EP2601082A1 - Vehicle security device - Google Patents

Vehicle security device

Info

Publication number
EP2601082A1
EP2601082A1 EP11754900.6A EP11754900A EP2601082A1 EP 2601082 A1 EP2601082 A1 EP 2601082A1 EP 11754900 A EP11754900 A EP 11754900A EP 2601082 A1 EP2601082 A1 EP 2601082A1
Authority
EP
European Patent Office
Prior art keywords
vehicle
signal
response
security device
transceiver
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP11754900.6A
Other languages
German (de)
French (fr)
Inventor
Jeremy Grant Worthington
Gareth Bryn Jones
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secured By Design Ltd
Original Assignee
Secured By Design Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secured By Design Ltd filed Critical Secured By Design Ltd
Publication of EP2601082A1 publication Critical patent/EP2601082A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00555Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks comprising means to detect or avoid relay attacks

Definitions

  • the present invention relates to vehicle security devices, in particular vehicle security devices for vehicles such as cars, trucks, motorbikes and the like.
  • security devices such as door locks and steering locks. They also have ignition keys which are required to start the engine.
  • Door locks can be unlocked by manually inserting a key into a key barrel.
  • the lock can be unlocked remotely by pressing buttons or the like on an active remote operating device.
  • the active remote operating device operates via radio frequency to communicate with the vehicle. Electric motors operate to unlock the lock, thereby allowing subsequent opening by manual operation of a door handle or the like.
  • a key can be inserted into an ignition key barrel.
  • the engine can be started in a manner well-known in the art.
  • the active remote operating device and the key can be integrated into a single unit.
  • the active remote operating system can typically operate over a range of 20 to 100 metres from the vehicle.
  • the operating frequency of the remote operating system in Europe is typically 433 MHz. Other territories may use other frequencies.
  • a locking signal is transmitted from the remote unlocking device which is received by the vehicle which then causes the locks to be locked.
  • Some vehicles indicate that locking has occurred, for example by flashing the hazard warning lights.
  • Smart key systems have recently been developed which allow a driver to both unlock a door lock and enter a vehicle without the driver having to specifically operate any buttons of a remote operating device, or insert a key into a vehicle door lock.
  • Smart key systems also allow the driver to start the vehicle's engine without having to insert an ignition key or the like into an ignition key barrel.
  • a smart key system allows the driver to lock/unlock and start/stop the vehicle without having to interact with the remote operating device.
  • smart keys are passive remote operating devices.
  • a typical smart key system defines three external smart operating ranges and one internal smart operating range as shown in Figure 1. The vehicle will only respond to lock/unlock requests if a valid smart key is located within one of the external smart operating ranges. For instance, if a request to unlock is made from the driver's door, then the system will check the driver's side external smart operating range for a valid smart key. If a valid smart key is present, the door will unlock whereas if a valid smart key is not present, the door will not unlock.
  • An unlock request may be initiated by lifting or otherwise moving an external door handle of the door.
  • an unlock request may be initiated by other means such as pressing a button or the like mounted on the external surface of the vehicle.
  • the vehicle will only respond to an engine start request if a valid smart key is located within the internal smart operating range. If a valid smart key is present, the engine will start, whereas if a valid smart key is not present, the engine will not start.
  • An engine start request may be initiated by pressing an engine start button or the like.
  • the smart operating ranges are typically defined by low frequency signal fields emitted 1 to 2 metres from antennae on the vehicle, see for example Figure 1. Examples of suitable frequencies are 20 KHz or 125KHz though other frequencies could be used.
  • the corresponding antenna on the vehicle transmits, in this example, a 125 KHz challenge signal. If a valid smart key is located within the smart operating range, it will receive the 125 KHz challenge signal and transmit an authentication response signal on 433 MHz or other suitable frequency allowing the request to be processed. This is illustrated in Figure 2.
  • a passive remote operating device such as a smart key
  • the user of the system will have the remote operating device somewhere upon their person, for example in their pocket.
  • the user then initiates an action such as touching the door handle to commence the unlocking of the vehicle.
  • the door handle typically has some form of motion sensor/pressure point/pressure sensor to determine when such an event has occurred.
  • the central computer within the vehicle will transmit a polling request to determine which smart key (if any) are in the vicinity of the car.
  • the polling request is therefore able to determine if the correct smart key is within the vicinity of the car thereby indicating a likely entrance event.
  • the central computer of the car initiates a challenge protocol.
  • the challenge protocol typically comprises a header identifying the car and a sequence of randomly generated numbers which forms part of a challenge signal which is sent to the smart key within the vicinity of the car.
  • the randomly generated sequence of numbers transmitted from the car to the smart key when processed by an encryption key stored on the smart key which would return a new sequence of numbers.
  • the central computer can determine the response to the challenge.
  • the central computer By comparing the received sequence of numbers from the smart key with the expected sequence of numbers from the smart key the central computer within the car is therefore able to determine if the smart key which has been identified at the polling request stage is indeed the key fob associated with the car. If the expected reply is indeed the same as the transmitted reply, the car then initiates the unlock protocol by opening the relevant door locks.
  • a similar protocol is also used for starting the car engine where instead of the user touching the door handle presses a car start button or the like. Typically, to maintain an acceptable user experience the car must be able and unlock a car in 250-350ms from the initiation of contact.
  • the purpose of the relay attack is to extend the range of the smart key system so that the signal can be used when it is outside of the normal 1-2 metre range of the low frequency signal.
  • the smart key upon receiving the transmitted low frequency signal, the smart key will automatically reply with a high frequency response which will propagate 20 to 100 metres back to the vehicle. This reply will authenticate the request made by the vehicle.
  • Such an attack system allows a thief to unlock a door, enter the vehicle, start the engine, and drive away all without being in possession of the smart key.
  • Smart key systems use proven encryption, or other secure methods, to verify the unlock and start requests.
  • the relay attack does not break the encryption, it simply transfers the challenge signal to a smart key (in the possession of the driver) which is no longer in the immediate vicinity of the vehicle.
  • the smart key relay attack involves capturing the challenge signal from the vehicle and transmitting it remotely to a smart key which is not within the vicinity of the vehicle. Upon receiving the 125 KHz challenge signal, the smart key will automatically reply on 433MHz. This reply will transmit between 20 to 100 metres back to the vehicle. If the vehicle receives this response, it will then assume that the remote control is within the smart operating range (e.g. 1 to 2 metres) and as such the request will be authenticated and the door will be unlocked and hence openable.
  • a second relay attack occurs in respect of starting the engine.
  • the thief will instigate an engine start request, e.g. by pressing the engine start button, the smart system will send a 125 KHz challenge signal which is then relayed to the vicinity of a valid smart key which then sends an authentication response signal on 433 MHz. If the vehicle received this response, it will assume that the smart key is within the smart internal operating range and as such the engine start request will be authenticated and the engine will start, allowing the vehicle to be driven away by the thief.
  • the thieves operate in pairs, with thief A carrying a first attack device 1 and thief B carrying a second attack device 2.
  • the thieves wait until a suitable vehicle having a smart key system is parked.
  • the driver exits the vehicle carrying the smart key and locks the vehicle in the normal manner. Depending on the system configuration, this may require a switched input at the door handle or in other cases simply walking away from the vehicle is sufficient to initiate a lock command when the smart key passes out of range.
  • Thief A approaches the vehicle carrying the first attack device 1 within the external smart operating range of the vehicle.
  • Thief B carries the second attack device 2 to a position within 1 to 2 metres of the smart key, for example by walking close behind the vehicle driver.
  • Thief A instigates an unlock request by lifting a door handle or the like.
  • the vehicle transmits a 125 KHz challenge signal which is received by the first attack device 1 and transmitted (typically by a radio frequency signal) to the second attack device 2 which re-transmits the 125 KHz challenge signal.
  • This challenge signal is received by the smart key which then transmits a 433 MHz authentication response signal. If the smart key is still within 20 to 100 metres of the vehicle, the 433 MHz signal will be received directly by the vehicle which will unlock.
  • the 433 MHz signal will be received by the second attack device 2 which will then transmit this signal (typically by a radio frequency signal) to the first attack device 1 which re-transmits the 433 MHz authentication response signal to the vehicle, unlocking it.
  • Thief A opens the door and enters the vehicle with the first attack device 1 and instigates an engine start request, for example by pressing the engine start button, the vehicle transmits a 125 KHz challenge signal which is received by the first attack device 1 and transmitted (typically by a radio frequency signal) to the second attack device 2 which retransmits the 125 KHz challenge signal.
  • This challenge signal is received by the smart key which then transmits a 433 MHz authentication response signal. If the smart key is still within 20 to 100 metres of the vehicle, the 433 MHz signal will be received directly by the vehicle and the vehicle's engine will start.
  • the 433 MHz signal will be received by the second attack device 2 which will then transmit this signal (typically by a radio frequency signal) to the first attack device 1 which re-transmits the 433 MHz authentication response signal to the vehicle, starting the engine.
  • the object of the present invention is to provide an improved security system for a vehicle.
  • a portable vehicle security device capable of emitting a sensory signal when receiving a challenge signal from an associated vehicle.
  • the sensory signal is emitted when the portable security device issues the response to the challenge. That is to say, when the portable security device has determined the response to the challenge protocol and has sent the response to the central computer in the vehicle.
  • a passive remote operating system such as a smart key system
  • the portable vehicle security device will not emit any sensory signal.
  • the portable vehicle security device does emit a sensory signal when the driver is more than 1 to 2 metres from the vehicle, this is an indication that a relay attack is taking place, thereby allowing the driver to immediately contact the police and to observe any people in their immediate vicinity (i.e. people within 1 to 2 metres of them) who might therefore be one of the thieves (thief B).
