United States Patent (19)
`Marino et al.
`
`US006026165A
`Patent Number:
`11
`(45) Date of Patent:
`
`6,026,165
`Feb. 15, 2000
`
`54 SECURE COMMUNICATIONS INA
`WIRELESS SYSTEM
`
`5,600,324 2/1997 Reed et al. ......................... 340/825.69
`5,661,804 8/1997 Dykema et al. .......................... 380/21
`
`75 Inventors: Francis C. Marino, Dixc Hills;
`Thomas P. Schmit, Huntington, both of
`N.Y.
`
`73 Assignee: Pittway Corporation, Chicago, Ill.
`
`21 Appl. No.: 08/667,847
`22 Filed:
`Jun. 20, 1996
`
`7
`
`56)
`
`U.S. PATENT DOCUMENTS
`
`340/825.72
`Nah et al. .
`9.
`i.e.
`4.855.713 s/1989 Brunius."
`5,144,667 9/1992 Pogue, Jr. et al. ........................ 380.21
`5,146,215 9/1992 Drori ....................
`... 340/825.72
`5,159,329 10/1992 Lindmayer et al. ............... 340/825.72
`5,291,193 3/1994 Isobe et al..
`5,325,432 6/1994 Gardeck et al. .......................... 380/21
`5.
`Six s al. ..................... 380/21
`2 : - -2
`andler Ord, Jr. .
`5.
`19. they - - - - - - - - - - - - - - - - - - - 340/825.31
`5,517,187 5/1996 Bruwer et al..
`5,554,977 9/1996 Jablonski et al. .................. 340/825.31
`
`OTHER PUBLICATIONS
`Microchip Technology, Inc.; Data Sheets for HCS300 Code
`gy.
`p
`Hopping Encoder, 1996.
`Exel Microelectronics, Inc.; Data Sheets for XL106 Rolling
`Code Encoder/ Authentication Encoder/Decoder Coproces
`Sor, Dec. 1995.
`Exel Microelectronics, Inc.; Keeloq Code Hopping For
`S
`te Controls, Mar. 30, 1994.
`ecure remote UOntrols, Mar. 3U,
`Primary Examiner William Oen
`Int. Cl. ............................. H04L 9/00; G08C 19/00;
`51
`Attorney, Agent, or Firm Anthony R. Barkume, P.C.
`G06F 7/04
`52 U.S. Cl. ................. 380/21; 340/825.72; 340/825.31;
`57
`ABSTRACT
`340/825.09
`58 Field of Search .................................. 3802, 23.28, EEEEEE
`380/29, 43, 46; 340/506, 539, 825.22, 825.31,
`wherein the E. Stores locally
`encryption E. RE
`825.32, 825.34, 825.5, 825.69, 825.72
`by the transmitting device to encrypt the data message and
`References Cited
`the receiver uses the encryption key to decrypt an encrypted
`data message, and wherein a Sequence number generator is
`used to Synchronously track the message Sequence at both
`the transmitter and receiver. A first major aspect involves
`encrypted device registration (learning) methods that are
`user-friendly and immune from detection by technically
`skilled intruders with special RF equipment, and periodic
`user-friendly changing of the encryption key per encrypted
`transmitting device in the System. A Second major aspect
`involves encrypted device de-registration (unlearning, or
`deletion) that is likewise Se friendly. A third major aspect
`of the invention allows the receiver to proceSS encrypted and
`non-encrypted messages, interchangeably, within the same
`wireleSS Security System.
`
`20 Claims, 7 Drawing Sheets
`
`
`
`
`
`ConFls.Jr.
`RRAMMING
`Me
`
`INTAzee SEQUENCE
`NUM888 (NERATORN
`TRANSMITTER TO STATE,
`
`INTRANSMITTER,
`RANOMY (ENERATE
`NCRYPTlcNKEYAN
`STORE IN PROM
`
`TRANSMATAMSSaga:
`KEY, STATE, TX ID
`search memory table
`NRXFor xii
`
`S5
`
`S8
`ACNSW DATA
`MESSAGE AS MEW - No
`DATA RECORD
`
`is N- S6
`x
`MMORY
`Yes
`ABLE
`
`Overal RTERCOR
`WHNE, ATA
`MESSAGE
`
`USecrypt.N
`- KEYQ NCRYP
`STATEATTX
`
`SO
`
`TransMir (ATA MESSAGETO &
`receiver:
`ENCRYPTEDSTATE, TX ID
`FETCSIRESS
`AN KEYFRCMRECOR)
`NMORYABLE
`HAVING Xie
`
`S12
`
`S5
`- G
`Rovde INDICATION
`THAT swices Not
`No.
`RegisteRe,
`
`USEFeche KEYO
`crypt
`ENCRYPrst STATE,
`S13
`cryse
`sNCRYPTED STATE,5
`STOREDSTATE, FETCHE
`FroMesaory
`AEE
`
`
`
`S4
`PROVE INCACN
`HAewcas
`RegisTERE
`
`Yes-
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0001
`
`

