EP2942758A1 - Sicherheitsvorrichtung und Verfahren zum Betrieb einer Sicherheitsvorrichtung - Google Patents

Sicherheitsvorrichtung und Verfahren zum Betrieb einer Sicherheitsvorrichtung Download PDF

Info

Publication number
EP2942758A1
EP2942758A1 EP14167535.5A EP14167535A EP2942758A1 EP 2942758 A1 EP2942758 A1 EP 2942758A1 EP 14167535 A EP14167535 A EP 14167535A EP 2942758 A1 EP2942758 A1 EP 2942758A1
Authority
EP
European Patent Office
Prior art keywords
parameter
security device
remote
security
key device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP14167535.5A
Other languages
English (en)
French (fr)
Inventor
Jean KHOURY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Basicworx Engineering GmbH
Original Assignee
Basicworx Engineering GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Basicworx Engineering GmbH filed Critical Basicworx Engineering GmbH
Priority to EP14167535.5A priority Critical patent/EP2942758A1/de
Publication of EP2942758A1 publication Critical patent/EP2942758A1/de
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00555Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks comprising means to detect or avoid relay attacks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00944Details of construction or manufacture
    • G07C2009/0096Electronic keys comprising a non-biometric sensor

Definitions

  • the present invention relates to a security device for granting access to a structure, particularly a vehicle or a building, wherein said security device is configured to receive identification information from a key device by means of a contactless (i.e., wireless or the like) data connection and to grant or deny access to said structure depending on said identification information.
  • the invention further relates to a method of operating such security device.
  • the invention also relates to a security unit for a security device.
  • Prior art security devices of the aforementioned type are e.g. used to control access to land vehicles such as cars, wherein the security device checks whether a key with which a data connection is established provides proper identification information prior to granting access to the vehicle.
  • the key may represent a car key with a wireless interface suitable for exchanging data with the security device by means of RF (radio frequency) signals in a per se known manner.
  • RF radio frequency
  • the prior art security devices and keys do not prevent relay-type attacks, where a transceiver station is provided between the security device and the key extending a radio range for the contactless data connection therebetween.
  • an attacker may initiate a conventional key verification process e.g. by actuating a car door handle, which will trigger a contactless data transmission from the security device to the car key requesting said identification information of the car key. Due to the RF range extension by means of the transceiver station, said contactless data transmission from the security device will still arrive at the car key, even if the car owner with the key is comparatively far away from the car and thus cannot notice the attacker actuating said car door handle.
  • the conventional car key receives the contactless data transmission from the security device, it will respond, by means of a contactless data transmission, as usual with the proper identification information. Again, this response will also undergo RF range extension due to the transceiver of the attacker, so that the conventional security device of the car will properly receive suitable identification information of the car key and grant access to the car, although the owner carrying the key is far away.
  • the conventional identification processes may still be performed without the security device getting aware of the fact that a transceiver or relay station is arranged between the key device and the security device.
  • a proper authentication of a user of the security device may be performed even if the user with its key device is at a remote location with respect to the security device.
  • the conventional systems may offer an acceptable degree of security since in view of the limited RF range of the contactless data connection there is a high probability that a user carrying the key will notice the presence of an attacker actuating the door handle as long as the user with the key is in the nominal RF range of the security device.
  • said security device being further configured to receive from said key device information on at least one remote parameter of said key device, said remote parameter comprising at least one of a remote environmental parameter and a remote movement parameter of said key device, and to grant or deny access to said structure depending on said at least one remote parameter.
  • said remote parameter may comprise said remote environmental parameter.
  • said remote parameter may comprise said remote movement parameter.
  • said remote parameter may comprise both remote environmental parameter(s) and remote movement parameter(s).
  • the data connection may be a contactless or wireless data connection.
  • the data connection may also be a wired connection.
  • the principle according to the embodiments may be applied independently of the specific type of the data connection, i.e. independent of a specific implementation of a physical layer in the sense of the ISO/IEC 7498-1 standard.
  • At least one parameter (“remote parameter”) of the key device is evaluated, e.g. for plausibility, prior to granting/denying access to the structure by means of the security device. Thereby, an increased degree of security is attained.
  • a remote movement parameter of the key device may comprise data of an acceleration sensor which detects the acceleration of the key device in one or more spatial dimensions.
