preferably in front of that portion 9a of the casing 9 of the reader device 7 which encloses the antenna 12, as shown in Figure 4. The radio communication range corresponds to a certain maximum distance Dmax between the tag 6 and the reader device 7 which substantially depends on the electrical and
electronic features of the components of the devices 6 and 7. Typically, it is possible to obtain a distance Dmax of as little as a few centimetres, for example 2.5 cm.
The microcontroller 16 is configured to perform the following operations when it is in the programming status: controlling the NFC transceiver 15 so as to read the pre¬ programming data from the memory 26 of the tag 6; checking whether the read programming data are correct by comparing them with those stored in the memory 16a; generating at least one 16-bit encryption key, hereinafter referred to as Kl, and a code COD, consisting of a random number, if the checking of the programming data is successful; writing the key Kl and the code COD in its memory 16a; and controlling the NFC transceiver 15 so as to write the key Kl and the code COD in the memory 26 of the tag 6.
At the end of the programming, i.e. when the writing of the key Kl and of the code COD of the tag 6 has been successful, the microcontroller 16 disables the magnetic sensor 21, in order to avoid subsequent reprogramming of the safety switch assembly 5, and switches to an operational state .
The key Kl is therefore shared between the reader device 7 and the tag 6 so as to be used for a symmetric-key encrypted communication, preferably based on a 128-bit AES encryption algorithm, between the reader device 7 and the tag 6 during
normal use of the safety switch assembly 5.
The microcontroller 16 is configured to perform the following operations when it is in the operational state: controlling the NFC transceiver 15 so as to periodically interrogate the tag 6 by means of a symmetric-key encrypted communication in order to receive an expected reply from said tag 6; and generating an alarm signal in the absence of said expected reply.
In particular, the periodic interrogation of the tag 6 consists in: periodically establishing the encrypted communication; reading the code COD from the memory 26 through the encrypted communication; checking whether the read code COD is correct by comparing it with the code COD stored in the memory 16a; and generating an internal alarm signal AI if no positive result is achieved from the check of the read code (COD) within a given number of consecutive attempts, hereinafter referred to as NE and preferably equal to at least two. The periodicity of the interrogation of the tag 6 is preferably equal to 300 ms .
Advantageously, the periodic interrogation begins by checking the serial number that uniquely identifies the tag 6. This is a preventative check to check for the presence of the tag 6 within the radio coverage of the reader 7 and authorize the subsequent steps of the interrogation.
More in detail, the step of establishing the encrypted
communication comprises authenticating such encrypted communication by checking whether the key Kl is shared by the tag 6 and the reader 7 and generating a temporary key Kls, different from the key Kl and only valid for the encrypted communication of the current interrogation. Checking for the sharing of the key Kl and generating the temporary key Kls are carried out by known techniques. For example, the temporary key Kls is generated starting from two sequences of random numbers, a first sequence being generated by the reader 7 and the second sequence being generated by the tag 6. The reading of the code COD consists in reading a random subset of the code COD through an encrypted communication via the key Kls. Checking the correctness of the code COD consists in comparing the subset of the read code COD with the corresponding subset of the code COD stored in the memory 16a.
In other words, the reader device 7 is configured to periodically interrogate the tag 6 to obtain from the latter, as an expected reply, a code COD, and in particular a random subset of the code COD, which corresponds to the code COD, and in particular to the corresponding subset of the code COD, stored in the memory 16a of said reader device 7. In the absence of a correct code COD, the reader device 7 generates the alarm signal AI . Communication errors between the reader device 7 and the tag 6 which lead to failure to
determine a correct code COD are essentially due to:
- failure to detect the tag 6 because it lies outside the radio coverage of the reader device 7;
- failure to authenticate the encrypted communication through the key Kl;
- an incorrect code COD.
The reading of the code COD is not possible if the step of authentication of the encrypted communication, resulting in the generation of the temporary key Kls, fails, thus preventing anyone from knowing the code COD. The key Kl is never exchanged and is only used to encrypt very few data at a time, for example during the step of checking for the sharing of the key Kl, and especially random subsets of data, thus reducing the risk of cloning of the safety switch assembly 5. Communications containing subsets of code COD are encrypted each time with a different temporary key Kls, making it impossible for a third party to replicate the signal with information relating to the code COD.
The internal alarm signal AI is generated when a number NE of consecutive communication errors occur, in order to prevent false alarms.
The microcontroller 16 is configured to control the relay 17 as a function of the alarm signal AI, so as to switch the output of the relay 17 to an alarm state. In particular, the relay 17 is switchable between a short-
circuit state in which the output of the relay 17 is substantially short-circuited, and an open-circuit state in which the output of the relay 17 is substantially an open circuit. One of the two states of the output of the relay 17 corresponds to an alarm state of the reader device 7. The control unit 2 is configured to read the output of the relay 17 and to activate the sound signalling device 3 and/or the light signalling device 4 when the output of the relay 17 is in the alarm state. According to a preferred embodiment of the invention, the open-circuit state corresponds to the alarm state of the reader device 7.
