Table of Contents
Advertisement
7847i/7847i-E Installation and Setup Guide
The 7847i/7847i-E module requires an AlarmNet–i account. For new installations, please obtain the
account information from the central station prior to programming this module. For replacement
installations, the AlarmNet-i account is created automatically when the module is registered (based on
the existing "C Series" account).
About AlarmNet-i Internet Application
AlarmNet-i is a fully encrypted, secure method of delivering alarm messages from a
protected premise to an AlarmNet equipped central station. An Internet Communicator
Module transmits status, supervisory, and alarm messages to the AlarmNet Control Center
using a broadband Internet connection (see Figure 1).
The AlarmNet Control Center identifies, validates, and forwards the messages to the
appropriate AlarmNet central station. An Internet receiver, 7810iR or 7810iR-ent, is
required when receiving Internet signals from the AlarmNet Control Center. AlarmNet-i
has an unlimited account capacity.
Encryption
The 7847i/7847i-E and 7810iR-ent support private key encryption. Private key encryption
means that both the sender and the receiver know the KEY used to encrypt the data. Each
device produced by Honeywell is loaded with a globally unique identifier called a MAC
number, and a large random number or KEY. This KEY and MAC number are also stored in
the AlarmNet servers. When a device contacts AlarmNet it sends the MAC number in the
clear followed by the message that is encrypted using the KEY data. The server looks up its
copy of the KEY based on the MAC number and uses that KEY to decrypt the message.
The communication devices use 256 bit AES (Rijndael) encryption (which is required for
certain government installations). The AlarmNet-i AES Encryption Software Module Version
1.0 contained in the Honeywell products has NIST approval. Listings for this approval can be
found at
Enterprise Encryption Related Functions
The previous paragraph described general encryption, and how it functions with AlarmNet.
When used in a Private closed network or Enterprise installations, some additional processes
are required to support encryption. In an enterprise installation the 7810iR-ent takes on the
server function that exists in the AlarmNet Internet installation and has a process to learn
the MAC numbers and KEYs for which it will be responsible.
Installation Key (for Private LAN)
At installation a 10-digit installation key needs to be programmed into every device in the
network. This 10-digit key should be the same for all devices used in the Private LAN mode.
The purpose of this key is to encrypt the private KEY of each subscriber device as it is
registered to the 7810iR-ent so this sensitive data is never sent in the clear. This KEY is only
used for registration purposes and is not used for supervision or alarm transmission. Once a
device is registered the 7810iR-ent will have a copy of the 7847i-E's factory KEY. From this
point on the unique factory key is used for communications.
Recovery Mode
Recovery Mode is only available when in Private LAN mode. In the event of a failure of the
7810iR-ent requiring the replacement of the hardware or the erasure of its memory, the
7810iR-ent supports a Recovery Mode. In Recovery Mode, the 7810iR-ent is programmed
with the same 10-digit installation key. When a 7847i-E communicates with the 7810iR-ent
and is found not to exist in its database, a special response is sent back to the 7847i-E
requesting it to re-register itself. The 7847i-E then registers using the 10-digit installation
key. When all accounts have been recovered, Recovery Mode can be turned off to provide
better control of registration.
1-2
http://csrc.nist.gov/cryptval/aes/aesval.html
Certification number 127.
Hide quick links:
Advertisement
Table of Contents
