The invention relates to a system for enhancing the security of a bi-directional data transmission used to control access to an enclosed space, of the type including an identification device, with a transmitting circuit and a receiving circuit, installed in the enclosed space, and an identifier carried by a user who wishes to gain access. A data interchange is established between the identification device and the identifier to confirm the identity of the user. This interchange is normally established when the distance between the identifier and the identification device is less than a predetermined limit, access being granted only when the identification device authenticates the identifier.
The invention has many potential applications, and appears to be particularly suitable for a system of enhanced access security to an automobile vehicle whose openings, notably the doors of the passenger compartment, include locks controlled by the access system.
In this type of system, to gain access the user must first start an identification operation. This operation can be triggered, for example, by pressing a control button on the access door, or by a remote control, or possibly by a presence sensor installed in the enclosed space.
Generally, this start of the identification operation necessitates that the user be in close proximity to the enclosed space to which he requires access.
The identification operation makes use of a data interchange between the identification device and the identifier constituted, for example, by a badge containing an electromagnetic transponder. When the operation is triggered, the identification device installed in the enclosed space generally emits an interrogation signal to activate the identifier which then returns a coded signal analyzed by the identification device. If the coded signal corresponds to the authorized code, the identification device grants access, for example by unlocking one or more locks. The signals interchanged are generally electromagnetic signals.
To improve the security, the system is designed to provide only a short transmission range such that an interchange of identification data between the identification device and identifier can normally be established only when the distance between the enclosed space and the identifier is less than a predetermined limit, for example a few tens of meters.
Despite these precautions, such an access system runs the risk of being pirated by another transmission-reception system interposed in the link between the identification device and the identifier, this pirate transmission-reception serving in fact only as a repeater.
For example, two pirates acting together could fraudulently gain access to the enclosed space as follows. A first pirate, equipped with a transmission-reception system installed for example in a bag approaches a vehicle closed by the authorized user who then walks away. The second pirate, equipped with a transmission-reception system similar that of his accomplice follows the user carrying the identifier. When the authorized user is sufficiently far away, the first pirate starts the identification operation, for example by pressing a control button on the door of the vehicle. The signals emitted by the identification device are relayed by the transmission-reception system of the first pirate to the system of the second pirate, that repeats the signals of the identification device to the identifier. Unknown to the authorized user, his identifier responds by emitting the authorized code which is relayed by the repeater system back to the identification device which then unlocks of the door thereby giving access to the first pirate.
The purpose of the invention is above all to provide a system that enhances the security of a bi-directional data transmission used to control access to an enclosed space, by preventing any violation by a pirate transmission-reception system such as described previously. The security system proposed is also reliable, easy to use, practical and inexpensive.
More precisely, the invention is a system providing enhanced security of a bi-directional data transmission controlling access to an enclosed space, notably access to a vehicle, including an identification device with a transmitting circuit and a receiving circuit installed in said enclosed space, and an identifier carried by a user wishing to gain access, a data interchange between said identification device and said identifier normally being established when the distance between them is less than a predetermined limit, the access being granted only when said identification device has authenticated said identifier, wherein, to prevent an interchange of identification data at a distance greater than said predetermined limit, notably by interposing an unauthorized repeater, the system includes means of switching that establish a momentary loopback of the transmitting circuit of the identification device, via a return circuit of said identifier, and said identification device includes means of measuring the resonance frequency of the oscillation generated by such a loopback, and means of control able to measure the difference between said resonance frequency and a reference frequency, so as to maintain access interdiction when this difference exceeds a predetermined value.
According to the invention, an oscillator is made between the identification device and the identifier. If a parasitic system, such as a repeater system, is interposed in the feedback loop the resonance frequency is modified; detection of this modification then enables the interdiction of access to be maintained.
Means of switching preferably establish, during an identification request, the momentary loopback of the transmitting circuit of the identification device, via a return circuit of the identifier, after the identification request has been authenticated by the identifier.
In a first embodiment, the identification device includes a receiving circuit with a radiofrequency (RF) receiver and a management unit with a frequency counter, and a transmitting circuit with a low frequency (LF) generator, an amplifier, and a switch able to connect the output of the RF receiver directly to the input of the amplifier, in order to establish the loopback, whereas in normal operation the input of this amplifier is connected to the output of the LF generator.
The identifier includes a LF receiver, notably with automatic gain control (AGC), a data decoding circuit, a management unit, an RF transmitter, and a switch able to connect the output of the LF receiver directly to the input of the RF transmitter, in order to establish the loopback, whereas in normal operation the input of the RF transmitter is connected to the management unit.
The momentary loopback is advantageously triggered by the emission of an initialization signal by the RF transmitter of the identifier, this signal initializing the counter of the management unit of the identification device.
The reference frequency with which the measured resonance frequency is compared is advantageously constituted by a value initially memorized which is learned by the system.
The LF transmitting circuit of the identification device is thereby looped back momentarily with the high frequency (RF) return circuit of the badge or identifier.
The LF communication frequency of the identification device to the identifier can be 125 kHz, and the transmitting and receiving antennas are tuned to this frequency, which obliges the system to oscillate around this frequency if the return channel is assumed to be linear and without phase shift at this frequency.
The return channel operates advantageously at radiofrequency, 434 MHz or other. The most suitable modulation for the return signal would appear to be frequency modulation to optimize the linearity. The RF transmission-reception system should preferably have a modulation band of at least 150 kHz.
The frequencies mentioned previously obviously constitute only one particular embodiment, since the system can operate at different frequencies.
In another simplified variant, the system is designed to transmit and receive signals of logical xe2x80x9call or nothingxe2x80x9d type and to operate in xe2x80x9con/offxe2x80x9d amplitude modulation.
The identification device includes an oscillator whose output is connected to a transmitting circuit and whose input is connected to a switch able to connect the output of a RF receiver directly to the input of the oscillator, in order to establish the loopback, whereas in normal operation the input of this oscillator is connected to the output of an operational amplifier whose non-inverter input is connected to ground via a resistor, and the inverter input is connected to ground via a capacitor, these two inputs being connected respectively via a resistor to the output of the RF receiver.
The identifier includes an envelope detector circuit whose input is connected to a LF receiving circuit and whose output is connected to a data decoding circuit and a management unit, and also to a switch able to connect the output of the envelope detector circuit directly to the input of a RF transmitter, in order to establish the loopback, whereas in normal operation the input of the RF transmitter is connected to the management unit.
The whole transmission-reception loop has a transit time which, associated with the time constant RC, where R and C are the respective values of the resistor and the capacitor connected to the inverter input of the operational amplifier, results in an oscillation at a specific frequency.
If relay transmitters (repeaters) are introduced in the loop, the transit time in the feedback loop will increase, lowering the oscillation frequency in proportion to the parasitic time delay introduced.
Therefore if the oscillation frequency of the system is measured, this can serve as a reference during each interrogation of the identifier.
To exit this oscillatory mode, it is sufficient to break the oscillation loop at the identifier, for example by the switch provided between the envelope detector and the RF transmitter, or in the identification device.