`

`U.S. Patent
`
`Feb. 15, 2000
`
`Sheet 1 of 7
`
`6,026,165
`
`
`
`
`
`TO?J1NOO
`
`LINT)
`
`
`
`1
`
`|
`
`- - - • • •*
`
`
`HIWX +?!
`
`- - - - ---?
`
`
`
`[5] [5] [8] [2] [9]
`
`
`
`
`
`D?J?JEJ
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0002
`
`

`

`U.S. Patent
`
`Feb. 15, 2000
`
`Sheet 2 of 7
`
`6,026,165
`
`
`
`
`
`-— — — — m
`
`0883
`
`NI VIVO
`
`ABXH
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`di Holaad
`
`
`
`H3BWTAN BONHITOES
`
`OWO ABX|
`
`MAE'N ·
`
`NI V LVCI
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0003
`
`

`

`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0004
`
`

`

`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0005
`
`

`

`U.S. Patent
`
`Feb. 15, 2000
`
`Sheet 5 of 7
`
`6,026,165
`
`
`
`
`
`
`
`
`
`SAR
`
`CONFIGURE
`PROGRAMMING
`MODE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ADO NEW DATA
`MESSAGE AS NEW
`DATA RECORD
`
`
`
`
`
`
`
`
`
`PROVIDE INDICATION
`THAT DEVICES NOT
`REGISTERED
`
`
`
`
`
`
`
`
`
`
`
`
`
`INTIALZE SECUENCE
`NUMBER GENERATORN
`TRANSMITTER TO STATE,
`
`iN TRANSMITTER,
`RANDOMLY GENERATE
`ENCRYPON KEY AND
`STORE IN EEPROM
`
`TRANSMT DATA MESSAGE:
`KEY, STATE, TX ID
`
`SEARCH MEMORY TABLE
`NRX FOR TX ID
`
`S3
`
`S4
`
`S5
`
`S
`XID
`IN MEMORY
`TABLE
`
`USE ENCRYPTION
`KEY TO ENCRYP
`STATEAT TX
`
`TRANSMT DATA MESSAGE TO
`RECEIVER:
`eNCRYPTEDSTATE, TX ID
`
`OVERWRITE RECORD
`WITH NEW DAA
`MESSAGE
`
`S1 O
`
`FETCH STOREDSTATE,
`AND KEY FROM RECORD
`IN MEMORY TABLE
`HAVING TX ID
`
`S11
`
`S12
`
`
`
`
`
`
`
`USE FETCHED KEY TO
`DECRYPT
`ENCRYPTEDSTATE,
`S13
`
`DOES
`DECRYPTED
`ENCRYPTED STATE =
`STOREDSTATE, FETCHED
`FROMMEMORY
`TABLE
`
`
`
`
`
`
`
`FIG.5
`
`S14
`PROVIDE INDICATION
`HAT DEVICES
`REGISTERED
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0006
`
`

