Method and device for issuing an access authorization

Abstract

Presented are methods and devices for issuing an authorization for access to a secured area, particularly a building, a room, a vehicle, a computer system or the like, or for starting a machine, a vehicle, a computer or the like, having a monitoring unit comprising a transmitter, a receiver, and an evaluation device, and having a key, a key card or similar, referred to as a key in short below, having a transmitter, a receiver and an electronic device. A permissible position and/or a permissible distance between the transmitter of the monitoring unit and a permissible key is determined prior to issuing an authorization, wherein the transmitter of the monitoring unit transmits signals and the key transmits response signals back to the monitoring unit. The permissible position and/or the permissible distance of the key are determined from the signals received by the key, wherein a signal strength of said signals is evaluated in various directions and/or angles.

Claims

1. An access authorization system comprising: a monitoring unit comprising: a first transmitter to transmit a first signal at a first frequency, and a first receiver to receive a response signal; and a key comprising: a second transmitter to transmit the response signal to the monitoring unit at a second frequency, a second receiver to receive the first signal, and an electronic device configured to determine a signal strength of the first signal in at least one direction; and at least one of an acceleration sensor, a rotation sensor, and a gravity sensor configured to measure a gravity vector associated with an expected motion of one of the monitoring unit and the key, the gravity vector being used to correct the signal strength; an evaluation device configured to perform a fingerprinting procedure to validate the key, the fingerprinting procedure comprises determining at least one of a distance and a relative position between the key and the monitoring unit based on the response signal.

2. The access authorization system according to claim 1, wherein the one of the first and second receiver comprises a plurality of coils.

3. The access authorization system according to claim 2, further comprising a circuit that is configured to determine a direction of permeation of a magnetic field between at least two of the plurality of coils.

4. The access authorization system according to claim 3, wherein the circuit is further configured to determine a polarization of a transmitted signal.

5. The access authorization system according to claim 3, wherein the circuit is coupled to the second receiver.

6. The access authorization system according to claim 1, further comprising a database to store calibrated data for at least one of the distance and the relative position.

7. The access authorization system according to claim 1, wherein the monitoring unit comprises a current measuring circuit that measures one or more currents.

8. The access authorization system according to claim 1, wherein the evaluation device compares a strength of the first signal with the calibrated measured current to adjust the response signal prior to performing the fingerprinting procedure.

9. A method for accessing an authorization system, the method comprising: transmitting via a first transmitter first signal at a first frequency from a monitoring unit to a first receiver that is designed to receive a response signal; transmitting via a second transmitter the response signal to the monitoring unit at a second frequency; determining a signal strength of the first signal in at least one direction; measuring a gravity vector associated with an expected motion of one of the first and the second transmitter, the gravity vector being used to correct the signal strength; and performing a fingerprinting procedure to validate a key via an electronic device, the fingerprinting procedure comprising determining at least one of a distance and a relative position between the key and the monitoring unit based on the response signal.

10. The method according to claim 9, further comprising determining a direction of permeation of a magnetic field between at least two coils.

11. The method according to the claim 9, wherein the signal strengths of the first signal are evaluated at least by an absolute value of a magnetic field strength vector in a horizontal plane.

12. The method according to the claim 9, wherein the signal strengths of the first signal are evaluated relatively to each other in one or more directions and angles.

13. The method according to claim 9, wherein the fingerprinting procedure comprises, prior to granting access, comparing the signal strength to an expected signal strength in a permitted access area to determine a validity of the relative position.

14. The method according to claim 9, wherein determining signal strengths of the first signal comprises determining a magnetic field strength vector based on a penetration direction through one or more coils.

15. The method according to claim 9, further comprising evaluating a polarization of one of the first signals and the response signal.

16. The method according to the claim 9, wherein an expected field strength is determined from a calibration measurement.

17. The method according to the claim 9, further comprising determining the one or more currents and comparing one or more currents to one or more calibrated currents.

18. The method according to the claim 9, further comprising detecting at least two of subdivided access areas as part of the fingerprinting procedure prior to validating the key.

19. The method according to the claim 9, further comprising using a tracking procedure that tracks the key within a predetermined area of the monitoring unit and calculates a probability to evaluate a validity of a position of the key.

Description

(1) Further advantages of the invention are described in the following implementation examples. Shown are:

(2) FIG. 1 Principle drawing of a passive keyless entry system;

(3) FIG. 2 Fingerprinting concept for multiple transmitter antennas;

(4) FIG. 3 Example for calibration measurements;

(5) FIG. 4 Correction of the coordinate system with gravitation vector, H coordinates system of the calibration measurements, H coordinates of the key;

(6) FIG. 5 Coordinates transform for angle ;

(7) FIG. 6 LF fingerprinting packet;

(8) FIG. 7 Flow chart of tracking algorithm; and

(9) FIG. 8 Principle of tracking.