Figures 4 to 6 illustrate three respective situations during normal use of the safety switch assembly 5. Figure 4 illustrates the situation of "contact" between the tag 6 and the reader device 7, wherein the tag 6 is located in front of the portion of the casing 9 which encloses the antenna 12, and on average at a distance less than the distance Dmax . In the "contact" situation, the reader device 7 is able to detect the tag 7, authenticate the encrypted communication using the shared key Kl and read the code COD to check whether it is correct. Instead, Figures 5 and 6 show two situations of "separation" of the tag 6 from the reader device, wherein the tag 6 moves away from the antenna 12 to an average distance greater than Dmax in a direction Dl substantially perpendicular to the plane of the antenna 12
(Figure 5), as for example in hinged doors /windows , and in a direction D2 substantially parallel to the plane of the antenna 12 (Figure 6), as for example in hinged doors /windows . In the "separation" situation, the reader device 7 is not able to detect the tag 7, nor to authenticate the encrypted communication using the shared key Kl, nor to correctly read the code COD.
The encrypted communication between the tag 6 and the reader device 7 also allows for detecting any attempts to tamper with this communication, such as for example the use of external devices for transmitting signals which fraudulently reproduce the code COD stored in the tag 6. The fraudulent transmissions of the code COD, by taking place without the knowledge of the key Kl, make the authentication or the correct reading of the code COD fail, and hence cause the generation of the alarm signal AI .
The microcontroller 16 is further configured to process the acceleration values acquired by the accelerometer 20 so as to obtain a mean value of acceleration and generate the alarm signal AI when the mean value of acceleration exceeds a predetermined threshold value of acceleration ATH for a predetermined period of time TTH. The acceleration threshold ATH and the period of time TTH are values that characterize a collision. This allows the control unit 2 to activate the sound signalling device 3 and/or the light signalling device
4 when the door/window is subjected to a collision or impact produced by a break-in attempt.
According to a further embodiment of the present invention, the microcontroller 16 is configured to perform the following additional operations while in the programming status: generating a second 16-bit encryption key K2, writing it in the memories 16a and 26 similarly to the key Kl, and using it together with the key Kl for communication between the reader device 7 and the tag 6, so as to provide a dual symmetric-key encrypted communication, preferably based on a 128-bit AES encryption algorithm. This further embodiment allows for increasing the immunity to tampering with the communication between the tag 6 and the reader device 7.
According to a further embodiment of the present invention, the microcontroller 16 is configured to perform the following additional operations while in the programming status: generating a third encryption key K3, writing it in its own memory 16a and using it to encrypt the code COD before writing the latter in its own memory 16a and in the memory 26 of the tag 6. The microcontroller 16 is configured to decrypt the read code COD before its correctness is checked in the operational state. Encryption and decryption of the code COD are preferably based on a 128-bit AES encryption algorithm. This additional embodiment allows for further increasing the immunity to tampering with the
communication between the tag 6 and the reader device 7.
According to yet another non-illustrated embodiment of the present invention, the reader device 7 comprises, instead of the relay 17, a serial data interface, for example of the RS485 type, which is connectable to the control unit 2 so as to enable the microcontroller 16 to communicate with the control unit 2 through an encrypted communication, and in particular to transmit the alarm signal AI directly to the control unit 2 through an encrypted communication. This allows the control unit 2 to easily detect any tampering with the cable 8, for example the cutting or a short circuit of the communication line 8b.
According to a further embodiment of the present invention, the outer casing 9 is devoid of the through holes 10 and is adapted to be glued to the door/window, and consequently the electronic board 11 is also devoid of respective through holes 22.
Although the present invention has been described with specific reference to a particular application, i.e. an alarm system for doors/windows, it is also usefully exploitable in an alarm system for museums adapted to reliably signal possible attempts to steal a painting hanging on a wall or another object placed on a table. In fact, it is sufficient to apply the tag 6 to the object to be monitored, for instance behind a painting or under the base of a vase, and fix the
reader device 7 into a recess of the wall behind the painting or of the table in the position in which the vase rests.
The main advantage of the safety switch assembly 5 described above is a higher level of security than the known magnetic switch devices used for the same purpose. Moreover, the fully electronic design allows the size of the safety switch assembly 5 to be greatly reduced, which makes it more adaptable to the cramped spaces of the typical applications intended for it. Lastly, the fully electronic design and the use of a magnetic sensor 21 for the initial programming of the safety switch assembly 5 allow the use of a fully hermetic casing 9 to be employed in a submerged environment.
