CA1269139A - Security system with enhanced protection against compromising - Google Patents
Security system with enhanced protection against compromisingInfo
- Publication number
- CA1269139A CA1269139A CA000537997A CA537997A CA1269139A CA 1269139 A CA1269139 A CA 1269139A CA 000537997 A CA000537997 A CA 000537997A CA 537997 A CA537997 A CA 537997A CA 1269139 A CA1269139 A CA 1269139A
- Authority
- CA
- Canada
- Prior art keywords
- data
- transponder
- controller
- coded
- addressed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B29/00—Checking or monitoring of signalling or alarm systems; Prevention or correction of operating errors, e.g. preventing unauthorised operation
- G08B29/02—Monitoring continuously signalling or alarm systems
- G08B29/04—Monitoring of the detection circuits
- G08B29/046—Monitoring of the detection circuits prevention of tampering with detection circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/06—Electricity, gas or water supply
Abstract
SECURITY SYSTEM WITH
ENHANCED PROTECTION AGAINST COMPROMISING
ABSTRACT
A security system for a protected premise has a controller which receives data, over a pair of line conductors, from the addressed transponder of a series of addressable transponders located within the protected premise and connected across the line. To enhance the security of the system and to prevent compromising, the data is sent to the controller in coded form that changes from time to time in accordance with a secret code schedule. A decoding or decrypting system in the controller operates in accordance and in step with the same secret code schedule to decode the received coded data to recover the original information. The coded data may represent an encrypted signature of the addressed transponder which signature is decrypted to check the validity of the replying transponder. As another example, the coded information sent back on the line conductors may relate to a particular condition monitored by the transponder, such as the state of a transducer that detects or indicates that a burglary or robbery is occurring, so that an unauthorized person cannot determine that particular condition merely by reading the data appearing on the line. Without the secret code schedule, the coded data on the line is useless.
ENHANCED PROTECTION AGAINST COMPROMISING
ABSTRACT
A security system for a protected premise has a controller which receives data, over a pair of line conductors, from the addressed transponder of a series of addressable transponders located within the protected premise and connected across the line. To enhance the security of the system and to prevent compromising, the data is sent to the controller in coded form that changes from time to time in accordance with a secret code schedule. A decoding or decrypting system in the controller operates in accordance and in step with the same secret code schedule to decode the received coded data to recover the original information. The coded data may represent an encrypted signature of the addressed transponder which signature is decrypted to check the validity of the replying transponder. As another example, the coded information sent back on the line conductors may relate to a particular condition monitored by the transponder, such as the state of a transducer that detects or indicates that a burglary or robbery is occurring, so that an unauthorized person cannot determine that particular condition merely by reading the data appearing on the line. Without the secret code schedule, the coded data on the line is useless.
Description
l- ~Z69139 SECIJRITY SYSTEM WITH
ENHANCED PROTECTION AGAINST COMPROMISING
Description This invention relates to a !3ecurity system, of the type that monitors a series of transponders located in an area or premise to be secured, having enhanced protection against unauthorized tampering and compromising.
Securit~ systems, which constitute data communication systems, have been developed wherein a controller monitors, 10 and receives data over a pair of line conductors from, remote parallel-connected transponders each of which is located within the same protected premise. The term "transponder" signifies a unit which can control and/or monitor some condition and/or associated component, such as 15 a transducer, which may or may not be adjacent to its physical location and which may or may not be within its physical enclosure. A transponder may be selectively addressed by the controller and recognizes not only its address but other information which may be transmitted from 20 the controller, such as command signals for controlling the operation of the transponder itself and/or various associated devices, such as relays, visual and/or audible indicators, or any other device. In addition, the transponder itself may transmit information, such as the 25 transducer response or status or any other data, back to the controller.
A transducer, associated with a transponder, may take any one of a wide variety of different forms. For example, a transducer may be an intrusion detector such as an 30 ultrasonic space detector or an infrared space detector that detects movement within a given area, or an un-authorizQd entry sensor such as a reed switch actuated by a magnet (usually used on window~ and doors), window tape in the form of metal foil which breaks if a window is broken,
ENHANCED PROTECTION AGAINST COMPROMISING
Description This invention relates to a !3ecurity system, of the type that monitors a series of transponders located in an area or premise to be secured, having enhanced protection against unauthorized tampering and compromising.
Securit~ systems, which constitute data communication systems, have been developed wherein a controller monitors, 10 and receives data over a pair of line conductors from, remote parallel-connected transponders each of which is located within the same protected premise. The term "transponder" signifies a unit which can control and/or monitor some condition and/or associated component, such as 15 a transducer, which may or may not be adjacent to its physical location and which may or may not be within its physical enclosure. A transponder may be selectively addressed by the controller and recognizes not only its address but other information which may be transmitted from 20 the controller, such as command signals for controlling the operation of the transponder itself and/or various associated devices, such as relays, visual and/or audible indicators, or any other device. In addition, the transponder itself may transmit information, such as the 25 transducer response or status or any other data, back to the controller.
A transducer, associated with a transponder, may take any one of a wide variety of different forms. For example, a transducer may be an intrusion detector such as an 30 ultrasonic space detector or an infrared space detector that detects movement within a given area, or an un-authorizQd entry sensor such as a reed switch actuated by a magnet (usually used on window~ and doors), window tape in the form of metal foil which breaks if a window is broken,
2 12~9~ 3~
or a wire running through a screen which is cut when the screen is ripped. A transducer could also be a physical switch, such as a "holdup button" in a bank which may be manually actuated by a bank employee if a robbery occurs.
The transducer could also constitute a transistor switch that is operated by some device to de-tect some alarm condition or state. Moreover, fire and smoke detection may also be included in the security system for the protected premise, in which case a transducer would take the form of a fire or smoke detector.
Data communication systems, which may function as security systems, are disclosed in United States Paten-ts 4,394,655, 4,470,047 and 4,507!652, in applicant's Canadian Patent Application Serial No. 529,307 filed February 9, 1987 and in applicant's Canadian Patent No. 1,252,536, issued April 11, 1989. In these patents and application, a controller communicates with a series of individually addressable transponders, located within the same protected premise, by sending successive composite signals, each comprising a group of pulses, over a two-wire distribution system. High-amplitude por-tions of a composite signal or pulse group are employed to transmit commands from the controller, while low-amplitude portions are used to return information from the addressed transponder to the controller.
Preferably, a securi-ty system for a protected premise should be immune to unauthorized tampering and compromising so that the security achieved by the system is not neutralized. For example, it should not be possible for a burglar or robber to defeat the security by breaking into the system and substituting a "bogus" transponder for a legitimate or valid one to avoid producing an alarm signal.
Such a bogus transponder would provide a false indication to the controller that nothing is wrong and that conditions are normal, even though an unauthorized entry rn/ ~
or a wire running through a screen which is cut when the screen is ripped. A transducer could also be a physical switch, such as a "holdup button" in a bank which may be manually actuated by a bank employee if a robbery occurs.
The transducer could also constitute a transistor switch that is operated by some device to de-tect some alarm condition or state. Moreover, fire and smoke detection may also be included in the security system for the protected premise, in which case a transducer would take the form of a fire or smoke detector.
Data communication systems, which may function as security systems, are disclosed in United States Paten-ts 4,394,655, 4,470,047 and 4,507!652, in applicant's Canadian Patent Application Serial No. 529,307 filed February 9, 1987 and in applicant's Canadian Patent No. 1,252,536, issued April 11, 1989. In these patents and application, a controller communicates with a series of individually addressable transponders, located within the same protected premise, by sending successive composite signals, each comprising a group of pulses, over a two-wire distribution system. High-amplitude por-tions of a composite signal or pulse group are employed to transmit commands from the controller, while low-amplitude portions are used to return information from the addressed transponder to the controller.
Preferably, a securi-ty system for a protected premise should be immune to unauthorized tampering and compromising so that the security achieved by the system is not neutralized. For example, it should not be possible for a burglar or robber to defeat the security by breaking into the system and substituting a "bogus" transponder for a legitimate or valid one to avoid producing an alarm signal.
