DE60113762T2 - Hand-free access system for motor vehicles - Google Patents

Description

The The present invention relates to a hands-free access system for motor vehicles, i.e. a wireless communication system that allows one Vehicle without a key to enter. This system is also for hand-free starting the vehicle, i.e. to start without a key, suitable.

One such system generally includes an identification device which is to be worn by a user and serves to a bidirectional wireless remote connection with one in the vehicle located central control unit to the user to authenticate and control lock / release means of the locks of the doors, if the user has been recognized as authorized. The initialization The communication protocol can be used for hands-free access Actuate the outer door handle or, in the case of manual starting, by pressing Start button. The system is designed to be bidirectional Connection is established when the identification device located at a distance from the vehicle that is less than one given maximum distance is generally of the order of magnitude of a few meters, on the one hand to interfere with other signal sources Environment and on the other hand the function of the system at a distance to prevent in which the user is too far away from the vehicle, due to the system measures taken to be able to recognize.

Certain current systems suggest systems based on magnetic Use induction with a very short range at the same time Energy and information from the central unit of the vehicle to transmit the identification device located in the generated by the antennas of the vehicle electromagnetic field located. Such a system allows however, only one communication at a very short distance from the vehicle, of the order of magnitude of a few centimeters. Another currently proposed System sees the use of low-frequency carrier waves of the order of magnitude of 125 kHz for the communication from the vehicle towards the identification device and ultra-high frequency carrier waves, for example, in the order of magnitude of 434 or 868 MHz in Europe and of 315 or 902 MHz in the USA in front. In this case needed the identification device, however, a battery to their own to supply electronic circuits. To the electrical energy consumption For example, it may be provided that the identification device is to be minimized during the 10th ms long periods for each 9 ms in the idle state and each 1 ms in the operating state.

Of course, the bidirectional communication between the vehicle and the identification device is encrypted to prevent any unwanted function of the system and to protect it against malefactors. In 1 The attached drawings show an example of an already known encryption system. In this 1 a vehicle V is shown having a memory in its central unit 1 with a secret key K and a random number generator 2 For example, the generated random numbers R have a length of 56 bits. The random number R is emitted in the direction of identification device I, as indicated by the arrow 3 is indicated. At the same time, the same random number R with the secret key K is in a mixer 4 standing at his entrance with the store 1 and the random number generator 2 is mixed according to a complex associative function f. The mixer 4 provides at the output a representative of the mixture of the secret key K and the random number R signal, namely the signal f (R, K). This signal is in one with the output of the mixer 4 connected memory 5 saved. This signal is sent to the identification device I in the form of a signal with a length of, for example, 28 bits, as indicated by the arrow 6 is indicated. In the vehicle V, the signal f (R, K) again with the secret key K in a mixer 7 mixed, at his entrance with the stores 1 and 5 connected is. The mixer 7 mixes the two signals according to a complex associative function g. The vehicle V then stores in one with the output of the mixer 7 connected memory 8th the signal representative of the mixture, namely the signal f (R, f, K).

On the side of the identification device, the same secret key K is stored in memory 11 saved and a mixer 14 with the same associative function f receives at the input through the memory 11 the identification device I supplied secret key and the originating from the vehicle, received by the identification device random number R. The identification device I stores the signal at the output of the mixer 14 in a store 15 and compares this signal in a comparator 16 with the arrow 6 signal received by the vehicle V. If the two signals are not identical in consideration of the delay time dependent on the material and the transmission of the signal in the authorized transmission zone, the identification means interrupts the communication because it is considered unauthorized. Conversely, if the two signals match, the signal will be in a mixer 17 with that of the store 11 the identification device I supplied secret Key mixed according to the above-mentioned associative function g. The output signal of the mixer 17 is in a store 18 stored the identification device to then according to arrow 9 in the form of a signal having a length of, for example, 20 bits in the direction of the vehicle. Finally, this is according to arrow 9 received signal in a comparator 10 with that of the store 8th of the vehicle received signal compared. If the two signals agree in consideration of the delays due to the response time of the material and the transmission of the signal in the authorized zone, the remainder of the communication is authorized and the central unit of the vehicle may trigger the locking or unlocking of the locks of the doors of the vehicle. It is understood that another encryption protocol can be used to secure the data transmission.