  • Figure 1 shows a known vehicle having a smart key system
  • Figure 2 shows a schematic view of the normal operation of a smart key system
  • Figure 3 shows a schematic view of a relay attack
  • Figure 4 shows a first embodiment of a portable vehicle security device according to the present invention used in conjunction with a remote operating device
  • Figure 5 shows a second embodiment of a portable vehicle security device according to the present invention used in conjunction with a smart key.
  • Figure 6 shows a third embodiment of a portable vehicle security device according to the present invention.
  • Figure 7 shows a fourth embodiment of a portable vehicle security device according to the present invention.
  • a vehicle 10 used in conjunction with a smart key system 20.
  • the vehicle has four passenger doors 11, 12, 13 and 14.
  • the term 'passenger door' refers to doors through which passengers enter and exit the vehicle, and also any doors by which the driver can enter and exit the vehicle.
  • the vehicle also includes a boot lid 15 to enable access to the boot.
  • Smart key antennae 21, 22, 23, 24 and 25 are mounted as shown on the vehicle.
  • Smart key antennae 21, 22 and 23 have a smart key antenna operating range of 21 A, 22 A and 23A respectively, which are external to the vehicle.
  • Smart key antennae 24 and 25 collectively have a smart key antenna operating range 24A.
  • the smart key antenna operating range 24A covers the whole of the passenger cell of the vehicle.
  • the smart key system 20 also includes the smart key 26. Typically the smart key 26 will be carried in a user's pocket, handbag or the like.
  • the vehicle also has a central computer, comprising of a processor, volatile memory and some form of writeable memory (not shown). The central computer is also configured to receive and transmit signals from the smart key antenna 21, 22, 23, 24 and 25.
  • Passenger doors 11, 12, 13 and 14 each have a door handle 11 A, 12A, 13A and 14A respectively.
  • door handle 11A creates a door opening request and causes the smart key antenna associated with that door handle, in this case smart key antenna 21, to transmit a 125 Khz challenge signal (though depending on the communications standards in place for a particular territory the frequency may be different). However, due to the relatively low frequency of the signal, it only transmits as far as the smart key antenna operating range 21 A and no further.
  • the smart key 26 will transmit an authentication response signal on 433 MHz which is received by the vehicle 10 following which the request can be further processed to allow the door to be opened.
  • Operating door handle 12A also creates a door opening request and, depending on whether or not smart key 26 is within the smart key antenna operating range 21 A, door 12 will or will not open.
  • a valid smart key 26 in order to open the boot lid 15 a valid smart key 26 must be positioned within the smart key antenna operating range 23A when the boot handle is operated.
  • a valid smart key 26 in order to open doors 13 or 14, a valid smart key 26 must be positioned within the smart key antenna operating range 22A when door handle 13A or 14A is operated.
  • an engine start request is generated by the driver pressing the start button, or the like.
  • the smart key antennae 24 and 25 then generate a challenge signal at 125 KHz and if a valid smart key 26 is within the smart key antenna operating range 24A, i.e. the smart key is within the vehicle's passenger cell, then the smart key generates an authentication response signal on 433 MHz which is received by the vehicle 10, thereby allowing the request to be processed and the vehicle's engine to be started.
  • FIG 3 shows a relay attack in progress.
  • Thief A generates a door opening request by lifting door handle 11A (ie a change of vehicle status request is carried out from the vehicle).
  • the smart key antenna 21 transmits a 125 KHz challenge signal 4 into the smart key antenna operating range 21 A where it is received by first attack device 1 which is positioned within the smart key antenna operating range 21 A.
  • First attack device 1 relays this signal via a long range transmitting medium 3, such as a 868 MHz radio frequency.
  • the long range transmitting medium 3 is received by the second attack device 2 held by thief B who is close to the smart key 26, in this case positioned within the handbag of the owner C.
  • the second attack device transmits a 125 KHz challenge signal 5 identical to the 125 KHz challenge signal 4.
  • the smart key 26 upon receipt of the valid challenge signal 5 (since it is identical to challenge signal 4), then transmits a 433 MHz authentication response signal 6. Because the owner C and hence smart key 26 are still within 20-100 metres of the vehicle, the authentication response signal 6 is received directly by the vehicle 10 (since the vehicle 10 is still within range of the authentication response signal) and hence thief A can open door 11.
  • Thief A enters the vehicle together with the first attack device 1, presses the engine start button, and the relay attack is repeated so as to start the engine whereupon thief A drives off with the vehicle and thief B can make his/her escape.
  • the relay attack captures the 125KHz challenge signal 4 and transmits it remotely as challenge signal 5 to the smart key.
  • the first and second attack devices can be used to relay the 433 MHz authentication response signal back to the vehicle.
  • FIG. 8 shows a flow chart of the process of identifying an owner of a vehicle with a smart key in accordance with an aspect of the invention.
  • the step of initiating an action within the vehicle at step SI 02 the vehicle initiating a handshake protocol at step SI 04, the computer in the vehicle issuing a challenge at step SI 06, the smart key and computer calculating the response to the challenge at step SI 08, the smart key, such as a key fob, sending the response to the challenge to the computer at step SI 10, the computer comparing the received response from the smart key and the expected response at step SI 12, and the smart key emitting a sensory signal at step SI 14.
  • the action to commence the unlocking procedure may be the lifting of a door handle 11 A or the boot handle.
  • the door handles 11 A, 12 A, 13A and 14A and boot handle comprise a touch sensitive senor which is configured to determine when a person is contacting the door handle, which indicates that are user is lifting the door handle in an attempt to open the car door.
  • other forms of sensor may be used.
  • the touch sensors are in communication with the central computer of the vehicle (not shown) which is configured such that when it receives a signal from a door handle, for example at 11 A, that an unlocked event has been initiated, the central computer emits a polling signal at step SI 04.
  • the central computer initiates a handshake protocol to predetermine what devices are within the smart key antenna operating range 21 A, 22 A, 23 A of the vehicle.
  • the handshake protocol comprises a wake-up signal, a header identifying the vehicle and a request for the identification of any transmitting devices within the smart key antenna operating range.
  • the form of the wake up signal is dependent on communication protocols used between the smart key and computer.
  • the smart key is in low-power or sleep state and remains in the low-power/sleep state until such time it receives a wakeup signal from the central computer. If a wakeup signal is detected the smart key will power up, out of the low power state and "wake up" in a known manner.
  • a vehicle will typically be identified with one or more smart keys via an identifier such as a universal unique identifier (UUID). Therefore, when the vehicle transmits the request for the UUID, the vehicle would be able to identify keys which are associated with a car.
  • the smart key in response to the handshake protocol would emit a response signal, proportion of the signal comprising the UUID associated with the smart key.
  • the central computer of the vehicle compares the received UUID from the smart key with the expected new ID's which are known to be associated with the car.
  • the UUID is associated with the car would typically be stored in the form of a memory associated with the computer. Such a comparison therefore allows the central computer of the car to ensure that the default is indeed associated with the car. This would prevent the situation where a different smart key is used to attempt to enter a car for which the smart key does not have the access rights to open (i.e. the car is not associated with that particular smart key).
  • the central computer of the car transmits a further challenge signal at step SI 06. If the smart key is not identified as being associated with the car, the process terminates and the car remains unlocked.
  • the central computer of the car then initiates the challenge protocol to determine whether the UUID transmitted by the smart key fob is legitimate and that the smart key is indeed the smart key which is identified by the UUID. As the UUID does not change and accordingly may be determined, this step ensures that the UUID associated with the smart key has not been transmitted in an attempt to compromise the car.
  • the challenge signal emitted at step SI 06 comprises a 64 bit sequence which represents the challenge signal.
  • the challenge signal is randomly generated and therefore changes each time a challenge signal is sent out.
  • the challenge signal is generated by the central computer using a hidden encryption key, preferably one with a high entropy to ensure the unpredictable nature of the challenge signal, and is transmitted at a frequency of 125 hz.
  • the generated challenge signal is preferably stored within a volatile memory associated with the central computer of the car.
  • a hidden encryption algorithm with a high entropy to generate the challenge signals in order to prevent any third party from attempting to compromise the system by determining what the likely next challenge signal would be. If a third party were able to determine what the next likely challenge signal would be, they would be able to use this signal to interrogate a smart key and determine the response which could then be used to open the door of the vehicle and/or start the engine without the owner's permission.
  • steps SI 04 and SI 06 may occur concurrently with the central computer of the car emitting the polling request and the challenge request in the same packet.
  • steps SI 04 and SI 06 may occur concurrently with the central computer of the car emitting the polling request and the challenge request in the same packet.
  • the smart key receives the challenge signal and determines a response to the challenge signal.
  • the smart key comprises a processor and a form of memory upon which a hidden encryption key is stored.
  • the smart key further comprises a transceiver element enabled to receive and transmit signals at the low and high frequency ranges (typically 125KHz, 433MHz, though depending on the communications standard for a particular territory other frequency ranges may be used).
  • the processor is configured to generate the challenge response based on the received challenge signal using the stored encryption algorithms.
  • both the central computer and smart key have an encryption algorithm and secret key code which is used to determine the response to the challenge signal.
  • the secret key code is only known to the central computer of the car and smart keys associated with a particular car.
  • the encryption algorithm may be known to a plurality of cars, and such a system is analogous to a public key encryption where the secret key code is equivalent to the private key.
  • the algorithm is hidden and only known to a particular car and its associated smart keys.
  • the algorithm may be a one way cipher such as a cryptographic hash function. As the algorithm is hidden and known only to both the computer and key the response to the challenge signal determined by both the smart key and the central computer should be identical (if the smart key and computer have the same algorithm).
  • the calculation of the response by both the computer and smart key occurs at step SI 08.
  • the 64 bit sequence of the challenge signal is processed by the hidden algorithm to determine a response.
  • the response is preferably stored in both the smart key and the central computer of the car on the volatile memory.
