SECURE WIEGAND COMMUNICATIONS

US 20100034375A1
Filed: 08/11/2009
Published: 02/11/2010
Est. Priority Date: 08/11/2008
Status: Active Grant

First Claim

Patent Images

1. A communication method, comprising:

obfuscating data transmitted in a first message from a first communication device to a second communication device, wherein the first and second communication devices communicate using a unidirectional communication protocol and wherein the obfuscation of the data is effected with a predetermined code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed toward secure access systems. Specifically, a method and system is provided that enhances the security of unidirectional communication protocols used in access control systems, such as the Wiegand protocol. The enhancements may include obfuscation of data, a two-way packet-mode communications, and blind synchronization of pseudo-random number generators.

122 Citations

40 Claims

1. A communication method, comprising:
- obfuscating data transmitted in a first message from a first communication device to a second communication device, wherein the first and second communication devices communicate using a unidirectional communication protocol and wherein the obfuscation of the data is effected with a predetermined code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the predetermined code is agreed upon between the first and second communication devices prior to obfuscation of the data in the first message.
  - 3. The method of claim 1, wherein the predetermined code is one of a plurality of codes within a rolling code sequence, wherein the first and second communication devices each have a copy of the rolling code sequence and wherein data communicated between the first and second communication devices subsequent to the first message is obfuscated with a code from the rolling code sequence that is different from the predetermined code.
  - 4. The method of claim 1, wherein the unidirectional communication protocol comprises the Wiegand protocol.
  - 5. The method of claim 4, wherein the first message comprises a Wiegand message.
  - 6. The method of claim 5, wherein the Wiegand message is encapsulated in one of a TCP and UDP packet and is transmitted over an IP network from the first communication device to the second communication device.
  - 7. The method of claim 1, wherein obfuscation comprises computing an XOR of the predetermined code and the data.
  - 8. The method of claim 1, wherein the predetermined code is employed to identify an authenticity of the first communication device and a timestamp.
  - 9. The method of claim 1, wherein the first communication device is upstream of the second communication device, the method further comprising:
    - receiving a message at the first communication device;
      
      determining that the message received at the first communication device was transmitted by the second communication device, wherein determining is performed by one or more of (i) analyzing an out-of-band communication received at the first communication device from the second communication device and (ii) analyzing a special code that identifies the second communication device is an advanced communication device in an advanced communication mode; and
      
      based on determining that the message was transmitted by the second communication device, transitioning the first communication device from a first mode of operation to a second mode of operation.
  - 10. The method of claim 9, wherein the message transmitted by the second communication device comprises an alteration of a control line signal between the first and second communication devices for a predetermined amount of time.
  - 11. The method of claim 10, wherein the predetermined amount of time is less than a human-perceivable amount of time.
  - 12. The method of claim 9, wherein the first mode comprises a non-secure Wiegand mode and the second mode comprises a secure Wiegand mode.
  - 13. The method of claim 9, wherein the first mode comprises a Wiegand-format mode and the second mode comprises a packet-mode.
  - 14. The method of claim 1, further comprising:
    - detecting a message collision on a communication path between the first and second communication devices; and
      
      initiating a cooperative transmission of messages over the communication path such that the first communication device transmits a message to the second communication device over the communication path at a different time than the second communication device transmits a message to the first communication device over the communication path.
  - 15. The method of claim 1, wherein out-of-band communications are transmitted from the second communication device to the first communication device at a timing different from message timing used in the unidirectional protocol.
  - 16. The method of claim 1, wherein control signals are used to accommodate bi-directional communications in one of a half-duplex configuration and a full-duplex configuration.
  - 17. The method of claim 1, wherein the obfuscation is accomplished by the use of a stream cipher.
  - 18. The method of claim 1, wherein the first message maintains the same size before and after being obfuscated.

