Electronic anti-theft device for motor vehicles The invention relates to a device for protection against unauthorized use of a motor vehicle, which has a drive system controlled by an on-board computer.
With increasing technical development, the demands on effective theft protection of motor vehicles also increase, especially since modern electronic security technology is opposed to modern electronic diagnostics to overcome the theft protection.
From DE-A1-3 613 605, DE-C2-3 137 260, DE-A13 940 459, DE-C1-3 835 142, DE-A1-3 733 724, DE C2-3 610 954 and EP-B1-O 309 459, electronic systems for theft protection in motor vehicles are already known. Essentially, however, the electronic anti-theft devices in the prior art relate to coded activation of the vehicle drive, an electronic key being used. For a person who wants to steal the motor vehicle, the task is simply to overcome the locking of the engagement.
EP-A-0 456 916 describes an electronic anti-theft device for motor vehicles, in which the central processor unit of a motor vehicle can be activated using a chip card. For this purpose, the chip card has a memory which contains part of the work program of the central processor unit, which has to be transferred from the chip card into the memory of the central processor unit each time for starting the motor vehicle. For this purpose, the chip card is inserted into a read / write device, a personal identification number is entered on an input keyboard and, after checking the code entered, the program is transferred from the chip card to the central processor unit, optionally in encrypted form.
When the chip card is removed, the transferred program component in the memory of the central processor unit is deleted and the vehicle cannot be used. The program part which is stored on the chip card is transmitted in encrypted form to the reading and writing device, a certain starting sequence of the signal on the chip card and the reading and writing device having to match, otherwise decoding of the signal in the writing / reading device is not possible.
The data connections between the read / write device and the central processor unit also take place in encrypted form. This system has the disadvantage that a copy of the chip card can be produced by simply copying the memory content of the chip card and it can be used in the same way as the original card.
In contrast, the invention has for its object to provide an improved electronic anti-theft device for a motor vehicle, which ensures increased security against unauthorized use of the motor vehicle.
The object is achieved with the features of the claims.
In the solution, the invention is based on the following basic ideas.
A chip card is provided which as the active element comprises a microprocessor and a storage device, e.g. contains a ROM. There is also a chip card reader and writer in the passenger compartment, which can be connected to the on-board computer via a data connection, e.g. a data bus is connected and into which the chip card is inserted before starting the vehicle. The chip card is supplied with coded information for the operation of the motor vehicle via the chip card reader and writer. The microprocessor of the chip card decodes and processes this information and delivers necessary operating data via the chip card reader and writer e.g. Mixture composition, ignition sequence etc. to the central processor unit of the on-board computer, generally an injection computer, so that the motor vehicle can start.
The invention has the advantage that the operating data required for the operation of the motor vehicle are generated from first and second output data only on the basis of a computing operation using a processing program. The first output data are stored in the memory devices on the chip card and the second output data in the memory devices in the security device.
Only when the first data connection is established, i.e. with the insertion of the chip carrier in the reading and writing device, the second output data are transmitted to the chip card and arithmetically linked in the chip card with the first output data and the operating data thus obtained is forwarded to the safety device and from there to the on-board computer. The data is preferably transmitted in encrypted form via the various data connections.
According to a preferred embodiment of the invention, the first and second output data are changed after each generation of operating data. This has the advantage that the chip card as such or its behavior changes as a result of the changed first output data contained in the memory devices of the chip card. A copy made in the meantime by a chip card would thus be unusable because the original first output data with the changed second output data would not lead to the generation of the operating data when processed by the processing program.
The output data are preferably stored in coded form in a table in the first storage devices on the chip card. In addition, the second output data have a code which is preferably also used for coding the first output data. The code can be changed. The code is preferably changed in the manner described above after each generation of operating data. For this purpose, according to a further development of the invention, a counter is provided in the safety device, which preferably runs continuously, even after switching off the ignition, the counter reading of which is used as an address at a specific point in time, with the code table stored in the second memory devices, one of them Address standing code is retrieved.
For example, since the counter runs at a rate of 100 steps per second, it is not possible for a user to produce a particular result.
According to a further embodiment of the invention, the safety device is arranged on the cable that connects the on-board computer to the peripheral devices. The safety device is preferably integrated in the multiple plug at the end of this cable or combined with it to form a structural unit. For example, the safety device can be cast with the plug in a housing.
This embodiment has the advantage that the existing signal connections of the on-board computer to the peripheral devices such as detector devices and control devices can be interrupted or changed by the safety device. According to a particularly preferred embodiment, the safety device is able to change signals on the signal lines in such a way that the on-board computer is simulated to an operating state that is actually not present. For this purpose, the signals coming from the detector devices are modified or completely blocked and other signals are generated. In this embodiment of the invention, an intervention in the on-board computer, in particular the programs used therein, is not necessary.