Such a bogus transponder would provide a false indication to the controller that nothing is wrong and that conditions are normal, even though an unauthorized entry rn/ ~
- 3 - ~26~39 sensor, associated with the substituted transponder, may have been tripped. It is important for the controller to "know" if a ~alid transponder ha~ been substituted with a similar transponder or any other device designed to respond like the substituted transponder. In addition, it is desirable that the security system function in such a way that an unauthorized person will not be able to tell, from the output of a transponder, whether an alarm has been triggered. When a "silent" alarm is employed, it is 10 usually preferred that knowledge of that alarm actuation be withheld from the robber or burglar in order to allow time for law enforcement personnel to arrive.
The present invention achieves significantly greater protection against unauthorized tampering and compromising 15 than that realized in the prior security systems.
Furthermore this is accomplished at relatively little cost and requires very little space to implement. Among the very desired results obtained by the present invention, replacing of a transponder with a bogus one, or even with a 20 computer, will not compromise the security and will be detected. Moreover, observation of the output of a transponder will not reveal whether an alarm has been actuated by that transponder. This is achieved in the present invention by encrypting or coding the data sent 25 from each of the transponders, located within a protected premise or area, to the controller. In the past, for high security protection encryption has been employed in the communication link that leaves the controller, and its protected premise, and couples to a remote central 30 station. ~uch prior systems, however, are not adaptable to the coding of the data from the individual transponders.
The security system of the invention includes a controller for receiving data over a pair of line 35 conductors from a plurality of addressable transponders monitored by the controller and coupled across the line conductors within the same protected premise. Each of the ~Z6~139 transponders comprises encrypting means, operable when the transponder is addressed by the controller, for sending to the controller coded data the form of which varies from time to time in accordance with a predetermined secret code schedule. The controller is provided with decrypting means which operates in accordance and in step with the same predetermined secret code schedule to decode the received coded data. The coded data includes coded identifying data representing an encrypted signature of the addressed transponder, which signature may change each time the coded data changes, and wherein the decrypting means decodes the coded identifying data and decrypts the signature in order to determine the validity of the replying transponder.
In accordance with a more detailed aspect of the invention, a composite signal, divided into successive time segments and having a pulse in each segment, is transmit-ted from the controller to an addressed transponder wllich modifies the pulse in at least one selected segment of the composite signal, to provide the coded data, and returns that ~0 modified segment to the controller. The coded data may constitute coded identifying data representing an encrypted signature of the addressed transponder, which signature changes each time the coded data changes. The decrypting means in the controller decodes the coded identifying data and decrypts the signature in order to determine or check the validity of the replying transponder to make certain that it rn/~"
1,~'691~9 a is not bogus or counterfeit. On the other hand, the coded data may serve as coded transducer :information representing the state or condition of a transducer associated with the addressed transponder, the decrypting means decoding the coded transducer informat;.on to determine the state of the transducer. With the transducer data appearing in coded form on the line conductors, there is no way that an unauthorized person can determine the transducer state merely by observing the information on the line.
The features of the invention which are believed to be novel are set forth with particularity in the appended claims. The invention may best be understood, however, by reference to the following description in conjunction with the accompanying drawings, wherein like reference numerals identify like components, and in which:
rn/
~;~691~9 FIGURE 1 is a block diagram of a security system, for a protected premise, in the form o a bidirectional data communication system generally similar to the system disclosed in the aforementioned patents and patent application but modified in accordance with the present invention;
FIGURE 2 is a graphical illustration of a composite signal for representing data as taught in the cited patents and patent application ;
FIGURE 3 ig a graphical illustration and an accompanying operation table which help to understand the operation of the present invention;
FIGURE 4 iB a block diagram of a transponder constructed to implement the present invention;
FIGURE 5 shows a series of waveforms helpful in understanding the operation of the invention, FIGURE 6 is a more detailed block diagram representation, with an accompanying state table, of a portion of the transponder shown in FIGURE 4; and, FIGURE 7 graphically illustrates the operation of a portion of the transponder.
FIGURE 1 depicts the data communication arrangement of the earlier svstem, described in the aforementioned patents and patent application , modified to achieve a high 25 degree of secrecy in accordance with the present invention. There, a controller 20 sends and receives data over a pair of conductors 21, 22, to which a plurality of transponders 23, 24 and 25 are coupled. Each transponder 23, 24, 25 connects to an associated respective one of 30 transducers 23a, 24a, 25a. Only three transponders and associated transducers are ~hown but it will become apparent that large numbers of transponders can communicate with controller 20 over the same conductor pair, and thus over the same local multiplex loop. As indicated by the 35 dashed construction line, controller 20 as well as all of - 6 ~ ~6~139 the transponders and transducers ar~ located within the same protected premise. Controller 20 includes a command circuit 26 having a switch Sl coupled in parallel with a resistor Rl. One side of this parallel combination is coupled to a reference voltage V, and the other side is coupled both to conductor 21 and to the input of evaluation circuit 27. Another resistor R2 is coupled between the input to circuit 27 and a ground plane of reference potential, to which conductor 22 i~ also coupled. As shown in transponder 23, typically each transponder includes a resistor ~3 coupled in series with a switch S2, and this combination is coupled across line conductors 21, 22 as shown. When switch Sl in the controller is closed, a voltage V is applied over conductors 21, 22 to the various transponders. When swltch Sl is opened, and all the switches S2 remain open, the voltage divider circuit comprising resistors Rl and R2 provides a voltage of V/2 at the input to evaluation circuit 27. Prefera~ly, all the resistors ~l, R2 and R3 are of equal value. Thus, with a 20 voltage of V/2 on the line, and when switch S2 is then closed, resistor R3 is placed in parallel with resistor R2, and a voltage V/3 appears at the input of evaluation circuit 27. Command circuit 26 regulates the opening and closing of switch Sl and each closure is used to send commands to the respective transponders, which then perform the commanded action. Electrical power for operating the transponders is also sent when switch Sl is closed, each transponder having a capacitor which is maintained in a charged condition by voltage V to provide an operating 30 potential. Each transponder can return data from itself and/or from associated equipment, such as a transducer that responds to unauthorized entry to a secured area, by closure of switch S2 when switch Sl is open. A detailed explanation of such system operation i~ set out in the 35 patents and patent application identified above. Block 28 has been added to th~ controller 20 in FIGURE l to implement the present invention. The function of bloc~ 28 ~9139 will be described later.
The closing and opening of switches Sl and S2 can produce a composite signal which include~ or is divided into successive time segments as shown in FIGURE 2. These 5 different time segments include the high amplitude portions 31, 33, 35 and 37 (when switch Sl is closed), and the low amplitude portions 32, 34, 36 and 38 when switch Sl is open. In the referenced patents and patent application the high-amplitude portions are utilized to 10 transmit commands to the different transponder~, and the low-amplitude portlons are emplo~ed to return data from a selected addressed transponder to the controller. The duration of closure of switch Sl is variable and can be recognized at a transponder, as can the number of times 15 switch Sl is opened and closed in a group of pulses, namely during a single composite signal. Thi~ facilitates the addressing of a selected transponder. When an addressed transponder i3 responding or answering back to the controller, a voltage V/2 received at the evaluation 20 circuit 27 indicates that the transponder's switch S2 is open, whereas a voltage V/3 signifies that the transponder's switch S2 is closed. Controller 20 derives information from the particular transponder replying by analyzing the time duration of S2 closure, or the time 25 duration of voltage V/3 appearing across the line conductors.
While the inventive concept is explained as implemented in connection with a bidirectional data communicatio~ system of the type taught in the patents and 30 patent application noted above, it will be readily understood by those skilled in the art that the present invention has much wider application. For example, and as will be appreciated, it i5 not even necessary that command data or any data be sent to a transponder. It is merely 35 necessary that data b~ transmitted from a transponder to the controller.
