Vehicle Security Device
The present invention relates to vehicle security devices, in particular vehicle security devices for vehicles such as cars, trucks, motorbikes and the like.
To prevent vehicles from being broken into or stolen, they are fitted with security devices, such as door locks and steering locks. They also have ignition keys which are required to start the engine.
Door locks can be unlocked by manually inserting a key into a key barrel. Alternatively, the lock can be unlocked remotely by pressing buttons or the like on an active remote operating device. Typically, the active remote operating device operates via radio frequency to communicate with the vehicle. Electric motors operate to unlock the lock, thereby allowing subsequent opening by manual operation of a door handle or the like.
Once the door has been opened and the driver has entered the vehicle, a key can be inserted into an ignition key barrel. By turning the key, the engine can be started in a manner well-known in the art. Typically, the active remote operating device and the key can be integrated into a single unit.
The active remote operating system can typically operate over a range of 20 to 100 metres from the vehicle. The operating frequency of the remote operating system in Europe is typically 433 MHz. Other territories may use other frequencies.
When the vehicle is locked remotely, a locking signal is transmitted from the remote unlocking device which is received by the vehicle which then causes the locks to be locked. Some vehicles indicate that locking has occurred, for example by flashing the hazard warning lights.
Smart key systems have recently been developed which allow a driver to both unlock a door lock and enter a vehicle without the driver having to specifically operate any buttons
of a remote operating device, or insert a key into a vehicle door lock.
Smart key systems also allow the driver to start the vehicle's engine without having to insert an ignition key or the like into an ignition key barrel.
A smart key system allows the driver to lock/unlock and start/stop the vehicle without having to interact with the remote operating device. Thus smart keys are passive remote operating devices. A typical smart key system defines three external smart operating ranges and one internal smart operating range as shown in Figure 1. The vehicle will only respond to lock/unlock requests if a valid smart key is located within one of the external smart operating ranges. For instance, if a request to unlock is made from the driver's door, then the system will check the driver's side external smart operating range for a valid smart key. If a valid smart key is present, the door will unlock whereas if a valid smart key is not present, the door will not unlock.
An unlock request may be initiated by lifting or otherwise moving an external door handle of the door. Alternatively, an unlock request may be initiated by other means such as pressing a button or the like mounted on the external surface of the vehicle.
With regard to starting the engine, the vehicle will only respond to an engine start request if a valid smart key is located within the internal smart operating range. If a valid smart key is present, the engine will start, whereas if a valid smart key is not present, the engine will not start.
An engine start request may be initiated by pressing an engine start button or the like.
The smart operating ranges are typically defined by low frequency signal fields emitted 1 to 2 metres from antennae on the vehicle, see for example Figure 1. Examples of suitable frequencies are 20 KHz or 125KHz though other frequencies could be used.
When a lock/unlock or start request is made the corresponding antenna on the vehicle
transmits, in this example, a 125 KHz challenge signal. If a valid smart key is located within the smart operating range, it will receive the 125 KHz challenge signal and transmit an authentication response signal on 433 MHz or other suitable frequency allowing the request to be processed. This is illustrated in Figure 2.
However, the security of both active remote operating devices and passive remote operating devices such as smart key systems can be compromised.
With regard to vehicles using passive remote operating devices such as smart key systems, they can be subject to a 'relay attack'.
