PASSIVE KEYLESS ENTRY SYSTEM FOR PREVENTING RELAY ATTACKS

Abstract

A passive keyless entry (PKE) system is disclosed. The PKE includes an in-vehicle apparatus. The in-vehicle apparatus includes a control unit that is configured to measure magnetic field and compute at least one angle between two projections of the magnetic field. When the measured angle is lower than a threshold value, an authorization signal is prevented.

Claims

1. A passive keyless entry system including an in-vehicle apparatus installable on a vehicle and a portable apparatus, the in-vehicle apparatus including: a plurality of antennas for generating a plurality of respective magnetic fields, an in-vehicle receiver for communicating with a portable transmitter of the portable apparatus, an in-vehicle control unit for controlling the plurality of antennas and for generating an authorization signal based on information received from the portable apparatus, the portable apparatus including: a receiving antenna having three mutually orthogonal coils, a portable transmitter for communicating with the in-vehicle receiver, a portable control unit for controlling the receiving antenna and the portable transmitter, the portable apparatus\being configured for measuring at least two projection vectors\of the magnetic fields\, the in-vehicle control unit\or the portable control unit\being configured for computing at least one computed angle\between two projection vectors\the magnetic fields\, the in-vehicle control unit\or the portable control unit\being configured for comparing the at least one computed angle\with an angular threshold value, the in-vehicle control unit being configured for preventing the authorization signal when all the computed angles are lower than angular threshold value.

2. The passive keyless entry system according to claim 1, wherein the in-vehicle apparatus includes at least three antennas for generating three respective magnetic fields, the in-vehicle control unit or the portable control unit being configured for computing three computed angles, each computed angle being comprised between two different projection vectors of the magnetic fields, the in-vehicle control unit being configured for preventing the authorization signal when all the three computed angles are lower than angular threshold value.

3. The passive keyless entry system according to claim 1, the portable apparatus being configured for sending the at least two projection vectors of the magnetic fields to the in-vehicle control unit, the in-vehicle control unit being configured for computing at least one computed angle between two projection vectors of the magnetic fields, the in-vehicle control unit being configured for comparing the at least one computed angle with an angular threshold value.

4. The passive keyless entry system according to any of the claim 1, wherein the in-vehicle control unit or the portable control unit are configured for computing a first computed angle between two projections of two magnetic fields, the in-vehicle control unit being configured for allowing the authorization signal when the first computed angle is greater or equals the angular threshold value.

5. The passive keyless entry system according to claim 1, wherein the portable apparatus is configured for measuring at least two projection vectors of the magnetic fields after that the in-vehicle control unit has activated the corresponding antennas of the in-vehicle apparatus.

6. The passive keyless entry system according to claim 5, wherein the portable transmitter transmits the projection vectors to the in-vehicle receiver.

7. An identification method for a passive keyless entry system including: a first step of measuring a first projection vector resembling a projection of a first magnetic field, a second step of measuring a second projection vector resembling a projection of a second magnetic field, a third step of computing a first computed angle between the first projection vector and the second projection vector, a fourth step of comparing the first computed angle with a predefined angular threshold value generating an authorization signal if the condition is verified, the method further comprising, only if the condition is not verified: a fifth step of measuring a third projection vector resembling a projection of a third magnetic field, a sixth step of computing a second computed angle between the first and the third projection vectors and a third computed angle between the second and the third projection vectors, a seventh step of comparing the second and third computed angles with the predefined angular threshold value and generating an authorization signal if the condition or the condition is verified or preventing the authorization signal if the condition and condition are both not verified.