In addition or as an alternative to the use of a chip carrier, a fingerprint reader and an associated evaluation device are provided, with which the authorization of a person to drive the motor vehicle can be checked and only when an authorized person is identified, the security device is triggered to release the operation of the motor vehicle. This embodiment has the advantage that the protection against unauthorized use of a motor vehicle is further increased.
According to a particularly preferred embodiment of the invention, the chip card reader and writer is integrated in the ignition lock and / or the active element of the chip card is integrated in the ignition key. This has the advantage that the same functionality offers greater ease of use and greater security.
The advantage of the invention is that an unauthorized person cannot start the motor vehicle simply by overcoming a lock, since the starting process requires data exchange and processing of information in operating data for the motor vehicle drive, preferably for an injection device for the fuel.
The chip card receives the information in coded form, e.g. an individual code for the respective vehicle, and decodes it before processing. After successful starting, the chip card is no longer required until the next engine start and can be removed from the chip card reader and writer again. Both the chip card and the chip card reader and writer can be produced in a very small version. The chip card reader and writer can be retrofitted into the motor vehicle and can e.g. in the glove compartment or on the center console. As already stated above, the chip card reader and writer is preferably installed in the ignition lock present in a motor vehicle. In this case, the active element of the chip card is integrated in the ignition key.
In this case, the ignition key forms the carrier for the chip, which is arranged, for example, on the key handle and can be connected to corresponding contact pins in the ignition lock via corresponding contact surfaces, preferably in the beard area. This creates a simple connection between the chip and the chip card reader and writer.
In an embodiment according to the invention, a time period (e.g. 10 to 30 minutes) that can be set by the driver of the vehicle is stored on the chip card, and a concealed switch is attached to the vehicle and is connected to the on-board computer. If the driver is forced to leave the vehicle in the event of robbery while the engine is running and the chip card is inserted, he can press the switch to have the chip card reader and writer read out the set time period and send it to the on-board computer, which then passes after the time period has expired stops the engine, whereby the chip card cannot start the engine again.
This embodiment has the advantage that the motor vehicle is stopped safely for the driver only after he has moved away from him.
In another embodiment according to the invention, the chip card contains information which, after the chip card has been inserted into the chip card reader and writer, releases a lock for the engine and trunk hood. For this purpose, an electronic device can also be installed that controls the locking. The lock is actuated in parallel to the stopping of the motor after operating the concealed switch. A small emergency voltage battery can be arranged in the vehicle, which actuates the lock when the vehicle battery is empty.
The invention is explained in more detail below with the aid of examples and the drawing. 1 shows a block diagram of a first embodiment of the
Invention and Fig. 2 is a block diagram of a second embodiment of the invention.
The embodiment of the invention shown in FIG. 1 comprises an e chip card 10 with a first microprocessor 12, a first program memory 14 and a first data memory 16. The chip card 10 is connected to a reading and writing device 20 via a first data connection 18. The reading and writing device is connected to a security device 30 via a second data connection 28, a bidirectional data connection, preferably for serial data transmission. The safety device 30 comprises a second microprocessor 32, a second program memory 34 and a second data memory 36. The safety device is connected to an on-board computer 40 of a motor vehicle via a third data connection 38.
First output data are stored in the first data memory 16 and second output data are stored in the second data memory 38. In addition, a first processing program is stored in the first program memory. As soon as a chip card is inserted in the reading and writing device, the security device 30 receives a signal, whereby the second microprocessor 32 supplies the second output data stored in the second data memory 36 to the first microprocessor. Processing takes place in the first microprocessor 12 on the chip card 10 by means of the processing program present in the program memory 14, the first output data present in the first data memory 16 and the transmitted second output data.
During this processing, the operating data necessary for the operation of the motor vehicle are generated and supplied from the chip card to the safety device 30 via the reading and writing device 20. In this example, the operating data are further transmitted from the safety device 30 to the on-board computer 40, which only receives these operating data, e.g. can start the electronics for the engine management.
For example, the security device sends a code that corresponds to a product of two prime numbers to the processor of the chip card. This breaks down the code into the two prime numbers and calculates using the formula
Y = X to the power 3 mod N the data for the motor electronics from a table in the memory of the chip card. X is the data from the table, N is the product of the prime number and Y is the data that is then transmitted from the chip card to the security device. This then transmits the data to the engine electronics.
The code is preferably changed after each use of the chip card. The random status of a constantly running counter (not shown) and as a pointer to a table is used for this. The element that the pointer points to is the new code. The counter runs continuously (even after the ignition is switched off) at a speed of 100 steps per second. As a result, it is not possible for a user to provoke a specific result.
