The contactless communication systems concerned here are very short distance communication systems (typically a few tens of centimeters, or a few meters) used as means of identification, access authorization, payment, etc.
We shall mainly focus on RFID (Radio Frequency IDentification) systems defined by standards, but the invention more generally includes other similar communication systems, defined by other standards, such as NFC (Near Field Communication) telephones. RFID systems are essentially used to identify objects or persons carrying such objects, for authorizing access to a protected place for example; these systems comprise a reader and badges that are relatively passive but equipped with means of analyzing interrogation or command signals supplied by the reader and means of response from the badges to the reader; applications are access badges, travel cards, and marking labels, as well as electronic passports and even contactless bank cards; NFC telephones are essentially mobile telephones provided with an auxiliary function of payment at automated teller machines; they are typically intended to be used as means of payment by withdrawal from a bank account when they are placed near a machine for the automatic distribution of products or services or near a checkout till on a merchant's premises equipped with an ad hoc reader.
All these systems are based on communication in the air, via high frequency signals, between a contactless reader and a movable element which will be called hereafter a “card” regardless of its physical form which can be a card, a badge, a label, a mobile telephone, etc.
Transmission is most often through the intermediary of a radio frequency magnetic field and it uses an inductive antenna (a single coil of a few turns) forming part of the reader and an inductive antenna forming part of the card.
In these systems, the reader generally sends a radio frequency carrier, modulated according to a communication protocol to constitute a command signal; a typical carrier frequency in the case of contactless cards with an inductive antenna is 13.56 MHz, modulated in amplitude or in phase or in frequency, and hereafter it will be assumed that this is an amplitude modulation with a frequency of 13.56 MHz. The reader then waits for a response; if a card is present in the geographical area close to the reader and if the command signal involves a response from it, it responds and sends information back to the reader. The response may be the transmission of a simple digital identification, or it may be more complex.
The card may be lacking any stand-alone power supply, and in this case the power enabling it to transmit its response is provided inductively by the radio frequency magnetic field produced by the antenna of the reader via the antenna of the card, for short distance communication applications (up to several tens of centimeters).
The inductive antenna of the reader preferably acts as both a signal transmission antenna and a receiving antenna for detecting a modulation of the electromagnetic field induced by the response from the card. The response from the card is generally established in the form of a load modulation of its antenna, which leads to a modulation of the electromagnetic field, which in turn induces a change in the impedance of the antenna of the reader, as it is seen by the circuits of the reader connected to this antenna; it is this change in impedance which enables the detection then the analysis of the response.
Most often, a command signal transmitted by the reader is followed by a waiting time during which the reader transmits the unmodulated radio frequency carrier, then a response time from the card during which the reader continues to transmit the unmodulated carrier frequency but it is the response from the card that modulates the impedance.
The data transported in these systems are vulnerable since they pass through the air in the immediate environment of the reader. They may be threatened by malicious attacks aimed at collecting the data exchanged, or even at substituting a card other than the legitimate card in the dialog with the reader.
In a particular type of attack which hereafter will be called a “relay attack”, the malicious person will try to make a contactless reader (legitimate reader) communicate with a legitimate card without the knowledge of its owner, indirectly, through the intermediary of another card (illicit or counterfeit card) and another reader (illicit or counterfeit reader). In some cases malicious communication can thus be established indirectly with the legitimate reader even though the legitimate card is not close to it, the counterfeit reader and the counterfeit card establishing a remote relay.
One of the weaknesses of current contactless devices is that they are always in a situation of being active; there is no off button to neutralize them. They can therefore be activated without the knowledge of their owner. A counterfeit reader near a legitimate card can activate the card. A secure transaction can thus be authorized indirectly without the cardholder having given their consent.
Encryption of transactions between the reader and the card does not protect against a relay attack since, in the relay attack, the counterfeit reader and the counterfeit card will pass the encrypted information transparently; they do not need to understand the content of encrypted messages, but simply retransmit them without decoding them; the legitimate reader is indeed communicating with the legitimate card but in an indirect way.
In practice, the following scenario can be envisaged: the counterfeit reader sends command signals to the legitimate card, by approaching it very closely; in a crowd for example, people are close to each other; the responses of the legitimate card are sent by the counterfeit reader to a counterfeit card which is placed near the legitimate reader and this card retransmits these responses to the legitimate reader; the legitimate reader therefore believes it has the legitimate card before it; likewise, the commands of the legitimate reader are sent by the counterfeit card to the counterfeit reader. The entire communication is intercepted. The connection between the counterfeit card and the counterfeit reader may take place by wire or by radio. Communication can even take place via mobile telephone or via the Internet, provided, however, that the counterfeit card does not merely amplify and retransmit the signals but is provided with means for demodulation and re-modulation (but not necessarily decryption) for restoring the signals into the appropriate transmission protocol (GSM or Internet protocol) before sending them. The attack can then be carried out at long distance without the encryption means preventing it.
To avoid these attacks, the following methods have been devised:                using an ultra-wideband (UWB) radio transmission the distance is measured between the card and the reader; the objective is to verify that the legitimate card is near the reader; the first phase of the communication is a normal authentication phase; the second phase comprises a very fast exchange of interrogations and responses for measuring the delay between interrogation and response and verifying that it is not too long, which would be a sign of the presence of an intermediate relay; this solution adds significant complexity to the RFID system, and notably to the RFID card;        in another method, the time is measured between the end of the transmission of the request by the transmitter, and the start of the response by the card; this makes it possible to measure times with an accuracy of about half the signal period; but the instant of response of the card is not necessarily always properly set in the communication protocol, making it necessary to take large margins of uncertainty;        means can be provided for the card to be deliberately deactivated by the user when it is not in use; notably provision can be made for the card to be normally stored in a billfold with a Faraday cage structure preventing any communication;        other solutions have been proposed in relation to keys for opening automobile doors, but these solutions cannot be applied to most RFID systems.        
A system of protection against car theft has also been proposed in patent publication EP1271420, in which the card reader sends the card information on waiting time to be observed before responding; the card receives this information and responds only after this time; the reader verifies that the response arrives in a time slot that it itself has set.