  • the key device may determine such acceleration data and forward it as remote movement parameter in the sense of the present embodiment to the security device, i.e. together with the conventionally transmitted identification information and/or separated therefrom.
  • the security device may now additionally consider the remote movement parameter of the key device, i.e. according to the present embodiment the acceleration data of the key device. For example, if the acceleration data of the key device as received by the security device indicate that no substantial acceleration values are recorded by the key device, the security device may conclude that the key device is presently not substantially moved or accelerated, but may e.g.
  • the security device may advantageously conclude that no authorized access to the security device or the structure protected thereby is currently made. Consequently, the security device may deny access to the structure.
  • said security device is configured to determine at least one local parameter of said security device, said local parameter comprising at least one of a local environmental parameter and a local movement parameter.
  • said local parameter may comprise said local environmental parameter.
  • said local parameter may comprise said local movement parameter.
  • said local parameter may comprise both local environmental parameter(s) and local movement parameter(s).
  • the security device is configured to compare said at least one local parameter with said at least one remote parameter, and to grant or deny access to said structure depending on the comparison of said at least one local parameter with said at least one remote parameter.
  • both the key device and the security device may determine air pressure information of their respective surroundings as environmental data in the sense of the present embodiment. By comparing its local air pressure with the air pressure data received from the key device in the form of the remote environmental parameter, the security device may determine whether it is likely that the key device is positioned close to the security device or not.
  • Such constellation may e.g. occur when the security device is built in into a land vehicle such as a car parking in front of a building.
  • the owner of the car carries a key device according to the embodiment with him.
  • the owner of the car enters the building and moves upwards some levels of the building the afore-explained altitude difference between the security device and the key device may be obtained. From this constellation, it can be concluded that even if the security device and the key device are currently maintaining a contactless data connection, no access to the car is desired at the moment.
  • the security device may deny access to the car. However, if the pressure difference between the air pressure at the security device and the air pressure at the key device does not exceed a predetermined threshold, the security device may conclude that the key device, and thus most probably also the owner of the car, is sufficiently close to the car and its security device so that access to the car may be granted.
  • said security device comprises a sensor device for determining at least one local environmental parameter, wherein said sensor device is configured to determine at least one of the following parameters: air pressure, temperature, humidity, concentration of one or more gases such as e.g. carbon monoxide or nitrogen dioxide, electric and/or magnetic and/or electromagnetic signals, acoustic signals, radioactive radiation.
  • gases such as e.g. carbon monoxide or nitrogen dioxide, electric and/or magnetic and/or electromagnetic signals, acoustic signals, radioactive radiation.
  • said security device is configured to determine at least one local movement parameter of said security device, wherein said local movement parameter comprises at least one of: acceleration of said security device, direction of movement of said security device, position of said security device.
  • a single sensor device which may comprise plurality of different sensors, may be provided to gather one or more of the aforementioned parameters (environmental and/or movement).
  • one or more of the aforementioned parameters may be determined by the security device and by the key device, and a comparison based the so determined data may be made, e.g. by means of the security device upon receiving remote parameter data of the key device.
  • a sensor device of the security device and/or key device may e.g. comprise a global positioning system (GPS) receiver and/or an inertial navigation system relying on acceleration measurements for determining position and/or orientation of the sensor device or the security device, respectively in space.
  • GPS global positioning system
  • rotational rate and/or earth magnetic field sensors may be comprised within such sensor device according to an embodiment.
  • radio signals may be evaluated such as e.g. from base stations of cellular mobile communications systems which may e.g. adhere to the well-known GSM (global system for mobile communications), UMTS (universal mobile telecommunications system), LTE (long term evolution) or LTE-A (LTE advanced) systems or the like.
  • GSM global system for mobile communications
  • UMTS universal mobile telecommunications system
  • LTE long term evolution
  • LTE-A LTE advanced
  • triangulation methods as per se known in the art may be used to determine a position and/or orientation in space of said security device and/or said key device.
  • typical movement profiles i.e., a series of movement measurements over time
