The invention relates to a safety device for a vehicle, with electronically coded access authorization for enabling a plurality of devices that are indispensable for operation of the vehicle.
Safety devices in which access authorization is tested prior to each vehicle start by sending user code information from a user unit to the vehicle, which information is evaluated in the vehicle, are known as so-called electronic drive-away blocks. Other known safety devices which utilize unidirectional information transmission (from the user to the vehicle) or bidirectional information exchange between the user and vehicle operate deterministically and/or with secret information stored in the vehicle. In contrast to such devices, the type of safety device under discussion here has the advantage that the user code information transmitted from the user unit each time depends upon random number information transmitted previously by the vehicle. This unpredictability of the next code information to be transmitted makes it impossible for an unauthorized person to operate the vehicle after intercepting one or more code transmissions or information exchange processes merely by utilizing the intercepted information, without possessing the user unit.
A safety device of this generic type is disclosed in European patent document EP 0 521 547 A1, in which a central control device on the vehicle incorporates a random code generator, transmitter and a user code evaluation unit that receives the user code information from the user unit and checks for access authorization. When access authorization is granted, it generates vehicle operation clearance information that lifts the previously activated drive-away block which keeps one or more operationally relevant devices on the vehicle inactive, in a known manner.
U.S. Pat. No. 5,146,215 teaches a safety device with unidirectional code transmission from the user key to a receiver on the vehicle, with a control unit connected thereto. In this safety device, the user key can be switched to programmed operation in which it transmits programmed information to the vehicle that causes the received code to be stored in the control unit as a valid user code. This arrangement provides a simple user key access authorization for a vehicle, or, conversely, blocks a previously valid access authorization.
European patent document EP 0 098 437 A2 teaches a key-locking safety device in which the random code information consists of random numbers. In the lock part on the vehicle a single random number generator is provided which, during an access authorization testing process, generates one or preferably several random numbers in sequence. From the one or several random numbers, encoded information is then generated in parallel in the user key and in the vehicle lock by a predetermined encoding function, which information is then transmitted optionally from key to lock or vice versa, whereupon the two items of encoding information generated in parallel are compared to see if they match.
A weak point in this known type of safety device with random code information generation performed by a single assembly on the vehicle is that an unauthorized individual can intercept, at least once, a bidirectional data communication between the legitimate user unit and the vehicle, and use the intercepted information to take possession of the vehicle at a later point in time. From the intercepted data communications protocol he can determine the access code that was used as well as the encoded response as the corresponding user code information, without knowing the encoding algorithm itself. Thereafter, the random number generating assembly can be replaced by another that is otherwise the same, but contains a fixed code memory instead of the random code generator. The intercepted random code is stored in the manipulated assembly as a fixed-code, and a false key is used in the future for the vehicle in which the corresponding intercepted user code information is stored. In this manner, the vehicle can then be operated by an unauthorized person using the duplicate electronic key thus produced.
One object of the present invention is to provide a safety device of the type recited at the outset that makes unauthorized use of the vehicle much more difficult, even after an access authorization code exchange between the legitimate user unit and the vehicle has been intercepted.
This object is achieved according to the invention by using a plurality of separate indispensable vehicle devices to generate parts of the total random code information. For this purpose, costly and/or bulky units, especially those that can only be replaced at high cost, are particularly suitable. Substitution of a fixed code generator for access code generation distributed in this manner over different vehicle systems following an interception of the type described above, would then mean replacing all of the systems involved in random code generation. Such replacement would result in a cost that was so high that it would make attempts to acquire the vehicle for unauthorized use unattractive. Further use of the vehicle, by removing these device units and not replacing them, is not possible because of their relevance to the operation-of the vehicle.
In one embodiment of the invention, in addition to distributed random code generation, provision is made for parallel evaluation of transmitted user code information in a plurality of essential vehicle systems, with the corresponding systems incorporating the decoders and comparators required for this purpose. When one of these systems has a decoder that also has a random code partial information generator, the preparation of the vehicle for unauthorized use following an interception furthermore requires the implementation of this decoding function in the replacement unit.
In another embodiment of the invention, the correctness of the random code information is verified by the individual systems used for random code information generation, with these units comparing the random code partial information they generate with the total random code information sent back to them for this purpose, so that they can make their respective contributions.
In still another embodiment of the invention at least the systems that have both a random code partial information generator and a corresponding comparator are also equipped with a user code evaluating decoder and comparison device, with the results of the comparison being logically AND/linked. The release (or failure to release) of the drive-away lock can in this case be specifically coupled to the result of the respective AND link in these vehicle systems.
In a further embodiment of the invention, all of the vehicle systems in which random code partial information comparison and/or user code checking comparison is performed are linked together for data exchange, with each of these systems transmitting its comparison result to all of the rest of these systems. In turn, in each of these systems a logical AND link of all such comparison results is provided, which makes it possible to implement the drive-away block decentrally, for example by pulling the ignition key. This ensures that all of these systems are kept inactive in the vehicle as far as their real function is concerned, with each such system being functionally active only when the comparison result is positive not only for itself, but also for all other corresponding systems. The drive-away block is thus released on the basis of the vehicle operating clearance information generated in all of these systems and simultaneously in all other systems.