WO2003060835A2 - Method of operating an access control system - Google Patents
Method of operating an access control system Download PDFInfo
- Publication number
- WO2003060835A2 WO2003060835A2 PCT/IB2002/005596 IB0205596W WO03060835A2 WO 2003060835 A2 WO2003060835 A2 WO 2003060835A2 IB 0205596 W IB0205596 W IB 0205596W WO 03060835 A2 WO03060835 A2 WO 03060835A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- base station
- storage medium
- data storage
- information code
- receiver
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00555—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks comprising means to detect or avoid relay attacks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/60—Indexing scheme relating to groups G07C9/00174 - G07C9/00944
- G07C2209/61—Signal comprising different frequencies, e.g. frequency hopping
Definitions
- the invention relates to a method of operating an access control system having a base station, which is located on an object to be protected from unauthorized access, and a data storage medium which can be arried by a user, and is arranged to exchange signals with the base station to determine access authorization and to control the base station appropriately, wherein substantially the same carrier frequency is used for signal transmission from the base station to the data storage medium and from the data storage medium to the base station.
- Such an access control system which is generally designed as a passive system and hereinafter is also designated a "Passive Keyless Entry (PKE)" system, is known for example from US-A-5,412,379.
- PKE Passive Keyless Entry
- the system described therein is designed as an automotive vehicle access system, but is also suitable for providing secure access systems on the basis of chip cards in the field of building security.
- the user carries a chip card with them which, as soon as the user moves, energizes the transmitter portion of the chip card.
- the transmitter portion then continuously emits a coded high frequency signal, which contains clock, identification and function data conventionally together with an error correction code. If the user comes into the vicinity of the object to be protected, the receiving antenna, which is located on the object to be protected, couples the transmitted energy into the receiver or controller.
- FIG. 1 A further possible configuration for providing a PKE system is shown in Fig. 1.
- the signal transmission connections are provided in the form of a so-called "up-link frame" 2, formed for example by a UHF channel and via which signals are transmitted from the vehicle 1 to the PKE card 4, and a so-called “down-link frame” 3, formed for example by a UHF channel and via which signals are transmitted from the PKE card 4 to the vehicle 1.
- a PKE base station in the vehicle 1 starts to generate a signal designated "challenge", which is transmitted via the "up-link frame" 2 to the PKE card 4.
- a circuit arrangement provided with a microprocessor and located in the PKE card 4 then calculates from the "challenge” a signal sequence designated “response” by means of a cryptographic algorithm and a secret key.
- This "response” signal is then transmitted from the PKE card 4 via the "down-link-frame” 3 to the PKE base station.
- the PKE base station compares the "response” using an identical cryptographic algorithm and an identical secret key. If the comparison yields the result "identical”, the PKE base station causes the opening of the vehicle 1.
- the present invention is particularly well suited to such a configuration.
- the disadvantage of the described arrangement is that an external attacker who tries to open the vehicle can perform the so-called "relay attack" with relatively little technical effort.
- Fig. 2 is a schematic representation of an arrangement for performing such a "relay attack".
- an additional transmission link 5 consisting of a PKE card emulator, designated relay A, a PKE station emulator, designated relay B, and a communication link between relay 1 and relay 2 are inserted into the configuration according to Fig. 1.
- One attacker is located in the immediate vicinity of the vehicle with the relay A.
- the second attacker with the relay B, moves close enough to the valid PKE card 4.
- the vehicle transmits its "challenge", which is passed by the relay A, via the above-mentioned communication link, to the relay B.
- the relay 2 emulates the "up-link frame” and thus passes the "challenge” to the valid PKE card 4.
- the PKE card 4 responds to the relay B by transmitting this "response", i.e. the relay B transmits the "response” via the above- mentioned communication link to the relay A and thence to the PKE base station in the vehicle 1. Since the "response” was generated by the genuine PKE card 4 on the basis of the genuine "challenge” from the PKE base station using the correct crypto algorithm and the correct key, the "response” is recognized as valid and the vehicle door opens.
- the method comprises the following steps: a) initialization of the base station and the data storage medium; b) provision of an information code, which is generated in parallel and identically, i.e. symmetrically, both in the base station and in the data storage medium; and c) configuration of the receiver and/or transmitter both in the base station and in the data storage medium, using at least part of the information code or control information derived from the information code, without the information code, parts thereof or control information derived therefrom being transmitted between the base station and the data storage medium.
- the basic concept of the invention is thus the use of a priori information from encrypted data and the associated utilization of the analog properties and restrictions of the transmission link.
- the system is prepared to support rapid switching of the transmission direction and resumption of transmission after an initialization phase, in that at least the receiver in the object to be protected as well as in the data storage medium can be configured.
