US20070174611A1

Movatterモバイル変換

Info

Publication number: US20070174611A1
Application number: US11/275,930
Authority: US
Inventors: Volker Urban; Thomas Gyger
Original assignee: Sokymat Automotive GmbH
Current assignee: Smartrac Specialty GmbH
Priority date: 2005-02-04
Filing date: 2006-02-06
Publication date: 2007-07-26
Also published as: US7734046B2; US20070174612A1; EP1688888A1

Abstract

The method enables authentication data to be communicated and checked between a transponder device (1) and a reader unit (2) of a vehicle in order to authorise access to the vehicle. The device includes a logic circuit (11), a non-volatile memory (13), an encryption and/or decryption circuit (12) and a first transmission and reception module (14, 16) of data signals (S_D). The reader unit includes a microprocessor unit (21), a memory (22), a random number generator (24) and a second module (23, 25) for transmitting and receiving data signals (S_D). A random number (RN1) generated in the reader unit is transmitted with a first encrypted function obtained using the random number and a secret key. The transponder device receives the random number and the first encrypted function. A new first encrypted function is calculated in the transponder device using a secret key identical to the secret key of the reader unit. This new first function is compared with the first received encrypted function. A second encrypted function is also calculated in the transponder device in order to be transmitted to the reader unit solely if the new first encrypted function is equal to the first received encrypted function. The validity of the second encrypted function is checked in the reader unit in order to authorize access to the vehicle. The number of bits of the random number, of the first and second encrypted functions can be configured in the transponder device and/or in the reader unit with a determined length.

