This application claims the priority of DE 103 60 120.1, filed Dec. 20, 2003, the disclosure of which is expressly incorporated by reference herein.
The invention relates to a rolling-code based process and system for the unambiguous identification of serial numbers in data communication between at least two subscribers to a data communication system.
Rolling-code based processes are currently used in access authorization systems, such as garage door opening systems, or in access and driving authorization systems in motor vehicles. U.S. Pat. No. 5,600,224, for example, discloses an access authorization system for a motor vehicle, which uses a rolling-code based challenge/response process for identifying an authorized vehicle subscriber. The system has an identification code for each transponder, a key sequence number and a rolling code. The rolling code, which is generated from a polynomial equation, prevents unauthorized access to the motor vehicle.
The present invention relates particularly to mutually unambiguous identification of different subscribers of a data communication system in a motor vehicle. Such subscribers are, for example, coupled with one another by way of one or more data lines of a bus system, with at least one subscriber, (for example, a control unit) operating as the master while the other subscribers operate as slaves during data communication via the bus.
To identify a subscriber, above-mentioned rolling-code process is used in connection with a generally known challenge/response procedure. Such challenge/response procedures are used particularly in keyless access and driving authorization systems in the motor vehicle, and in the so-called transponder technology. In the challenge/response process, a fist subscriber sends a challenge to a second subscriber, and the latter returns a corresponding response. The responding subscriber identifies itself, by a coded response signal or a coded response.
Subscribers of such a data communication system within a vehicle may be, for example, control units, various sensors (such as an outside temperature sensor) an engine radiator, etc. In this case, the problem sometimes arises that sensors or parts authorized for one motor vehicle are exchanged for unauthorized sensors or parts, so that requirements and legal standards are no longer completely observed or met. For example, exhaust gas directives can be evaded by the use of unauthorized sensors. Similarly, a radiator designed for a specific engine power can be exchanged for a less expensive radiator which does not satisfy the cooling capacity requirement of the vehicle motor. Moreover, after a one-time decoding of the response signal of the corresponding sensor or subscriber of the data communication, unauthorized sensors and parts, can be replaced, albeit at more or less large technical expenditures. If possible, the latter should be avoided.
One object of the present invention is to provide a method and apparatus by which only authorized subscribers of a data communication are unambiguously authenticated.
This and other objects and advantages are achieved by the method and apparatus according to the invention, in which rolling-code based process is provided for unambiguous identification of serial numbers in a data communication between at least two subscribers which have identical serial number sets, a first subscriber being, for example, an engine timing gear in a motor vehicle. The process according to the invention includes the steps of transmitting a first challenge with respect to a serial number from the serial number set from the first subscriber to a second subscriber; the second subscriber responding by a first response corresponding to the first challenge; generating an identification signal for the second subscriber which unambiguously identifies the second subscriber with respect to the first subscriber if the first response corresponds to the serial number expected on the basis of the first challenge of the first subscriber. The invention also provides a system for unambiguous authentication, using the process as described.
The process and the system according to the invention therefore ensure that only authorized subscribers to a data communication system are unambiguously identified by other authorized subscribers of the same data communication. This means that no unauthorized party can undesirably bring an unauthorized subscriber into the data communication.
Advantageously, each authorized subscriber recognizes whether a received serial number is a valid or an invalid serial and sends corresponding responses.
A response is advantageously sent only once by way of a data line. By varying the response, the reliability of the process and system according to the invention is enhanced; and an unauthorized party cannot circumvent the process or system in order to bring in unauthorized subscribers. The process and system according to the invention ensure, at very low hardware expenditures, that a subscriber or a specific sensor is not removed and replaced by an unauthorized replica. Thus, the system according to the invention is also distinguished by its less expensive implementation.
In a preferred further embodiment of the invention, the first challenge is randomly numbered, making it more difficult to circumvent the rolling-code based process according to the invention.
According to another preferred further embodiment, the first challenge corresponds to a coded position number of a serial number of the serial number set, so that only a single coded position number is transmitted by the engine timing gear or by the first subscriber, which position number relates to a serial number of the serial number set. An unauthorized subscriber, which has not stored the serial number set, can thus advantageously not relate such a decoded position number to a an authorized serial number. As a result, an unauthorized party cannot utilize an intercepted response to circumvent the process according to the invention, and replace an authorized subscriber by an unauthorized subscriber.
In a particularly advantageous variant, each serial number of the serial number set is used only once, making it more difficult to decode the process according to the invention, or to bring an unauthorized subscriber into the system.
It should be noted here that the term “only once” is not stochastic but has deterministic characteristics. Nevertheless, if a sufficiently large number of other serial numbers of the serial number set are situated between a specific serial number and the repetition of the specific serial number, each serial number appears to a subscriber to be virtually used “only once”.
According to another preferred further embodiment, the first response forms the serial number corresponding to the first challenge, and the result of the analysis of the first challenge by the second subscriber is a position number. The first response of the second subscriber corresponds to the serial number which is stored at the position number of the serial number set of the second subscriber. It is an advantage of this further development that the second subscriber sends an authorized first response, specifically a corresponding serial number of the serial number set, only upon an authorized first challenge after an analysis.
In a particularly advantageous variant, a dummy challenge is provided which has a syntax and/or a value range identical to those of the first challenge. The dummy challenge is a coded dummy position number of a dummy serial number which does not exist within the serial number set. Because a challenge cannot be distinguished from a dummy challenge with respect to their syntax and/or their value range, an unauthorized party cannot differentiate between a dummy challenge and a challenge with respect to the syntax or the value range, making it still more difficult to circumvent the process according to the invention.
According to another preferred further embodiment, a dummy response has a syntax and/or a value range identical to that of the first response, also making it more difficult for an unauthorized party to circumvent the process according to the invention.
According to another preferred embodiment, subscriber only authorized subscribers are capable of differentiating between first challenges and dummy challenges. Thus, each authorized subscriber receiving a challenge knows whether the challenging subscriber is authorized.
According to another preferred further embodiment, after the first challenge has been transmitted from the first subscriber to the second subscriber, the latter analyzes the challenge, and the first response (sent by the second subscriber on the basis of the first challenge) is analyzed by the first subscriber. After analysis of the first challenge, the second subscriber knows whether the challenging first subscriber is authorized, after analyzing the first response, the first subscriber knows whether the responding second subscriber is authorized.
According to a further preferred embodiment, the first response to the first challenge and the dummy response to the dummy challenge are transmitted by the second subscriber to the engine timing gear or to the first subscriber. Since the syntax and/or value range of the first response and the dummy response are identical, it is more difficult for an unauthorized party to draw conclusions with respect to the process according to the invention on the basis of the intercepted responses of the second subscriber, and thereby circumvent the process.
According to another preferred embodiment, each subscriber is set to become inoperative, (particularly, mechanically destroyed) if it is removed from its position in the motor vehicle, so that, an unauthorized party cannot remove an authorized subscriber from the motor vehicle without destroying it. Only an undestroyed authorized subscriber could make it possible to draw conclusions with respect to circumvention possibilities concerning the process according to the invention. This is specifically what is prevented in this manner.
According to another embodiment, the second subscriber is a coated radiator for a motor vehicle. Basically, a subscriber can also be any sensor, such as an outside-temperature sensor of a motor vehicle.
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of the invention and when considered in conjunction with the accompanying drawings.