Figure 3, which includes a waveform on the left and a ~ 8 _ ~Z6~3~
tabulation on the right, depicts a compo~ite signal with successive time segments representlng different data, and is similar to the pulse group shown in Figure 2~ The high and low pulses in the composite signal on the left in Figure 3 are de~ignated by the letter3 A - G and the various data in the time segments defined by those pulses are illustrated in the tabulation on the right over the corresponding letters. With the exception of the data labeled "encrypted signaturQ" and "encrypted switch data"
10 occuring during the low-amptitude pulses E, F and G, the indicated data i3 typical of the types of command data given to an addressed transponder and the information returned from the transponder during a single composite signal in accordance with the teachings of the afore-15 mentioned patents and application . The informationconveyed during pulses, or time segments, E, F and G is developed according to the present invention and will be explained later. As indicated in the tabulation, the first high pulse in Figure 3 does not necessarily signify any 20 command. The first low pulse, designated D, may be used to instruct the addressed transponder to return information concerning the status of an associated relay. The second high pulse, labeled A, is not used in this illustration.
The third and fourth highs, designated B and C, 25 respectively, are commands to turn the relay on and off.
During each of the pulse lows (na~ely, during segments D, E, F and ~), information may be returned to the controller in the form of a selected one of the eight waveshapes shown in Figure 5. Of course, those skilled in 30 the art will appreciate that other waveforms are possible in order to include more bits or portions of data. These eight different response signals (labeled with the letters P - W in Figure 5) are developed in the transponder, as taught ln the cited prior patents and application , by a 35 psuedo-binary system in which the signal interval or time segment i5 divided into three portions, starting at t~.
The first portion terminates at time tl, the second at g time t2, and the third ends at time t3. More specifically, waveform P illustrates a data return signal in which a response i~ provided from a transponder by keeping its switch S2 (which is preferably a transitor switch) open, and the voltage across the line conductors hlgh at V/2, for the entire time segment. The second response signal (waveform Q) goes low (S2 closed) for the first portion, the voltage across the line thereby being ~/~1 and remain~ high for the second and third portions.
The next reply signal (waveshape R) goes low for the first two portion~ and then goes high and remains high for the third portion. Waveform S goes low at time to and remains low throughout the response interval. Response signal T remains high for the first portion, is low for the second portion, and is again high for the third portion.
In waveform U the first portion i5 high and the second and third are low. The response is high for the first two portions of waveform V and then goes low for the third 20 portion of that pul~e. Response ~ignal W remains low for the ~irst portion, goes high at time tl and remains high for the second portion, after which the signal goes low at time t2 and remains there during the third portion.
Figure 4 depicts the general layout of one 25 transponder suitable for implementing the system of the invention in the illustrated embodim4nt. Of course, some elements of the transponder have not been shown in Figure 4 to avoid unduly encumbering the drawing. Reference is made to the above noted patents and patent application for a 30 more detailed disclosure. Figure 4 shows the manner in whlch the prior system i~ modified in order to practice the present invention, and only the essential elements are illustrated. Data bus 21, 22 can be a pair of line conductors a~ described above in connection with Figure l, 35 a coaxial cable, or any other suitable passage for signals, electrical, optical or otherwise. It i8 also understood that the transponders need not be physically connected, as by a solid, low-resistance electrical connection, but there 126913~
can be intermediate transmission through the air or other medium without departing from the data transmission and recognition concept of the present invention.
In the illustrated embodiment, data received from the controller over bus 21, 22 is passed into counter and address comparator/detector 40, and into output command selector/controller and key detector/controller 41. When data is to be returned to the controller, answer waveform selector/conditioner 42 develops the appropriate signal for transmission over the data bus to the controller.
Composite signals appearing on the bus are received in circuit 40, where the composite signals are continually counted to determine the address of the transponder being signalled from the controller. A plurality of address s~itches 50 are preset in a certain code to identify the particular transponder in which the switches are physically positioned. Output conductors 43 - 49 thus indicate the state (open or closed) of seven on-off switches (not shown) within address switch circuit 50 and circuit 40 continually compares this address with the address denoted by the incoming pulses from bus 21,22. With seven switches a total of 128 addresses can be preset, but of course other numbers of switches can be utilized depending upon the number of transponders to be coupled in a single system. When the 25 circuit 40 recognizes that the address on the bus is that of this specific transponder, the output circuit provides a respond select signal over line 51 to the answer waveform selector/conditioner circuit 42 when lows are present and provides a command select signal over line 52 to circuit 41 when the highs are present. The signals on lines 51 and 52 are thus enabling signals to effectively enable the associated circuits 41, 42 to accomplish the commands sent and/or to return the data requested in the composite signal during the time that this specific transponder's address is 35 valid. Among other functions, circuit 42 develops the waveforms of Figure 5 and selects the particular one that is sent back to the controller during each of the pulse :~2~;9139 lows of a composite signal.
In order to understand the manner in which the coded or encrypted data is produced at a transponder during time segments E, F and G of Figure 3 for transmission back to the controller, attention is directed to Figure 6 which shows the details of the crypto generator 54 of Figure 4, along with a state diagram or table illu~trating the generator's operation. Those skilled in the art will appreciate that, in order to obtain a higher degree of security, a more complicated encryption generator would be required to replace the one shown in Figure 6, where the illustrated circuit is intended only to show the concept of the invention here. The four flip-flops 55, 56, 57 and 58 and the exclusive OR circuit 59 are interconnected in conventional fashion to provide a well-known shift register/counter. Flip-flops 55 - 58 are initialized or cleared by pulses applied over line 61 from circuit 41.
After initialization, clock pulses are applied over line 62 to shift or advance the register through its counting 20 cycle. ~s the clock pulses are applied to the flip-flops, their outputs switch between a relatively low (logic O) binary output state and a relatively high (logic l) binary output state, as indicated by the table in Figure 6. The changing binary states, at the outputs indicated by the fi~re letter designations ~, J, ~, L and M in the crypto generator 54 in Figure 6, are illustrated by the five columns in the table, each of which columns is headed by a corresponding letter designation. To explain, in response to the first seven clock pulses applied to the shift 30 register the output binary state of, for example, flip-flop 57 will be logic O for the first three clock pulses, logic l for the next three clock pulses, and then back to logic O
for the seventh pulse, as shown by the column headed by the letter K. The five binary output signals H, J, K, L and M
35 are thus pseudo-random in naturP. Of course, the degree of randomness may be increased as desixed by adding more complexity to the crypto generator. Moreover, the clock - 12 _ 1 ~ 6~ 13 9 pulses may be randomized so that they occur in a random pattern. For example, the transponders may be addressed ~t random and the crypto generator at any given transponder may receive a clock pulse only every nth time the transponder recognizes its address. Three lines 64, 65 and 66 connect the outputs of flip-flop 56, flip-flop 57 and exclusive OR circuit 59, respectivelyr to circuit 42 to provide the circuit with the J, X, and M binary output signals.
During the time segment in which the low-amplitude pulse E (Figure 3) ls transmitted from the controller 20 over the data bus 21, 22, the addressed transponder answers or responds by returning coded identifying data represent-ing an encrypted signature of the transponder. This is accomplished in circuit 42 (FIGURE 4) by employing the binary output signal ~ to determine the specific manner in which the low pulse E is modified and returned to the controller. At any given time, binary signal M at the addressed transponder will be established at either its 0 or 1 level. During the low pulse E, circuit 42 operates under control of that binary signal and actuates the transponder's switch S2 as necessary to produce selected ones of the waveforms P - W in Figure 5 for transmission back to the controller. In the illustrated embodiment of 25 the invention, whenever binary signal M is established at its logic 0 level waveform Q will be developed, by operat-ing the addressed transponder's switch S2, for return over data bus 21, 22 to the controller. On the other hand, if signal M is at its logic 1 level, waveform V will be gene-30 rated and transmitted back to the controller. Obviously,the selection of waveform Q for logic 0 and waveform V for logic 1 is arbitrary and those logic levels could be em-ployed to generate any of the other waveforms in Figure 5.