(10) FIG. 2 discloses one of several possible disclosed embodiments of a concept of LF RSS Fingerprinting using magnetic field components H.sub.x, H.sub.y, and H.sub.z. The reader transmits a continuous wave (CW) signal via the low frequency (LF) link to the key. Also other signal designs are possible, it is only necessary that the key can measure the received signal strength of the received LF signal. Generally it is also possible that the signal is a radio frequency (RF) signal. The current in the transmission needs to be known and is measured during the transmission. The current can be also measured before or behind the transmission. If it is ensured that the current is the same as it was during calibration measurement, the current does not have to be measured.

(11) The key measures the magnetic field components H.sub.x, H.sub.y, and H.sub.z. In a preferred embodiment of the disclosure, the gravitation vector g.sub.k is measured by a 3D accelerometer. Then the key transmits the measured parameters back to the car via the RF link. Also a LF link is possible. If several antennas are used, the control unit switches to the next antenna (or polarization) and the procedure is repeated until all relevant antennas or polarizations have been measured. A packet design where these steps could be done within one packet is shown in FIG. 8. Meanwhile the control unit, respectively a reader of the control unit measures also its gravitation vector g.sub.conly necessary if the reader can moveand the measured field vectors get tilted by the vectors g.sub.k and g.sub.c. By doing this the measurement vectors and the calibration vectors are in the same plane.

(12) The calibration measurements have been measured with a specific current, which is not necessarily the same as in the real application. In this case, the current needs to be measured and the calibration measurements are corrected to the transmit current. After that a finger printing algorithm based on the field strengths estimates the probabilities for a valid position in the entry zone. If the probability is above a specific value the car accepts the signal as a valid response.

(13) Thus an attacker needs to ensure that the key receives exactly the same power vector as the key would receive in the real location. This is a difficult task because very careful positioning of the attacker to the key is necessary. Due to the gravitation vector the key knows its orientation to the horizontal plane, which the attacker does most probably not known. Even if the attacker sees the key, it is difficult to create the exact power levels in the key and find an appropriate orientation to the key.

(14) FIG. 3 shows an example for calibration measurements. The finger printing algorithm needs a calibration for the received field strengths in the entry zone in front of the reader. Therefore the received field strengths H.sub.x, H.sub.y, and H.sub.z in x, y, and z direction needs to be measured by a calibrated key for each predetermined location in the entry zone. The output power of all LF TX antennas needs to be calibrated. These field strengths H.sub.x, H.sub.y, and H.sub.z are the values which are expected when later the key is at the same position resp. calibration point in front of the reader.

(15) The outcome of the calibration are the mean field strengths per position in x, y, and z directions H=[H.sub.x, H.sub.y, H.sub.z]. Usually also the variances of the measurements are taken for the fingerprinting .sub.x.sup.2, .sub.y.sup.2, .sub.z.sup.2. These values are typically stored within a lookup table.

(16) The probability P for the finger printing algorithm for location k and works according to an algorithm using the Gaussian probability density function (PDF), the field strength vector H(k, ) as the calibrated values at location k with the angle , and the measured field strengths H. A transmission from more than one antenna or polarization leads to improved security. Thus the equation can be rewritten for the total probability over all relevant antennas by

(17) $P_{\mathrm{total}}\left(k,\right)=\underset{i=1}{\overset{M}{.Math.}}{P}_{k,,i}\left(H_x,H_y,H_z|\stackrel{\_}{H}\left(k,\right)\right)$
where M is the number of relevant antennas and is the acceptance probability (threshold). If one probability of an allowed location in the entry zone is higher than the threshold, access is guaranteed.

(18) FIG. 4 shows the correction of the coordinate system with the gravitation vector. H is the coordinates system of the calibration measurements, H is the coordinates system of the key or the car resp. control unit. If a gravitation vector for correction of the key or the car resp. control unit coordinate system is used, the measurement vector H may be corrected by the gravitation vector g, that the coordinate system of the key matches the plane of the calibration measurements H (see FIG. 4). The gravitation vector is measured for example by a 3D accelerometer. Therefore the coordinate system is tilted to =180 for g or in other words the correction for =0 between Hz and Hz.

(19) The handling of the unknown vector is required for the usage of more than one antenna. FIG. 5 shows coordinates transform for angle .

(20) The coordinate transform can be applied to the calibration measurements or to the measured vector.