  • Such movement profiles may e.g. be periodically be recorded during regular use of the security device or its key device(s). Such movement profiles may e.g. be used to enable an even more precise evaluation of whether to grant or deny access by means of the security device.
  • a further solution to the object of the present invention is given by a security unit for a security device and/or a key device, particularly for a security device according to the embodiments and/or for a key device according to the embodiments.
  • the security unit may e.g. be provided in form of an ASIC (application specific integrated circuit) and/or FPGA (field programmable gate array) (or a portion of an FPGA) or another type of integrated circuit.
  • FIG. 1 schematically depicts a simplified block diagram of a security device 100 according to an embodiment.
  • the security device 100 is e.g. provided for granting access to a structure 300, which may be a vehicle or a building or the like.
  • the security device 100 may be configured to operate together with a locking mechanism of a door (not shown) of the structure 300, e.g. to lock or release the locking mechanism of the door depending on whether access to the structure 300 is to be granted or denied by the security device 100.
  • the locking mechanism may e.g. comprise an electromagnetic actuator (not shown) for this purpose that may be controlled by the security device 100.
  • a key device 200 which may in a per se known manner establish a contactless data connection dc with the security device 100, e.g. for exchanging identification information id.
  • the security device 100 may initiate said contactless data connection dc if a user actuates a door handle of structure 300.
  • said key device 200 may initiate said contactless data connection dc if a user of the key device presses a button on the key device 200 or the like.
  • the security device may check identification information id received from a key device 200 in the course of the contactless data communication dc for predetermined features (e.g., comparison with reference identification information) and may make a decision on whether to grant or deny access to the structure 300 depending on such evaluation.
  • predetermined features e.g., comparison with reference identification information
  • the contactless data connection dc may comprise one or more radio frequency channels of same and/or similar and or different bandwidth and/or center frequency, which may be established by providing corresponding radio frequency transceivers (not shown) both in the security device 100 and the key device 200.
  • radio frequency transceivers not shown
  • standardized ad-hoc-capable radio frequency systems may be used for establishing the data connection dc.
  • propriety radio frequency communications may be used for this purpose.
  • an optical and/or acoustic channel e.g., ultrasonic signals
  • data transmissions via said data connection dc may be encrypted or not encrypted.
  • Figure 2 schematically depicts an operational scenario with components 100, 200 already described with reference to figure 1 .
  • a relay station 400 is arranged within the data connection path between the devices 100, 200.
  • the relay station 400 may be configured to amplify radio frequency signal transmission received from the key device 200 in the same way to extend the radio range of the key device 200.
  • the working range of the data connection dc ( figure 1 ) may be extended to a degree which is highly undesired from a security point of view. For example, if a user of the structure 300 carries the key device 200 with him and if the user moves away from the structure 300, usually, it is not to be supposed that the user of the key device 200 intends to initiate a data communication dc with the security device 200, e.g. for accessing the structure 300.
  • the data connection dc ( figure 1 ) between the devices 100, 200 is enhanced by providing two data connection branches dc1, dc2 in such a way that a proper RF communication between the devices 100, 200 in the sense of a user identification is still possible even if the user or its key device 200 is comparatively far away from the structure 300 and its security device 100.
  • a proper identification of the key device 200 can be performed by the security device 100 due to RF range extension by means of the relay 400 thus enabling to grant access to structure 300, which may be exploited by the attacker operating the relay station 400.
  • the attacker may initiate a conventional identification session between devices 100, 200 without the user of the key device 200 becoming aware of this scenario.
  • the attacker may gain access to the structure 300 without any effort of faking or even decrypting the identification information id in case of an encrypted transmission between devices 100, 200.
  • the relay station 400 may simply relay the identification information id, either decrypted or encrypted, as it has been sent from the key device 200 to the security device 100.
  • the security device 100 is configured to receive from the key device 200 information on at least one remote parameter of said key device 200, said remote parameter comprising at least one of a remote environmental parameter and a remote movement parameter of said key device 200, and to grant or deny access to said structure 300 depending on said at least one remote parameter.
  • the security device 100 is enabled to check specific properties - in addition to the conventional check of identification information id - of the key device 200 in the context of a radio communication to the key device 200, whereby a degree of security of the access procedure can be increased.
  • said key device 200 may be configured to determine at least one of the following parameters as said remote environmental parameter: air pressure, temperature, humidity, concentration of one or more gases such as e.g. carbon monoxide or nitrogen dioxide, electric and/or magnetic and/or electromagnetic signals, acoustic signals, radioactive radiation.
