TREA

Method and Arrangements for Increasing the Security of Transponder Systems, Particularly for Access to Automobiles

Follow

Information

  • Patent Application
  • 20080024322
  • Publication Number
    20080024322
  • Date Filed
    June 17, 2004
    20 years ago
  • Date Published
    January 31, 2008
    16 years ago
Information
Abstract
It is proposed that passive wireless transponder systems used in the context of procedures for access identification be provided with signaling that can be perceived by human beings. This also makes it possible to detect that a relay attack, which is difficult to prevent, is being carried out. Attention is also drawn to other types of manipulative interference with the communication and to certain problems with the high-frequency transmission. By the employment of comparatively inexpensive and highly reliable means, this near-simultaneous perception of an identifying process for access purposes produces a very effective reduction in such threats to the security of the system. Other simple measures may have an advantageous effect in connection therewith. The signaling may also assist an ergonomic process. For example, an automobile entry or access system that is not specifically actuated, referred to as a passive keyless entry system, may be improved.
Description

In the drawings:



FIG. 1 is a schematic representation of the signaling when emitted by the base station (the automobile in this case).



FIG. 2 is a schematic representation of the signaling when emitted by the transponder.



FIG. 3 is a schematic representation of the signaling when emitted both by the base station (the automobile in this case) and by the transponder.



FIG. 4 shows an imaginary relay attack and the advantageous—deterrent—effect of the signaling and



FIG. 5 is a schematic representation of an embodiment employing signaling in specific spatial access zones.






FIG. 1 is a schematic representation of the first embodiment. From the vehicle 1, perceptible signaling 4, such as, for example, a sequence of tones or a light signal, is emitted. This signaling is emitted by a signal emitter 3. It is perceived by the person 5 authorized to have access—the carrier or wearer of the transponder—and at the same time is received and analyzed by the transponder 6. For this purpose, the latter may be fitted with a suitable receiver, such as, for example, an opto-electrical or an acoustic one.


The wireless communication 7 is further effected between the transponder 6 and the base station 8. This communication uses alternating fields in different frequency bands and it cannot be perceived.


To save energy, provision may be made for the entire function not to be switched on until the door handle 2 has been operated. Other points to indicate that the access zone has been entered may also be used (light barriers, motion sensors, analysis of fields).


The signal emitter 3 and the base station 8 may be fitted at different points in the vehicle or as a combined sub-assembly—e.g. in the door mirror or on the door handle 2.



FIG. 2 is a schematic view of the second embodiment. From the transponder 11, perceptible signaling 10, such as, for example, a sequence of tones or a light signal, is emitted. This signaling is emitted by a signal emitter integrated into the transponder 11. It is perceived by the person 5 authorized to have access, who is carrying the transponder in his pocket, and at the same time is received and analyzed by a signal sensor 9 in the vehicle 1. The wireless communication 7 between the transponder 11 and the base station 8, which cannot be perceived, continues.


In this embodiment, security is substantially increased even if the signal sensor 9 is dispensed with. The signaling may then be performed only by vibration of, and/or by tactile stimulus (change of shape) by, the transponder device or by similar measures, alone or as a supplement. Where a signal sensor 9 does exist, the signals used are chiefly sound or light signals. Attentiveness and the ergonomic effect can be further increased if tactile, visible or audible stimuli are given at the door handle 2 in synchronization or in a matched rhythm. The handle may also perform the function of an on-switch.



FIG. 3 is a schematic representation of the third embodiment. From the transponder 6, perceptible signaling 14, such as, for example, a sequence of tones or a light signal, is emitted. This signaling is emitted by a signal emitter integrated into the transponder 11. It is perceived by the person 5 authorized to have access, and at the same time is received and analyzed by a combined signal emitter and sensor 12 in or on the vehicle 1.