Description

This application claims priority from European Patent Application No. 05100803.5 filed Feb. 4, 2005, the entire disclosure of which is incorporated herein by reference.
The invention concerns a method for communicating and checking wireless authentication data between a transponder device and a reader unit preferably placed in a vehicle. The transponder device includes in particular a logic circuit, a memory, a module for transmitting and receiving data signals and an encryption and/or decryption circuit, whereas the reader unit includes a microprocessor unit, a memory, a random number generator and a module for transmitting and receiving data signals. Thus, authentication data can be exchanged between the personalised transponder device and the corresponding reader unit in order to authorise access to the vehicle.
After having carried out all the necessary authentication or identification operations, the transponder device is able to control certain functions of the vehicle. These functions can be, for example, controlling the locking or unlocking of the vehicle's doors and/or windows, starting the vehicle, a vehicle immobilising function, or other commands.
Wireless data transmission or communication via electromagnetic signals between a transponder device and a reader unit placed in a vehicle is well known. The signals may be low frequency or radio-frequency signals.
Usually in a simple authentication mode between a transponder and a reader, the reader first transmits to the transponder, once the latter has been activated, an interrogation signal which can comprise data relating to a random number with m bits, for example 56 bits, followed by encrypted data with n bits, for example 28 bits. The transponder receives and demodulates the data signal. The transponder can decrypt encrypted data to be checked and perform a continuous encryption operation to obtain other encrypted data on the basis of a secret key and the received random number. After verifying the received encrypted data, the transponder transmits the other encrypted data to the reader so that they can be checked in the reader. Once all the verifications have been successfully carried out, the transponder can control different functions of the vehicle.
The number of transmitted random number bits and the number of encrypted data bits are usually set for communicating and checking authentication data. A period of time is more or less determined for this authentication procedure, which may also be a function of the distance separating the two units.
Normally, in order to be able to exchange authentication data with the vehicle reader unit, the transponder device must not be too far from the vehicle. Generally, the exchanged signal carrier frequency is a low frequency for example close to 125 kHz. For this reason, the transponder device must not be further than 2 to 3 m from the vehicle in order to execute one or several commands after authentication.
Several of the encryption algorithms usually used have the drawback of being relatively complex to implement in the reader unit and mainly in the transponder device, which is generally of the passive type. The authentication method checking period is therefore relatively long.
It is a main object of the present invention to provide a wireless authentication data communication and checking method between a transponder device and a reader unit by using a simplified and easy to configure encryption and/or decryption and transmission method.
The present invention therefore concerns a method for communicating and checking wireless authentication data according to the features ofindependent claims1 and8.
Advantageous features of the invention are defined independent claims2 to7.
One advantage of the authentication data communication and checking method is that the transponder device and the reader unit can be configured so that the length of the authentication data to be transmitted can be adapted. Data length is defined by a determined number of bits. A determined number of bits can be defined for the transmission of one or several random numbers, and an equivalent or different number of bits for the transmission of encryption functions based on the generated random number(s).
The objects, advantages and features of the authentication data communication and checking method between a transponder and a vehicle reader unit will appear more clearly in the following description of non-limiting embodiments of the invention in conjunction with the drawings, in which:
FIG. 1 shows, in a simplified manner, electronic components of a portable transponder device and of a reader unit for authentication operations for implementing the method according to the invention,
FIG. 2 shows, in a simplified manner, data exchanged between the transponder device and the reader unit in a simple authentication mode of the method according to the invention,
FIG. 3 shows, in a simplified manner, authentication steps in the transponder according to a simple authentication mode of the method according to the invention,
FIG. 4 shows, in a simplified manner, a portion of a logic circuit and an encryption circuit of the transponder in a simple authentication mode for implementing the method according to the invention,
FIG. 5 shows, in a simplified manner, data exchanged between the transponder device and the reader unit in a mutual authentication mode of the method according to the invention,
FIG. 6 shows, in a simplified manner, authentication steps in the transponder according to a mutual authentication mode of the method according to the invention, and
FIG. 7 shows, in a simplified manner, a portion of a logic circuit and an encryption circuit of the transponder in a mutual authentication mode for implementing the method according to the invention.
The following description relates to a wireless method for communicating and checking authentication data between a transponder device and a reader unit placed in a vehicle for authorising access to the vehicle after checking. It is to be noted that those electronic components of the portable transponder device and the reader unit for implementing the method, which are well known to those skilled in the art in this technical field, will not be explained in detail.