However, despite the encryption protocol, there is a way to invade the system without knowing the secret key and the various associative functions of the encryption protocol. This intrusion or fraud procedure is in 2 shown. According to this method, it is assumed that a user U carrying the identification device I is located at a greater distance from the vehicle V than the authorized communication distance, for example at a distance of 10 to 100 m from the vehicle. In this case, one may be with a first relay box 20 equipped intruder approach the vehicle V to a distance sufficient to communicate with it, for example at a distance of the order of 1 to 5 m. This intruder triggers the beginning of the communication, for example, by pulling on the outside handle of the door. This triggers the emission of low-frequency signals from the vehicle in the direction of the relay box 20 like this by the zigzag arrow 21 is shown. The signal emitted by the vehicle 21 is from a coil 22 of the relay box 20 received, which with a receiver operating at 125 kHz 23 connected is. This receiver 23 is connected to a broadband radio frequency transmitter operating at frequencies on the order of several MHz. The transmitter 24 sends as indicated by the arrow 26 represented by its antenna 25 towards a second relay box 30 which is carried by another intruder following the user U closely. Because the information exchange between the two relay boxes 20 and 30 At very high frequencies, it is possible to carry out this communication over long distances. The second relay box 30 has an antenna 31 to receive from the relay box 20 emitted signal 26 on. The antenna 31 is connected to a broadband receiver that is at the same frequency as the transmitter 24 of the first relay box 20 is working. The signal thus received is transmitted at a low frequency of 125 kHz via a transmitter 33 re-aired, with a transmitter coil 34 connected to a signal 35 towards the identification device I, which signals the signal emitted by the vehicle 21 equivalent. Because the signal 35 represents the repetition of the authentic signal of the vehicle, the identification device I can recognize it and is itself again their response signal 36 emitting, with the response signal 36 broadcast at high frequency and from an antenna 37 of the second relay box 30 is received, for example at a frequency of 434 MHz. The antenna 37 is with a receiver 38 which converts the signal of 434 MHz into a signal of different frequency, for example 315 MHz. The signal is then from a broadband transmitter 39 via an antenna 40 towards the first relay box 20 emitted, wherein the frequency difference is necessary so that the different signals do not interfere with each other. It is understood that the frequency of the second relay box 30 again emitted signal 41 both from the frequency of the signal 26 as well as that of the signal 36 is different. This signal 41 is from an antenna 27 of the first relay box 20 receive, with the antenna 27 with a broadband receiver 28 connected to the same frequency as the transmitter 39 is working. The recipient 28 is with a transmitter 29 which converts the signal from 315 MHz to a signal of 434 MHz, which is transmitted via the antenna 42 of the first relay box 20 as by the zigzag arrow 43 shown in the direction of the vehicle V is emitted.

It enough, when the invaders relay boxes use broadband connections, such as from more than 50 MHz, which is possible because the intrusion systems are not must comply with the relevant regulations. The additional transmission time because of the distance can therefore on the order of a few Na seconds lie, what compared with the required time constants for the normal authorized transmission is negligible. For example, the total communication time can be on the order of magnitude from 20 to 40 ms and the total operating time of the system to trigger the unlocking or locking the electric locks can in the order of 100 ms lie.

One solution to detecting such intrusion or fraud and disrupt communication may be to measure the propagation time of the UHF radio waves and the measured time for a given time compare what corresponds to communication in an authorized limited zone around the vehicle. However, in order to be able to detect delay times due to the distance over a total duration of the communication, it is necessary to provide large bandwidths, which corresponds to a high data transmission rate, for example of the order of 20 to 40 Mb / s. With such a data transfer rate, it is necessary to operate at very high frequency, for example at 2.4 GHz. However, in order to measure very short times, it is necessary to provide a very wide bandwidth, which, however, violates applicable regulations which drastically restrict the allowable bandwidths to avoid saturation of the environment by electromagnetic waves.

The Document EP-A-0 992 408 describes a system according to the preamble of claim 1.

task The invention is to eliminate the above-mentioned disadvantages and to provide a hands-free access system for motor vehicles, with the intrusion into the system, in particular by interposition of relay boxes, by evaluating the propagation times of the signals between the Vehicle and the identification device can be detected.

To For this purpose, an object of the invention is a hand-free access system for motor vehicles according to the present Claim 1. The term "actual Emission duration "understands one the emission duration of the binary Information of the bit compared to the total duration of the cell, too which belongs to this bit, which is generally this actual Dau he and a rest period includes the receipt of the identification device remitted Signals during to allow this rest period.

Advantageous the default limit is set by a time window, which of the theoretical total duration of the emission of the fraud-preventing Bit series corresponds when the identification device in a distance that is less than or equal to the predetermined Maximum distance is. This time window provides a precise constant for example, generated by a crystal controlled oscillator connected to a counter controlled by a microcontroller is, which indicates the number of periods to be considered. The central control unit can detect the fraud attempt if the total number of bits of the fraud preventing row of the central control unit in this window is not sent out or has been received.

