This application claims priority from European Patent Application No. 05100803.5 filed Feb. 4, 2005, the entire disclosure of which is incorporated herein by reference
The invention concerns a method for communicating and checking wireless authentication data between a transponder device and a reader unit preferably placed in a vehicle. The transponder device includes in particular a logic circuit, a memory, a module for transmitting and receiving data signals and an encryption and/or decryption circuit, whereas the reader unit includes a microprocessor unit, a memory, a random number generator and a module for transmitting and receiving data signals. Thus, authentication data can be exchanged between the personalised transponder device and the corresponding reader unit in order to authorise access to the vehicle.
After having carried out all the necessary authentication or identification operations, the transponder device is able to control certain functions of the vehicle. These functions can be, for example, controlling the locking or unlocking of the vehicle's doors and/or windows, starting the vehicle, a vehicle immobilising function, or other commands.
Wireless data transmission or communication via electromagnetic signals between a transponder device and a reader unit placed in a vehicle is well known. The signals may be low frequency or radio-frequency signals.
Usually in a simple authentication mode between a transponder and a reader, the reader first transmits to the transponder, once the latter has been activated, an interrogation signal which can comprise data relating to a random number with m bits, for example 56 bits, followed by encrypted data with n bits, for example 28 bits. The transponder receives and demodulates the data signal. The transponder can decrypt encrypted data to be checked and perform a continuous encryption operation to obtain other encrypted data on the basis of a secret key and the received random number. After verifying the received encrypted data, the transponder transmits the other encrypted data to the reader so that they can be checked in the reader. Once all the verifications have been successfully carried out, the transponder can control different functions of the vehicle.
The number of transmitted random number bits and the number of encrypted data bits are usually set for communicating and checking authentication data. A period of time is more or less determined for this authentication procedure, which may also be a function of the distance separating the two units.
Normally, in order to be able to exchange authentication data with the vehicle reader unit, the transponder device must not be too far from the vehicle. Generally, the exchanged signal carrier frequency is a low frequency for example close to 125 kHz. For this reason, the transponder device must not be further than 2 to 3 m from the vehicle in order to execute one or several commands after authentication.
Several of the encryption algorithms usually used have the drawback of being relatively complex to implement in the reader unit and mainly in the transponder device, which is generally of the passive type. The authentication method checking period is therefore relatively long.
It is a main object of the present invention to provide a wireless authentication data communication and checking method between a transponder device and a reader unit by using a simplified and easy to configure encryption and/or decryption and transmission method.
The present invention therefore concerns a method for communicating and checking wireless authentication data according to the features of independent claims 1 and 8.
Advantageous features of the invention are defined in dependent claims 2 to 7.
One advantage of the authentication data communication and checking method is that the transponder device and the reader unit can be configured so that the length of the authentication data to be transmitted can be adapted. Data length is defined by a determined number of bits. A determined number of bits can be defined for the transmission of one or several random numbers, and an equivalent or different number of bits for the transmission of encryption functions based on the generated random number(s).
The objects, advantages and features of the authentication data communication and checking method between a transponder and a vehicle reader unit will appear more clearly in the following description of non-limiting embodiments of the invention in conjunction with the drawings, in which:
The following description relates to a wireless method for communicating and checking authentication data between a transponder device and a reader unit placed in a vehicle for authorising access to the vehicle after checking. It is to be noted that those electronic components of the portable transponder device and the reader unit for implementing the method, which are well known to those skilled in the art in this technical field, will not be explained in detail.
The access authorization concerns locking or unlocking the doors or windows of the vehicle, control of the headlights, starting the vehicle, control of an alarm or vehicle immobiliser, control of the horn, reading various vehicle parameters or other commands or functions. The signals are preferably low-frequency signals (125 kHz) for short-range communication, for example in an area of 2 to 3 m between the transponder device and the reader unit. In this case, the transponder can be of the passive type, i.e. it can be electrically powered by signals transmitted by the reader unit.
Of course, one could also envisage using short-range radio-frequency signals (434 MHz) to establish this communication. However, increased electric power consumption is observed with such signals, which would necessitate the use of an active type of transponder.