Claims
1. A safety switch assembly, in particular for an alarm system, to signal a mutual separation between two bodies, the safety switch assembly (5) comprising a passive NFC tag (6) , which can be applied, preferably through adhesive means, to a first one of the two bodies, and a reader device (7) , which comprises a casing (9) mountable on the second one of the two bodies and housing, on the inside, an NFC transceiver (15) and electronic control means (16) configured to control the NFC transceiver (15) so as to periodically interrogate the NFC tag (6) by means of a symmetric-key encrypted communication in order to receive an expected reply from the NFC tag (6) and generate an alarm signal (AI) in the lack of said expected reply.
2. A safety switch assembly according to claim 1, wherein said encrypted communication is a dual symmetric-key encrypted communication.
3. A safety switch assembly according to claim 1 or 2, wherein said NFC tag (6) comprises first memory means (26) to store first data comprising at least one first key (Kl) for said encrypted communication and a given code (COD) associated with the NFC tag (6), and said reader device (7) comprises second memory means (16a) to store second data comprising said first key (Kl) and said code (COD) ; within said periodic interrogation, said electronic control means
(16) being configured to authenticate said encrypted communication by means of said first key (Kl), read at least one subset of the code (COD) of the first data through the encrypted communication, check whether the read code (COD) is correct by comparing the subset of the read code (COD) with the corresponding subset of the code (COD) of the second data, and generate said alarm signal (AI) if no positive result is achieved from the check of the read code (COD) , preferably within at least two consecutive attempts.
4. A safety switch assembly according to claim 3, wherein said electronic control means (16) are configured to authenticate said encrypted communication by checking the sharing of the key (Kl) and generating a second key (Kls) only valid for the encrypted communication of the current interrogation; said subset of the code (COD) being a random subset .
5. A safety switch assembly according to any one of claims 1 to 4, wherein said encrypted communication is based on an AES encryption algorithm, preferably with 128 bits.
6. A safety switch assembly according to claim 3 or 4, wherein said second data comprise a third key (K3) and said code (COD) is encrypted through the second key; said electronic control means (16) being configured to decrypt the read code (COD) before checking whether it is correct.
7. A safety switch assembly according to claim 6,
wherein said code (COD) is encrypted by means of an AES encryption algorithm, preferably with 128 bits.
8. A safety switch assembly according to any one of claims 1 to 7, wherein said reader device (7) comprises a magnetic sensor (21); said electronic control means (16) being configured to switch to a programming status for the programming of the safety switch assembly (5), in which said NFC tag (6) is associated in an exclusive manner with the reader device (7), the first time the magnetic sensor (21) detects the presence of a magnet close to and on the outside of the reader device (7) .
9. A safety switch assembly according to claims 3 and 8, wherein said first data and said second data comprise identical pre-programming data and said electronic control means (16), in said programming status, are configured to control the NFC transceiver (15) so as to read the pre¬ programming data from the NFC tag (6) , generate said at least one first key (Kl) and said code (COD) if the read pre¬ programming data correspond to the ones contained in said second data, write the first key (Kl) and the code (COD) in said second memory means (16a), and control the NFC transceiver (15) so as to write the first key (Kl) and the code (COD) in the first memory means (26) .
10. A safety switch assembly according to claim 8 or 9, wherein said electronic control means (16) are configured to
disable said magnetic sensor (21) at the end of the programming of the safety switch assembly (5) .
11. A safety switch assembly according to any one of claims 1 to 10, wherein said reader device (7) comprises a solid-state relay (17) switchable between a first state and a second state, the first state corresponding to an alarm state of the reader device (7) ; said electronic control means (16) being configured to control the relay (17) as a function of said alarm signal (AI) so as to switch the output of the relay (17) to said first state.
12. A safety switch assembly according to any one of claims 1 to 10, wherein said reader device (7) comprises a serial data interface connectable to a control unit (2) of said alarm system so as to allow said electronic control means (16) to transmit said alarm signal (AI) directly to the control unit (2) by means of an encrypted communication.
13. A safety switch assembly according to any one of claims 1 to 12, wherein said reader device (7) comprises a three-axis accelerometer (20) to acquire acceleration values; said electronic control means (16) being configured to process the acquired acceleration values so as to obtain a mean value of acceleration and to generate said alarm signal (AI) when the mean value of acceleration exceeds a predetermined threshold value of acceleration (ATH) .
14. A safety switch assembly according to any one of
claims 1 to 13, wherein said casing (9) is hermetically sealed .