According to one Further feature, the central processing unit in the memory with a correlation table have two variables, namely the number of bits emitted and the associated real emission duration, as a result, the real distance between the identification means and the central unit, wherein the data of the table in advance by Trials have been identified and can be updated regularly, though the user carrying the identification device in the driver's seat the vehicle is sitting, since there is the distance between the identification device and the central unit of the vehicle is substantially constant.

For example will count the number of transmitted bits is aborted when the central unit detected the receipt of the last bit of the fraud-preventive series.

Preferably the identification device has an analog delay line to receive the signal received from the vehicle with a predetermined delay time back to the vehicle to send.

According to one further feature, the central control unit has an oscillator for generating high-frequency carrier waves, with a Phase modulator is connected by that of the central unit controlled by the vehicle fraud-preventing bit series is controlled.

According to one inventive feature is the fraud-preventing bit string from the central processing unit after the Broadcast of the encrypted authentication data generated in the direction of identification device. In this case can the identification device has a phase inverter, to selectively reverse the phase of the signal, which is representative is for that received from the identification device and from the vehicle derived fraud-preventing bits, the inverter for each fraud preventing bits by an encrypted numerical answer authentication signal the identification device is controlled, with a slower Clock as that of the fraud-preventing bit series is done.

It can then be provided that the central unit of the vehicle comprises a phase demodulator for demodulating the signal received from the vehicle and originating from the identification device and an exclusive-OR logic gate, the inputs of which are connected to the phase demodulator and a numerical signal retarder, respectively the retarder can delay each bit of the fraudulent row generated by the central unit by the actual duration of the bit, the logic gate at the output being able to provide a numerical signal indicative of the ver keyed response signal of the identification device is characteristic.

According to one first embodiment becomes the signal supplied at the output of the above-mentioned exclusive-OR logic gate from the central unit to one generated by the central unit encrypted numerical authentication signal compared to the identification device to authenticate.

According to one another embodiment is the output of the Exclusive OR logic gate with one input connected to a second exclusive-OR logic gate, the other Input an encrypted generated by the central unit numeric authentication signal to receive a signal at the output to give which for the successive temporal shifts of each bit of the fraudulent series is characteristic, the latter Signal received at the input of an integrator is the sum The response times form with each shift interval the fraud preventing bits are connected, the output of the Integrators connected to a comparator is the sum of the Compare response times with a given maximum duration, above which a fraud attempt is detected.

Advantageous one envisages that the one originating from the identification device Receive signal from the central unit and to the input of an envelope detector is forwarded to detect the rising edge of the signal, wherein the detection of the rising edge on the one hand, the increase of counter the number of bits by one unit and, on the other hand, the transmission of the following bit in the fraud-preventive bit string after one trigger a predetermined period of time can, which corresponds to the duration of a useful bit, if necessary elevated for an additional Duration, any disturbance between the transmission and reception of the signal by the central unit to prevent.

In In this case, it can be provided that the central unit has an all-or-nothing modulator to the central unit in the transmit or receive mode for signal to switch in or out of the direction of the identification device, the all-or-nothing modulator being detected by the detection of the rising edge controlled by the signal originating from the identification device becomes.

Advantageous the identification device has a receiver for receiving wake-up signals low clock on, with the receiver one after the other static RF envelope detector having a low threshold and a low frequency amplifier.

exemplary can the actual Bit duration between 50 and 200 ns are.

The Invention will be better understood and other goals, details, features and benefits of it will become more apparent in the course of the following detailed description a special embodiment of the invention, with reference to the accompanying schematic Drawing purely illustrative and not restrictive, wherein in the drawing:

1 is a synoptic functional scheme representing the encryption protocol to secure bidirectional data transmission between the vehicle and the identification device;

2 is a synoptic functional scheme illustrating an intrusion system into the encrypted system by interposing two relay boxes;

3 is a simplified synoptic functional diagram of a hands-free access system according to the invention;

4 a the schema of 3 corresponding, more detailed synoptic functional scheme;

5 show a plurality of chronograms showing complete query data blocks emitted by the vehicle and received in response from the vehicle;

6 an enlarged partial view of a section of the chronograms of 5 which are indicated by the arrow VI and correspond to the beginning of the fraud-preventing sequence;

7 the first two chronograms of the 5 repeated;

8th an enlarged partial view of a portion of the chronograms of 7 while the fraud preventing sequence is that indicated by the arrow VIII; and

9 an enlarged partial view of a portion of the chronograms of 5 is, which is indicated by the arrow IX and corresponds to the end of the fraud-preventing method.