The combined signal emitter and sensor 12 may also emit signaling 13 that is then, once again, both perceived and also received and analyzed by the transponder 6. For this purpose, the transponder 6 has not only the signal emitter mentioned but also a signal sensor.


The two signals 13 and 14 may be of the same kind or different. They may be particularly clearly noticeable as a result of further stimuli temporally connected with them, originating from the transponder 6 and the vehicle 1.



FIG. 4 represents an imaginary electronic relay attack and the advantageous effect of the signaling.


One of the two ends of the extended radio transmission path 19 used in the relay attack is situated at the vehicle. This end is shown here schematically as a relay station 17 that is hidden in the suitcase carried by a potential intruder 15. The signals 21 that are normally exchanged between the transponder and base station are now passed to the other end of the extended radio transmission path 19, and sent back again, via an intermediate point. The other end of the extended path takes the form of, for example, a relay station 18 disguised as a suitcase that is carried by an accomplice 16 of the intruder. The accomplice 16 is situated sufficiently close to the person 5 authorized to have access, at a time when the latter is no longer able to see his vehicle.


From this end, the radio signals 22 that have been transmitted via an intermediate point are re-emitted, and picked up in the other direction. In this way, a base station in the immediate vicinity of the transponder 23 is simulated and the transponder 23 is inveigled into behaving in the appropriate way. The transmissions from the transponder are transmitted back to the actual base station. In this way, the vehicle 1 can be opened, without authority, even though the person 5 authorized to have access is a long way away from the access zone. Distances of between 10 m and 50 km or more are conceivable. The extended radio transmission path can employ any desired transmission mediums (radio link, co-axial cable, telephone) that have the requisite bandwidth.


Hitherto, electronic attack of this kind has been a particular threat because the process can take place entirely unnoticed, i.e. there is no appreciable risk of discovery either for the intruder 15 or for the accomplice 16.


However, a hypothetical attempt by a potential intruder 15 also to give the signaling according to the invention in connection with the electronic attack will almost inevitably lead to his being discovered. The signaling 20 would have to be transmitted between the vehicle 1 and the relay station 17. Also, the relay station 18 would have to transmit the signaling 24 on to the person 5 authorized to have access and to the transponder 23.


In the event of the signal being emitted by the relay station 18, the accomplice 16 will be revealed in the above example. The attention of the person 5 authorized to have access will also be drawn by the emission 25 of the signal from the transponder 23 and he will be able to put in hand a range of countermeasures.


If on the other hand the intruder accepts the risk of discovery (acquires the transponder by robbery or theft, breaks in by force), then he will hardly choose to make a complicated electronic attack. A risk of this sort has to be reduced by other means.



FIG. 5 is a schematic representation of an embodiment where the signaling function operates if a person enters or is in specific spatial access zones.


A base station 26 or a plurality of antennas may be fitted round an automobile in the region of the doors (side and rear). As a result of the range of the transponders, access zones approximately 1 m to a maximum of approximately 5 m in extent are formed.


As a variant of the second embodiment, signaling can take place as soon as these access zones 28 are entered. The person authorized to have access can be given a forceful reminder by the signaling that he is just being passively identified. He can operate the door handle 26 without having to take any further action, which handle 26 unlocks in the event of him being satisfactorily recognized as part of the identification.


If the person authorized to have access is not reminded in this way, either the passive function has been deactivated or there is an operating fault. In both cases he has to take some active steps.


If, however, the person authorized to have access receives signaling well outside the access zone of his vehicle,-unauthorized access is imminent or is taking place at that moment. The passive identification function performed by the transponder can be deactivated by simple operation of a control. Instead of this, an alarm function can be triggered or other countermeasures put in hand. Provision may be made for the door handle not to be operable for the whole time after the signaling successfully activates the opening process but only in a given time slot. Permanent operation of the door handle should not be permitted anyway. From an ergonomic point of view, the signaling should be satisfactorily matched to the expiry of the period allowed for door opening.

