This application claims the priority of German Application No. 19632025.9-53, filed Aug. 8, 1996, the disclosure of which is expressly incorporated by reference herein.
The invention relates to an authentication device for electronic authentication communication.
Devices of this kind are used for example in door-locking systems and electronic anti-theft systems on modern motor vehicles in order to allow activation of these systems only by an authorized person or persons. The vehicle-mounted part of the door-locking system and/or the electronic anti-theft system constitutes the authentication target unit to which the user must identify himself as authorized. For this purpose, he is provided with a corresponding authentication key unit, usually in the form of a so-called electronic key. Authentication involves an electronic authentication communication in which an encoded signal transmitted between the target unit and the key unit is used by the system to check whether the individual key unit (and hence the user possessing it) is authorized to perform certain actions with respect to the target unit, such as for example unlocking the door locks of the door-locking system or disarming the electronic anti-theft system. Devices with additional or exclusive electronic authentication communication offer higher protection against manipulation compared to purely mechanical authentication devices, like that provided for example by mechanical key and lock systems.
Authentication devices are known in which an operating element on the authentication key unit must be actuated by the user to activate an electronic authentication communications process. For example, in a device of this kind disclosed in DE 42 34 822 A1, a momentary contact switch is connected to a control unit of a transmitter that functions as a key unit. Activation of the momentary contact switch causes the transmitter to transmit a recognition code for a receiving target unit that checks the code it receives against a stored code to see whether they match. A light-emitting diode is also connected to the control unit, diode indicating the operating state of the transmitter.
By contrast with these so-called operable systems, the authentication devices according to the species (known as "operationless systems") offer a higher degree of operating comfort since when they are used, the authentication communication process does not require operation of the key unit but takes place either automatically with sufficient proximity of the key unit to the target unit or by actuation of a triggering element provided on the target unit.
During an electronic authentication communication process for example, an interrogation signal is initially transmitted from the target unit to the key unit via a wireless communication link. Upon receiving this signal, the key unit sends back an encoded signal that is decoded and verified in the target unit and may then provide the desired authorization of further actions. The interrogation signal from the target to the key unit can serve, for example, only to trigger the signal output in the key unit; it can also contain, however, information such as a random number that is processed further in the key unit (in other words is encoded). In addition, this signal can also represent an energy supply signal for the key unit on which information may be superimposed by modulation for example.
If the authentication communication process is to be activated automatically as soon as the key unit has come within a certain distance of the target unit, the target unit must transmit the introductory signal at least certain time intervals, which means a comparatively high energy requirement. Therefore, alternative systems have already been proposed in which a triggering element on the target unit must be actuated initially to activate the authentication communication process. Preferably, this triggering element is part of a mechanical authentication process that is provided in addition in any case, so that as a result there is effectively no additional operating process for the user. For example, the triggering element is actuated in the case of a door-locking system when a mechanical key part of the key unit is inserted into the lock of the target unit, when a door handle is operated to open the door, or when a light barrier in front of the door lock is broken. Authentication devices of the above-mentioned various types are disclosed, for example, in EP 0 218 251 B1; DE 35 00 353 A1 and DE 28 38 056 B1.
All of these conventional authentication devices have in common the fact that the electronic authentication communication proceeds automatically as far as the key element is concerned and hence unnoticed and uninfluenced by the user. This results in the following theoretical weaknesses in this system as far as protection against manipulation is concerned.
In systems with unidirectional code transmission, the key unit is activated by a triggering or energy signal from the target unit and then delivers encoded information, with signal transmission preferably taking place by electrical or magnetic waves. However, an unauthorized person with a unit that is functionally identical to the target unit but has a higher transmitting and receiving power, could approach the holder of an authorized key unit when the latter is still far from the target unit. He could then use his unit to call up the code information from the key unit and store it without the authorized user noticing anything. Then the unauthorized person can use the recorded code information to perform an authorizing electronic authentication communication process with the target unit.
In systems with bidirectional code data exchange, for example using electrical or magnetic waves, a first unauthorized individual with a first unit could call up the initial code information from the target unit and use a suitable transmitter to switch to a signal carrier suitable for long distances and retransmit the code. A second unauthorized individual could then use a second unit to receive this signal, change it to the signal suitable for the legitimate key unit, and transmit to the latter when he is in the vicinity of the key unit. The key unit then delivers its response signal which is conducted along the reverse transmission path to the target unit. In this way, two unauthorized individuals could release the target unit without authorization.
An object of the present invention is to provide an authentication device of the type recited at the outset, which prevents unnoticed electrical authentication communication by the key unit with the target unit, so that no authentication by unauthorized persons is possible, especially as a result of the two unauthorized types of manipulation described above.
This and other objects and advantages are achieved by the authentication arrangement according to the invention, in which unauthorized callup of authorization codes from a key unit and their storage in the target unit by unauthorized persons is prevented by at least one of three measures. First, an authentication communication process that is taking place in the key unit can be indicated by corresponding indicating means to the holder of the key unit, so that he is warned in proper time if a communication process is taking place without his involvement. Second, switching means can be provided on the key unit for allowing or blocking an authentication communications process. That is, the device can be designed so that the holder of the key unit can lock the unit to keep it from actuating the switching means if authentication communication processes occur during periods of time in which he is certain that no such communication processes are to take place. It should be noted that these switching means do not serve to trigger an authentication communication process, but the latter takes place automatically instead or by actuating a corresponding element on the authentication target unit. Alternatively, the device can be designed so that the switching means are actuated automatically in suitable fashion when the key unit is used in a way that is required in any event, for example when using a mechanical key part of the key unit in a mechanical lock on the target unit, so that no separate operating process for the user is required.
Finally, in addition to or instead of the above means, a communication duration monitoring device can be provided on the authentication target unit, which monitors the duration of an authentication communication process. In the case of unauthorized communication attempts of the type described above, the communication duration will be lengthened in comparison with normal authorized communication processes, because of the longer transmission distance and/or the required signal conversion. By setting a suitable maximum duration for an authentication communication process, the monitoring means can recognize an unauthorized communication attempt, so that these means serve to block the authentication at the target unit.
In one embodiment of the invention, the display means incorporate an acoustic and/or optical signaling device which is activated during each authentication communication process for a certain space of time and informs the user of the key unit acoustically and/or optically that an authentication communication is taking place.
Another embodiment of the invention also includes mechanical authentication actuation of the key unit on the target unit as a prerequisite for subsequent activation of an electronic authentication communication process. A switching element is provided on the key unit that, as a result of the mechanical authentication actuation of the key unit on the target unit, is automatically actuated as well and thereby authorizes an electronic authentication communication process that it would otherwise block. In this manner, the key unit is protected against the elicitation of authentication information so long as it is not brought into active connection mechanically with the target unit.
In still another embodiment, the maximum communication time provided for the communication time monitoring device is set for a normal authentication process, in which the key and target units communicate directly with one another within a specified maximum distance. Unauthorized communication attempts over longer distances and/or with indirect signal transmission last longer, however, and thus can be detected by the communication duration monitoring means which then secure the target unit against this authentication attempt.