The portable transponder device 1 essentially includes a logic circuit 11, which defines a state machine or a hard-wired logic, for managing the various operations carried out in the transponder. The transponder device 1 further includes, linked to the logic circuit 11, an encryption and/or decryption circuit 12, a non-volatile memory 13 for example of the EEPROM type, a transmission and reception module 14 for data signals SD which are transmitted and received by an antenna 16 connected to said module 14, and a random number RN2 generator 15. Data signals can include coded and public data. In a simple authentication mode of the device and the reader unit for the method according to the invention, the random number generator 15 of transponder device 1 can be omitted, as shown in dotted lines in
The encryption and/or decryption circuit 12, which will be explained in more detail in particular with reference to
The reader unit 2 mainly includes a microprocessor unit 21 for software processing of all the operations carried out in the reader unit. The reader unit 2 further includes, linked to the microprocessor unit 21, a data and/or parameter memory 22, a random number RN1 generator 24, and a transmission and reception module 23 for data signals SD which are transmitted and received by an antenna 25 connected to said module 23. Data signals SD, which comprise data modulated on a carrier frequency, are demodulated in module 23 so that microprocessor unit 21 can process the demodulated data in a known manner.
EEPROM memory 13 of transponder device 1 can store one or several random numbers, for example of 128 bits each, one or several secret encryption keys, various configuration parameters, and other data in certain memory positions. The configuration parameters, which can be introduced either at the end of the transponder device manufacturing steps, or during use of the transponder device, concern, for example, the configuration of the logic circuit 11 so as to determine the length of authentication data to be exchanged with the reader unit.
This data length is defined as a determined number of bits to be transmitted, which may be transmission of a generated random number or a calculated function relating to the generated random number. This number of bits is preferably a multiple of 8. In this way, transponder device 1 can be configured for transmitting a data length of 32 bits, 64 bits, 96 bits or 128 bits, which constitutes a main characteristic of the method according to the invention, as explained in the following description.
Of course the length of each data packet to be exchanged can be chosen to be greater than 128 bits if the transponder is capable of processing binary words greater than 128 bits, for example 196 or 256 bits.
When the personalized transponder device 1, and the corresponding reader unit 2 are configured to exchange data packets whose length is equal to 32 bits, it is possible to speed up the authentication procedure to authorise access to the vehicle more quickly after checking. However, with this data packet length, the security level is lower than with a larger number of bits, but it may nevertheless be deemed sufficient.
The authentication data signals, which are exchanged between the personalised transponder device and the corresponding reader unit, are explained hereafter with reference to
Once transponder device 1 has been activated, i.e. switched on based on interrogation signals previously received from reader unit 2, the reader unit generates a random number RN1 and calculates a first encrypted function F(RN1) using a secret key and the generated random number RN1. The reader unit 2 transmits the random number RN1 followed by the first encrypted function F(RN1) to the transponder device 1.
Transponder device 1 demodulates the signal received from the reader unit in its transmission and reception module to remove the received random number and the first received encrypted function. Upon reception of the random number and the first encrypted function, or after validating the first function, the transponder device can transmit a signal ACK validating data reception to the reader unit. However, this step is not always necessary, which is why it is shown in dotted lines in
After checking the validity of the received encrypted function F(RN1) with the random number RN1, the transponder device calculates a second encrypted function G(RN1) using a secret key equivalent to the reader unit, and the received random number. The reader unit receives and demodulates the coded signal received from the transponder device in order to check the validity of the second encrypted function G(RN1) using the secret key and the generated random number RN1.
In order to better understand the various operations of the authentication method carried out in transponder device 1, reference with be made hereafter to
As explained above, the transponder device is firstly activated at step 30 before receiving first of all the random number RN1 provided by the reader unit at step 31. This random number is placed in an input register of the transponder device. At step 32 the transponder device receives the first encrypted function F(RN1) which it places in another register.