  • the key device 200 may be configured to detect one or more of the following parameters as remote movement parameters: acceleration of said key device 200 in one or more dimensions, direction of the movement of said key device, position of said key device.
  • One or more of these remote environmental or movement parameters of the key device 200 may advantageously be provided to the security device 100 according to an embodiment, which is configured to receive such parameter(s) and to take into consideration such parameter(s) when determining whether or not to grant access to the structure 300.
  • the security device 100 may determine whether or not the acceleration values exceed a certain threshold. If the threshold is not exceeded, the security device 100 may conclude that the key device 100 is substantially not moving and thus not experiencing a significant acceleration. From this, the security device 100 may further conclude that is very unlikely that an authorized user of the key device 200 has currently pressed an actuator such as a button or the like to initiate the data connection dc with the security device 100. Rather, the situation as depicted in figure 2 may be present, i.e. a possible relay attack on the system, where a contactless data communication has e.g. been initiated by the attacker actuating a car door handle or the like. In this case, the security device 100 may conclude to deny access to the structure 300 depending on the evaluated remote parameter(s).
  • the security device 100 may also be configured to determine at least one local parameter of the security device 100, said local parameter comprising at least one of a local environmental parameter and a local movement parameter.
  • the local parameters of the security device 100 may substantially be the same parameters as explained above with respect to the key device 200, i.e. air pressure temperature, humidity, concentration of one or more gases such as e.g. carbon monoxide or nitrogen dioxide, electric and/or magnetic and/or electromagnetic signals, acoustic signals, radioactive radiation, acceleration of said security device 100, direction of movement of said security device 100, position of said security device 100.
  • the security device 100 may e.g. evaluate basically one or more parameters as also detected by the key device 200, and upon receiving such parameters from the key device 200, the security device 100 may advantageously perform one or more plausibility checks or comparison of its local parameters with the remote parameters of the key device 200 thus e.g. determining whether the key device 200 is comparatively close to the security device 100. In this situation, it is to be assumed that usually an authorized user uses the key device 200 for accessing the structure 300.
  • a difference between e.g. the local air pressure in the surroundings of the security device 100 and a remote air pressure in the surroundings of the key device 200 exceeds a predetermined threshold, it may be concluded that the devices 100, 200 are too far away from each other to allow an authorized access to the structure 300.
  • any local parameter(s) and/or remoter parameter(s) of the devices 100, 200 may be encrypted for transmission over the contactless data connection dc.
  • the security device 100 may comprise a sensor device 110 ( figure 1 ) which may be configured to determine one or more of the local parameters such as the local environmental parameters and/or the local movement parameters of the security device 100.
  • FIG 3 schematically depicts a simplified block diagram of a security device 100 according to an embodiment.
  • the security device 100 comprises a sensor device 110 for determining one or more local environmental parameters lep and/or one or more local movement parameters Imp.
  • the security device 100 also comprises a calculating unit 120 such as e.g. a microcontroller or a digital signal processor or the like.
  • the functionality of these components 110, 120 and generally of device 100 may also be integrated into one or more ASICs (application specific integrated circuit) and/or FPGA (field programmable gate array).
  • ASICs application specific integrated circuit
  • FPGA field programmable gate array
  • the security device 100 may also comprise an RF interface 130 comprising e.g. a radio frequency transceiver which can be used to establish the contactless data connection dc with the key device 200 ( figure 1 ).
  • an RF interface 130 comprising e.g. a radio frequency transceiver which can be used to establish the contactless data connection dc with the key device 200 ( figure 1 ).
  • Figure 4a schematically depicts a simplified flow chart of a method according to an embodiment.
  • the security device 100 receives from the key device 200 information on at least one remote parameter of the key device 200.
  • the security device 100 grants or denies access to the structure 300 depending on said at least one remote parameter that has been received from the key device 200 in step 400.
  • the security device 100 according to the embodiment also takes into consideration said at least one remote parameter received from the key device 200 for determining whether to grant or deny access to the structure 300.
  • Figure 4b schematically depicts a flow chart of a further method according to an embodiment.
  • the security device 100 determines at least one local parameter of the security device, i.e. at least one local environmental parameter lep ( figure 3 ) and/or at least one local movement parameter Imp.