`

`U.S. Patent
`
`Feb. 15, 2000
`
`Sheet 6 of 7
`
`6,026,165
`
`/
`\
`V
`
`CONFIGURE
`N
`START - PROGRAMMING !
`MODE
`
`
`
`S21
`
`DEEE ENTRE
`ABE
`
`
`
`
`
`NO
`S26
`
`y
`ENTER
`SELECTED
`DEVICED INTO
`
`g S27
`y
`TRANSEEMAND
`SELECTED DEVICE
`
`:
`
`TRANSMIT COMMAND To
`OE-REGISTER ALL DEVICES
`
`S22
`
`-S28
`RECEIVER DELETEs.
`SEECTED ID FROM
`REGISTRATION
`TABLE
`
`S23
`
`RECEIVER DELETES :
`ENTRE
`REGISTRATION
`TABLE
`
`l
`
`transMr. Dassass with?'
`
`TRANSMT ATA MESSAGE WITH
`COMMAND TO NOCATE
`;
`SUCCESSFUL
`DE-REGISTRATION
`
`-S25
`
`ACKNOWLEDGEDE
`REGISTRATION WITH
`AUDELEWISUAL
`NDCATON
`
`FIG.6 - -
`\
`/
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0007
`
`

`

`U.S. Patent
`
`Feb. 15, 2000
`
`Sheet 7 of 7
`
`6,026,165
`
`
`
`
`
`
`
`
`
`30
`
`RECEIVE ENTRE DATA
`MESSAGE AND STORE IN
`BUFFER
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`PERFORM CYCLIC REDUNDANCY CHECK
`ROUTINE ON PORTION OF STORED DATA
`MESSAGE TO DETERMNE (FWALD
`
`S32
`
`
`
`
`
`IS CRC OF
`MESSAGE
`PORTION VALID 7
`
`S34
`
`
`
`
`
`YES
`
`PROCESS MESSAGE
`PORTIONAS
`UNENCRYPTED
`
`PERFORM CYCLIC REDUNDANCY CHECK
`ROUTINE ON ENTRESTORED DATA
`MESSAGE TO DETERMINE IF VALID
`
`S CRC OF ENTRE
`MESSAGE VALID
`
`PROCESSENTRE
`MESSAGE AS
`ENCRYPTED
`
`
`
`
`
`MESSAGE
`VALIDATION FALS,
`GNORE
`
`FG.7
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0008
`
`