(21) Alternatively a RSS Fingerprinting Method using the absolute value of the horizontal plane H.sub.r(k)={square root over (H.sub.x.sup.2(k)+H.sub.y.sup.2(k))}. and H.sub.z is disclosed in the following. This method shows less complexity than the fingerprinting method using H.sub.x, H.sub.y, and H.sub.z, but losses the information regarding in the horizontal plane. A possibility to send only one fingerprinting packet with continuous wave signals from different antennas is shown in FIG. 6. First a preamble is transmitted including the synchronization part. Next some optional data can be transmitted. Both blocks are transmitted e.g. from the closest antenna, which has the strongest signal. In the next blocks continuous wave signals are transmitted from different antennas. During these blocks the key measures the received signal strength for the finger printing.

(22) The sensitivity can be increased with tracking algorithms. In contrast to a common tracking algorithm that wants to track the most probable location, we want to ensure that the device was on valid positions within a specific radius to the reader. That prevents the trying of different angles of an attacker to find a valid one to open the car. This means for each test the attacker needs to follow a path to the reader. This costs a lot of time and increases the risk for the attacks significantly. This Tracking of the key is shown in the flow chart of tracking algorithm according to FIG. 7.

(23) First the reader is in an LF polling mode, where the reader sends a wake up signal continuously. Then the reader waits for a specific time or until the key answers via an RF link. If a key is detected the car starts the signaling for the localization/fingerprinting.

(24) The car transmits a fingerprinting packet (see e.g. FIG. 6) or a continuous wave signal via the low frequency (LF) link to the key. The current in the transmission needs to be known and is according to this embodiment measured during the transmission. The current can be also measured before or behind the transmission. The key measures the magnetic field components H.sub.x, H.sub.y, and H.sub.z for all relevant antennas.

(25) The gravitation vector g is measured by a 3D accelerometer. Then the key transmits the measured parameters back to the reader via the RF link. The reader measures also its gravitation vector g.sub.c and the measured field vectors get tilted according to it and the key gravitation vector g.sub.k. This is done that the measurement vectors and the calibration vectors are in the same plane. The calibration measurements have been measured with a specific current, which is not necessarily the same as in the real application. Thus, the current is measured and the calibration measurements are corrected to the current situation.

(26) The entry zone is divided into sub-zones (see FIG. 8) with a distance between 2 (d2) and 3 meters (d3), between 1 (d1) and 2 meters (d2) and a zone between 0 and 1 meter (d1).

(27) After that a finger printing algorithm looks for the most probable location. If the most probable location is smaller than distance d3 and greater than d2 and its probability is above a specific threshold register 3 (REG3) is set. Next the door handle gets checked; if it is not pulled then the fingerprinting procedure is repeated. The repetition is also aborted if a not valid position is detected. This ensures that in the entry zone only valid positions are detected. If a reset is activated REG1 to REG3 is set to 0. If the door handle is now pulled it is checked if all registers are activated. This ensures that the person was on valid positions in all sub zones of the entry zone.

(28) $\mathrm{Open}=\{\begin{array}{cc}1& \mathrm{if}\mathrm{all}{P}_{\mathrm{total}}\left(n\right)\\ 0& \mathrm{else}\end{array}$

(29) Another type of implementation is that not only the most possible location activates the registers of the sub zones, but also each location above the acceptance value. A reset is activated if no location in the entry zone is likely enough.

(30) It is also disclosed a principle of tracking with an advanced movement analysis. During the tracking additional the g-vector is analyzed. It is verified if the movement is observed in the accelerationthat means if the key moves, the acceleration will change. If the position varies significantly and nothing changes in the acceleration vector, then there is something wrong and the request is rejected. Thus, it is not possible to open the car during tracking if the key is on a fixed position, e.g. in a bag in a chair or in a jacket in a wardrobe.

(31) Keywords of the disclosure are as follows:

(32) A method for access control to a building, a vehicle, a secure area, a computer system, or similar at which the proximity of the key for the access is verified by a finger printing algorithm based on the field strengths of low frequency radio signals in different directions and/or angles using one or more transmit antennas.

(33) A method for access control for the starting and control of a machine (e.g. vehicle, computer), at which the proximity for the access is verified by a finger printing algorithm based on the field strengths of low frequency radio signals in different directions and/or angles using one or more transmit antennas.

(34) Additional to the field vectors also the gravity vector may be taken into account to obtain the orientation of the reader and/or the key to relate the measured field strengths to the calibration measurements using coordinate system transformations.

(35) The position of the key is tracked within an entry/access zone, and access is only guaranteed if all positions are above a specific probability threshold.

(36) The proximity is tracked within an entry/access zone, and access is only guaranteed if the key/tag has successfully passed all predefined subzones.

(37) The proximity is tracked within an entry/access zone, and access is only guaranteed if all positions are above a specific probability threshold.

(38) The proximity is tracked within an entry/access zone, and access is only guaranteed if the key/tag has successfully passed all predefined subzones.

(39) The gravity vector is analyzed for movement of the mobile device and access is only guaranteed if the movement and the acceleration are matching.