Thus, when a transponder i5 addressed either waveform 35 Q or waveform V will appear in segment E and this represents an encrypted signature of the transponder which changes from time to time depending on the binary state of ~26g~39 binary signal M during each segment E. The random changing pattern, between logic 0 and 1, of signal M may be con-sidered a predetermined secret code schedule in accordance with which the coded data, namely the encrypted signature, changes. ~s indicated by block 28 in the controller 20 (Figure 1), the controller includes decrypting or decoding means which operates in accordance and in step with the same predetermined secret code schedule to decode the received coded identifying data and decrypt the si~nature in order to determine the validity of the replying transponder. A corresponding crypto generator in the controller would be operated, or stepped through its counting cycle, in synchronism with the crypto generator at the transponder so that when waveform Q, for example, is produced during a particular segment E by a responding valid transponder, the controller will "know" that the received waveform Q indicates that the answering transponder is valid. The receipt at the controller of any waveform other than waveform Q constitutes invalid data and signifies that the transponder is either malfunctioning or is phoney or bogus. An alarm may be immediately produced to alert operating personnel that an unauthorized person or burglar may be attempting to compromise the security of the system by substituting a valid transponder with a bogus transponder or with a computer.
The coded data transmitted from the addressed transponder during each of the low pulses or time segments F and G (Figure 3) represents information concerning some condition or state associated with the transponder.
Preferably, the coded data relates to the state of a transducer monitored by the transponder. In the absence of decoding the coded transducer data, the information found on line 21, 22 will not reveal, to the unauthorized person, the transducer state.
More particularly, the transducer comprises the monitored switch contacts or switch 71 in Figure 4 which can be established in either a normal position or an alarm - 14 - ~ ~6~39 position. The switch can be internal to the transponder or external, such as a switch contact set positioned adjacent to a door or window, which contact set is separated upon movement of one part relative to another. Alternatively, the switch 71 can represent a detector for particles of combustion, or any other transducer of the types alluded to previously. The status of switch contacts 71 is monitored by switch state determination circuit 72 and presented to output latches 73 and 74. When the switch 71 is found to be in its normal position, indicating that nothing is wrong, latch 73 is operated, whereas if the switch has been established in its alarm position, signifyin~ that there is an alarm state, latch 74 is actuated. In the prior system, the operation of latch 73 would cause circuit 42 to select a particular one of the wavefo~ms P - W of Figure 5 ~or transmission back to the controller over data bus 21, 22, while the operation of latch 74 would cause circuit 42 to select a different one of the waveforms P - W for return to the controller. The selected waveforms were always the same. In other words, a normal state of switch 71 would always result in the same waveform selected from those in Figure 5, and an alarm state would also always result in the same waveform selected from Figure 5 but different than the one chosen to represent normal conditions.
In accordance with a salient feature of the invention, the switch data representing the monitored contacts 71 is returned to the controller during each of the low pulses F and G in coded or encrypted form to thwart an unauthorized person attempting to defeat the security of the system. Observation of the data appearing on line or bus 21, 22 during a segment F or a segment G provides no hint or clue whatsoever regarding the state of the sensed transducer. With the transducer data on line 21, 22 in coded form, the unauthorized person (such as a burglar or 35 robber) will not know whether he tripped an alarm or not, or whather an alarm has been initiated by someone else.
For example, if a "silent" alarm has been actuated, the 1,26913~
person cannot intercept any usef~ll info~mation from the line 21, 22 and will not know if law enforcement personnel had been dispatched. The switch is effectively read twice and switch data is sent to the controller during both segments F and G to obtain confirmation and to help eliminate false alarms.
To achieve encrypting of the switch data in accordance with the illustrated embodiment of the invention, circuit 42 is designed to function in the manner graphically illustrated in Figure 7. Pointer 75 is positioned by latches 73 and 74, under the control of switch state determination circuit 72, and selects whether the coded data returned to the controller represents a normal position o~ switch 71 or an alarm position. Control 15 device 76 functions under the control of the binary signals J and K from the crypto generator 54 to position the pointers 77 and 78, which are effectively tied together and move in unison. Th~ table at the bottom of Figure 7 illustrates the operation. Specifically, when binary signals J and K are both at their logic O levels, pointers 77 and 78 will be at their uppermost positions so that waveform Q will be chosen as the coded data to represent the normal condition of switch 71 and waveform R will be selected as the coded data to represent the alarm condition Of the switch. If binary signal K then changes to logic 1, while signal J remains at logic O, pointers 77 and 78 are moved counterclockwise one position so that waveform R
will represent the normal switch position and waveform S
the alarm position. In similar fashion, with signals J and K at their logic 1 and O levels, respectively, waveform S
is selected by pointer 77 to indicate a normal switch 71 and waveform ~ is chosen by pointer 78 to signify an alarmed switch. Finally, if both of the binary signals J
and ~ are at their logic 1 levels pointers 77 and 78 will be moved to their lowermost positions to select waveform ~
as the coded form representing a normal switch and waveform Q as the coded form rePlecting an alarmed switch.
~2~i9~39 Hence, during a pulse low F or G any one of waveforms Q, R, S or T will appear at random and there is no correlation or relationship betwee~n waveforms and condi-tions of switch 71. At some times waveform R, for example, is returned to the controller to indicate that switch 71 is normal, while at other times the same waveform R is sent back to the controller to indicatP that an alarm has been tripped. This totally frustrates the unauthorized person since no useful information can be derived off of the line 21, 22, thus preventing the person from knowing whether an alarm has been triggered.
Since the same crypto generator at the transponder controls the formation of both the encrypted signature during low pulse E and the encrypted switch data during low 15 pulses F and G, decoding or decrypting of the switch data may also be accomplished at the controller by means of block 28 (FIGURE 1). The changing binary states of signals J and K effectively provide a code schedule in accordance with which the switch data during low pulses F and G is 20 Coded.
While a particular embodiment of the invention has been shown and described, modifications may be made, and it is intended in the appended claims to cover all such modifications as may fall within the true spirit and scope 25 of the inventiOn.
The present invention achieves significantly greater protection against unauthorized tampering and compromising 15 than that realized in the prior security systems.
Furthermore this is accomplished at relatively little cost and requires very little space to implement. Among the very desired results obtained by the present invention, replacing of a transponder with a bogus one, or even with a 20 computer, will not compromise the security and will be detected. Moreover, observation of the output of a transponder will not reveal whether an alarm has been actuated by that transponder. This is achieved in the present invention by encrypting or coding the data sent 25 from each of the transponders, located within a protected premise or area, to the controller. In the past, for high security protection encryption has been employed in the communication link that leaves the controller, and its protected premise, and couples to a remote central 30 station. ~uch prior systems, however, are not adaptable to the coding of the data from the individual transponders.
The security system of the invention includes a controller for receiving data over a pair of line 35 conductors from a plurality of addressable transponders monitored by the controller and coupled across the line conductors within the same protected premise. Each of the ~Z6~139 transponders comprises encrypting means, operable when the transponder is addressed by the controller, for sending to the controller coded data the form of which varies from time to time in accordance with a predetermined secret code schedule. The controller is provided with decrypting means which operates in accordance and in step with the same predetermined secret code schedule to decode the received coded data. The coded data includes coded identifying data representing an encrypted signature of the addressed transponder, which signature may change each time the coded data changes, and wherein the decrypting means decodes the coded identifying data and decrypts the signature in order to determine the validity of the replying transponder.
In accordance with a more detailed aspect of the invention, a composite signal, divided into successive time segments and having a pulse in each segment, is transmit-ted from the controller to an addressed transponder wllich modifies the pulse in at least one selected segment of the composite signal, to provide the coded data, and returns that ~0 modified segment to the controller. The coded data may constitute coded identifying data representing an encrypted signature of the addressed transponder, which signature changes each time the coded data changes. The decrypting means in the controller decodes the coded identifying data and decrypts the signature in order to determine or check the validity of the replying transponder to make certain that it rn/~"
1,~'691~9 a is not bogus or counterfeit. On the other hand, the coded data may serve as coded transducer :information representing the state or condition of a transducer associated with the addressed transponder, the decrypting means decoding the coded transducer informat;.on to determine the state of the transducer. With the transducer data appearing in coded form on the line conductors, there is no way that an unauthorized person can determine the transducer state merely by observing the information on the line.