`

`1
`SECURE COMMUNICATIONS IN A
`WIRELESS SYSTEM
`
`6,026,165
`
`2
`device, but which cannot be changed by the user at any time
`and is readily breakable if the manufacturer's code and the
`transmitter Serial number are determined. Thus, the manu
`facturer's code must be carefully controlled Since it is a
`pivotal part of the overall System Security. The transmitter
`Serial number, encryption key, and Sync counter number are
`stored in EEPROM in the transmitter. After installation of
`the System, when a transmitting device is activated by a user,
`the encoder uses the pre-stored encryption key and Sync
`count from EEPROM to generate an encrypted sync count,
`which it then loads into a data word along with an unen
`crypted Serial number and the information desired to be
`transferred. The decoder at the receiver then uses the
`received serial number to fetch from its memory the last
`Sync count and the encryption key for that transmitter. The
`decryption algorithm uses the key to decrypt the received
`encrypted Sync count and compares it against the Stored Sync
`count. If these numbers are within a predetermined range
`(i.e. 16), then the algorithm passes and the message is
`considered valid. This methodology is termed “code hop
`ping Since the Sync count is incremented or changed with
`a predetermined algorithm known to the transmitter and
`receiver with every activation of the transmitter, and the
`receiver and transmitter each track the Sequence indepen
`dently.
`This type of System utilizes a preset manufacturer's code
`to generate the encryption key, which is not changeable for
`a given device with a given Serial number. This is problem
`atic and disadvantageous Since the manufacturer's code is of
`record with the manufacturer and possibly others in privity
`with the System, and the code could be compromised and
`used to determine the encryption key for a given transmitter
`Since the transmitter Serial number is transmitted to the
`receiver in unencrypted format. Thus, the key could readily
`be reverse engineered by an intruder who determines these
`fixed, unchanging data. Once an intruder has ascertained the
`encryption key, he may intercept a transmission, decrypt the
`Sequence number, and be able to break into the System by
`changing or incrementing his own number generator and
`encrypting a message with this data.
`It is therefore desired for the system to utilize encryption
`keys which are randomly generated and therefore unknown
`to anyone, thus eliminating the possibility that the key may
`be compromised. In addition, it is desired to enable the
`encryption key to be easily changed by a user, thus enhanc
`ing the Security of the System, rather than having only one,
`fixed encryption key for each transmitting device.
`The present invention relates to the use of novel Security
`encryption and decryption methodologies and algorithms,
`plus unique procedures to provide an existing wireleSS
`Security System with a high degree of immunity from being
`defeated by intruders of high technical ability using RF
`receiving, transmitting, recording, playback, and computa
`tional equipment. The nature of the encryption, decryption,
`message formats, and procedures are uniquely designed to
`provide the associated Security Systems the ability to com
`municate with existing unencrypted wireleSS devices as well
`as the new encrypted ones without changes being required of
`existing associated Security controls.
`In particular, with the advent of new encrypted data
`transmission technologies, devices Such as wireleSS keypads
`and keys with encrypted data transmissions are being added
`to existing Systems which are Still required to communicate
`with devices having unencrypted data transmissions. It is
`therefore desirable for the receivers in such systems to be
`able to communicate Seamlessly with devices transmitting
`data messages in either an encrypted or unencrypted data
`format.
`
`BACKGROUND OF THE INVENTION
`The present invention relates to Security of data commu
`nications in a wireleSS System, and in particular to Such a
`System wherein an encryption key used by a transmitter and
`a receiving device may be varied and reprogrammed by a
`user in order to enhance the System Security, wherein the
`encryption key is not conveyed or easily read or decrypted
`by human means.
`Security Systems utilizing short range radio frequency
`communications consist of a control, an RF receiver, and a
`variety of transmitter products that detect and transmit to the
`control via the RF Receiver the state of various transducers
`Such as Smoke, motion, shock & Vibration detectors, door
`and window Switches, etc. In addition to these devices,
`wireleSS keypads having numeric or alphanumeric input
`keys are used to remotely arm and disarm the System via the
`use of personal Security codes entered into the keypad and
`transmitted to the receiver and control. Finally, wireless keys
`with unique Serial numbers, previously learned by the
`System, can also be employed by the user to arm or disarm
`the System or to open and close a garage door, turn lights on
`or off, etc.
`WireleSS keypads and keys presently in use are designed
`with RF ranges of several hundred feet beyond the periphery
`of a protected premises. This introduces a new Security
`problem since unwanted intruders, skilled in the art of RF
`receiver and transmission technology in conjunction with
`computer technology, can remotely and Surreptitiously
`capture, analyze, and playback the transmissions from these
`devices in order to gain entry into the premises without
`detection by the associated Security System. For example, an
`intruder may be in an unobserved location one hundred feet
`away from the protected premises and employ Suitable RF
`equipment which could record and playback transmitted
`messages from an authorized user's wireleSS key or keypad
`used to disarm the Security System prior to or upon entering
`the protected premises. The nature of the messages need not
`be analyzed by the intruder So long as the playback is a
`repeat of the same messages and in the same Sequence which
`disarmed the Security System. This is all that is necessary to
`counteract the protection afforded by a wireless key even
`with a very large Serial number previously learned by the
`Security System. In the case of the wireleSS keypad, the
`user's personal Security code can be determined from unen
`crypted transmitted messages used to arm or disarm the
`System, or by Simply opening a garage door or turning on a
`light, etc. Once the user's personal Security code is thus
`obtained, the intruder can enter the premises any time
`thereafter and disarm the Security System by using that
`Security code at the Systems wired Security keypad.
`There are many encryption and corresponding decryption
`algorithms used in various communication Systems requir
`ing Secrecy of data and other critical information transmitted
`over a network from being intercepted and deciphered by
`unwanted Sources sharing that same (wired or wireless)
`network. In one such system, marketed by MICROCHIP
`TECHNOLOGY INC. as an HCS300 Code Hopping
`Encoder, a unique transmitter Serial number is programmed
`by the manufacturer at the time of production. An encryption
`key is generated during production by using a key generat
`ing algorithm, which uses as its inputs the transmitter Serial
`number and a 64-bit manufacturer's code. Thus, an encryp
`tion key is generated which is unique to each transmitting
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0009
`
`

