Hs series overview – Linx Technologies LICAL-ENC-HS001 User Manual

– –

– –

8

9

HS Series Overview

The HS Series encoder encrypts the status of up to eight buttons
or contacts into highly secure encrypted serial data stream intended
for wireless transmission via an RF or infrared link. The series uses
CipherLinx™ technology, which is based on the Skipjack algorithm
developed by the United States National Security Agency (NSA). The
CipherLinx™ protocol in the HS Series has been independently evaluated
by Independent Security Evaluators (ISE). A full evaluation white paper is
available at www.linxtechnologies.com/cipherlinx.

The encoder combines eight bits representing the states of the eight data
lines with counter bits and integrity bits to form a 128-bit message. To
prevent unauthorized access, this message is encrypted with CipherLinx™
in a mode of operation that provides data integrity as well as secrecy.
CipherLinx™ never sends or accepts the same data twice, never loses
sync, and changes codes with every packet, not just every button press.

Decoding of the received data signal is accomplished by a corresponding
Linx HS Series decoder. When the decoder receives a valid command from
an encoder, it activates its logic-level outputs, which can be used to control
external circuitry. The encoder sends data continuously as long as the
SEND line is held high. Each time the algorithm is executed, the counter
is decremented, causing the code to be changed for each packet. This,
combined with the large counter value and the timing associated with the
protocol, ensures that the same transmission is never sent twice.

An 80-bit key used to encrypt the data is created in the decoder by the
user. The decoder is placed into Create Key Mode, and a line is toggled
10 times, usually by a button. This is required to gather entropy to ensure
that the key is random and chosen from all 2

80

possible keys. A high-speed

timer is triggered by each rise and fall of voltage, recording the time that
the line is high and low. The 80-bit key is generated by combining the
low-order bits of the twenty timer values. To create an association, the key,
a 40-bit counter, and a decoder-generated ID are sent to the encoder via a
wire, contacts, IR, or other secure serial connection.

The HS Series allows the end user or manufacturer to create associations
between the encoder and decoder. If the encoder and decoder have been
associated through a successful key exchange, then the decoder responds
to the encoder’s commands based on its permissions. If an encoder has
not been associated with a decoder, its commands are not recognized.

The user or manufacturer may also set “button level” permissions.
Permission settings control how the decoder responds to the reception of
a valid command, either allowing the activation of an individual data line
or not. The decoder is programmed with the permission settings during
set-up, and those permissions are retained in the decoder’s non-volatile
memory.

The HS decoder has the ability to identify and output a decoder-assigned
identification number for a specific encoder. An encoder’s key, a 40-bit
counter, and permissions are stored in one of fifteen memory locations
within the decoder. The decoder is able to output an 8-bit binary number
that corresponds to the memory location of the encoder’s information.
This provides the ability to identify the specific encoder from which a
signal originated. This identification can be used in various ways, including
systems that record access attempts or in applications where the
originating user needs to be known.