  • the smart key transmits the response as part of an authentication response signal to the central computer at a higher frequency, typically 433Mhz.
  • the authentication response signal typically comprises a header, the UUID associated with the smart key (and therefore the car), the determined response (which is typically a 128 bit sequence), and a check function to determine if the entire message has been correctly sent.
  • check functions are known in the art. Therefore, at step SI 10 the smart key had identified a challenge request and determined a challenge response which is sent as part of the authentication response signal.
  • step SI 12 the authentication response signal is received by the central car computer and compared to the expected response calculated by the central car computer and stored in the volatile memory. If the comparison of the expected and received response shows that they are identical, this would indicate to the central computer that the challenge request is correct and that the key is therefore authorised to open the car door.
  • the central computer then commences the standard unlocking procedure to unlock the car door.
  • the above sequence of steps takes in the order of 250-350ms, and accordingly if the time step between steps SI 06 (i.e. the sending of the challenge signal) and step SI 10 (i.e. the receiving of the response signal) is beyond a predetermined time limit then the central computer would not allow the user access to the car.
  • the smart key fob will, also emit a sensory signal at step SI 14.
  • the sensory signal may be in the form of a vibration, a noise to act as an audible alarm, a flashing light or the like. Therefore, in an embodiment the sensory signal is only emitted by the smart key when a response to the challenge signal has been transmitted (i.e. at step SI 10). This embodiment is preferred, as it ensures that a response to a challenge signal has been transmitted, that is to say when the actions of the smart key may result in the opening of a car door and/or starting of a car engine. In a further embodiment the sensory signal is emitted in response to a "wake up" signal, which may be issued as part of the handshake protocol.
  • this prevents sensory signals being emitted when a potentially non critical events have occurred. For example, if a car owner were to walk in a car park which contained several cars which utilised the smart key system, a polling request sent by a different car, unrelated to the smart key fob, at step SI 04 would not result in the sensory signal being emitted as the smart key and car are unrelated and accordingly the smart key would not "wake up" and not send a response to the challenge signal.
  • the sensory signal may emit at other parts of the described sequence, for example the signal may be emitted in response to a polling signal at step SI 04,.
  • the central car computer at step SI 12 when the central car computer has compared and accepted the request the sensory signal is emitted.
  • central car computer transmits a further confirmatory signal to the smart key informing the smart key that the response has been deemed to be correct. Upon receipt of the confirmatory signal the sensory signal is emitted.
  • the system acts a passive alarm system as it responds to the receipt of information from the car.
  • the portable vehicle security device 30 emits a sensory signal when it receives a valid challenge signal from its associated vehicle, in this case vehicle 10.
  • the device 30 in an embodiment typically be relatively small and light, typically no larger or heavier than a traditional key.
  • the device 30 in an embodiment is further configured to act as theft prevention device by allowing the user to prevent the engine start authorisation code being sent. This may either be a switch to turn off the power to the smart key thereby preventing it from transmitting an responses to a challenge signal, or alternatively an input to the device which either prevents or adds a time delay to the authorisation signal.
  • a time delay may give the owner the opportunity to assess the situation and take avoiding action, for example to move away from any suspicious persons in the vicinity.
  • the power switch (or equivalent) 31 acts a further security device as in order to steal a vehicle a device 30 would have to emit two separate responses to a challenge signal. The first to unlock the car and the second to start the engine. If the user receives a sensory indication that a response to a challenge signal has been issued, indicating a break-in event, they could power down the device 30 via the power switch 31 and thus prevent the thief from starting the engine (as the first and second response would be different). The power switch 31 can therefore be used to prevent the key from transmitting the response to the second challenge signal. The power switch 31 therefore provides the user with the ability to prevent attacks when they have moved away from the vehicle.
  • the sensory signal can be an audible signal.
  • the device 30 will emit the audible signal. Since the owner is away from the vehicle, upon hearing the audible signal and knowing that he or she has not instigated a door opening request, he or she will deduce that someone else must have instigated a door opening request and that that other person could well be a thief and therefore the owner can take appropriate action such as calling the police and / or returning to their vehicle. Additionally, the owner will realise that thief B may well be very close, for example within 2 metres of the owner. The owner can therefore readily identify thief B.
  • the sensory signal may be a vibratory signal such that if device 30 is in the owner's pocket when a relay attack takes place device 30 will start to vibrate thereby alerting the owner.
  • the sensory signal may be a visual signal.
  • the visual signal can be seen by the owner when a relay attack takes place.
  • the device 30 can be a completely separate device from the smart key 26.
  • the security of vehicles which were originally sold with just a smart key can be improved by the vehicle manufacturer supplying a device 30.
  • the device 30 can then be kept with the smart key 26.
  • Figure 5 shows an alternative portable vehicle security device 32, which in this case is integral with a smart key 26A.
  • Figure 6 shows an alternative portable vehicle security device 34, which in this case is integral with a smart key 26B and is also integral with a key blade 27, which key blade is insertable into a key barrel of a door of the associated vehicle to unlock the door in the event of power failure or other electrical problem of the unlocking system.
  • device 30 can be used with a smart key system.
  • device 30 can be used in conjunction with an active remote operating system.
  • an active remote operating system When a driver exits the vehicle and presses the lock button of the active remote operating system, the locking signal is transmitted from the active remote operating device to the vehicle, and the vehicle then transmits a challenge signal.
  • device 30 Upon receipt of the challenge signal, device 30 emits a sensory signal. The absence of a sensory signal indicates that locking of the vehicle has not occurred and the driver can take appropriate action, for example locking the vehicle with a key blade.
  • a portable vehicle security device 36 which is integral with an active remote operating device 37, having a lock button 38 and an unlock button 39.
  • the frequency of operation of the change of vehicle status request (such as an unlocking request, or an engine start request), can be any appropriate frequency.
  • the frequency of a challenge signal can be any appropriate frequency.
  • the vehicle will have a transmitter.
  • the portable vehicle security device will have a receiver.
  • the vehicle may have a transmitter and a receiver (i.e. a transceiver).
  • the portable vehicle security device may have a transmitter and a receiver (i.e. a transceiver). Whilst the portable vehicle security device according to the present invention may be relatively small, for example may be the size of a traditional key, it may be larger than this.
  • the portable vehicle security device according to the present invention may be incorporated into a mobile phone or a laptop computer or a palmtop computer or an MP3 player or the like.
  • a smart key as a stand alone device, such as key fob, which is been used for locking and unlocking and starting the vehicle other types of smart key may be used.
  • the smart key is integrated as part of a mobile telephone device, such as "smartphone” which would identify and authenticate the smart key using the same principles as discussed above.
  • Smartphones have several communication channels, such as GSM, SMS, Bluetooth, NFC etc, and further able to communicate over a wide frequency of ranges as well a processor and memory, Therefore, the functionality associated with smart key, key fob devices can be incorporated into a smartphone.
  • the use of sensory signals such as vibration, lights, ring tones, SMS message, can easily be integrated with existing functionality which is typically used to indicate to a user when they have received a new message or telephone call.
  • the smartphone is configured to emit a sensory signal, such as vibration and/or audible alarm when a response to a challenge signal has been emitted.
  • the smartphone may use known GPS capabilities of smartphone devices to determine whether to transmit a response to the challenge signal.
  • the GPS location of the device is determined and stored in the memory of the smartphone. If the smartphone receives a challenge signal to open a door, which is identified by the header as being associated with the correct car, and the GPS location determined by the smartphone is greater than a predetermined distance (such as 5 metres) from the location of the car stored in the memory the smartphone would emit a sensory signal or even not respond to the challenge signal.
  • the mobile phone smart key may be used to extend the range of the smart key to minimise the affect of a potential relay attack. For example, if a owner receives a sensory response signal at (as shown at step SI 14 in figure 8) and they identify such a signal as being associated with an attempt to break into their car, the long distance communication channels associated with a smart mobile telephone can be used to remotely deactivate the vehicle. For example, if a user receives a sensory signal indicating that a response to a challenge signal has been issued and identifies this as a relay attack.
  • the user contacts the central computer of the car by sending an SMS message or a GPRS to the central computer of the car to instruct the central computer of the car to enter a vehicle of shut down mode whereupon the doors are locked and/or the engine does not start.
  • SMS and GPRS communication channels have a much greater range than those used in smartkeys, and accordingly the owner of the vehicle need not be within close range of the vehicle to send such a shut down signal.
  • the key fob may be in communication using the near field communication protocols (NFC) or Bluetooth communication protocols with a mobile device.
  • NFC near field communication protocols
  • the smart key fob can transmit a message to the mobile telephone device to initiate the sensory signals. It is well known within mobile telephone devices to vibrate and/or emit some noise upon receipt of a message. Accordingly, the embodiment takes advantage of the inbuilt functionality of known mobile phone devices.
  • a further advantage of such embodiment is that the mobile telephone device typically has a much more powerful power supply, which is also easy to recharge, and therefore energy consideration without the powering of the device to emit a sensory signal are minimised.
  • the ability for the smartphone to cornmunicate with the central computer and acts as a smart key is provided in the form of a distributed application or "app".
  • the application contains either the hidden encryption key or, more preferably, enables the user to download part or the whole of the encryption key or algorithm.
  • the application is enabled to transmit and receive messages using the existing communication channels present on the smartphone. Therefore, the functionality of the smart key fob and the method for alerting a user of the transmission of a challenge response as described above is provided to the smartphone by the application.