Claims
  • 1. A method for increasing the security of transponder systems employing wireless transmission between at least one base station and at least one small device that a person can carry with him or her, a communication that establishes that the small device is spatially close taking place between the basis station and the small device, characterized in that signaling perceptible to human beings takes place as part of the communication process between the base station and the small device.
  • 2. A method as claimed in claim 1, characterized in that the perceptible signaling is emitted from the base station.
  • 3. A method as claimed in claim 2, characterized in that the small device receives and analyzes at least part of the signaling.
  • 4. A method as claimed in claim 3, characterized in that the small device concludes the communication in a secure manner if the signaling too has been received.
  • 5. A method as claimed in claim 1, characterized in that the perceptible signaling is emitted from the small device.
  • 6. A method as claimed in claim 4, characterized in that the base station receives and analyzes at least part of the signaling.
  • 7. A method as claimed in claim 6, characterized in that the base station only performs an action associated with the communication if the signaling too has been received
  • 8. A method as claimed in claim 1, characterized in that an action that should normally be provoked by the communication is embargoed by the operation of a control at the small device and by a transmission of data to the base station.
  • 9. A method as claimed in any claim 1, characterized in that an absence of signaling and/or altered signaling at the small device indicates an operating fault in the transmission process.
  • 10. A method as claimed in claim 1, characterized in that an alarm is triggered by the operation of a control at the small device and by a transmission of data.
  • 11. A method as claimed in claim 1, characterized in that an additional mode of operation allows communication to be established between the base station and small device but only the signaling to be performed, and normal operation (authorization of access, identification, payments, logging and the like) to be embargoed at least until a particular deliberate action (e.g. operation of a special control, input of a code, mechanical unlocking, and the like) has been performed and/or until an interval of time has expired.
  • 12. A method as claimed in claim 1, characterized in that the device is prevented from operating, at least temporarily, by controls and/or by a cover at least parts of which are impenetrable.
  • 13. A method as claimed in claim 1, characterized in that the signaling occurs when an access zone is entered and/or there is a presence in the access zone and takes place temporally before an identification process.
  • 14. An arrangement for increasing the security of transponder systems employing wireless transmission between at least one base station and at least one small device that a person can carry with him or her, a communication that establishes that the small device is spatially close taking place between the basis station and the small device, characterized in that at least one emitter for signaling perceptible by human beings is provided in the base station, which emitter is able to be activated by the communication.
  • 15. An arrangement for increasing the security of transponder systems employing wireless transmission between at least one base station (8) and at least one small device that a person can carry with him or her, a communication that establishes that the small device is spatially close taking place between the basis station and the small device, characterized in that at least one emitter for signaling perceptible by human beings is provided in the small device, which emitter is able to be activated by the communication.
  • 16. An arrangement as claimed in claim 15, characterized in that a control for deactivating the wireless transmission at least temporarily is present on the small device.
  • 17. An arrangement as claimed in claim 15, characterized in that a control for triggering protective measures in the context of a technical system that includes the base station is present on the small device.
  • 18. An arrangement as claimed in claim 15, characterized in that a control for triggering an alarm is present on the small device.
  • 19. An arrangement as claimed in claim 14, characterized in that a receiver for the signaling emitted by the base station and an analyzing means are present in the small device.
  • 20. An arrangement as claimed in claim 15, characterized in that a receiver for the signaling emitted by the small device and a matching analyzing means are present at the base station.
  • 21. An arrangement for increasing the security of transponder systems employing wireless transmission between at least one base station and at least one small device that a person can carry with him or her, a communication that establishes that the small device is spatially close taking place between the basis station and the small device, characterized in that a control for deactivating the wireless transmission, at least at times, is present on the small device.
Priority Claims (1)
Number Date Country Kind
03101873.2 Jun 2003 EP regional
PCT Information
Filing Document Filing Date Country Kind 371c Date
PCT/IB04/50933 6/17/2004 WO 00 6/21/2007