The following is on the 3 and 4 Reference is made, which represent the hand-free access system according to the invention in a simplified or more detailed form.

The motor vehicle V points in its central unit a microcontroller 50 which is generally in a semi-sleep or wake-up state. When the user presses the outside handle of the door, as indicated by the arrow 51 shown, an activation signal to the microcontroller 50 sent. In response, the microcontroller sends as indicated by the arrow 52 shown, a general supply signal to power the various electronic components of the central unit. Then the microcontroller generates 50 a signal series with low clock frequency, for example of the order of two to 100 Kb / s, on the line V5. The data transmitted via the line V5 are successively a wake-up signal e, a signal characteristic of a random number with a length of, for example, 56 bits, a signal characteristic of the function f (R, K) of a length of, for example, 28 bits and a service data s with a length of, for example, 100 to 5000 bits characteristic signal, which may include, for example, maintenance data, vehicle control data, etc. (see. 5 ). The line V5 is with a transmitter 53 for the transmission of signals via an antenna 54 in the direction of identification device I, as shown by the arrow E. The transmitter 53 shows how better in 4 recognizable, an oscillator 55 for generating an ultra-high-frequency carrier wave, wherein the oscillator via the line 52 is supplied. The oscillator 55 is with a phase modulator 56 connected, in turn, with an all-or-nothing modulator 57 is connected, the input of the latter with the line V5 and its output with the above-mentioned antenna 54 are connected. When transmitting data with low clock frequency sk via the line V5 of the phase modulator is inactive. The all-or-nothing modulator 57 serves to alternately enable the transmission of a signal and the reception of a signal by the central unit of the vehicle, as will be explained below. By way of example, the amplitude of the emitted signal is on the order of 2 V effectively.

The emitted signal E is from an antenna 100 of the identification device I with an attenuation of the order of -40 dBm, which corresponds to a hundredfold attenuation coefficient, which in turn means that the signal received by the identification device has an amplitude of the order of magnitude of 20 mV. The antenna 100 is with a (only in 4 shown) high-frequency filter 101 connected to eliminate interference frequencies. The output of the filter 101 is connected to a branch, which on the one hand to a receiver with low clock frequency and low power consumption 102 and on the other to an analog delay line 103 leads. The low clock rate signals sk are not transmitted through the delay line 103 but essentially pass over the receiver 102 , How better in 4 recognizable, the recipient includes 102 successively a high-frequency envelope detector 104 for restoring the low clock signals on line I5 that correspond to those on line V5. The output of the envelope detector 104 is with a low frequency amplifier 105 whose output is parallel to the one with a wake-up sequence decoder 106 and secondly with a microcontroller 107 the identification device I via a line 108 connected is. At the beginning of the communication with the vehicle is only the decoder 106 permanently powered by the battery of the identification device. In other words, the wake-up data e from the decoder 106 decoded so that at the output of the decoder 106 a wake-up command to the microcontroller 107 can be sent. The microcontroller 107 then wakes up all other electronic components of the identification device. As a result, all the following data, namely the signals R, f and s, are transmitted through the parallel line 108 directly to the microcontroller 107 transmitted.

After the transmission of the service data s, the microcontroller generates 50 of the vehicle V, the fraud-preventing bits h with the slow clock sk of the microprocessor, wherein the fraud-preventing bits from a random-access memory 58 for binary sequences to output at the output the high clock fraud preventing bits fk via a line V7. The output of the cache 58 is connected to a branch, on the one hand to the phase modulator 56 leads to a phase modulation of the oscillator 55 on the other hand, to a numerical delay by one actual bit duration 59 whose function is explained below. Each fraud preventing bit is in the form of a high frequency signal over the antenna 54 transmitted in the direction of the identification device I. The entire emitted data block V2 of the signals via the antenna 54 will be in the 5 and 7 shown. In 6 In particular, the beginning of the query block of the fraud-preventing bits h was shown on the line V2. On the line V2 the 6 It will be noted that each cheating preventing bit is transmitted through a very high frequency oscillating wave having a bit duration Tb between, for example, 50 and 200 ns. The emission of the fraud-preventing bits h1, h2 ... hn is performed by the all-or-nothing modulator 57 depending on a control signal V1 authorized, which of a clock unit 60 of the vehicle V is emitted, the unit 60 Clock signals with low clock sk, medium clock mk and high clock fk can deliver. It is understood that the unit 60 as by the double arrow 61 indicated with the microcontroller 50 connected is. The generation of the signal V1 will be explained below.