Abstract

A portable vehicle security device (30) capable of emitting a sensory signal when receiving a challenge signal from an associated vehicle.

Description

Vehicle Security Device
The present invention relates to vehicle security devices, in particular vehicle security devices for vehicles such as cars, trucks, motorbikes and the like.
To prevent vehicles from being broken into or stolen, they are fitted with security devices, such as door locks and steering locks. They also have ignition keys which are required to start the engine.
Door locks can be unlocked by manually inserting a key into a key barrel. Alternatively, the lock can be unlocked remotely by pressing buttons or the like on an active remote operating device. Typically, the active remote operating device operates via radio frequency to communicate with the vehicle. Electric motors operate to unlock the lock, thereby allowing subsequent opening by manual operation of a door handle or the like.
Once the door has been opened and the driver has entered the vehicle, a key can be inserted into an ignition key barrel. By turning the key, the engine can be started in a manner well-known in the art. Typically, the active remote operating device and the key can be integrated into a single unit.
The active remote operating system can typically operate over a range of 20 to 100 metres from the vehicle. The operating frequency of the remote operating system in Europe is typically 433 MHz. Other territories may use other frequencies.
When the vehicle is locked remotely, a locking signal is transmitted from the remote unlocking device which is received by the vehicle which then causes the locks to be locked. Some vehicles indicate that locking has occurred, for example by flashing the hazard warning lights.
Smart key systems have recently been developed which allow a driver to both unlock a door lock and enter a vehicle without the driver having to specifically operate any buttons of a remote operating device, or insert a key into a vehicle door lock.
Smart key systems also allow the driver to start the vehicle's engine without having to insert an ignition key or the like into an ignition key barrel.
A smart key system allows the driver to lock/unlock and start/stop the vehicle without having to interact with the remote operating device. Thus smart keys are passive remote operating devices. A typical smart key system defines three external smart operating ranges and one internal smart operating range as shown in Figure 1. The vehicle will only respond to lock/unlock requests if a valid smart key is located within one of the external smart operating ranges. For instance, if a request to unlock is made from the driver's door, then the system will check the driver's side external smart operating range for a valid smart key. If a valid smart key is present, the door will unlock whereas if a valid smart key is not present, the door will not unlock.
An unlock request may be initiated by lifting or otherwise moving an external door handle of the door. Alternatively, an unlock request may be initiated by other means such as pressing a button or the like mounted on the external surface of the vehicle.
With regard to starting the engine, the vehicle will only respond to an engine start request if a valid smart key is located within the internal smart operating range. If a valid smart key is present, the engine will start, whereas if a valid smart key is not present, the engine will not start.
An engine start request may be initiated by pressing an engine start button or the like.
The smart operating ranges are typically defined by low frequency signal fields emitted 1 to 2 metres from antennae on the vehicle, see for example Figure 1. Examples of suitable frequencies are 20 KHz or 125KHz though other frequencies could be used.
When a lock/unlock or start request is made the corresponding antenna on the vehicle transmits, in this example, a 125 KHz challenge signal. If a valid smart key is located within the smart operating range, it will receive the 125 KHz challenge signal and transmit an authentication response signal on 433 MHz or other suitable frequency allowing the request to be processed. This is illustrated in Figure 2.
However, the security of both active remote operating devices and passive remote operating devices such as smart key systems can be compromised.
With regard to vehicles using passive remote operating devices such as smart key systems, they can be subject to a 'relay attack'.
Normal operation of a passive remote operating device such as a smart key is as follows. The user of the system will have the remote operating device somewhere upon their person, for example in their pocket. As the user approaches the vehicle they enter the "external smart range" field of the vehicle. The user then initiates an action such as touching the door handle to commence the unlocking of the vehicle. The door handle typically has some form of motion sensor/pressure point/pressure sensor to determine when such an event has occurred. Upon the detection of such an initiation event, the central computer within the vehicle will transmit a polling request to determine which smart key (if any) are in the vicinity of the car. As a particular smart key is associated with a particular vehicle, such as via a unique universal identifier (UUID), the polling request is therefore able to determine if the correct smart key is within the vicinity of the car thereby indicating a likely entrance event. Once the smart key has been identified as being associated with the car, via its UUID, the central computer of the car initiates a challenge protocol. In some smart key systems the polling request and challenge protocol are emitted as part of the same transmission. The challenge protocol typically comprises a header identifying the car and a sequence of randomly generated numbers which forms part of a challenge signal which is sent to the smart key within the vicinity of the car. The randomly generated sequence of numbers transmitted from the car to the smart key when processed by an encryption key stored on the smart key which would return a new sequence of numbers. As the encryption key is known to both the computer and smart key the central computer can determine the response to the challenge. By comparing the received sequence of numbers from the smart key with the expected sequence of numbers from the smart key the central computer within the car is therefore able to determine if the smart key which has been identified at the polling request stage is indeed the key fob associated with the car. If the expected reply is indeed the same as the transmitted reply, the car then initiates the unlock protocol by opening the relevant door locks. A similar protocol is also used for starting the car engine where instead of the user touching the door handle presses a car start button or the like. Typically, to maintain an acceptable user experience the car must be able and unlock a car in 250-350ms from the initiation of contact.
However, during a relay attack the following sequences of events occur. In summary, the purpose of the relay attack is to extend the range of the smart key system so that the signal can be used when it is outside of the normal 1-2 metre range of the low frequency signal.
In more detail, upon receiving the transmitted low frequency signal, the smart key will automatically reply with a high frequency response which will propagate 20 to 100 metres back to the vehicle. This reply will authenticate the request made by the vehicle. Such an attack system allows a thief to unlock a door, enter the vehicle, start the engine, and drive away all without being in possession of the smart key.
Smart key systems use proven encryption, or other secure methods, to verify the unlock and start requests. The relay attack does not break the encryption, it simply transfers the challenge signal to a smart key (in the possession of the driver) which is no longer in the immediate vicinity of the vehicle.
The smart key relay attack involves capturing the challenge signal from the vehicle and transmitting it remotely to a smart key which is not within the vicinity of the vehicle. Upon receiving the 125 KHz challenge signal, the smart key will automatically reply on 433MHz. This reply will transmit between 20 to 100 metres back to the vehicle. If the vehicle receives this response, it will then assume that the remote control is within the smart operating range (e.g. 1 to 2 metres) and as such the request will be authenticated and the door will be unlocked and hence openable.
Once the thief has gained entry into the vehicle, a second relay attack occurs in respect of starting the engine. Thus the thief will instigate an engine start request, e.g. by pressing the engine start button, the smart system will send a 125 KHz challenge signal which is then relayed to the vicinity of a valid smart key which then sends an authentication response signal on 433 MHz. If the vehicle received this response, it will assume that the smart key is within the smart internal operating range and as such the engine start request will be authenticated and the engine will start, allowing the vehicle to be driven away by the thief.
One method of operating a relay attack is as follows:
The thieves operate in pairs, with thief A carrying a first attack device 1 and thief B carrying a second attack device 2.
The thieves wait until a suitable vehicle having a smart key system is parked. The driver exits the vehicle carrying the smart key and locks the vehicle in the normal manner. Depending on the system configuration, this may require a switched input at the door handle or in other cases simply walking away from the vehicle is sufficient to initiate a lock command when the smart key passes out of range.