Normal operation of a passive remote operating device such as a smart key is as follows. The user of the system will have the remote operating device somewhere upon their person, for example in their pocket. As the user approaches the vehicle they enter the "external smart range" field of the vehicle. The user then initiates an action such as touching the door handle to commence the unlocking of the vehicle. The door handle typically has some form of motion sensor/pressure point/pressure sensor to determine when such an event has occurred. Upon the detection of such an initiation event, the central computer within the vehicle will transmit a polling request to determine which smart key (if any) are in the vicinity of the car. As a particular smart key is associated with a particular vehicle, such as via a unique universal identifier (UUID), the polling request is therefore able to determine if the correct smart key is within the vicinity of the car thereby indicating a likely entrance event. Once the smart key has been identified as being associated with the car, via its UUID, the central computer of the car initiates a challenge protocol. In some smart key systems the polling request and challenge protocol are emitted as part of the same transmission. The challenge protocol typically comprises a header identifying the car and a sequence of randomly generated numbers which forms part of a challenge signal which is sent to the smart key within the vicinity of the car. The randomly generated sequence of numbers transmitted from the car to the smart key when processed by an encryption key stored on the smart key which would return a new sequence of numbers. As the encryption key is known to both the computer and smart
key the central computer can determine the response to the challenge. By comparing the received sequence of numbers from the smart key with the expected sequence of numbers from the smart key the central computer within the car is therefore able to determine if the smart key which has been identified at the polling request stage is indeed the key fob associated with the car. If the expected reply is indeed the same as the transmitted reply, the car then initiates the unlock protocol by opening the relevant door locks. A similar protocol is also used for starting the car engine where instead of the user touching the door handle presses a car start button or the like. Typically, to maintain an acceptable user experience the car must be able and unlock a car in 250-350ms from the initiation of contact.
However, during a relay attack the following sequences of events occur. In summary, the purpose of the relay attack is to extend the range of the smart key system so that the signal can be used when it is outside of the normal 1-2 metre range of the low frequency signal.
In more detail, upon receiving the transmitted low frequency signal, the smart key will automatically reply with a high frequency response which will propagate 20 to 100 metres back to the vehicle. This reply will authenticate the request made by the vehicle. Such an attack system allows a thief to unlock a door, enter the vehicle, start the engine, and drive away all without being in possession of the smart key.
Smart key systems use proven encryption, or other secure methods, to verify the unlock and start requests. The relay attack does not break the encryption, it simply transfers the challenge signal to a smart key (in the possession of the driver) which is no longer in the immediate vicinity of the vehicle.
The smart key relay attack involves capturing the challenge signal from the vehicle and transmitting it remotely to a smart key which is not within the vicinity of the vehicle. Upon receiving the 125 KHz challenge signal, the smart key will automatically reply on 433MHz. This reply will transmit between 20 to 100 metres back to the vehicle. If the
vehicle receives this response, it will then assume that the remote control is within the smart operating range (e.g. 1 to 2 metres) and as such the request will be authenticated and the door will be unlocked and hence openable.
Once the thief has gained entry into the vehicle, a second relay attack occurs in respect of starting the engine. Thus the thief will instigate an engine start request, e.g. by pressing the engine start button, the smart system will send a 125 KHz challenge signal which is then relayed to the vicinity of a valid smart key which then sends an authentication response signal on 433 MHz. If the vehicle received this response, it will assume that the smart key is within the smart internal operating range and as such the engine start request will be authenticated and the engine will start, allowing the vehicle to be driven away by the thief.
One method of operating a relay attack is as follows:
The thieves operate in pairs, with thief A carrying a first attack device 1 and thief B carrying a second attack device 2.
The thieves wait until a suitable vehicle having a smart key system is parked. The driver exits the vehicle carrying the smart key and locks the vehicle in the normal manner. Depending on the system configuration, this may require a switched input at the door handle or in other cases simply walking away from the vehicle is sufficient to initiate a lock command when the smart key passes out of range.
Thief A approaches the vehicle carrying the first attack device 1 within the external smart operating range of the vehicle. Thief B carries the second attack device 2 to a position within 1 to 2 metres of the smart key, for example by walking close behind the vehicle driver. Thief A instigates an unlock request by lifting a door handle or the like. The vehicle transmits a 125 KHz challenge signal which is received by the first attack device 1 and transmitted (typically by a radio frequency signal) to the second attack device 2 which re-transmits the 125 KHz challenge signal. This challenge signal is received by the
smart key which then transmits a 433 MHz authentication response signal. If the smart key is still within 20 to 100 metres of the vehicle, the 433 MHz signal will be received directly by the vehicle which will unlock. If the smart key is more than 100 metres from the vehicle, the 433 MHz signal will be received by the second attack device 2 which will then transmit this signal (typically by a radio frequency signal) to the first attack device 1 which re-transmits the 433 MHz authentication response signal to the vehicle, unlocking it.