  • step 510 said security device 100 compares said at least one local parameter determined in step 500 with said at least one remote parameter received from the key device 200, and grants 520 or denies access to the structure 300 ( figure 1 ) depending on the comparison 510 of said at least one parameter with said at least one remote parameter.
  • FIG. 5 schematically depicts a simplified block diagram of a key device 200 according to an embodiment.
  • the key device 200 may comprise a sensor device 210 which is configured to determine one or more of the remote parameters 200 such as e.g. remote environmental parameters rep and/or remote movement parameters rep, rmp of the key device 200.
  • the key device 200 may also comprise a calculating unit 220 which is configured to process said parameters rep and to transmit said parameters or information derived therefrom via the radio interface 230 by means of the contactless data connection dc to the security device 100 ( figure 1 ).
  • the calculating unit 220 may also comprise digital signal processing means which may provide for at least one of the following processes:
  • Figure 6 schematically depicts a simplified flow chart of a further method according to an embodiment.
  • the key device 200 determines at least one remote parameter rep, rmp of said key device 200, and in step 610 the key device 200 transmits, preferably in encrypted fashion, information on said at least one remote parameter to the security device 100, which may then evaluate the remote parameter(s) from the key device 200 in order to form a precise assessment whether to grant or deny access to the structure 300 based on the data from the key device 200 and/or on one or more local parameters lep, Imp evaluated according to the embodiments explained above.
  • FIG. 7 schematically depicts a further aspect of the present invention.
  • the security device 100 may e.g. be comprised within a vehicle, especially land vehicle, particularly car 310.
  • the key device 200 according to the embodiments may e.g. be used in form of a car key for operating together with the security device 100 as explained above.
  • any of the aforementioned aspects may be combined with each other to even further increase the overall security of the devices 100, 200, particularly against relay attacks.
  • FIG. 8 schematically depicts a block diagram of a security unit 1000 according to an embodiment.
  • the security unit 1000 may e.g. be implemented in form of an ASIC or FPGA (or functional block of an FPGA which also comprises one or more other functional blocks, e.g. for conventional purposes) or any other type of integrated circuit.
  • the security unit 1000 is configured to receive 4000 from a key device 200 ( Fig. 1 ) information on at least one remote parameter of said key device 200, said remote parameter comprising at least one of a remote environmental parameter rep and a remote movement parameter rmp of said key device 200, and to evaluate 4002 said at least one remote parameter of said key device 200 to obtain parameter evaluation information, and to indicate 4004 to a security device 100 whether to grant or deny access to a structure 300 depending on said parameter evaluation information.
  • the security unit 1000 which may e.g. be implemented as an integrated circuit, i.e. in form of a "security chip" 1000.
  • the security chip 1000 may e.g. comprise a calculating unit 1100 for performing the above mentioned method steps and/or generally controlling an operation of the security chip 1000.
  • the security chip 1000 may also be configured to receive at least one of one or more local environmental parameters lep and/or one or more local movement parameters Imp, as indicated in Figure 8 by the dashed double arrow lep, Imp. Hence, the security chip 1000 may also make further determinations based on said information rep, rmp and/or lep, Imp, for determining which output signal I to indicate to a security device.
  • said security unit 1000 is configured to determine 5000 ( Fig. 9b ) at least one local parameter of said security device 100, said local parameter comprising at least one of a local environmental parameter lep and a local movement parameter Imp, and said security unit 1000 is configured to compare 5002 said at least one local parameter with said at least one remote parameter, and to perform said step of indicating 4004 depending on the comparison 5010 of said at least one local parameter with said at least one remote parameter.
  • said step 4000 of receiving from a key device 200 ( Fig. 1 ) information on at least one remote parameter of said key device 200 may e.g. comprise receiving said data over a data connection between a control unit or a calculating unit 120 of a security device 100 (also cf. data connection 1000' of Fig. 10 explained below), which provides said data to the security chip 1000.
  • the security chip 1000 may receive the at least one local parameter via such data connection.
  • the indication I may also be transmitted to the security device 100 or its calculating unit 120 by means of such data connection.
  • FIG 10 schematically depicts a block diagram of a conventional security device 600, which may be enhanced by applying the principle according to the embodiments.
  • the conventional security device 600 comprises a calculating unit 620 such as e.g. a microcontroller or a digital signal processor or the like, and an RF interface 630 comprising e.g. a radio frequency transceiver which can be used to establish the contactless data connection dc with a key device 200 ( figure 1 ).
  • components 620, 630 may be conventional components that may e.g. be comprised in state of the art wireless identification key systems of cars or the like.
  • the conventional security device 600 is enhanced by providing a security chip 1000 according to the embodiments, which may e.g. be configured as explained above with reference to Fig. 8 .