The features of the invention which are believed to be novel are set forth with particularity in the appended claims. The invention may best be understood, however, by reference to the following description in conjunction with the accompanying drawings, wherein like reference numerals identify like components, and in which:
rn/
~;~691~9 FIGURE 1 is a block diagram of a security system, for a protected premise, in the form o a bidirectional data communication system generally similar to the system disclosed in the aforementioned patents and patent application but modified in accordance with the present invention;
FIGURE 2 is a graphical illustration of a composite signal for representing data as taught in the cited patents and patent application ;
FIGURE 3 ig a graphical illustration and an accompanying operation table which help to understand the operation of the present invention;
FIGURE 4 iB a block diagram of a transponder constructed to implement the present invention;
FIGURE 5 shows a series of waveforms helpful in understanding the operation of the invention, FIGURE 6 is a more detailed block diagram representation, with an accompanying state table, of a portion of the transponder shown in FIGURE 4; and, FIGURE 7 graphically illustrates the operation of a portion of the transponder.
FIGURE 1 depicts the data communication arrangement of the earlier svstem, described in the aforementioned patents and patent application , modified to achieve a high 25 degree of secrecy in accordance with the present invention. There, a controller 20 sends and receives data over a pair of conductors 21, 22, to which a plurality of transponders 23, 24 and 25 are coupled. Each transponder 23, 24, 25 connects to an associated respective one of 30 transducers 23a, 24a, 25a. Only three transponders and associated transducers are ~hown but it will become apparent that large numbers of transponders can communicate with controller 20 over the same conductor pair, and thus over the same local multiplex loop. As indicated by the 35 dashed construction line, controller 20 as well as all of - 6 ~ ~6~139 the transponders and transducers ar~ located within the same protected premise. Controller 20 includes a command circuit 26 having a switch Sl coupled in parallel with a resistor Rl. One side of this parallel combination is coupled to a reference voltage V, and the other side is coupled both to conductor 21 and to the input of evaluation circuit 27. Another resistor R2 is coupled between the input to circuit 27 and a ground plane of reference potential, to which conductor 22 i~ also coupled. As shown in transponder 23, typically each transponder includes a resistor ~3 coupled in series with a switch S2, and this combination is coupled across line conductors 21, 22 as shown. When switch Sl in the controller is closed, a voltage V is applied over conductors 21, 22 to the various transponders. When swltch Sl is opened, and all the switches S2 remain open, the voltage divider circuit comprising resistors Rl and R2 provides a voltage of V/2 at the input to evaluation circuit 27. Prefera~ly, all the resistors ~l, R2 and R3 are of equal value. Thus, with a 20 voltage of V/2 on the line, and when switch S2 is then closed, resistor R3 is placed in parallel with resistor R2, and a voltage V/3 appears at the input of evaluation circuit 27. Command circuit 26 regulates the opening and closing of switch Sl and each closure is used to send commands to the respective transponders, which then perform the commanded action. Electrical power for operating the transponders is also sent when switch Sl is closed, each transponder having a capacitor which is maintained in a charged condition by voltage V to provide an operating 30 potential. Each transponder can return data from itself and/or from associated equipment, such as a transducer that responds to unauthorized entry to a secured area, by closure of switch S2 when switch Sl is open. A detailed explanation of such system operation i~ set out in the 35 patents and patent application identified above. Block 28 has been added to th~ controller 20 in FIGURE l to implement the present invention. The function of bloc~ 28 ~9139 will be described later.
The closing and opening of switches Sl and S2 can produce a composite signal which include~ or is divided into successive time segments as shown in FIGURE 2. These 5 different time segments include the high amplitude portions 31, 33, 35 and 37 (when switch Sl is closed), and the low amplitude portions 32, 34, 36 and 38 when switch Sl is open. In the referenced patents and patent application the high-amplitude portions are utilized to 10 transmit commands to the different transponder~, and the low-amplitude portlons are emplo~ed to return data from a selected addressed transponder to the controller. The duration of closure of switch Sl is variable and can be recognized at a transponder, as can the number of times 15 switch Sl is opened and closed in a group of pulses, namely during a single composite signal. Thi~ facilitates the addressing of a selected transponder. When an addressed transponder i3 responding or answering back to the controller, a voltage V/2 received at the evaluation 20 circuit 27 indicates that the transponder's switch S2 is open, whereas a voltage V/3 signifies that the transponder's switch S2 is closed. Controller 20 derives information from the particular transponder replying by analyzing the time duration of S2 closure, or the time 25 duration of voltage V/3 appearing across the line conductors.
While the inventive concept is explained as implemented in connection with a bidirectional data communicatio~ system of the type taught in the patents and 30 patent application noted above, it will be readily understood by those skilled in the art that the present invention has much wider application. For example, and as will be appreciated, it i5 not even necessary that command data or any data be sent to a transponder. It is merely 35 necessary that data b~ transmitted from a transponder to the controller.
Figure 3, which includes a waveform on the left and a ~ 8 _ ~Z6~3~
tabulation on the right, depicts a compo~ite signal with successive time segments representlng different data, and is similar to the pulse group shown in Figure 2~ The high and low pulses in the composite signal on the left in Figure 3 are de~ignated by the letter3 A - G and the various data in the time segments defined by those pulses are illustrated in the tabulation on the right over the corresponding letters. With the exception of the data labeled "encrypted signaturQ" and "encrypted switch data"
10 occuring during the low-amptitude pulses E, F and G, the indicated data i3 typical of the types of command data given to an addressed transponder and the information returned from the transponder during a single composite signal in accordance with the teachings of the afore-15 mentioned patents and application . The informationconveyed during pulses, or time segments, E, F and G is developed according to the present invention and will be explained later. As indicated in the tabulation, the first high pulse in Figure 3 does not necessarily signify any 20 command. The first low pulse, designated D, may be used to instruct the addressed transponder to return information concerning the status of an associated relay. The second high pulse, labeled A, is not used in this illustration.
The third and fourth highs, designated B and C, 25 respectively, are commands to turn the relay on and off.
During each of the pulse lows (na~ely, during segments D, E, F and ~), information may be returned to the controller in the form of a selected one of the eight waveshapes shown in Figure 5. Of course, those skilled in 30 the art will appreciate that other waveforms are possible in order to include more bits or portions of data. These eight different response signals (labeled with the letters P - W in Figure 5) are developed in the transponder, as taught ln the cited prior patents and application , by a 35 psuedo-binary system in which the signal interval or time segment i5 divided into three portions, starting at t~.
The first portion terminates at time tl, the second at g time t2, and the third ends at time t3. More specifically, waveform P illustrates a data return signal in which a response i~ provided from a transponder by keeping its switch S2 (which is preferably a transitor switch) open, and the voltage across the line conductors hlgh at V/2, for the entire time segment. The second response signal (waveform Q) goes low (S2 closed) for the first portion, the voltage across the line thereby being ~/~1 and remain~ high for the second and third portions.
The next reply signal (waveshape R) goes low for the first two portion~ and then goes high and remains high for the third portion. Waveform S goes low at time to and remains low throughout the response interval. Response signal T remains high for the first portion, is low for the second portion, and is again high for the third portion.
In waveform U the first portion i5 high and the second and third are low. The response is high for the first two portions of waveform V and then goes low for the third 20 portion of that pul~e. Response ~ignal W remains low for the ~irst portion, goes high at time tl and remains high for the second portion, after which the signal goes low at time t2 and remains there during the third portion.