Thief A opens the door and enters the vehicle with the first attack device 1 and instigates an engine start request, for example by pressing the engine start button, the vehicle transmits a 125 KHz challenge signal which is received by the first attack device 1 and transmitted (typically by a radio frequency signal) to the second attack device 2 which retransmits the 125 KHz challenge signal. This challenge signal is received by the smart key which then transmits a 433 MHz authentication response signal. If the smart key is still within 20 to 100 metres of the vehicle, the 433 MHz signal will be received directly by the vehicle and the vehicle's engine will start. If the smart key is more than 100 metres from the vehicle, the 433 MHz signal will be received by the second attack device 2 which will then transmit this signal (typically by a radio frequency signal) to the first attack device 1 which re-transmits the 433 MHz authentication response signal to the vehicle, starting the engine.
The object of the present invention is to provide an improved security system for a vehicle.
Thus, according to the present invention, there is provided a portable vehicle security device capable of emitting a sensory signal when receiving a challenge signal from an associated vehicle. In an embodiment, the sensory signal is emitted when the portable security device issues the response to the challenge. That is to say, when the portable security device has determined the response to the challenge protocol and has sent the response to the central computer in the vehicle.
Advantageously, when such a system is used with a passive remote operating system such as a smart key system, under normal circumstances once the smart key is no longer inside the external operating range, the portable vehicle security device will not emit any sensory signal. Thus, in the event that the portable vehicle security device does emit a sensory signal when the driver is more than 1 to 2 metres from the vehicle, this is an indication that a relay attack is taking place, thereby allowing the driver to immediately contact the police and to observe any people in their immediate vicinity (i.e. people within 1 to 2 metres of them) who might therefore be one of the thieves (thief B).
The invention will now be described by way of example only with reference to the accompanying drawings, in which:
Figure 1 shows a known vehicle having a smart key system,
Figure 2 shows a schematic view of the normal operation of a smart key system,
Figure 3 shows a schematic view of a relay attack,
Figure 4 shows a first embodiment of a portable vehicle security device according to the present invention used in conjunction with a remote operating device, Figure 5 shows a second embodiment of a portable vehicle security device according to the present invention used in conjunction with a smart key.
Figure 6 shows a third embodiment of a portable vehicle security device according to the present invention, and
Figure 7 shows a fourth embodiment of a portable vehicle security device according to the present invention.
With reference to figures 1 to 3 there is shown a vehicle 10 used in conjunction with a smart key system 20. The vehicle has four passenger doors 11, 12, 13 and 14. For the avoidance of doubt the term 'passenger door' refers to doors through which passengers enter and exit the vehicle, and also any doors by which the driver can enter and exit the vehicle.
The vehicle also includes a boot lid 15 to enable access to the boot.
Smart key antennae 21, 22, 23, 24 and 25 are mounted as shown on the vehicle. Smart key antennae 21, 22 and 23 have a smart key antenna operating range of 21 A, 22 A and 23A respectively, which are external to the vehicle. Smart key antennae 24 and 25 collectively have a smart key antenna operating range 24A. In this case the smart key antenna operating range 24A covers the whole of the passenger cell of the vehicle. The smart key system 20 also includes the smart key 26. Typically the smart key 26 will be carried in a user's pocket, handbag or the like. The vehicle also has a central computer, comprising of a processor, volatile memory and some form of writeable memory (not shown). The central computer is also configured to receive and transmit signals from the smart key antenna 21, 22, 23, 24 and 25.
