Access and driving authentication system with increased security against relay attacks on the transponding interface
10464527 ยท 2019-11-05
Assignee
Inventors
Cpc classification
B60R25/241
PERFORMING OPERATIONS; TRANSPORTING
G07C9/00309
PHYSICS
B60R25/24
PERFORMING OPERATIONS; TRANSPORTING
B60R25/245
PERFORMING OPERATIONS; TRANSPORTING
International classification
B60R25/24
PERFORMING OPERATIONS; TRANSPORTING
Abstract
An authentication element that may include a keyless go device for a vehicle. The authentication element may include a transponding interface for transmitting an authentication signal and receiving power and data. A sensor element may also be provided for detecting a movement and/or inclination. The authentication element is designed such that authentication signals are transmitted over the transponding interface when the sensor element detects a stored movement and/or inclination. An authentication system for vehicles may include at least one authentication element and an apparatus.
Claims
1. An authentication element including a keyless go device for a vehicle, the authentication element comprising: a transponding interface for transmitting an authentication signal and for receiving power and data, and a sensor element for detecting at least one of a movement and inclination, wherein authentication signals are transmitted over the transponding interface when the sensor element detects at least one of a stored movement and inclination, and wherein: the authentication element has a signal processing and a forwarding device, the signal processing and forwarding device is connected to the transponding interface and to the sensor element, the signal processing and forwarding device detects at least one of the movement and inclination of the sensor element, at least one of a stored movement and inclination is stored in the signal processing and forwarding device for comparison, the signal processing and forwarding device transmits authentication signals over the transponding interface, and the authentication signals contain at least one of a movement and inclination detected at the sensor element.
2. The authentication element in accordance with claim 1, wherein: the sensor element of the authentication element has at least one of an acceleration sensor and inclinometer for the purpose of detecting at least one of a movement and inclination, the signal processing and forwarding device is designed such that the at least one of detected movement and inclination is compared to the at least one of stored movement and inclination, if the comparison is positive, the signal processing and forwarding device transmits authentication signals over the transponding interface.
3. An authentication system for vehicles with at least one authentication element in accordance with claim 2 comprising: an apparatus having a reading device for sending power and data as well as receiving authentication signals, whereby the transponding interface of the authentication element is engageable with the reading device for the apparatus in order to transmit authentication signals to the reading device after receiving power and data, and wherein a function is activated after receiving transmitted authentication signals.
4. The authentication system in accordance with claim 3 wherein: the apparatus has a control system including function logic for processing authentication signals that is preferably connected to the reading device, there are stored authentication signals for comparison stored in the apparatus in the function logic, the received and stored authentication signals contain at least one of a movement and inclination detected at the sensor element, the function logic compares received authentication signals to stored authentication signals, the apparatus has a sensor device for detecting an inclination, the control system detects at least one of a movement and inclination of the sensor device, the sensor device has at least one of an acceleration sensor and an inclinometer.
5. A process for checking an authentication request intended by a user on an authentication element of a vehicle with an authentication system in accordance with claim 4, whereby the process has the following steps: positioning the authentication element in the transmission and reception area of the reading device of the apparatus, receiving power, whereby the transponding interface of the authentication element receives power from the reading device of the apparatus, detecting at least one of the movement and inclination at the authentication element by the sensor element, generating authentication signals which include the detected at least one of movement and inclination, transmitting the authentication signals from the authentication element to the apparatus, and comparing the detected authentication signals with stored authentication signals in the apparatus.
6. A process for checking an authentication request intended by a user on an authentication element of a vehicle with an authentication system in accordance with claim 4, whereby the process has the following steps: positioning the authentication element in the transmission and reception area of the reading device of the apparatus, receiving power, whereby the transponding interface of the authentication element receives power from the reading device of the apparatus, detecting at least one of the movement and inclination at the authentication element by the sensor element, comparing at least one of the detected movement and inclination in the authentication element with at least one of a stored movement and inclination, whereby, when the comparison is positive, transmission of authentication signals is initiated from the authentication element to the apparatus.
7. The process in accordance with claim 5, wherein: the detection of at least one of the movement and inclination includes a detection by the signal processing and forwarding device of the authentication element; the stored authentication signals are stored in the signal processing and forwarding device of the authentication element; the stored authentication signals are stored in the function logic of the apparatus; when the comparison is positive, the detected authentication signals match the stored authentication signals.
8. The process in accordance with claim 5, wherein: the function logic compares the authentication signals of the authentication element to the stored authentication signals of the apparatus, the signal processing and forwarding device compares at least one of the detected movement and inclination to at least one of the stored movement and inclination, the signal processing and forwarding device uses a wireless connection of the transponding interface and reading device to transmit authentication signals to the function logic of the apparatus, and the step of transmitting the authentication signals preferably includes at least one of encryption and compression of the authentication signals.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) Reference is now made more particularly to the drawings, which illustrate the best presently known mode of carrying out the invention and wherein similar reference characters indicate the same parts throughout the views.
