Radio-based identification systems, also referred to as RFID (“radio frequency identification”) systems, are increasingly being used, for example, as a replacement for mechanical key systems, for access control for computers or for such things as automatic payment systems. An RFID system consists of an identification marker (referred to in the following as an encoder), which is also called an electronic key, RFID tag, ID transmitter or ID card, which the user carries about his/her person or which is disposed on an object that is to be identified. The encoder is equipped with a characteristic code (code information). This code is interrogated via a basestation (referred to in the following as a send and receive unit) and subsequently authenticated or verified.
Various radio-based transmission technologies are possible or usual: LF systems in the frequency range from 100 to 300 kHz, RF systems at 433 MHz or 867 MHz and high-frequency microwave systems which mostly operate at frequencies of 2.4 GHz, 5.8 GHz, 9.5 GHz or 24 GHz.
With encoders, a distinction is made between active and passive identification. Passive identification is characterized in that the encoder can constantly be interrogated by the send and receive unit without the need for intervention by the user. If the encoder is located within a certain distance range of the send and receive unit, the identification is performed automatically or, for example in the case of manual actuation of a switching device, by the user, e.g. by operating a door handle. The restriction on the distance range is generally a result of the radio link hop attenuation.
With an active identification system, on the other hand, the communication is actively initiated by the user on the encoder. In this case the user usually must therefore operate the encoder manually first and then, for example, additionally operate the door handle. For reasons of greater convenience, therefore, passive identification systems are increasingly being used.
A typical and favorable type of encoder are so-called backscatter encoders (DE 198 39 696 C2). With these, a send and receive unit transmits a send signal (referred to in the following as an interrogation signal) with a linearly frequency-modulated carrier wave in the direction of the encoder. If the encoder receives the interrogation signal, the signal is reflected in modulated form, but is not evaluated internally any further in the encoder.
In the basestation, interrogation signal and response signal are evaluated firstly with regard to agreement of the received code information with the expected code information and secondly with regard to a frequency offset (frequency difference) between send and receive frequency. The frequency offset in time corresponds to a traveled radio link (signal propagation time). If the frequency difference lies within a predefined interval, the encoder is regarded as authorized and the desired function is initiated in the object.
A disadvantage with identification systems of this type is that the transmission channel can be tapped unnoticed and in theory at any time. By means of a suitable device it is therefore normally possible for an attacker to gain unauthorized access to the code and thereby overcome the protection function actually intended.
With the known identification systems, an unauthorized person can place a “mirror” in proximity to the object so that the interrogation signal is reflected. Since an authorized encoder is recognized on account of a small frequency difference and an encoder is simulated in the vicinity of the object, the protection function is simply overcome.