- Configuration here means optimum adaptation of the transmitter and/or the receiver to the subsequent data transmission.
- the configuration of the receiver comprises the freezing of the comparator threshold, dynamic threshold tracking thus being suppressed and a defined comparison level fluctuates around the threshold values as described in DE 100 41 008 Al.
- the high read reliability of the incoming signal is thus abandoned.
- Other measures to support a rapid transient response of the receiver are also feasible.
- the transmitters preferably can also be configured; for example, the transmission level may be varied, the carrier signal switched on and off, the transmission direction reversed, the modulation type varied or the transmission frequency changed. In this way, the attacker is deceived and rapid reception and forwarding of data is made more difficult for the attacker.
- the invention provides a method for operating a PKE system which is highly resistant to external attacks, by making the so-called "relay attack” considerably more difficult. This is achieved by a protocol which cannot be predicted by attackers and suitable, economic hardware. An additional time measurement may also detect whether a relay attack is taking place. Time measurement is particularly cost-effective to perform due to the additional time saving. Since the invention is predominantly based on an adapted, fully flexible protocol, it may be performed economically using software.
- a device with which the method may be performed is likewise provided, together with a computer software product for software implementation.
- Fig. 1 shows a possible configuration for providing a PKE system
- Fig. 2 shows an arrangement for performing a "relay attack" on the configuration according to Fig. 1 ;
- Fig. 3 shows the structure of a PKE system according to the invention
- Fig. 4 shows an example of a more attack-resistant PKE protocol
- Fig. 5 is a schematic representation of the control system for mutual authentication of a motor vehicle and the PKE card.
- FIG. 3 illustrates the structure of a PKE system which is considerably more resistant to external attacks.
- Systems under consideration here are those which use substantially the same carrier frequency for both transmission directions, e.g. UHF/UHF systems or GHz/GHz systems.
- a PKE base station 10 in a vehicle contains a crypto and control unit 16, which passes coded data to a transmitter 12 and obtains data from a receiver 14.
- This receiver 14 may be configured in a manner suitable for the invention. Thus, for example, provision may be made for the freezing of the comparator threshold or other measures taken to support a rapid transient response of the receiver.
- the PKE base station 10 is coupled, via a bus 18 or similar interface to the electrical system of the vehicle.
- the PKE card 4 accordingly comprises a transmitter 42 and a receiver 44 with configurable behavior, which are supplied with data or controlled by a crypto and control unit 46.
- the receiver 44 in the PKE card 4 may be configured in the same way as the receiver 14 in the PKE base station 10.
- the transmitters 12, 42 may also be configurable, e.g. in order to vary the transmission level or to provide frequency switching (frequency hopping). It may also be feasible to support switching of the modulation type, such that it changes between ASK (Amplitude Shift Keying), FSK (Frequency Shift Keying) and PSK (Phase Shift Keying).
- a PKE protocol may be implemented as illustrated by way of example in Fig. 4.
- the design of the protocol is flexible and controlled by the information code; therefore, it is random as far as the attacker is concerned but non-random as far as the system is concerned.
- the PKE base station sends a wake-up call to the
- PKE card together with a random number by means of which the PKE card encrypts and returns its serial number. Authentication then takes place.
- Crypto bits 0...a are then exchanged, which are not however related to the information code.
- the transmitted crypto bits are either calculated in parallel as control bits in the PKE base station and in the card and never transmitted or derived in a look-ahead manner from the crypto bits still to be transmitted.
- Only the PKE base station and the PKE card know a priori from the crypto information whether, for example, the receiver in the PKE base station is activated or its comparator threshold frozen.
- the field may be switched off or the field strength changed, so that the attacker requires time due to settling or switching processes, which may be detected via time, measurement as an attack.
- Control of the receivers and transmitters may be also be performed via control bits which are derived from the crypto algorithm but which are not transmitted and indeed must not be transmitted and are thus hidden from the external attacker.