`

`15
`
`3
`Further, the advent of new devices with encrypted data
`formatS has led to the need for Such devices to be registered,
`or learned, by the receiver for Subsequent data transmis
`Sions. In particular, the receiver needs to register an encryp
`tion key associated with a transmitting device, and needs to
`be able to Synchronize an internal Sequence number with a
`Sequence number generator on the device So that the com
`munications are Synchronized properly. The receiver also
`needs to be able to update the encryption key information in
`its Store in order to provide a high degree of Security. Finally,
`the System needs to be able to de-register, or unlearn a
`device when it becomes Stolen or lost, So that an intruder
`having the device cannot gain unauthorized access to the
`Secured premises. It is advantageous to implement these
`functions using a minimum of additional computational
`resources in the receiver. This allows the function to be
`added to existing products without Significantly redesigning
`the product.
`It is therefore an object of the present invention to provide
`a communications System and methods whereby the prob
`lems of the prior art described above are overcome.
`SUMMARY OF THE INVENTION
`The present invention relates to improvements in encryp
`tion methodologies used in a wireleSS data communications
`System Suitable for use in a wireleSS Security System. The
`wireleSS communications System is comprised of a receiving
`Station having a receiver and a control unit, and a plurality
`of transmitting devices which communicate with the control
`via the receiver. The transmitter devices each locally provide
`their own encryption key which is Stored in the transmitter
`and initially registered with the receiver, which is then
`utilized by the transmitter (along with a sequence number)
`to encrypt Subsequent data messages, and which is also then
`used by the receiver to decrypt those messages. A sequence
`number generator (which may increment or change in a
`predetermined algorithm) is used to Synchronously track the
`message Sequence at both the transmitter and receiver. The
`key is preferably generated at the transmitter device in a
`random fashion. The user may change the encryption key for
`any transmitting device at any time and re-register the new
`random key with the receiver accordingly. The encrypted
`device registration (learning) methods are user-friendly and
`immune from detection by technically skilled intruders with
`Special RF equipment. Selected transmitting devices may be
`deleted or de-registered from the receiver, or the entire Store
`of keys and Sequence numbers may be de-registered at one
`time. Importantly, no record of the encryption key, whether
`written, stored in ROM, or otherwise, exists except for the
`local Storage at the transmitter and the receiver. In another
`aspect of the invention, the receiver processes encrypted and
`non-encrypted messages, interchangeably, within the same
`wireleSS Security System.
`Thus, a first major aspect of the invention is a method of
`configuring the receiver with an encryption key useful for
`decrypting encrypted data message transmissions. The
`method comprises the Steps of randomly generating at the
`transmitting device a new encryption key and Storing it in
`memory, transmitting to the receiver a data message com
`prised of the new encryption key and a device identification
`60
`code unique to the transmitting device, receiving the data
`message at the receiver, and Storing in a memory table the
`device identification code and the new encryption key. The
`receiving Station and the transmitting device may first be
`placed into a programming mode in order to configure the
`receiver with the encryption key. A sequence number gen
`erator in the transmitting device is initialized to an initial
`
`45
`
`50
`
`55
`
`65
`
`6,026,165
`
`25
`
`35
`
`40
`
`4
`State, and the initial State is included in the data message
`along with the new encryption key and the device identifi
`cation code unique to the transmitting device. This message
`may itself be encrypted using encryption algorithms known
`to both the receiver and transmitter.
`After received by the receiver, the data message may be
`stored in the memory table at the receiver by first determin
`ing if a previous data record exists in the memory table
`which comprises the device identification code, then over
`Writing the previous data record with the new data message
`if Such a previous data record exists, or adding the new data
`message as a new record in the memory table if Such a
`previous data record does not exist.
`The configuration or registration proceSS may be verified
`by transmitting to the receiver a Second data message
`comprised of the device identification code and an encrypted
`version of the Sequence number generator initial State,
`receiving the Second data message at the receiver and
`fetching from the memory table the previously stored
`encryption key and Sequence number generator initial State
`matched with the identification code from the received
`Second data message, using the fetched encryption key to
`decrypt the encrypted Sequence number generator initial
`State received from the Second data message, comparing the
`decrypted Sequence number generator initial State with the
`fetched Sequence number generator initial State, and provid
`ing an indication that the receiver has Successfully registered
`the transmitting device when the comparison Step has
`passed.
`The Second major aspect of the invention is a method of
`configuring the receiver to de-register all of the transmitting
`devices and temporarily disable Subsequent encrypted data
`communications there with pending re-registration of a
`transmitting device. The method comprises the Steps of
`configuring the receiving Station and the transmitting device
`into a programming mode, transmitting to the receiver from
`one of the previously registered transmitting devices a first
`data message comprised of a command to delete all regis
`tration data from an internal memory table, deleting all
`registration data from the receiver internal memory table,
`temporarily disabling the receiver from responding to fur
`ther encrypted data messages, and transmitting to the
`receiver from the transmitting device a Second data message
`in unencrypted format, the Second data message comprising
`a command to cause an indication (Such as an audible beep)
`that the de-registration proceSS was Successful.
`In the alternative to de-registering all the devices, a
`Selected one of the devices may be de-registered (if the
`identification code is known) by configuring the receiving
`Station and a different one of the previously registered
`transmitting devices into a programming mode, transmitting
`to the receiver from the transmitting device a first data
`message comprised of a command to delete the registration
`data associated with the Selected device from an internal
`memory table, deleting the registration data from the
`receiver internal memory table, and temporarily disabling
`the receiver from responding to further encrypted data
`messages from the Selected transmitting device.
`The third major aspect of the invention is a method for
`automatically discriminating between unencrypted and
`encrypted messages, which comprises the Steps of receiving
`at the receiving Station a message from a transmitting
`device, Storing the message in a buffer, analyzing a portion
`of the Stored message to determine if was validly received,
`and further processing the message portion as a validly
`received unencrypted message when the message portion
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0010
`
`