The access authorisation concerns locking or unlocking the doors or windows of the vehicle, control of the headlights, starting the vehicle, control of an alarm or vehicle immobiliser, control of the horn, reading various vehicle parameters or other commands or functions. The signals are preferably low-frequency signals (125 kHz) for short-range communication, for example in an area of 2 to 3 m between the transponder device and the reader unit. In this case, the transponder can be of the passive type, i.e. it can be electrically powered by signals transmitted by the reader unit.
Of course, one could also envisage using short-range radio-frequency signals (434 MHz) to establish this communication. However, increased electric power consumption is observed with such signals, which would necessitate the use of an active type of transponder.
FIG. 1 shows, in a simplified manner, atransponder device1 able to establish communication with areader unit2 for implementing the method according to the invention when the device is in a determined area around the reader unit. For this purpose, theportable transponder device1 can be a badge, a ring, a wristwatch, a belt, a portable phone or any other easily transportable small object.
Theportable transponder device1 essentially includes alogic circuit11, which defines a state machine or a hard-wired logic, for managing the various operations carried out in the transponder. Thetransponder device1 further includes, linked to thelogic circuit11, an encryption and/ordecryption circuit12, anon-volatile memory13 for example of the EEPROM type, a transmission andreception module14 for data signals SD which are transmitted and received by anantenna16 connected to saidmodule14, and a randomnumber RN2 generator15. Data signals can include coded and public data. In a simple authentication mode of the device and the reader unit for the method according to the invention, therandom number generator15 oftransponder device1 can be omitted, as shown in dotted lines inFIG. 1.
The encryption and/ordecryption circuit12, which will be explained in more detail in particular with reference toFIGS. 4 and 7, is preferably configured as an encryption circuit bylogic circuit11 and parameters stored in theEEPROM memory13. This configured encryption circuit enables a random number to be encrypted in blocks via a secret encryption key stored in thememory13 in order to obtain an encrypted function on the basis of the random number. Each bloc to be encrypted inencryption circuit12 represents a determined number of the random number bits. The encryption algorithm can for example be of the DES type, which is well known in this technical field.
Thereader unit2 mainly includes amicroprocessor unit21 for software processing of all the operations carried out in the reader unit. Thereader unit2 further includes, linked to themicroprocessor unit21, a data and/orparameter memory22, a randomnumber RN1 generator24, and a transmission andreception module23 for data signals SD which are transmitted and received by anantenna25 connected to saidmodule23. Data signals SD, which comprise data modulated on a carrier frequency, are demodulated inmodule23 so thatmicroprocessor unit21 can process the demodulated data in a known manner.
EEPROM memory13 oftransponder device1 can store one or several random numbers, for example of 128 bits each, one or several secret encryption keys, various configuration parameters, and other data in certain memory positions. The configuration parameters, which can be introduced either at the end of the transponder device manufacturing steps, or during use of the transponder device, concern, for example, the configuration of thelogic circuit11 so as to determine the length of authentication data to be exchanged with the reader unit.
This data length is defined as a determined number of bits to be transmitted, which may be transmission of a generated random number or a calculated function relating to the generated random number. This number of bits is preferably a multiple of 8. In this way,transponder device1 can be configured for transmitting a data length of 32 bits, 64 bits, 96 bits or 128 bits, which constitutes a main characteristic of the method according to the invention, as explained in the following description.
Of course the length of each data packet to be exchanged can be chosen to be greater than 128 bits if the transponder is capable of processing binary words greater than 128 bits, for example 196 or 256 bits.
When the personalisedtransponder device1, and thecorresponding reader unit2 are configured to exchange data packets whose length is equal to 32 bits, it is possible to speed up the authentication procedure to authorise access to the vehicle more quickly after checking. However, with this data packet length, the security level is lower than with a larger number of bits, but it may nevertheless be deemed sufficient.
The authentication data signals, which are exchanged between the personalised transponder device and the corresponding reader unit, are explained hereafter with reference toFIG. 2. The vehicle access authorisation check by the transponder device can be carried out by a simple authentication method.
Oncetransponder device1 has been activated, i.e. switched on based on interrogation signals previously received fromreader unit2, the reader unit generates a random number RN1 and calculates a first encrypted function F(RN1) using a secret key and the generated random number RN1. Thereader unit2 transmits the random number RN1 followed by the first encrypted function F(RN1) to thetransponder device1.