Passenger doors 11, 12, 13 and 14 each have a door handle 11 A, 12A, 13A and 14A respectively. Operating, for example lifting, door handle 11A creates a door opening request and causes the smart key antenna associated with that door handle, in this case smart key antenna 21, to transmit a 125 Khz challenge signal (though depending on the communications standards in place for a particular territory the frequency may be different). However, due to the relatively low frequency of the signal, it only transmits as far as the smart key antenna operating range 21 A and no further. In the event that valid smart key 26 is positioned within the smart key antenna operating range 21 A, the smart key 26 will transmit an authentication response signal on 433 MHz which is received by the vehicle 10 following which the request can be further processed to allow the door to be opened.
However, in the event that a valid smart key 26 is not positioned within the smart key antenna operating range 21 A, then no authentication response signal is generated and hence no authentication response signal is received by the vehicle 10, thereby preventing further processing of the request, and hence the door cannot be opened.
Operating door handle 12A also creates a door opening request and, depending on whether or not smart key 26 is within the smart key antenna operating range 21 A, door 12 will or will not open.
By analogy, in order to open the boot lid 15 a valid smart key 26 must be positioned within the smart key antenna operating range 23A when the boot handle is operated. Similarly, in order to open doors 13 or 14, a valid smart key 26 must be positioned within the smart key antenna operating range 22A when door handle 13A or 14A is operated.
In order to start the vehicle, an engine start request is generated by the driver pressing the start button, or the like. The smart key antennae 24 and 25 then generate a challenge signal at 125 KHz and if a valid smart key 26 is within the smart key antenna operating range 24A, i.e. the smart key is within the vehicle's passenger cell, then the smart key generates an authentication response signal on 433 MHz which is received by the vehicle 10, thereby allowing the request to be processed and the vehicle's engine to be started.
Figure 3 shows a relay attack in progress. Thief A generates a door opening request by lifting door handle 11A (ie a change of vehicle status request is carried out from the vehicle). The smart key antenna 21 transmits a 125 KHz challenge signal 4 into the smart key antenna operating range 21 A where it is received by first attack device 1 which is positioned within the smart key antenna operating range 21 A. First attack device 1 relays this signal via a long range transmitting medium 3, such as a 868 MHz radio frequency. The long range transmitting medium 3 is received by the second attack device 2 held by thief B who is close to the smart key 26, in this case positioned within the handbag of the owner C. The second attack device transmits a 125 KHz challenge signal 5 identical to the 125 KHz challenge signal 4. The smart key 26, upon receipt of the valid challenge signal 5 (since it is identical to challenge signal 4), then transmits a 433 MHz authentication response signal 6. Because the owner C and hence smart key 26 are still within 20-100 metres of the vehicle, the authentication response signal 6 is received directly by the vehicle 10 (since the vehicle 10 is still within range of the authentication response signal) and hence thief A can open door 11.
Thief A enters the vehicle together with the first attack device 1, presses the engine start button, and the relay attack is repeated so as to start the engine whereupon thief A drives
off with the vehicle and thief B can make his/her escape.
Thus the relay attack captures the 125KHz challenge signal 4 and transmits it remotely as challenge signal 5 to the smart key.
In the event that the owner and smart key is further away from the vehicle the first and second attack devices can be used to relay the 433 MHz authentication response signal back to the vehicle.
Figure 8 shows a flow chart of the process of identifying an owner of a vehicle with a smart key in accordance with an aspect of the invention. There is shown the step of initiating an action within the vehicle at step SI 02, the vehicle initiating a handshake protocol at step SI 04, the computer in the vehicle issuing a challenge at step SI 06, the smart key and computer calculating the response to the challenge at step SI 08, the smart key, such as a key fob, sending the response to the challenge to the computer at step SI 10, the computer comparing the received response from the smart key and the expected response at step SI 12, and the smart key emitting a sensory signal at step SI 14.