Thief A approaches the vehicle carrying the first attack device 1 within the external smart operating range of the vehicle. Thief B carries the second attack device 2 to a position within 1 to 2 metres of the smart key, for example by walking close behind the vehicle driver. Thief A instigates an unlock request by lifting a door handle or the like. The vehicle transmits a 125 KHz challenge signal which is received by the first attack device 1 and transmitted (typically by a radio frequency signal) to the second attack device 2 which re-transmits the 125 KHz challenge signal. This challenge signal is received by the smart key which then transmits a 433 MHz authentication response signal. If the smart key is still within 20 to 100 metres of the vehicle, the 433 MHz signal will be received directly by the vehicle which will unlock. If the smart key is more than 100 metres from the vehicle, the 433 MHz signal will be received by the second attack device 2 which will then transmit this signal (typically by a radio frequency signal) to the first attack device 1 which re-transmits the 433 MHz authentication response signal to the vehicle, unlocking it.
Thief A opens the door and enters the vehicle with the first attack device 1 and instigates an engine start request, for example by pressing the engine start button, the vehicle transmits a 125 KHz challenge signal which is received by the first attack device 1 and transmitted (typically by a radio frequency signal) to the second attack device 2 which retransmits the 125 KHz challenge signal. This challenge signal is received by the smart key which then transmits a 433 MHz authentication response signal. If the smart key is still within 20 to 100 metres of the vehicle, the 433 MHz signal will be received directly by the vehicle and the vehicle's engine will start. If the smart key is more than 100 metres from the vehicle, the 433 MHz signal will be received by the second attack device 2 which will then transmit this signal (typically by a radio frequency signal) to the first attack device 1 which re-transmits the 433 MHz authentication response signal to the vehicle, starting the engine.
The object of the present invention is to provide an improved security system for a vehicle.
Thus, according to the present invention, there is provided a portable vehicle security device capable of emitting a sensory signal when receiving a challenge signal from an associated vehicle. In an embodiment, the sensory signal is emitted when the portable security device issues the response to the challenge. That is to say, when the portable security device has determined the response to the challenge protocol and has sent the response to the central computer in the vehicle. Advantageously, when such a system is used with a passive remote operating system such as a smart key system, under normal circumstances once the smart key is no longer inside the external operating range, the portable vehicle security device will not emit any sensory signal. Thus, in the event that the portable vehicle security device does emit a sensory signal when the driver is more than 1 to 2 metres from the vehicle, this is an indication that a relay attack is taking place, thereby allowing the driver to immediately contact the police and to observe any people in their immediate vicinity (i.e. people within 1 to 2 metres of them) who might therefore be one of the thieves (thief B).
The invention will now be described by way of example only with reference to the accompanying drawings, in which:
Figure 1 shows a known vehicle having a smart key system,
Figure 2 shows a schematic view of the normal operation of a smart key system,
Figure 3 shows a schematic view of a relay attack,
Figure 4 shows a first embodiment of a portable vehicle security device according to the present invention used in conjunction with a remote operating device, Figure 5 shows a second embodiment of a portable vehicle security device according to the present invention used in conjunction with a smart key.
Figure 6 shows a third embodiment of a portable vehicle security device according to the present invention, and
Figure 7 shows a fourth embodiment of a portable vehicle security device according to the present invention.
With reference to figures 1 to 3 there is shown a vehicle 10 used in conjunction with a smart key system 20. The vehicle has four passenger doors 11, 12, 13 and 14. For the avoidance of doubt the term 'passenger door' refers to doors through which passengers enter and exit the vehicle, and also any doors by which the driver can enter and exit the vehicle.
The vehicle also includes a boot lid 15 to enable access to the boot. Smart key antennae 21, 22, 23, 24 and 25 are mounted as shown on the vehicle. Smart key antennae 21, 22 and 23 have a smart key antenna operating range of 21 A, 22 A and 23A respectively, which are external to the vehicle. Smart key antennae 24 and 25 collectively have a smart key antenna operating range 24A. In this case the smart key antenna operating range 24A covers the whole of the passenger cell of the vehicle. The smart key system 20 also includes the smart key 26. Typically the smart key 26 will be carried in a user's pocket, handbag or the like. The vehicle also has a central computer, comprising of a processor, volatile memory and some form of writeable memory (not shown). The central computer is also configured to receive and transmit signals from the smart key antenna 21, 22, 23, 24 and 25.
Passenger doors 11, 12, 13 and 14 each have a door handle 11 A, 12A, 13A and 14A respectively. Operating, for example lifting, door handle 11A creates a door opening request and causes the smart key antenna associated with that door handle, in this case smart key antenna 21, to transmit a 125 Khz challenge signal (though depending on the communications standards in place for a particular territory the frequency may be different). However, due to the relatively low frequency of the signal, it only transmits as far as the smart key antenna operating range 21 A and no further. In the event that valid smart key 26 is positioned within the smart key antenna operating range 21 A, the smart key 26 will transmit an authentication response signal on 433 MHz which is received by the vehicle 10 following which the request can be further processed to allow the door to be opened.
However, in the event that a valid smart key 26 is not positioned within the smart key antenna operating range 21 A, then no authentication response signal is generated and hence no authentication response signal is received by the vehicle 10, thereby preventing further processing of the request, and hence the door cannot be opened.
Operating door handle 12A also creates a door opening request and, depending on whether or not smart key 26 is within the smart key antenna operating range 21 A, door 12 will or will not open. By analogy, in order to open the boot lid 15 a valid smart key 26 must be positioned within the smart key antenna operating range 23A when the boot handle is operated. Similarly, in order to open doors 13 or 14, a valid smart key 26 must be positioned within the smart key antenna operating range 22A when door handle 13A or 14A is operated.
In order to start the vehicle, an engine start request is generated by the driver pressing the start button, or the like. The smart key antennae 24 and 25 then generate a challenge signal at 125 KHz and if a valid smart key 26 is within the smart key antenna operating range 24A, i.e. the smart key is within the vehicle's passenger cell, then the smart key generates an authentication response signal on 433 MHz which is received by the vehicle 10, thereby allowing the request to be processed and the vehicle's engine to be started.
Figure 3 shows a relay attack in progress. Thief A generates a door opening request by lifting door handle 11A (ie a change of vehicle status request is carried out from the vehicle). The smart key antenna 21 transmits a 125 KHz challenge signal 4 into the smart key antenna operating range 21 A where it is received by first attack device 1 which is positioned within the smart key antenna operating range 21 A. First attack device 1 relays this signal via a long range transmitting medium 3, such as a 868 MHz radio frequency. The long range transmitting medium 3 is received by the second attack device 2 held by thief B who is close to the smart key 26, in this case positioned within the handbag of the owner C. The second attack device transmits a 125 KHz challenge signal 5 identical to the 125 KHz challenge signal 4. The smart key 26, upon receipt of the valid challenge signal 5 (since it is identical to challenge signal 4), then transmits a 433 MHz authentication response signal 6. Because the owner C and hence smart key 26 are still within 20-100 metres of the vehicle, the authentication response signal 6 is received directly by the vehicle 10 (since the vehicle 10 is still within range of the authentication response signal) and hence thief A can open door 11.
Thief A enters the vehicle together with the first attack device 1, presses the engine start button, and the relay attack is repeated so as to start the engine whereupon thief A drives off with the vehicle and thief B can make his/her escape.
Thus the relay attack captures the 125KHz challenge signal 4 and transmits it remotely as challenge signal 5 to the smart key.
In the event that the owner and smart key is further away from the vehicle the first and second attack devices can be used to relay the 433 MHz authentication response signal back to the vehicle.
Figure 8 shows a flow chart of the process of identifying an owner of a vehicle with a smart key in accordance with an aspect of the invention. There is shown the step of initiating an action within the vehicle at step SI 02, the vehicle initiating a handshake protocol at step SI 04, the computer in the vehicle issuing a challenge at step SI 06, the smart key and computer calculating the response to the challenge at step SI 08, the smart key, such as a key fob, sending the response to the challenge to the computer at step SI 10, the computer comparing the received response from the smart key and the expected response at step SI 12, and the smart key emitting a sensory signal at step SI 14.
At step SI 02 a person who may be the legitimate owner of the car, or alternatively a thief, initiates a action to commence the unlocking procedure. The action to commence the unlocking procedure may be the lifting of a door handle 11 A or the boot handle. The door handles 11 A, 12 A, 13A and 14A and boot handle comprise a touch sensitive senor which is configured to determine when a person is contacting the door handle, which indicates that are user is lifting the door handle in an attempt to open the car door. In further embodiments other forms of sensor may be used. The touch sensors are in communication with the central computer of the vehicle (not shown) which is configured such that when it receives a signal from a door handle, for example at 11 A, that an unlocked event has been initiated, the central computer emits a polling signal at step SI 04.