`

`6,026,165
`
`15
`
`S
`has been so determined to have been validly received. When
`the message portion has, however, been So determined to
`have not been validly received, then the entire Stored mes
`Sage is analyzed to determine if it was validly received. The
`entire Stored message is then further processed as an
`encrypted message when it has been So determined to have
`been validly received, and it is ignored when it has been So
`determined to have not been validly received.
`This methodology is Successful because an encrypted data
`message is longer than an unencrypted message, and thus by
`allowing the receiver to Store an entire data message and first
`analyzing a portion of the entire message, it can be deter
`mined if that portion is a valid (unencrypted) message. If the
`portion cannot be validated, then the entire message is
`examined to ensure that it is a valid (encrypted message).
`Preferably, the message portion comprises a cyclic redun
`dancy character, and the message portion is analyzed by
`performing a cyclic redundancy check routine on the mes
`Sage portion and comparing the results to the message
`portion cyclic redundancy character. Thus, if the cyclic
`redundancy check routine passes, the message portion must
`be valid and the message is unencrypted. If the message
`portion is not an unencrypted message, then the message
`will also preferably comprise a message cyclic redundancy
`character, and the message is analyzed by performing a
`25
`cyclic redundancy check routine on the message and com
`paring the results thereof to the message cyclic redundancy
`character. Notably, the message portion cyclic redundancy
`character and the message cyclic redundancy character are
`located in different positions of the message.
`The present invention is embodied by a Secure data
`communications System Suitable for transmission of data
`messages, comprising a plurality of remote transmitting
`devices for transmitting the data messages, and a receiving
`Station comprising a data receiver for receiving the data
`messages from the transmitting devices. Each of the devices
`of the present invention comprises a random key generator
`for randomly generating data encryption keys Suitable for
`use in encrypting data messages prior to transmission, a
`Sequence number generator for keeping track of the trans
`mission Sequence number, the Sequence number generator
`being changed for each data transmission, a memory for
`Storing the randomly generated encryption key and a device
`identification code unique to the transmitting device, means
`for encrypting data prior to transmission, the encrypting
`means utilizing the encryption key and Sequence number
`Stored in non-volatile memory, and transmitter means for
`transmitting a data message comprised of an encrypted data
`field, an unencrypted device identification field, and an
`encrypted Sequence number field. The receiver accordingly
`comprises a memory table comprising a plurality of data
`records, each of the data records comprising a device
`identification code, an encryption key, and a transmission
`Sequence number associated with one of the transmitting
`devices, means for fetching from the memory table the data
`record asSociated with a data message received from a
`transmitting device by utilizing a device identification code
`from the received data message, means for decrypting the
`Sequence number and data field from the received data
`message by using the encryption key from memory, means
`for comparing the decrypted received Sequence number with
`the transmission Sequence number fetched from memory,
`and means for allowing the decrypted received data message
`to be transmitted to a control unit associated with the
`receiver when the decrypted received Sequence number and