At step SI 02 a person who may be the legitimate owner of the car, or alternatively a thief, initiates a action to commence the unlocking procedure. The action to commence the unlocking procedure may be the lifting of a door handle 11 A or the boot handle. The door handles 11 A, 12 A, 13A and 14A and boot handle comprise a touch sensitive senor which is configured to determine when a person is contacting the door handle, which indicates that are user is lifting the door handle in an attempt to open the car door. In further embodiments other forms of sensor may be used. The touch sensors are in communication with the central computer of the vehicle (not shown) which is configured such that when it receives a signal from a door handle, for example at 11 A, that an unlocked event has been initiated, the central computer emits a polling signal at step SI 04.
At step SI 04 the central computer initiates a handshake protocol to predetermine what
devices are within the smart key antenna operating range 21 A, 22 A, 23 A of the vehicle. The handshake protocol comprises a wake-up signal, a header identifying the vehicle and a request for the identification of any transmitting devices within the smart key antenna operating range. The form of the wake up signal is dependent on communication protocols used between the smart key and computer. In an embodiment the smart key is in low-power or sleep state and remains in the low-power/sleep state until such time it receives a wakeup signal from the central computer. If a wakeup signal is detected the smart key will power up, out of the low power state and "wake up" in a known manner.
A vehicle will typically be identified with one or more smart keys via an identifier such as a universal unique identifier (UUID). Therefore, when the vehicle transmits the request for the UUID, the vehicle would be able to identify keys which are associated with a car. The smart key in response to the handshake protocol would emit a response signal, proportion of the signal comprising the UUID associated with the smart key. The central computer of the vehicle then compares the received UUID from the smart key with the expected new ID's which are known to be associated with the car. The UUID is associated with the car would typically be stored in the form of a memory associated with the computer. Such a comparison therefore allows the central computer of the car to ensure that the default is indeed associated with the car. This would prevent the situation where a different smart key is used to attempt to enter a car for which the smart key does not have the access rights to open (i.e. the car is not associated with that particular smart key).
If the smart key is identified as being associated with the car through the handshake protocol, the central computer of the car then transmits a further challenge signal at step SI 06. If the smart key is not identified as being associated with the car, the process terminates and the car remains unlocked. At step SI 06 the central computer of the car then initiates the challenge protocol to determine whether the UUID transmitted by the smart key fob is legitimate and that the smart key is indeed the smart key which is identified by the UUID. As the UUID does not change and accordingly may be determined, this step ensures that the UUID associated with the smart key has not been
transmitted in an attempt to compromise the car. The challenge signal emitted at step SI 06 comprises a 64 bit sequence which represents the challenge signal. In further embodiments longer bit sequences such as a 128 bit sequence may be used. The challenge signal is randomly generated and therefore changes each time a challenge signal is sent out. The challenge signal is generated by the central computer using a hidden encryption key, preferably one with a high entropy to ensure the unpredictable nature of the challenge signal, and is transmitted at a frequency of 125 hz. The generated challenge signal is preferably stored within a volatile memory associated with the central computer of the car.
It is preferable to use a hidden encryption algorithm with a high entropy to generate the challenge signals in order to prevent any third party from attempting to compromise the system by determining what the likely next challenge signal would be. If a third party were able to determine what the next likely challenge signal would be, they would be able to use this signal to interrogate a smart key and determine the response which could then be used to open the door of the vehicle and/or start the engine without the owner's permission.
In alternative embodiments steps SI 04 and SI 06 may occur concurrently with the central computer of the car emitting the polling request and the challenge request in the same packet. As described above, as it is desirable for a user to experience no appreciable delay (typically 250-350ms) when legitimately trying to open a door or starting the engine, in order to save time steps SI 04 and SI 06 occur concurrently.
