The present invention relates to a method of, and system for, transferring secure data. The present invention has particular, but not exclusive, application to the use of a remote controller for controlling a user apparatus, such as a TV receiver, audio equipment, and other items, such as domestic appliances and/or office equipment.
The use of infra-red remote controllers to control TV receivers and audio equipment is well known. A drawback which sometimes occurs in using infra-red controllers is that there is risk of cross-coupling, for example, when a TV set remote controller sends commands to the TV receiver, which commands are picked up by other apparatus in the room causing it or them to be switched on unintentionally.
Remote controlled locking and unlocking of cars using infra-red radiation is well known, but has the disadvantage that a person equipped with what is termed xe2x80x9can electronic grabberxe2x80x9d is able to detect the transmitted signal and to store it for unauthorized re-use later.
It is also known to use wireless remote controllers to operate remote apparatus having a radio receiver built into them, but drawbacks to such controllers are easy interception and the possibility of cross-coupling and spoofing, that is, commands going to the wrong apparatus or being deliberately inserted by unauthorized parties. One method to avoid these problems is by the use of security coding, but this, in turn, gives a need to set up keys and authorizations. Such a task is not looked upon as being a problem to technically adept people who may use PCs and be able to program video recorders. However entering such security data may represent a significant problem to unsophisticated users of electronic equipment.
An object of the present invention is to enter security data into a user apparatus in a simple but secure manner.
According to one aspect of the present invention, there is provided a method of transferring secure data between a remote controller and an apparatus to be controlled by said controller, comprising positioning the remote controller and the apparatus close to each other and transferring the secure data at a power level lower than that normally used for transmitting commands by the remote controller.
According to a second aspect of the present invention, there is provided a remote control system comprising a remote controller and an apparatus which is operable in response to commands relayed by way of the remote controller, the apparatus having means for receiving transmissions from the remote controller and storage means for storing secure data, and the remote controller having transmitting means, means for storing secure data and commands and a keypad, the transmitting means being responsive to the actuation of a key or combination of keys commanding the transfer of secure data, for transmitting said secure data at a power level lower than that which is used for sending other commands.
By means of the present invention, a user can place a remote controller adjacent to and spaced from the user apparatus and, by actuation of a key, can transfer the data at a very low power. Since the power used to transmit the data is very low, it would be difficult for a xe2x80x9cgrabberxe2x80x9d to detect the data being transferred. If desired, communications between the remote controller and/or the user apparatus may be by way of radio or infra-red radiation.
Although the secure data, which may include security coding, may be held in the user apparatus or the remote controller, the security data being transmitted to the other device during the setting up procedure, an advantage for having it stored in the remote controller is that the same security data can be downloaded into several different pieces of apparatus.
If desired, the remote controller may be used to link several pieces of apparatus in a secure manner by picking up data, for example, sub-system addresses, and transferring the data to one or more apparatus which are to be linked.
In some cases it may be desirable to ensure that an authorized person is operating the remote controller. In such an arrangement, a personal indentity number (PIN) may be used to authorize the transaction. For extra security, if the PIN is transmitted, it may be encoded using pre-set coding and/or a code set up at the commencement of the operation to transfer the secure data.
In order to increase the overall security of the device, the security data may be encoded using a pseudo-random code which is automatically changed in a predetermined way so that the same information is never sent twice. The pseudo-random code in the apparatus is changed by the same algorithm as that used in the remote controller. As a result, an unauthorized person who is able to detect the transmissions cannot gain access by re-using the format of the information transmitted. The code keys and any other secret information used by these algorithms are transferred using the method in accordance with the present invention.