The identification device I receives via its antenna 100 on the line I1 (cf. 6 ) a signal which, with a delay time δ corresponding to the propagation time of the signal between the vehicle and the identification means, corresponds to the fraud-preventing bit h1 sent from the vehicle V. The signal then passes through an analog delay line 103 , which may for example consist of a copper coil, which makes it possible to reduce the power consumption of the identification device, because the delay line does not need to be powered. In 8th the signal I2v is shown representing the virtual signal at the output of the analog delay line 103 corresponds, ie, the envelope of this analog signal, wherein the signal has been delayed by a predetermined period of time Dl. The output of the delay line 103 is with the input of a phase inverter 109 connected to the phase of the via the delay line 103 transmitted analog signal in response to an encrypted authentication control signal g whose data block is shown on the line I6. How to get on the in 8th 1, the clock of the bits of the signal g is a middle clock lower than the high clock fk of the cheating h bits. For this purpose, it is provided that the microcontroller 107 the identification device with a low clock sk the signal g to a buffer 110 transmits, via its output, the signal g with middle clock mk to the phase inverter 109 is transmitted.

The phase inverter 109 Outputs at the output an analog signal whose virtual signal is represented at I7v, which represents the envelope of the signal. The output of the phase inverter 109 is with an amplifier 111 with a gain of +20 dB to emit the signal with an amplitude of the order of 200 mV. The amplified signal is reproduced on the line I4 and corresponds to the emission bit h1 with a delay δ due to the propagation of the signal and an analogue delay D1 due to the delay line 103 , This signal I4 is via an antenna 112 sent back towards the vehicle V, as shown by the arrow RE. Upon receipt of the first fraud-preventing bit h1 by the identification means, this first fraud-preventing bit solves the generation of the encrypted authentication signal g by the identification means for controlling the phase inverter 109 out. For this purpose, the output of the amplifier 111 also with a trigger line 113 connected, which in series a diode 114 and a trigger 115 to a timebase processing unit 116 to activate which clock signals low clock sk and middle clock mk supplies, where the unit 116 as by the double arrow 117 shown with the microcontroller 107 connected is.

Based on the hypothesis that the transmitted electromagnetic signals propagate at the speed of light, ie 3 · 10 ⁸ m / s, it can be assumed that the transmission time of the signals is of the order of 3 ns per meter distance between the vehicle and the identification device I lies. In other words, the propagation time δ for a round trip path between the vehicle V and the identification device I, which is about five meters apart, is on the order of 30 ns. At this propagation time δ, one can add the response time of the electronic circuits, which, depending on the bandwidth of the carrier, can be on the order of a few ns or a few tens ns.

The signal RE reflected back by the identification device is transmitted via an antenna 63 from a receiver 62 with an attenuation on the order of -40 dBm, which corresponds to a quenching coefficient of 100, ie, the signal received by the vehicle has an amplitude of the order of 2 mV. How clearer in 4 shown, the recipient points 62 one with the antenna 63 associated high frequency filter 64 whose output signal is shown as line V3, this signal being applied to the input of a logarithmic amplifier 65 which has an amplification factor of 80 dB, which makes it possible to achieve a multiplication coefficient of up to 10,000 times, and in particular, at the output of the amplifier 65 effectively deliver a signal on the order of 2V. The amplifier 65 is at the output with a branch between, on the one hand, an amplitude demodulator 66 which allows the detection of the envelope of the received signal, and, on the other hand, a phase demodulator 67 connected. The envelope detector 66 provides at the output a numeric signal, shown as line V4, which is applied to the input of the above mentioned timebase processing unit 60 is transmitted. Upon receipt of the returning fraud-preventing bit, the time base processing unit releases 60 the emission of the following cheating-preventing bit h2 with a delay corresponding to the actual bit duration Tb + ε, where ε corresponds to a slight safety delay in order to completely rule out an overlap of transmission and reception of the signals by the vehicle. Thus, the receipt of the returning fraud-preventing bit by the vehicle triggers the following beat with the clock fk and the switching of the all-or-nothing modulator 57 over the line V1 off. It is understood that one can also provide that the small delay ε is close to 0 s.

Each new beat with the clock fk, which is triggered by the receipt of the previous fraud-preventing bit, causes an increase of the counter 68 by one unit, with the counter 68 the number of received bits counts as a function of time. However, since the reception of one bit triggers the emission of a following fraud-preventing bit, one can also directly count the number of emitted fraud-preventing bits as a function of time. When the actual end of the fraud-preventing bit string is detected by the central unit of the vehicle, the unit transmits 60 a signal Fr out to stop counting the cheating preventing bits and sending out a signal representative of the number of counted bits from the counter 68 to the microcontroller 50 evoke, as indicated by the arrow 69 is indicated. If, as in 5 As shown, the actual end Fr is within the maximum receive window Fm, this means that no attempt to penetrate the transmission path has taken place. Depending on the number of bits, the microcontroller 50 calculate the actual distance between vehicle V and identification device I on the basis of a previously stored correlation table. If this distance exceeds the allowable distance, the communication is interrupted because either a penetration attempt has taken place, or simply because the communication is too far away from the vehicle.