Figure 4 depicts the general layout of one 25 transponder suitable for implementing the system of the invention in the illustrated embodim4nt. Of course, some elements of the transponder have not been shown in Figure 4 to avoid unduly encumbering the drawing. Reference is made to the above noted patents and patent application for a 30 more detailed disclosure. Figure 4 shows the manner in whlch the prior system i~ modified in order to practice the present invention, and only the essential elements are illustrated. Data bus 21, 22 can be a pair of line conductors a~ described above in connection with Figure l, 35 a coaxial cable, or any other suitable passage for signals, electrical, optical or otherwise. It i8 also understood that the transponders need not be physically connected, as by a solid, low-resistance electrical connection, but there 126913~
can be intermediate transmission through the air or other medium without departing from the data transmission and recognition concept of the present invention.
In the illustrated embodiment, data received from the controller over bus 21, 22 is passed into counter and address comparator/detector 40, and into output command selector/controller and key detector/controller 41. When data is to be returned to the controller, answer waveform selector/conditioner 42 develops the appropriate signal for transmission over the data bus to the controller.
Composite signals appearing on the bus are received in circuit 40, where the composite signals are continually counted to determine the address of the transponder being signalled from the controller. A plurality of address s~itches 50 are preset in a certain code to identify the particular transponder in which the switches are physically positioned. Output conductors 43 - 49 thus indicate the state (open or closed) of seven on-off switches (not shown) within address switch circuit 50 and circuit 40 continually compares this address with the address denoted by the incoming pulses from bus 21,22. With seven switches a total of 128 addresses can be preset, but of course other numbers of switches can be utilized depending upon the number of transponders to be coupled in a single system. When the 25 circuit 40 recognizes that the address on the bus is that of this specific transponder, the output circuit provides a respond select signal over line 51 to the answer waveform selector/conditioner circuit 42 when lows are present and provides a command select signal over line 52 to circuit 41 when the highs are present. The signals on lines 51 and 52 are thus enabling signals to effectively enable the associated circuits 41, 42 to accomplish the commands sent and/or to return the data requested in the composite signal during the time that this specific transponder's address is 35 valid. Among other functions, circuit 42 develops the waveforms of Figure 5 and selects the particular one that is sent back to the controller during each of the pulse :~2~;9139 lows of a composite signal.
In order to understand the manner in which the coded or encrypted data is produced at a transponder during time segments E, F and G of Figure 3 for transmission back to the controller, attention is directed to Figure 6 which shows the details of the crypto generator 54 of Figure 4, along with a state diagram or table illu~trating the generator's operation. Those skilled in the art will appreciate that, in order to obtain a higher degree of security, a more complicated encryption generator would be required to replace the one shown in Figure 6, where the illustrated circuit is intended only to show the concept of the invention here. The four flip-flops 55, 56, 57 and 58 and the exclusive OR circuit 59 are interconnected in conventional fashion to provide a well-known shift register/counter. Flip-flops 55 - 58 are initialized or cleared by pulses applied over line 61 from circuit 41.
After initialization, clock pulses are applied over line 62 to shift or advance the register through its counting 20 cycle. ~s the clock pulses are applied to the flip-flops, their outputs switch between a relatively low (logic O) binary output state and a relatively high (logic l) binary output state, as indicated by the table in Figure 6. The changing binary states, at the outputs indicated by the fi~re letter designations ~, J, ~, L and M in the crypto generator 54 in Figure 6, are illustrated by the five columns in the table, each of which columns is headed by a corresponding letter designation. To explain, in response to the first seven clock pulses applied to the shift 30 register the output binary state of, for example, flip-flop 57 will be logic O for the first three clock pulses, logic l for the next three clock pulses, and then back to logic O
for the seventh pulse, as shown by the column headed by the letter K. The five binary output signals H, J, K, L and M
35 are thus pseudo-random in naturP. Of course, the degree of randomness may be increased as desixed by adding more complexity to the crypto generator. Moreover, the clock - 12 _ 1 ~ 6~ 13 9 pulses may be randomized so that they occur in a random pattern. For example, the transponders may be addressed ~t random and the crypto generator at any given transponder may receive a clock pulse only every nth time the transponder recognizes its address. Three lines 64, 65 and 66 connect the outputs of flip-flop 56, flip-flop 57 and exclusive OR circuit 59, respectivelyr to circuit 42 to provide the circuit with the J, X, and M binary output signals.
During the time segment in which the low-amplitude pulse E (Figure 3) ls transmitted from the controller 20 over the data bus 21, 22, the addressed transponder answers or responds by returning coded identifying data represent-ing an encrypted signature of the transponder. This is accomplished in circuit 42 (FIGURE 4) by employing the binary output signal ~ to determine the specific manner in which the low pulse E is modified and returned to the controller. At any given time, binary signal M at the addressed transponder will be established at either its 0 or 1 level. During the low pulse E, circuit 42 operates under control of that binary signal and actuates the transponder's switch S2 as necessary to produce selected ones of the waveforms P - W in Figure 5 for transmission back to the controller. In the illustrated embodiment of 25 the invention, whenever binary signal M is established at its logic 0 level waveform Q will be developed, by operat-ing the addressed transponder's switch S2, for return over data bus 21, 22 to the controller. On the other hand, if signal M is at its logic 1 level, waveform V will be gene-30 rated and transmitted back to the controller. Obviously,the selection of waveform Q for logic 0 and waveform V for logic 1 is arbitrary and those logic levels could be em-ployed to generate any of the other waveforms in Figure 5.
Thus, when a transponder i5 addressed either waveform 35 Q or waveform V will appear in segment E and this represents an encrypted signature of the transponder which changes from time to time depending on the binary state of ~26g~39 binary signal M during each segment E. The random changing pattern, between logic 0 and 1, of signal M may be con-sidered a predetermined secret code schedule in accordance with which the coded data, namely the encrypted signature, changes. ~s indicated by block 28 in the controller 20 (Figure 1), the controller includes decrypting or decoding means which operates in accordance and in step with the same predetermined secret code schedule to decode the received coded identifying data and decrypt the si~nature in order to determine the validity of the replying transponder. A corresponding crypto generator in the controller would be operated, or stepped through its counting cycle, in synchronism with the crypto generator at the transponder so that when waveform Q, for example, is produced during a particular segment E by a responding valid transponder, the controller will "know" that the received waveform Q indicates that the answering transponder is valid. The receipt at the controller of any waveform other than waveform Q constitutes invalid data and signifies that the transponder is either malfunctioning or is phoney or bogus. An alarm may be immediately produced to alert operating personnel that an unauthorized person or burglar may be attempting to compromise the security of the system by substituting a valid transponder with a bogus transponder or with a computer.
The coded data transmitted from the addressed transponder during each of the low pulses or time segments F and G (Figure 3) represents information concerning some condition or state associated with the transponder.
Preferably, the coded data relates to the state of a transducer monitored by the transponder. In the absence of decoding the coded transducer data, the information found on line 21, 22 will not reveal, to the unauthorized person, the transducer state.
More particularly, the transducer comprises the monitored switch contacts or switch 71 in Figure 4 which can be established in either a normal position or an alarm - 14 - ~ ~6~39 position. The switch can be internal to the transponder or external, such as a switch contact set positioned adjacent to a door or window, which contact set is separated upon movement of one part relative to another. Alternatively, the switch 71 can represent a detector for particles of combustion, or any other transducer of the types alluded to previously. The status of switch contacts 71 is monitored by switch state determination circuit 72 and presented to output latches 73 and 74. When the switch 71 is found to be in its normal position, indicating that nothing is wrong, latch 73 is operated, whereas if the switch has been established in its alarm position, signifyin~ that there is an alarm state, latch 74 is actuated. In the prior system, the operation of latch 73 would cause circuit 42 to select a particular one of the wavefo~ms P - W of Figure 5 ~or transmission back to the controller over data bus 21, 22, while the operation of latch 74 would cause circuit 42 to select a different one of the waveforms P - W for return to the controller. The selected waveforms were always the same. In other words, a normal state of switch 71 would always result in the same waveform selected from those in Figure 5, and an alarm state would also always result in the same waveform selected from Figure 5 but different than the one chosen to represent normal conditions.