- An example of such channel property control is illustrated in Fig. 5. This provides the PKE station and PKE card with a significant time advantage against the potential attacker. The time which the attacker needs for the sudden switching of transmission direction or the adaptation to a change in field strength or other measures can be measured cost-effectively by justifiable technical means. An external relay attack on the system is thus revealed. Both the PICE base station and the PKE card may be automatically calibrated.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2002353401A AU2002353401A1 (en) | 2002-01-17 | 2002-12-23 | Method of operating an access control system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10201580.5 | 2002-01-17 | ||
DE2002101580 DE10201580A1 (en) | 2002-01-17 | 2002-01-17 | Procedure for operating an access security system |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003060835A2 true WO2003060835A2 (en) | 2003-07-24 |
WO2003060835A3 WO2003060835A3 (en) | 2003-11-20 |
Family
ID=7712353
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2002/005596 WO2003060835A2 (en) | 2002-01-17 | 2002-12-23 | Method of operating an access control system |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU2002353401A1 (en) |
DE (1) | DE10201580A1 (en) |
WO (1) | WO2003060835A2 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104375441A (en) * | 2014-11-06 | 2015-02-25 | 联合汽车电子有限公司 | Vehicle-mounted power source management device and control method thereof |
WO2017067892A1 (en) * | 2015-10-19 | 2017-04-27 | Valeo Comfort And Driving Assistance | Method for estimating a distance and electronic unit for a vehicle |
WO2020077221A1 (en) * | 2018-10-12 | 2020-04-16 | Denso International America, Inc. | Passive entry/passive start communication systems with selected antennas having multiple polarized axes |
US11714184B2 (en) | 2018-10-12 | 2023-08-01 | Denso International America, Inc. | Up-sampling and cross-correlation for time of arrival determinations in passive entry/passive start systems |
DE102007041512B4 (en) | 2007-08-31 | 2024-03-07 | HELLA GmbH & Co. KGaA | Safety and locking device in motor vehicles with a combined indoor and outdoor antenna |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102006008140A1 (en) * | 2006-02-20 | 2007-08-23 | Conti Temic Microelectronic Gmbh | Operating method for radio based identification system, involves producing electrical field of predetermined field strength with identification information by central unit, identification transmitter receives one identification information |
DE102009039879B9 (en) * | 2009-09-03 | 2014-12-31 | Werner Niemeyer-Stein | Method for controlling the release of a device or a service, a transceiver device designed as a master and a system having such a device |
JP5688776B2 (en) * | 2013-01-18 | 2015-03-25 | オムロンオートモーティブエレクトロニクス株式会社 | Communication system and communication apparatus |
JP5721754B2 (en) | 2013-01-28 | 2015-05-20 | オムロンオートモーティブエレクトロニクス株式会社 | Communication system and communication apparatus |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19832204A1 (en) * | 1998-07-17 | 2000-01-20 | Kostal Leopold Gmbh & Co Kg | Keyless access control in motor vehicle using carrier medium, whose characteristics are changed during transmission of data telegram |
WO2000006858A1 (en) * | 1998-07-29 | 2000-02-10 | Bayerische Motoren Werke Aktiengesellschaft | A security system |
DE19839695C1 (en) * | 1998-09-01 | 2000-05-04 | Kostal Leopold Gmbh & Co Kg | Method of conducting keyless access authorization checks, e.g. for motor vehicles, involves evaluating difference between reference code signal and response signal characteristic |
EP0999103A2 (en) * | 1998-11-04 | 2000-05-10 | Adam Opel Ag | User identification device |
EP1081000A2 (en) * | 1999-08-31 | 2001-03-07 | Mannesmann VDO AG | Security device |
-
2002
- 2002-01-17 DE DE2002101580 patent/DE10201580A1/en not_active Withdrawn
- 2002-12-23 WO PCT/IB2002/005596 patent/WO2003060835A2/en not_active Application Discontinuation
- 2002-12-23 AU AU2002353401A patent/AU2002353401A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19832204A1 (en) * | 1998-07-17 | 2000-01-20 | Kostal Leopold Gmbh & Co Kg | Keyless access control in motor vehicle using carrier medium, whose characteristics are changed during transmission of data telegram |
WO2000006858A1 (en) * | 1998-07-29 | 2000-02-10 | Bayerische Motoren Werke Aktiengesellschaft | A security system |
DE19839695C1 (en) * | 1998-09-01 | 2000-05-04 | Kostal Leopold Gmbh & Co Kg | Method of conducting keyless access authorization checks, e.g. for motor vehicles, involves evaluating difference between reference code signal and response signal characteristic |
EP0999103A2 (en) * | 1998-11-04 | 2000-05-10 | Adam Opel Ag | User identification device |
EP1081000A2 (en) * | 1999-08-31 | 2001-03-07 | Mannesmann VDO AG | Security device |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102007041512B4 (en) | 2007-08-31 | 2024-03-07 | HELLA GmbH & Co. KGaA | Safety and locking device in motor vehicles with a combined indoor and outdoor antenna |