19. A reader, comprising:
- a rolling code generator operable to generate a plurality of distinct rolling codes; and
  
  a message formatting engine, wherein the message formatting engine is operable to retrieve a first rolling code from the rolling code generator and obfuscate data with the first rolling code prior to transmitting the data to an upstream device.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 20. The reader of claim 19, wherein the upstream device also has a copy of the rolling codes, wherein data communicated to the upstream device after using the first rolling code is obfuscated with a code from the rolling code sequence that is different from the first rolling code.
  - 21. The reader of claim 19, wherein a unidirectional communication protocol is used to facilitate communications between the reader and the upstream device, and wherein the unidirectional communication protocol comprises the Wiegand protocol.
  - 22. The reader of claim 19, wherein obfuscation comprises computing an XOR of the first rolling code and the data.
  - 23. The reader of claim 19, wherein the first rolling code is used to confirm an identity of the reader to the upstream device.
  - 24. The reader of claim 19, wherein the reader is further operable to receive a message from the upstream device, determine that the received message received was transmitted by the upstream device, and based on determining that the message was transmitted by the upstream device, transition from operating in a first mode of operation to a second mode of operation.
  - 25. The reader of claim 24, wherein the message transmitted by the upstream device comprises an alteration of a control line signal between the reader and upstream device for a predetermined amount of time.
  - 26. The reader of claim 25, wherein the predetermined amount of time is less than a human-perceivable amount of time.
  - 27. The reader of claim 24, wherein the first mode comprises a non-secure Wiegand mode and the second mode comprises a secure Wiegand mode.
  - 28. The reader of claim 24, wherein the first mode comprises a Wiegand-format mode and the second mode comprises a packet-mode.
  - 29. The reader of claim 19, wherein the reader is further operable to detect a message collision on a shared communication path between the reader and upstream device and initiate a cooperative transmission of messages over the shared communication path with the upstream device.

30. A communication method, comprising:
- operating a credential reader in a first mode of operation;
  
  receiving, at the credential reader, a message from an upstream device;
  
  determining, by the credential reader, that the message was transmitted by the upstream device; and
  
  based on determining that the message was transmitted by the upstream device, transitioning the credential reader from the first mode of operation to a second mode of operation.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The method of claim 30, wherein the credential reader is in communication with an upstream device utilizing a unidirectional communication protocol.
  - 32. The method of claim 31, wherein the unidirectional communication protocol is the Wiegand protocol.
  - 33. The method of claim 30, wherein the message transmitted by the upstream device comprises an alteration of a control line signal between the reader and upstream device for a predetermined amount of time.
  - 34. The method of claim 33, wherein the predetermined amount of time is less than a human-perceivable amount of time.
  - 35. The method of claim 30, wherein the first mode comprises a non-secure Wiegand mode and the second mode comprises a secure Wiegand mode.
  - 36. The method of claim 30, wherein the first mode comprises a Wiegand-format mode and the second mode comprises a packet-mode.

37. A method, comprising:
- enabling first and second communication devices with first and second PRNGs, respectively, wherein the first and second PRNGs are synchronized and used to secure communications between the first and second communication devices;
  
  determining that synchronization between the first and second PRNGs has been lost; and
  
  invoking third and fourth PRNGs at the first and second communication devices respectively, wherein the third and fourth PRNGs are used to resynchronize the first and second PRNGs.
- View Dependent Claims (38, 39, 40)
- - 38. The method of claim 37, wherein the first and second PRNGs are fast PRNGs and the third and fourth PRNGs are slow PRNGs.
  - 39. The method of claim 37, wherein determining that resynchronization has been lost comprises determining that power has been lost at one or more of the first and second PRNGs.
  - 40. The method of claim 37, wherein the first and second communication devices utilize a unidirectional communication protocol to facilitate communications between the first and second communication devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Andresky, David, Guthery, Scott B., Davis, Michael, Robinton, Mark

Granted Patent

US 8,358,783 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/42
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0662   with particular pseudorando...

H04L 9/12   Transmitting and receiving ...

H04L 9/16   the keys or algorithms bein...

H04L 9/3226   using a predetermined code,...

SECURE WIEGAND COMMUNICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

122 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE WIEGAND COMMUNICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links