At step SI 08, the smart key receives the challenge signal and determines a response to the challenge signal. As the smart key has to determine the response to the challenge signal the smart key comprises a processor and a form of memory upon which a hidden encryption key is stored. The smart key further comprises a transceiver element enabled to receive and transmit signals at the low and high frequency ranges (typically 125KHz, 433MHz, though depending on the communications standard for a particular territory other frequency ranges may be used). The processor is configured to generate the
challenge response based on the received challenge signal using the stored encryption algorithms.
In a preferred embodiment both the central computer and smart key have an encryption algorithm and secret key code which is used to determine the response to the challenge signal. The secret key code is only known to the central computer of the car and smart keys associated with a particular car. The encryption algorithm may be known to a plurality of cars, and such a system is analogous to a public key encryption where the secret key code is equivalent to the private key. In other embodiments the algorithm is hidden and only known to a particular car and its associated smart keys. The algorithm may be a one way cipher such as a cryptographic hash function. As the algorithm is hidden and known only to both the computer and key the response to the challenge signal determined by both the smart key and the central computer should be identical (if the smart key and computer have the same algorithm). The calculation of the response by both the computer and smart key occurs at step SI 08. The 64 bit sequence of the challenge signal is processed by the hidden algorithm to determine a response. The response is preferably stored in both the smart key and the central computer of the car on the volatile memory.
The smart key transmits the response as part of an authentication response signal to the central computer at a higher frequency, typically 433Mhz. The authentication response signal typically comprises a header, the UUID associated with the smart key (and therefore the car), the determined response (which is typically a 128 bit sequence), and a check function to determine if the entire message has been correctly sent. Such check functions are known in the art. Therefore, at step SI 10 the smart key had identified a challenge request and determined a challenge response which is sent as part of the authentication response signal.
At step SI 12 the authentication response signal is received by the central car computer and compared to the expected response calculated by the central car computer and stored in the volatile memory. If the comparison of the expected and received response shows
that they are identical, this would indicate to the central computer that the challenge request is correct and that the key is therefore authorised to open the car door. The central computer then commences the standard unlocking procedure to unlock the car door. The above sequence of steps takes in the order of 250-350ms, and accordingly if the time step between steps SI 06 (i.e. the sending of the challenge signal) and step SI 10 (i.e. the receiving of the response signal) is beyond a predetermined time limit then the central computer would not allow the user access to the car.
At step SI 10 simultaneously the smart key fob will, also emit a sensory signal at step SI 14. As described previously, the sensory signal may be in the form of a vibration, a noise to act as an audible alarm, a flashing light or the like. Therefore, in an embodiment the sensory signal is only emitted by the smart key when a response to the challenge signal has been transmitted (i.e. at step SI 10). This embodiment is preferred, as it ensures that a response to a challenge signal has been transmitted, that is to say when the actions of the smart key may result in the opening of a car door and/or starting of a car engine. In a further embodiment the sensory signal is emitted in response to a "wake up" signal, which may be issued as part of the handshake protocol.
Advantageously, this prevents sensory signals being emitted when a potentially non critical events have occurred. For example, if a car owner were to walk in a car park which contained several cars which utilised the smart key system, a polling request sent by a different car, unrelated to the smart key fob, at step SI 04 would not result in the sensory signal being emitted as the smart key and car are unrelated and accordingly the smart key would not "wake up" and not send a response to the challenge signal.
In further embodiments the sensory signal may emit at other parts of the described sequence, for example the signal may be emitted in response to a polling signal at step SI 04,. In a further embodiment at step SI 12 when the central car computer has compared and accepted the request the sensory signal is emitted. In such an embodiment, central car computer transmits a further confirmatory signal to the smart key informing the smart key that the response has been deemed to be correct. Upon receipt of the confirmatory
signal the sensory signal is emitted.
Therefore, the system acts a passive alarm system as it responds to the receipt of information from the car.
With reference to figure 4, there is shown schematically a portable vehicle security device 30 according to the present invention. The portable vehicle security device 30 emits a sensory signal when it receives a valid challenge signal from its associated vehicle, in this case vehicle 10.
