The present invention relates to security of data communications in a wireless system, and in particular to such a system wherein an encryption key used by a transmitter and a receiving device may be varied and reprogrammed by a user in order to enhance the system security, wherein the encryption key is not conveyed or easily read or decrypted by human means.
Security systems utilizing short range radio frequency communications consist of a control, an RF receiver, and a variety of transmitter products that detect and transmit to the control via the RF Receiver the state of various transducers such as smoke, motion, shock & vibration detectors, door and window switches, etc. In addition to these devices, wireless keypads having numeric or alphanumeric input keys are used to remotely arm and disarm the system via the use of personal security codes entered into the keypad and transmitted to the receiver and control. Finally, wireless keys with unique serial numbers, previously learned by the system, can also be employed by the user to arm or disarm the system or to open and close a garage door, turn lights on or off, etc.
Wireless keypads and keys presently in use are designed with RF ranges of several hundred feet beyond the periphery of a protected premises. This introduces a new security problem since unwanted intruders, skilled in the art of RF receiver and transmission technology in conjunction with computer technology, can remotely and surreptitiously capture, analyze, and playback the transmissions from these devices in order to gain entry into the premises without detection by the associated security system. For example, an intruder may be in an unobserved location one hundred feet away from the protected premises and employ suitable RF equipment which could record and playback transmitted messages from an authorized user's wireless key or keypad used to disarm the security system prior to or upon entering the protected premises. The nature of the messages need not be analyzed by the intruder so long as the playback is a repeat of the same messages and in the same sequence which disarmed the security system. This is all that is necessary to counteract the protection afforded by a wireless key even with a very large serial number previously learned by the security system. In the case of the wireless keypad, the user's personal security code can be determined from unencrypted transmitted messages used to arm or disarm the system, or by simply opening a garage door or turning on a light, etc. Once the user's personal security code is thus obtained, the intruder can enter the premises any time thereafter and disarm the security system by using that security code at the system's wired security keypad.
There are many encryption and corresponding decryption algorithms used in various communication systems requiring secrecy of data and other critical information transmitted over a network from being intercepted and deciphered by unwanted sources sharing that same (wired or wireless) network. In one such system, marketed by MICROCHIP TECHNOLOGY INC. as an HCS300 Code Hopping Encoder, a unique transmitter serial number is programmed by the manufacturer at the time of production. An encryption key is generated during production by using a key generating algorithm, which uses as its inputs the transmitter serial number and a 64-bit manufacturer's code. Thus, an encryption key is generated which is unique to each transmitting device, but which cannot be changed by the user at any time and is readily breakable if the manufacturer's code and the transmitter serial number are determined. Thus, the manufacturer's code must be carefully controlled since it is a pivotal part of the overall system security. The transmitter serial number, encryption key, and sync counter number are stored in EEPROM in the transmitter. After installation of the system, when a transmitting device is activated by a user, the encoder uses the pre-stored encryption key and sync count from EEPROM to generate an encrypted sync count, which it then loads into a data word along with an unencrypted serial number and the information desired to be transferred. The decoder at the receiver then uses the received serial number to fetch from its memory the last sync count and the encryption key for that transmitter. The decryption algorithm uses the key to decrypt the received encrypted sync count and compares it against the stored sync count. If these numbers are within a predetermined range (i.e. 16), then the algorithm passes and the message is considered valid. This methodology is termed "code hopping" since the sync count is incremented or changed with a predetermined algorithm known to the transmitter and receiver with every activation of the transmitter, and the receiver and transmitter each track the sequence independently.
This type of system utilizes a preset manufacturer's code to generate the encryption key, which is not changeable for a given device with a given serial number. This is problematic and disadvantageous since the manufacturer's code is of record with the manufacturer and possibly others in privity with the system, and the code could be compromised and used to determine the encryption key for a given transmitter since the transmitter serial number is transmitted to the receiver in unencrypted format. Thus, the key could readily be reverse engineered by an intruder who determines these fixed, unchanging data. Once an intruder has ascertained the encryption key, he may intercept a transmission, decrypt the sequence number, and be able to break into the system by changing or incrementing his own number generator and encrypting a message with this data.
It is therefore desired for the system to utilize encryption keys which are randomly generated and therefore unknown to anyone, thus eliminating the possibility that the key may be compromised. In addition, it is desired to enable the encryption key to a easily changed by a user, thus enhancing the security of the system, rather than having only one, fixed encryption key for each transmitting device.
The present invention relates to the use of novel security encryption and decryption methodologies and algorithms, plus unique procedures to provide an existing wireless security system with a high degree of immunity from being defeated by intruders of high technical ability using RF receiving, transmitting, recording, playback, and computational equipment. The nature of the encryption, decryption, message formats, and procedures are uniquely designed to provide the associated security systems the ability to communicate with existing unencrypted wireless devices as well as the new encrypted ones without changes being required of existing associated security controls.
In particular, with the advent of new encrypted data transmission technologies, devices such as wireless keypads and keys with encrypted data transmissions are being added to existing systems which are still required to communicate with devices having unencrypted data transmissions. It is therefore desirable for the receivers in such systems to be able to communicate seamlessly with devices transmitting data messages in either an encrypted or unencrypted data format.
Further, the advent of new devices with encrypted data formats has led to the need for such devices to be registered, or learned, by the receiver for subsequent data transmissions. In particular, the receiver needs to register an encryption key associated with a transmitting device, and needs to be able to synchronize an internal sequence number with a sequence number generator on the device so that the communications are synchronized properly. The receiver also needs to be able to update the encryption key information in its store in order to provide a high degree of security. Finally, the system needs to be able to de-register, or unlearn a device when it becomes stolen or lost, so that an intruder having the device cannot gain unauthorized access to the secured premises. It is advantageous to implement these functions using a minimum of additional computational resources in the receiver. This allows the function to be added to existing products without significantly redesigning the product.
It is therefore an object of the present invention to provide a communications system and methods whereby the problems of the prior art described above are overcome.