`the transmission Sequence number fetched from memory are
`within a predetermined range.
`
`35
`
`6
`BRIEF DESCRIPTION OF THE DRAWING
`FIG. 1 is an overall block diagram of a wireless security
`System Suitable for use with the present invention;
`FIG. 2 is a block diagram of the transmitter encoder
`Section of the present invention;
`FIG. 3 is a block diagram of the decoder section of the
`receiver of FIG. 1;
`FIG. 4 is a diagram of the message formats used in the
`present invention;
`FIG. 5 is a flowchart of the method for changing encryp
`tion keys in the present invention;
`FIG. 6 is a flowchart of the de-registration process of the
`present invention; and
`FIG. 7 is a flowchart of the automatic message format
`discrimination of the present invention.
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENT
`FIG. 1 is an overall block diagram of a wireless security
`System used with the Secure data communications System of
`the present invention. Illustrated are a plurality of transmit
`ting devices 2, in particular a wireleSS keypad 2a, a wireleSS
`key 2b, and a Sensor 2c Such as a Smoke Sensor well known
`in the art. Although transmitting devices are used in the
`preferred embodiment, it is understood that transceiving
`devices, having receiving functions as well as transmitting
`functions, may be used as well. The transmitting devices are
`in wireless, i.e. radio frequency (RF) communication with a
`receiving Station 4, which is comprised of an RF receiver 6,
`a control unit 8, and a keypad 10. The keypad 2a typically
`has numeric or alphanumeric keyS3 for inputting a perSonal
`identification number (PIN) in order to gain access to the
`Security System, e.g. to disarm the System prior to entering
`the guarded premises. The wireleSS key 2b typically has a
`few non-numeric keys 5 with dedicated programmable
`functions, e.g. opening a garage door, or turning on a light
`within the guarded premises. An authorized user activates
`the transmitting device 2a or 2b, and an encrypted command
`is generated by an encoder Section 7 and Sent by an RF
`transmitter 9 to the receiver 6. The receiver 6 receives and
`processes the message with an RF receiver 11 and then
`decrypts the message with a decoder Section 13, as explained
`further below, and passes on the command information in
`unencrypted format to the control unit 8 to which it is wired.
`The keypad 10 allows a user to execute certain commands
`locally, Such as arming or disarming the System, entering a
`programming mode (to be described herein), and the like.
`The Smoke Sensor 2c transmits messages to the receiver 6 in
`Standard, unencrypted format as well known in the art. The
`control unit 8 and keypad 10 are also well known in the art
`of Security Systems and need not be explained in detail here.
`The receiver 6 provides both unencrypted and encrypted
`data communications with the appropriate transmitting
`device 2 through the auto-discrimination process of the
`present invention, as will be explained in detail herein.
`Importantly, in accordance with the present invention, the
`encryption methodologies are transparent to the control unit
`8, and thus a receiver 6 in accordance with the invention may
`be made compatible with various control units 8 already on
`the market. In addition, due to the auto-discrimination aspect
`of the invention, the receiver 6 is able to determine auto
`matically if a certain transmission is unencrypted or
`encrypted, and it can process it accordingly and pass it on to
`the control 8 in a Similarly transparent fashion. Thus, prior
`art unencrypted transmitting devices Such as Sensor 2c may
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Fitbit, Inc. v. Philips North America LLC
`IPR2020-00783
`
`Fitbit, Inc. Ex. 1041 Page 0011
`
`