15. An alarm system for a door or window comprising a fixed frame and a movable part, the alarm system (1) comprising at least one safety switch assembly (5) according to any one of claims 1 to 14, preferably said casing (9) of said reader device (7) being mountable on the fixed frame and said NFC tag (6) being fixable to the movable part, and a control unit (2) comprising sound generating means (3) and/or light generating means (4) and configured to control said sound generating means (3) and/or light generating means (4) at said alarm signal (AI) .
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IT102016000073350A IT201600073350A1 (en) | 2016-07-13 | 2016-07-13 | SECURITY SWITCH GROUP FOR AN ALARM SYSTEM |
IT102016000073350 | 2016-07-13 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018011754A1 true WO2018011754A1 (en) | 2018-01-18 |
Family
ID=57737831
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2017/054251 WO2018011754A1 (en) | 2016-07-13 | 2017-07-13 | Safety switch assembly for an alarm system |
Country Status (2)
Country | Link |
---|---|
IT (1) | IT201600073350A1 (en) |
WO (1) | WO2018011754A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4241262A4 (en) * | 2020-11-19 | 2024-01-17 | 1010210 B.C. Ltd. | Customizable security alarm system comprising an rfid tag, and method of installing the same |
US12094307B2 (en) | 2018-12-10 | 2024-09-17 | 1010210 B.C. Ltd. | Method of installing a security alarm system and wireless access point |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110018707A1 (en) * | 2009-07-27 | 2011-01-27 | Dobson Eric L | Shipping container having integral geoclock system |
US20110057788A1 (en) * | 2009-09-10 | 2011-03-10 | Thomas More Talkington | Apparatus and Method For Determining Tampering With A Movable Barrier |
US20110156905A1 (en) * | 2009-12-28 | 2011-06-30 | Motorola, Inc. | Two-part security tag |
EP2741262A2 (en) * | 2012-12-04 | 2014-06-11 | Honeywell International Inc. | Door/window contact system |
-
2016
- 2016-07-13 IT IT102016000073350A patent/IT201600073350A1/en unknown
-
2017
- 2017-07-13 WO PCT/IB2017/054251 patent/WO2018011754A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110018707A1 (en) * | 2009-07-27 | 2011-01-27 | Dobson Eric L | Shipping container having integral geoclock system |
US20110057788A1 (en) * | 2009-09-10 | 2011-03-10 | Thomas More Talkington | Apparatus and Method For Determining Tampering With A Movable Barrier |
US20110156905A1 (en) * | 2009-12-28 | 2011-06-30 | Motorola, Inc. | Two-part security tag |
EP2741262A2 (en) * | 2012-12-04 | 2014-06-11 | Honeywell International Inc. | Door/window contact system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US12094307B2 (en) | 2018-12-10 | 2024-09-17 | 1010210 B.C. Ltd. | Method of installing a security alarm system and wireless access point |
EP4241262A4 (en) * | 2020-11-19 | 2024-01-17 | 1010210 B.C. Ltd. | Customizable security alarm system comprising an rfid tag, and method of installing the same |
Also Published As
Publication number | Publication date |
---|---|
IT201600073350A1 (en) | 2018-01-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102149300B1 (en) | Near field communication tag | |
US7327216B2 (en) | Secret key programming technique for transponders using encryption | |
US3829833A (en) | Code element identification method and apparatus | |
AU2011326550B2 (en) | Electronically monitored safety lockout devices, systems and methods | |
US20050012593A1 (en) | Ignition apparatus and method | |
US7609165B2 (en) | Method and apparatus for magnetically activated radio or infrared identification system | |
US20030189491A1 (en) | Circuit and method for electronic security seal | |
US9355512B2 (en) | Closing unit, closing apparatus, and method for unlocking and/or locking a lock | |
US7158008B2 (en) | Electronic key system and method | |
US9070264B2 (en) | Detecting a security breach of an electronic device | |
US20210302247A1 (en) | Impact indicator | |
EP3064678B1 (en) | Telematic satellite lock for container | |
ES2220565T3 (en) | PROCEDURE FOR THE OPERATION OF A TRANSPONDER. | |
WO2018011754A1 (en) | Safety switch assembly for an alarm system | |
WO2013057498A1 (en) | Lock device | |
ES2932261T3 (en) | Closing system and procedure for closing a container | |
KR101762625B1 (en) | Device for detecting door opening and closing using nfc tag and security system including the same | |
GB2296804A (en) | Electronic security system | |
US7298263B2 (en) | Control and/or monitoring device using an electronic label, a reader and a state encoder | |
NL1028925C2 (en) | Lock assembly transmits spread spectrum signal indicating opening or closing state of lock to transceiver in lock case | |
WO2007087107A2 (en) | Security system and rfid tag-reader therefor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17749755 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17749755 Country of ref document: EP Kind code of ref document: A1 |