The counter can thus detect an intrusion attempt using relay boxes between the vehicle and the identification device. However, an intruder could attempt to outsmart the system by pre-empting the signal before it is broadcast by the identification device. For example, an intruder, as soon as it detects the emission of a fraud-preventing bit by the vehicle with a relay box, can cause the emission of an anticipatory signal output, which precedes the return of the signal delayed by the delay line of the identification device. Advantageously, this signal output would have a duration which corresponds to the propagation time of the signal on the additional path between the identification device and the vehicle in relation to the maximum permissible distance. So would the envelope detector 66 of the vehicle V to detect the reception of the signal paragraph in the first place and then even cause the anticipatory radiation of the second fraud-preventing bit.

Due to the counter 68 For example, the system according to the invention can also determine whether the total number of fraud-preventing bits has been reliably received during a maximum reception window Fm, as shown in FIG 5 is shown. The chronograms of 5 to 9 correspond to a signal transmission without intrusion attempt. The actual end Fr of the reception of the fraud-avoiding bit string is in these figures, as in FIG 5 The total reception period Tt of the fraud-preventing bits is calculated according to the following formula: Tt = n (Dl + Tb + ε + 2δ). Thus, it will be noted that with a number of n-fraud preventing bits, the propagation time 2δ, which is a direct function of the distance between the identification device and the vehicle, is multiplied by the variable n. Thus, while it is difficult to detect time lengths on the order of tens of nanoseconds with low cost electronic circuitry, it is much easier to detect times on the order of n × tens of ns, ie, on the order of ms. However, if the intruder anticipates the return of the signal by the identifier, the variable 2nδ remains within the acceptable range and the system can not detect the intrusion attempt.

To For this purpose you can alternatively or additionally another option Provide the delay time due to the propagation of the signal.

The phase demodulator 67 provides a signal characteristic of the function goh on line V9 which is coupled to an input of an exclusive-OR logic gate 70 connected is. This logic gate 70 receives at its other input a characteristic of the function h signal V8, which at the output of the numerical delay 59 is delivered. The logic gate 70 can, as in 3 shown replaced by another type of mixer. The signal V8 corresponds to the signal V7 with a time delay Dl of the analog delay 103 the identification device I. The logic gate 70 provides at the output a signal V10 which is characteristic of the time offset between the signals V8 and V9, ie a signal representing the encrypted authentication signal g emitted by the identification device I, with a small time offset which represents the propagation time of the signal 2δ is equal to, as in 8th is shown.

The output of the logic gate 70 is with a branch between on the one hand a low-pass filter 71 middle clock mk, which is the clock corresponding to the signal g, and on the other hand, another exclusive-OR logic gate 73 connected. The low pass filter 71 is with a cache 72 connected, which the signal with clock mk in the clock sk converts it to microcontroller 50 which compares the signal g originating from the authentication device with the signal g generated in the vehicle in order to authenticate the communication, which is the last step 10 in the 1 corresponds to the scheme shown.

The microcontroller 50 supplies the vehicle signal g to a buffer 74 with clock sk, so that it with the clock mk to the other input of the above logic gate 73 forwards. On line V11 the signal g is shown, which exactly corresponds to the signal g generated by the identification device, which, as in FIG 8th shown on the line I6 is broadcast. The logic gate 73 mixes the signals V10 and V11 to output at the output only the timings due to the propagation time of the signal between the vehicle V and the identification device I, as shown on the line V12. The output of the logic gate 73 is with the input of an integrator 75 connected, which outputs at its output a signal V13, which increases as a function of time for each pulse C, which represents the propagation time of the signal, step-like manner. The line V13 is connected to the input of a unit 76 connected to the other input a limit 77 which corresponds to an acceptable maximum total propagation time n × 2δ ≥ T max, where δ corresponds to the propagation time at an authorized distance. Depending on whether the amplitude of the output signal on the line V13 is greater than the limit value 77 or not, is a scam signal on the line 78 to the microcontroller 50 sent or not.

The integrator 75 makes it possible to detect an intrusion even in the case where the intruder adds a preemptive heel to the signal returned by the identification means. Namely, if this signal paragraph the counter 68 becomes the logic gate 73 In contrast, at least in one of two cases, this signal output is interpreted as a faulty signal and therefore at the output a pulse corresponding to this signal output is emitted, whereby the pulse is transmitted through the integrator 75 is added in the same way as delays due to propagation time.