  • the security chip 1000 is connected to the calculating unit 620 of the security device 600 by means of a data connection 1000', which may e.g. be a serial peripheral interface (SPI) or another chip-to-chip interface, and which may be used to provide the security chip 1000 with local and/or remote parameters of a key device 200 and/or a security device 600 as e.g. received and/or determined by the security device 600.
  • a data connection 1000' which may e.g. be a serial peripheral interface (SPI) or another chip-to-chip interface, and which may be used to provide the security chip 1000 with local and/or remote parameters of a key device 200 and/or a security device 600 as e.g. received and/or determined by the security device 600.
  • SPI serial peripheral interface
  • the calculating unit 620 in form of a first functional block of an FPGA (not shown), and to provide the functionality of the security chip 1000 according to an embodiment in the form of a second functional block of the same FPGA, wherein the data connection 1000' may e.g. be implemented in form of an on-chip-bus (data bus) of the FPGA.
  • the enhanced security device 600 of Fig. 10 may perform a method similar to the one explained above with reference to figure 4a . Firstly, the security device 600 receives from a key device 200 information on at least one remote parameter of the key device 200. Subsequently, the security device 600 grants or denies access to a structure 300 ( figure 1 ) depending on said at least one remote parameter that has been received from the key device 200. Thus, alternatively to or in addition to a conventional evaluation of the identification information id also received from the key device 200 according to an embodiment, the security device 600 according to the embodiment also takes into consideration said at least one remote parameter received from the key device 200 for determining whether to grant or deny access to the structure 300.
  • the security device 600 may forward said at least one remote parameter that has been received from the key device 200 (or information derived therefrom) over data connection dc and its transceiver 630 to the security chip 1000, via data connection 1000'.
  • the security chip 1000 may evaluate said at least one remote parameter.
  • a remote movement parameter of the key device 200 may comprise data of an acceleration sensor which detects the acceleration of the key device in one or more spatial dimensions.
  • the key device may determine such acceleration data and forward it as remote movement parameter in the sense of the present embodiment to the security device 600, i.e. together with the conventionally transmitted identification information and/or separated therefrom.
  • the security device 600 may forward said acceleration data of the key 200 to the security chip 1000 via interface 1000' for performing e.g. a plausibility check.
  • the security chip 1000 may conclude that the key device is presently not substantially moved or accelerated, but is e.g. be placed on a table top or the like. From this conclusion it may further be derived that in the present configuration, no manual interaction with the key device such as a manual handling of the key device has taken place, because this would have led to some non-vanishing acceleration values related to the key device. From this analysis, the security chip 1000 may advantageously conclude that no authorized access to the security device 600 or the structure protected thereby is currently made. Consequently, the security chip may indicate to the security device 600 or its calculating unit 120 a recommendation I ( Fig. 8 ) to deny access to the structure.
  • the security device 600 may receive said recommendation I from the security chip 1000 and may now e.g. additionally consider this recommendation I for deciding whether to grant or deny access.
  • the notification I may comprise a single binary value ("deny" or "grant").
  • the notification I may comprise a real number or a percentage or the like, which e.g. represents a confidence level associated with a determination of the security chip 1000.
  • a sensor device 610 may also be provided at (or in) the security device 600, for determining at least one or more of local parameters such as the local environmental parameters and/or local movement parameters of the security device 600.
  • the sensor device 610 may be configured to provide its data lep, lmp to the control unit 620 (which may forward it to the security chip 1000) and/or directly (not shown) to the security chip 1000, and the security chip 1000 may e.g. perform the method according to Fig. 9b to evaluate said data and for providing an indication I derived therefrom to the security device 600 or its calculating unit 620.
  • the inventive aspect of the security chip 1000 advantageously enables to enhance existing security devices with the inventive functionality that offers increased security especially with respect to relay attacks.
  • the devices 100, 200 and/or at least some of their components may be implemented in form of hardware and/or firmware and/or software.
  • a determination step evaluating remote parameter(s) may be carried out by a software program running on a digital signal processor of the sensor device 100 or the key device 200.
  • Alternatively or in addition, such functionality may also be implemented in form of hardware, e.g. in as a function block of an FPGA or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)
EP14167535.5A 2014-05-08 2014-05-08 Sicherheitsvorrichtung und Verfahren zum Betrieb einer Sicherheitsvorrichtung Withdrawn EP2942758A1 (de)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP14167535.5A EP2942758A1 (de) 2014-05-08 2014-05-08 Sicherheitsvorrichtung und Verfahren zum Betrieb einer Sicherheitsvorrichtung