The transponder device has to be able to recalculate the first encrypted function using a secret key equivalent to the secret key of the reader unit and the received random number. In order to do so, at step 33, the random number RN1 of said input register is sent to an encryption unit of the encryption circuit. This encryption unit receives also the secret key in order to encrypt, in blocks of bits, the binary word from the register, which is formed of the random number of configured dimension and filler bits from the EEPROM memory to completely fill the input register of defined dimension.
The first function F′(RN1) recalculated by the encryption unit is compared, at step 34, to the first received encrypted function F(RN1). If the first two functions are equal, the device can then transmit a correct reception confirmation ACK to the reader unit at step 35. However, if the first two functions do not match, the device can transmit an incorrect reception statement NACK to the reader unit at step 37. However, steps 35 and 37 are not strictly necessary, so they are each shown outlined in dotted lines.
In addition to the first function F′(RN1) recalculated at step 33, a second encrypted function can be also calculated in the transponder device encryption unit. This second encrypted function is momentarily placed in a register before being transmitted to the reader unit, at step 36, but only if the first encrypted functions are equal. After transmission of the second encrypted function G(RN1) at step 36, the authentication method in the transponder device ends at step 38.
With reference to
Upon reception of the random number RN1 from the reader unit, the random number is placed in an encryption circuit input register 40. The input register is of determined dimensions to be able to receive a binary word of, for example, 128 bits. If random number RN1 is formed of a configured lower number of bits for example 32 bits or 64 bits or 96 bits, the input register has to be completed by filler bits BR from the EEPROM memory at the command of the logic circuit. The random number will occupy a portion 40b of the input register, and the filler bits BR will occupy a portion 40a of input register 40.
Using an encryption algorithm, which can be of the DES type, a bloc encryption operation is carried out in the encryption unit 41 using a secret key Key drawn from the memory. The result of the encryption operation is placed in an output register 42 of equivalent dimensions to the dimensions of the input register. The number of bits contained in the output register 42 is a multiple of 8, for example 128 bits. The number of bits of output register 42 is divided into four groups of bits A, B, C, D placed in four successive portions 42a, 42b, 42c, 42d of output register 42. Each group of bits is formed of 32 bits if the output register can include 128 bits.
The first recalculated encrypted function F′(RN 1) placed in a register 46 is obtained by combining the first and third groups of bits A and C of output register 42 through a reduction operator 44 of the logic circuit. The second encrypted function G(RN1) placed in a register 47 is obtained by combining the second and fourth groups of bits B and D of the output register through a reduction operator 45. In this case, the first and second encrypted functions F′(RN1) and G(RN1) include 32 bits.
With different operators or a different number of groups of bits of output register 42, it is possible to configure the desired dimension or length of each encrypted function. For example, to obtain a dimension of 64 bits for each function, using reduction operators, it is possible to combine two pairs of groups of bits of the output register.
Finally, in a configuration in which random number RN1 is formed of 128 bits and the encrypted functions are also formed of 128 bits, the first result of the encryption operation placed in output register 42 gives the first encrypted function F′(RN1). This first encrypted function is placed via path b represented in dotted lines in register 46. In order to calculate the second encrypted function G(RN1), the first recalculated function F′(RN1) replaces the random number in input register 40 represented by path a in dotted lines. The second result of the encryption operation placed in output register 42 gives the second encrypted function G(RN1), which is placed in register 47 represented by path c in dotted lines.
It is clear that it is easy to configure the number of bits of the random number or of each encrypted function for the authentication method according to the invention.
As can be seen in
Upon reception of the first random number RN1 and the first encrypted function F(RN1,RN2), the device has to calculate the same first encrypted function. If the two first encrypted functions are equal, a second encrypted function G(RN1,RN2) is calculated with the same secret key and the two random numbers RN1 and RN2. This second encrypted function is transmitted to the reader unit so as to enable it to find the second function in order to end the authentication method and to authorize access to the vehicle.
After activating the transponder device at step 60, a signal ACK can be transmitted to the reader unit at step 61 to announce activation of the transponder device, and a second random number generated in the device is transmitted to the reader unit at step 62. However, step 61 is not strictly necessary, which is why it is shown outlined in dotted lines.