Finally, the microcontroller 50 about in the 3 and 4 illustrated way 80 provide different output signals to other components of the vehicle.

exemplary is the average clock mk between 20 and 60 times lower than that Clock fk.

According to a variant, one can use the antennas 54 and 63 of the vehicle V by a single antenna 82 replace that in 4 is shown in dashed lines, wherein the antenna 82 with an in 4 dashed diplexer 81 is connected, if necessary to switch between the reception mode and the transmission mode. In the same way you can use the antennas 100 and 112 the identification device by a single with a diplexer 120 connected antenna 121 replace that in 4 are shown in dashed lines. The diplexers 81 and 120 can communicate with each other, as shown by the double arrow T.

According to a in 4 In the embodiment shown, the central unit is provided with at least two, for example three, transceiver antennas, such as the single antenna 82 , which are arranged in several places of the vehicle V. The range measurements are then performed sequentially between the identification device I and each transceiver antenna of the vehicle V. These distance measurements are made over the propagation time δ of the cheating-preventing bits by means of the above-mentioned correlation table. In this variant, it is possible to locate the position of the identification device precisely by means of a trianulation calculation carried out by the central unit, for example with an accuracy of a few centimeters or a few tens of centimeters. This also makes it possible to take into account the position of the identification device I with respect to the vehicle V, for example as to which door is the closest, in the decision made in the central unit to control the locking or unlocking of the doors of the vehicle. This variant can obviously also be realized with separate emission and reception antennas.

In all these cases, the delay line allows 103 the identification device I to separate the re-transmission of each fraud-preventing bit of its receipt, so that the same radio frequency for the transmission of the corresponding signals from the vehicle V towards the identification device I (arrow E or T) and from the identification device I in the direction of the vehicle V (arrow RE or T) can be used.

As in 5 recognizable on the line V3, the vehicle V receives, after receiving the signal hog, a signal hos originating from the identification device, where s represents service data which modulate the signal h by phase inversion, as was the case with the signal g whose length is less than that is the signal h.

Since the fraud-preventing bit string h is a binary random or pseudorandom sequence, it results to a spectral broadening of the radio frequency signals used for the transmission from the vehicle to the identification device and vice versa. This spectral broadening is greater, the higher the modulation clock fk, which is used to transmit the fraud-preventing bit series h. It is known that such a spectral broadening is advantageous in terms of the robustness of the signal to interference and multiple echoes, which facilitates the multiple transmission of the signal, for example the round trip of the signal between the vehicle and the identification device. In contrast, the wider the spectrum of the signal RE, the more difficult the demodulation of the encrypted authentication signal g in the central unit of the vehicle.

The arrangement of the delay line 103 for sending back the successive fraud-preventing bits h delayed by one actual bit duration, and the modulation of the high-rate encrypted authentication signal gf, which is itself transmitted at medium clock rate mk, ensures that the corresponding demodulation key, ie the same random row of fraud-preventing bits h, at any time upon receiving the signal RE in the central control unit, so that the demodulation of the received signal RE can be performed independently of the amount of spectral broadening of the signal.

Furthermore is the robustness of the access system to multiple echoes, for example in the case where the signal E emitted by the central unit of the identification device I in the form of a directly transmitted Signal and in the form of an echo reflected at an obstacle is ensured by that the identification means I always on the first received Signal reacts, which can only be the directly transmitted signal.

Even though the invention in connection with a specific embodiment it is obvious that by no means limited is and that they are all equivalent Includes techniques of the described means as well as combinations thereof, if these fall within the scope of the invention as represented by the claims is defined.

Claims (12)