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP14167535.5A EP2942758A1 (de) 2014-05-08 2014-05-08 Sicherheitsvorrichtung und Verfahren zum Betrieb einer Sicherheitsvorrichtung

Publications (1)

Publication Number Publication Date
EP2942758A1 true EP2942758A1 (de) 2015-11-11

Family

ID=50846764

Family Applications (1)

Application Number Title Priority Date Filing Date
EP14167535.5A Withdrawn EP2942758A1 (de) 2014-05-08 2014-05-08 Sicherheitsvorrichtung und Verfahren zum Betrieb einer Sicherheitsvorrichtung

Country Status (1)

Country Link
EP (1) EP2942758A1 (de)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017207476A1 (en) * 2016-05-31 2017-12-07 Assa Abloy Entrance Systems Ab Door system
DE102017004168A1 (de) 2017-04-27 2018-03-22 Audi Ag Verfahren zum manipulationssicheren Betreiben eines Funkschlüsselsystems eines Kraftfahrzeugs, Funkschlüsselsystem, Verlängerungsschutzvorrichtung für ein Funkschlüsselsystem sowie ein Kraftfahrzeug mit Funkschlüsselsystem
WO2018121889A1 (en) * 2016-12-30 2018-07-05 Robert Bosch Gmbh Bluetooth low energy (ble) passive vehicle access control system for defending the system against relay attacks and method thereof
GB2558589A (en) * 2017-01-09 2018-07-18 Jaguar Land Rover Ltd Vehicle entry system
CN110024005A (zh) * 2017-02-10 2019-07-16 密克罗奇普技术公司 用于使用环境数据管理对车辆或其他对象的访问的系统和方法
CN110582800A (zh) * 2017-05-09 2019-12-17 罗伯特·博世有限公司 用于防护系统免于中继攻击的蓝牙低功耗(ble)被动车辆访问控制系统及其方法
EP4148694A1 (de) * 2021-09-14 2023-03-15 Nagravision Sàrl Zugriff auf einen asset mit benutzervorrichtung

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19850176C1 (de) * 1998-10-30 2000-08-31 Siemens Ag Diebstahlschutzeinrichtung für ein Kraftfahrzeug und Verfahren zum Betreiben der Diebstahlschutzeinrichtung
EP1721793A1 (de) * 2005-05-11 2006-11-15 Delphi Technologies, Inc. Freihändiges Kontrollsystem für Fahrzeuge
FR2888364A1 (fr) * 2005-07-05 2007-01-12 Gemplus Sa Systeme et support d'authentification securises, et procede pour leur securisation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19850176C1 (de) * 1998-10-30 2000-08-31 Siemens Ag Diebstahlschutzeinrichtung für ein Kraftfahrzeug und Verfahren zum Betreiben der Diebstahlschutzeinrichtung
EP1721793A1 (de) * 2005-05-11 2006-11-15 Delphi Technologies, Inc. Freihändiges Kontrollsystem für Fahrzeuge
FR2888364A1 (fr) * 2005-07-05 2007-01-12 Gemplus Sa Systeme et support d'authentification securises, et procede pour leur securisation