The device 30 in an embodiment typically be relatively small and light, typically no larger or heavier than a traditional key. The device 30 in an embodiment is further configured to act as theft prevention device by allowing the user to prevent the engine start authorisation code being sent. This may either be a switch to turn off the power to the smart key thereby preventing it from transmitting an responses to a challenge signal, or alternatively an input to the device which either prevents or adds a time delay to the authorisation signal. A time delay may give the owner the opportunity to assess the situation and take avoiding action, for example to move away from any suspicious persons in the vicinity.
Advantageously the power switch (or equivalent) 31 acts a further security device as in order to steal a vehicle a device 30 would have to emit two separate responses to a challenge signal. The first to unlock the car and the second to start the engine. If the user receives a sensory indication that a response to a challenge signal has been issued, indicating a break-in event, they could power down the device 30 via the power switch 31 and thus prevent the thief from starting the engine (as the first and second response would be different). The power switch 31 can therefore be used to prevent the key from transmitting the response to the second challenge signal. The power switch 31 therefore provides the user with the ability to prevent attacks when they have moved away from the vehicle.
The sensory signal can be an audible signal. Thus when a relay attack is taking place, and the owner is away from the vehicle, the device 30 will emit the audible signal. Since the owner is away from the vehicle, upon hearing the audible signal and knowing that he or she has not instigated a door opening request, he or she will deduce that someone else must have instigated a door opening request and that that other person could well be a thief and therefore the owner can take appropriate action such as calling the police and / or returning to their vehicle. Additionally, the owner will realise that thief B may well be very close, for example within 2 metres of the owner. The owner can therefore readily identify thief B.
In particular if such a system is attacked by thieves in the manner described, then the driver is alerted to both vehicle entry and unauthorised engine starting. After the first alert the driver will have a window of opportunity in which he may take action to prevent the second (engine start authorisation) from taking place, for example by moving out of range of the second attack device 2, e.g. by running away from thief B, thereby preventing the vehicle from being stolen.
Alternatively, the sensory signal may be a vibratory signal such that if device 30 is in the owner's pocket when a relay attack takes place device 30 will start to vibrate thereby alerting the owner.
Alternatively, the sensory signal may be a visual signal. Thus if device 30 is mounted on or incorporated into the owner's spectacles or sunglasses, the visual signal can be seen by the owner when a relay attack takes place.
The device 30 can be a completely separate device from the smart key 26. In particular the security of vehicles which were originally sold with just a smart key can be improved by the vehicle manufacturer supplying a device 30. The device 30 can then be kept with the smart key 26.
Figure 5 shows an alternative portable vehicle security device 32, which in this case is
integral with a smart key 26A.
Figure 6 shows an alternative portable vehicle security device 34, which in this case is integral with a smart key 26B and is also integral with a key blade 27, which key blade is insertable into a key barrel of a door of the associated vehicle to unlock the door in the event of power failure or other electrical problem of the unlocking system.
As described above, device 30 can be used with a smart key system. Alternatively, device 30 can be used in conjunction with an active remote operating system. Thus when a driver exits the vehicle and presses the lock button of the active remote operating system, the locking signal is transmitted from the active remote operating device to the vehicle, and the vehicle then transmits a challenge signal. Upon receipt of the challenge signal, device 30 emits a sensory signal. The absence of a sensory signal indicates that locking of the vehicle has not occurred and the driver can take appropriate action, for example locking the vehicle with a key blade.
As shown in figure 7, there is a portable vehicle security device 36 which is integral with an active remote operating device 37, having a lock button 38 and an unlock button 39.
