1. Field of the Invention
The present invention relates to a system for monitoring remote terminal equipment, such as a security alarm, over a telecommunications link.
2. Related Art
There are a number of situations in which it is necessary to monitor at a central site the status of terminals at remote locations. One example is provided by burglar alarm systems of the type which send an alert to a monitoring service. Conventionally, a telephone line has been used to provide the connection between the alarm equipment at the customer premises and the monitoring station. An analogue tone is transmitted on the line to the local exchange and is used for signalling between the alarm and the monitoring station, including the transmission of alarm signals. Such an arrangement provides only a limited degree of protection against attacks intended to defeat a security system. If the tone is interrupted by the line being cut, then this is detected at the monitoring station. The signals transmitted on the analogue link may be encrypted, although in practice any such encryption may be detected and broken over relatively short time scales. Once the code has been broken, then an attack may be made by cutting into the line and substituting a dummy terminal which masquerades as the real terminal. This makes it possible to disable the security system at the customer premises without the monitoring service being alerted.
According to a first aspect of the present invention there is provided a method of operating a communications system including a telecommunications link between a remote terminal and a control station, the method comprising:
a) transmitting polling requests on a digital messaging channel carried on the telecommunications link;
b) generating at the remote station a poll response message and encrypting part only of the said poll response message;
c) returning a response signal from the remote terminal to the control station on the digital messaging channel; and
d) at the control station decrypting the poll response message.
The present invention provides a monitoring system which offers improved security and greater flexibility in operation combined with low transmission overheads. This is achieved by establishing a digital messaging channel between the remote site and the central station, polling the site on the digital messaging channel, and then partially encrypting the polled response. The use of digital messaging makes possible the application of more powerful encryption techniques, and the encryption of part only of the polled response message allows authentication of the poll response at the central station while only adding marginally to the bandwidth required for signalling between the remote station and the central station.
Preferably the digital messaging channel is the D channel of an ISDN circuit.
A further advantage of the present invention is that it is suitable for implementation using standard ISDN technology for the telephone link. In particular, the messaging channel may be integrated with the existing D channel of an ISDN line. The monitoring function can then operate transparently, without interfering with the operation of the ISDN line. The ISDN line is therefore available for simultaneous use, for example, for voice telephony.
Preferably the remote terminal transmits the poll response in a plurality of segments and the central station returns to the remote station an acknowledgement of each segment received and a further acknowledgement for the message assembled from the segments.
This preferred aspect of the invention divides the poll response message into a number of parts each of which is transmitted separately. A handshake is carried out with the central station both for the individual segments, and also for the message as a whole formed by assembling the segments.
Preferably each polling request from the central station includes a different identifying code, and the encrypted part of the poll response includes the identifying code of the respective poll request.
The security of the system is further enhanced by including in each poll from the central station an identifying code or xe2x80x9cchallengexe2x80x9d which is specific to that particular poll. The remote terminal is then required to include the appropriate xe2x80x9cchallengexe2x80x9d in the response to the poll. Including the challenge in the encrypted part of the poll response then provides a double layer of security. Encryption with the key belonging to the particular remote terminal serves to authenticate the source of the polled response while the inclusion of the challenge identifying code indicates that the response has been freshly generated in answer to the respective poll. This provides a safeguard against attacks on the security of the system in which genuine poll responses from the remote terminal are intercepted and stored for later forwarding to the central station.
Preferably the telecommunications link includes a local access network which links the remote station to a local exchange. Alternatively, or in addition, some of the polling requests and responses may be transmitted over a wireless communications link which may be, for example, a GSM link.
The present invention is not limited in applicability to systems in which the remote terminal is a burglar alarm, although the high degree of security offered by the invention is particularly advantageous in this context. Other uses for the invention include remote monitoring of meters, for example electricity, gas or water meters, or remote monitoring of the status of an automatic vending machine.
According to a second aspect of the present invention, there is provided a communications system comprising:
a control station including a polling request generator and a decoder for decoding poll response messages;
a remote terminal including a polling response generator for generating a polling response message;
an encoder arranged to encode part only of the polling response message;
a telecommunications circuit including a digital messaging channel which, in use, carries polling requests from the control station to the remote terminal and carries partially encoded response messages from remote terminal to the control station.
According to another aspect of the present invention, there is provided a control station comprising:
a) a digital messaging channel interface which is arranged to transmit and receive messages to and from a remote station on a digital messaging channel;
b) a polling request generator which is arranged to generate a polling request for transmission on the digital messaging channel;
c) a decoder arranged to decode a partially encrypted poll response message which is received on the digital messaging channel; and
d) a controller which is arranged to interpret the poll response messages.
The invention encompasses control stations and remote terminals (such a, e.g., a burglar alarm control panel) for use in methods in accordance with the first aspect of the invention.