Transponder device1 demodulates the signal received from the reader unit in its transmission and reception module to remove the received random number and the first received encrypted function. Upon reception of the random number and the first encrypted function, or after validating the first function, the transponder device can transmit a signal ACK validating data reception to the reader unit. However, this step is not always necessary, which is why it is shown in dotted lines inFIG. 2.
After checking the validity of the received encrypted function F(RN1) with the random number RN1, the transponder device calculates a second encrypted function G(RN1) using a secret key equivalent to the reader unit, and the received random number. The reader unit receives and demodulates the coded signal received from the transponder device in order to check the validity of the second encrypted function G(RN1) using the secret key and the generated random number RN1.
In order to better understand the various operations of the authentication method carried out intransponder device1, reference with be made hereafter toFIG. 3.
As explained above, the transponder device is firstly activated atstep30 before receiving first of all the random number RN1 provided by the reader unit atstep31. This random number is placed in an input register of the transponder device. Atstep32 the transponder device receives the first encrypted function F(RN1) which it places in another register.
The transponder device has to be able to recalculate the first encrypted function using a secret key equivalent to the secret key of the reader unit and the received random number. In order to do so, atstep33, the random number RN1 of said input register is sent to an encryption unit of the encryption circuit. This encryption unit receives also the secret key in order to encrypt, in blocks of bits, the binary word from the register, which is formed of the random number of configured dimension and filler bits from the EEPROM memory to completely fill the input register of defined dimension.
The first function F′ (RN1) recalculated by the encryption unit is compared, atstep34, to the first received encrypted function F(RN1). If the first two functions are equal, the device can then transmit a correct reception confirmation ACK to the reader unit atstep35. However, if the first two functions do not match, the device can transmit an incorrect reception statement NACK to the reader unit atstep37. However, steps35 and37 are not strictly necessary, so they are each shown outlined in dotted lines.
In addition to the first function F′ (RN1) recalculated atstep33, a second encrypted function can be also calculated in the transponder device encryption unit. This second encrypted function is momentarily placed in a register before being transmitted to the reader unit, atstep36, but only if the first encrypted functions are equal. After transmission of the second encrypted function G(RN1) atstep36, the authentication method in the transponder device ends atstep38.
With reference toFIG. 4, the elements of the logic circuit and the encryption circuit necessary for calculating the encrypted functions in the transponder device are explained. InFIG. 4 the encryption circuit is essentially formed of anencryption unit41, aninput register40 and anoutput register42.
Upon reception of the random number RN1 from the reader unit, the random number is placed in an encryptioncircuit input register40. The input register is of determined dimensions to be able to receive a binary word of, for example, 128 bits. If random number RN1 is formed of a configured lower number of bits for example 32 bits or 64 bits or 96 bits, the input register has to be completed by filler bits BR from the EEPROM memory at the command of the logic circuit. The random number will occupy aportion40bof the input register, and the filler bits BR will occupy aportion40aofinput register40.
Using an encryption algorithm, which can be of the DES type, a bloc encryption operation is carried out in theencryption unit41 using a secret key Key drawn from the memory. The result of the encryption operation is placed in anoutput register42 of equivalent dimensions to the dimensions of the input register. The number of bits contained in theoutput register42 is a multiple of 8, for example 128 bits. The number of bits ofoutput register42 is divided into four groups of bits A, B, C, D placed in foursuccessive portions42a,42b,42c,42dofoutput register42. Each group of bits is formed of 32 bits if the output register can include 128 bits.
The first recalculated encrypted function F′(RN1) placed in aregister46 is obtained by combining the first and third groups of bits A and C of output register42 through areduction operator44 of the logic circuit. The second encrypted function G(RN1) placed in aregister47 is obtained by combining the second and fourth groups of bits B and D of the output register through areduction operator45. In this case, the first and second encrypted functions F′(RN1) and G(RN1) include 32 bits.
With different operators or a different number of groups of bits ofoutput register42, it is possible to configure the desired dimension or length of each encrypted function. For example, to obtain a dimension of 64 bits for each function, using reduction operators, it is possible to combine two pairs of groups of bits of the output register.
Finally, in a configuration in which random number RN1 is formed of 128 bits and the encrypted functions are also formed of 128 bits, the first result of the encryption operation placed inoutput register42 gives the first encrypted function F′(RN1). This first encrypted function is placed via path b represented in dotted lines inregister46. In order to calculate the second encrypted function G(RN1), the first recalculated function F′(RN1) replaces the random number in input register40 represented by path a in dotted lines. The second result of the encryption operation placed inoutput register42 gives the second encrypted function G(RN1), which is placed inregister47 represented by path c in dotted lines.
It is clear that it is easy to configure the number of bits of the random number or of each encrypted function for the authentication method according to the invention.