In accordance with a salient feature of the invention, the switch data representing the monitored contacts 71 is returned to the controller during each of the low pulses F and G in coded or encrypted form to thwart an unauthorized person attempting to defeat the security of the system. Observation of the data appearing on line or bus 21, 22 during a segment F or a segment G provides no hint or clue whatsoever regarding the state of the sensed transducer. With the transducer data on line 21, 22 in coded form, the unauthorized person (such as a burglar or 35 robber) will not know whether he tripped an alarm or not, or whather an alarm has been initiated by someone else.
For example, if a "silent" alarm has been actuated, the 1,26913~
person cannot intercept any usef~ll info~mation from the line 21, 22 and will not know if law enforcement personnel had been dispatched. The switch is effectively read twice and switch data is sent to the controller during both segments F and G to obtain confirmation and to help eliminate false alarms.
To achieve encrypting of the switch data in accordance with the illustrated embodiment of the invention, circuit 42 is designed to function in the manner graphically illustrated in Figure 7. Pointer 75 is positioned by latches 73 and 74, under the control of switch state determination circuit 72, and selects whether the coded data returned to the controller represents a normal position o~ switch 71 or an alarm position. Control 15 device 76 functions under the control of the binary signals J and K from the crypto generator 54 to position the pointers 77 and 78, which are effectively tied together and move in unison. Th~ table at the bottom of Figure 7 illustrates the operation. Specifically, when binary signals J and K are both at their logic O levels, pointers 77 and 78 will be at their uppermost positions so that waveform Q will be chosen as the coded data to represent the normal condition of switch 71 and waveform R will be selected as the coded data to represent the alarm condition Of the switch. If binary signal K then changes to logic 1, while signal J remains at logic O, pointers 77 and 78 are moved counterclockwise one position so that waveform R
will represent the normal switch position and waveform S
the alarm position. In similar fashion, with signals J and K at their logic 1 and O levels, respectively, waveform S
is selected by pointer 77 to indicate a normal switch 71 and waveform ~ is chosen by pointer 78 to signify an alarmed switch. Finally, if both of the binary signals J
and ~ are at their logic 1 levels pointers 77 and 78 will be moved to their lowermost positions to select waveform ~
as the coded form representing a normal switch and waveform Q as the coded form rePlecting an alarmed switch.
~2~i9~39 Hence, during a pulse low F or G any one of waveforms Q, R, S or T will appear at random and there is no correlation or relationship betwee~n waveforms and condi-tions of switch 71. At some times waveform R, for example, is returned to the controller to indicate that switch 71 is normal, while at other times the same waveform R is sent back to the controller to indicatP that an alarm has been tripped. This totally frustrates the unauthorized person since no useful information can be derived off of the line 21, 22, thus preventing the person from knowing whether an alarm has been triggered.
Since the same crypto generator at the transponder controls the formation of both the encrypted signature during low pulse E and the encrypted switch data during low 15 pulses F and G, decoding or decrypting of the switch data may also be accomplished at the controller by means of block 28 (FIGURE 1). The changing binary states of signals J and K effectively provide a code schedule in accordance with which the switch data during low pulses F and G is 20 Coded.
While a particular embodiment of the invention has been shown and described, modifications may be made, and it is intended in the appended claims to cover all such modifications as may fall within the true spirit and scope 25 of the inventiOn.
Claims (11)
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A security system including a controller for receiving data over a pair of line conductors from a plurality of addressable transponders monitored by the controller and coupled across the line conductors within the same building structure, at least one of the transponders comprising encrypting means, operable when the transponder is addressed by the controller, for sending to the controller coded data the form of which varies from time to time in accordance with a predetermined secret code schedule, wherein the controller includes decrypting means which operates in accordance and in step with the same predetermined secret code schedule to decode the received coded data, wherein said coded data includes coded identifying data representing an encrypted signature of the addressed transponder, which signature may change each time the coded data changes, and wherein the decrypting means decodes the coded identifying data and decrypts the signature in order to determine the validity of the replying transponder.
2. A security system according to claim 1 wherein the coded data also includes coded transducer information and represents the state of a transducer associated with the addressed transponder, and wherein the decrypting means decodes the coded transducer information to determine the state of the transducer.
3. A security system according to claim 1 wherein each of the time segments of the composite signal includes a pulse, and wherein the coded data is provided by changing a characteristic of the pulse during the selected time segment.
4. A security system according to claim 3 wherein the waveshape of the pulse is changed during the selected time segment to provide the coded data.
5. A security system for a single protected building enclosure and including a pair of line conductors, a controller for transmitting data over the line conductors, and plurality of addressable transponders each of which is located within the building enclosure and is coupled across the conductors to receive the transmitted data and, when addressed, modifies the transmitted data and returns the modified data back to the controller, at least part of the returned data being produced by encrypting means in the addressed transponder, the returned encrypted data varying from time to time in accordance with a code schedule to represent coded information, and wherein the controller includes decrypting means which operates in accordance and in step with the same code schedule to decrypt the coded information, wherein said coded data includes coded identifying data representing an encrypted signature of the addressed transponder, which signature may change each time the coded data changes, and wherein the decrypting means decodes the coded identifying data and decrypts the signature in order to determine the validity of the replying transponder.
6. A security system including a controller for receiving data over a pair of line conductors from a plurality of individually addressable transponders connected across the line and located within the same protected premise, each of the transponders comprising a base and a cover assembled to form an enclosure, encrypting means within said enclosure, operable when the transponder is addressed for sending coded identifying data back to the controller, which coded identifying data represents an encrypted signature of the addressed transponder and may be changed from time to time, wherein the controller includes decrypting means for decoding the coded identifying data and decrypting the signature to determine the validity of the replying transponder, said base and cover including means for establishing an electrical connection when the base and cover are mated, to identify separation of the base and cover by interruption of the electrical connection, said means for establishing the electrical connection between the base and cover including at least one cylindrical female connector defining a slit therein and supported on the base, and a flag-like connector supported on the cover in a position such that when the cover and base are assembled, the flag-like connector is received in the slit of the cylindrical female connector to provide both mechanical indexing and retention, and effective electrical contact.
7. A security system as claimed in claim 6 in which said controller is connected to transmit a pulse signal, having a plurality of pulses, over the pair of line conductors to the plurality of individually addressable transponders wherein each of the transponders, when addressed, replies to the controller by selectively modifying at least a portion of one of the received pulses, such that the coded identifying data is returned to the controller in the form of a modified pulse representing the encrypted signature of the replying transponder, which identifying data may be changed by modifying the pulse differently from time to time when the transponder is addressed.
8. A security system for a single physical enclosure and including a pair of line conductors, a controller for transmitting data over the line conductors, and a plurality of addressable transponders each of which is located within the protected premise and is coupled across the conductors to receive the transmitted data and, when addressed, modifies the transmitted data and returns the modified data back to the controller, at least part of the returned data being produced by encrypting means in the addressed transponder and representing an encrypted signature of the transponder, which signature is unique and is changed from time to time in accordance with a secret code schedule, and wherein the controller includes decrypting means which reads the returned data and operates in accordance with the same secret code schedule to decrypt the encrypted signature to determine the validity of the replying transponder.
9. A security system according to claim 8 wherein additional data, transmitted from the controller to the addressed transponder, is modified in response to, and under the control of, a transducer associated with the transponder to provide coded transducer data which is returned to the controller, and wherein the decrypting means decodes the coded transducer data to determine the state of the transducer.
10. A security system for a single physical enclosure and having a controller for sending successive composite signals each divided into time segments representing different data and further including address information, and a plurality of addressable transponders, each having an individual address, located within the single physical enclosure and a single local multiplex loop coupling all the transponders to the controller, to receive the composite signals and to recognize both the individual transponder address and the different data in a composite signal, each transponder comprising means operative, when a transponder is addressed and during a particular time segment of a composite signal, to return to the controller coded identifying data which represents an encrypted signature and is subject to change each time the transponder is addressed, and which coded data are read and decoded at the controller to decrypt the signature thereby to determine the validity of the replying transponder.