CN104375441A (en) * | 2014-11-06 | 2015-02-25 | 联合汽车电子有限公司 | Vehicle-mounted power source management device and control method thereof |
WO2017067892A1 (en) * | 2015-10-19 | 2017-04-27 | Valeo Comfort And Driving Assistance | Method for estimating a distance and electronic unit for a vehicle |
FR3044100A1 (en) * | 2015-10-19 | 2017-05-26 | Valeo Comfort & Driving Assistance | METHOD FOR ESTIMATING DISTANCE AND ELECTRONIC UNIT FOR VEHICLE |
US10692318B2 (en) | 2015-10-19 | 2020-06-23 | Valeo Comfort And Driving Assistance | Method for estimating a distance and electronic unit for a vehicle |
US10984615B2 (en) | 2018-10-12 | 2021-04-20 | Denso International America, Inc. | Passive entry/passive start access systems with tone exchange sniffing |
US10902691B2 (en) | 2018-10-12 | 2021-01-26 | Denso International America, Inc. | Passive entry/passive start access systems with bidirectional tone exchange |
US10943417B2 (en) | 2018-10-12 | 2021-03-09 | Denso International America, Inc. | Passive entry/passive start access systems including round trip time sniffing |
US10885729B2 (en) | 2018-10-12 | 2021-01-05 | Denso International America, Inc. | Passive entry/passive start systems using continuous wave tones and synchronization words for detecting range extender type relay station attacks |
US10991182B2 (en) | 2018-10-12 | 2021-04-27 | Denso International America, Inc. | Multi-axis polarized RF antenna assemblies for passive entry/passive start systems |
US11010996B2 (en) | 2018-10-12 | 2021-05-18 | Denso International America, Inc. | Passive entry/passive start systems using I and Q data for detecting range extender type relay station attacks |
US11037386B2 (en) | 2018-10-12 | 2021-06-15 | Denso International America, Inc. | Passive entry/passive start systems detecting range extender type relay station attacks |
US11127234B2 (en) | 2018-10-12 | 2021-09-21 | Denso International America, Inc. | Passive entry/passive start communication systems with selected antennas having multiple polarized axes |
US11714184B2 (en) | 2018-10-12 | 2023-08-01 | Denso International America, Inc. | Up-sampling and cross-correlation for time of arrival determinations in passive entry/passive start systems |
US11776334B2 (en) | 2018-10-12 | 2023-10-03 | Denso International America, Inc. | Passive entry/passive start access systems including round trip time sniffing |
WO2020077221A1 (en) * | 2018-10-12 | 2020-04-16 | Denso International America, Inc. | Passive entry/passive start communication systems with selected antennas having multiple polarized axes |
Also Published As
Publication number | Publication date |
---|---|
AU2002353401A1 (en) | 2003-07-30 |
DE10201580A1 (en) | 2003-08-07 |
WO2003060835A3 (en) | 2003-11-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10187793B2 (en) | Method for pairing a mobile telephone with a motor vehicle and locking/unlocking set | |
US10427643B1 (en) | Defense against relay attack in passive keyless entry systems | |
US20010033222A1 (en) | Passive keyless entry system | |
US8630748B2 (en) | Method and apparatus for access and/or starting verification | |
US10252699B2 (en) | Method for operating a passive radio-based locking device and passive radio-based locking device with a mobile device as a transportation vehicle key | |
KR20000070871A (en) | Code signal transmitter, especially for an anti-theft system in a motor vehicle | |
US20180276924A1 (en) | Vehicle-mounted device, portable device, and vehicle wireless communication system | |
JPH04302682A (en) | Remote access system | |
US10142846B2 (en) | Relay attack prevention | |
US10943416B2 (en) | Secured communication in passive entry passive start (PEPS) systems | |
WO2003060835A2 (en) | Method of operating an access control system | |
KR20190100948A (en) | How to Protect Against Relay Attack | |
US20090138707A1 (en) | Method for Fast Pre-Authentication by Distance Recognition | |
US20020163419A1 (en) | Identification system for verifying the authorization to access an object or to use an object such as a motor vehicle | |
CN113449285A (en) | Authentication system and authentication method | |
KR20030019348A (en) | Identification system for verifying the authorization for the access to an object or the use of an object, especially of a motor vehicle | |
CN110110568A (en) | A kind of NFC electronic lock card reader and card reading method based on random key | |
US20040054934A1 (en) | Method for authenticating a first object to at least one further object, especially the vehicle to at least one key | |
US6834179B2 (en) | Method for operating an access control system, in particular for a motor vehicle, and access control system | |
EP0961438B1 (en) | Authentication system, authentication device, authentication data producing device, and authentication method | |
RU2730356C1 (en) | System and method of preventing unauthorized vehicle access | |
US11427160B2 (en) | Field superposition method and system | |
CN112785753B (en) | GPS-based automobile access control system and attack prevention method | |
KR101905494B1 (en) | Method to protect relay-attack of smartkey system for vehicles | |
CN112061074A (en) | Unlocking method for intelligent automobile |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |