The invention relates to a method for operating an authorization device for keyless entry and starting of a vehicle, comprising a portable ID transmitter that the authorization device can use to set up a wireless communication link for interchanging data messages.
Such authorization devices are used in vehicle construction for conveniently checking an identity of an ID transmitter and are also know as passive keyless entry/go systems, inter alia. In this case, the authorization device uses suitable a transmission/reception device to set up a wireless communication link with a limited range to portable ID transmitters within this range. The authorization device and the ID transmitters then interchange data messages with one another in order to establish the authorization of the ID transmitter for this specific vehicle.
However, there is the possibility of criminals greatly increasing the range of the communication link and, as a result, interchange of data messages between ID transmitter and authorization device taking place over long ranges (what is known as a relay attack). By way of example, it is thus conceivable for a criminal to position himself with a transmission/reception device next to a parked vehicle and to position a further transmission/reception device in proximity to the appropriate ID transmitter, for example on a house or apartment door, wardrobe, etc. The inconspicuously increased range allows the criminal at the vehicle to gain entry thereto and to start the engine.
Document DE 199 37 915 A1 describes an electronic key for contactlessly unlocking a motor vehicle with a transmission unit for emitting an identification signal when a stimulus signal appears. When the identification signal matches a signal stored in the motor vehicle, an actuation signal is output in the motor vehicle to the central locking system to open or close the vehicle doors and/or to an engine immobilizer to activate or deactivate the drive of the motor vehicle. In the absence of movement of the key for a prescribed period of time, the key is switched off.
The document FR 2 786 802 A1 discloses a radio key with a motion detector, wherein the radio key has a receiver that is activated only if the motion detector has previously detected a movement by the radio key.
The document WO 2012/119681 A1 describes a mobile transmission apparatus in an entry system for a vehicle, which apparatus has a transmitter for sending an entry enable signal for enabling entry to the vehicle. A processing unit of the transmission apparatus is designed to take a captured motion state and a first request signal as a basis for using the transmitter to send a first entry enable signal, and to take a second request signal, independently of the captured motion state, as a basis for using the transmitter to send a second entry enable signal. An entry control apparatus for the vehicle is designed to enable first entry to the vehicle on the basis of the first entry enable signal from the transmitter and second entry to the vehicle on the basis of the second entry enable signal. By way of example, the first entry may be central locking of the vehicle, and the second entry may be enabling of an ignition system in the vehicle.
The document DE 10 2011 050 160 A1 describes an identification transmitter for a closing system for a vehicle, which transmitter has a motion sensor that is designed to sense a movement of the identification transmitter. Provision is made for at least one reception unit of the identification transmitter to be shut down by a microcontroller when the motion sensor senses no movement from the identification transmitter during a minimum period of time.
The document DE 103 54 646 A1 reveals to a person skilled in the art the teaching that, in the case of a driving authorization system in a vehicle, the system needs to detect that an enabling device that is authorized for use is in proximity to the vehicle, and then both the vehicle is unlocked and engine starting is enabled.
The generic DE 199 27 253 A1 discloses a method for performing an authorization check between a controller and a portable transponder that communicates wirelessly with the controller. The performance of an authorization check additionally involves checking whether or not the transponder has been moved during a predetermined interval of time before the authorization check is performed. The transponder sends its identity code only if a transponder movement that is above a particular threshold value has been captured during the predetermined interval of time. Hence, a relay attack cannot be performed on transponders that are at rest for a relatively long time. However, a disadvantage is that this method can be used in practice only for entry authorization, but not for start authorization. If the driver remains in a vehicle for a relatively long time with the engine switched off, for example, the key that is deactivated after the interval of time has elapsed would prevent the engine from being started until said key is activated again by a movement. This is a considerable detriment to convenience.