(2)
(3)
DETAILED DESCRIPTION OF THE DRAWINGS
(4) In the following description, identical reference signs are used for identical objects.
(5)
(6) The authentication element (1) is designed in this example as a key or a keyless go device for the vehicle (20) and has a transponding interface (2) for sending/transmitting authentication signals and for receiving power and data. The antennas pictured on the transponding interface (2) are merely depict the sending/receiving process visually.
(7) Furthermore, the authentication element (1) has a signal processing and forwarding device (6). This device is connected to the transponding interface (2) and to a sensor element (3) for detecting a movement and/or inclination.
(8) The sensor element (3) has a acceleration sensor and/or inclinometer (not pictured) for detecting a movement and/or inclination.
(9) In the signal processing and forwarding device (6) of the authentication element (1), a stored movement and/or inclination is stored for comparison with a measured or detected movement and/or inclination.
(10) The signal processing and forwarding device (6) is also designed such that it compares the detected movement and/or inclination to the stored movement and/or inclination, whereby, if the comparison is positive, the signal processing and forwarding device (6) transmits authentication signals over the transponding interface (2). Here, the authentication signals can include a movement and/or inclination detected by the sensor element (3), allowing this movement and/or inclination to be transmitted, for example, to the apparatus (10).
(11) In simple terms, the authentication element (1) is designed such that authentication signals are transmitted over the transponding interface (2) if the sensor element (3) detects a movement and/or inclination that corresponds to a stored movement and/or inclination.
(12) The apparatus (10) of the authentication system (30) is on the vehicle side, i.e. positioned in the vehicle (20) and has a reading device (13) for sending power and data and receiving an authentication signal.
(13) Furthermore,
(14) In simple terms, the apparatus (10) is designed such that a function is activated, specifically driving authentication, after receiving transmitted authentication signals from the authentication element (1).
(15) The apparatus (10) here has a control system (12) with a function logic (12a) for processing authentication signals that is connected to the reading device (13). The apparatus (10) also has a sensor device (14) with an inclinometer. This inclinometer is used to detect the inclination of the apparatus and to take into account this inclination when comparing the stored and detected authentication signals or detected movement and/or inclination to the stored movement and/or inclination.
(16) Thus, to summarize, after the transmission of authentication signals from the authentication element (1) to the apparatus (10) over a wireless connection of reading device (13) and transponding interface (2), the function logic (12a) can send driving authentication, for example, for the vehicle (20).
(17) In an alternative embodiment, the authentication element (1) is designed to transmit authentication signals over the transponding interface (2) that include the movement and/or inclination of the sensor element (3).
(18) The apparatus (10) is also designed to compare the authentication signals transmitted by the authentication element (1) with stored authentication signals and to activate a function if the comparison is positive.
(19) For this purpose, authentication signals for comparison are stored in the function logic (12a). This allows received and stored authentication signals to be compared. For the sake of completeness, it should be expressly noted that, in this alternative, the transmitted and stored authentication signals include a movement and/or inclination detected by the sensor element (3).
(20) Of course, it is also possible to combine the two aforementioned versions with each other.
(21)
(22) Here, in the event that an authentication element or a keyless entry key has no power for sending and receiving signals, the emergency start function is made available. This function involves supplying the authentication element with power using a transponding method, the same method used for RFID chips.
(23) Since the vehicle (20), more specifically its control system (12), cannot differentiate between an actual emergency start, e.g. whereby the battery of the authentication element (1) is empty, and an attack on the emergency start function, the vehicle (20) with an authentication system known from the state of the art would start and thus grant driving authentication. This type of attack is detected and prevented here. The attack may also be an attack on the immobilizer.
(24) After positioning the authentication element (1) in the transmission and reception area of the reading device (13) of the apparatus (10) in step A, power is received in step B. Here, the transponding interface (2) of the authentication element (1) receives power from the reading device (13) of the apparatus (10). This takes place through the process of transponding, during which power is transferred from one element to another through magnetic fields (for example), similar to how an RFID chip works.
(25) Following this, the authentication element (1) is able to use the signal processing and forwarding device (6) in step C to detect a movement and/or inclination of the sensor element (3) of the authentication element (1) and to generate authentication signals that contain the detected movement and/or inclination.
(26) In step D, the generated authentication signals are transmitted from the authentication element (1) to the apparatus (10) in order to compare these generated or detected authentication signals in step E with stored authentication signals in the function logic (12a) of the apparatus (10). Because the apparatus (10) or the vehicle (20) may be sitting on an inclined surface, the apparatus (10) has a sensor device (14) with an inclinometer, which can adjust the stored authentication signals by accounting for the existing inclination. This makes it possible to adjust the stored authentication signals to account for an inclination of the vehicle in order to, for example, keep a permitted angle range for the authentication element to a minimum. Doing so is necessary because otherwise a vehicle that is parked on a hill or slope, for example, would not be able to start.