8. The identification method according to claim 7, wherein any of the projection vectors resembles a projection of the respective magnetic field vector in the positive octant of an R.sup.3 space, the actual components of the respective magnetic field vector being measured only considering their magnitude without the sign.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0035] FIG. 1 shows a schematic view of a Passive Keyless Entry (PKE) system capable of preventing relay attacks according to the present invention,

[0036] FIG. 2 shows a schematic view of a 3D LF receiving antenna equipping the key of the PKE of FIG. 1;

[0037] FIG. 3 shows a schematic view of the vehicle control system of FIG. 1 and of a Relay Station Attack (RSA) trying to exploit the Passive Keyless Entry (PKE) system of FIG. 1;

[0038] FIG. 4 shows a first schematic representation of two vectors respectively representing two different magnetic fields generated by two respective antennas, which are distanced from one another, and of their respective projections in the first octant of an R.sup.3 space;

[0039] FIG. 5 shows a second schematic representation of other two vectors respectively representing two different magnetic fields generated by two respective antennas, which distanced from one another;

[0040] FIG. 6 shows a block diagram of an authorization method for preventing relay attacks according to the present invention.

DESCRIPTION OF EMBODIMENTS

[0041] FIG. 1 shows a vehicle 10 equipped with a Passive Keyless Entry (PKE) system 100. The PKE system 100 includes an in-vehicle apparatus 110 that is provided in the vehicle 100 and a portable apparatus 140.

[0042] The in-vehicle apparatus 110 includes: [0043] a plurality of antennas 111, 112, 113 for generating a plurality of respective magnetic fields H1, H2, H3, [0044] an in-vehicle receiver for communicating with a portable transmitter of the portable apparatus 140, and [0045] an in-vehicle control unit 115 for controlling the plurality of antennas 111, 112, 113 and which upon communication with the portable apparatus 140 generates an authorization signal, for example opening the doors of the vehicle 10, based on information received from the portable apparatus 140.

[0046] According to different embodiments of the present invention the in-vehicle apparatus 110 may include two, three or more than three antennas.

[0047] The portable apparatus 140 includes: [0048] a 3D LF receiving antenna 141 having three mutually orthogonal coils 141x, 141y and 141z oriented as in a right-handed 3D reference system (X, Y, Z), [0049] a portable transmitter for communicating with the in-vehicle receiver, [0050] a portable control unit 142 for controlling the receiving antenna 141 and the portable transmitter.

[0051] According to embodiments of the present invention, the portable apparatus 140 is shaped as a key.

[0052] The PKE system 100 operates according to the PKE identification method below described and represented in FIG. 6.

[0053] The identification method includes a first step P1 of measuring the magnitude of the vector representing the first magnetic field H1 generated by a first antenna 111 of the in-vehicle apparatus 110. The orientation of the vector representing the magnetic field H1 is not measured. Accordingly, the first projection vector ml which is actually measured resembles a projection of the real magnetic field vector H1 in the positive octant of an R.sup.3 space defined by the coils 141x, 141y and 141z, as represented in FIG. 2. The actual components of the real magnetic field vector H1 in the R.sup.3 space are measured only considering their magnitude, without the sign.

[0054] The first step P1 of measuring the first projection vector ml includes the following sub-steps: [0055] in a first sub-step the in-vehicle control unit 115 activates the first antenna 111 of the in-vehicle apparatus 110, [0056] in a second sub-step the portable apparatus 140 measures the first projection vector ml by means of the receiving antenna 141, [0057] in a third optional sub-step the portable transmitter transmits the measured first projection vector ml to the in-vehicle receiver.

[0058] The identification method includes a subsequent second step P2 of measuring the magnitude of the vector representing the second magnetic field H2 generated by a second antenna 112 of the in-vehicle apparatus 110. The second step P2 is analogous to the first step including the following sub-steps: [0059] in a first sub-step the in-vehicle control unit 115 activates the second antenna 112 of the in-vehicle apparatus 110, [0060] in a second sub-step the portable apparatus 140 measures the second projection vector m2 by means of the receiving antenna 141. The measured second projection vector m2 resembles a projection of the real magnetic field vector H2 in the positive octant of the R.sup.3 space defined by the coils 141x, 141y and 141z, [0061] in a third optional sub-step the portable transmitter transmits the measured second projection vector m2 to the in-vehicle receiver.