The transponder device receives the first random number RN1 from the reader unit at step 63, and the first encrypted function F(RN1,RN2) at step 64. At step 65, the first encrypted function is recalculated using the two random numbers to give a first recalculated encrypted function F′(RN1,RN2) to compare with the first received encrypted function F(RN1,RN2) at step 66. If the two first encrypted functions are equal, a correct reception confirmation signal ACK can be transmitted at step 67. On the other hand, if the two first encrypted functions are different, an incorrect reception signal NACK can be transmitted at step 69. However, steps 67 and 69 are not strictly necessary, so they are each shown outlined in dotted lines.
In addition to the recalculated first function F′(RN1,RN2) at step 65, a second encrypted function G(RN1,RN2) can be also calculated in the transponder device encryption unit. This second encrypted function is momentarily placed in a register before being transmitted to the reader unit at step 68, but only if the two first encrypted functions are equal. After transmission of the second encrypted function G(RN1,RN2) at step 68, the authentication method in the transponder device ends at step 70.
As two random numbers RN1 and RN2 are generated, they are placed in the same input register 71, which includes a portion 71a for filler bits, a portion 71b for the first random number RN1 and a portion 71c for the second random number RN2. Preferably, each random number is formed of 32 bits, whereas input register 71 can include 128 bits.
A bloc encryption operation is carried out in encryption unit 72 using a secret key and the input register bits. The encryption result is placed in an output register 73 divided into four groups A, B, C, D placed successively in portions 73a, 73b, 73c, 73d each having 32 bits.
The first recalculated function F′(RN1,RN2) is obtained by combining groups A and C via a reduction operator 74 of the logic circuit and it is placed in register 76. The second encrypted function G(RN1,RN2) is obtained by combining groups B and D through reduction operator 75 of the logic circuit and it is placed by a sequential output in register 77. In this case, the encrypted functions are each formed of 32 bits.
Of course, as explained with reference to
In a variant that is not illustrated, one could envisage for example configuring the transponder device such that the encryption and/or decryption circuit is also configured for decrypting an encrypted function. In order to do this, the previously described encryption unit has to be able to carry out a reverse operation, which consists in decrypting an encrypted function using the secret key in order to find the random number that was used for calculating the encrypted function.
Before generating a second encrypted function in the transponder device, a comparison can be made between the first random number received from the reader unit with a first random number recalculated in the decryption circuit from the first encrypted function. If the two first random numbers are equal, the second encrypted function can be transmitted to the reader unit.
From the description which has just been given, multiple variants of the authentication data communication and checking method can be conceived by those skilled in the art, without departing from the scope of the invention defined by the claims. The number of bits, which forms either each random number or each encrypted function, could be configured automatically during the establishment of communication between the transponder device and the reader unit. Both a received random number and a received encrypted function could be checked in the device and/or the reader unit.
Number | Date | Country | Kind |
---|---|---|---|
05100803 | Feb 2005 | EP | regional |
Number | Name | Date | Kind |
---|---|---|---|
4509093 | Stellberger | Apr 1985 | A |
4799061 | Abraham et al. | Jan 1989 | A |
6075454 | Yamasaki | Jun 2000 | A |
20020053027 | Kim | May 2002 | A1 |
20020053207 | Finger et al. | May 2002 | A1 |
20030093187 | Walker | May 2003 | A1 |
20040083368 | Gehrmann | Apr 2004 | A1 |
20040179547 | Kuffner et al. | Sep 2004 | A1 |
20060208169 | Breed et al. | Sep 2006 | A1 |
20070090958 | Stilp | Apr 2007 | A1 |
20070109266 | Davis et al. | May 2007 | A1 |
Number | Date | Country |
---|---|---|
492 692 | Jul 1992 | EP |
774 673 | May 1997 | EP |
923 054 | Jun 1999 | EP |
1 387 323 | Feb 2004 | EP |
1 443 469 | Aug 2004 | EP |
Number | Date | Country | |
---|---|---|---|
20070174612 A1 | Jul 2007 | US |