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017207476A1 (en) * 2016-05-31 2017-12-07 Assa Abloy Entrance Systems Ab Door system
WO2018121889A1 (en) * 2016-12-30 2018-07-05 Robert Bosch Gmbh Bluetooth low energy (ble) passive vehicle access control system for defending the system against relay attacks and method thereof
CN110337390A (zh) * 2016-12-30 2019-10-15 罗伯特·博世有限公司 用于防御系统免受中继攻击的蓝牙低能量(ble)被动车辆访问控制系统及其方法
US10532719B2 (en) 2016-12-30 2020-01-14 Robert Bosch Gmbh Bluetooth low energy (BLE) passive vehicle access control system for defending the system against relay attacks and method thereof
AU2017389381B2 (en) * 2016-12-30 2023-06-29 Robert Bosch Gmbh Bluetooth low energy (BLE) passive vehicle access control system for defending the system against relay attacks and method thereof
GB2558589A (en) * 2017-01-09 2018-07-18 Jaguar Land Rover Ltd Vehicle entry system
CN110024005A (zh) * 2017-02-10 2019-07-16 密克罗奇普技术公司 用于使用环境数据管理对车辆或其他对象的访问的系统和方法
DE102017004168A1 (de) 2017-04-27 2018-03-22 Audi Ag Verfahren zum manipulationssicheren Betreiben eines Funkschlüsselsystems eines Kraftfahrzeugs, Funkschlüsselsystem, Verlängerungsschutzvorrichtung für ein Funkschlüsselsystem sowie ein Kraftfahrzeug mit Funkschlüsselsystem
CN110582800A (zh) * 2017-05-09 2019-12-17 罗伯特·博世有限公司 用于防护系统免于中继攻击的蓝牙低功耗(ble)被动车辆访问控制系统及其方法
EP4148694A1 (de) * 2021-09-14 2023-03-15 Nagravision Sàrl Zugriff auf einen asset mit benutzervorrichtung

Similar Documents

Publication Publication Date Title
EP2942758A1 (de) Sicherheitsvorrichtung und Verfahren zum Betrieb einer Sicherheitsvorrichtung
US12052357B2 (en) Smart lock unlocking method and related device
US10909784B2 (en) Remote access authentication and authorization
KR102298480B1 (ko) 보안 범위 검출에 의한 보안 상태 수정
CN107415893B (zh) 用于被动访问控制的方法
US9855918B1 (en) Proximity confirming passive access system for vehicle
US7827610B2 (en) Wireless LAN intrusion detection based on location
US11080649B2 (en) Remote access monitoring
KR20160048004A (ko) 휴대기, 통신 장치 및 통신 시스템
US8468097B2 (en) Method and apparatus for protecting the privacy of responder information
WO2006071359A2 (en) Location-based network access
EP3419241A1 (de) Verfahren und system zur verhinderung eines relaisangriffs der physikalischen schicht
CN108459317B (zh) 定位方法及系统、定位服务器、核心网设备、基站
US10783506B2 (en) Methods and systems for access control to secure facilities
US10192379B2 (en) System and method for mitigating relay station attack
CN111629349A (zh) 用于车辆低功率安全挑战的系统和方法
JP2021147984A (ja) 認証システム及び認証方法
CN113068186A (zh) 通信装置以及系统
JP2020172851A (ja) 制御装置及び制御システム
US20070091858A1 (en) Method and apparatus for tracking unauthorized nodes within a network
US20170161974A1 (en) Method of preventing hacking of wireless signals
CN115720335A (zh) 基于超宽带的鉴权方法、设备、系统和存储介质
US20230132783A1 (en) Automatic gate system
US20230114701A1 (en) Managing communication between a user device and a vehicle
KR102139483B1 (ko) 사물인터넷을 이용한 자동차 스마트키 해킹방지장치 및 그 방법

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20160512