A hands-free automobile access system (V) comprising a central control unit located in the vehicle and identification means (I) to be carried by a user (U) for establishing a bidirectional wireless remote connection with the central unit to the user to authenticate and control blocking / release means of the locks of the doors when the user has been recognized as authorized, the system being arranged to establish the mutual connection when the identification device is at a distance from the vehicle is less than a predetermined maximum distance, the central unit being able to send encrypted authentication data (R, f) towards the identification device (I), wherein the identification device can generate in response an encrypted numerical authentication signal (g), characterized in that the centr in the communication after the emission of the encrypted authentication data (R, f) can generate a fraud-preventing bit string (h), each bit of the row being emitted in the form of a high-frequency signal characteristic of the bit towards the identification means (I), the identification means (I) a phase inverter ( 109 ) for selectively reversing the phase of the fraud preventive bit characteristic signal received from the identification means from the vehicle (V), the inverter receiving, for each fraud preventive bit, the identification device encrypted numerical authentication response signal (g) a slower clock (mk) than that (fk) of the fraud-preventive bit string is controlled so that when the identification means receives the characteristic of a fraud-preventing bit signal, the latter is returned by the identification means with a delay time (Dl) greater than or equal to actual emission duration (Tb) of the bit in a form modulated by the encrypted numerical authentication response signal (g), and in that the reception of the returned signal by the central control unit is the emission of the signal characteristic of the following bit the series is triggered by the central unit, whereby the number of the transmitted or received bits of the series from a counter ( 68 ) of the central unit is counted as the number and the real duration (Tt), which corresponds to the transmission or reception of this number of bits to detect a fraudulent attempt when exceeding a predetermined threshold, which causes a termination of the communication. A system according to claim 1, characterized in that the predetermined limit value is determined by a time window (Fm) corresponding to the theoretical total duration of transmission of the fraud-preventing bit series when the identification device (I) is at a distance which is less than or equal to the predetermined one Maximum distance is, and the central control unit can determine the fraud attempt, if the total number of bits of the fraud-preventing row of the central control unit in this window has not been sent or received. System according to one the claims 1 or 2, characterized in that the central unit in the memory has a correlation table with two variables, namely the Number of emitted bits and the corresponding real emission duration, as a result, the real distance between the identification means and the central unit, with the data of the table in advance were determined by experiments and can be updated regularly. System according to one the claims 1 to 3, characterized in that the counting of the number of emitted Bits are aborted when the central unit receives the last Bits (hn) of the fraud-preventing row detected. System according to one of claims 1 to 4, characterized in that the identification device (I) an analog delay line ( 103 ) to return the signal received from the vehicle (V) to the vehicle at a predetermined delay time (Dl). System according to one of claims 1 to 5, characterized in that the central control unit comprises an oscillator ( 55 ) for generating high-frequency carrier waves, which is connected to a phase modulator ( 56 ) controlled by the fraud-preventing bit series (h) generated by the central unit of the vehicle (V). System according to one of claims 1 to 6, characterized in that the central unit of the vehicle (V) has a phase demodulator ( 67 ) for demodulating the signal received from the vehicle and originating from the identification device (I) and an exclusive OR logic gate ( 70 ) whose inputs with the phase demodulator or a delay for numeric signals ( 59 the retarder being able to delay each bit of the anti-fraud row (h) generated by the central unit by the actual duration of one bit (Tb), and the logic gate at the output being able to provide a numerical signal (V10) indicative of the encrypted one Response signal of the identification device is characteristic. System according to claim 7, characterized in that the output of the above-mentioned exclusive-OR logic gate ( 70 ) signal (V10) for authenticating the identification means (I) is compared by the central unit with an encrypted numerical authentication signal (g) generated by the central unit. System according to one of claims 7 or 8, characterized in that the output of the exclusive-OR logic gate ( 70 ) with an input of a second exclusive-OR logic gate ( 73 ) whose other input receives an encrypted numerical authentication signal (g) generated by the central processing unit to output at the output a signal (V12) characteristic of the successive time shifts of each bit of the fraud preventing row, the latter signal at the input an integrator ( 75 ) is received to form the sum of the response times associated with each shift interval (C) of the fraud-preventing bits, the output of the integrator being connected to a comparator ( 76 ) is connected to the sum of the response times with a predetermined maximum duration ( 77 ) above which a fraud attempt is detected. System according to one of Claims 1 to 9, characterized in that the signal received by the identification device (I) is received by the central processing unit and sent to the input of an envelope detector ( 66 ) is detected to detect the rising edge of the signal, wherein the detection of the rising edge on the one hand, the increase of the counter of the number of bits ( 68 ) on the one hand and on the other hand triggering the transmission of the following bit in the fraud-preventive bit string after a predetermined period corresponding to the duration of a useful bit, optionally increased by an additional period of time (ε) to avoid any interference between the transmission and reception of the signal through the central unit to prevent. System according to claim 10, characterized in that the central unit comprises an all-or-nothing modulator ( 57 ) to switch the central processing unit into the transmitting or receiving module for signals in or out of the direction of the identification means (I), the all-or-nothing modulator being controlled by the detection of the leading edge of the signal originating from the identification means. System according to one of claims 1 to 11, characterized in that the identification means a receiver ( 102 ) for receiving low clock (sk) wake-up signals (e), the receiver sequentially scanning a low-threshold static high-frequency envelope detector (Fig. 104 ) and a low frequency amplifier ( 105 ) having.