The embodiment shown in FIG. 2 is a further development of the invention. The safety device is connected to the cable to be connected to the on-board computer. In the example shown, the safety device is integrated with the plug to be connected to the motor electronics in one structural unit, for example by gluing or potting. The on-board computer itself is unchanged. By arranging the safety device 30 in the signal path between the on-board computer and peripheral units, some of the lines can be cut and connected to the safety device. Operational signals for the engine electronics and signals from the engine electronics to individual components are blocked or changed by the electronics of the safety device.
The signal transmitter A and signal transmitter B 501 and 502 are, for example, the brand transmitter for the top dead center, the angle transmitter for determining the working position of the engine or the ignition on control from the ignition key Delivering injection pulses or other components 60n such as the gasoline pump and the throttle valve are used.
In this embodiment, operationally relevant signals for the engine electronics and signals from the engine electronics to individual components, such as the injection valve, can be blocked or changed by the electronics on the safety device. As in the first embodiment, the security device is connected to the reading and writing device for a microprocessor chip card. By inserting a valid card, the original form of the signals is then routed into or out of the engine electronics.
Below are some examples of what control signals can be interrupted or changed for the external control device.
Measurement signals from detectors are supplied in digital and analog form as input variables. The signals "top dead center" and "position of the crankshaft" are digital values. The Motronik counts the impulses of the crankshaft position from the impulse top dead center and thus determines the actual position of the crankshaft / camshaft and the speed. The sensor for the crankshaft position is usually only an encoder which reproduces the teeth on the starter ring gear on the crankshaft in the form of rectangular pulses, ie there is no angle specification, the Motronik calculates these from the two sizes dead center and number of teeth from dead center.
For mixture preparation, there are sensors that measure the amount of air sucked in (always indirectly via dynamic pressure, suction pipe vacuum or speed of the air sucked in). These are analog values, i. d. R. variable resistances, which are measured in voltage (0 to 7V, impressed current) or current (few mA, impressed voltage).
The throttle valve position is partly supplied as a digital value (idle position, full throttle position) and as a variable angle value, i.e. a resistance of a few kOhm depending on the throttle position 0-9OGrad.
The triple speed, intake air quantity and throttle valve position mainly determine the metered injection quantity per cylinder and the ignition timing.
In addition, the air temperature, the air pressure, the engine temperature and - some other influencing variables are measured.
However, only a small percentage of these are included in the calculation. An interruption or change of these signals affects the vehicle's readiness to drive.
Digital control signals with a variable pulse width are essentially output as output variables. These control the opening times of the petrol injection nozzles and the ignition timing. Valve control is also influenced in luxury vehicles.
If the ignition impulses or the petrol injection impulses are blocked, the engine will not work.
The blocking and changing of signals should preferably be on the input side. The control pulses for the injection nozzles are of low impedance with a high inductive component (coils) and require very complex circuits. Only the control signals for the ignition are passed on to an amplifier, which generates the actual high voltage.
The input signals can be easily blocked or influenced using conventional electronic means. The sizes of top dead center, crankshaft position, air quantity, throttle valve position and ignition pulses are therefore preferably influenced by the invention.
In the simplest case, the digital signals are blocked by an electronic switch (CMOS transistor), or the digital signal goes to an electronic gate and is e.g. AND linked.
The analog signals are blocked by an analog semiconductor switch (the signals are unipolar, so standard ICs are sufficient).
A further form of the invention is a change in the signals which are sent to the motronics or passed on by them.
For example, the pulses from the top dead center sensor can be delayed by a certain time (switchable delay line), the pulses from the crankshaft position are divided by a digital counter by 2,4,8, the same can be applied to the output pulses for the ignition amplifier. Or a permanent idle position of the throttle valve is signaled by connecting an open collector gate to the relevant signal line.
The analog signals are generated by means of a D / A converter and delivered to the Motronik instead of the original data, thus signaling e.g. very small amount of air sucked in.
The necessary data for changes and the blocking of signals are stored on the chip card. All of this leads to an incorrect metering of the amount of gasoline and an incorrect ignition timing.
All of these influences have the consequence that the engine starts when the ignition lock is bypassed, but under no circumstances does the vehicle start up due to misfires, misfiring, etc. and signals a defect. This has the advantage that the thief does not suspect an additional lock (the engine is starting), but suspects greater damage to the engine and, due to the suspected necessary repair, refrains from theft. This avoids further destruction in the passenger compartment when searching for electronic locks. In addition, the permanent attempts to start (the engine keeps turning off) and the misfires associated with loud bangs develop a background noise that is much more likely to attract third-party attention than an alarm system.
With the help of a potting compound, after mounting the circuit board of the safety device, it is glued directly to the connector and the connected cables. This guarantees security against manipulation.
As an alternative to the card reading unit, a fingerprint reader can be provided. By placing a fin gers on the reader, the release of the motor electronics is then effected. Furthermore, it is possible to use the chip card as a tachograph, with corresponding data being supplied to the chip card during operation of the vehicle and being stored in the first data memory for later analysis or diagnosis.