`

`6,026,165
`
`15
`
`25
`
`35
`
`40
`
`7
`be used without modification with the receiver 6 of the
`present invention.
`The encoder 7 is shown in the block diagram of FIG. 2,
`and comprises a random key generator 21, encryption logic
`22, a Sequence number generator 24, and a non-volatile
`memory 26 Such as an EEPROM for storing an identification
`number (Device ID) unique to each transmitting device, the
`current randomly generated encryption key, and the current
`Sequence number for the transmitting device 2. The Device
`ID is programmed at the factory by the manufacturer,
`identifies the device uniquely, and in general is unchange
`able. The encryption key and Sequence number are variable,
`however, as explained below.
`In normal, data communications operation, the data mes
`sage to be formed by the encoder 7 and transmitted to the
`receiver 6 comprises a data field 28, a Device ID field 30, a
`sequence number field 32, and a CRC field 34. The data field
`28 comprises the data desired to be sent to the control; e.g.
`a request by the user to disarm the System, along with the
`user's entered PIN. The data field 28 is sent in normal
`operation in encrypted format, and is derived by the encryp
`tion logic 22 in conjunction with the key previously gener
`ated by the random key generator 21 and Stored in both the
`transmitter EEPROM 26 and the receiver 6 via a registration
`(learning) process along with the current Sequence number
`stored in the EEPROM 26. (This data flow is shown by
`dotted lines 23 and 25, and is not part of the present
`invention but is provided herein for purposes of illustration
`and completeness). The combination of the randomly gen
`erated key and the Sequence number for encryption purposes
`may be termed a “Superkey' Since it is more Secure than the
`encryption key alone The Device ID is loaded into the
`message in field 30 in Standard, unencrypted format, and
`will be used by the receiver 6 to fetch the encryption key
`stored locally at the receiver. The sequence number field 32
`(along with key or keypad data in field 28) is sent in
`encrypted format and is derived by the Sequence number
`stored in EEPROM 26 and changed or incremented for
`every transmission by the Sequence number generator 24,
`and is used by the receiver 6 to ensure that the communi
`cation is received from an authorized transmitter. The
`Sequence number generator increments or changes in a
`predetermined fashion, which is known by both the receiver
`and the transmitter. The algorithm may be a simple incre
`ment by one, two, four, etc. or may be a pseudo-randomly
`changing sequence. The CRC (cyclic redundancy character)
`field 34 is filled with a CRC character generated in accor
`dance with techniques well known in the art, and is used by
`the receiver 6 to ensure the integrity of the data being
`transmi