[0062] The identification method includes a subsequent third step P3 of computing a first computed angle .sub.m between the measured projection vectors m1 and m2 as per the Formula A:

.sub.m=arccos((m1.Math.m2)/(m1m2))

[0063] Additional computational optimization may be added e.g. by not computing the arccos function and working with cos values (cos =(m1.Math.m2)/(m1m2) instead of angles.

[0064] According to a possible embodiment of the present invention the third step P3 of computing the angle .sub.m is performed in the in-vehicle control unit. According to a possible embodiment of the present invention the third step P3 of computing the angle .sub.m is performed in the portable control unit 142. In the latter embodiment the third sub-steps of the first and second step P1, P2 of the method are not required.

[0065] The identification method includes a subsequent fourth step P4 where the first computed angle between the measured vectors m1 and m2 is compared with a predefined angular threshold value .sub.t. A very small angle .sub.t will be defined as a convenient threshold to be compared to the measured angle . If .sub.t.sub.m, then the angle between the real magnetic field vector H1 and H2 is greater than .sub.t. It can be actually demonstrated that, as represented in FIG. 4, the following formula B is verified:

.sub.m

[0066] Therefore, if the condition .sub.t.sub.m is verified no unidimensional RSA (Relay Station Attack) is detected and the in-vehicle control unit 115 generates the authorization signal, which, for example, authorizes access to the vehicle 10. Consequently the authorization method is ended.

[0067] According to possible embodiments of the present invention the fourth step P4 may be performed the in-vehicle control unit or in the portable control unit 142. In the latter case the fourth step P4 includes a sub-step of transmitting the result of the comparison of the fourth step P4 to the in-vehicle receiver, in order that the in-vehicle control unit 115 can generate the authorization signal, if the condition .sub.t.sub.m is verified.

[0068] Otherwise, if the condition .sub.t.sub.m is not verified it may nevertheless be that .sub.t, as represented in FIG. 5, where to angle a much bigger than the threshold value .sub.t corresponds a very small value of the first computed angle .sub.m. To verify the occurrence of such false positive (i.e. the PKE system deciding that there is an attack occurring when there is none, preventing the vehicle owner to open it) the identification method continues with a subsequent fifth step P5 of measuring the magnitude of the vector representing the third magnetic field H3 generated by a third antenna 113 of the in-vehicle apparatus 110.

[0069] The fifth step P5 is analogous to the first and the second steps including the following sub-steps: [0070] in a first sub-step the in-vehicle control unit 115 activates the second antenna 113 of the in-vehicle apparatus 110, [0071] in a second sub-step the portable apparatus 140 measures the third projection vector m3 by means of the receiving antenna 141. The measured third projection vector m3 resembles a projection of the real magnetic field vector H3 in the positive octant of the R.sup.3 space defined by the coils 141x, 141y and 141z, [0072] in a third optional sub-step the portable transmitter transmits the measured third projection vector m3 to the in-vehicle receiver.

[0073] The identification method includes a subsequent sixth step P6 of computing a second computed angle .sub.m13 between the first and third projection vectors m1 and m3 and a third computed angle .sub.m23 between the second and third projection vectors m2 and m3. Both second and third computed angles .sub.m13 and .sub.m23 are computed as per the Formula A.

[0074] Similarly to the third step P3, also the sixth step P6 may be performed in the in-vehicle control unit or in the portable control unit 142. In the latter case the third sub-step of the fifth step P5 of the method is not required.

[0075] The identification method includes a subsequent seventh step P7 where the second and third computed angles .sub.m13 and .sub.m23 between the couple of measured projection vectors m1, m3 and m2, m3 are both compared with the predefined angular threshold value .sub.t. If the condition .sub.t.sub.m13 or the condition .sub.t.sub.m23 is verified no unidimensional RSA (Relay Station Attack) is detected and the in-vehicle control unit 115 generates the authorization signal, which, for example, authorizes access to the vehicle 10. Consequently the authorization method is ended.