At step SI 04 the central computer initiates a handshake protocol to predetermine what devices are within the smart key antenna operating range 21 A, 22 A, 23 A of the vehicle. The handshake protocol comprises a wake-up signal, a header identifying the vehicle and a request for the identification of any transmitting devices within the smart key antenna operating range. The form of the wake up signal is dependent on communication protocols used between the smart key and computer. In an embodiment the smart key is in low-power or sleep state and remains in the low-power/sleep state until such time it receives a wakeup signal from the central computer. If a wakeup signal is detected the smart key will power up, out of the low power state and "wake up" in a known manner.
A vehicle will typically be identified with one or more smart keys via an identifier such as a universal unique identifier (UUID). Therefore, when the vehicle transmits the request for the UUID, the vehicle would be able to identify keys which are associated with a car. The smart key in response to the handshake protocol would emit a response signal, proportion of the signal comprising the UUID associated with the smart key. The central computer of the vehicle then compares the received UUID from the smart key with the expected new ID's which are known to be associated with the car. The UUID is associated with the car would typically be stored in the form of a memory associated with the computer. Such a comparison therefore allows the central computer of the car to ensure that the default is indeed associated with the car. This would prevent the situation where a different smart key is used to attempt to enter a car for which the smart key does not have the access rights to open (i.e. the car is not associated with that particular smart key).
If the smart key is identified as being associated with the car through the handshake protocol, the central computer of the car then transmits a further challenge signal at step SI 06. If the smart key is not identified as being associated with the car, the process terminates and the car remains unlocked. At step SI 06 the central computer of the car then initiates the challenge protocol to determine whether the UUID transmitted by the smart key fob is legitimate and that the smart key is indeed the smart key which is identified by the UUID. As the UUID does not change and accordingly may be determined, this step ensures that the UUID associated with the smart key has not been transmitted in an attempt to compromise the car. The challenge signal emitted at step SI 06 comprises a 64 bit sequence which represents the challenge signal. In further embodiments longer bit sequences such as a 128 bit sequence may be used. The challenge signal is randomly generated and therefore changes each time a challenge signal is sent out. The challenge signal is generated by the central computer using a hidden encryption key, preferably one with a high entropy to ensure the unpredictable nature of the challenge signal, and is transmitted at a frequency of 125 hz. The generated challenge signal is preferably stored within a volatile memory associated with the central computer of the car.
It is preferable to use a hidden encryption algorithm with a high entropy to generate the challenge signals in order to prevent any third party from attempting to compromise the system by determining what the likely next challenge signal would be. If a third party were able to determine what the next likely challenge signal would be, they would be able to use this signal to interrogate a smart key and determine the response which could then be used to open the door of the vehicle and/or start the engine without the owner's permission.
In alternative embodiments steps SI 04 and SI 06 may occur concurrently with the central computer of the car emitting the polling request and the challenge request in the same packet. As described above, as it is desirable for a user to experience no appreciable delay (typically 250-350ms) when legitimately trying to open a door or starting the engine, in order to save time steps SI 04 and SI 06 occur concurrently.
At step SI 08, the smart key receives the challenge signal and determines a response to the challenge signal. As the smart key has to determine the response to the challenge signal the smart key comprises a processor and a form of memory upon which a hidden encryption key is stored. The smart key further comprises a transceiver element enabled to receive and transmit signals at the low and high frequency ranges (typically 125KHz, 433MHz, though depending on the communications standard for a particular territory other frequency ranges may be used). The processor is configured to generate the challenge response based on the received challenge signal using the stored encryption algorithms.
In a preferred embodiment both the central computer and smart key have an encryption algorithm and secret key code which is used to determine the response to the challenge signal. The secret key code is only known to the central computer of the car and smart keys associated with a particular car. The encryption algorithm may be known to a plurality of cars, and such a system is analogous to a public key encryption where the secret key code is equivalent to the private key. In other embodiments the algorithm is hidden and only known to a particular car and its associated smart keys. The algorithm may be a one way cipher such as a cryptographic hash function. As the algorithm is hidden and known only to both the computer and key the response to the challenge signal determined by both the smart key and the central computer should be identical (if the smart key and computer have the same algorithm). The calculation of the response by both the computer and smart key occurs at step SI 08. The 64 bit sequence of the challenge signal is processed by the hidden algorithm to determine a response. The response is preferably stored in both the smart key and the central computer of the car on the volatile memory.
The smart key transmits the response as part of an authentication response signal to the central computer at a higher frequency, typically 433Mhz. The authentication response signal typically comprises a header, the UUID associated with the smart key (and therefore the car), the determined response (which is typically a 128 bit sequence), and a check function to determine if the entire message has been correctly sent. Such check functions are known in the art. Therefore, at step SI 10 the smart key had identified a challenge request and determined a challenge response which is sent as part of the authentication response signal.
At step SI 12 the authentication response signal is received by the central car computer and compared to the expected response calculated by the central car computer and stored in the volatile memory. If the comparison of the expected and received response shows that they are identical, this would indicate to the central computer that the challenge request is correct and that the key is therefore authorised to open the car door. The central computer then commences the standard unlocking procedure to unlock the car door. The above sequence of steps takes in the order of 250-350ms, and accordingly if the time step between steps SI 06 (i.e. the sending of the challenge signal) and step SI 10 (i.e. the receiving of the response signal) is beyond a predetermined time limit then the central computer would not allow the user access to the car.
At step SI 10 simultaneously the smart key fob will, also emit a sensory signal at step SI 14. As described previously, the sensory signal may be in the form of a vibration, a noise to act as an audible alarm, a flashing light or the like. Therefore, in an embodiment the sensory signal is only emitted by the smart key when a response to the challenge signal has been transmitted (i.e. at step SI 10). This embodiment is preferred, as it ensures that a response to a challenge signal has been transmitted, that is to say when the actions of the smart key may result in the opening of a car door and/or starting of a car engine. In a further embodiment the sensory signal is emitted in response to a "wake up" signal, which may be issued as part of the handshake protocol.
Advantageously, this prevents sensory signals being emitted when a potentially non critical events have occurred. For example, if a car owner were to walk in a car park which contained several cars which utilised the smart key system, a polling request sent by a different car, unrelated to the smart key fob, at step SI 04 would not result in the sensory signal being emitted as the smart key and car are unrelated and accordingly the smart key would not "wake up" and not send a response to the challenge signal.
In further embodiments the sensory signal may emit at other parts of the described sequence, for example the signal may be emitted in response to a polling signal at step SI 04,. In a further embodiment at step SI 12 when the central car computer has compared and accepted the request the sensory signal is emitted. In such an embodiment, central car computer transmits a further confirmatory signal to the smart key informing the smart key that the response has been deemed to be correct. Upon receipt of the confirmatory signal the sensory signal is emitted.
Therefore, the system acts a passive alarm system as it responds to the receipt of information from the car.
With reference to figure 4, there is shown schematically a portable vehicle security device 30 according to the present invention. The portable vehicle security device 30 emits a sensory signal when it receives a valid challenge signal from its associated vehicle, in this case vehicle 10.