(27) If the comparison of the detected authentication signals with the stored authentication signals is positive or if the two signals match, driving authentication is granted in step F, i.e. the vehicle (20) starts. It is also possible to deactivate an immobilizer.
(28) Note that matching authentication signals is to be understood in the sense that the apparatus (10) recognizes, based on the transmitted authentication signals and other factors, that a certain movement and/or inclination is actually present/exists at the authentication element.
(29) In an alternative method, steps A and B are the same as the method described above while the subsequent steps differ.
(30) In this case, step C involves detection of the movement and/or inclination of the sensor element (3) of the authentication element (1) by the signal processing and forwarding device (6) and comparison of this movement and/or inclination with a stored movement and/or inclination, whereby, in the event of a positive comparison, the transmission of authentication signals from the authentication element (1) to the apparatus (10) is initiated.
(31) The stored movement and/or inclination is stored in the signal processing and forwarding device (6) of the authentication element (1), whereby the signal processing and forwarding device (6) compares the detected movement and/or inclination to the stored movement and/or inclination. The comparison is also positive if the detected movement and/or inclination matches the stored movement and/or inclination.
(32) As soon as this condition is fulfilled, signal processing and forwarding device (6) uses a wireless connection of the transponding interface (2) and reading device (13) to transmit authentication signals to the function logic (12a) of the apparatus (10). This allows driving authentication to be granted and the vehicle (20) to be started.
(33) While, in simple terms, it is the apparatus (10) that decides whether driving authentication can be granted in the first outlined procedure, in the second outlined procedure this is determined by or in the authentication element (1). In the second case, driving authentication has already been granted if the authentication signal is received by the apparatus.
(34) Regarding both described procedure variants, the step of transmitting the authentication signals can include encryption and/or compression of the authentication signals. This increases the safety of the transmission.
(35) In other words, the invention can, for example, also be reproduced or briefly summarized in the manner described as follows.
(36) A user is sitting in a caf at some arbitrary distance from their vehicle and their authentication element (1) or keyless entry key is in their jacket pocket or laptop case.
(37) Then, an attack via wireless transmission extension (RSA) is carried out on the emergency start function of the vehicle or the authentication element.
(38) An attacker has gained access to the vehicle already and now wishes to start the vehicle. To do so, they press the start button of the vehicle. Since the vehicle does not detect a valid authentication element in the vehicle, the attacker is given the option to carry out an emergency start, as the battery of the authentication element could be dead.
(39) For this purpose, transponding is initiated by the vehicle, upon which the attacker or even the actual user places their dead authentication element in a specific location in the vehicle or lays it in a special compartment. The authentication element is supplied with power through a transformer coupling, giving the authentication element the ability to calculate a response to the challenge that is received along with the power and to send this response back to the vehicle.
(40) The attacker uses their own apparatus in the vehicle to receive the signals now being generated by the vehicle (primarily the signal known as the challenge). Using an arbitrary communications channel, these signals are transferred to a second attacker located in the vicinity of the original authentication element, i.e. in the caf mentioned previously.
(41) This second attacker has an apparatus on hand that is used to generate signals identical to those sent by the vehicle. The authentication element receives these signals and switches to a transponding/emergency start mode because it cannot recognize whether or not these signals are from an attacker.
(42) If an implementation known from the state of the art were being used, the authentication element would, at this point, answer with the response, which the second attacker could pass on to the attacker in the vehicle in order to reproduce the signals so that the vehicle recognizes a valid authentication element and would then grant driving authentication. This would constitute a successful RSA attack on the emergency start function that bypasses all protection against RSA, which relates to the core function of the hands-free function.
(43) When the inventive method is used, the following happens instead:
(44) The authentication element switches, as previously described, to the transponding/emergency start mode or an immobilization mode and receives the signal called the challenge, which comes from an attacker in this case.
(45) The authentication element sends, along with its response, its position to the vehicle with encryption. The vehicle checks whether the position information of the authentication element matches the geometry or the position of the ignition lock and the physical end position of the ignition switch.
(46) Since the vehicle may be parked on a hill/slope, it is preferable that the inclination of the vehicle against the gravitational axis is taken into account during the check in order to minimize the permitted angle range for the original authentication element.
(47) Even if the original authentication element happens to have the same position (which is itself very unlikely), then a second transponding operation would be carried out by the vehicle at an additional safety level, for example, after the authentication element has been moved back from an end position into the normal driving position during the start process.
(48) As such, the authentication element would have to move by this exact angle offset for the attack to be successful. This, however, requires possession of the authentication element. This ensures that an attack can be successfully averted.
REFERENCE NUMERAL LIST
(49) 1 Authentication element 2 Transponding interface 3 Sensor element 6 Signal processing and forwarding device 10 Apparatus 12 Control system 12a Function logic 13 Reading device 14 Sensor device 20 Vehicle 30 Authentication system