(40) A method for issuing an authorization for access to a secured area, particularly in a building, a room, a vehicle, a computer system, or the like, or for starting a machine, a vehicle, a computer, or the like, by means of a monitoring unit comprising a transmitter, receiver, and evaluation system, and a key comprising a transmitter, receiver, and electronic device.

(41) For an authorization to be issued, a permissible position and/or a permissible distance from the transmitter of the monitoring unit to a permissible key is captured.

(42) The transmitter of the monitoring unit transmits signals and the key transmits response signals back to the monitoring unit.

(43) The permissible position and/or permissible distance of the key are determined from the signals of the transmitter received by the key.

(44) A signal strength of said signals is evaluated in various directions and/or angles.

(45) The signal strength of the transmitter signals received by the key is evaluated absolutely or relatively to each other in various directions and/or angles.

(46) The transmitters of the monitoring unit and of the key transmit in the LF range and/or in the RF range, wherein preferably the transmitter of the monitoring unit transmits in the LF range and the transmitter of the key transmits in the RF range.

(47) The permissible position and/or the distance from the area to be secured is determined by means of a plurality of transmitters of the monitoring unit.

(48) The signals received by the key are analyzed with respect to their vectors of the magnetic field strength.

(49) The analysis is done by means of a fingerprinting algorithm comparing the received signal strengths to the expected signal strengths in the permitted access area and allowing access if the probability of a valid position is above a certain threshold value.

(50) The distances and/or the permitted access areas are subdivided into a plurality of sub-areas, of which at least two, preferably all, must be detected for an authorization in the distance measurement/position detection during a periodic check.

(51) The received field strengths to be expected are determined by means of calibration measurements.

(52) The transmitted signals are calibrated at the start of commissioning and/or at predetermined intervals.

(53) The current strength of the transmitted signals of the monitoring unit is captured and compared with the current strength of the calibrated values for correcting the received transmitted signals.

(54) In addition to the vectors of the signal strengths, a gravitation vector of the monitoring unit and/or the key is evaluated for the authorization.

(55) A plurality of distance measurements and/or position queries of the transmitter(s) are performed before the authorization is issued.

(56) Based on the signal strength analysis, a tracking algorithm is used that performs tracking of the key within a particular distance and/or a particular environment of the access system, and access is authorized at a previously determined position/area or by means of an interrupt, e.g. the actuation of a door handle, if the estimated current position from the tracking algorithm matches a valid position or is at least sufficiently probable, and/or a realistic trajectory for opening the secured area can be established.

(57) An analysis of the gravitation vector reflects the expected motion of the monitoring unit and/or of the key.

(58) In addition to the distance and/or position measurement, a contact location of the monitoring unit, particularly a handle or a button, must be contacted within a specified period of time.

(59) The authorization is issued only if at least a plurality, preferably all of the transmitted signals and checks are detected as correct or at least within a specified tolerance range.

(60) The electronic device of the key determines and analyzes the vectors of the signals of the transmitter received by the key.

(61) A query takes place between the monitoring unit and the electronic device of the key in order to check the permissibility of the key.

(62) A device for issuing an authorization for access to a secured area, particularly in a building, a room, a vehicle, a computer system, or the like, or for starting a machine, a vehicle, a computer, or the like, having a monitoring unit comprising a transmitter, receiver, and evaluation device, and having a key comprising a transmitter, receiver, and electronic device, wherein a permissible distance between the transmitter of the monitoring unit and a permissible key is captured for issuing an authorization, wherein the transmitter of the monitoring unit transmits signals and the key transmits response signals back to the monitoring unit.

(63) In order to determine the permissible position and/or the permissible distance of the key from the transmitter of the monitoring unit, the key comprises a device for capturing vectors of the signal strengths of the signals of the transmitter received by the key in various directions and/or at various angles.

(64) The monitoring unit and/or the key comprise a particularly three-dimensional acceleration sensor.

(65) A device can be provided for calculating a fingerprinting algorithm.

(66) The transmitters of the monitoring unit and of the key comprise devices for transmitting in the LF range and/or the RF range.

(67) A database is provided for storing the calibrated/expected data in each of the valid positions and/or valid distances.

(68) The monitoring unit comprises a contact point, particularly a handle or a button.

(69) The monitoring unit comprises a current measuring device for measuring the current of the transmitted signal.

(70) The monitoring unit and/or the key comprise a device for detecting the permissibility of the key.

(71) The monitoring unit is suitable for use in a device according to the preceding features.

(72) The key is suitable for use in a device according to the preceding features.

(73) The present disclosure is not restricted to the illustrated and described embodiments. Equivalent amendments and combinations of features of the disclosure are possible even when they are shown or described in different embodiments.