The device 30 in an embodiment typically be relatively small and light, typically no larger or heavier than a traditional key. The device 30 in an embodiment is further configured to act as theft prevention device by allowing the user to prevent the engine start authorisation code being sent. This may either be a switch to turn off the power to the smart key thereby preventing it from transmitting an responses to a challenge signal, or alternatively an input to the device which either prevents or adds a time delay to the authorisation signal. A time delay may give the owner the opportunity to assess the situation and take avoiding action, for example to move away from any suspicious persons in the vicinity.
Advantageously the power switch (or equivalent) 31 acts a further security device as in order to steal a vehicle a device 30 would have to emit two separate responses to a challenge signal. The first to unlock the car and the second to start the engine. If the user receives a sensory indication that a response to a challenge signal has been issued, indicating a break-in event, they could power down the device 30 via the power switch 31 and thus prevent the thief from starting the engine (as the first and second response would be different). The power switch 31 can therefore be used to prevent the key from transmitting the response to the second challenge signal. The power switch 31 therefore provides the user with the ability to prevent attacks when they have moved away from the vehicle. The sensory signal can be an audible signal. Thus when a relay attack is taking place, and the owner is away from the vehicle, the device 30 will emit the audible signal. Since the owner is away from the vehicle, upon hearing the audible signal and knowing that he or she has not instigated a door opening request, he or she will deduce that someone else must have instigated a door opening request and that that other person could well be a thief and therefore the owner can take appropriate action such as calling the police and / or returning to their vehicle. Additionally, the owner will realise that thief B may well be very close, for example within 2 metres of the owner. The owner can therefore readily identify thief B.
In particular if such a system is attacked by thieves in the manner described, then the driver is alerted to both vehicle entry and unauthorised engine starting. After the first alert the driver will have a window of opportunity in which he may take action to prevent the second (engine start authorisation) from taking place, for example by moving out of range of the second attack device 2, e.g. by running away from thief B, thereby preventing the vehicle from being stolen.
Alternatively, the sensory signal may be a vibratory signal such that if device 30 is in the owner's pocket when a relay attack takes place device 30 will start to vibrate thereby alerting the owner.
Alternatively, the sensory signal may be a visual signal. Thus if device 30 is mounted on or incorporated into the owner's spectacles or sunglasses, the visual signal can be seen by the owner when a relay attack takes place.
The device 30 can be a completely separate device from the smart key 26. In particular the security of vehicles which were originally sold with just a smart key can be improved by the vehicle manufacturer supplying a device 30. The device 30 can then be kept with the smart key 26.
Figure 5 shows an alternative portable vehicle security device 32, which in this case is integral with a smart key 26A.
Figure 6 shows an alternative portable vehicle security device 34, which in this case is integral with a smart key 26B and is also integral with a key blade 27, which key blade is insertable into a key barrel of a door of the associated vehicle to unlock the door in the event of power failure or other electrical problem of the unlocking system.
As described above, device 30 can be used with a smart key system. Alternatively, device 30 can be used in conjunction with an active remote operating system. Thus when a driver exits the vehicle and presses the lock button of the active remote operating system, the locking signal is transmitted from the active remote operating device to the vehicle, and the vehicle then transmits a challenge signal. Upon receipt of the challenge signal, device 30 emits a sensory signal. The absence of a sensory signal indicates that locking of the vehicle has not occurred and the driver can take appropriate action, for example locking the vehicle with a key blade.
As shown in figure 7, there is a portable vehicle security device 36 which is integral with an active remote operating device 37, having a lock button 38 and an unlock button 39.
As will be appreciated, the invention is applicable to both active remote operating devices and passive remote operating devices. The frequency of operation of the change of vehicle status request (such as an unlocking request, or an engine start request), can be any appropriate frequency. The frequency of a challenge signal can be any appropriate frequency. As described above, the vehicle will have a transmitter. As described above, the portable vehicle security device will have a receiver. The vehicle may have a transmitter and a receiver (i.e. a transceiver). The portable vehicle security device may have a transmitter and a receiver (i.e. a transceiver). Whilst the portable vehicle security device according to the present invention may be relatively small, for example may be the size of a traditional key, it may be larger than this. In particular, the portable vehicle security device according to the present invention may be incorporated into a mobile phone or a laptop computer or a palmtop computer or an MP3 player or the like. Whilst the above embodiments have been described with relation to a smart key as a stand alone device, such as key fob, which is been used for locking and unlocking and starting the vehicle other types of smart key may be used.
In further embodiments, the smart key is integrated as part of a mobile telephone device, such as "smartphone" which would identify and authenticate the smart key using the same principles as discussed above. Smartphones have several communication channels, such as GSM, SMS, Bluetooth, NFC etc, and further able to communicate over a wide frequency of ranges as well a processor and memory, Therefore, the functionality associated with smart key, key fob devices can be incorporated into a smartphone. Advantageously, in the mobile phone embodiments the use of sensory signals such as vibration, lights, ring tones, SMS message, can easily be integrated with existing functionality which is typically used to indicate to a user when they have received a new message or telephone call. As described above with reference to Figure 8, in such an embodiment the smartphone is configured to emit a sensory signal, such as vibration and/or audible alarm when a response to a challenge signal has been emitted. In further embodiments, the smartphone may use known GPS capabilities of smartphone devices to determine whether to transmit a response to the challenge signal. In such an embodiment, when the user exits the vehicle the GPS location of the device is determined and stored in the memory of the smartphone. If the smartphone receives a challenge signal to open a door, which is identified by the header as being associated with the correct car, and the GPS location determined by the smartphone is greater than a predetermined distance (such as 5 metres) from the location of the car stored in the memory the smartphone would emit a sensory signal or even not respond to the challenge signal.
In further embodiments, the mobile phone smart key may be used to extend the range of the smart key to minimise the affect of a potential relay attack. For example, if a owner receives a sensory response signal at (as shown at step SI 14 in figure 8) and they identify such a signal as being associated with an attempt to break into their car, the long distance communication channels associated with a smart mobile telephone can be used to remotely deactivate the vehicle. For example, if a user receives a sensory signal indicating that a response to a challenge signal has been issued and identifies this as a relay attack. The user contacts the central computer of the car by sending an SMS message or a GPRS to the central computer of the car to instruct the central computer of the car to enter a vehicle of shut down mode whereupon the doors are locked and/or the engine does not start. Advantageously as SMS and GPRS communication channels have a much greater range than those used in smartkeys, and accordingly the owner of the vehicle need not be within close range of the vehicle to send such a shut down signal.
In a further embodiment, the key fob may be in communication using the near field communication protocols (NFC) or Bluetooth communication protocols with a mobile device. Such connectivity between a smart key fob and a mobile telephone device are known in the art for example the Delphi TM smart phone connectivity system. By using the Bluetooth or NFC communication protocols the smart key fob can transmit a message to the mobile telephone device to initiate the sensory signals. It is well known within mobile telephone devices to vibrate and/or emit some noise upon receipt of a message. Accordingly, the embodiment takes advantage of the inbuilt functionality of known mobile phone devices. A further advantage of such embodiment is that the mobile telephone device typically has a much more powerful power supply, which is also easy to recharge, and therefore energy consideration without the powering of the device to emit a sensory signal are minimised.
In yet another smartphone based embodiment, the ability for the smartphone to cornmunicate with the central computer and acts as a smart key is provided in the form of a distributed application or "app". The application contains either the hidden encryption key or, more preferably, enables the user to download part or the whole of the encryption key or algorithm. Furthermore, the application is enabled to transmit and receive messages using the existing communication channels present on the smartphone. Therefore, the functionality of the smart key fob and the method for alerting a user of the transmission of a challenge response as described above is provided to the smartphone by the application.