11. A security system including a controller for receiving data over a pair of line conductors from a plurality of individually addressable transponders connected across the line and located within the same protected premise, each of the transponders comprising a base and a cover assembled to form an enclosure, encrypting means within said enclosure, operable when the transponder is addressed to send coded identifying data back to the controller, which coded identifying data represents an encrypted signature of the addressed transponder and may be changed from time to time, wherein the controller includes decrypting means for decoding the coded identifying data and decrypting the signature to determine the validity of the replying transponder, said base and cover including means for establishing an electrical connection when the base and cover are mated, enabling the controller to identify separation of the base and cover by interruption of the electrical connection.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US880,984 | 1986-07-01 | ||
| US06/880,984 US4850018A (en) | 1986-07-01 | 1986-07-01 | Security system with enhanced protection against compromising |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1269139A true CA1269139A (en) | 1990-05-15 |
Family
ID=25377538
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000537997A Expired - Fee Related CA1269139A (en) | 1986-07-01 | 1987-05-26 | Security system with enhanced protection against compromising |
Country Status (2)
| Country | Link |
|---|---|
| US (1) | US4850018A (en) |
| CA (1) | CA1269139A (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4962373A (en) * | 1989-05-01 | 1990-10-09 | General Signal Corporation | Scheme for power conservation in fire alarm system |
| FR2666921B1 (en) * | 1990-09-19 | 1992-11-20 | Roubal Philippe | HIGH SECURITY ENCODING METHOD AND DEVICE FOR CARRYING OUT SAID METHOD. |
| US5493283A (en) * | 1990-09-28 | 1996-02-20 | Olivetti Research Limited | Locating and authentication system |
| US5225809A (en) * | 1990-12-24 | 1993-07-06 | Mayday U.S.A. Inc. | Personal security system and apparatus therefor |
| US5546072A (en) * | 1994-07-22 | 1996-08-13 | Irw Inc. | Alert locator |
| US5631629A (en) * | 1995-02-08 | 1997-05-20 | Allen-Bradley Company, Inc. | Heartbeat communications |
| US5761306A (en) | 1996-02-22 | 1998-06-02 | Visa International Service Association | Key replacement in a public key cryptosystem |
| US5831546A (en) * | 1996-05-10 | 1998-11-03 | General Signal Corporation | Automatic addressing in life safety system |
| US5933077A (en) * | 1997-06-20 | 1999-08-03 | Wells Fargo Alarm Services, Inc. | Apparatus and method for detecting undesirable connections in a system |
| US6021391A (en) * | 1998-03-03 | 2000-02-01 | Winbond Electronics Corp. | Method and system for dynamic data encryption |
| US5959528A (en) * | 1998-07-01 | 1999-09-28 | General Signal Corporation | Auto synchronous output module and system |
| NO312796B1 (en) * | 2000-10-26 | 2002-07-01 | Nordan As | Alarm Memory |
| US7761095B2 (en) * | 2004-03-17 | 2010-07-20 | Telecommunication Systems, Inc. | Secure transmission over satellite phone network |
| US8239669B2 (en) * | 2004-03-17 | 2012-08-07 | Telecommunication Systems, Inc. | Reach-back communications terminal with selectable networking options |
| US8489874B2 (en) * | 2004-03-17 | 2013-07-16 | Telecommunication Systems, Inc. | Encryption STE communications through private branch exchange (PBX) |
| US8280466B2 (en) * | 2004-03-17 | 2012-10-02 | Telecommunication Systems, Inc. | Four frequency band single GSM antenna |
| US8248226B2 (en) | 2004-11-16 | 2012-08-21 | Black & Decker Inc. | System and method for monitoring security at a premises |
| US8441342B2 (en) * | 2006-05-15 | 2013-05-14 | Nxp B.V. | Pseudo-random authentification code altering scheme for a transponder and a base station |
| US7986228B2 (en) | 2007-09-05 | 2011-07-26 | Stanley Convergent Security Solutions, Inc. | System and method for monitoring security at a premises using line card |
| KR101824503B1 (en) * | 2011-03-09 | 2018-02-01 | 삼성전자 주식회사 | Apparatus for low energy wireless communication |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4005428A (en) * | 1975-05-15 | 1977-01-25 | Sound Technology, Inc. | Secure remote control communication systems |
| US4025760A (en) * | 1975-08-14 | 1977-05-24 | Addressograph Multigraph Corporation | Security means for transaction terminal system |
| US4093946A (en) * | 1976-03-01 | 1978-06-06 | The Laitram Corporation | Two-wire, multiple-transducer communications system |
| GB1589748A (en) * | 1976-09-10 | 1981-05-20 | Matsushita Electric Works Ltd | Time division multiplex transmission system |
| US4264782A (en) * | 1979-06-29 | 1981-04-28 | International Business Machines Corporation | Method and apparatus for transaction and identity verification |
| US4369332A (en) * | 1979-09-26 | 1983-01-18 | Burroughs Corporation | Key variable generator for an encryption/decryption device |
| DE3001452A1 (en) * | 1980-01-16 | 1981-07-23 | Hans-Günther 8100 Garmisch-Partenkirchen Stadelmayr | ALARM, SECURING AND MONITORING SYSTEM |
| US4326098A (en) * | 1980-07-02 | 1982-04-20 | International Business Machines Corporation | High security system for electronic signature verification |
| GB2131990B (en) * | 1982-12-02 | 1985-12-11 | Racal Security Ltd | Remote system systems |
| GB2133251B (en) * | 1982-12-02 | 1986-05-21 | Racal Security Ltd | Improvements in and relating to remote sensing systems |
| US4645871A (en) * | 1985-06-17 | 1987-02-24 | Paradyne Corporation | Non-interfering in-band protocol-independent diagnostic scanning in a digital multipoint communication system |
-
1986
- 1986-07-01 US US06/880,984 patent/US4850018A/en not_active Expired - Lifetime
-
1987
- 1987-05-26 CA CA000537997A patent/CA1269139A/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| US4850018A (en) | 1989-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1269139A (en) | Security system with enhanced protection against compromising | |
| CA1277042C (en) | Sequential and/or random polling system with virtually instantaneous response time | |
| US4926162A (en) | High security communication line monitor | |
| US3713142A (en) | Alarm system | |
| US4532507A (en) | Security system with multiple levels of access | |
| US5268668A (en) | Security/fire alarm system with group-addressing remote sensors | |
| US4721954A (en) | Keypad security system | |
| EP0827616B1 (en) | Initialisation of a wireless security system | |
| US5408217A (en) | Secure fire/security/sensor transmitter system | |
| US4110738A (en) | Anti-theft alarm with coded radio link | |
| CA1181506A (en) | Security system with multiple levels of access | |
| US3171108A (en) | Valuable protection system | |
| US3792470A (en) | Coded tone multiplexed alarm transmission system | |
| US4870612A (en) | Operator console with paired modules including means for ciphering and deciphering messages therebetween based on a mutually known, exclusive internal security code | |
| GB1602307A (en) | Security systems having remote terminals system for monitoring integrity of communication lines in | |
| AU709083B2 (en) | Remote control of electronic locking systems | |
| CA2256809C (en) | Biometric input device for security system | |
| EP1793354B1 (en) | Security system utilizing sequence signal | |
| US20220228400A1 (en) | Alarm device | |
| Cooke | Sensor technology and signal analysis: High security encryption supervision | |
| WO1997000507A9 (en) | System and method for arming an alarm system when an occupant fails to turn the system on | |
| JP2733295B2 (en) | Security system | |
| CA1304468C (en) | Selective clearing of latched circuits | |
| RU2390851C1 (en) | Security system of real estate unit | |
| GB2264802A (en) | Signal communication systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKLA | Lapsed |