[0076] Otherwise, it is supposed that the measured projection vectors m1, m3 and m2, m3 and the corresponding vectors of the magnetic field H1, H2, H3 are parallel or almost parallel to each other and therefore a unidimensional RSA (Relay Station Attack) is detected and the in-vehicle control unit 115 denies authorization to access the vehicle 10.

[0077] Similarly to the third step P4, also the seventh step P7 may be performed in the in-vehicle control unit or in the portable control unit 142. In the latter case the seventh step P7 includes a sub-step of transmitting the result of the comparison of the seventh step P7 to the in-vehicle receiver, in order that the in-vehicle control unit 115 can generate or prevent the authorization signal, depending on the result of the comparison performed in the above described seventh step P7.

[0078] The in-vehicle control unit 115 prevents the authorization signal, for example denying authorization to access the vehicle 10, when all the computed angles .sub.m, .sub.m13, .sub.m23 are lower than angular threshold value .sub.t.

[0079] Such situation occurs when a unidimensional RSA 150 is present as represented in FIG. 3.

[0080] The RSA is composed of two nodes 151, 152: a receiving node 151 including only one antenna that simply reads the radio signal from the antennas 111, 112, 113 and communicates it to the transmitting node 152 also including only one antenna, which transmits the signal as-is the portable apparatus 140. The transmission content is not sniffed, modified nor forged. The result is an extension of the range of the radio signal between the two devices in one direction. Being the RSA 150 unidimensional, no matter what the original magnetic fields generated by the antennas 111, 112, 113 look like (length, direction and sense of the field vector in the measured point) on the receiving node 151, the transmitting node 152 will always create a field with the same shape (direction and sense of the field vector), variable only in the field strength (length of the field vector). Therefore the measured vectors m1, m3 and m2, m3 will be parallel and the conditions .sub.t.sub.m, .sub.t.sub.m13 and .sub.t.sub.m23 will be never satisfied.

REFERENCE NUMERALS

[0081] 10: vehicle, [0082] 100: Passive Keyless Entry (PKE) system [0083] 110: in-vehicle apparatus a portable apparatus [0084] 111, 112, 113: antennas [0085] 115: in-vehicle control unit [0086] H1, H2, H3: magnetic fields generated by the antennas 111, 112, 113 [0087] m1, m2, m3: measured projection vectors corresponding to the magnetic fields H1, H2, H3 [0088] 140: portable apparatus [0089] 141: receiving antenna [0090] 141x, 141y, 141z: coils of the receiving antenna [0091] 142: portable control unit [0092] 150: RSA (Relay Station Attack) [0093] 151: receiving node of the RSA (Relay Station Attack) [0094] 152: transmitting node of the RSA (Relay Station Attack) [0095] M1, M2, M3, M4, M5, M6, M7: steps of the identification method [0096] .sub.m, .sub.m13, .sub.m23: computed angle between projection vectors m1, m2, m3

PASSIVE KEYLESS ENTRY SYSTEM FOR PREVENTING RELAY ATTACKS

Inventors

Cpc classification

Classification Explorer

G07C9/00309

PHYSICS

Classification Explorer

G07C9/00658

PHYSICS

Classification Explorer

B60R25/246

PERFORMING OPERATIONS; TRANSPORTING

Classification Explorer

G07C2009/00555

PHYSICS

Classification Explorer

G07C2009/00769

PHYSICS

Classification Explorer

G07C2009/00396

PHYSICS

Classification Explorer

B60R25/24

PERFORMING OPERATIONS; TRANSPORTING

Classification Explorer

B60R25/245

PERFORMING OPERATIONS; TRANSPORTING

Classification Explorer

G07C2209/63

PHYSICS

International classification

Classification Explorer

G07C9/00

PHYSICS

Classification Explorer

B60R25/24

PERFORMING OPERATIONS; TRANSPORTING

Abstract

Claims

Description