Claims

1. A portable vehicle security device capable of emitting a sensory signal after receiving a challenge signal from an associated vehicle.
2. A portable vehicle security device as defined in Claim 1, wherein the sensory signal is at least one of an audible signal, a vibratory signal, and a visual signal.
3. A portable vehicle security device of claims 1 or 2 wherein the device is configured to determine a response to the challenge signal based on part or all of the challenge signal.
4. A portable vehicle security device of any preceding claim further comprising a switch configured to turn the device on or off.
5. A portable vehicle security device of claims 3 or 4 further comprising an input to delay the sending of a response to the challenge signal.
6. A portable vehicle security device of claim 3 wherein the device has a processor, form of memory and an algorithm and/or key, the processor configured to determine the response to the challenge signal based on the algorithm and/or key.
7. A portable vehicle security device of claim 6 wherein the device is configured to transmit the determined response to the challenge signal to the associated vehicle.
8. A portable vehicle security device of claim 7 wherein the device is configured to emit the sensory signal simultaneously to, or in response to, the transmission of the determined response to the challenge signal.
9. A portable vehicle security device of any preceding claim wherein the device has a low power state and is configured to exit the low power state in response to a wake up signal transmitted as part of the challenge signal the device further configured to emit the sensory signal when exiting the low powered state.
10. A portable vehicle security device of any preceding claim wherein the device is a key fob.
11. A portable vehicle security device of any of claims 1 to 9 wherein the device is mobile telephone or smartphone device
12. A portable vehicle security device of claim 11 wherein the mobile telephone or smartphone is configured to determine the response to a challenge signal and emit the sensory signal by means of a downloadable application or "app".
13. A method of operating a portable vehicle security device configured to be in communication with a motor vehicle comprising the steps of: receiving from the motor vehicle a challenge signal in response to a change of vehicle status request; generating a sensory response on the portable security device after receipt of the challenge signal.
14. The method of claim 13 further comprising the steps of: calculating a response to the challenge signal; transmitting the calculated response to the motor vehicle; wherein the sensory response is generated during or after transmission of the calculated response.
15. The method of claim 13 further comprising the steps of: the portable vehicle secrutiy device being in a low powered sleep state and in response to the challenge signal entering a wake up mode; wherein the the sensory response is generated upon exiting the sleep state.
16. The method of any of claims 13 to 15 wherein the change of vehicle status request is one or more of an unlock request a lock request and an engine start request.
17. A vehicle security system including a vehicle having a transmitter, a portable vehicle security device having a receiver, the portable vehicle security device being capable of emitting a sensory signal upon receipt by the receiver of a challenge signal from the transmitter.
18. A method of operating a vehicle including providing a vehicle providing a first transceiver on the vehicle providing a second transceiver in a portable vehicle security device providing a change of vehicle status request generating a challenge signal from the first transceiver in response to the change of vehicle status request receiving the challenge signal by the second transceiver generating a confirmation signal by the second transceiver receiving the confirmation signal by the first transceiver changing the vehicle status to the requested vehicle status characterized in that the second transceiver generates a warning signal upon receipt of the challenge signal
19. A method of operating a vehicle as defined in claim 18, wherein the step of providing a change of vehicle status request is carried out from the vehicle.
20. A method of operating a vehicle as defined in claim 18, wherein the step of providing a change of vehicle status request is carried out remotely from the vehicle.
21. A method of operating a vehicle as defined in claim 18, wherein the step of providing a change of vehicle status request is carried out by operating the portable vehicle security device.
22. A method of improving the security of a vehicle including the steps of providing a vehicle providing a first transceiver on the vehicle providing a second transceiver in a portable vehicle security device providing a change of vehicle status request generating a challenge signal from the first transceiver in response to the change of vehicle status request receiving the challenge signal by the second transceiver generating a confirmation signal by the second transceiver receiving the confirmation signal by the first transceiver changing the vehicle status to the requested vehicle status subsequently providing a third transceiver in a portable vehicle security device providing a change of vehicle status request generating a challenge signal from the first transceiver in response to the change of vehicle status request receiving the challenge signal by the third transceiver generating a confirmation signal by the third transceiver receiving the confirmation signal by the first transceiver changing the vehicle status to the requested vehicle status in which the third transceiver generates a warning signal upon receipt of the challenge signal.
EP11754900.6A 2010-08-05 2011-08-05 Vehicle security device Withdrawn EP2601082A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB1013177.9A GB201013177D0 (en) 2010-08-05 2010-08-05 Vehicle security device
PCT/GB2011/001180 WO2012017214A1 (en) 2010-08-05 2011-08-05 Vehicle security device

Publications (1)

Publication Number Publication Date
EP2601082A1 true EP2601082A1 (en) 2013-06-12

Family

ID=42931233

Family Applications (1)

Application Number Title Priority Date Filing Date
EP11754900.6A Withdrawn EP2601082A1 (en) 2010-08-05 2011-08-05 Vehicle security device

Country Status (3)

Country Link
EP (1) EP2601082A1 (en)
GB (1) GB201013177D0 (en)
WO (1) WO2012017214A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2813963A4 (en) * 2012-02-09 2015-09-23 Nec Solution Innovators Ltd Information processing system

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2965434B1 (en) * 2010-09-28 2015-12-11 Valeo Securite Habitacle METHOD OF PAIRING A MOBILE TELEPHONE WITH A MOTOR VEHICLE AND LOCKING / UNLOCKING ASSEMBLY
DE102013209612A1 (en) * 2013-05-23 2014-11-27 Siemens Aktiengesellschaft A method of performing automatic opening of a vehicle or a payment transaction and associated apparatus
WO2015150870A1 (en) * 2014-04-02 2015-10-08 Continental Automotive Gmbh Car theft tracking system and method
DE102015203661A1 (en) * 2015-03-02 2016-09-08 Volkswagen Aktiengesellschaft Function shutdown for a vehicle access system
US9813541B2 (en) 2016-02-29 2017-11-07 Ford Global Technologies, Llc Mobile device control for powered door
FR3054510B1 (en) * 2016-07-29 2019-04-19 Continental Automotive France METHOD FOR DEFENSE AGAINST ATTACK RELAY ACTION ON REMOTE ACTIVATION OF A FUNCTION PRESENT IN A MOTOR VEHICLE
EP3287331B1 (en) 2016-08-25 2020-10-07 Nxp B.V. Automotive security apparatus and associated methods
EP3335942B1 (en) 2016-12-14 2019-11-20 Nxp B.V. Secure vehicle access system, key, vehicle and method therefor
GB2558589A (en) * 2017-01-09 2018-07-18 Jaguar Land Rover Ltd Vehicle entry system
EP3376475A1 (en) * 2017-03-15 2018-09-19 Nxp B.V. Security apparatus
DE102017210523B3 (en) 2017-06-22 2018-07-26 Volkswagen Aktiengesellschaft A method of operating a passive radio-based locking device and passive radio-based locking device
DE102017211321A1 (en) 2017-07-04 2019-01-10 Ford Global Technologies, Llc Anti-theft device for a vehicle
GB2576133A (en) * 2018-06-28 2020-02-12 Neath Mark Remote keyless system security device
FR3095395B1 (en) * 2019-04-25 2022-04-15 Psa Automobiles Sa HANDS-FREE CONTROL DEVICE FOR LOCKABLE OPENING(S) AND STARTING OF A VEHICLE, WITH DEACTIVATION FUNCTION
DE102019132542A1 (en) * 2019-11-29 2021-06-02 Zf Cv Systems Global Gmbh Method and system for triggering a function in a vehicle

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2791727B1 (en) * 1999-04-02 2001-05-25 Valeo Securite Habitacle HANDS-FREE ACCESS SYSTEM FOR A MOTOR VEHICLE, EQUIPPED WITH A WARNING DEVICE
US6819229B2 (en) * 2002-06-03 2004-11-16 Lear Corporation Countermeasure system and method for vehicle passive entry system
EP1642242A1 (en) * 2003-06-25 2006-04-05 Philips Intellectual Property & Standards GmbH Method and arrangements for increasing the security of transponder systems, particularly for access to automobiles

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2012017214A1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2813963A4 (en) * 2012-02-09 2015-09-23 Nec Solution Innovators Ltd Information processing system

Also Published As

Publication number Publication date
WO2012017214A1 (en) 2012-02-09
GB201013177D0 (en) 2010-09-22

Similar Documents

Publication Publication Date Title
EP2601082A1 (en) Vehicle security device
JP7093635B2 (en) Stand-alone vehicle security methods and equipment
US20170228952A1 (en) System and method for communicating with a vehicle
WO2019004310A1 (en) Car sharing system and car sharing program
EP3287331A1 (en) Automotive security apparatus and associated methods
JP4035719B2 (en) Vehicle theft prevention system and method
JP5258634B2 (en) Information processing system, information processing apparatus, and information processing method
JP2006523572A (en) Security authentication system
JP6308181B2 (en) Vehicle control system
JP6451622B2 (en) In-vehicle device and authentication system
JP2009084929A (en) Radio apparatus, control method, and program of the same
CN112365632A (en) NFC activation of vehicle into privacy mode
JP2017014839A (en) On-vehicle apparatus control system and on-vehicle control device
US11945403B2 (en) Progressive lockout policy for deviceless vehicle access and remote lockout management interface
JP2014091434A (en) Electronic key system
JP4394472B2 (en) Vehicle anti-theft system
JP3721145B2 (en) In-vehicle device remote control system
JP2011098627A (en) Theft alarm system
JP4254386B2 (en) Mobile terminal and remote control device
CN108068758B (en) Intelligent driving control method
JP6253003B1 (en) Electronic key system, security unit used in the system, and electronic key
KR102291916B1 (en) A remote control disable device for vehicle through overvoltage/overcurrent control
KR20190127835A (en) Safe approach to the car
TWI597193B (en) Control system, control apparatus, and mobile device for vehicle
JP2005145299A (en) Security device for vehicle

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20130221

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20130828