As will be appreciated, the invention is applicable to both active remote operating devices and passive remote operating devices. The frequency of operation of the change of vehicle status request (such as an unlocking request, or an engine start request), can be any appropriate frequency. The frequency of a challenge signal can be any appropriate frequency. As described above, the vehicle will have a transmitter. As described above, the portable vehicle security device will have a receiver. The vehicle may have a transmitter and a receiver (i.e. a transceiver). The portable vehicle security device may have a transmitter and a receiver (i.e. a transceiver). Whilst the portable vehicle security device according to the present invention may be relatively small, for example may be the size of a traditional key, it may be larger than this. In particular, the portable vehicle security device according to the present invention may be incorporated into a mobile phone or a laptop computer or a palmtop computer or an MP3 player or the like.
Whilst the above embodiments have been described with relation to a smart key as a stand alone device, such as key fob, which is been used for locking and unlocking and starting the vehicle other types of smart key may be used.
In further embodiments, the smart key is integrated as part of a mobile telephone device, such as "smartphone" which would identify and authenticate the smart key using the same principles as discussed above. Smartphones have several communication channels, such as GSM, SMS, Bluetooth, NFC etc, and further able to communicate over a wide frequency of ranges as well a processor and memory, Therefore, the functionality associated with smart key, key fob devices can be incorporated into a smartphone. Advantageously, in the mobile phone embodiments the use of sensory signals such as vibration, lights, ring tones, SMS message, can easily be integrated with existing functionality which is typically used to indicate to a user when they have received a new message or telephone call. As described above with reference to Figure 8, in such an embodiment the smartphone is configured to emit a sensory signal, such as vibration and/or audible alarm when a response to a challenge signal has been emitted. In further embodiments, the smartphone may use known GPS capabilities of smartphone devices to determine whether to transmit a response to the challenge signal. In such an embodiment, when the user exits the vehicle the GPS location of the device is determined and stored in the memory of the smartphone. If the smartphone receives a challenge signal to open a door, which is identified by the header as being associated with the correct car, and the GPS location determined by the smartphone is greater than a predetermined distance (such as 5 metres) from the location of the car stored in the memory the smartphone would emit a sensory signal or even not respond to the challenge signal.
In further embodiments, the mobile phone smart key may be used to extend the range of the smart key to minimise the affect of a potential relay attack. For example, if a owner receives a sensory response signal at (as shown at step SI 14 in figure 8) and they identify such a signal as being associated with an attempt to break into their car, the long distance communication channels associated with a smart mobile telephone can be used to
remotely deactivate the vehicle. For example, if a user receives a sensory signal indicating that a response to a challenge signal has been issued and identifies this as a relay attack. The user contacts the central computer of the car by sending an SMS message or a GPRS to the central computer of the car to instruct the central computer of the car to enter a vehicle of shut down mode whereupon the doors are locked and/or the engine does not start. Advantageously as SMS and GPRS communication channels have a much greater range than those used in smartkeys, and accordingly the owner of the vehicle need not be within close range of the vehicle to send such a shut down signal.
In a further embodiment, the key fob may be in communication using the near field communication protocols (NFC) or Bluetooth communication protocols with a mobile device. Such connectivity between a smart key fob and a mobile telephone device are known in the art for example the Delphi TM smart phone connectivity system. By using the Bluetooth or NFC communication protocols the smart key fob can transmit a message to the mobile telephone device to initiate the sensory signals. It is well known within mobile telephone devices to vibrate and/or emit some noise upon receipt of a message. Accordingly, the embodiment takes advantage of the inbuilt functionality of known mobile phone devices. A further advantage of such embodiment is that the mobile telephone device typically has a much more powerful power supply, which is also easy to recharge, and therefore energy consideration without the powering of the device to emit a sensory signal are minimised.
In yet another smartphone based embodiment, the ability for the smartphone to cornmunicate with the central computer and acts as a smart key is provided in the form of a distributed application or "app". The application contains either the hidden encryption key or, more preferably, enables the user to download part or the whole of the encryption key or algorithm. Furthermore, the application is enabled to transmit and receive messages using the existing communication channels present on the smartphone. Therefore, the functionality of the smart key fob and the method for alerting a user of the transmission of a challenge response as described above is provided to the smartphone by the application.