FIGS.5 to7 describe different steps of the authentication data communication and checking method between apersonalised transponder device1 and avehicle reader unit2. However, unlike the method described hereinbefore, a mutual authentication method is carried out before access to the vehicle is authorised, if the personalised device is recognized. This mutual authentication is achieved on the basis of a first random number generated in the reader unit and of a second random number generated in the transponder device.
As can be seen inFIG. 5, once the transponder device is activated, it can first transmit a signal ACK to inform the reader unit that it has been activated. However, this step, as previously shown in dotted lines, is not indispensable. The transponder device generates a second random number RN2, which it transmits to the reader unit. Upon reception of the second random number RN2,reader unit2 transmits a first random number generated in the reader unit, and a first encrypted function F(RN1, RN2) obtained using a secret key and the two random numbers RN1 and RN2 to thetransponder device1.
Upon reception of the first random number RN1 and the first encrypted function F(RN1,RN2), the device has to calculate the same first encrypted function. If the two first encrypted functions are equal, a second encrypted function G(RN1,RN2) is calculated with the same secret key and the two random numbers RN1 and RN2. This second encrypted function is transmitted to the reader unit so as to enable it to find the second function in order to end the authentication method and to authorize access to the vehicle.
FIG. 6 shows the various steps of the authentication method in the transponder device.
After activating the transponder device atstep60, a signal ACK can be transmitted to the reader unit atstep61 to announce activation of the transponder device, and a second random number generated in the device is transmitted to the reader unit atstep62. However,step61 is not strictly necessary, which is why it is shown outlined in dotted lines.
The transponder device receives the first random number RN1 from the reader unit atstep63, and the first encrypted function F(RN1,RN2) atstep64. Atstep65, the first encrypted function is recalculated using the two random numbers to give a first recalculated encrypted function F′(RN1,RN2) to compare with the first received encrypted function F(RN1,RN2) atstep66. If the two first encrypted functions are equal, a correct reception confirmation signal ACK can be transmitted atstep67. On the other hand, if the two first encrypted functions are different, an incorrect reception signal NACK can be transmitted atstep69. However, steps67 and69 are not strictly necessary, so they are each shown outlined in dotted lines.
In addition to the recalculated first function F′(RN1,RN2) atstep65, a second encrypted function G(RN1,RN2) can be also calculated in the transponder device encryption unit. This second encrypted function is momentarily placed in a register before being transmitted to the reader unit atstep68, but only if the two first encrypted functions are equal. After transmission of the second encrypted function G(RN1,RN2) atstep68, the authentication method in the transponder device ends atstep70.
FIG. 7 shows elements equivalent to elements of the logic circuit and the encryption circuit described inFIG. 4. Consequently, only the main differences are explained hereafter.
As two random numbers RN1 and RN2 are generated, they are placed in thesame input register71, which includes aportion71afor filler bits, aportion71bfor the first random number RN1 and aportion71cfor the second random number RN2. Preferably, each random number is formed of 32 bits, whereas input register71 can include 128 bits.
A bloc encryption operation is carried out inencryption unit72 using a secret key and the input register bits. The encryption result is placed in anoutput register73 divided into four groups A, B, C, D placed successively inportions73a,73b,73c,73deach having 32 bits.
The first recalculated function F′(RN1,RN2) is obtained by combining groups A and C via areduction operator74 of the logic circuit and it is placed inregister76. The second encrypted function G(RN1,RN2) is obtained by combining groups B and D throughreduction operator75 of the logic circuit and it is placed by a sequential output inregister77. In this case, the encrypted functions are each formed of 32 bits.
Of course, as explained with reference toFIG. 4, a different configuration can be used to obtain encrypted functions with 64 bits or 128 bits, without it being necessary to explain again how to obtain such functions.
In a variant that is not illustrated, one could envisage for example configuring the transponder device such that the encryption and/or decryption circuit is also configured for decrypting an encrypted function. In order to do this, the previously described encryption unit has to be able to carry out a reverse operation, which consists in decrypting an encrypted function using the secret key in order to find the random number that was used for calculating the encrypted function.
Before generating a second encrypted function in the transponder device, a comparison can be made between the first random number received from the reader unit with a first random number recalculated in the decryption circuit from the first encrypted function. If the two first random numbers are equal, the second encrypted function can be transmitted to the reader unit.
From the description which has just been given, multiple variants of the authentication data communication and checking method can be conceived by those skilled in the art, without departing from the scope of the invention defined by the claims. The number of bits, which forms either each random number or each encrypted function, could be configured automatically during the establishment of communication between the transponder device and the reader unit. Both a received random number and a received encrypted function could be checked in the device and/or the reader unit.

Claims

1. A method for communicating and checking wireless authentication data between a transponder device and a reader unit placed in particular in a vehicle in order to authorise access to said vehicle, said transponder device comprising a logic circuit, a non-volatile memory, an encryption and/or decryption circuit and a first module for transmitting and receiving data signals, said reader unit comprising a microprocessor unit, a memory, a random number generator able to provide a first random number to the microprocessor unit, and a second module for transmitting and receiving data signals, said method including steps of:

a) transmitting a data signal including a first random number generated in the reader unit, the number of bits of said random number to be transmitted being configured in a first length chosen among a certain number of determined lengths according to configuration parameters for transmission, and a first encrypted function based on a secret key and the first random number, the number of bits of said first encrypted function being configured in a second length chosen among a certain number of determined lengths for transmission,

b) receiving and demodulating data signals transmitted by the reader unit in the transponder device,

c) calculating a new first encrypted function in the transponder device based on the first received random number and a secret key stored in the non-volatile memory corresponding to the secret key of the reader unit, the new first encrypted function being calculated in the encryption circuit using a bit bloc encryption algorithm,

d) comparing the new first encrypted function with the first received encrypted function,

e) transmitting to the reader unit a second encrypted function obtained on the basis of the first random number and the secret key in the encryption circuit, solely if the new first encrypted function is equal to the first received encrypted function, the number of bits of the second encrypted function being configured by the logic circuit according to configuration parameters from memory in a third length chosen among a certain number of determined lengths for transmission, and

f) checking the validity of the second encrypted function received in the reader unit in order to authorise access to the vehicle.

2. The method according toclaim 1, wherein the length of each data packet exchanged between the transponder device and the reader unit is formed of a number of bits, which is a multiple of 8.

3. The method according toclaim 2, wherein the length of each data packet to be transmitted can be configured as required in 32 bits, 64 bits, 96 bits or 128 bits in order to speed up the authentication data exchange the shorter the length of each data packet.

4. The method according toclaim 1, wherein a data reception confirmation signal is transmitted from the transponder device to the reader unit upon reception of the data signal from the reader unit, or after comparison between the first encrypted function and the new first encrypted function.

5. The method according toclaim 1, wherein the first random number received in the transponder device is placed in an input register of the encryption circuit, which is of defined dimensions, for example 128 bits, greater than or equal to the configured length of the first random number, a certain number of filler bits from the non-volatile memory being placed in the input register in order to complete said register to enable an encryption unit to encrypt the binary word of the input register in blocks.

6. The method according toclaim 5, wherein the encryption unit sends an encryption result into an output register which is of defined dimensions, for example 128 bits, said output register being divided into four successive groups of bits, and wherein the new first encrypted function and the second encrypted function are produced by different combinations of groups of bits from the output register via a respective operator of the logic circuit, the configured lengths of the first and second encrypted functions being equal.

7. The method according toclaim 1, in which the transponder device includes another random number generator able to produce a second random number, wherein before step a), the transponder device transmits the second random number to the reader unit, wherein the reader unit calculates and transmits a first encrypted function on the basis of a secret key and the first and second random numbers, wherein in step c), a new first encrypted function is calculated in the transponder device using the first and second random numbers and a secret key corresponding to the secret key of the reader unit, and wherein in step e), the transponder device transmits to the reader unit a second encrypted function obtained on the basis of the first and second random numbers and the secret key in the encryption circuit, but solely if the new first encrypted function is equal to the first received encrypted function.

8. The method for communicating and checking wireless authentication data between a transponder device and a reader unit placed in particular in a vehicle in order to authorise access to said vehicle, said transponder device comprising a logic circuit, a non-volatile memory, an encryption and/or decryption circuit and a first module for transmitting and receiving data signals, said reader unit comprising a microprocessor unit, a memory, a random number generator able to provide a first random number to the microprocessor unit, and a second module for transmitting and receiving data signals, said method including steps of:

a) transmitting a data signal including a first random number produced in the reader unit, the number of bits of said random number to be transmitted being configured in a first length chosen among a certain number of determined lengths according to configuration parameters, and a first encrypted function on the basis of a secret key and the first random number, the number of bits of said first encrypted function being configured in a second length chosen among a certain number of determined lengths for transmission,

c) decrypting the first encrypted function in the configured decryption circuit using a secret key stored in the non-volatile memory corresponding to the secret key of the reader unit to obtain a new first random number,

d) comparing the new first random number with the first received random number,

e) transmitting to the reader unit a second encrypted function obtained on the basis of the first random number and the secret key in the encryption circuit, solely if the new first encrypted function is equal to the first received encrypted function, the number of bits of the second encrypted function being configured by the logic circuit according to configuration parameters from memory in a third length chosen among a certain number of determined lengths, and